Abstract: A consent block is a type of block that may be stored in a blockchain. Each consent block has an owner and may store an owner consent contract, i.e., a smart contract containing owner-specified access rules that determine who may access data assets that are stored in other blocks of the blockchain and owned by the same owner. The consent block may alternatively store a global consent contract containing global access rules that supersede owner-specified access rules. The consent block also stores a hash value determined from the consent contract and a previous hash value of the block immediately preceding the consent block. The consent contract and the position of the consent block in the blockchain are verifiable from the hash value. Each consent block, once added to the blockchain, becomes part of the immutable record of data stored in the blockchain, and therefore leaves an auditable trail.

Abstract: System, method, and/or computer program product embodiments for automatic removal of sensitive data items from records are disclosed. In one or more embodiments, a record with a sensitive field (for storing a sensitive data item) is linked to a self-removal data policy that includes a condition set. When the condition set is true, the sensitive data item is automatically removed from the record without deleting the record and without removing other data items stored in other fields of the record. Conditions may be associated with a time period following the upload or storage of the sensitive date item, the occurrence of an event that requires the sensitive date item, a read or approval of the sensitive data item, etc. A user may modify a condition in the condition set to make the condition more stringent or less stringent.

Abstract: An aspect of the invention relates to a method for a plurality of clients to access a file in a distributed file system, the file being replicated on at least one other server, the method comprising the steps of: Receiving, by an access management device, a request to access the part of the file sent by a first client from the plurality of clients, Selecting a first server based on at least one parameter, Authorization the first client to access the file stored by the first server Receiving, following authorization, a request to access the same file sent by a second client, the second client being different from the first client, Selecting a second server based on the parameter, the second server being different from the first server, Authorizing the second client to access the file stored by the second server.

Abstract: Techniques for storing encrypted data using a storage service system are described herein. A computer system of a computation layer of the storage service system receives an encrypted key manifest, which is then decrypted using a cryptoprocessor of the computer system of the computation layer to produce a partition key. The partition key is then provided to a file system abstraction layer so that, as data is provided to the computation layer for storage, the file system abstraction layer can use the partition key to encrypt data and store the encrypted data in the storage layer.

Abstract: A consent block is a type of block that may be stored in a blockchain. Each consent block has an owner and may store an owner consent contract, i.e., a smart contract containing owner-specified access rules that determine who may access data assets that are stored in other blocks of the blockchain and owned by the same owner. The consent block may alternatively store a global consent contract containing global access rules that supersede owner-specified access rules. The consent block also stores a hash value determined from the consent contract and a previous hash value of the block immediately preceding the consent block. The consent contract and the position of the consent block in the blockchain are verifiable from the hash value. Each consent block, once added to the blockchain, becomes part of the immutable record of data stored in the blockchain, and therefore leaves an auditable trail.

Abstract: A storage device includes a first memory to which data can be written a plurality of times and a second memory that includes storage elements for which electrical characteristics can be changed only once. The first memory storing first encryption key information and the second memory storing second encryption key information. A controller generated an encryption key using the first encryption key information and the second encryption key information in combination and then encrypts and decrypts data written or read from the first memory. When a host requests an encryption erase, the controller attempts to erase the first encryption key information from the first memory. If the requested erase fails, the controller erases the second encryption key information from the second nonvolatile memory.

Abstract: A memory device management system includes a first key acquisition unit that acquires a first key, a second key generation unit that generates a second key in accordance with a configuration of a memory device that is a management target, an equality determination unit that determines an equality between a value of the first key and a value of the second key, and a data erasure processing unit that erases data stored in the memory device in a case of a determination that the value of the first key and the value of the second key are different.

Abstract: A method includes receiving, from one or more sensors associated with manufacturing equipment, current trace data associated with producing, by the manufacturing equipment, a plurality of products. The method further includes performing signal processing to break down the current trace data into a plurality of sets of current component data mapped to corresponding component identifiers. The method further includes providing the plurality of sets of current component data and the corresponding component identifiers as input to a trained machine learning model. The method further includes obtaining, from the trained machine learning model, one or more outputs indicative of predictive data and causing, based on the predictive data, performance of one or more corrective actions associated with the manufacturing equipment.

Abstract: A method is provided for protecting a software program from copying. The method includes providing a first implementation of the software program. A second implementation of the software program is then provided. The second implementation provides a same functionality as the first implementation, and wherein the second implementation includes a plurality of dummy operations to increase a number of operations and an execution time of the second implementation compared to the first implementation. The dummy operations are encoded. The second implementation may then be compared to another software program to determine if the another software program is a copy of the first implementation of the software program. This allows a copy of the first implementation to be detected without disclosing the first implementation.

Abstract: Applicant's Smartphone application provides ticket-holding patrons an alternative, digital means of verifying personal identification at entry to a venue or event. The Smartphone application periodically generates a unique QR code (barcode) that contains a unique identifier (i.e., mobile device ID) which prompts the venue/event entry system to recognize the patron. No barcode (serving as a ticket, or authentication/verification, or otherwise) is downloaded from the system server to the Smartphone/mobile device client in contrast to prior art systems.

Abstract: Components of a system for generating anonymized data from timestamped event data are disclosed. The generation of anonymized data is performed in accordance with an anonymization configuration. The anonymization configuration includes information regarding the source of the event data, particulars about the anonymization process that transforms the clear event data from the source into an anonymized form, and particulars about the destination and characteristics for the output dataset. A graphical user interface permits development of anonymization configurations in an interactive, iterative way. The configured anonymizer employs methods and options to produce anonymized data with superior usability as a substitute for real world data, including a mode to effectively emulate live data streams.

Abstract: The invention is a method for managing an application that includes a generic part and an additional part. The generic part is pre-installed on a device. The device gets a fingerprint of itself and after a user authentication sends to a server a request for getting the additional part. The request comprises credentials associated with the user or a reference of the user, the fingerprint and a reference of the application. The server generates a ciphered part of the additional part using a key based on both the credentials and the fingerprint and builds an auto-decrypt program configured to decipher the ciphered part. The device receives the ciphered part and the auto-decrypt program. It gets the fingerprint and the credentials and retrieves the additional part by running the auto-decrypt program with said fingerprint and credentials as input parameters.

Abstract: Examples of a system and method for securing data on a computing device are described herein. One or more cryptographic operations are executed on at least a portion of data stored in a memory module of the computing device in response to a change of operational state of the system from a first operational state to a second operational state.

Abstract: Systems and methods are provided for sending and receiving encrypted submessages. Messages could be partitioned into a plurality of submessages based on the content of a message, and such submessages could be individually encrypted and sent over a network. The partitioning could be based on various standards and/or heuristics. In the sending process, submessages could be designated to travel over different networks and networks of different types. Such submessages could then be received and reassembled in spite containing overlapping content with respect to each other, having to contend with copies of submessages, and having accompanying related content (e.g., advertisements) and non-related content (e.g., random bits). Moreover, the sending process could also be performed in real time or in a batched manner, depending on the implementation.

Abstract: The present invention generally relates to a system and method to enhance functionality of an executable application in a computer system in which application program interfaces associated with one or more executable applications are hooked to modified application program interfaces to provide increased functionality.

Abstract: Applicant's Smartphone application provides ticket-holding patrons an alternative, digital means of verifying personal identification at entry to a venue or event. The Smartphone application periodically generates a unique QR code (barcode) that contains a unique identifier (i.e., mobile device ID) which prompts the venue/event entry system to recognize the patron. No barcode (serving as a ticket, or authentication/verification, or otherwise) is downloaded from the system server to the Smartphone/mobile device client in contrast to prior art systems.

Abstract: Methods are provided for producing an authenticated packaged product. The method includes providing on the product a security code encoding security data for the product, packing the product in packaging, and providing a tag carrying encrypted product data on the packaging. The product data comprises the security data for the product. The method further comprises storing a decryption key for the encrypted product data at a network server, and providing on the packaging access data for accessing the decryption key at the network server. Corresponding methods and systems are provided for verifying authenticity of such an authenticated packaged product.

Abstract: A method and system for tracking and managing additive manufacturing of products includes formalizing a digital contract between a registered product owner and a registered additive manufacturing vendor. The digital contract includes an identification of a design file of the product, an identification of each registered additive manufacturing printer owned by the registered vendor, and an authorized quantity of products to be manufactured. The method further includes providing an access to the design file to the registered vendor upon formalization of the digital contract, and recording a print transaction data received from each registered printer. The print transaction data includes a quantity of products manufactured by the registered printer. The method further includes terminating the digital contract by revoking the access to the design file when the manufactured quantity equals the authorized quantity or upon violation of the digital contract.

Abstract: Embodiments of the disclosure provide a method and an apparatus for capturing a screen on a mobile device, the method including: receiving, at the mobile device, a screen-capturing request for a current interface, where the current interface includes first data, and the first data includes personal information; and generating, according to screen-capturing request, a screen capture image for the current interface, where the first data in the current interface is replaced in the screen capture image with second data which is predefined. These embodiments avoid the need to manually mask an image by starting a dedicated image editing tool to anonymize a screen capture image, thereby significantly lowering the relatively high technical threshold of anonymization processing, reducing the error rate, and improving the modification quality of anonymization. Moreover, the replacement is directly made to the image while the screen is captured without interfering with normal use of reading.

Abstract: An information processing device includes a product information acquisition unit that acquires information indicative of a correlation between a product and one or plural product composition elements composing the product, for each product being software; a product composition element acquisition unit that acquires information indicative of one or plural product composition elements installed in a device, from the device; a specification unit that specifies a product installed in the device on the basis of the information indicative of the one or plural product composition elements acquired by the product composition element acquisition unit and the correlation; and a controller that causes a display to display the product specified by the specification unit.

Abstract: A system for securely downloading and playing coherent digital content such as music and preventing its play by unauthorized users. The system may include mass server/storage devices for receiving and storing digital content having predetermined gaps; and client devices communicating with the server/storage devices, and providing authorization to proceed. During playing of the digital content by the client devices, the missing gaps may be filled into the appropriate places, to allow the play of the coherent digital content.

Abstract: A utility, typically in the form of a software application, allows an author to record digital media, generate and associate and/or embed unique copyright data with the media, store the media and copyright data locally and remotely, and receive an electronic receipt containing the generated unique copyright data, providing verifiable copyright protection for original works of authorship. Typically, the software application can generate copyright information during the creation of the media. This copyright information can include, for example, a generated unique copyright identifier, author's information such as name and address, device identifier provided by the device as available, device type, and the like. Embodiments of the present invention enhances the author's ability to record media such as video and images by ensuring a verifiable and unique copyright identifier is included with the digital content.

Abstract: A method and computer system for managing data consumption for a device. A processor unit detects a trigger event for the device. The processor unit sends a message to stop consuming data from the device by a group of data consumers when the trigger event occurs.

Abstract: A communication system comprising a controlling server coupled to a controlled server via a socket communication channel to stream sensitive information to a desktop computer for viewing in a secured manner. The streamed information is not stored at the desktop. The controlling server streams the information to the desktop computer as long as the server is receiving a continuous uninterrupted flow of requests for information signals from the desktop computer. The user continuously depresses the mouse on the desktop to generate the continuous uninterrupted requests to view the sensitive information in a secure manner. The controlling server will immediately stop streaming the sensitive information and thus stop the display of the sensitive information upon detection of any interruption of the continuous transmission of request signals as would occur, for example, if the user were to unexpectedly leave the desktop unattended.

Abstract: According to some embodiments, an application server may have a repository to facilitate a transfer of data between data storage elements. A datastore may be stored in the repository for a data storage element, the datastore including a password reference identifier. A password center table may be created in the repository to associate the password reference identifier with an actual encrypted password for the data storage element. At execution time, the password reference identifier in the datastore may be automatically replaced with the actual encrypted password for the data storage element.

Abstract: When a user requests licensed content, a dynamic licensing mechanism automatically requests and receives licenses for the licensed content when one or more criterion in a licensing policy is satisfied by license information relating to the content, without the user providing any further input to acquire the licenses.

Abstract: A method and UE for registering with a third network node using IMS, the method creating a tunnel; authenticating a first public identity associated with the UE to the first network node; receiving configuration information with a second private identifier and a second public user identifier, and registering with a third network node using the second private identifier and the second public user identifier. Further, a method and first network node configured for authentication between a UE and a third network node using IMS, the method establishing a tunnel; authenticating a first public identity of the UE; receiving a configuration information message from the UE including a network identifier for a network the UE is registered on; obtaining, from a second network node, a second private identifier and second public user identifier; and providing the second private identifier and second public user identifier to the UE.

Abstract: A method (300) of generating information for use in identifying a property of a communication device (10) includes identifying (304) one or more substrings within a character string that identifies the communication device. For each substring, an entry is added (306) to a respective one of a plurality of data structures (800), each data structure being designated for storing substrings that occur at a particular character position within the character string. Each entry is associated (310) with a profile that includes a value of at least one property of the communication device. Also disclosed is a method (1000) of identifying the properties of a communication device based on such previously-generated information.

Abstract: A method of secure erase of an electronic device that applies a predetermined voltage to a device. The voltage is selected to be high enough to quickly destroy all data cells of the electronic device, but not high enough to destroy lines to the data cells of the electronic device. Accordingly, since the voltage is too low to destroy the word or bit lines, the predetermined voltage is applied to every data cell using the word or bit lines such that all data is removed. The present invention has the advantage of quickly, reliably, and permanently removing all of the data from the electronic device. The predetermined high voltage can differ for different types of SSDs.

Abstract: Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

Abstract: Managing digital rights of contents and services streamed to a client device, including: receiving and validating a certificate from the client device; enabling the client device to log into and communicate with a server using a secure protocol to establish a private relationship between the client device and the server; and transmitting a resource identifier to the client device using the secure protocol when the private relationship is established.

Abstract: Provided is a clipboard security system and method for improving security of data transmission made through a clipboard which is frequently used in utilization of a computer. An example of the clipboard security system includes a clipboard managing unit for storing data in a clipboard or extracting data from the clipboard in response to a request from one or more objects, in which the clipboard managing unit includes a data encrypting unit for encrypting the data for which storage is requested according to a trust relationship of an object which desires to store the data in the clipboard and a data decrypting unit for decrypting the encrypted data according to a trust relationship of an object which desires to extract the encrypted data stored in the clipboard.

Abstract: The image forming device includes an image data input unit that receives image data of a document; a set password acquisition unit that acquires information regarding a password from the image data received by the image data input unit; an input password receiving unit that starts reception of input of the password before the reception of the image data of all pages of the document is completed by the image data input unit; a password verification unit that performs verification between an input password and a set password; and a job execution unit that cancels execution limit of a job based on a verification result and executes the job, wherein, when the password is set in arbitrary one page of the document, the image data input unit sequentially completes the reception of the image data of the next page of the arbitrary one page of the document, before the input of the password corresponding to the password set in the arbitrary one page is completed by the input password receiving unit.

Abstract: A new media device including a decryption device that is operable to create a decryption key to read media. The decryption device is itself a read/write device that allows reducing or decrementing each time the decryption key is used.

Abstract: A system and method for providing load balanced secure media content and data delivery (10) in a distributed computing environment is disclosed. Media content is segmented and encrypted into a set of individual encrypted segments on a centralized control center (15). Each individual encrypted segment has the same fixed size. The complete set of individual encrypted segments is staged to a plurality of intermediate control nodes (17, 19). Individual encrypted segments are mirrored from the staged complete set to a plurality of intermediate servers (21a-b, 23a-b). Requests are received from clients (11) for the media content at the centralized control center. Each individual encrypted segment in the set is received from one of an intermediate control node and an intermediate server optimally sited from the requesting client. The individual encrypted segments are reassembled into the media content for media playback.

Abstract: Methods for remote activation and permanent or temporary deactivation of integrated circuits (IC) for digital rights management are disclosed. Remote activation enables designers to remotely control each IC manufactured by an independent silicon foundry. Certain embodiments of the invention exploit inherent unclonable variability in modern manufacturing for the creation of unique identification (ID) and then integrate the IDs into the circuit functionality. Some of the objectives may be realized by replicating a subset of states of one or more finite state machines and by superimposing additional state transitions that are known only to the designer. On each chip, the added transitions signals are a function of the unique IDs and are thus unclonable. The method and system of the invention is robust against operational and environment conditions, unclonable and attack-resilient, while having a low overhead and a unique key for each IC with very high probability.

Abstract: A third party is configured to establish a virtual secure channel between a source SSD and a destination SSD via which the third party reads protected digital data from the source SSD and writes the protected digital data into the destination SSD after determining that each party satisfies eligibility prerequisites. An SSD is configured to operate as a source SSD, from which protected data can be copied to a destination SSD, and also as a destination SSD, to which protected data of a source SSD can be copied.

Abstract: A computer-implemented method to revoke an application is described. The processor monitors for a revocation condition. Upon detection of the revocation condition, the process also generates a command for a framework of a managed application to revoke the managed application.

Abstract: An information processing apparatus including: a data processing unit which performs copy processing for recording recorded data of a first medium in a second medium, wherein the data processing unit performs processing for referencing copy restriction information received from a management server, comparing the copy restriction information with apparatus setting information set in a memory of the information processing apparatus, determining whether or not the copy processing is permitted in accordance with the comparison result, and copying recorded data of the first medium to the second medium under the condition it is determined that the copy processing is permitted.

Abstract: Various embodiments of the present invention relate to systems, methods, and computer-readable medium providing licensing rights for media content that follows a subscriber so that the subscriber may experience the media content on various content distribution platforms. In particular embodiments, the systems, methods, and computer-readable medium transfer licensing rights for a user for particular media content that is associated with a first device on a first distribution platform so that the rights are associated with a second device on a second distribution platform. As a result, in various embodiments, the user is able to experience the particular media content with the use of the second device on the second distribution platform.

Abstract: To provide a browsing terminal and the like with high security, which can effectively prevent contents data stored in a terminal from being stolen unlawfully by a third party even if the terminal is accidentally lost. The browsing terminal includes: a receiving part for receiving contents data; a volatile memory for storing the received contents data; a display device with a memory function, which displays the contents data stored in the volatile memory; and a secondary battery for supplying power to the volatile memory and the display device.

Abstract: Systems and methods for authenticating playback devices using timestamp validation in accordance with embodiments of the invention are disclosed. One embodiment includes securely storing at least one timestamp in memory within a playback device in response to the occurrence of at least one predetermined event, where a stored timestamp is based on the current time of a system clock when an event occurs, generating a cryptographic key using the at least one timestamp, securing cryptographic data using the cryptographic key, receiving a request to playback encrypted content, where the encrypted content is accessible using the cryptographic data, accessing the at least one timestamp, generating the cryptographic key, accessing the cryptographic data using at least the cryptographic key, and playing back the content using the playback device.

Abstract: A method and system for allowing the purchaser of an on-demand entertainment session of predetermined time duration to reaccess that portion of the session not used. On-demand passenger entertainment services in airline flights often offer services, such as movies, of a predetermined time duration which time is longer than the time of flight. The method and system disclosed allows purchasers to gain access on another flight to the unused portion of the services, such as, the unseen portion of a movie, terminated at the end of the initial flight.

Abstract: An optical writing apparatus has a part configured to superpose an unauthorized copy protection pattern on image data; a control part configured to recognize the unauthorized copy protection pattern, correct image data of the unauthorized copy protection pattern in pixel unit, and control a size of an isolated dot included in the unauthorized copy protection pattern; and a writing part configured to write a corresponding image on a photosensitive body based on the thus-corrected image data.

Abstract: Described herein is a technology facilitating circumvention of dynamic and robust detection of one or more embedded-signals (e.g., watermark, copyright notice, encoded data, etc.) in one or more input carrier signals (e.g., multimedia stream, video stream, audio stream, data, radio, etc.).

Abstract: An administration server is capable of authenticating a user. The administration server includes a communication unit for receiving a user authentication request including user identification information and apparatus identification information from an external device; and a server control unit for authenticating the user according to the user identification information to obtain a first result. The server control unit is provided for determining a usage permitted function according to the user identification information to obtain a second result, and for determining whether an apparatus corresponding to the apparatus identification information can be used according to user identification information and the apparatus identification information to obtain a third result. The communication unit is configured to transmit the first result, the second result, and the third result to the external device.

Abstract: A play limit is set for a media file. The play limit can be, for example a date, or a number of times that the file has been played. When the file exceeds the play limit, the quality of the file playing is degraded.

Abstract: An automated system and method for piracy control based on user generated updates is described. The system and method described renders human intervention for piracy control superfluous and, therefore, is cost-effective, and consumes less time. The automated system and method for piracy control based upon update requests significantly reduces the number of update requests by pirated copies of the software, reduces the burden on the update server and smoothens the overall user experience for the legitimate users of the software.

Abstract: Based on the detailed reproduction control information defining the reproduction control state of data to be transmitted, the CPU 12 of the data transmission apparatus creates a simplified reproduction control information roughly defining the reproduction control state of the data, stores the simplified reproduction control information of the data in the packet header of a data packet carrying the data, stores the detailed reproduction control information in the data, and transmits the simplified reproduction control information and the detailed reproduction control information as well as the data to the data receiving apparatus 20 through the transmission channel 30 from the input-output interface 16.

Abstract: Systems and methods for managing data transfers between a secure location and a less secure location. A data transfer checker operating on a mobile device determines whether an attempted data transfer between two locations is permitted. If it is not permitted, then the data transfer is prevented and the user may be notified of the data transfer prevention.