Abstract: Methods, systems, and articles of manufacture consistent with the present invention provide an electronic marketplace that matches units of content from secondary content providers with suitable vacancies from primary content providers. Vacancies may constitute, or be included in, any digital transmission containers, such as a television or radio programming, web pages, and the like. Specifically, the electronic marketplace automatically matches content offered by secondary content providers with vacancies offered by primary content providers thus filling the vacancies in these containers through a real-time content trading, placement, and distribution system. To do so, attributes associated with the vacancies and with units of secondary content are used to trade and match suitable vacancies with suitable content. This invention enables both secondary content owners and vacancy owners (primary content providers) to obtain the full commercial benefit of their secondary content and containers.

Abstract: Server-side validation of hardware specific software product licenses is described herein.

Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: A method to distribute and monetize media content by associating media content with a cost stored in associated media information within a media package. The user can elect to pay all of the cost, a portion of the cost, or none of the cost. When the user does not pay all of the cost, informative messages paid for by sponsors can be presented as part of the presentation of media content.

Abstract: A method of providing security as a service in a cloud storage environment includes storing, through a cloud manager of the cloud storage environment, a security level of access of a storage controller associated with a customer of the security as a service, and receiving a request from the customer to access security information of the storage controller associated therewith. The method also includes providing, through the cloud manager, security information of the storage controller associated with the customer in accordance with the request and the stored security level of access of the storage controller associated with the customer.

Abstract: Apparatus, system, and media for utilizing content. An exemplary system comprises a first computing device and a second computing device, wherein the first computing device transmits a request for access to content to the second computing device, receives the content from the second computing device, and grants at least one permitted utilization of the content, and wherein the second computing device receives the request for access to content from the first computing device, determines whether the first second computing device is permitted to receive the content, grants access to the content based at least in part on the first computing device being permitted to receive the content, and transmits the content to the first computing device based at least in part on the first computing device being permitted to receive the content.

Abstract: An installation image for installing an unprotected software product is used to install a protected version of the same product. A protected version of the executable file is embedded in a new installation image with the original installation image, in which the unprotected version of the executable file is damaged so as to be unusable and unreadable. The new installation image causes the original installation image to operate, installing the damaged installation file and other data files. The new installation image then replaces the damaged installation file with the protected installation file.

Abstract: This invention is related to web-traffic and used in online advertising including interactive TV, cellular telephone or Personal Digital Assistant PDA. It discloses a system to detect invalid and fraudulent impressions and clicks and method of pay-per-click (when advertisers pay upon users actually clicking) and pay-per-impression (when advertisers pay based on number of views) advertising arrangements, which periodically generates a code associated with the search-engine users. This code, preferably in the form of a serial number, is compared to the user of the website, such that by observing a metric like the number of clicks for a given period of time, be it a short time or a longer period, such as a day or a week, the system can automatically determine if certain clicks are illegitimate. This allows the search engine company to fairly invoice the merchants, thereby preventing fraudulent over use.

Abstract: Methods and Systems for generating a Completely Automated Public Tests to tell Computer and Humans Apart (CAPTCHA) provide a computational puzzle according to a received request. The computational puzzle, which may be for example, a jigsaw puzzle, maze puzzle, composite image of matching and non matching shapes or other type of puzzle, is configured to have a correct solution that is expected to be determinable by a human rather than a computer. For example, the computational puzzle is generated from a plurality of individually randomly generated puzzle features, such as puzzle surface image, image color gradient, puzzle component shape, or other puzzle features. A determination is made as to whether a human as opposed to a machine solved the computational puzzle.

Abstract: Data security devices are provided which store user data and interact with terminal devices to provide information about the stored user data. Security device has memory for storing user data, an interface for transmission of data communications connectable to a data communications network, and a controller. The controller processes a request from the terminal device for information about said user data by first generating a message. The message is generated to permit verification, using secret data, that the message was generated by the controller. The controller sends the message to the terminal device for communication to a publication entity for publication of the message. The controller then receives from the terminal device a cryptographic construction. The controller checks validity of the cryptographic construction for said message, and subsequent supply of the information requested about the user data to the terminal device is then dependent on said cryptographic construction.

Abstract: A system and method provide an enablement scheme that accommodates small bandwidth channels and does not rely on shared secrets between parties. This is accomplished by storing a table of messages on a vendor server and a table of hashes of the message on client machines. A process is used by the vendor to select a message from the table to use for a validation code for enablement, and an identical process is used by the client to find a corresponding hash in the hash table. By comparing the hash in the hash table to a hash of the validation code received, the client can verify the validation code. The system includes software portions for enabling the method.

Abstract: A computer system is provided comprising a non-volatile storage medium and a processor. The processor acquires authentication information from a first removable storage device, stores the authentication information into the non-volatile storage medium, and forbids data access of the computer system when detecting that a second removable storage device has been inserted and identification data of the second removable storage device is different from the authentication information.

Abstract: Parental controls for entertainment digital media are provided that allow a parent to restrict multiple user's access to entertainment content. One or more updatable rating definition files with dynamic data are used to define rating levels and content descriptors for a regional rating system. Entertainment content definition files define the rating level and content descriptors for entertainment content. User permission settings define a particular user's access rating level and content descriptors. The rating definition file can be used to compare the entertainment content definition file and user permission settings in determining if a user is allowed access to particular entertainment content.

Abstract: A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.

Abstract: Methods and systems are presented for remotely commanding a mobile device. In one aspect, a method includes receiving input identifying a mobile device, presenting to a user one or more remote commands corresponding to the mobile device, receiving user input selecting a remote command from the one or more presented remote commands, generating a remote command message instructing the mobile device to execute the selected remote command, and transmitting the remote command message to a server for publication in a message topic. Further, a selectable list of mobile devices associated with a remote management account can be presented to the user, the selectable list including information uniquely identifying each mobile device. Additionally, the selectable list of mobile devices can include an indication of whether an included mobile device is online.

Abstract: A system is adapted to manage the distribution of content to one or more cooperating media/substrates. The system receives data representative of environment conditions for one or more cooperating media/substrates adapted to display digital content. The media/substrates may be located in public spaces. The system compares the received data representative of environment conditions with selection criteria to identify content for distribution to the media/substrates. The selected content is distributed to the one or more cooperating media/substrates.

Abstract: Various embodiments described or referenced herein are directed to different devices, methods, systems, and computer products for providing information external to an organization in an information feed. A message may be received from an information service provider in accordance with a previously defined request. The defined request may include one or more parameters specifying requested data. The message may include data provided in accordance with the one or more parameters. The data in the message may be processed to create a data object. The data object may include at least a portion of the data provided in accordance with the one or more parameters. The data object may be stored in a database. The data object may then be provided for display on a display device in an information feed associated with the record.

Abstract: A computer-implemented technique processes a potentially sensitive item of data (e.g., data which may be either a credit card number or a token having a similar format). The technique involves, after the potentially sensitive item of data is properly received within a physical memory location, generating a token result which indicates whether the potentially sensitive item of data satisfies a valid-token requirement. The technique further involves preserving the potentially sensitive item of data in an unaltered form within the physical memory location when the token result indicates that the potentially sensitive item of data satisfies the valid-token requirement. The technique further involves replacing the potentially sensitive item of data within the physical memory location with a token when the token result indicates that the potentially sensitive item of data does not satisfy the valid-token requirement.

Abstract: A wireless communication device is configured to be able to communicate via both a first access point and a second access point for using the first access point to obtain validation credentials in order to permit use of the second access point to access a network. The wireless communication device comprises a processor; and a non-transitory computer readable medium having stored thereon computer executable instructions. The instructions are operable to: initiate communication with the second access point in order to access a network; obtain an access point identifier from the second access point, the access point identifier for identifying the second access point; transmit the access point identifier to a validation server via the first access point; receive validation credentials from the validation server via the first access point; and use the validation credentials to validate the wireless communication device with the second access point to obtain access to the network.

Abstract: A method and apparatus includes providing a cryptographic key, in an inactive state, to a point in a supply chain for manufactured items, providing the cryptographic key, in an active state, and an activation code for activating the cryptographic key, to a verification centre, and providing the activation code to the point in the supply chain in response to the point in the supply chain transmitting information relating to the received cryptographic key. The method includes generating, at the point in the supply chain, an identification (ID) code for each manufactured item, derived from the cryptographic key in the active state and a dynamic key generated for each batch of manufactured items. Including providing the dynamic key for each batch of manufactured items to the verification centre, marking each manufactured item with the ID code, and counting the actual or correct number of ID codes marked on the manufactured items.

Abstract: A method of performing digital asset management of content is provided. The content is identified with an identifier. The identifier can be identified with a digital watermark, header file, or both. The identifier is linked to usage rules to regulate usage and protect the content. The usage rules can be maintained on a remote or local database or server. Once extracted, an identifier is used to index the database to locate a corresponding usage rule, and can be used to override copy control information with proper purchase and subsequent protection. Content can be managed from such. In another embodiment, an identifier is used to track usage, such as amount of content viewed, time played, and copies made. In yet another embodiment, a content identifier is used to regulate content throughout a distribution chain, and a distributed set of databases with information relevant only to the owner of the database act as one database due to a central router.

Abstract: Methods, systems, and articles of manufacture consistent with the present invention provide an electronic marketplace that matches units of content from secondary content providers with suitable vacancies from primary content providers. Vacancies may constitute, or be included in, any digital transmission containers, such as a television or radio programming, web pages, and the like. Specifically, the electronic marketplace automatically matches content offered by secondary content providers with vacancies offered by primary content providers thus filling the vacancies in these containers through a real-time content trading, placement, and distribution system. To do so, attributes associated with the vacancies and with units of secondary content are used to trade and match suitable vacancies with suitable content. This invention enables both secondary content owners and vacancy owners (primary content providers) to obtain the full commercial benefit of their secondary content and containers.

Abstract: A method and apparatus for securing media asset distribution for a marketing process is described. In one embodiment, the method includes generating a dynamic security component for each media asset allocation to at least one receiver, wherein the dynamic security component verifies the at least one receiver upon login, coupling the dynamic security component to at least one file having a media asset and communicating a locator reference associated with the at least one file to the at least one receiver, wherein the locator reference is created using the dynamic security component.

Abstract: A_system and method for verification of a person identifier received online is described. The method includes receiving a request for verifying a person identifier (PI1); and estimating whether (a) PI1 identifies the same person as another person identifier (PI2), (b) sender of PI1 is the same person as sender of PI2, and (c) PI2 identifies the sender of PI2.

Abstract: Systems and methods are provided that employ two or more cryptographically linked codes. The codes, when encrypted, become cipher texts that appear unrelated. The codes described herein are characterized by a series of bits including one or more switch bits. The cipher text of a code having a switch bit in one state will appear to be unrelated to the cipher text of another code differing only in that the switch bit is in the opposite state. The cryptographically linked codes can be used in various combinations, such as on a product and its packaging, on a product and a component of the product, on a certificate packaged with the product and on the packaging, or on outer and inner packagings of the product.

Abstract: The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterized in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

Abstract: Online sale of software product use licenses through a data network by offering software products (SOFT) through vendor sites, purchasing a license on-line on one of said vendor sites, and activating said license on-line by a different licensing site. A specific component (COMP) is provided with the software product (SOFT) and identifying data (IDV) of the vendor site are transmitted during the download of the software product (SOFT). When the component (COMP) is executed in an equipment, the component (COMP) locally accesses said data (IDV) and identifying data (IDL) of the licensing site and activates the license by setting up an on-line communication with the licensing site.

Abstract: Online sale of software product use licenses through a data network by offering software products (SOFT) through vendor sites, purchasing a license on-line on one of said vendor sites, and activating said license on-line by a different licensing site. A specific component (COMP) is provided with the software product (SOFT) and identifying data (IDV) of the vendor site are transmitted during the download of the software product (SOFT). When the component (COMP) is executed in an equipment, the component (COMP) locally accesses said data (IDV) and identifying data (IDL) of the licensing site and activates the license by setting up an on-line communication with the licensing site.

Abstract: The invention concerns a method for protecting the data of an application compiled in intermediate for execution executed on a digital apparatus equipped with a virtual machine managing the execution of the code via a execution stack defining at least one stack frame corresponding to a method called during the execution of the code. A secured execution mode of the code involves the determination of at least one global checksum associated with each stack frame and, each time that a datum of the code is manipulated, the calculation of a local checksum associated with that datum. The calculation is on one hand, on the global checksum associated with the stack frame corresponding to the manipulated datum and, on the other hand, on at least one part of the other data constituting the stack frame.

Abstract: A method for managing information technology (IT) through auto discovery analysis to achieve business relevance is provided. An IT infrastructure is monitored to discover managed components of the infrastructure and discover business processes which are supported by the infrastructure. An information model is formed based on the discovered components and the discovered business processes. The information model can be used to provide assorted IT services.

Abstract: A system for conducting a financial transaction in e-commerce on the internet includes objects prepared by a seller and a buyer. The seller's object includes a clear text header file (advertisement), an encrypted overhead file which contains verification data pertaining to the financial transaction, and an encrypted content file containing the subject matter for sale by the seller. With a purchase solicitation from the buyer, an overhead key can be used by a transaction agency to ensure there is a compliance between the purchase solicitation and the verification data of the overhead (from seller's object). Next a revelation key is provided to give the buyer access to the content when such compliance has been ensured.

Abstract: The present invention provides systems and methods for electronic commerce including secure transaction management and electronic rights protection. Electronic appliances such as computers employed in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Secure subsystems used with such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions.

Abstract: An entrance management system includes: an authentication gate apparatus which reads the user identifier stored in an information storage medium, controls the user's entrance to a management zone based on the user identifier, generates an intrazone user identifier associated with the user identifier and writes the intrazone user identifier to the information storage medium when the user is allowed to enter the management zone; and an information processing apparatus, installed in the management zone, which reads the intrazone user identifier written in the information storage medium and records information concerning use of the information processing apparatus by the user in association with the intrazone user identifier.

Abstract: Image integrity in an archive can be verified using document characteristics. Embodiments of the invention provide a way to verify the integrity of a stored document image by determining document characteristics, which can also be embedded in the image file. Before allowing access to the image file by an application, the characteristics data from an image analysis can be compared to either or both of, characteristics information otherwise stored, or embedded characteristics data. The embedded data can optionally be encrypted. In example embodiments the data can include a result of an optical character recognition of contents of the document, a length of data describing the image, a percentage of a specified color of pixels in the image, or a checksum. Example embedding techniques can include those making use of a tagged image file format (TIFF) header, a steganographic watermark, or an image artifact.

Abstract: Disclosed is an information providing apparatus comprising first reception control means for controlling the reception, from a first information processing apparatus, of user identification data for identifying a user of the first information processing apparatus and a request for purchasing a content, first transmission control means for controlling in response to the request for purchasing the content the transmission of the request for purchasing the content to a second information processing apparatus, second reception control means for controlling the reception of the content and usage conditions thereof supplied from the second information processing apparatus, storage control means for controlling the storing of the content and usage conditions thereof in correlation with the user identification data, third reception control means for controlling the reception of the user identification data and a request for sending the content supplied from the first information processing apparatus, and second trans

Abstract: A method, system and program product, the method comprising: accessing Transfer Fee data to be paid to a third party that is not the borrower or the lender or the buyer or seller in a repurchase agreement transaction of a security for a right to loan or repo one or more units of the security; accessing data on a loan or repo of units of the security, calculating an amount of a Transfer Fee for the right to loan or repo the security; generating data for debiting an account or sending a bill for the Transfer Fee; and updating the database with data on the Transfer Fee.

Abstract: The invention relates to a process for operating a cash box (10), in which in a memory element (18) of a control unit (14) of the cash box (10) program data of a production bootstrap loader for booting the cash box (10) and a production key (P) for encrypting data sent by the cash box (10) and/or for decrypting received data are factory-stored. For commencing operation the cash box (10) is inserted in a device (30, 54, 62, 72) for receiving cash boxes (10). A data transmission connection is established to the cash box (10). The program data of the production bootstrap loader are replaced by program data of an operation bootstrap loader for booting the cash box (10) and the production key (P) is replaced by a client-specific operation key (A, B, C, D).

Abstract: Particular embodiments provide a method for orchestrating an order fulfillment business process that includes a sub-process. In one embodiment, abstraction of business processes from an underlying information technology (IT) infrastructure is provided. An orchestration process can be designed using sub-processes such that the sub-process is assembled at run-time into an executable process. The sub-process may be defined in an interface as a single step. A plurality of services as then assembled as steps in the executable process at run-time.

Abstract: The presently claimed invention relates generally to confirming that a user has physical custody of an article (e.g., credit card, identification document, etc.). One claim recites a method reciting: at a user's home, presenting a physical article to an input device; and, after the presenting, receiving device data at a CPU at said user's home; deriving a reduced-bit representation of the device data; by reference to at least some of said reduced-bit representation of the device data, confirming that the user has physical custody of the physical article, the physical article having an identifier associated therewith; and providing said identifier to a remote terminal once physical custody of the physical article is confirmed. Of course, additional combinations and claims are provided as well.

Abstract: The present invention is an expert matching method and apparatus for managing communications between an expert having particular qualifications and an end user seeking a solution to an expert request. In a preferred embodiment, the apparatus of the present invention includes a controller having a database for storing expert qualifications. In one embodiment, the controller receives an expert request. A search program identifies experts qualified to respond to the expert request. The expert request is then transmitted to the expert, which results in an expert answer transmitted to and received by the central controller. After authentication of the expert answer, using a wide range of security levels from passwords to cryptography, the answer is forwarded to the end user. The method and apparatus of the present invention have applications on the Internet as well as conventional voice telephony systems.

Abstract: A method for securing intellectual property includes establishing contact between an IP server and a client. At least two component codes are shared and pre-stored in both the player and the server prior to ordering the intellectual property. The IP server accepts an order for an intellectual property product from the client. The IP server creates a shared private key based on the pre-stored shared component codes and an additional shared component code at the time the intellectual property product is ordered. The shared private key is not distributed to the player software. The IP server encrypts the intellectual property product with the created shared private key prior to distribution to the client. The intellectual property product further comprises content data and rights data in digital form. The IP server electronically distributes the intellectual property product to the client in encrypted form without the shared private key.

Abstract: Privacy is defined in the context of a guessing game based on the so-called guessing inequality. The privacy of a sanitized record, i.e., guessing anonymity, is defined by the number of guesses an attacker needs to correctly guess an original record used to generate a sanitized record. Using this definition, optimization problems are formulated that optimize a second anonymization parameter (privacy or data distortion) given constraints on a first anonymization parameter (data distortion or privacy, respectively). Optimization is performed across a spectrum of possible values for at least one noise parameter within a noise model. Noise is then generated based on the noise parameter value(s) and applied to the data, which may comprise real and/or categorical data. Prior to anonymization, the data may have identifiers suppressed, whereas outlier data values in the noise perturbed data may be likewise modified to further ensure privacy.

Abstract: A system for physical distribution of secure content to customers and physical collection of secure billing information. A plurality of content storage devices may be provided to a customer, each content storage device including secure content. A billing storage device may also be provided to the customer, the billing storage device including decryption information, which may be used by a media player for decrypting the secure content of the content storage devices to exhibit the secure content to the customer. The content and billing storage devices may be provided to the customer via physical delivery and without electronic data transmission occurring to or from the physical location of the customer. After each billing period, the billing storage device may be received from the customer via physical delivery. The billing storage device includes secure billing information stored in a writeable area, which is associated with the exhibition of secure content to the customer.

Abstract: A user retains access to a document previously generated or received by an institution system and stored in encrypted form in storage of the institution system or another entity associated with the institution system. However, the institution system does not have access to the document (in readable form) after an expiration of an amount of time. The document is encrypted in such a manner that only the user can decrypt the document, but the institution system cannot decrypt it. In this manner, the institution system may meet business or regulatory requirements or policies directed to discarding (i.e., purging) the document after a predetermined amount of time, but can still provide secure storage of the document in encrypted form to the user independent of the business or regulatory requirements or policies that mandate purging the document.

Abstract: A system for making a purchase by a customer from a merchant, wherein an electronic message represents an instruction for payment from an account with a financial institution, includes a method of: associating a public key with identity information regarding the account; receiving by the merchant both encoding information for the electronic message and the identity information; forwarding by the merchant the electronic message, encoding information, and identity information; upon receipt of the electronic message, the encoding information, and identity information, retrieving the public key associated with the identity information; and determining a validation result as a function of the electronic message, the encoding information, and the retrieved public key. Upon successful validation, an account authorization is performed or payment from the account is made.

Abstract: A method and system for creating license management in software applications are disclosed. In one embodiment, the method comprises receiving an installer package associated with a software application to be run on a computer, the installer package not including license administration functionality. One or more executable files are extracted from the installer package. One or more license-enabled executable files are generated with the one or more executable files and a license wrapper. A new installer package is created with the one or more license-enabled executable files, the new installer package supporting the license administration functionality.

Abstract: A client computing system inserts selected advertising into digital content. Ads may be inserted into content based on a dynamic advertising matching process that is securely implemented within a hardware-based root of trust. User profiles used in ad matching may be privacy protected and maintained with confidentiality protection in the client computing system and/or a service provider server, respectively. When a client computing system makes a request to the service provider server for content with specified ad slots, the request may be made with the client's EPID signature, which is inherently privacy protected. The hardware-based root of trust protects insertion of selected ads into the linear rendering flow of the content.

Abstract: A subset of unique codes is generated from a set of codes. The subset of codes are stored in a database on a secure server and each of the codes is marked on a corresponding instantiation of the product. The marked instantiations are distributed. During their distribution, the marked instantiations are verified for authenticity and for routing. This verification is performed by reading or scanning the codes on the instantiations, and transmitting that information to the secure server for comparison against the codes and other information located in the database contained of the secure server.

Abstract: The present invention provides a method and system of receiving data in a data store in a server computer system. In an exemplary embodiment, the method and system include (1) receiving client authentication information of a client computer system, (2) receiving a data signature of the data from the client computer system, and (3) attempting to locate in the data store at least one data chunk with a stored data signature equal to the received data signature.

Abstract: Disclosed are a broadcasting processing apparatus and a control method of the same. The broadcasting processing apparatus including: a broadcasting receiver which receives a broadcasting signal including contents and additional information about the contents; a condition access module which descrambles the contents if the contents have been scrambled; and a controller which controls the broadcasting receiver to receive the broadcasting signal during a power-off mode, and stores contents information about a shunning function that prevents the inputting of the contents to the condition access module among the received additional information.