Abstract: A data transmission method includes requesting, by a plurality of transceivers, an authentication to a main controller, transmitting an authentication acceptance signal and separate decoding keys from the main controller to the transceivers, transmitting an encoded data bundle from the main controller to the transceivers and extracting, by each of the transceivers, some of data in the at least one encoded data bundle using the decoding key.

Abstract: A network information system, and a method of operation thereof, includes: an extraction module for extracting a unique device identification for sending to an e-commerce server, wherein the unique device identification is extracted from a network-connected device with a software application installed and not activated on the network-connected device; a settlement process module, coupled to the extraction module, for generating a notification based on the unique device identification for sending to a license server; and a key generation module, coupled to the settlement process module, for generating a product key for the unique device identification based on the notification for activating the software application to run on a computing device.

Abstract: A digital medium such as a DVD disk, may contain hidden content and apparent content. When loaded, a main or title menu may appear to provide an apparent link to apparent content and a non-apparent link to non-apparent content. The non-apparent link may require a user to perform a sequence of non-apparent control actions before providing access to the non-apparent content.

Abstract: A method of distributing media content using mobile communication devices including providing media access cards which promote selected media content to users of such devices whereby a user may access a web server associated with the media access cards and download application software enabling access to selected media content via a mobile device, the media access cards including a machine readable identification number code that identifies media content associated with the card whereby the application software facilitates reading and transmitting the code to a web server via the mobile device, receiving the identification number with the web server and using the identification number to locate a table value in a database wherein a plurality of media access cards identification numbers are associated with a media content table value, using the table value to identify media codes associated with the selected content server which transmits media to the mobile device.

Abstract: A method and system for receiving, processing, storing and sending data of internet connected devices, within an individual encrypted user environment. In a setup process the device sends a request to a server system to connect to the user environment. The server then presents a web page to the user containing the details of this request. The user can subsequently allow or not allow the device to connect to the user environment. If the user allows the device to send data, the application is searched within the user environment on the server system for correctly receiving and sending data from and to this device. In a use example an application running within the individual environment on the server system collects, processes or sends sensor data from devices connected to the individual environment and other applications within the same user environment.

Abstract: A system and method for embedding digital audio watermarks in audio source information based at least upon identified video content are described. An audio/video processing system receives audiovisual data. A video content analyzer within the system analyzes video source information of the audiovisual data, determines video content depicted by data in the video source information, and generates an indication of the video content. An audio watermark embedder of the system receives the indication, and based at least in part on the indication, adjusts watermark embedding parameters used for embedding the audio watermark in the audio source information.

Abstract: This technology manipulates both the plaintext and ciphertext before and after encryption respectively and prior to dissemination to recipients. The manipulation mitigates the possibility of discovery of the encryption key(s) and/or encryption parameters. Even if all of the encryption parameters are known and the encryption key is made available, considerable information would still need to be obtained to enable the recipient to be able to properly decrypt an encrypted message.

Abstract: A display apparatus, a broadcast signal receiving apparatus and methods thereof are provided. The display apparatus includes a signal receiver configured to receive data of content, a display configured to display an image, an interface comprising interface circuitry configured to communicate with a security processing module, and a processor configured to transmit first data of the content to the security processing module in response to a recording event of the content, to receive and store second data and information of a security identifier of the content from the security processing module, and to display an image of the content to which the security identifier is added based on the stored second data and information in response to a play-back event to the content.

Abstract: A video identifier uniquely identifying a video captured by a camera is generated. The video includes video frames and optionally concurrently captured audio as well as video metadata describing the video. Video data is extracted from at least two of the video's frames. By combining the extracted video data in an order specified by an identifier generation protocol, an extracted data object is generated. The extracted data object is hashed to generate the unique media identifier, which is stored in association with the video. The identifier generation protocol may indicate the portions of the video data to extract, such as video data corresponding to particular video frames and audio data corresponding to particular audio samples. The extracted data object may include a size of particular video frames, a number of audio samples in the video, or the duration of the video, for example.

Abstract: Implementations disclose merged video streaming, authorization, and metadata request. A method includes receiving, by a streaming server, a first request to view a media item from a client device via a connection between the client device and the streaming server, and sending a second request to an authorization server to verify that the client device is authorized to play the media item. The method further includes: prior to receiving a response from the authorization server, providing an encrypted portion of the media item to the client device via the connection, receiving, from the authorization server, a verification that the client device is authorized to play the media item, and sending, via the connection between the client device and the streaming server, a cryptography key for decrypting the encrypted portion of the media item to the client device.

Abstract: A server that includes an interface configured to receive a registration request from a control unit. The server further includes a processor configured to authenticate the control unit based on the registration request. The server is further configured to register a primary user device associated with the control unit and register a secondary user device associated with the control unit. The server is further configured to establish a control link between the control unit and the primary and secondary user devices. The control links facilitate control commands between the control unit and the primary and secondary user devices. The server is further configured to store the installation report in a server database.

Abstract: The disclosed embodiments provide security extensions for memory (e.g., non-volatile memory) by means of address and data scrambling and differential data storage to minimize exposure to side channel attacks and obfuscate the stored data. The scrambling function maximizes reverse engineering costs when recovering sequences of secret keys.

Abstract: The embodiments provide for binding files to an external drive, a secured external drive, or portable data locker. The files are bound in order to help restrict or to prevent access and modification by certain computers or users. Computers or users that are authorized or within the authorized domain are permitted full access. The files stored on the external drive may be bound in various ways. The files may be encapsulated in a wrapper that restricts the use and access to these files. The bound files may require execution of a specific application, plug-in, or extension. A computer may thus be required to execute program code that limits the use of the secured files. In one embodiment, the external drive provides the required program code to the computer. In other embodiments, the required program code may be downloaded from a network or provided by an external authority.

Abstract: A method is disclosed for offering transaction account consumers with payment term options to pay a minimum amount due early, defer payment into the following payment cycle, and pay a standard amount when due. When generating a periodic billing statement, the invention determines a consumer's eligibility to elect early payment, deferred payment, and regular payment. When a consumer is eligible for early payment, a received payment is compared to a discount rate tier, then a discount amount is calculated and credited to the consumer's account. When the consumer is eligible for deferred payment, the system calculates a new current minimum payment due by multiplying the current non-deferred balance by a predetermined percentage amount and adding the result to the deferred balance. When the consumer is not eligible for deferred payment, the system calculates a new current minimum due by summing the current non-deferred balance with the deferred balance.

Abstract: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.

Abstract: Systems and techniques of the management of the metadata of a database are presented. A provider is in communication with a database and a set of consumers of the database. Data may be changed by addition, editing or deletion from the database and such changes are recorded and/or maintained by the provider on a list of changes. The changes on this list may be associated with a sync token. The provider may also maintain a list of consumers and associate with each consumer a last sync token which describes when the last sync request and update on the database was made with the consumer. Data which is deleted from the database is recorded with a tombstone. The tombstone is maintained on the list of changes until all consumers have been made aware of the deletion—then the tombstone may be deleted from the list of changes.

Abstract: A method and system for tracking a marketing channel of an application is disclosed. A marketing channel tracking method includes generating identification information for identifying an editor and an application corresponding to the editor that provides a marketing channel of the application, transferring the identification information from the editor through a user terminal, and storing the identification information corresponding to a user terminal in response to the user terminal downloading the application through the marketing channel.

Abstract: An image processing device for recognizing an object corresponding to a registered image registered beforehand from an imaged image, comprising: an obtaining unit configured to obtain the imaged image; a recognizing unit configured to recognize an object corresponding to the registered image from the imaged image; and a detecting unit configured to detect, based on a registered image corresponding to an object recognized from the imaged image thereof, an area where another object is overlapped with the object corresponding to the registered image thereof.

Abstract: A method of setting function includes first to fourth steps. The first step connects a recording medium to a first electrical apparatus having an optional function either disabled or temporarily enabled, the recording medium containing license information to enable the optional function. The second step allows first electrical apparatus to authenticate the license information. The third step, subsequent to the second step, enables the optional function of the first electrical apparatus. The fourth step, subsequent to the third step, records the optional function as having been authenticated in the license information.

Abstract: Embodiments are directed to a secure MapReduce model for distributed processing and decoding of big data streams. An encoding engine may be employed to divide a data stream into equally sized segments. The segments may be encoded using a document key provided in a set of bundles. The bundles may contain encoded segment metadata, including the document key used to encode the stream. The document key and segment metadata may be encrypted using public key cryptography, and optionally included in the bundles. The encrypted bundles may be embedded into the encoded segments which may be provided to other network computers that include a decoding engine and an application engine. The encrypted bundles may be decrypted to obtain the document key for each encoded segment. The encoded segments may then be decrypted using the document key. And, each decoded segment may be provided to an application engine for further processing.

Abstract: Aspects relating to client server interactions using cookies are provided. A computer-implemented method is provided that includes receiving a request from a user for a first advertisement associated with a first advertiser, the request including first cookie data, the first cookie data including a first identifier specified for a first cookie, the first cookie being associated with a first group of advertisers including the first advertiser and a third advertiser, receiving a request from the user for a second advertisement associated with a second advertiser, the request including second cookie data, the second cookie data including a second identifier specified for a second cookie, the second cookie being associated with a second group of advertisers including the second advertiser and where the advertisers of the second group of advertisers are distinct from the advertisers of the first group of advertisers.

Abstract: Business rule statements written in a natural language are automatically converted into DRL language sentences. A language conversion apparatus 10 includes: a storage device 16 that stores syntax definition information 30 for defining syntaxes to convert a business rule statement written in a natural language into a DRL language sentence on a syntax basis, and conversion information 40 for converting element variables of the business rule statement into element variables of the DRL language sentence; and a CPU 11 that analyzes a syntax of the business rule statement by comparing the business rule statement with the syntax definition information 30 and converts the business rule statement into the DRL language sentence by referring to the conversion information 40.

Abstract: Systems and methods of securely storing and retrieving data are disclosed. A database may include a table of data with rows and columns and encrypted at rest. The data may be desired to be accessed by users. However, each user may have different access permissions and each row or column may have different characteristics, such as encryption, data type, and/or the like. As such, access to the data may be controlled in according to the characteristics of the data, the access permissions of the user, and/or the encryption of the data.

Abstract: Systems and methods are provided for securely providing a media stream from a server device to a remote player via a communications network. A request for a connection is received from the remote player at the server device via the communications network. In response to the request for the connection, an authorization credential is requested from a central server via the communications network. Further, in response to the authorization credential received from the central server, the media stream between the server device and the remote player can be established over the communications network. At least a portion of the media stream may be encrypted based upon the authorization credential.

Abstract: Systems and methods for providing one or more secure services are disclosed. One method can comprise authenticating and/or authorizing a user device to receive a security token. A request for information can be processed using the security token to facilitate the secure provision of services to the user device.

Abstract: Systems and methods are provided herein for automatically overriding an auto-skip command embedded in a media asset annotation when a user profile indicates a preference for content that is to be auto-skipped. To this end, a media guidance application may play back a media asset to a user, and detect therein a skip annotation that corresponds to a portion of the media asset that is to be played back. The media guidance application may, in response to detecting the skip annotation, access metadata indicating content of the portion, compare the metadata to entries of a profile of the user, and determine whether the user prefers the content based on the comparing. If the user prefers the content, the media guidance application may refrain from executing a skip command indicated by the skip annotation.

Abstract: Methods, systems, and devices are disclosed for providing control of an unmanned aircraft (UA). A server may receive an indication from a UA that a transition from autonomous flight to pilot controlled flight is required while the UA is in autonomous flight. The server may select a pilot station for providing pilot controlled flight of the UA. Selecting a pilot station for providing pilot controlled flight of the UA may be based on a pilot criterion associated with the pilot station. A UA may detect a condition that requires a transition from autonomous flight to pilot controlled flight and establish a pilot criterion for pilot controlled flight based on the detected condition. The UA may send a request for a pilot that includes the pilot criterion and information about the condition.

Abstract: Approaches for operating a network personal video recorder operated by a content provider. The network personal video recorder may be located at a head-end of a digital content provider. A network personal video recorder receives, from a user, authentication credentials that provide the network personal video recorder access, via the Internet, to a storage medium belonging to or associated with the user. After the user instructs the network personal video recorder to record a video program, the network personal video recorder stores a copy of the video program on the user's storage medium using the user-provided authentication credentials. Thereafter, when the user wishes to view the video program, the user can instruct the network personal video recorder to read the copy of the video program from the storage medium and play the video program on a device of the user.

Abstract: Technologies to provide a secure data storage service in a cloud computing environment are generally disclosed. In some examples, a method comprises: partitioning a data resource into data particles, assigning logic groups to the data particles, assigning physical storage groups to the data particles, and/or storing each physical storage group at corresponding storage resource, receiving a request for the data resource, determining whether the request for the data resource is valid, and if the request is valid, transmitting the data particles of the data resource to the client. The method enables improved security for accessing data, and also improves the user experience in cloud computing environments.

Abstract: This disclosure relates generally to multi-factor authentication, and more particularly to method and system for multi-factor authentication. In one embodiment, the method includes receipt of an audio input at a device, and a plurality of authentication parameters from at least one of the device and a server communicably coupled to the device. The plurality of authentication parameters are encrypted to generate a plurality of encrypted authentication parameters. The plurality of encrypted authentication parameters are embedded as watermarks into the audio input to generate a watermarked audio signal. The watermarked audio signal are encrypted to generate an authentication audio signal. The authentication audio signal is transmitted to an authentication server over an audio communication channel to authenticate the access at the device.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed.

Abstract: Techniques for encrypting the data in the memory of a computing device are provided. An example method for protecting data in a memory according to the disclosure includes encrypting data associated with a store request using a memory encryption device of the processor to produce encrypted data. Encrypting the data includes: obtaining a challenge value, providing the challenge value to a physically unclonable function module to obtain a response value, and encrypting the data associated with the store request using the response value as an encryption key to generate the encrypted data. The method also includes storing the encrypted data and the challenge value associated with the encrypted data in the memory.

Abstract: Technologies for managing network privileges of members of graft-network include detecting a computing device in physical presence with a network infrastructure, determining whether the computing device is a member of the graft-network, and establishing initial network privileges for the computing device if the computing device is not a member, without direct programming of the member. The network privileges of members of the graft-network are updated over time as a function of the length of time for which the computing device is in physical presence of the network infrastructure. A computing device may be in physical presence of the network by physical contacting a communication bus of the network infrastructure or being within a limited communication range of the communication bus. New members to the graft-network may be quarantined to reduce risk to the network.

Abstract: Techniques are disclosed for secure playback of protected multimedia content on a game console using a secret-less application. An SSO model can be used for client authentication at a key server, which eliminates the need of storing or using any secret information in the client application. Further, an encrypted content key generated by a content packager using a public key can be deployed in the key URI of a playlist file, which is sent to the key server. The key server can be configured to decrypt the content key using a corresponding private key. Further, the content key and unencrypted samples are protected in the game console client application from debugging and replay attacks by using additional security checks at both the client and key server. By storing secret information remotely from the game console and using the SSO model, DRM policies can be enforced on an untrusted client application.

Abstract: An intermediary system reduces a delay associated with the compression and transmission of content resources to a user's device. For example, the intermediary system compresses a first content resource, generates a signature of the first content resource, stores the compressed first content resource and the generated signature, and transmits the compressed first content resource to the user's device. When the user's device or another user's device requests a second content resource at a later time, the intermediary system generates a signature of the second content resource and compares it with the signature of the first content resource. If the signatures match (meaning the first and second content resources are very likely identical), then the intermediary system merely transmits the compressed first content resource to the appropriate device instead of first compressing the second content resource and then transmitting the compressed second content resource to the appropriate device.

Abstract: Methods, systems, and apparatus, including computer program products, for regulating access of consumers (e.g., applications, containers, or VMs) to resources and services (e.g., storage). In one embodiment, this regulation occurs through the use of access or action permits, referred to as permits that the consumer acquires from an intermediate entity—an Action Manager (AM)—prior to accessing the resource or service. Regulating access includes, for example, controlling one or more of the number of concurrent accesses to a particular resource, the rate at which consumers access the resource, the total number of consumers in a group of consumers accessing the resource, and the total rate at which a group of consumers accesses a resource. According to various embodiments, similar regulation is applied to a group of resources (rather than a single resource).

Abstract: Methods, systems, and apparatus, including computer program products, for assuring application performance by matching the supply of resources (e.g., application resources, VM resources, or physical resources) with the fluctuating demand placed on the application. For example, the systems and methods disclosed herein can be used to ensure that the application is allocated sufficient resources when it is initially deployed to handle anticipated demand; dynamically alter the resources allocated to the application during operation by matching the resource requirements to the actual measured application demand; and predict future resource requirements based on planning assumptions related to future application demand.

Abstract: Secure content transfer systems and methods to operate the same are disclosed. An example system includes a content server to encrypt content according to an encryption key, and to transfer the encrypted content, the encryption key and a license to a client that supports a digital rights management technology. The example system further includes a broadcast system headend to determine the encryption key, wherein the broadcast system headend is physically separate from the content server, and a digital rights management license server to provide the license.

Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: Techniques are described for providing functionality to allow a viewer of a television show to watch a “previously on” segment of an episode of the television show and be able to watch the scenes from prior episodes referenced in the “previously on” segment.

Abstract: According to an embodiment, an image erasing apparatus includes an accessory information acquiring unit and an execution availability determining unit. The accessory information acquiring unit acquires accessory information related to security of the sheet based on attribute data of a sheet on which an erasable image is formed. The execution availability determining unit each determines execution availability of erase processing for the image on the sheet and execution availability of preservation processing for the image data generated by the readout unit, based on the accessory information.

Abstract: To provide for security and robustness in distribution of high value video content such as UHD video, a white list is provided that does not grant default access to content like a revocation listing does, but rather forces a software update on potentially compromised devices to bring them back into copy protection compliance, eliminating, e.g., the use of certain outputs that have been compromised. Prior to outputting content, a source device determines whether the receiving device is on a white list, whether the output is still valid, whether the version number of the receiving device is still valid, and that the receiving device does not have insecure outputs on which it could re-output content.

Abstract: A network information system, and a method of operation thereof, includes: an extraction module for extracting a unique device identification for sending to an e-commerce server, wherein the unique device identification is extracted from a network-connected device with a software application installed and not activated on the network-connected device; a settlement process module, coupled to the extraction module, for generating a notification based on the unique device identification for sending to a license server; and a key generation module, coupled to the settlement process module, for generating a product key for the unique device identification based on the notification for activating the software application to run on a computing device.

Abstract: Systems and methods are disclosed for registering a host computing device at a server and registering a lock device at the server via an application running on a mobile computing device, each being provided host keys from the server that allow communication between the host computing device the lock device. Further, the lock device can only be registered with the server if a current registered device count is less than a maximum registered device threshold.

Abstract: According to an embodiment, an information processing device is connected to a management apparatus via a network. The device includes a receiver, an acquisition unit, an MKB processor, and an authentication unit. The receiver is configured to receive communication information. The acquisition unit is configured to acquire a media key block from the management apparatus, in response to receipt of the communication information from a first external device not belonging to a group previously classified on a management unit basis by the management apparatus, the first external device and the information processing device being enabled to derive a first group key based on the media key block. The MKB processor is configured to generate the group key from a device key of the information processing device and the media key block. The authentication unit is configured to perform encrypted communication with the external device based on an authentication method using the group key.

Abstract: A method begins by a dispersed storage (DS) processing module selecting storage pools within the DSN with available capacity for storing data of a storage group. The method continues by selecting one or more dispersed storage (DS) units within each of the selected storage pools based on a selection criteria and mapping the one or more DS units to the storage group. The method continues by receiving a write request to store a data object to the storage group and by storing the data object in at least one of the mapped one or more DS units. The method continues with the DS processing module issuing an indication unutilized storage space calculated on a proportionate basis based on storage utilized for the storage group as a percentage of total storage utilized and updating a write proportion value based on received storage utilization responses.

Abstract: The present document relates to transcoding of metadata, and in particular to a method and system for transcoding metadata with reduced computational complexity. A transcoder configured to transcode an inbound bitstream comprising an inbound content frame and an associated inbound metadata frame into an outbound bitstream comprising an outbound content frame and an associated outbound metadata frame is described. The inbound content frame is indicative of a signal encoded according to a first codec system and the outbound content frame is indicative of the signal encoded according to a second codec system. The transcoder is configured to identify an inbound block of metadata from the inbound metadata frame, the inbound block of metadata associated with an inbound descriptor indicative of one or more properties of metadata comprised within the inbound block of metadata, and to generate the outbound metadata frame from the inbound metadata frame based on the inbound descriptor.

Abstract: Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request.

Abstract: A wireless station receives a message broadcast by a string broadcast station, which message includes a network information string. The wireless station generates an identifier comprising a tag component and a content component and sends the identifier and the network information string to a datastore. The identifier is stored in association with the network information string in the datastore.

Abstract: An information processing apparatus, which connects to at least one client apparatus via a first network and is connectable to an external apparatus via a second network, includes first and second receiving units, a specifying unit, first and second switching units, and a transmitting unit. The first receiving unit receives client information from the client apparatus via the first network. The specifying unit specifies a device connected to the first network and controllable by the client apparatus. The first switching unit switches connection from the first network to the second network. The second receiving unit receives, based on the client information and the specified device, a control program for controlling the device from the external apparatus via the second network. The second switching unit switches connection from the second network to the first network. The transmitting unit transmits the received control program to the client apparatus via the first network.