Abstract: A system and method for efficient and private peer-to-peer file sharing consists of ascribing a uniquely identified and anonymous link (an “edgelink”) to any file or set of files on a peer computer. The link is registered with a publishing server along with continuously updated connectivity information about the peer without registering any identifying information about the file. A peer recipient is able to access the link, receive connectivity information about the publishing peer from the server, and then receive the file from the publishing peer without file content passing through the server, mediating any intermediary NAT devices without requiring any manual or automatic device reconfiguration.

Abstract: A network device may include first and second processors and a wireless transceiver under control of the second processor. The network device may further maintain one or more signatures and a wake-up module executable by the second processor. The wake up module may receive a multicast wireless communication while the first processor is in a low-power sleep mode. The wake up module may determine whether a data portion of the multicast wireless communication includes a signature. If the data portion of the wireless communication includes the signature, the wake up module may cause the first processor to leave the low-power sleep mode and process the multicast wireless communication.

Abstract: A wireless communication system for communicating via a wireless communication network, may include: a setting device configured to create a first information needed for joining a wireless device into the wireless communication network and set the first information in the wireless device to be joined into the wireless communication network, the setting device being configured to create setting information that correlates the first information with a second information containing at least one of information indicating a method of setting the first information and information indicating an operator who performed an operation of setting the first information; and a management device configured to select the wireless device, which is to be joined into the wireless communication network, by using the setting information that has been created by the setting device.

Abstract: The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

Abstract: This invention provides for a method of (or apparatus for) facilitating the delivery of advice to consumers using a server unit which can store and display the names and characteristics of experts and then rapidly assist in connecting the expert and consumer for real-time communication. The server can also have the ability to receive keywords from the consumer, match those keywords to one or more experts, and tell the consumer how to contact an expert.

Abstract: Methods and apparatus for providing a personalized entertainment experience, which may be customized for each user. A user's playback/presentation history and/or user actions may be captured and associated with each played/presented composition. A target time for playback/presentation of a composition to the user may be determined by using a user's playback/presentation history and/or user actions. A customized sequence of compositions may be automatically generated for each user. The personalized sequence may automatically adapt to changing user actions and preferences over time. A user rating (preference) may be explicitly provided by the user or may be determined at least partially based on a count, a cumulative-time and/or control-action(s) by the user, that are related to the composition.

Abstract: A memory device and method for updating a security module are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is configured to send an identification of the memory device's security module to a host and receive an identification of the host's security module. If the memory device's security module is out-of-date with respect to the host's security module, the memory device receives a security module update from the host. If the host's security module is out-of-date with respect to the memory device's security module, the memory device sends a security module update to the host.

Abstract: Information from a package is read. An encryption key is generated from the information read from the package. A text unit is encrypted using the encryption key. The encrypted text unit is affixed to the package.

Abstract: A computer implemented method to exchange virtual goods in a virtual environment includes receiving funds at a trading platform from a buyer. The buyer is provided with a first secret that the buyer can decrypt and a second secret that the buyer cannot decrypt. The buyer is authenticated to a seller using the first secret. A virtual item is delivered from the seller to the buyer in response to authenticating. The buyer delivers to the seller the second secret for decryption by the seller. The seller is authenticated at the trading platform with the second secret. The seller is supplied with the funds.

Abstract: A system and method of delivering a media package to an on-line downloading store are disclosed. The method includes receiving a media file into a compressor application in which at least one compression job is assigned for the media file. The method further includes receiving setting data and destination data for storing a media package associated with processing the media file. The method next includes retrieving pre-defined asset metadata based on user-submitted credential data and vendor identification data, receiving contract acceptance data based on a pre-existing contract associated with the media file and generating a media package configured for ingestion into the on-line media store for each at least one compression job assigned to the media file.

Abstract: A technique for transferring money between a customer and a beneficiary comprises a money-transfer company, and a plurality of selling agents and paying agents. The money-transfer company maintains a server, a database, and a communications interface for communicating, via a telephone network and/or the Internet, with data terminals located at the selling and paying agents' sites. Customer transaction cards are distributed to customers. These cards have a visible card number and a corresponding alphanumeric card code stored in, e.g., a magnetic strip. In response to a customer's request, the money-transfer company activates the customer's transaction card by loading customer and beneficiary information into a corresponding transaction card record stored in the database. A selling agent initiates a money-transfer request from a data terminal. Specifically, the selling agent enters a monetary amount and swipes the customer's card in a magnetic strip reader located on the data terminal.

Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.

Abstract: Data defining an avatar is received over a network. A sprite sheet comprising a plurality of sprites is created, using the data defining the avatar. Each sprite includes a partial rendering of the respective avatar and at least one run-time parameter including a sprite attribute. A plurality of requests are received, over the network, for the avatar from a plurality of user applications. The data defining the avatar and the sprite sheet are transmitted, over the network, to each of the requesting user applications, enabling each respective user application to display the sprites in the sprite sheet and to set the run-time parameter associated with each of the sprites in the sprite sheet such that each respective sprite is thereby customized to the application.

Abstract: A system administrator, while logged into a system-administrator account, creates and configures a key-administrator account and a member account. A key administrator, while logged into said key-administrator account, creates a group private key, a group public key, and a group symmetric key, a member private key, and a member public key. The key administrator encrypts the group private key with the group symmetric key, and encrypts said group symmetric key with the member public key. A publisher encrypts a document using the group public key. The publisher distributes the resulting encrypted group document so that it is accessible via said member account but not through said key-administrator account.

Abstract: A method and system for signing a digital certificate in real time for accessing a service application hosted within a service provider (SP) computer system through an open application programming interface (API) platform is provided. The API platform is in communication with a memory device. The method includes receiving registration data from a developer computer device wherein the developer computer device is associated with a developer and configured to store a developer application, receiving a certificate signing request (CSR) from the developer computer device wherein the CSR includes a public key associated with the developer, verifying the registration data as being associated with the developer, signing the CSR to produce a signed certificate after verifying the registration data wherein the verifying and signing steps are performed by the SP computer system in real time, and transmitting the signed certificate and a client ID to the developer computer device.

Abstract: A mobile computing device is adapted to transmit to a scoring server URLs of websites browsed using the device. The scoring server can compare these URLs against a merchant URL obtained within a preselected time period from transaction data resulting from a transaction involving a payment product of the device user. A score can be calculated based on the similarity between each URL obtained from the device and the URL from the transaction data. The score represents the likelihood that a website browsed using the device and, as a result, the transaction, is fraudulent. The browsed URLs can also be scored against a database of known fraudulent websites. A notification concerning the legitimacy of the transaction based on the score can be generated and sent to the mobile device in real-time. On receiving the notification, the device can be used to either accept or decline the transaction in real-time.

Abstract: A method and system for generating printable certificates to verify log authenticity. A logging module generates a compound document that includes metadata for changes made to pages in a document. Each time a change is made to the document, such as adding stroke data, the logging module updates the compound document with the changes. The online marketplace module displays an option for purchasing a printable certificate. In response to a request for a certificate, the logging module generates a printable certificate that includes a set number of hashes for previous transactions. The verification module can recreate a transaction and generate a hash that is compared to the certificate to verify that no tampering has occurred with the document.

Abstract: A numbered ticket information issuing system according to an embodiment includes a numbered ticket information issuing server. The numbered ticket information issuing server includes a numbered ticket information issuing unit and a numbered ticket information transmitting unit. The numbered ticket information issuing unit issues, when receiving, from a wireless terminal, a numbered ticket issue request containing information on a wireless device installed in a shop or a facility that provides a product or a service, numbered ticket information on the shop or the facility corresponding to the numbered ticket issue request. The numbered ticket information transmitting unit transmits the numbered ticket information issued by the numbered ticket information issuing unit to the wireless terminal.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: A computerized-method of integrating workforce information data across multiple business units is provided. Workforce information for each business unit is parsed into discrete sized data blocks. There are multiple steps to processing each data block, and the steps are executed sequentially on each data block and in parallel with processing of other data blocks.

Abstract: A method of and apparatus for encrypting and/or decrypting content according to broadcast encryption scheme. The decryption method includes: determining whether or not a revoked device among devices that have licenses for predetermined content is present; and according to the determination result, selectively decrypting a content key encrypted by using a key to prevent the revoked device from decrypting the predetermined content. By doing so, an unnecessary encryption process and decryption process that occur when there is no revoked device are avoided.

Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.

Abstract: The invention relates to a method for securing IP connections with a combinatory connection of a communication network of a first network operator with a communication network of at least one second network operator using the Session Initiation Protocol, SIP. This method is based on the fact that portions of an SIP message, but at least the information necessary for the combinatory connection of the networks, is transmitted in encrypted form between a transmission channel of the first network operator and a reception channel of the second network operator.

Abstract: Method, system and server for managing data transmission. The method comprises the following steps: the first client requests the server for data update; the server analyzes the request of the first client and takes the control measurement to the data that the client requests to update according to the predetermined control policy, and performs the subsequent process after the data requested by the client meet the control policy; the server informs the first client to update the data; the first client updates the data; the server informs the second client that the data of the first client has been updated; the second client acquires the updated data. The present invention discloses also a control system and a control equipment achieving the above method. The server takes the unified central control notification mode according to the present invention to effectively control the propagation approach of the personalized data.

Abstract: Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, computing systems, and other mechanisms that allow for identity and payment authentication using a mobile module, which establishes single or multilevel security over an untrusted network (e.g., the Internet). Still other embodiments also provide for a three-way secure communication between a merchant, consumer, and payment provider such that sensitive account information is opaque to the merchant, yet the merchant is sufficiently confident of the consumer's ability to pay for requested purchases.

Abstract: Methods and systems for identification of objects using a laser. Data for an application including transactional data associated with a user is accessed from a computerized database in a system. Systems and methods operate to select objects from an electronic display. In an example, these systems and methods operate to select objects from an electronic display using a handheld laser identification device. In an example, an electronic display is in communication with a database that updates the display of objects displayed on the electronic display.

Abstract: Methods and systems for preventing an application which has been maliciously or inadvertently tampered with from causing harm to a computer system are described. Application code of the tampered application is inputted into a code analyzer. The code is analyzed and functions within the application code are identified and examined. A profile is created and may be a description of how a function is intended to operate, that is, the function's expected behavior. Calls between functions are examined and a called function is replaced with a replacement function, such that a call to an original function results in a call to the replacement function. The original function is unaware that it is not getting function calls or that such calls are being directed to a replacement function or stub. A replacement function contains code to ensure that the user space maintains its original appearance.

Abstract: In one embodiment, a method for converting a smartcard into a virtual media in a transit system is provided. The method includes reading data from a smartcard. The data includes product information related to a transit product stored on the smartcard. The data is communicated to a smartcard management system such that the smartcard management system may create a record of the smartcard. The data is also communicated to a ticket management system. An indication of the creation of an account from the ticket management system is received. The account includes a unique account identifier and the data. An input from a contactless media is received. The input includes an identifier of the contactless media. The identifier is communicated to an authorization service. A token created by the authorization service is received. The token is associated with the identifier. The token is communicated to the ticket management system.

Abstract: A method and system for bringing together online and offline advertising uses partner-encoded anonymous links that are associated with consumer data. The partner-encoded anonymous links allow processing without personally identifiable information (PII) in a secure environment. Data is matched using identifiers that are encrypted for use in connection with individual match distribution partners. The method and system allows a marketer to utilize offline data to precisely target advertisements without the use of PII, and to perform analytics concerning the use of the online advertisements to more precisely determine the effectiveness of multichannel marketing efforts.

Abstract: The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.

Abstract: Process management techniques using a representation state transfer architecture include, for example, a method of managing a given process in a data-centric manner in a client/server environment, comprising at least one client and at least one server. In an exemplary method, the server obtains from the client at least one request associated with the given process. In response to the request obtained from the client, the server generates an entity, wherein the generated entity is represented in terms of a data model and a lifecycle model associated therewith, wherein the lifecycle model comprises states and state transitions with each transition caused by one or more activities in the given process, and wherein the given process is represented as a collection of communicating entities. The server sends a response to the at least one request to the client, wherein the response is based at least in part on the generated entity.

Abstract: Systems and methods for supporting regulatory requirements for the distribution of controlled and non-controlled items such as, for example, non-controlled prescriptions (Rx), medical devices, and controlled substances in countries such as the United States and Canada, are provided. The systems and methods incorporate a license verification module that is configured to perform license validation for a particular order placed for a controlled and/or non-controlled item. In certain embodiments, the license verification module compares order data to historically sorted data and if one or more discrepancies exist, validation is unsuccessful. The license verification module may further query a third party database for updated license information upon validation failure.

Abstract: A system facilitates collaborative communications and information sharing in a network defined by a model. The model and a portion of the system are stored on a storage component coupled to a terminal. The system captures context information and user-defined data, the user-defined data provided during user interaction of the user in a first domain of the network, and dynamically stores the context information as metadata associated with the user-defined data, the user-defined data and the metadata stored on the storage component; a tracking component for tracking a change of the user from the first domain to a second domain of the network and dynamically updating the stored metadata based on the change, where the user accesses the user-defined data from the second domain; and an interface to the system that permits the user to create and view the user-defined data according to the model of the network.

Abstract: A transaction handler receives, for forwarding to a sponsor account's issuer, a coupon authorization request message from a merchant's acquirer that identifies the sponsor account and a coupon for an item being purchased by a consumer in a transaction with the merchant. The issuer determines eligibility of the coupon for use by the consumer, and sends an authorization response message to the merchant via its acquirer and the transaction handler for the application of a corresponding discount for the item when the coupon is eligible. One or more coupon eligibilities for the purchase of the item by the consumer from the merchant can be derived from comparisons of the transaction to predetermined times, geographies, jurisdictions, sets of merchants, and/or the number of times that coupons have been used in other transactions. The transaction handler can further process the transaction for authorization the consumer's account to pay of the transaction.

Abstract: An image managing apparatus includes a storage unit that stores image data, a receive unit that receives an image transmission request, and a controller. Herein, the controller adds security information to the image data and transmits the image data from the storage unit to an external apparatus in response to the image transmission request. Moreover, the controller determines whether to add the security information to the image data on the basis of a value of a security addition flag for the box in which the image data is stored or a value of a security addition flag for the image data.

Abstract: Disclosed are various embodiments for loading page generation code supplied by customers into a memory. A request for a network page is obtained from a client. The network page is associated with a network site hosted by a hosting provider on behalf of a customer. It is determined whether page generation code configured to generate at least a portion of the network page is preloaded into a memory. Such page generation code is customer supplied. The page generation code is loaded into the memory in response to the request and in response to determining that the page generation code is not preloaded into the memory. The page generation code is executed to generate the at least a portion of the network page in response to the request.

Abstract: Techniques are disclosed herein for protecting personally identifying information (PII) and behavioral data while delivering targeted assets. In one aspect, a profile is created based on a template and desired characteristics of users to receive one or more targeted assets. The template provides a framework for the user characteristics. One or more clients are provided the template. A manifest that identifies the targeted assets is encrypted based on the profile. The encrypted manifest is sent to the one or more clients. A user profile is generated at a client based on a template. The client attempts to decrypt the encrypted manifest based on the profile created at the client. The client sends a request for any targeted assets that were identified through the attempt to decrypt the encrypted manifest.

Abstract: Embodiments of the invention are directed to a fraud detection system that automatically converts the currency and value of received transaction data to correspond to the currency in fraud detection rules established by a merchant. The converted transaction data is then analyzed against the fraud detection rules to determine whether the transaction data indicates fraudulent activity.

Abstract: The invention relates to a method for identifying an object comprising at least one object identifier with an object code that is used to verify the authenticity of the object.

Abstract: An apparatus, system, and method are disclosed for checking the health of encryption key managers (EKM). An identification module identifies an EKM of a plurality of EKMs. A communication module establishes communication with the EKM. A request module requests an encryption key from the EKM. A verification module verifies that there is a valid encryption key path to the EKM. In one embodiment, the verification module validates that the EKM can exchange encryption keys with a tape drive. The verification module may also validate that the EKM can certify the authenticity of a tape drive.

Abstract: A method and system for automatically repairing identity theft under computer control. In one embodiment, a method is disclosed for repairing identity theft. The method accesses notification of a fraudulent identity theft incident committed on a victim. The method collects victim specific information that is associated with the fraudulent identity theft incident and the victim. Then, the method automatically populates and generates notification forms with the victim specific information. The populated notification forms detail the fraudulent identity theft incident for affected creditors and credit bureaus. Then, the method automatically transmits the notification forms to the affected creditors, credit bureaus, law enforcement agencies, and any other required entities. The method then chronicles by time in a non-volatile record all the actions taken in furtherance of repairing the fraudulent identity theft incident.

Abstract: A mechanism is described that enables encrypted end-point communications in a VoIP network to be accessed by a service provider. The mechanism includes a session information retrieval component which gathers session information such as encryption keys for each session that traverses a network element. The encryption keys may be used to decrypt data to make it available for lawful interception. A media stream monitoring component monitors media streams and verifies that the identified keys for each session are valid, to ensure continuity in compliance with LI regulations. Advantageously a security alert component may be used to controls further session operation for those sessions identified as potential security risks. With such an arrangement, the service provider can satisfy the legal requirement to provide interception, verify that the accuracy of the legal interception support and take appropriate steps to handle security risks.

Abstract: Systems and methods of management of electronic office equipment through automated monitoring and reporting of usage and status are disclosed. A monitoring agent monitors electronic office equipment on a network and collects usage and status information to send to a control system. The control system can use the usage and status information to compile various reports responsive to the received information. The system allows for the automatic assessment, monitoring, re-supply, maintenance, and billing of networks of printing devices from a variety of different manufacturers. In some embodiments, the system enables a pay per use lease arrangement.

Abstract: A system and method for submission of digital assets to a digital asset submission system are disclosed. The digital asset submission system can manage submissions of digital assets to a network-based distribution system. Submission of digital assets to the digital asset submission system can be performed over a network in a controlled manner such that the digital assets can be validated prior to transmission of the digital assets to the digital asset submission system. Advantageously, digital assets to be submitted for distribution can be substantially validated before the digital assets are transmitted to the digital asset submission system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for receiving, from a user device, a request to include financial data describing a financial account in an interface, the financial account being associated with a particular financial institution; identifying one or more metadata attributes for accessing the financial account associated with the particular financial institution; obtaining a public digital key associated with the financial institution; providing, to the user device, data describing the one or more metadata attributes and the public digital key associated with the financial institution; receiving, from the user device, respective values for the one or more metadata attributes, the corresponding values having been encrypted by the user device using the public digital key; and storing the encrypted values for the one or more metadata attributes for use in accessing and aggregating financial data describing the financial account.

Abstract: The APPARATUSES, METHODS AND SYSTEMS FOR PROVIDING A VIRTUAL DEVELOPMENT AND DEPLOYMENT ENVIRONMENT INCLUDING REAL AND SYNTHETIC DATA (“SYNONYM”) provides a development and test environment with reduced database storage requirements that uses synthetic data based on anonymized real data. SYNONYM allows the use of sensitive data for testing while protecting such data as required by privacy laws, secrecy laws and company policies.

Abstract: A computer implemented method to exchange virtual goods in a virtual environment includes receiving funds at a trading platform from a buyer. The buyer is provided with a first secret that the buyer can decrypt and a second secret that the buyer cannot decrypt. The buyer is authenticated to a seller using the first secret. A virtual item is delivered from the seller to the buyer in response to authenticating. The buyer delivers to the seller the second secret for decryption by the seller. The seller is authenticated at the trading platform with the second secret. The seller is supplied with the funds.

Abstract: Exemplary embodiments include methods of handling stored electronic original information objects that have been created by electronically signing information objects by respective authorized users and transfer agents, submitting signed information objects to a trusted repository system, validating the submitted signed information objects by at least testing the integrity of the contents of each signed information object and the validity of the signature of the respective transfer agent, and applying to each validated information object a date-time stamp and a digital signature and authentication certificate of the trusted repository system that is an electronic vault. One method includes the remote signing of electronic documents without the trusted repository ever releasing the electronic original documents and other information objects that are controlled and protected by the trusted repository system.

Abstract: The embodiments disclosed herein include new, more efficient ways to request, create, send, and receive product reviews from the Internet. One aspect of the invention is an email message for a customer. The email message includes a request to review a product obtained by the customer in a transaction; a rating input area and/or a text input area; an authentication token that includes a transaction identifier corresponding to the transaction; and an HTTP form submission command to send a response to the request from the customer to a remote computer. The response includes a rating entered in the rating input area and/or text entered in the text input area, and the authentication token.

Abstract: A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.