Abstract: Certain exemplary embodiments disclosed herein relate to systems and/or methods for distributing advertisements from a central advertisement network to one or more peripheral devices at a location via a local advertisement server. In certain exemplary embodiments, the local advertisement server within a location receives advertisements from the central advertisement network and rebroadcasts them to peripheral devices within that location. Advertising information may be tracked and reported, e.g., for accounting, revenue-sharing, and/or other purposes in certain exemplary embodiments. Thus, in certain exemplary embodiments, the distribution of advertisements is provided to peripherals via a non-web- and non-PC-dependent network. Moreover, in certain exemplary embodiments, reporting and advertising related communications are substantially bi-directional regardless of device type.

Abstract: An information providing device associates in advance and stores a characteristic element which is a candidate to be specified from an image, with content. Further, the information providing device is configured to specify a difference between characteristic elements by comparing a characteristic element specified from a currently acquired image with a characteristic element specified from an image acquired prior to (in the past) the image, and acquire content associated with the characteristic element related to the difference, and display the content on a display.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a processor that causes a STB to present an avatar. The processor can receive from the STB a response of the user, detect from the response a change in an emotional state of the user, adapt a search for media content according to the change in the emotional state of the user, and adapt a portion of the characteristics of the avatar relating to emotional feedback according to the change in the emotional state of the user. The processor can cause the STB to present the adapted avatar presenting content from a media content source identified from the adapted search for media content. Other embodiments are disclosed.

Abstract: Methods and systems for processing and provisioning media content for display on a viewer device are provided. An example method may comprise accessing an advertisement database to obtain a plurality of advertisement media components The advertisement media components may be provided by an advertisement provider that pays to have the advertisement media components accessible. An entertainment database may be accessed to obtain a plurality of entertainment media components, the plurality of entertainment media components being provided by an entertainment provider that receives payment to make the entertainment media components accessible. Thereafter, the entertainment media components may be interspersed between the advertisement media components to provide viewer media content. An award associated with the viewer media content may be selectively allocated and the media content is communicated to at least one viewer device for viewing.

Abstract: In one embodiment, a television configuration technique includes determining a location, from a web service, of a television set using an internet protocol address of the television set or a zip code corresponding to a physical location of the television. Electronic programming guide, interactive programming guide or the like data for a plurality of service providers in the determined location are downloaded. The electronic programming guide data, interactive programming guide data, or the like for one or more channels that are unique between the plurality of service providers are checked against transmitting station identifier data or system information protocol data to identify the specific service provider that the television set is connected to. A channel list for the specific service provider is then determined from the electronic programming guide or interactive programming guide corresponding to the specific service provider.

Abstract: According to an aspect, there is provided a digital television (DTV) data stream including program and system information protocol (PSIP) data associated with content of the DTV data stream, the PSIP data including a virtual channel table (VCT) and an event information table (EIT), the EIT comprising: a source identification field identifying a source of an associated event in a DTV data stream; an event identification field indicating an identification of the event; a start time field indicating a star time of the event; a title field indicating a title of the event; and a descriptor comprising: a descriptor tag identifying the descriptor as a genre descriptor; a descriptor length indicating a total length of the descriptor; and at least one category code for an associated event in a DTV data stream, each category code specifying genre, program type, or category information of the associated event, wherein the at least one category code specifies at least one of a set of basic categories.

Abstract: Systems and methods identify broadcast transmissions of interest to a user by comparing a user's interest profile to characteristics, such as topic phrases, associated with available broadcast transmissions. The method comprises receiving from a viewing station via a communication network an interest profile associated with a user. The interest profile includes data representing a plurality of topics of interest to the user that relate to broadcast transmissions. After receiving the interest profile, a text-based search is performed to identify available broadcast transmissions that match at least one topic of interest included in the interest profile, and a list of one or more of the available broadcast transmissions that match at least one topic of interest included in the interest profile are transmitted to the viewing station so that one or more of the available broadcast transmissions can be selected from the list and presented via the viewing station.

Abstract: Methods and systems are disclosed that allow a user to efficiently navigate media selections in an interactive media guidance application and easily identify media for viewing. The disclosed methods and systems provide an environment wherein video assets are displayed according to a user preference on a mosaic page with multiple cells. A subset of the assets appropriate for display in a particular cell is determined based on the user preference. Relevance scores of the assets meeting the user preference are computed, and the asset having the greatest relevance for the user is selected and displayed the corresponding cell. The relevance scores can be computed based on the user's historic viewing habits, user interaction with a media guidance application, or on specific user input.

Abstract: A digital television (DTV) data stream includes an event information table (EIT), the EIT including: a descriptor including: a descriptor tag identifying the descriptor as a genre descriptor, a descriptor length field, and at least one category code for an associated event in a DTV data stream.

Abstract: Methods and systems for linking a service provider account with patient care information are disclosed. A patient's account information is received. A service account for the patient is identified, and an association between a patient's care record and the service account is stored. Care information for the patient is received and transmitted to a device associated with the patient's service account.

Abstract: A system and method for delivering video content over a network in communication with a subscriber having an associated electronic device is disclosed. A network server is provided and is configured to transmit a plurality of multicast streams of video content over the network. A scheduled start time for the transmission of a first stream of the multicast streams is assigned. A request for the video content is received at a first time, which is after said scheduled start time and the request is the first request for the video content received by the network server after the scheduled start time. The first stream is transmitted over the network only after the request.

Abstract: A bandwidth management system, receiver, and method of managing bandwidth in a content delivery system are described. In one embodiment, the method includes: identifying two or more content items which are associated with at least some common content and which are temporally related; determining a relative priority of the least some of the identified content items; and allowing a receiver requesting the content associated with a lower priority content item to access a multicast associated with a higher priority content item.

Abstract: A video transmission method includes receiving a selected area from an input device. The selected area includes a first portion of a video image received from a video device. The video image includes a second portion, at least some of which is not included in the selected area. The first portion of the video image is transmitted at a first resolution over a network for display. The second portion of the video image is transmitted at a second resolution over the network for display. The second resolution is lower than the first resolution, which allows the system and method to utilize available transmission bandwidth to transmit the video image with the first portion, which may be a portion of interest in the video image, at a higher quality than the second portion, which may be a portion in the video image of less interest than the first portion.

Abstract: A cable service provisioning device includes an integrated cable modem to enable a cable provider to send configuration commands. The device includes an input component that receives an input signal from a cable network and an output component that provides an output signal to a customer premises. The device further includes a cable modem configured to receive configuration commands from a cable head end, radio frequency filters configured to selectively pass a portion of the input signal; and a radio frequency switchboard coupled to the input component, the output component, and the one or more radio frequency filters. A processor is coupled to the cable modem and the radio frequency switchboard and is configured to control the radio frequency switchboard to selectively enable or disable individual radio frequency filters in response to the configuration commands received from the cable head end.

Abstract: Systems and methods for navigating hypermedia using multiple coordinated input/output device sets. Disclosed systems and methods allow a user and/or an author to control what resources are presented on which device sets (whether they are integrated or not), and provide for coordinating browsing activities to enable such a user interface to be employed across multiple independent systems. Disclosed systems and methods also support new and enriched aspects and applications of hypermedia browsing and related business activities.

Abstract: There is provided a system and method for dynamically transmitting a services list to a playback device. The system comprises a display device, a playback device, and a mediator server with a mediator application. The mediator application is configured to receive, from the playback device, a service request for a services list, to send a services list for presenting on a display device in response to receiving the service request, to receive an activation request for at a third-party service listed in the services list, and to activate the third-party service in response to receiving the activation request. By programming a digital video disc such as a Blu-ray disc according to an API and using such a mediator server, a dynamically adjustable list of third-party services may be supported and used by the playback device without changing the disc application code.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a set top box having a controller to eliminate a scheduled recording of a targeted media program, where the scheduled recording is a redundant recording of the targeted media program that is determined based upon monitoring of recordings of media programs by a group of set top boxes in communication with each other over a network, where another set top box of the group of set top boxes is designated as a host set top box to record the targeted media program, and where the controller is provided access to the targeted media program by the host set top box. Other embodiments are disclosed.

Abstract: A digital TV set-top box includes a casing, a fixing frame, an adapter board, a hard disk drive, and a sliding frame. The casing is provided with an opening, and the fixing frame is arranged with the hard disk drive. Since the sliding frame is smaller than the opening of the casing, the sliding frame can pass through the opening and be slidably arranged between two chutes of the fixing frame, and a connecting head of the hard disk drive can be correspondingly plugged into the adapter board so as to establish an electrical connection. As such, the present invention provides a TV set-top box that the hard disk drive can be assembled therewith or disassembled therefrom easily, so that the hard disk drive of the digital TV set-top box can be maintained or upgraded without the need of removing the whole upper casing of the set-top box.

Abstract: DNS-based content routing techniques are described. In one or more implementations, data is examined that describes interactions via a network with content via a domain name. Responsive to the examination, a policy is adjusted to change how one or more network addresses are resolved for the domain name for access to the content. A communication is formed that includes the adjusted policy to be communicated to one or more domain name system (DNS) servers, the adjusted policy configured to specify which network address are resolved for the domain name by the one or more DNS servers for access to the content.

Abstract: Embodiments include processes, systems, and devices for brokering application access to capabilities, such as device capabilities. An access broker receives requests from applications to access capabilities. The access broker determines whether to grant access based at least in part on whether the application manifest declares the capability. The access broker also may cause a user interface element to be displayed requesting user consent to the access request. Also, an in-application user interface element is provided that displays capability access settings for a particular application. The in-application user interface element includes selectable options for changing those settings. Changes in those settings via the user interface update the settings in the access broker.

Abstract: Embodiments of the invention relate to generating security permissions for applications. A static analysis on an application is carried out to determine security exceptions and to determine the application components responsible for the security exceptions. The determined security exceptions are analysed to calculate permissions required for each component. A security policy file that includes a hierarchy of the required permissions suitable for the type of application is formatted and applied to the application to provide a security enabled application.

Abstract: One or more techniques and/or systems are disclosed for generating a test application license for a developer application, such as to test a licensing portion of the developer application on a developer machine. An application identifier (appID) can be created that is particular to the developer application. Developer binding data associated with an authenticated developer of the developer application can be created that is particular to the developer. The appID and developer binding data are combined to create bound application developer data. The test application license is generated for the developer application based at least upon an authenticated developer certificate and the bound application developer data. The generated test application license provides for the licensing portion of the developer application to be tested on the developer machine.

Abstract: A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.

Abstract: An apparatus and method for controlling access to a network in portable terminal based on a characteristic of an application may determine the characteristic of the application based on at least one of a reference security level of the application, a reference data amount of the application, and a reference speed of the application, and may select a network to be connected to from among available networks based on the characteristic of the application when executing the application.

Abstract: An information processing apparatus includes an generating section that generates authentication operation data from an input type associated with the type of the appliance in appliance data and stores the authentication operation data in a storage device, an transmitting section that transmits the authentication operation data to a gateway apparatus, an acquiring section that receives, from the gateway apparatus, input operation data input from an input device of an appliance and stores the input operation data in the storage device, and an collating section that compares the authentication operation data and the input operation data, determines whether the authentication operation data and the input operation data coincide with each other, and outputs collation result data. If the coincidence is determined, the information processing apparatus causes the gateway apparatus to authenticate communication for controlling the appliance between the appliance and the gateway apparatus.

Abstract: Apparatus, methods, and computer program products for providing portable communication identity services are provided. A request is received to access a portable communication identity from a communications device. User information is received that is input by a user of the communications device, and the user information is authenticated. Capabilities of the communications device are accessed, and the portable communication identity is transmitted in accordance with the capabilities of the communications device.

Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.

Abstract: The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.

Abstract: Techniques for achieving storage and network isolation in a cloud environment are presented. A single Internet Protocol (IP) address is presented to multiple storage tenants that use storage in a cloud environment. When each tenant accesses the IP address, a specific identity of the tenant is resolved and the storage stack for that tenant is sent to the tenant's storage machine having the tenant's storage. The tenant is directly connected to its tenant storage machine thereafter.

Abstract: An image processing device, comprises: a display part on which various types of information are displayed; a storage part for storing therein a variety of data; a first browser for accessing an external server and acquiring a web page from the external server, thereby causing the display part to display the acquired web page; a second browser for accessing the external server and acquiring the web page from the external server, thereby causing the display part to display the acquired web page, and that is permitted to access a predetermined storage region in the storage part; a browser boot part for starting up any one of the first and second browsers; and a controller for permitting an access request for the predetermined storage region in response to receipt of the access request from the running browser only when the browser running by the browser boot part is the second browser.

Abstract: Disclosed is a connection authorization method with an access privilege transferring algorithm for safely transmitting privilege information between virtual mobile management tool and communication endpoint gateway (CEG) server through embedded stub. Secret Shared Key (SSK) information is shared between the embedded stub and communication endpoint gateway server (namely, session mediation server) through VMM (Virtual Mobile Management) client. A stub that generates access privilege information transfers access privilege information to VMM tool. The stub applies a two-way communication channel between the session mediation server and the VMM tool by joining the generated privilege information and the SSK information to each other, thereby generating protected privilege information with which a third party or hacker who does not know the secret information is not capable of interfering. Exploiting the protected privilege information makes it possible to safely connect authorization with access privileges.

Abstract: A system in an environment in which WSD is realized by employing SSL includes an authentication server that stores a certificate group which permits printer creation and printing to avoid a risk of spoofing. The system uses a printer having a certificate issued by an official certificate authority. In such a case, if verification on whether the certificate of the printer is included in the certificate group of the authentication server is performed for all printers, there may be a printer which becomes unable to print, or in which the time for performing the verification becomes a waste, depending on the printer. A printer type is thus set when creating the printer, and if the printer has a certificate issued by the official certificate authority, a printer server performs certificate authority (CA) verification with respect to the certificate.

Abstract: The present invention relates to a system for authentication management of a sensor node having a subscription processing function, and a method for operating the system. Upon receiving information about a sensor node allocated with an IP address, the system supports the access of only authorized user equipment to a corresponding sensor node, which blocking any direct access of unauthorized user equipment to the sensor node, thereby strengthening the security of the sensor node. According to the present invention, a relay server receives subscription information from user equipment. The relay server checks permission validity of corresponding user equipment. If the user equipment has a valid permission, the relay server transmits the subscription information to a sensor node, and transmits subscription acceptance information to the user equipment. Then the sensor node transmits the collected and stored information to the user equipment having a valid permission.

Abstract: A system and method for employing fingerprints for user authentication on a website is described. Embodiments of the invention employ a fingerprint scanner integrated into a USB device to scan a current user's fingerprint, and compare it against a stored fingerprint associated with the authorized user. If the current user is determined to be the authorized user, a user name and password associated with a requested website and stored on the USB device is entered onto the website. In one embodiment, the USB device is a password bank that both generates and stores passwords for various websites, removing the need for user memorization altogether.

Abstract: An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine the user's type and invokes a user personal profile and application profile information that pertains to the transaction. The security tool may use the user personal profile and application profile information during user authentications. The security tool determines an initial authentication level and may modify that authentication level during user-to-user transaction operations. The security tool may perform substantially continuous user authentication during transaction operations by employing learned behavior, historical knowledge, and other information that the security tool maintains in a security information store.

Abstract: An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine a relationship between the users and, in response, invoke a user personal profile and application profile information that pertains to the users and the transaction. The security tool determines an initial observed confidence level that indicates a degree of certainty with respect to the accuracy of user authentication. The security tool may continuously determine observed confidence levels from current user actions, learned behavior, and other information within a security information store. The security tool may compare a currently observed confidence level to a predetermined confidence threshold. The tool may halt the transaction if the observed confidence level does not exceed the predetermined confidence threshold thus indicating a breach in security confidence.

Abstract: Methods and systems for accessing databases using a common web interface are provided. A method for transmitting data retrieved from an endpoint device to a client device using a common web interface includes providing the common web interface to the client device. The common web interface allows access to a plurality of endpoint devices, each endpoint device comprising a unique endpoint address. The method further includes receiving, by a computer, identification data from the client device, retrieving an endpoint address for one of the plurality of endpoint devices based on the identification data, connecting to the endpoint device corresponding to the endpoint address, retrieving data from the endpoint device, and transmitting the retrieved data to the client device.

Abstract: A cloud-based broker service may be provided for computing devices in a distributed computing environment. The broker service may aggregate user accounts and user account credentials utilized for accessing online services by the computing devices. The broker service may monitor a context of the computing devices associated with the user accounts. The broker service may then utilize the context, data associated with the user accounts and data associated with the user account credentials to automate tasks and/or provide alerts associated with the data.

Abstract: A method and system for use with a public cloud network is disclosed, wherein the public cloud network includes at least one private cloud server and at least one smart client device in communication therewith. The method and system comprise setting up the at least one private cloud server and the at least one smart client device in a client server relationship. The at least one private cloud server includes a message box associated therewith. The first message box is located in the public network. The at least one smart client includes a second message box associated therewith. The second message box is located on the public network. The method includes passing session based message information between the at least one private cloud server and the at least one smart client device via the first message box and the second message box in a secure manner. The session base information is authenticated by the private cloud server and the at least one smart client device.

Abstract: In an exemplary embodiment, a system includes a memory operable to store a user account identifier associated with a user account and a mobile device identifier associated with a mobile device. The memory is also operable to store a first user credential and a second user credential, the second user credential, wherein the second user credential comprises user input data captured by a sensor. The system includes a network interface operable to receive a request to authenticate a requesting user. The system also includes a processor operable to determine information included in the request to facilitate authentication of the requesting user and whether the information included in the request matches the information associated with the user account. The processor is further operable to authenticate the requesting user if the request is associated with the user account and information included in the request matches the information associated with the user account.

Abstract: A particular method includes storing, at a mobile device, at least one security credential that is specific to the mobile device. The method also includes transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier.

Abstract: A mobile terminal to execute an operation of an application includes an application framework to determine a reliability level of the application, to assign a first secure key value to the operation, and to pack a second secure key value to an event packet generated by the application; and a modem layer to extract the second secure key value from the event packet, to determine whether the second secure key value corresponds to the first secure key value of the operation, and to determine whether to execute the operation. A method for executing an operation of an application includes assigning a first secure key value to the operation; receiving an event packet corresponding to the operation; extracting a second secure key value from the event packet; comparing the second secure key value with the first secure key value; and determining whether to execute the operation.

Abstract: During log-on of a user to an entity protected by a password, the password is verified by iteratively receiving a password character; and verifying that the received character complies with a predefined property (?) that sets at least one requirement for allowable passwords. If this is not the case, then this can indicate a brute force attack and appropriate action may be taken. The property ? may be dependent on the user. Also provided are a corresponding device and a computer program product.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: A firewall cluster system comprises a first node operable to receive a connection in a firewall cluster having three or more nodes, monitor packets of the received connection and determining application state data associated with the connection from the monitored packets in the first node, and share application state data with at least another node in the firewall cluster.

Abstract: A firewall cluster system comprises a first node operable to receive a connection in a firewall cluster having three or more nodes, determine user data associated with the connection, and share the user data with at least another node in the firewall cluster.

Abstract: Devices, methods, and systems for assured pipeline threat detection are described herein. One method for assured pipeline threat detection includes receiving a first set of data at a firewall from an unsecured network, moving the first set of data from the firewall to a number of virtual machines, performing a number of threat detection analyses on the first set of data in the number of virtual machines that are organized in a first assured pipeline, and sending the first set of data to a secured target network if no threat was detected.

Abstract: The present invention is an instant Internet browser based VoIP system with a VoIP client in the form of temporary VoIP applets that can start in a Web browser and can establish an instant peer-to-peer connection with another web-based or hardware embedded/installed VoIP client using session initiation protocol (SIP) and real-time transport protocol (RTP) audio streaming. The applet is a small file that is easily loaded onto a user's browser and uses application program interfaces (APIs) that require no additional libraries. The applet is written in JAVA, although other programming languages may also be used to write the applet.

Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.

Abstract: Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.