Abstract: A system for certifying the status of a will having a security device adapted to be affixed to a will. A server creates an account reference number and a version identification; the version identification corresponds to a version of a will to which the security device is affixed The security device contains information, which includes at the least one of the account reference number and the version identification. A remote computing device communicates with the server and communicates information contained in the security device to the server. A database communicates with the server and stores the version identification and account reference number. The server maps the version identification to the account reference number. A system that will locate the last and legitimate will regardless of which version of the will is initially referenced.

Abstract: A computer readable medium storing a program causing a computer to execute a process for authenticating a user in a site included in an authentication system in which a plurality of sites are linked each other, the process comprising: receiving authentication information; authenticating the user in a first site of the authentication system based on the received authentication information; receiving suspicious behavior information of the user; registering the received suspicious behavior information; determining reliability of the user based on the suspicious behavior information registered in registering of the behavior information registration; in a case where the user accesses a second site of the authentication system, adding the reliability of the user determined, and transmitting the authentication information to which the reliability is added to the second site; and determining a function to be provided to the user in the first site based on the reliability of the user.

Abstract: Sending and receiving encrypted emails. At a web browser, user input is received requesting a compose email page user interface for a web-based email system. The compose email page user interface is requested from a server for the web-based mail system. Web page code is received from the server for the compose email page user interface. The web page code for the compose email page user interface is parsed to determine screen locations of one or more user input interface elements. The compose email page user interface is rendered in the browser. One or more browser-based interface elements implemented integral to the browser are overlaid onto the compose email page user interface. User input is received in the browser user interface elements. The user input received is encrypted. The encrypted user input is transferred into one or more elements of the compose email page user interface.

Abstract: A user terminal (110) having a license purchase unit (603) obtaining a license (500) indicating a content usable time (502) of a content data (200) composed of a plurality of elements (203), each of which can be replayed individually. The user terminal (110) also having an availability judgment unit (604) judging whether or not encrypted elements (203) included in the content data (200) are available, based on the content usable time (502) indicated in the obtained license (500), and having a replay/display unit (607) replaying the encrypted elements judged as available. In addition, the user terminal (110) having a use status management unit (608) specifying license-consuming elements, each of which consumes an authorized amount of replay under right, out of the elements that are being replayed, and measuring a content used time (504) consumed by replaying the specified license-consuming elements.

Abstract: A system and method identifies one of several security token services that can be used to convert an identity token into one containing content, a format and having a signature corresponding to a signing key name that a software service can use. The identification of the security token service that may be used to perform the conversion is made using machine readable information about the signing key name that the software service can use.

Abstract: Authenticity of a proposed future or current participant in a multi-party dialog is checked by splitting an authenticity challenge query into at least two portions wherein none of the portions individually contains sufficient information to fully define the challenge query. These separated portions are then sent to another dialog participant over at least two different communication channels thus enhancing the probability that a successive challenge response is authentic. The authenticity challenge query and splitting thereof into plural portions may include formation of a logical combination (e.g., exclusive-OR) of first and second data strings (one of which may be a challenge question) to produce a resultant third data string where the separated and separately communicated portions include the first and third data strings as separate portions as being sent over respectively different communication channels.

Abstract: A card to card transfer method used in the financial system is provided in the present invention, and comprises an initializing step, a transferring step and a transaction confirming step, wherein the initializing step includes the steps of calculating and obtaining the public key certificate and checking the amount of the transaction and so on, and the transferring step includes the steps of performing the transaction and so on. The present invention can achieve the function of transferring the electronic cash between two cards and can prevent the risk of repeatedly transferring the money into the card for transfer-in by using the card for transfer-out and so on.

Abstract: Systems and methods are provided for electronically managing content. In one embodiment, information identifying content items found on a page is received from a client system through code embedded on the page. Systems and methods for associating advertisement data with content items are also disclosed.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium, which operates in a mobile device server and which has computer instructions to obtain a software application, store a first pairing key in a memory of the mobile device server where the first pairing key is generated by a device of a service provider in response to a review of the software application for compliance with at least one policy of the service provider, and execute a web server application at the mobile device server that is operable to detect a media resource center operably coupled with at least one media device, establish communications with the media resource center and transmit the first pairing key to the media resource center to enable at least a portion of services that are associated with the software application and that utilize the at least one media device. Other embodiments are disclosed.

Abstract: Disclosed are various embodiments for facilitating access to data in network page generation code supplied by customers of a hosting provider. A request for a network page is obtained from a client. The network page is associated with a network site hosted by a hosting provider on behalf of a customer. Page generation code supplied by the customer is obtained, and this code includes a dynamic data variable. One or more service calls are executed based at least in part on the dynamic data variable to obtain one or more data objects. The page generation code is executed to generate the network page in response to the request, where the page generation code is executed with the data objects in place of the dynamic data variable.

Abstract: Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the memory system generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.

Abstract: A method and system for controlling access to various tiers of functionality of core software are provided. A software developer/vendor can develop a single version of software having one or more limited-access functionalities and provide the single version of the software to various types of customers. Each customer, using the single version of the core software, may develop additional software that utilizes one or more functionalities of the core software as authorized by the software developer/vendor. Access to a certain functionality or set of functionalities by the customer developed software is obtained by adapting the customer developed software to submit a key, provided by the software developer/vendor, to the core software through, for example, an application programming interface (API) of the core software.

Abstract: A method and system for authenticating applications. The system includes a plurality of portable electronic devices, at least one process organizer, at least one module developer, at least one task performer and a workflow server. The process organizer generates an application. The process organizer can request modules from module developers that are incorporated into the application. Alternatively, the process organizer makes an agreement with a task performer to perform tasks to complete the application. The application is transmitted to the workflow server, which includes an online marketplace for displaying and selling the applications. A user purchases the application through the store. A routing module generates a signature and compares the signature to application, module or document metadata and a secret to determine consistency of the data before the application, module or document is routed.

Abstract: A computing platform for facilitating dynamic connection and collaboration of users to transact services in a secure computing environment. The users include service providers and service requesters. The platform includes a registration module for registering users including service requesters and service providers, a connection module for connect users to form groups based on users' selective invitations to other users, and a collaboration module for creating a virtual secure data room for collaboration and sharing of encrypted data by the connected users in a user-friendly and transparent manner. The platform further comprises a transaction module for settling payments between the service requesters and the service providers based on completion of previously agreed project milestones.

Abstract: The invention broadly comprises a method for determining financial loss related to performance of an internetwork. The method correlates input information regarding performance of an internetwork to operations of a financial entity underwriting insurance premiums and bonds and translates the correlated input information into at least one operational risk for the entity. In some aspects, the internetwork is the Internet. The method gathers secondary external information other than directly from the internetwork, correlates the input and secondary external information, and translates the correlated input and secondary external information into at least one operational risk for the entity. For at least one subset and one peril, the method determines a spread in time and space of effects of the at least one anomaly and peril on the internetwork and on the at least one subset.

Abstract: A system and method for enhancing spam avoidance efficiency by automatically identifying a phishing website without human intervention. The system receives a stream of suspect Internet urls for potential phishing websites and uses a comparison strategy to determine whether the potential phishing website has already be labeled as a bonefid phishing website. A comparison system is utilized in which similarity data is calculated on various elements of the potential phishing website and then compared to similarity data of known phishing websites. Various types of similarity measure methodologies are potentially incorporated and a similarity threshold value can be varied in order to respond to phishing threats.

Abstract: A system, method, and computer program product for managing limited-use software on a host computer having an operating system is disclosed. A software application can be installed in the operating system as a virtualized application using light weight virtualization technology. Rights usage information for the software application is received, the rights usage information comprising a rule describing permitted use of the software application on the host computer. A determination is made whether to enable the virtualized application based at least in part on the rights usage information. Responsive to the determination, the virtualized application is enabled to be executed on the host computer.

Abstract: A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.

Abstract: The present disclosure includes, among other things, systems, methods and program products for content chapter access and license renewal.

Abstract: Multiple service servers can store identification tags, which identify each user, after associating the identification tags with the identification tags of other users; and can also store identification data, which uniquely identifies users across multiple service servers, after associating the identification data with an encryption key for each identification datum. A management server device stores as identification data the user address data encrypted by means of an encryption key that has been generated for each identification datum. A gateway server device receives the identification tags from a first service server, receives the other identification tags associated with the first identification tags, receives the encryption keys associated with the other identification tags, and obtains the encrypted data from the management server. The gateway server device then decodes the encrypted information, and commands delivery that uses the obtained address data.

Abstract: A message, method and system for processing rights object (RO) in a DRM system are disclosed. A message for requesting submission or return of an unused/partially consumed rights object (RO) is newly defined. When an authenticated device generates such a request message and transmits it to a right issuer (RI), the RI checks whether there exists an ID of a receiving device in the request message. If an ID of a receiving device exists in the request message, the RI performs a procedure for submitting the RO to the ID of the receiving device. If, however, the ID of the receiving device does not exist, the RI performs a procedure of returning of the RO or issuing of a different RO. Accordingly, the unused RO or partially consumed RO can be returned or submitted to a different device by using the request message.

Abstract: The present invention relates to a process and a system for selectable data transmission. Authentication data and an electronic key are generated, whereby the electronic key is stored as assigned to the authentication data. Data are encrypted into encrypted data by means of an encryption module of a central module and by means of at least part of the electronic key. A signaling message is transmitted to a first communications terminal. A second communications terminal is selected by means of the first communications terminal. On the identification of the selected second communications terminal, the encrypted data are transmitted to the second communications terminal. At least part of the electronic key is transmitted to the second communications terminal by means of an authentication module of the central module. The encrypted data are decrypted by means of a decryption module of the second communications terminal and by means of at least the part of the electronic key.

Abstract: A method performed by a medical device includes: receiving electronic medical data from one or more input devices; storing the medical data in a first datastore associated with the medical device; receiving a non-expiring, cryptographic token from a server in response to a transmission of account data, the non-expiring, cryptographic token associated with the medical device for synchronizing the medical data stored in the first datastore with the medical data stored in the second datastore that is associated with the server; transmitting the non-expiring, cryptographic token to the server for authentication by the server; selectively transmitting at least a portion of the medical data stored in the first datastore to the server for storage in the second datastore; selectively receiving at least a portion of the medical data stored in the second datastore from the server; and selectively storing the medical data received from the server in the first datastore.

Abstract: Systems and methods for protecting data being sent between a client and a server include the capability of defining programmable processing steps that are applied by the server when protecting the data and the same steps are applied by the client when unprotecting the data. The programmable processing steps can be defined uniquely for each client, and the programmable processing steps are selected from a number of functions using sequencing data that defines the processing steps. The programmable processing steps allow for each client to process encrypted data in a different manner and the programmable processing steps are defined by what is called a digital rights management (DRM) Sequencing Key, and as such the system and method introduces a key-able DRM whereby each DRM message can be processed in a unique (or pseudo unique) manner.

Abstract: In a franking system, a postal security device (PSD) is used to account for postage dispensation, and generate digital signatures for inclusion in postage indicia to authenticate same. In accordance with the invention, the PSD includes multiple crypto processors which participate in franking transactions and generate the digital signatures in a multiplexed manner. Each crypto processor verifies the accounting of postage dispensation leading to and including the transactions in which the crypto processor participates. In addition, the crypto processors re-create transaction records and store them therein in a distributed manner.

Abstract: The present disclosure is directed to systems and methods including accessing a first private value, generating a first intermediate value based on the first private value, receiving a second intermediate value that is based on a second private value, generating a first comparison value based on the second intermediate value, receiving over the network a second comparison value that is based on the first intermediate value, comparing the first comparison value and the second comparison value to generate a result, and displaying the result, the result indicating that the first private is greater than the second private value when the first comparison value is less than the second comparison value, and the result indicating that the first private value is less than or equal to the second private value when the first comparison value is greater than the second comparison value.

Abstract: A transmitting apparatus 100 includes an initialization vector generating unit 110 for generating initialization vector IV1-IV5 for encrypting stream data with a stream encryption method, wherein the initialization vector is changed at every initialization intervals defined by a stream encryption module; an initialization packet generating unit 140 for generating an initialization packet IP containing an initialization vector used when stream data following the initialization packet are encrypted and another initialization vector used when another stream data different from the stream data following the initialization packet are encrypted; an encryption unit 120 for initializing the stream encryption module using a generated initialization vector, and performing stream encryption on stream data following the initialization vector; an encryption packet generating unit 130 for generating an encryption packet EP containing stream-encrypted data; and a transmission unit 150 for transmitting the initialization pac

Abstract: A smart coupon-delivery system provides targeted coupons to a user using a criteria-encoded message received from a coupon server. The criteria-encoded message is generated by the coupon server from a behavior-criteria vector that indicates criteria for selecting a recipient of a digital coupon. The system then generates a user-behavior vector to indicate one or more behavior patterns of an end-user, and encodes the user-behavior vector to produce a behavior-encoded message. The system then determines whether the end-user is eligible to receive the digital coupon based on the criteria-encoded message and the behavior-encoded message. If the system determines that the end-user is eligible, the system presents the digital coupon to the end-user.

Abstract: Distributed computer system processes data having select content (SC) represented by one or more predetermined words, characters, etc. The system has a plurality of SC data stores in a server cloud for respective security designated (Sec-D) data and granular data, each with respective access controls thereat. The data stores are operatively coupled over a network. An identification module identifies SC data and granular data stores for in the server cloud. A processor activates data stores in the server cloud thereby permitting access to the SC data and granular data stores based upon an application of access controls thereat. The processor has a reconstruction module operating as a data process employing the respective access controls to combine one or more of the Sec-D data and granular data.

Abstract: A system and method for managing use of items having usage rights associated therewith. The system includes an activation device adapted to issue a software package having a public and private key pair, the public key being associated with a user, a license device adapted to issue a license, a usage device adapted to receive the software package, receive the license and allow the user to access the item in accordance with the license, and a subscription managing device adapted to maintain a subscription list including the public key associated with the user. License's is issued by the license device upon verifying presence of the public key in the subscription list corresponding to requested content.

Abstract: A system and method for enhancing spam avoidance efficiency by automatically identifying a phishing website without human intervention. The system receives a stream of suspect Internet urls for potential phishing websites and uses a comparison strategy to determine whether the potential phishing website has already be labeled as a bonefid phishing website. A comparison system is utilized in which similarity data is calculated on various elements of the potential phishing website and then compared to similarity data of known phishing websites. Various types of categorization structures and notification strategies are utilized in the system.

Abstract: Systems and methods for providing users of wireless mobile devices with content available for purchase are disclosed. Content is loaded into a cache memory in the wireless mobile device and the user is provided with a preview of the content and the ability to purchase the content. If the user does not purchase the content, then the content is purged from the cache memory.

Abstract: Apparatus and method for secure transactions between gaming machines and portable devices are described. The secure transactions may include a transfer of an amount of an indicia of credit with a cash value from the portable device to the gaming machine or a transfer of an amount of an indicia of credit with a cash value from the gaming machine to the portable device. A logic device, separate from a master gaming controller on the gaming machine and placed in the gaming machine, may be operable to authenticate a portable device, such as a smart card, and authorize transactions involving transfers of indicia of credit between the portable device and the gaming machine.

Abstract: A memory tag is a transponder device with a memory for storing digital content. Purchase-related information for a product is stored in such a memory tag. A write capability of the memory tag is disabled.

Abstract: The present invention controls to read encrypted digital data from a detachable storage medium, in which the digital data and a decode key for decoding encryption of the digital data are stored. In reading the digital data, the decode key is read, the decode key is deleted from the storage medium, the encrypted digital data is read, and then encryption of the encrypted digital data is decoded by the read decode key.

Abstract: A transaction handler receives, for forwarding to a sponsor account's issuer, a coupon authorization request message from a merchant's acquirer that identifies the sponsor account and a coupon for an item being purchased by a consumer in a transaction with the merchant. The issuer determines eligibility of the coupon for use by the consumer, and sends an authorization response message to the merchant via its acquirer and the transaction handler for the application of a corresponding discount for the item when the coupon is eligible. One or more coupon eligibilities for the purchase of the item by the consumer from the merchant can be derived from comparisons of the transaction to predetermined times, geographies, jurisdictions, sets of merchants, and/or the number of times that coupons have been used in other transactions. The transaction handler can further process the transaction for authorization the consumer's account to pay of the transaction.

Abstract: An information processing device includes: a detecting unit configure to detect, with regard to a plurality of wireless terminal devices sharing a usage right of subscription authentication information relating to a mobile network operator which provides wireless connection services, transfer of the usage right among the wireless terminal devices; and a calculating unit configured to, in the event that transfer of the usage right is detected, calculate fees relating to the subscription authentication information occurring after the transfer, based on billing information set for the wireless terminal device to which the usage right has been transferred.

Abstract: A method and system for granting premium access to a service application stored within a service provider (SP) computer system through an open API platform is provided. The method includes receiving a request for premium access to the service application from a developer of a developer application wherein the developer application is configured to request data from the service application, assigning a production key to the developer application, sending an electronic message to a service owner (SO) associated with the service application requesting premium access to the service application, granting premium access to the service application by the SO for the developer application, updating the production key at the open API platform to include premium access to the service application, and notifying the developer of the granting of the premium access to the service application for the developer application.

Abstract: A system environment supporting one or more advertisers and one or more ad publishers provides a means of sharing user-targeted advertisement. One or more hashing modules in the system environment provide the advertisers and ad publishers a means of sharing this information without revealing a user's personally identifiable information (PII). If a lossy hash is chosen, then an advertiser can communicate targeted advertisements to an ad publisher without revealing any PII to the ad publisher that the ad publisher did not already know.

Abstract: A system to present secure expandable advertisements using an API and cross-domain communication. A content publishing system that hosts a website can implement an expandable advertisement using IFRAMEs that are expanded upon receiving an API call from a third party rich media vendor that hosts the expandable advertisement when the content publishing system and the third party media vendor are of differing domains.

Abstract: A method and system for processing feedback entries received from software provided by a vendor to an end user machine. The end user machine includes the software, a feedback module, and a database. The feedback module: generates a secret key k(0) and makes the key k(0) known to both the vendor and a user of the software; generates a secret key n(0) and makes the key n0) known to the vendor but not to but not to the user; generates a secret key s(0) and makes the key s(0) known to the user but not to the vendor; generates an encryption Ek0 of an identification tag using the key (k(0); generates a parameter Hn0 such that Hn0=Hash(n(0)?Ek0); generates a parameter Hs0 such that Hs0=Hash(s(0)?Ek0); sends Ek0, Hn0, and Hs0 to the database; and sends Ek0 and Hs0 to the vendor.

Abstract: A digital license includes an identification of a removal service that can authorize removing such license. A client selects the license to be removed and the service, constructs a challenge including therein a challenge license identification block (LIB) identifying the license to be removed, and sends the challenge to the service. The service receives the challenge, stores at least a portion of the challenge in a database, constructs a response corresponding to the challenge and including therein a response LIB identifying the license to be removed and an identification of the service, and sends the response to the client. The client receives the response, employs the response LIB from the response to identify the license to be removed, and removes the identified license upon confirming that the identification of the service in the identified license matches the identification of the service in the response.

Abstract: Mechanisms that provide a sealed storage in a data processing device are provided. Processors of the data processing device may operate in a hardware isolation mode which allows a process to execute in an isolated environment on a processor and associated memory thereby being protected from access by other elements of the data processing device. In addition, a hardware controlled authentication and decryption mechanism is provided that is based on a hardware core key. These two features are tied together such that authentication occurs every time the isolation mode is entered. Based on the core key, which is only accessible from the hardware when in isolation mode, a chain of trust is generated by providing authentication keys for authenticating a next piece of software in the chain, in each piece of software that must be loaded, starting with the core key.

Abstract: Computing services that unwanted entities may wish to access for improper, and potentially illegal, use can be more effectively protected by using Active HIP systems and methodologies. An Active HIP involves dynamically swapping one random HIP challenge, e.g., but not limited to, image, for a second random HIP challenge, e.g., but not limited to, image. An Active HIP can also, or otherwise, involve stitching together, or otherwise collecting and including, within Active HIP software, i.e., a HIP web page, to be executed by a computing device of a user seeking access to a HIP-protected computing service x number of software executables randomly selected from a pool of y number of software executables. The x number of software executables, when run, generates a random Active HIP key.

Abstract: A system is provided comprising processor, memory, and a provisioning application that receives a first message from a rating engine, the first message providing a first rating of a prepaid subscription account associated with a portable electronic device. The system also configures a first setting to a first index wherein the first setting is based on the first rating and wherein the first setting is associated with the device receiving access to services without further contact with the rating engine. The system also receives a second message from the rating engine, the second message providing a second rating of the account. The system also configures a second setting to the first index based on the second rating wherein the second setting replaces the first setting and the second setting is associated with contacting the rating engine before receiving access to services.

Abstract: Methods and systems of the invention provide a variety of techniques for processing microtransactions. In accordance with the invention, the method starts with a customer initiating a purchase through interaction with a merchant. The purchase is associated with purchase information, which includes the particulars of the purchase, such as the purchase price. In the purchase, the customer uses a transaction account, obtained from a payment enabler. The purchase is classified as a microtransaction, if the purchase price is below a predetermined monetary amount. Thereafter, the purchase information is forwarded for processing based on the classifying, i.e., either as a regular transaction or as a microtransaction. Then, upon receipt of the purchase information by an appropriate recipient, such as an interchange entity or an alternate interchange entity, the purchase information is processed to effect the microtransaction, if so classified, between the customer and the merchant.

Abstract: Techniques are provided for securely delivering media data. A requestor is directed to a secure streaming portal after being authenticated. A requesting application contacts the secure streaming portal and requests media data. A configuration header having a key for decrypting the media data is sent to the requesting application using secure communications. The media data is dynamically encrypted using the key and streamed to the requesting application. The requesting application uses the key and decrypts the encrypted media data for consumption.

Abstract: Methods and systems of the invention provide a variety of techniques for processing microtransactions. In accordance with the invention, the method starts with a customer initiating a purchase through interaction with a merchant. The purchase is associated with purchase information, which includes the particulars of the purchase, such as the purchase price. In the purchase, the customer uses a transaction account, obtained from a payment enabler. The purchase is classified as a microtransaction, if the purchase price is below a predetermined monetary amount. Thereafter, the purchase information is forwarded for processing based on the classifying, i.e., either as a regular transaction or as a microtransaction. Then, upon receipt of the purchase information by an appropriate recipient, such as an interchange entity or an alternate interchange entity, the purchase information is processed to effect the microtransaction, if so classified, between the customer and the merchant.

Abstract: An apparatus is provided for authentication of an item or a label by storing unique random serial numbers or codes in a remote secure storage that can be used to authenticate the item or the label, generating a pointer to each stored unique random serial number/code and storing the generated pointer(s) in a client data storage. During or prior to a production run of the item(s) or label(s): the generated pointer(s) are sent from the client data storage to one or more media devices, the generated pointer(s) are obtained from the media device using a post-content manager, the unique random serial number(s)/code(s) are obtained from the server via the post-content manager using the generated pointer(s), the obtained unique random serial number(s)/code(s) are sent to the media device, and the received unique random serial number(s)/code(s) are imprinted on the item(s) or the label(s) using the media device.

Abstract: Methods and apparatuses enable a service mediator to provide security proxying services to an end-user application requesting a backend service of an enterprise network. The end-user application generates a request for a service of the backend system. The request does not have sufficient security information to enable access to the backend system. The service mediator can detect that one or more items of required security information are not present in the request and injects the necessary security information into the request. The end-user application need not even have access to the security information or even be aware that security information is needed to access the service. The request having the required security information is sent to the backend to enable access to the backend service.