Abstract: A system and method for managing digital rights includes receiving a Universal Resource Identifier (URI). The URI is used to identify a location for a user selected digital media item. The digital media item is to be played in a local area network (LAN). The selected digital media item is retrieved from a content server over a network connection. If the selected digital media item is encrypted, a license to decrypt the selected media item is obtained. Access to the license is based on a plurality of access rules, which are based on the terms of the license. The plurality of access rules may also include personal owner rules. If a request for the license adheres to the access rules, the license is received via a secure out of band transfer and the selected digital media item is decrypted for playback via one or more media rendering devices.

Abstract: A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in Internet protocol (IP) multimedia subsystem (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device.

Abstract: A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system includes a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID.

Abstract: Apparatus, method, and media for controlling utilization of content. An exemplary method comprises associating one or more usage rights with content, wherein the usage rights are based at least in part on a usage rights grammar, and wherein each of the usage rights corresponds to a permitted utilization of the content and one or more conditions which must be satisfied in order for the respective usage right to be exercised, receiving from an external computing device external, a request to access the content, the request corresponding to a utilization of the content, determining whether the requested utilization corresponds to at least one of the usage rights associated with the content, and transmitting to an external a computing device, at least one of the usage rights based at least in part on a determination that the requested utilization corresponds to at least one of the usage rights.

Abstract: Apparatus, method, and media for permitting use of content. An exemplary method comprises associating a transfer right with content, the transfer right specifying that the content is permitted to be transferred from a first computing device to a second computing device, transferring the content from the first computing device to the second computing device in accordance with the transfer right, updating information associated with the transfer right based on the transfer of the content from the first computing device to the second computing device, and associating a usage right with the content, the usage right corresponding to a utilization of the content, wherein the first computing device includes at least a server mode of operation, and wherein the second computing device includes both a requester mode of operation and a server mode of operation.

Abstract: Systems and methods to provide and maintain secure financial transaction conducted with a credit card or other cashless payment mechanism at a vending machine or other potentially unattended vending or point of sale device. Encapsulated card readers providing end-to-end encryption capabilities encrypt transaction data for secure transmission to a transaction host or server. Pre-authorization transaction data checking maintains account numbers in a secure encrypted format further enhancing security. Protection mechanisms that guard against, and provide warnings of equipment tampering, while also providing a visual indication to customers regarding the security of the system.

Abstract: Systems and methods for authorizing a customer premise equipment (CPE) device to join a network through a network termination unit (NTU). The CPE device can send an encrypted connection request, and an authorization server can decrypt the connection request and provide a network membership key (NMK) associated with the CPE device to the NTU. The authorization server can encrypt the NMK associated with the CPE device using a device access key (DAK) associated with the NTU.

Abstract: Techniques for automated mobile transaction processing are provided. A consumer traverses to a web portal or other type of enterprise terminal device of an enterprise and proceeds to shop. During checkout, the portal contacts a transaction service and is delivered back an identifying barcode or Quick Response (QR) code. The consumer uses a mobile device to scan the code and send it to the transaction service. Previously registered payment details of the consumer are located and payment is received from the consumer. The portal is notified that payment is completed by the transaction service.

Abstract: A voucher verification system is based on SMS message-based processing of voucher verifications by a central verification authority. Merchants may establish an account with the system and then register mobile communication devices and those of employees by sending an SMS-based registration request to the system. Once registered, the merchant and employees may verify the status of vouchers by sending SMS-base verification requests to the system. Verifications of voucher status are returned to the merchant mobile device via SMS messaging.

Abstract: In some embodiments, techniques for computer security comprise displaying an electronic document, detecting a request to traverse a link, such as a hyperlink or a form submission, wherein the link is associated with an element of the document, evaluating an attribute, wherein the attribute is associated with the element of the document, and determining whether to perform the action based on the evaluation. Applications of these techniques include mitigating the effect of an attempt to modify web pages for fraudulent purposes, such as by a “phishing” attack incorporating malicious scripting.

Abstract: A method for accessing a service on a network, via a user terminal (30), includes a subscription phase wherein: a container is generated, including a first set of authentication data for accessing the service and a second set of useful data relating to access rights to the service the first and second sets of data being encrypted, the container is transmitted securely from the user terminal, and an access phase wherein: the container is transmitted securely from the terminal to a management server connected to the network, during a request for access, after decryption of the constituent data of the container, the server verifies the validity of the first set of data and, in the event that verification is successful, authorizes access to the service for its execution, based on the access rights.

Abstract: A method, system and software for permitting use of digital works having rights associated therewith in a system having repositories configured to enable use of the digital work in accordance with the rights, including associating a transfer right with a digital work, the transfer right specifying that the digital work is transferred from a first repository to a second repository; transferring the digital work from the first repository to the second repository in accordance with the transfer right; and in response to the transferring, step updating transfer right information in respect of the digital work.

Abstract: When a conflict occurs among usage rules for content data, a verification on the content data is made in accordance with the conflict solution policy defined in the usage rule for each of the content data. Available content data are determined in correspondence with a combination of grant verification results individually made on the content data.

Abstract: A method for automatically linking an anonymous electronic trade order having an order quantity (q) to an identity of a trader by providing an identity marker (s) of the trader; embedding the identity marker (s) by splitting the anonymous trade order into a number (n) of trade orders each having a corresponding order quantity x (i) to generate a trade order set; and placing the generated trade order set in an electronic order book.

Abstract: Transactions such as sales and exchanges of resources are managed in a virtual environment. A transaction manager receives a request for a transaction which involves multiple entities in the virtual environment. The request identifies the entities, as well as resources, such as objects and virtual currency, to be exchanged among the entities in the transaction. The request is first validated. Next, the resources which are to be contributed by the entities are gathered. An object is gathered from a first entity by updating a database record to render the object inaccessible. A new database record associates the object with a second entity, and renders the object inaccessible. A reserve can be imposed on a virtual currency account. The resources are then delivered to the entities, e.g., by updating the new database record to render the object accessible to the second entity. If the gathering fails, an undo phase is entered.

Abstract: In a franking method and a mail transport system, a franking image is calculated before generation thereof on a mail piece. The franking image includes a franking image key, and for each new franking image, the franking image key therefor is derived from a predecessor franking image key according to a first crypto-algorithm. An integrity check code is also generated based on the new franking image key, a key generation number, an apparatus identifier of the franking device, and a second crypto-algorithm. The franking image includes at least the device identifier, the key generation number and the integrity check code. Upon transport of the mail piece to a sorting center, the franking image is scanned and fees for billing are generated based thereon.

Abstract: One implementation provides a computer program product tangibly embodied in an information carrier. The computer program product includes instructions that, when executed, perform a method for processing a message related to an electronic document. The method includes transmitting an electronic document having a unique identifier from a first system to a second system and receiving at the first system a message from the second system related to content contained in the electronic document. The message includes a predetermined field for the unique identifier that links the message to the electronic document. The method may also include notifying a user of the first system that the first system received the message. The notifying may include updating a list of tasks. One of the tasks may indicate that the user may view the received message on the first system.

Abstract: An apparatus is designed for using a music content composed of at least one content material in accordance with security information of the music content. In the apparatus, a reading section reads a recording medium which records a data file of the music content having a chunk structure including a content material chunk and a security information chunk. The content material chunk contains substantial data of the content material and identification information for uniquely identifying the content material. The security information chunk contains security information of the content material and identification information for uniquely identifying the content material. A using section permits use of the content material when the identification information read from the content material chunk coincides with the other identification information read from the security information chunk.

Abstract: A proxy server and corresponding method are provided for managing the controlled distribution of digital content as it propagates through a social network. A proxy server receives digital content and associated distribution parameters from an originating peer. The distribution parameters define access rights for n allowable levels of possible network distribution. After other peers are invited to share the digital content or the invited peers request access to the digital content, the proxy server generates a rights-managed form of the requested digital content in accordance with the access rights established by the originating peer for the level associated with the requesting peer(s). The proxy server forwards a copy of a content key and other content identifiers to an associated license server and then sends the rights-managed form of digital content to the requesting peer(s).

Abstract: A method for protecting sensitive data during execution time. The sensitive data are normally stored on permanent storage devices (e.g. a hard disk). The method, according to the present invention is based on the creation at system boot of a runtime process and a corresponding runtime memory space. The sensitive data are then moved to the runtime memory space and the copy on the storage device is deleted or made unusable by users. At shutdown time the sensitive data are copied back to the storage device according to the uptodate version on the runtime memory. In particular the present invention is applied to a license management system which allows nodelocked licenses on client system even if the client is disconnected from the network. License information are considered sensitive data which should be protected during execution. A device driver is created at system boot time and a kernel cache memory is allocated to the driver.