Abstract: An image processing device for recognizing an object corresponding to a registered image registered beforehand from an imaged image, comprising: an obtaining unit configured to obtain the imaged image; a recognizing unit configured to recognize an object corresponding to the registered image from the imaged image; and a detecting unit configured to detect, based on a registered image corresponding to an object recognized from the imaged image thereof, an area where another object is overlapped with the object corresponding to the registered image thereof.

Abstract: A method of setting function includes first to fourth steps. The first step connects a recording medium to a first electrical apparatus having an optional function either disabled or temporarily enabled, the recording medium containing license information to enable the optional function. The second step allows first electrical apparatus to authenticate the license information. The third step, subsequent to the second step, enables the optional function of the first electrical apparatus. The fourth step, subsequent to the third step, records the optional function as having been authenticated in the license information.

Abstract: Embodiments are directed to a secure MapReduce model for distributed processing and decoding of big data streams. An encoding engine may be employed to divide a data stream into equally sized segments. The segments may be encoded using a document key provided in a set of bundles. The bundles may contain encoded segment metadata, including the document key used to encode the stream. The document key and segment metadata may be encrypted using public key cryptography, and optionally included in the bundles. The encrypted bundles may be embedded into the encoded segments which may be provided to other network computers that include a decoding engine and an application engine. The encrypted bundles may be decrypted to obtain the document key for each encoded segment. The encoded segments may then be decrypted using the document key. And, each decoded segment may be provided to an application engine for further processing.

Abstract: Systems and methods of securely storing and retrieving data are disclosed. A database may include a table of data with rows and columns and encrypted at rest. The data may be desired to be accessed by users. However, each user may have different access permissions and each row or column may have different characteristics, such as encryption, data type, and/or the like. As such, access to the data may be controlled in according to the characteristics of the data, the access permissions of the user, and/or the encryption of the data.

Abstract: Aspects relating to client server interactions using cookies are provided. A computer-implemented method is provided that includes receiving a request from a user for a first advertisement associated with a first advertiser, the request including first cookie data, the first cookie data including a first identifier specified for a first cookie, the first cookie being associated with a first group of advertisers including the first advertiser and a third advertiser, receiving a request from the user for a second advertisement associated with a second advertiser, the request including second cookie data, the second cookie data including a second identifier specified for a second cookie, the second cookie being associated with a second group of advertisers including the second advertiser and where the advertisers of the second group of advertisers are distinct from the advertisers of the first group of advertisers.

Abstract: Business rule statements written in a natural language are automatically converted into DRL language sentences. A language conversion apparatus 10 includes: a storage device 16 that stores syntax definition information 30 for defining syntaxes to convert a business rule statement written in a natural language into a DRL language sentence on a syntax basis, and conversion information 40 for converting element variables of the business rule statement into element variables of the DRL language sentence; and a CPU 11 that analyzes a syntax of the business rule statement by comparing the business rule statement with the syntax definition information 30 and converts the business rule statement into the DRL language sentence by referring to the conversion information 40.

Abstract: Systems and methods are provided for securely providing a media stream from a server device to a remote player via a communications network. A request for a connection is received from the remote player at the server device via the communications network. In response to the request for the connection, an authorization credential is requested from a central server via the communications network. Further, in response to the authorization credential received from the central server, the media stream between the server device and the remote player can be established over the communications network. At least a portion of the media stream may be encrypted based upon the authorization credential.

Abstract: Systems and methods are provided herein for automatically overriding an auto-skip command embedded in a media asset annotation when a user profile indicates a preference for content that is to be auto-skipped. To this end, a media guidance application may play back a media asset to a user, and detect therein a skip annotation that corresponds to a portion of the media asset that is to be played back. The media guidance application may, in response to detecting the skip annotation, access metadata indicating content of the portion, compare the metadata to entries of a profile of the user, and determine whether the user prefers the content based on the comparing. If the user prefers the content, the media guidance application may refrain from executing a skip command indicated by the skip annotation.

Abstract: Systems and methods for providing one or more secure services are disclosed. One method can comprise authenticating and/or authorizing a user device to receive a security token. A request for information can be processed using the security token to facilitate the secure provision of services to the user device.

Abstract: Methods, systems, and devices are disclosed for providing control of an unmanned aircraft (UA). A server may receive an indication from a UA that a transition from autonomous flight to pilot controlled flight is required while the UA is in autonomous flight. The server may select a pilot station for providing pilot controlled flight of the UA. Selecting a pilot station for providing pilot controlled flight of the UA may be based on a pilot criterion associated with the pilot station. A UA may detect a condition that requires a transition from autonomous flight to pilot controlled flight and establish a pilot criterion for pilot controlled flight based on the detected condition. The UA may send a request for a pilot that includes the pilot criterion and information about the condition.

Abstract: Approaches for operating a network personal video recorder operated by a content provider. The network personal video recorder may be located at a head-end of a digital content provider. A network personal video recorder receives, from a user, authentication credentials that provide the network personal video recorder access, via the Internet, to a storage medium belonging to or associated with the user. After the user instructs the network personal video recorder to record a video program, the network personal video recorder stores a copy of the video program on the user's storage medium using the user-provided authentication credentials. Thereafter, when the user wishes to view the video program, the user can instruct the network personal video recorder to read the copy of the video program from the storage medium and play the video program on a device of the user.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed.

Abstract: This disclosure relates generally to multi-factor authentication, and more particularly to method and system for multi-factor authentication. In one embodiment, the method includes receipt of an audio input at a device, and a plurality of authentication parameters from at least one of the device and a server communicably coupled to the device. The plurality of authentication parameters are encrypted to generate a plurality of encrypted authentication parameters. The plurality of encrypted authentication parameters are embedded as watermarks into the audio input to generate a watermarked audio signal. The watermarked audio signal are encrypted to generate an authentication audio signal. The authentication audio signal is transmitted to an authentication server over an audio communication channel to authenticate the access at the device.

Abstract: Technologies to provide a secure data storage service in a cloud computing environment are generally disclosed. In some examples, a method comprises: partitioning a data resource into data particles, assigning logic groups to the data particles, assigning physical storage groups to the data particles, and/or storing each physical storage group at corresponding storage resource, receiving a request for the data resource, determining whether the request for the data resource is valid, and if the request is valid, transmitting the data particles of the data resource to the client. The method enables improved security for accessing data, and also improves the user experience in cloud computing environments.

Abstract: Techniques for encrypting the data in the memory of a computing device are provided. An example method for protecting data in a memory according to the disclosure includes encrypting data associated with a store request using a memory encryption device of the processor to produce encrypted data. Encrypting the data includes: obtaining a challenge value, providing the challenge value to a physically unclonable function module to obtain a response value, and encrypting the data associated with the store request using the response value as an encryption key to generate the encrypted data. The method also includes storing the encrypted data and the challenge value associated with the encrypted data in the memory.

Abstract: Technologies for managing network privileges of members of graft-network include detecting a computing device in physical presence with a network infrastructure, determining whether the computing device is a member of the graft-network, and establishing initial network privileges for the computing device if the computing device is not a member, without direct programming of the member. The network privileges of members of the graft-network are updated over time as a function of the length of time for which the computing device is in physical presence of the network infrastructure. A computing device may be in physical presence of the network by physical contacting a communication bus of the network infrastructure or being within a limited communication range of the communication bus. New members to the graft-network may be quarantined to reduce risk to the network.

Abstract: Techniques are disclosed for secure playback of protected multimedia content on a game console using a secret-less application. An SSO model can be used for client authentication at a key server, which eliminates the need of storing or using any secret information in the client application. Further, an encrypted content key generated by a content packager using a public key can be deployed in the key URI of a playlist file, which is sent to the key server. The key server can be configured to decrypt the content key using a corresponding private key. Further, the content key and unencrypted samples are protected in the game console client application from debugging and replay attacks by using additional security checks at both the client and key server. By storing secret information remotely from the game console and using the SSO model, DRM policies can be enforced on an untrusted client application.

Abstract: An intermediary system reduces a delay associated with the compression and transmission of content resources to a user's device. For example, the intermediary system compresses a first content resource, generates a signature of the first content resource, stores the compressed first content resource and the generated signature, and transmits the compressed first content resource to the user's device. When the user's device or another user's device requests a second content resource at a later time, the intermediary system generates a signature of the second content resource and compares it with the signature of the first content resource. If the signatures match (meaning the first and second content resources are very likely identical), then the intermediary system merely transmits the compressed first content resource to the appropriate device instead of first compressing the second content resource and then transmitting the compressed second content resource to the appropriate device.

Abstract: Methods, systems, and apparatus, including computer program products, for assuring application performance by matching the supply of resources (e.g., application resources, VM resources, or physical resources) with the fluctuating demand placed on the application. For example, the systems and methods disclosed herein can be used to ensure that the application is allocated sufficient resources when it is initially deployed to handle anticipated demand; dynamically alter the resources allocated to the application during operation by matching the resource requirements to the actual measured application demand; and predict future resource requirements based on planning assumptions related to future application demand.

Abstract: Methods, systems, and apparatus, including computer program products, for regulating access of consumers (e.g., applications, containers, or VMs) to resources and services (e.g., storage). In one embodiment, this regulation occurs through the use of access or action permits, referred to as permits that the consumer acquires from an intermediate entity—an Action Manager (AM)—prior to accessing the resource or service. Regulating access includes, for example, controlling one or more of the number of concurrent accesses to a particular resource, the rate at which consumers access the resource, the total number of consumers in a group of consumers accessing the resource, and the total rate at which a group of consumers accesses a resource. According to various embodiments, similar regulation is applied to a group of resources (rather than a single resource).

Abstract: Secure content transfer systems and methods to operate the same are disclosed. An example system includes a content server to encrypt content according to an encryption key, and to transfer the encrypted content, the encryption key and a license to a client that supports a digital rights management technology. The example system further includes a broadcast system headend to determine the encryption key, wherein the broadcast system headend is physically separate from the content server, and a digital rights management license server to provide the license.

Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: According to an embodiment, an image erasing apparatus includes an accessory information acquiring unit and an execution availability determining unit. The accessory information acquiring unit acquires accessory information related to security of the sheet based on attribute data of a sheet on which an erasable image is formed. The execution availability determining unit each determines execution availability of erase processing for the image on the sheet and execution availability of preservation processing for the image data generated by the readout unit, based on the accessory information.

Abstract: Techniques are described for providing functionality to allow a viewer of a television show to watch a “previously on” segment of an episode of the television show and be able to watch the scenes from prior episodes referenced in the “previously on” segment.

Abstract: To provide for security and robustness in distribution of high value video content such as UHD video, a white list is provided that does not grant default access to content like a revocation listing does, but rather forces a software update on potentially compromised devices to bring them back into copy protection compliance, eliminating, e.g., the use of certain outputs that have been compromised. Prior to outputting content, a source device determines whether the receiving device is on a white list, whether the output is still valid, whether the version number of the receiving device is still valid, and that the receiving device does not have insecure outputs on which it could re-output content.

Abstract: A network information system, and a method of operation thereof, includes: an extraction module for extracting a unique device identification for sending to an e-commerce server, wherein the unique device identification is extracted from a network-connected device with a software application installed and not activated on the network-connected device; a settlement process module, coupled to the extraction module, for generating a notification based on the unique device identification for sending to a license server; and a key generation module, coupled to the settlement process module, for generating a product key for the unique device identification based on the notification for activating the software application to run on a computing device.

Abstract: Systems and methods are disclosed for registering a host computing device at a server and registering a lock device at the server via an application running on a mobile computing device, each being provided host keys from the server that allow communication between the host computing device the lock device. Further, the lock device can only be registered with the server if a current registered device count is less than a maximum registered device threshold.

Abstract: A method begins by a dispersed storage (DS) processing module selecting storage pools within the DSN with available capacity for storing data of a storage group. The method continues by selecting one or more dispersed storage (DS) units within each of the selected storage pools based on a selection criteria and mapping the one or more DS units to the storage group. The method continues by receiving a write request to store a data object to the storage group and by storing the data object in at least one of the mapped one or more DS units. The method continues with the DS processing module issuing an indication unutilized storage space calculated on a proportionate basis based on storage utilized for the storage group as a percentage of total storage utilized and updating a write proportion value based on received storage utilization responses.

Abstract: According to an embodiment, an information processing device is connected to a management apparatus via a network. The device includes a receiver, an acquisition unit, an MKB processor, and an authentication unit. The receiver is configured to receive communication information. The acquisition unit is configured to acquire a media key block from the management apparatus, in response to receipt of the communication information from a first external device not belonging to a group previously classified on a management unit basis by the management apparatus, the first external device and the information processing device being enabled to derive a first group key based on the media key block. The MKB processor is configured to generate the group key from a device key of the information processing device and the media key block. The authentication unit is configured to perform encrypted communication with the external device based on an authentication method using the group key.

Abstract: The present document relates to transcoding of metadata, and in particular to a method and system for transcoding metadata with reduced computational complexity. A transcoder configured to transcode an inbound bitstream comprising an inbound content frame and an associated inbound metadata frame into an outbound bitstream comprising an outbound content frame and an associated outbound metadata frame is described. The inbound content frame is indicative of a signal encoded according to a first codec system and the outbound content frame is indicative of the signal encoded according to a second codec system. The transcoder is configured to identify an inbound block of metadata from the inbound metadata frame, the inbound block of metadata associated with an inbound descriptor indicative of one or more properties of metadata comprised within the inbound block of metadata, and to generate the outbound metadata frame from the inbound metadata frame based on the inbound descriptor.

Abstract: Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request.

Abstract: A wireless station receives a message broadcast by a string broadcast station, which message includes a network information string. The wireless station generates an identifier comprising a tag component and a content component and sends the identifier and the network information string to a datastore. The identifier is stored in association with the network information string in the datastore.

Abstract: A media sharing system identifies fingerprints that represent an uploaded video and generates a digest based on the fingerprints. The media sharing system searches for digests of previously processed videos whose digests match the digest of the uploaded video. A previously processed video whose digest matches the digest of the uploaded video is identified as a matching video. For each matching video, the media sharing system retrieves policy information that describes whether the video was found to violate one or more policies of the media sharing system. The media sharing system determines whether to halt processing of the uploaded video based on the retrieved policy information.

Abstract: An information processing apparatus, which connects to at least one client apparatus via a first network and is connectable to an external apparatus via a second network, includes first and second receiving units, a specifying unit, first and second switching units, and a transmitting unit. The first receiving unit receives client information from the client apparatus via the first network. The specifying unit specifies a device connected to the first network and controllable by the client apparatus. The first switching unit switches connection from the first network to the second network. The second receiving unit receives, based on the client information and the specified device, a control program for controlling the device from the external apparatus via the second network. The second switching unit switches connection from the second network to the first network. The transmitting unit transmits the received control program to the client apparatus via the first network.

Abstract: An information processing apparatus includes: application execution means for executing an application program; metadata storage means for storing metadata corresponding to the application program; input means for receiving a message input by a user based on an operation of the user; selection means for selecting the metadata stored by the metadata storage means, in accordance with an operation of the user; transmission means for transmitting the message received by the input means and the metadata selected by the selection means to another information processing apparatus; reception means for receiving a message and metadata corresponding to an application program from said another information processing apparatus; and information output means for outputting the message and the metadata received by the reception means.

Abstract: A physical, non-human readable representation of a digital key may be in a physical key article. The key article may enable a person to generate a signal representing the digital key from a user interface device in communication with a computer by physical manipulation of the key article. Access to digital content via the computer may be unlocked in response to receiving the signal. In addition, a key may be represented by a pattern of unreadable errors in a computer-readable medium.

Abstract: A method for preventing photographic capture of a displayed image on an electronically controlled screen using a photographic capture device is provided. The method includes intercepting an image for display; generating a plurality of subset frames based on the intercepted image; dividing the intercepted image into a plurality of subsections; generating a pseudo random number on each of the subsections within the plurality of subsections using a pseudo random number generator; mapping, on each of the subset frames within the plurality of subset frames, a group of subsections within the plurality of subsections that share a common generated pseudo random number; determining a frame rate value for displaying the plurality of subset frames, which enables human visualization of the plurality of subset frames as a single perceived frame; and displaying each subset frame consecutively on the electronically controlled screen based on the determined frame rate.

Abstract: An HSM management hub coordinates the distribution and synchronization of cryptographic material across a fleet of connected hardware security modules (“HSMs”). Cryptographic material is exchanged between HSMs in the fleet in a cryptographically protected format. In some examples, the cryptographic material is encrypted using a common fleet key maintained by the HSMs in the fleet. In other examples, the cryptographic material is protected using asymmetric cryptographic keys that are associated with the members of the HSM fleet. The HSM management hub may be used to divide the HSM fleet into subdomains by providing domain keys to subsets of HSMs within the HSM fleet. Cryptographic information that is encrypted with particular domain keys can be distributed across the entire HSM fleet, and restricted to use by authorized HSMs that are in possession of the particular domain keys.

Abstract: The subject matter described herein includes methods, systems, and computer readable media for combating mobile device theft with user notarization. One method includes providing a supplicant video notarization system application executable on a supplicant device for initiating an interactive video call between a supplicant and a notary as a condition to the supplicant accessing a protected electronic resource. The method further includes providing a notary video notarization system application executable on a notary device through which the notary receives the interactive video call and interacts with the supplicant via the interactive video call to confirm the identity of the supplicant and that video of the supplicant provided in the call is live.

Abstract: In a method for controlling a device requiring user-related permissions via a mobile terminal using a local data connection between the mobile terminal and the device to be controlled, the control commands requiring user-related permissions for the device to be controlled are generated by means of an interaction between the mobile device and an authentication server and/or a device management server and are transferred to the device to be controlled from the authentication and/or device management server via the mobile terminal. The control commands requiring user-related permissions for the device to be controlled are received by the mobile terminal and are thereafter transferred to the device to be controlled for the purpose of controlling the same and are not stored in the mobile terminal. The control commands received by the device to be controlled are not verified as to the permission of the user to utilize these control commands.

Abstract: Techniques for compressing and decompressing license information for Digital Rights Management are described. A method implementation of a technique of creating for a plurality of client devices or client device groups compressed license information comprises the steps of creating a template and a table. The table comprises at least one first license part common to licenses for the plurality of client devices or client device groups and one or more placeholders for one or more second license parts specific for a dedicated client device or client device group. The table comprises, for each client device or client device group and for a given placeholder, replacement information specific for that client device or client device group. The method further comprises sending the template and table for delivery as compressed license information to the client devices or client device groups.

Abstract: Systems and methods may provide for receiving a first request from a remote device for access to content on a second remote device, and invoking a proxy server embedded in an HTML5-compliant browser on a local device. Additionally, the first remote device may be provided with access to the content on the second remote device via the proxy server. Moreover, input may be received from a user interface of the local device, wherein a second request may be transmitted to the first remote device for access to content on a third remote device. In one example, the first remote device is unauthorized with respect to the content on the second remote device, and the local device is unauthorized with respect to the content on the third remote device.

Abstract: The technology described in this document can be embodied in a computer implemented method that includes receiving, at a processing device, information about one or more assets associated with a network of devices. The method also includes generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset. The security token can be configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset. The method further includes storing, in a storage device, information about the security token and information linking the security token to the corresponding asset, and initiating integration of the security token with the corresponding asset.

Abstract: Methods, devices, and computer program products facilitate the application of a content use policy based on watermarks that are embedded in a content. Watermark extraction and content screening operations, which can include the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted at different times by different devices. These operations can be conducted by one or more trusted devices that reside in a networked environment. The authenticity of various devices can be verified through the exchange of certificates that can further enable such devices to ascertain capabilities of one another. Based on the ascertained capabilities, an operational configuration for conducting watermark extraction and content screening can be determined.

Abstract: A method of providing encryption and decryption of plaintext strings in a program file, includes: at a device having one or more processors and memory: marking each of a plurality of plaintext strings in a source file with a respective marking macro (e.g., Decrypt); scanning (e.g., using a reflection tool) for the respective marking macros to identify the plurality of plaintext strings in the source code; generating a respective ciphertext string for each of the plurality plaintext strings that have been identified; and storing the plurality of plaintext strings in a dictionary file, where each plaintext string is indexed by a respective hash value computed from the plaintext string, and where the respective hash value for each of the plaintext strings is used to retrieve the respective ciphertext string of the plaintext string from the dictionary during program execution.

Abstract: The technology described in this document can be embodied in a computer implemented method that includes receiving, at a processing device, information about one or more assets associated with a network of devices. The method also includes generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset. The security token can be configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset. The method further includes storing, in a storage device, information about the security token and information linking the security token to the corresponding asset, and initiating integration of the security token with the corresponding asset.

Abstract: A method, a system, and a non-transitory storage medium for storing user preferences pertaining to a data encryption service that provides on-demand encryption for data in-flight and at rest; receiving data from a user device; determining whether to invoke the data encryption service based on the data and the user preferences; generating a key to encrypt the data based on determining that the data encryption service is to be invoked; generating a first message that includes the data, the key, and data indicating where encrypted data is to be stored; establishing a secure connection with a device; and transmitting the first message to the device via the secure connection.

Abstract: The present disclosure is directed to application integrity protection via secure interaction and processing. For example, interaction with a user interface in a device may result in input information being generated. Following encryption, the input information may be conveyed to an application executing in a secure processing environment. The encrypted input information may be received, decrypted and processed by the application. An example application may include a secure controller component, a secure model component and a secure view component. The secure controller component may, for example, provide change instructions to the secure model component based on the decrypted input information. The secure model component may then, if necessary, provide a change notification to the secure view component based on the change instructions.

Abstract: Provided is a technology for improving the efficiency and the accuracy of data security. To this end, protection information provided to data is maintained correct even when it becomes necessary to change the necessity/non-necessity to protect the data depending on the content of a process performed on the data. More specifically, primitive data with protection attributes set thereon is read as the original data, and an operation is performed on the original data to generate derived data. Then, whether to make the derived data inherit the protection attributes of the original data is determined on the basis of a content of the operation performed on the original data.

Abstract: A network information system, and a method of operation thereof, includes: an extraction module for extracting a unique device identification for sending to an e-commerce server, wherein the unique device identification is extracted from a network-connected device with a software application installed and not activated on the network-connected device; a settlement process module, coupled to the extraction module, for generating a notification based on the unique device identification for sending to a license server; and a key generation module, coupled to the settlement process module, for generating a product key for the unique device identification based on the notification for activating the software application to run on a computing device.