Abstract: A variety of systems and embodiments are disclosed. One embodiment provides a method including: maintaining a database including a plurality of records stored therein; obtaining first information derived from image or video data, the first information being derived remotely relative to performance of said method, the first information comprising a reduced-bit representation of the image or video data itself; determining whether the first information has been previously received with reference to at least the plurality of records stored in the database; and disregarding a request or action associated with the first information if the first information has been previously received. Of course, other combinations are provided and claimed as well.

Abstract: Methods, systems, and apparatus, including computer program products, operable to perform operations including receiving through a user interface with an interface language a search query having query terms; using the interface language to select one or more mappings and using the selected mappings to simplify each query term; and applying each simplified query term to a synonyms map to identify possible synonyms with which to augment the search query. In alternative embodiments, the operations include generating a synonyms map from a corpus of documents; where the synonyms map maps each of multiple keys to one or more corresponding variants, where each variant is associated with one or more of document languages. In alternative embodiments, the operations include generating a synonyms map from documents by applying document language-dependent mappings to words in the documents to generate keys for the map.

Abstract: The invention relates to a product protection system, whereby a product piece is provided with a product-specific identification sequence (K) which is converted into a coded check sequence (C), by means of an encoding method (F1) using a secret encoding sequence (B). A product control sequence is applied to or on the product piece which comprises the coded check sequence (C), or a sequence derived therefrom. In order to check the authenticity of the product piece, the product control sequence is recorded by a control requester and transmitted by internet to a product protection server structure. A decoded check sequence is derived therein from the product control sequence by means of a decoding method using a decoding sequence. The authenticity of the decoded check sequence, or a sequence derived therefrom is checked and the result of the authenticity check transmitted by internet to the control requester.

Abstract: A method of controlling access to records stored within databases, each record having associated access rules, a location identifier, and a content identifier maintained in a centralized index, comprising: receiving a request, communicated from a requestor to a security processor, the request containing a specified content identifier; querying the centralized index to find entries corresponding to the specified content identifier; for each entry, applying the access rules for the record to determine whether the record is accessible; for each accessible record, automatically communicating from the security processor to the database storing the accessible record sufficient information to determine whether it is releasable per a set of native access rules of the database; logically associating the releasable accessible records into a linked set of releasable records; and communicating the linked set of releasable records to the requestor.

Abstract: A data encryption engine and method for using to selectively encrypt communications. Data is received from a source device into the data encryption engine. The data encryption engine determines whether or not to encrypt the data based on a source device preference, a target device preference, a comparison of priority numbers for the source device and target device, the transport medium, the relationship between the source device and target device, a type/level of encryption or some combination. If the data is determined to need encryption, the data encryption device may encrypt the data or may flag the data for encryption by the target device. Otherwise the unencrypted data may be forwarded to the target device.

Abstract: Disclosed is a computer-implemented system and method for rating an asset, and, in embodiments, a system and method for performing a double-blind, three stage credit rating of a securitized instrument, such as without limitation, a commercial mortgage backed security or an asset thereof. The disclosed method utilizes a secure database structure which trifurcates information relating to the asset being rated into first, second, and third analytical stages. Asset information is distributed such that analysts at each stage have access to only that information which is relevant to the scope of the particular analytical stage being performed, while irrelevant and prejudicial information is withheld from the analyst. Unique access tokens are employed to control access to stage data and to maintain the integrity of the analytical process.

Abstract: In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.

Abstract: A flexible product distribution and payment system for computer network based electronic commerce is disclosed. Primary content data is made available to customers through a detachable local storage medium, such as a DVD or CD-ROM disc, or over a network connection. The primary content is capable of being accessed and played back through a computer or game console at the customer site. The primary content distribution may comprise a superset of content that is intended to be used by the customer. The customer is allowed to view and access the encoded primary content, and is charged only for the primary content that is used. Content that is encoded on the medium but that is not used by the customer remains on the medium but is not charged. A content database and customer database maintained at the primary customer site maintain records of products ordered and used by the customer, as well as identification and use patterns associated with the user.

Abstract: In one embodiment, a method for providing a user interface to a client device is provided, the method comprising: sending, to the client device, a browser web page compatible with a browser operable on the client device, the browser web page including a capability to receive content updates from a server according to a server-defined protocol and a capability to send events from the client device to the server; receiving content from a content source; sending the content to the client device according to the server-defined protocol; and sending a partial update of the content to the client device according to the server-defined protocol.

Abstract: Content management systems, methods, and media using an application level firewall are provided.

Abstract: A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

Abstract: A method for accepting return deliveries in an electronic parcel deposit box facility, which integrates various logistics service providers and/or customers and various user authorizations, while safeguarding the operator of the parcel deposit box facility against the abuse of the return delivery process. To verify the customer authorizations, the method for operating a parcel deposit box facility comprising several lockable deposit boxes compares recorded customer data with a stored customer profile. Operating functions for the deposit of return deliveries are only released for the customer if the verification is positive. Before a mail item can be deposited, the validity of the mailing information that is contained on the return delivery is also verified. Valid mailing information is assigned to a logistics service provider and is stored, whereas if the mailing information is invalid, no deposit box is released for the deposit.

Abstract: A system, method, and computer readable storage medium provides the ability to deliver media content. A repository stores media content and marketing assets for the media content. A server computer provides a website accessible on the Internet worldwide to client computers. The website provides the ability to search a public site catalog/library of media content that is publicly available. The website further provides marketing assets for licensed media content from the library to authorized client users (that have a license to media content) in a secure manner. The website further provides preview screening access and download access to licensed media content (e.g., titles of audio-visual media content) to the authorized client users.

Abstract: A system and method are provided for synchronizing playback of media content on multiple playback devices utilizing Digital Rights Management (DRM) encoding. In general, multiple playback devices or users of those playback devices are associated to form a virtual group. A virtual group (VG) control function operates to synchronize advertisement (ad) slots within media content provided to the playback devices in the virtual group utilizing DRM encoding.

Abstract: A method and apparatus for third party control of a device have been disclosed. By utilizing a third party to control a device, view and control of a device may be separated.

Abstract: A Double Blinded Privacy-Safe Distributed Data Mining Protocol is disclosed, among an aggregator, a data consumer entity having privacy-sensitive information, and data source entities having privacy-sensitive information. The aggregator does not have access to the privacy-sensitive information at either the data consumer entity or the data source entities. The aggregator formulates a query without using privacy-sensitive information, and sends the query to the data consumer entity. The data consumer entity generates a list of specific instances that meet the conditions of the query and sends the list, encrypted, to the data source entities either directly or through the aggregator. The data source entities match the list against transactional data, de-identify the matched results, and send them to the aggregator. The aggregator combines results from data source entities and sends the combined result to the data consumer entity.

Abstract: Disclosed are protection of secret information in a system for reporting an emergency such as theft or confinement when secret information is accessed. Secret information includes a large quantity of data and a piece/pieces of true and correct data mixed into the data. The secret data including the data and the true and correct data is two-dimensional code data the code of which is composed of groups of cells having different areas. The positions and order of storage of the true and correct data dispersedly mixed in the data are determined and reported to the user. The user adds a predetermined alerting signal when inputting the password to tell that the user is under control of a third party. The system can detect the alerting signal and know that the user is in an abnormal state, performs normal identification procedures, and takes protection/preservation measures. Part of data is specified as confinement report data and added to the true and correct data.

Abstract: Parties involved in transacting business in an E-marketplace (E-marketplace participants) each identify and submit to the E-marketplace their P3P policy and/or other relevant characteristics related to their privacy policy needs (those that they adhere to, referred to as “privacy policies”; those that they require, referred to as “privacy preferences”, or both). Submitted with the privacy policy is a digital signature that is tied to the owner of the web objects to which the privacy policy pertains. Using a digital signature assures the integrity of the privacy policy since it travels with the privacy policy and thus refers back to the original sender of the policy rather than the middleman (the E-marketplace), and if the document (the privacy policy) to which it is attached has been tampered with, the digital signature will be invalidated.

Abstract: A method to authorize a mobile payment for a transaction. The method includes receiving a facial image of a consumer who requests the mobile payment for the transaction using account information stored in a mobile device of the consumer, wherein the facial image is provided by a point-of-sale (POS) device while initiating the transaction on behalf of the consumer, receiving a verified facial image of an account holder, comparing the facial image of the consumer and the verified facial image of the account holder based on a pre-determined criterion to verify the consumer as the account holder, generating, in response to verifying the consumer as the account holder, an authorization of the mobile payment based on the account information, and sending the authorization to the POS device to complete the transaction.

Abstract: A method and system for providing universal access to a service amongst a plurality of services capable of storing a plurality of service accounts, each corresponding to a customer and a service the customer is subscribed to, receiving a request from a customer for using a service, determining a service account upon identification of such customer and the requested service or its service provider, consulting confidential service account content corresponding to the service account, characterized in that consulting the confidential service account content having real-time communicating with the service provider, the service provider providing real-time access to the confidential service account content. The system including means is adapted to communicate real-time with the service provider.

Abstract: A method for expressing and evaluating signed reputation assertions is disclosed. In one embodiment, a first entity receives a request to generate a signed assertion relating to a piece of content. The first entity generates a reputation statement about a second entity from reputation-forming information (RFI) about the second entity available to the first entity. The first entity then generates a signed assertion from the reputation statement and the piece of content at least in part by binding the piece of content to the reputation statement and signing a portion encompassing at least one of the bound piece of content and the bound reputation statement. The signed assertion is then transmitted to a receiving entity.

Abstract: A system, apparatus, and method are directed to network communication over a tunnel by downloading selective tunneling (STM) components into memory of a client device. The STM components selectively employ tunneling to route network traffic to a requested resource. The STM components may include a network API, application, and a tunnel manager that have been modified based in part on a client configuration. As a network request is made it is evaluated against the client configuration. If the connection is to be tunneled, a network tunnel is selectively established. If the client configuration and/or the request indicate that the request is to be un-tunneled, an un-tunneled network connection may instead be established. The client configuration may also indicate that the client device is to be redirected to enable remediation. When the application component is closed, or otherwise terminated, the client's memory may be purged of the loaded STM components.

Abstract: A transaction security code database and a method and apparatus for generating the transaction security code database. The transaction security code database is comprised of multiple transaction security codes, each transaction security code constituting a transaction code generated based upon a transaction initiated by a user, which is appended to or linked to a security code which is based upon a biometric sensor code generated by a biometric sensor from a biometric presentation of a biometric feature of the user.

Abstract: An apparatus that authenticates the contents of identification documents provided by different issuers having machine-readable and/or human readable information is disclosed. The contents of the identification documents are verified without encountering any human error. The verified contents of the identification documents may be used for identification purposes such as age restricted purchases, preordained organ donors or possible criminal prosecution. The verified contents of the identification documents may be logged to provide ID checking compliance and/or may be transferred to a remote computer for additional processing or logging.

Abstract: A method and apparatus for providing a system monitoring service to customers. The method may include identifying a new customer based on data received from a reseller, storing data pertaining to this customer in a database, and registering the customer with a system monitoring service. The method may further include tracking the usage of the system monitoring service by the customer, calculating a fee for the usage of the system monitoring service by the customer over a predefined time interval, and then generating a bill for the calculated fee that covers the predefined time interval, where interactions between the customer and the reseller terminate once the customer is registered with the system monitoring service.

Abstract: An embodiment defines access control allowing the expression of access control rules using ontology based semantics and references an ontology subset using XPath as the ontological expression. The access control rules or access criteria are defined by an access control statement and may be expressed using classification criteria and ontology classes. The access control statement comprises a structural description that is used to define an asset and a logical expression that may be used to express the classification criteria. The access control statement defines access policy for various assets.

Abstract: A client computing system inserts selected advertising into digital content. Ads may be inserted into content based on a dynamic advertising matching process that is securely implemented within a hardware-based root of trust. User profiles used in ad matching may be privacy protected and maintained with confidentiality protection in the client computing system and/or a service provider server, respectively. When a client computing system makes a request to the service provider server for content with specified ad slots, the request may be made with the client's EPID signature, which is inherently privacy protected. The hardware-based root of trust protects insertion of selected ads into the linear rendering flow of the content.

Abstract: A computing device includes a database, software code, and a processor. The software code, when executed by the processor, causes the computing device to predict users continued engagement with an external software application. The predictive software application transmits a data request to a database of an external software application, the requested data corresponding to a plurality of engagement variables for a set of users of the external software application. The predictive software application receives extracted data for the plurality of application engagement variables and stores the extracted data in a prediction database. The predictive software application calculates a weighting factor, identifying impact on future use, for each of the plurality of application engagement variables based on the analyzing of the extracted data for the plurality of application engagement variables.

Abstract: Managing metadata in a metadata transmission server by generating a plurality of metadata fragment data by partitioning metadata to be transmitted based upon predetermined segment units, selecting predetermined metadata fragment data from among the plurality of the metadata fragment data, generating metadata-related authentication information using the selected metadata fragment data, and transmitting the selected metadata fragment data and the metadata-related authentication information including data format information indicating type of the selected metadata fragment data. A metadata receiving client uses the transmitted metadata fragment data, the metadata-related authentication information and the metadata format type information to authenticate the received metadata.

Abstract: Methods and systems for securely distributing software in a subscription-based environment are provided. A Game Security Facility (“GSF”) associated with a game server manages secure communications with game clients. A subscriber is registered in a manner that includes a unique identifier of the machine upon which the subscription data will reside. Encryption keys are generated for the registered subscriber and encrypted subscription data is exchanged, thus preventing unauthorized copying to another machine or unauthorized use by a third party. The subscriber is re-registered, and new encryption keys are generated. Access is enabled to the previously exchanged encrypted subscription data without causing the previously exchanged data to be re-downloaded.

Abstract: Embodiments disclosed herein relate to an encrypted payment image. In one embodiment, a processor of a mobile computing device encrypts a binary version of an invoice image with a payment information encryption key. The processor may generate a payment image of the encrypted binary of the invoice image and display the payment image.

Abstract: A method, a computer program product, and an apparatus for managing transmission of information are provided. A determination is made as to whether a pattern in a set of patterns is present in the information to be transmitted by a first user. Responsive to a determination that the pattern in the set of patterns is present in the information to be transmitted, the information is inhibited from being transmitted by the first user. A request is sent to a mobile device of a second user for an approval of the information to be transmitted. Responsive to receiving the approval of the information to be transmitted from the second user, the information is transmitted.

Abstract: Content distributions may be optimized based on data from past distributions, including recipients, content metadata, and distribution path strength parameters. A content distribution package may be assembled, with the package including content metadata and an optimized distribution path. Clients that receive the package may modify the distribution. The details of the modified distribution may be reported back for inclusion in the distribution history records. In some embodiments, updates to the distribution records may be reflected in real-time such that ongoing distributions of content may be adjusted in response to feedback regarding distributions of other content. Each client may maintain a content management queue for users to specify, for each content package, which content is to be downloaded, which content is to be disregarded, and parameters and preferences for further distribution of the package itself.

Abstract: A system and method are provided for managing data being displayed on at least one monitor screen based on monitoring user's attention in relation to the monitor screen. In one embodiment, upon detecting that the user's attention is leaving at least a portion of a screen, the system may alert the user of such an event. Alternatively, the system could alert the user upon detecting a triggering condition while the user's attention is away from the at least a portion of the screen. The step of alerting the user may include modifying at least a portion of a display on a monitor not being viewed by the user. Additionally, the system may initiate preparation of a report including any data not being viewed by a user during the time period when the user is not viewing a portion of the monitor.

Abstract: Methods and systems for framing detection are disclosed. A web page comprising a child frame is generated. The child frame comprises an instruction to load a component from a merchant. The child frame comprises a header option restricting a loading of the component from within a parent frame associated with a domain external to the merchant. The web page is sent from the merchant to a client browser. It is determined that the web page is loaded within the parent frame in the client browser if a request for the component is not received by the merchant. It is determined that the web page is not loaded within the parent frame in the client browser if a request for the component is received by the merchant.

Abstract: Disclosed embodiments include a computer system for receiving an encrypted password from an ID management system. The computer system sends the encrypted password to a decryption system, where the decryption system decrypts the encrypted password. The decrypted password is then transmitted to the computer system, and the computer system transfers the decrypted password to a configuration item disposed on a network. Based on the password, the configuration item sends data concerning the configuration item to the computer system.

Abstract: A method for managing a security lifecycle of a federated web service provider (WSP) is described. The method includes populating a graphical user interface with available security mechanisms, receiving a selection of a selected security mechanism from a user, and creating a deployment time policy generator for instantiating the selected security mechanism in outgoing messages generated by the WSP. A system and machine readable-medium for a deployment tool for performing the method are also described.

Abstract: A system and method are provided for specifying a legality expression for use in a system for processing the legality expression. The system and method include providing a legality expression language, including at least one of a duty element specifying an obligation that a principal must perform an act, a ban element specifying a prohibition that a principal must not perform an act, an intent element specifying an intention that a principal wants to perform an act, and a claim element specifying an assertion that a principal does perform an act. The system and method further include interpreting by the system a legality expression specified using the legality expression language.

Abstract: Embodiments of the present disclosure provide systems and methods for secure Short Message Service (SMS) communications. According to an embodiment, a method of providing secure Short Message Service (SMS) communications comprises requesting that SMS data to be sent from a client device to a remote location be encrypted. The method also comprises encrypting the SMS data by processing the SMS data with a Message Authentication Code (MAC) and a timestamp and/or counter along with second factor authentication information. The method further comprises sending the encrypted SMS data to the remote location by a secure SMS application via a regular SMS channel of the client device.

Abstract: Computer-implemented methods and apparatus to perform a valid transfer of an electronic mobile ticket on a mobile device by a ticketing application system of a ticket processing center. One method includes: receiving a first electronic message from a first user, where the first message includes an encrypted electronic mobile ticket and a mobile device number of a second user, and where the electronic mobile ticket is encrypted with a key shared between the first user and the ticketing application system; decrypting the encrypted electronic mobile ticket; generating an electronic mobile ticket encrypted with a key shared by the ticketing application system and the second user; and transmitting a second electronic message that includes the electronic mobile ticket encrypted with the key shared between the ticketing application system and the second user to a mobile device of the second user.

Abstract: In a content delivery system, delivery of content and charging the fee of the content are performed and managed in a highly secure and effective fashion. If a content-purchasing request is transmitted from a user device to a shop server, a charging process is performed. A user device authentication server, which manages content delivery, converts an encrypted content key KpDAS(Kc) encrypted using a public key of the user device authentication server (DAS) into an encrypted content key KpDEV(Kc) encrypted using a public key KpDEV of the user device. If the charging process is successfully completed, the shop server transmits, to the user device, the encrypted content key KpDEV(Kc).

Abstract: A method for delivering non-financial electronic data through a secure communications channel between a payment processing network and an access device is disclosed. One embodiment of the invention is directed to a method comprising receiving, at a payment processing network, a request to establish a secure communications channel between a consumer device and the payment processing network. Upon establishing a secure communications channel with the consumer device, the payment processor network receives non-financial electronic content from a merchant at the payment processing network where the non-financial electronic content is selected at the merchant by a user associated with the consumer device. The non-financial electronic content is sent to the consumer device from the payment processing network via the secure communications channel between the consumer device and the payment processing network.

Abstract: One aspect of the invention is a method and system for auditing transaction documents that includes searching a database to identify transaction documents satisfying at least one query criteria. The transaction documents are pre-loaded in a temporary storage space, and a first transaction document is displayed to a user. A user input is received from the user. In response to receiving the user input, at least one operation is performed on the first transaction document. A second transaction document is automatically displayed to the user without further user input.

Abstract: A method, system and program product, the method comprising: accessing Transfer Fee data to be paid to a third party that is not the borrower or the lender of a security for a right to loan one or more units of the security; accessing loan data on a loan of units of the security, calculating an amount of a Transfer Fee for the right to loan the security; generating data for debiting an account or sending a bill for the Transfer Fee; sending or having sent data on revenue from one or more of the Transfer Fees to be paid to an issuer of the security; updating the database with data on the Transfer Fee.

Abstract: The present invention includes a virtual customer database system for delivering personalized services to a consumer operating a communication device. The virtual customer database system includes an administrator and a distributed database. The distributed database may be selectively loaded by the administrator with customer related information extracted from participating businesses. The distributed database includes secure databases associated with each participating business and a public participant database. The administrator may process push and pull service requests by selectively querying the distributed database. Sensitive customer specific information may remain with each corresponding participating business while responses to the requests may include personalized customer specific information provided via a common interface standard.

Abstract: The present invention relates to a process and a system for data transmission. Authentication data and an electronic key are generated, whereby the electronic key is stored as assigned to the authentication data. At least part of the electronic key is transmitted by means of an authentication module of the central module to a communications terminal. Asynchronously to that, data are encrypted into encrypted data by means of an encryption module and by means of at least part of the electronic key. The encrypted data are transmitted between a central module and a communications terminal. The encrypted data are decrypted by means of a decryption module and by means of at least part of the electronic key.

Abstract: Content protection arrangements govern use of particular electronic content in a consumer electronic device. An exemplary arrangement authorizes use based not just on usage control data corresponding to the content, but also based on an attribute of the consumer electronic device. Thus, for example, playback of a song (or video) with particular usage control data may be authorized on a device that includes only analog output, but not be authorized on a device that is capable of outputting the content in an unencrypted digital format. A variety of other technologies and arrangements are also detailed.

Abstract: A method for printing secure source images of the type that contain specific critical elements and non-secure images on a single printer includes determining the origin of an image (secure source or non-secure source). If the image to be printed is from the non-secure source, a determination is made if the image contains the specific critical elements of the type contained in secure source images. Printing of the image from the non-secure source is disabled if the image contains specific critical elements of the type contained in secure source images. Printing of the image from a non-secure source is enabled if the image does not contain specific critical elements of the type contained in the secure image. The determination if the non-secure source image contains the specific critical elements of the type contained in secure source images can be made after printing has commenced of the non-secure image.

Abstract: A screen for producing two-level watermarks is produced by completely closing part of the screen with a viscous sealing compound, which is subsequently cured actively or passively. At the thus closed partial areas of the screen, paper deposit is hindered during papermaking so that the finished paper appears light in transmission in the areas. A mask is used for exactly positioning the sealing compound in the partial areas of the screen and/or for curing the sealing compound only in the given partial areas, whereby in the latter case the uncured areas of the sealing compound are washed out.

Abstract: The present invention provides an apparatus and method for receiving and assessing an application made by an applicant. In one aspect, the apparatus includes: computing means configured or programmed to present a plurality of application forms to the applicant, to receive the forms once completed from the applicant and to assess the application; input means for the applicant to complete and return the forms to the computing means; and communication means for communicating or sending the assessment of the application to the applicant; wherein the computing means is configured or programmed to construct second and subsequent forms of the plurality of forms progressively on the basis of information provided by the applicant by means of the input means in the completed and received forms, to assess the application, and to communicate the assessment by means of the communication means.