Abstract: Techniques are provided to allow remote initialization of a Trusted Platform Module. The results may be trusted and confidential even if the target device has malicious operating system or other software running.

Abstract: The management apparatus 105a manages copying of information from an original recording medium 101a to a copy recording medium 102a. The management apparatus 105a comprises: a transmission/reception unit 701a configured to receive an original-medium identifier from the copying apparatus 104a and to transmit permission information to the copying apparatus 104a, the original-medium identifier identifying the original recording medium, and the permission information indicating permission for the copying of the information; and a control unit 708a configured to determine whether to permit the copying of the information based on the received original-medium identifier and a registered original-medium identifier that identifies a registered original recording medium, and to allow the transmission/reception unit 701a to transmit the permission information when determining to permit the copying.

Abstract: Interactions with a user are coordinated upon receiving, at a networked interactive system, audible communication from a user and interacting with the user in the audible communication in accordance with an audible format menu. Whether to provide the user with a visual format menu that at least partially matches the audible format menu is determined during the audible communication. The user is provided with the visual format menu concurrent with the audible communication upon determining, based on the interaction with the user in the audible communication, to provide the user with the visual format menu. Interactions with the user are in accordance with the visual format menu.

Abstract: An encrypted content and a license are separated from each other to be distributed individually, so that the encrypted content is decrypted using the license in a user apparatus. A server encrypts licenses of a plurality of encrypted contents for package sale to generate an inactive license packaged in one file and distribute the inactive license to a user terminal utilizing an activation license for package sale. An activation license for package sale is distributed in response to a purchase request from the user terminal, a plurality of encrypted licenses contained in the inactive license are decrypted, an encrypted content contained in an object for package sale is decrypted using a license corresponding thereto so that the decrypted content is reproduced.

Abstract: An optical disc undergoes authentication by reading a designated area on the optical disc containing authentication data. Following authentication, the designated area undergoes irradiation by the laser beam that reads the optical disc to erase recordable sectors in the designated area when the optical disc comprises a recordable disc to render unreadable data contained in the designated area for disc authentication.

Abstract: A method for preventing unauthorized recording of media content on an Apple operating system (OS). The present method registers a compliance mechanism on a client system having the Apple OS operating thereon. The compliance mechanism comprises a framework for validating the compliance mechanism on the client system, and a multimedia component opened by the framework. The present method uses the multimedia component for decrypting the media content on the client system. The present method also prevents decryption of the media content on the client system having the Apple OS operating thereon if a portion of the compliance mechanism is invalidated.

Abstract: Access to content may be administered by storing content, the content comprising one or more selections, accessing a passive optical out-of-band token associated with the content, determining an access right for the content based on the passive optical out-of-band token, and enabling access to the content in accordance with the access right.

Abstract: Embodiments are directed towards employing hidden secrets on a client device to detect and deter piracy of a computer application. The computer application is partitioned into components, where a subset of the components is initially provided to the client device. In one embodiment, the computer application is unable to execute properly within the removed or other set of components. The removed components not provided to the client device may then be modified based on hidden secrets information and a verification component and provided over a network to the client device. If the verification component is unable to locate an armed secret, or detects that an armed secret is modified, the computer application may be inhibited from installation and/or execution. In one embodiment, a secret might be unarmed, such that its presence, absence, and/or modification might be ignored.

Abstract: There is provided a method and system for allocating an entitlement to digital media content. In one implementation, the system includes a media server accessible over a communications network and configured to utilize a processor to issue the entitlement including a transferable authorization to access the digital media content to a first user, and to store an entitlement record identified with the first user and authorizing access to the digital media content by the first user in a memory of the media server. The media server is further configured to receive a communication including a data corresponding to the transferable authorization to access the digital media content from a second user and to update the entitlement record to authorize access to the digital media content by the second user.

Abstract: There is disclosed a method for generating data for a recording medium. The method includes receiving original content data representing a plurality of still images and identifying a first subset of the still images to be recorded with copy-protection and a second subset of the still images to be recorded without copy-protection. The method also includes converting data representing the first subset into moving image data and copy-protecting the moving image data. The method also includes generating new content data, the new content data including the copy-protected moving image data and data representing the second subset.

Abstract: Techniques are provided for adjusting the number of devices allowed to use a digital product (e.g., software) under a license. In one embodiment, the technique may involve setting the allowed number of devices to a first upper/lower limit for a first time period, and, after the first time period has expired, increasing/lowering the allowed number of devices to a second upper/lower limit for a second time period. The technique may involve, readjusting the allowed number for a third time period, thereby allowing for a changing number of device installations of the digital product.

Abstract: Disclosed are systems, methods and computer program products that enable deployment of an antivirus application on a computer system in a manner that reduce interference of the antivirus application with activities of system users. In particular, the computers system is provided with a plurality of detection devices that may be used to detect when the computers system is being used by the user or when it is in downtime mode. The detection devices may include data input device, such as a mouse or keyboard, temperature sensors, pressure sensors, digital camera, sound wave source and sound wave receiver or other detection devices. The computer system also includes a software agent associated with an antivirus application. The software agent collects and analyses data from the detection devices, determines when the computer system is in a downtime mode, and then launches various antivirus application tasks.

Abstract: A managing method for an application program is disclosed, which includes that: a first terminal converts a file of a specified application program stored by the first terminal per se into an intermediate file in a predetermined intermediate format, wherein the intermediate format can be identified by other terminals having a running environment of the application program (S101); and the first terminal performs backup management on the specified application program by storing the intermediate file into a specified storage location, so as to enable a second terminal to recover the application program that has been made a backup, wherein both the second terminal and the first terminal have the running environment of the application program (S103). A managing device for an application program and a terminal are further disclosed.

Abstract: A security system includes an appliance to be secured, including a processor and a first wireless transceiver for accessing a data network with a first power requirement; and a second wireless transceiver receiving power to operate even if the appliance is off, hibernates or sleeps, the second wireless transceiver operating at a second power requirement lower than the first power requirement, the second wireless transceiver communicating a signal indicating a security status of the appliance.

Abstract: Computer-implemented methods and apparatus to perform a valid transfer of an electronic mobile ticket on a mobile device by a ticketing application system of a ticket processing center. One method includes: receiving a first electronic message from a first user, where the first message includes an encrypted electronic mobile ticket and a mobile device number of a second user, and where the electronic mobile ticket is encrypted with a key shared between the first user and the ticketing application system; decrypting the encrypted electronic mobile ticket; generating an electronic mobile ticket encrypted with a key shared by the ticketing application system and the second user; and transmitting a second electronic message that includes the electronic mobile ticket encrypted with the key shared between the ticketing application system and the second user to a mobile device of the second user.

Abstract: An image processing apparatus which is capable of improving security of a printout by preventing a user from forgetting to take out the printout, and improving the efficiency of the whole system and user operability. A network section receives a job and a user ID for identifying a user from an external apparatus, and receives a user ID for identifying a user who is to exit from a specific area. It is confirmed whether or not the received user IDs match each other, and if it is confirmed that the received user IDs match each other, it is further checked whether or not the job of the user has been executed. If it is checked that the job of the user has not been executed, an attribute of the job is changed.

Abstract: An instance of an application hierarchy can be stored on a client computer to facilitate enforcement of software licensing by a software license component of a software protection system. The application hierarchy is a tree structure (e.g., unordered) that includes a top node, one or more product offering group(s), and, one or more selling unit(s). A computer-implemented software protection system can facilitate enforcement of software licensing on a client computer. The software protection system includes a software license component that can store and enforce software licensing rule(s). The software license component can further manipulate state data of an instance of the application hierarchy stored in a licensing data store via application program interface(s) (APIs). State data and/or property(ies) of a particular node of the instance of the application hierarchy can be accessed through the API via an assigned identifier.

Abstract: A method for detecting at least one traitor computer system among a plurality of receiver computer systems including: assigning a version of protected content to each of the plurality of receiver computer systems that are currently identified as innocent by a content protection system that monitors distribution of protected content to the plurality of receiver computer systems; recovering at least one unauthorized rebroadcast of the content; generating a score for each of the plurality of receiver computer systems with respect to the recovered unauthorized rebroadcast; calculating a threshold independent of an estimation of maximum traitor computer systems; checking a highest score against the threshold; incriminating a receiver computer system having the highest score above the threshold as a traitor computer system; and removing any unauthorized rebroadcasts overlapping with the traitor computer system. The process may be repeated from generating scores until all traitors are identified.

Abstract: The various embodiments of the present invention provide a secure software distribution and execution method. According to the method, a server receives software from service provider for downloading to a client and identifies the sections for encoding. APIs are inserted in the identified sections. A unique ID is created based on the identity of the each client to generate an encryption algorithm, decryption key and decryption algorithm. The identified sections are encrypted with the generated encryption algorithm. The encrypted application along with encryption algorithm, decryption key and decryption algorithm are downloaded to the driver of the client machine. The API makes call to the driver by sending the encrypted segment when the encrypted portion is reached during the execution of software in the client machine so that the driver decrypts the encoded portion using the received key and the decryption algorithm to enable the continuous execution of the downloaded software.

Abstract: During a software activation process, a processing device may provide a software license key to be communicated to an activation authority. The software license key may be provided to the activation authority via one of a number of communication methods, such as, for example, via a telephone, via a facsimile, via e-mail, via a text message, or via other communication methods. A length of the software license key may be based on an expected amount of time to provide the software license key to the activation authority. When the expected amount of time is relatively long, the software license key may be relatively short. When the expected amount of time is relatively short, the software license key may be relatively long. In some embodiments, a relatively short software license key may be a unique subset of a relatively long software license key.

Abstract: A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content.

Abstract: Embodiments disclosed herein relate to determining authorization of a software product based on a first authorization item and a second authorization item. Each authorization item may be a file or a registry key. A processor 104 may determine whether use of the software product is authorized at a particular time period by comparing a first authorization item and a second authorization item.

Abstract: A system and method provide for integrating a Basic Input/Output System (BIOS) Read-Only-Memory (ROM) image. A method includes but is not limited to opening a BIOS modification application; opening a target BIOS binary image within the BIOS modification application; and adding an electronic security and tracking system and method (ESTSM) ROM image to the target BIOS binary image.

Abstract: A method and system for securing a handheld computing device is described. A personal encryption device may be physically connected to a handheld computing device. Responsive to the connection, a main screen user interface may be displayed on a display of the handheld computing device. The main screen user interface may include at least one cryptography option for a user of the handheld computing device. A user-defined input representative of selection of a first cryptography option of the at least one cryptography option may be received, and at least one cryptography process associated with the selected first cryptography option may be implemented by the handheld computing device and personal encryption device. The cryptography options may include encryption, decryption, digital signatures, and digital signature verification.

Abstract: A system and method for generating a triage dump of useful memory data from a computer that encounters an error while executing one or more software programs. The computer system may identify data values within the triage dump that are characteristic of personal data. To protect the privacy of the software user the personal data may be poisoned by overwriting the data values with overwrite values. The overwrite values used to poison the data values may be predetermined, based on the data values themselves, or chosen at random. The triage dump may be sent to an external server to associated with the developer of the one or more software programs for analysis. When overwrite values are dynamically selected, the specific overwrite values used may be sent to the server in connection with a triage dump.

Abstract: A computer-implemented method for data-loss prevention may include: 1) identifying data associated with a user, 2) determining that the data is subject to a data-loss-prevention scan, 3) identifying a data-loss-prevention reputation associated with the user, and then 4) performing a data-loss-prevention operation based at least in part on the data-loss-prevention reputation associated with the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A software tool allows a user to filter out the results produced by a software source code correlation program that is executed on sets of software source code files. The tool allows the user to discard elements of source code that are not relevant to the analysis without requiring the user to run the correlation program multiple times.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: Provided is a method for rendering media content wherein a request to render a first media content stored in a first partition is received, wherein the first partition stores the first and a second media content; the media content is correlated to a first management key block (MKB), binding ID (IDb) and authorization table (AT); the first MKB, IDb and AT are compared to a current MKB, IDb and AT; and if any of the first MKB, IDb or AT do not correspond to the current MKB, IDb or AT, respectively, generating a second partition by rebinding the first media content with respect to the current MKB, IDb and AT to generate a title key; and associating the first media content, the current MKB, IDb, AT and title key with the second partition, wherein the second media content remains associated with the first MKB, IDb, AT and partition.

Abstract: A method, an apparatus and a system perform software deactivation based on a deactivation time period. In some embodiments, a method includes receiving a communication from a first client machine to deactivate a license of a software product that was previously activated on the first client machine. The method also includes determining a specified time period of deactivation. The method includes deactivating the license of the software product from the first client machine responsive to a determination that the license was previously activated on the first client machine during the specified time period of deactivation.

Abstract: To provide a work support apparatus capable of allowing an operator to safely and easily perform work requiring all or a part of a privilege, and concisely confirming the contents of the work later, a work support apparatus 100 includes: an application processing unit 101 for accepting a work application; an approval processing unit 102 for performing an approving process; a work monitoring unit 103 for controlling and monitoring an operation from the operator terminal 111; an approval number collecting unit 104 for collecting information relating to an unnecessary approval number; an approval number management information storage unit 105 for storing approval number management information; and an operation log storage unit 106 for storing an operation log.

Abstract: An information processing apparatus that includes a communication unit for performing communication with one or more external devices and a storage unit for storing device information containing first authentication information used for authentication to selectively perform a process related to transmission of content data on the external device. The information processing apparatus also includes an authenticating unit for authenticating the external device that has transmitted a processing request based on second authentication information contained in the processing request transmitted from the external device and the device information. Furthermore, a processing unit is used for selectively performing a process corresponding to the processing request based on an authentication result in the authenticating unit; and a data transmitting unit for selectively transmitting content data to the external device.

Abstract: Apparatus preventing unauthorized copying of a document includes a secure document reproducing system having a document input device to receive and reproduce the secure document. A reader device detects an electronic data storage device affixed to the document and reads authorization information stored therein. A user wishing to copy the secure document inputs authorization information into a user interface module. The authorization information from the user is compared to the authorization information retrieved from the electronic data storage device, and if the two are identical, the secure document is reproduced.

Abstract: To provide a browsing terminal and the like with high security, which can effectively prevent contents data stored in a terminal from being stolen unlawfully by a third party even if the terminal is accidentally lost. The browsing terminal includes: a receiving part for receiving contents data; a volatile memory for storing the received contents data; a display device with a memory function, which displays the contents data stored in the volatile memory; and a secondary battery for supplying power to the volatile memory and the display device.

Abstract: The invention relates to a method for distributing content to a mobile device using a digital rights management (DRM) scheme, adapted for the case when files are exchanged over an external memory or over a serial connection between a computer (PC) and the mobile device, and a mobile device (ME) adapted therefor. The mobile device creates a request file (RORe-questrop) comprising information necessary for forming a rights object file. On the computer side, the request file is retrieved and a response file is sent back to the mobile device including the encrypted content (Contentdcf) and a rights object file (Content.ro). The mobile device receives the response file and decrypts and stores the content. The files may be exchanged over a DRM folder, arranged in the mobile device and accessible by the computer in mass storage mode, or the DRM folder may be arranged in an external memory (MS) alternately accessible by the mobile device and the computer.

Abstract: Some embodiments include a system, method, apparatus and means for determining that first information in an input data packet is not redundant with second information previously stored in a database system, includes receiving the input data packet, generating a database query based on one or more tagged portions in the input data packet, comparing second information retrieved by the database query with the first information to identify at least a first portion of the first information that is different than the second information, and causing storage of the at least a first portion of the first information in the database system.

Abstract: Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, “trusted” virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI).

Abstract: A new media device including a decryption device that is operable to create a decryption key to read media. The decryption device is itself a read/write device that allows reducing or decrementing each time the decryption key is used.

Abstract: Techniques are provided for controlling the activation of computer games. In one embodiment, the technique may involve receiving a combination of a game identifier for the game and a device identifier for the device. The technique may further involve accessing a database of known game identifiers, each known game identifier being associated with a device count corresponding to a total number of known devices on which a known game was previously played or activated, and obtaining a usage policy for the game.

Abstract: Described herein is a technology facilitating circumvention of dynamic and robust detection of one or more embedded-signals (e.g., watermark, copyright notice, encoded data, etc.) in one or more input carrier signals (e.g., multimedia stream, video stream, audio stream, data, radio, etc.). This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

Abstract: A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.

Abstract: Sharing a secret that can later be revoked. A client sends data to a server that makes the data available to other clients. The data is shared generically without specifically identifying the client. The data can be considered quasi-secret data or data that is secret except for the anonymous sharing of the data. The client can later make the shared data private again by changing or deleting the sharing of the data.

Abstract: The present invention provides a method and system of specifying and enforcing at least one run-time policy for at least one computer process executing on a computer system, where the computer system includes a computer operating system. In an exemplary embodiment, the method and system include (1) relating the policy with an executable file of the process, (2) associating the policy with a running instance of the process, and (3) enforcing the policy on the running instance.

Abstract: Provided is a device that prevents unauthorized copying of a document to which copy inhibition information is added.

Abstract: A computer readable medium for activating a software application for execution on a designated computer, where the computer readable medium has stored thereon computer executable instructions for performing the following steps: computing an installation identifier reflective of the software application and the designated computer; receiving an activation code generated in accordance with the installation identifier and a blinding factor value; computing a first verification code as a function of the installation identifier; computing a trial blinding factor value; computing a decryption key as a function of the trial blinding factor value and the activation code; using the decryption key to decrypt a second verification code; verifying that the first verification code matches the second verification code; and, activating the software application for execution on the designated computer.

Abstract: A system and method for preventing piracy of a given software application limits the number of times that such software application is activated. A given software application must be activated in order to become fully functional. The user must provide a unique software identification code, relating to the specific software which the user is attempting to activate, to a remote provider. The remote provider determines the number of times that such specific software has already been activated, and provides an activation code to the user unless the number of activations exceeds a predetermined threshold. Once activated, the software becomes fully operational, and the user is allowed complete access to its functions.

Abstract: Segmented media content rights management is described. A media device can receive segments of protected media content from media content streams that each include a different version of the protected media content. A media content file can be generated to include the segments of the protected media content that are sequenced to render the protected media content for viewing. A file header object can be instantiated in a file header of the media content file, where the file header object includes DRM-associated features, such as one or more DRM licenses, properties, and/or attributes that correspond to the media content file to provision all of the segments of the protected media content together.

Abstract: An equipment managing system includes an intermediating apparatus and an equipment managing apparatus. The intermediating apparatus is connected to a license management apparatus and a program management apparatus via a network. The equipment managing apparatus is connected to an electronic equipment via a network. The intermediating apparatus stores a program acquired from the program management apparatus and a license file acquired from the license management apparatus to an external storage medium. The equipment managing apparatus sends the program and the license file recorded in the external storage medium to the electronic equipment.

Abstract: A system including a server apparatus executes an application program and a client apparatus enabling a user to utilize the application program by communicating with the server apparatus based on an instruction of the user. The server apparatus includes: an output detection section for detecting output-processing which is processing of outputting data from the application program into a shared area; and an output control section for storing instruction information in the shares area, instead of storing the output data outputted from the application program therein, in response to the detection of the output-processing, the instruction information specifying an acquisition method by which an authorized client apparatus acquires the output data.

Abstract: Anti-pirate circuitry is provided for combating the theft of intellectual property contained with semiconductor integrated circuits. The anti-pirate circuit includes a unique number generator that provides a multi-bit die ID data string that is unique to the integrated circuit associated with the anti-pirate circuit. One time programmable (OTP) EPROM circuitry reads the die ID data string at wafer sort and writes the data content to nonvolatile memory. During a subsequent verification cycle, ID comparator circuitry compares the data string provided by the unique number generator to the stored contents of the nonvolatile memory. If the comparison results in a mismatch between more than a predefined number of bits, then the integrated circuit associated with the anti-pirate circuit is not enabled for operation.