Abstract: A method of using rights corresponding to broadcast contents in a terminal having a memory card attached thereto. The method according to one embodiment includes checking, by the terminal, whether or not rights corresponding to broadcast contents include a constraint for verifying an existence of the memory card and an existence of the rights within the memory card; and if the rights include the constraint, performing, by the terminal, a procedure for verifying the existence of the memory card and the existence of the rights within the memory card through an SRM Ping protocol, the performing the procedure for verifying including transmitting, from the terminal to the memory card, a request message, receiving, by the terminal, a response message, and continuing/initiating or stopping/not initiating a consumption of the rights. The constraint includes at least one of a synchronized element, a sync Threshold element, and a check Interval element.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: The present invention relates to a method for identifying and/or, authenticating, and/or authorizing a first radio station in a radio network, comprising the steps of (a) at the first radio station, transmitting to a second radio station a first radio station identifier computed from a set of identity parameters based on the identity of the first radio station, comprising at least one identity parameter, (b) at the first radio station, transmitting at least one identity parameter from the set of identity parameters, (c) at the second radio station, comparing an authentication identifier computed on the basis of the transmitted identity parameter to the first radio station identifier for enabling a subsequent communication between the first and second radio stations.

Abstract: Establishing access controls includes establishing a communication session between an unrecognized user identity of a user device and a destination system through an online access provider device that provides the user device with access to the destination system. The communication session is established from a premise having associated therewith one or more user identities that are recognized by the online access provider device, with at least two of the recognized user identities being associated with different access control levels. An access control level to apply to communications between the unrecognized user identity of the user device and the destination system is determined by applying an access control level established for one of the recognized user identities. The determined access control level is applied to communications between the unrecognized user identity of the user device and the destination system.

Abstract: Embodiments of the present invention provide a network label allocation method, a device, and a system, which enable a local PE to distinguish packets from different remote PEs. The method includes: generating, by a local provider edge PE, a VPN label route for each remote PE, where VPN labels in VPN label routes of different remote PEs are different, and the remote PE and the local PE at least belong to a same VPN; and sending the VPN label route to the remote PE, so that the remote PE separately matches an IP address of the remote PE with a target device IP address in the VPN label route, and matches an import route target RT of each VRF of the remote PE with a route target RT in the VPN label route, a packet related to a successfully matched VRF.

Abstract: This disclosure relates, e.g., to governing distribution of content on a web-based service. One aspect of the disclosure relates to a system comprising various interfaces, e.g., for: i) receiving content posted to a web-based service, for distribution by the web-based service to the public, and ii) presenting for review one or more items of user-posted content hosted by the web-based service that are identified as a match with identified copyrighted content, and receiving, via an interface for use in confirming the match, information regarding the match, ii) distributing the received content from the web-based service along with an attribution associated with the identified copyrighted content. A great variety of other aspects, claims, features and arrangements are also detailed.

Abstract: Methods and devices for protecting and manipulating sensitive information in a secure mobile environment are disclosed. Methods and devices for processing secure transactions and secure media processing up to rendering in human readable form using abstract partitioning between non-secure and secure environments are disclosed.

Abstract: A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials.

Abstract: Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.

Abstract: A method for crypting one or more data blocks comprising: providing a main table 100 comprising a circular array of K randomly distributed bits with a predetermined start point, generating a master key 504 based on a series expansion of a user key, generating a first set of tumblers 506 using the master key, wherein each element of the master key defines a unique bitwise rotation of the main table from the predetermined start point, performing an XOR operation on the first set of tumblers to form a mask of K bits 508; generating a block key 512 based on the mask; and crypting 514 the one or more data blocks with an XOR operation of the block key.

Abstract: A memory region on an IC card has a hierarchical structure. Each application allocated on the memory region is registered in a directory, and the memory region is managed in directory units. A personal identification code is set for each application and directory, and the access right is controlled in application units or directory units. If a mobile terminal is lost, the right to access each application in the IC card automatically disappears. Therefore, the right to access each application allocated to the memory region on the IC card is efficiently controlled.

Abstract: The illustrative embodiments provide a computer implemented method, apparatus, and computer program product for receiving a request from a client to instantiate an electronic document. After successful completion of mutual authentication between a web application server and the client, the web application server provides the electronic document to the client. The web application server may then receive a set of changes associated with the electronic document to form a modified document. After receiving a request from the client for a digital signature to be generated for the modified document, the web application server generates a digital signature using a private key of the web application server and an identity of an end-user associated with the client. The web application server then signs the modified document with the digital signature.

Abstract: A system for processing a media content comprising an application space, a media control mechanism operating in the application space, the media control mechanism controlling the operation of the system, a user interface adapted to provide input to the media control mechanism, a protected space distinct from the application space, and a protected media pipeline operating in the protected space, the protected media pipeline coupled to the media control mechanism, the protected media pipeline adapted to access the media content, process the media content, and output the media content.

Abstract: Systems and methods can detect the unintended transfer of confidential data or confidential information over wireless networks. Further, systems and methods can prevent, wholly or in part, the loss of confidential user data during transfer of data through a wireless network. A protection rule or option can be selected according to a certain security level of a wireless network. Additionally, data can be subsequently transferred in accordance with the selected protection option.

Abstract: A method and system to support multiple chains of authentication modules. The method may include receiving a user login request, and identifying multiple chains of authentication modules to be performed prior to allowing a user to login, where each chain of authentication modules is associated with a chain manager. The method further includes determining dependencies between chain managers, invoking the chain managers in the order defined by the dependencies, and responding to the user login request based on execution results of the authentication modules.

Abstract: According to an aspect of the embodiment, an information processing unit includes a browser unit that receives page files and execute a web application; an application range management unit that receives application range information at the start of execution of the web application, and stores that information in a memory unit; a termination detecting unit that, when the page file being processed by the browser unit changes, determines whether or not the web application being executed has terminated depending on whether or not the new page file is included in the application range information; a usability determining unit that determines whether or not an add-on for which a call request is issued is allowed to be used in the web application being executed; and an add-on calling unit that calls an add-on when determined that the add-on is allowed to be used in the web application being executed.

Abstract: Techniques for authenticating the identity of shippers and receivers of goods at each point along a supply chain. A central hub repository issues shippers and receivers a pair of public and private keys for encrypting communications between the shippers and receivers and the hub repository and for authenticating the identity of shippers and receivers. The hub repository may also maintain a log of all transactions between shippers and receivers to provide an audit trail that may be used to track the progress of goods along a supply chain.

Abstract: A content assessment apparatus, content assessment method, information reproducing apparatus, and information recording medium are provided that can determine whether digital content has been processed abnormally.

Abstract: A system connected to an existing computer includes a unit for monitoring the screen and provides input, and a storage unit that stores data that pair screen buffer regions with authentication details. The system learns new pairs via user training and presents stored authentication details when the screen buffer matches a related stored region which is paired with a region of the screen.

Abstract: A Web browser of a computing device downloads or otherwise obtains a file. File information identifying the file is obtained and is sent to a remote reputation service. Client information identifying aspects of the computing device can also optionally be sent to the remote reputation service. In response to the file information (and optionally client information), a reputation indication for the file is received from the remote reputation service. A user interface for the Web browser to present at the computing device is determined, based at least in part on the reputation indication, and presented at the computing device.