Abstract: In some embodiments, techniques for computer security comprise displaying an electronic document, detecting a request to traverse a link, such as a hyperlink or a form submission, wherein the link is associated with an element of the document, evaluating an attribute, wherein the attribute is associated with the element of the document, and determining whether to perform the action based on the evaluation. Applications of these techniques include mitigating the effect of an attempt to modify web pages for fraudulent purposes, such as by a “phishing” attack incorporating malicious scripting.

Abstract: A safety system comprising an implant, a control device, and a machine. The machine has a control unit which is designed to allow operation of the machine only when a unique identifier has been received, and to set an operating mode of the machine as a function of the received suitability index. The implant is designed to detect physiological data of an implant wearer, and to either generate a suitability index based on detected physiological data and transmit the suitability index to the control device, or to transmit the physiological data itself to the control device.

Abstract: A communications manager of an enterprise receives an add-conference request to host a conference by the enterprise from an organizer client, wherein the conference to enable an anonymous user that does not have enterprise credentials to join the conference. The communications manager sends an add-conference response to the organizer client indicating that the conference is organized.

Abstract: A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed.

Abstract: An apparatus connected to a network via a network interface device and capable of executing encrypted communication with an external device on the network requests that a first algorithm to be used in the encrypted communication with the external device is changed to a second algorithm included in the network interface device when the apparatus detects that a condition for shifting to a power saving mode, in which power consumption is smaller than that in a normal power mode, is satisfied while the apparatus is operated in the normal power mode.

Abstract: Systems and methods for evaluating electronic value transfers. Various of the methods include receiving money transfer requests, electronically storing records of the money transfer requests, and performing an analysis of the records. The analysis of the records can indicate that two or more of the records are related. The related records are associated with a reference designator that is used to search money transfer records and identify suspect activity. The systems can include a fraud processing system associated with a money transfer system.

Abstract: The present invention proposes a safe and quick individual certification method using a portable terminal. When a portable terminal 30 sends a request for certification to a certification server 10, the certification server 10 transmits query code for certification to the portable terminal 30. The portable terminal 30 transmits said query code to the certification server 10 via a reader 21 or the like and also via a sales management server 23 to be certified. The certification server 10 verifies the query code to that generated in the past, and returns a result of verification and personal data required by the sales management server 23 to the sales management server 23.

Abstract: A system for secure transfer of encrypted data involves a sender client (36), a recipient client (38), a main server (40), and a key server (42). The sender client (36) receives instructions from a first user identifying transfer data and a recipient identifier, creates an encoding key, encodes the transfer data using the key, and communicates the key and the recipient identifier to a main server (40). The main server (40) communicates the key and the recipient identifier to the key server (42), which associates the recipient identifier with a secure package identifier and communicates the secure package identifier to the main server (40), which communicates the secure package identifier to the sender client (36).

Abstract: An auction module and one or more private bidding modules operate within a client system to select information items for presentation to users. Upon receiving content with space or opportunities for presenting information items to users, the auction module initiates an auction between the private bidding modules. Each private bidding module may use a user profile, information item attributes, and content attributes to select one or more previously stored information items for possible presentation to the user. The private bidding modules submit bids to the auction module for the selected information items. The auction module determines a winning bid and may provide the corresponding information item for presentation within the content.

Abstract: A portable secure storage device provides a means to transport media from one media player to another while maintaining the security of and the rights associated with the content stored in the portable secure storage device. The device contains a security engine for managing digital rights associated with content stored in the device. The device can also include a hard disk drive memory and a real time clock. The hard disk drive memory provides ample storage of media and versatility of digital rights management. The real time clock maintains secure time. The device can be use to provide a thumbnail, a snapshot, a trailer version, or a table of contents of contents stored therein based on the security level of the receiving device. The portable secure storage device can query the receiving device to determine the current status of rights and can provide content in accordance with current rights.

Abstract: An apparatus for generating a collection profile of a collection of different media data items has a feature extractor for extracting at least two different features describing a content of a media data item for a plurality of media data items of the collection, and a profile creator for creating the collection profile by combining the extracted features or weighted extracted features so that the collection profile represents a quantitative fingerprint of a content of the media data collection. This collection profile or music DNA can be used for transmitting information, which is based on this collection profile, to the entity itself or to a remote entity.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A method, system, GUI, apparatus, and computer readable media for enabling a customer to access to a media file uploaded by a user are provided. A user profile may be generated using received login and profile information. The user profile may be hosted on, for example, a web site, SMS/MMS gateway, and a WAP site. A media file may be received from the user and may be upload to the user profile. The media file may be associated with a user account. A request to access the media file may be received from a customer. An account associated with the customer may be updated to indicate their requested access to the media file. The customer may then be enabled to access the media file. The user's account may be updated to indicate the transaction.

Abstract: Character spacing values in a document image are extracted and a variance is calculated for fluctuations in the character spacing values. When the calculated variance is lower than a preset threshold value, the document image is determined as having watermark information embedded therein. Such use of the variance in the character spacing values enables high-speed determination of the presence or absence of character-spacing watermark information. At this time, it is possible to speed up the determination by using only some character spacing values in the document, instead of using all character spacing values.

Abstract: A system for remotely reviewing medical data allows medical data to be transmitted over a vulnerable network to a physician's mobile device. The system includes a console, a data server and mobile devices. The system may include medical imaging equipment, medical records databases, and other sensors. Medical data is routed through the console to the data server to reach the mobile device via a wireless network. Patient's medical file may be separated into a demographics layer and a data layer, and separately encrypted using different encryption keys for the demographic layer and the data layer. Servers in the communication and processing system are provided with a decryption key for the layer processed by such server. Physicians may transmit comments to the requestor through the same system. A resident messaging system may notify users of messages or data awaiting review along with the urgency of the required review are also described.

Abstract: A method and system for providing a personalized entertainment experience that is customized for each user. User actions and user control actions may be associated with each played composition and captured as user feedback about each composition. A targeted time between playbacks of a composition may be determined by using said control actions. A customized sequence of compositions may be automatically generated for each user by utilizing a history of the user actions and/or control actions. The personalized sequence may automatically adapt to changing user preferences and feedback over time. The user's collection of compositions may be automatically integrated with the generated customized sequence. Additional compositions and samples, that are new to a user, may be automatically chosen based on the prior user feedback/history and may be added to the user's collection when indicated by user action(s).

Abstract: A method for remotely reviewing medical data allows medical data to be transmitted over a vulnerable network to a physician's mobile device. The method sends data to be transmitted through a console, and a data server to reach the mobile device. The method includes separating patient's medical file into a demographics layer and a data layer, separately encrypting the demographic layer and data layer using different encryption keys, and providing servers in a communication and processing system with a decryption key for the layer processed by such server. Medical file data may be separated into more than two layers. After reviewing the data, physicians may transmit their comments from their mobile device to the requestor by going through the same system. Separately encrypting different parts of a patient medical record enables processing and communication of patient medical files by intermediary servers without risking disclosure of sensitive patient information.

Abstract: A system for remotely reviewing medical data allows medical data to be transmitted to a nurse's mobile handheld device from medical equipment or data storage. The system includes a console, a data server and mobile handheld devices; the data server may be a software component within the console. The system may further include medical imaging equipment, medical records databases, and other sensors and servers. Medical data is routed through the console to the data server to reach the mobile handheld device via a wireless network. After reviewing the data, nurses may transmit their comments from their mobile handheld device to the requester by going through the same system. The data server may further include a resident messaging system that communicates to the mobile handheld device such that the user is notified of messages or data awaiting review along with the urgency of the required review are also described.

Abstract: Described are methods and apparatuses, including computer program products, for inserting personalized information into digital content. A request for digital video content is received by a computing device. The request includes authentication data associated with a user of a client device. Personalized data to be inserted into the requested video content is generated by the computing device. The personalized data and the requested video content are combined by the computing device. The combining includes replacing one or more frames of the requested video content with the personalized data to generate personalized video content.

Abstract: A system for securing patient medical information for communication over a potentially vulnerable system includes separating patient's medical file into a demographics layer and a data layer, separately encrypting the demographic layer and data layer using different encryption keys, and providing servers in a communication and processing system with a decryption key for the layer processed by such server. Medical file data may be separated into more than two layers. Users accessing the system are authenticated using standard techniques. By separately encrypting different parts of a patient medical record, processing and communication of patient medical files by intermediary servers is enabled without risking disclosure of sensitive patient information if such servers are compromised.

Abstract: Systems and methods are provided for providing prior authorization support.

Abstract: A method for providing protected content, wherein content usage rights information and/or usage state information is embedded into obtained primary data that serves as a basis for a content item to be provided thereby providing the primary data with the embedded content usage rights information and/or usage state information as the content item.

Abstract: An equipment managing system includes an intermediating apparatus and an equipment managing apparatus. The intermediating apparatus is connected to a license management apparatus and a program management apparatus via a network. The equipment managing apparatus is connected to an electronic equipment via a network. The intermediating apparatus stores a program acquired from the program management apparatus and a license file acquired from the license management apparatus to an external storage medium. The equipment managing apparatus sends the program and the license file recorded in the external storage medium to the electronic equipment.

Abstract: A portable consumer device includes a base, and a computer readable medium on the base. The computer readable medium comprises code for an issuer verification value and a supplemental verification value. The issuer verification value is used by an issuer to verify that the portable consumer device is authentic in an on-line transaction and the supplemental verification value is used to verify that the portable consumer device is authentic in an off-line transaction.

Abstract: Service delivery systems and methods are described. In one aspect, a service delivery system includes a set of tokens, a database, multiple terminals, and a service manager. Each of the tokens includes a respective token identifier. The database stores personal user profiles each of which is associated with a respective token identifier. The terminals are distributed about a selected locale. Each terminal has a reader that is operable to read token identifiers from tokens and a controller that is operable to transmit read token identifiers and context data identifying one or more conditions under which a token identifier is read through a network connection each time a token identifier is read. The service manager is connected to each of the terminals through a respective network connection and to the database.

Abstract: A system and method for enhancing spam avoidance efficiency and brand protection by automatically identifying a phishing website without human intervention. The system receives a stream of suspect Internet urls for potential phishing websites and uses a comparison strategy to determine whether the potential phishing website has already be labeled as a bonefid phishing website. A comparison system is utilized in which similarity data is calculated on various elements of the potential phishing website and then compared to similarity data of known phishing websites and known brands to determine whether the site needs human intervention. Various types of categorization structures and notification strategies are utilized in the system, including the adjustment of threshold comparison values in response to the identification of a potential phishing site displaying a brand of interest.

Abstract: Methods evaluating propositions about timeseries are provided. A service accepts a proposition about one or more timeseries, and the service monitors those timeseries. A proposition can reference multiple timeseries with different time intervals and different units. When new data is available, the service evaluates the proposition to determine if the proposition is true, false, or neither. The service automatically performs unit conversions and selects relevant, previously observed values before evaluating a proposition when new data is available.

Abstract: Methods and systems for communicating a patient medical file having personal demographic information, medical data and a diagnostic image include separating the file into layers including a demographic layer demographic information and a data layer. Medical data may be evaluated using an auto-analysis. The demographic layer may be encrypted with a first encryption key, and the data layer may be encrypted with a second encryption key different from the first. The encrypted demographic and data layers may be sent to a server capable of decrypting one of the layers but not both. The data layer may be decrypted at the server and an operation performed to select a second portion of the diagnostic image. The portion of the processed data layer including the selected second portion of the image may be re-encrypted and the encrypted demographic layer and re-encrypted data layer may be transmitted to a mobile device.

Abstract: A security mediator, comprising an input configured to receive a user information request; an automated index, stored in a memory, configured to store information for determining which of a plurality of remote databases stores information responsive to the request; an automated security rule base, stored in a memory, containing rules applicable to information responsive to the request stored in the plurality of remote databases; a communication port configured to communicate to a plurality of remote databases which store information responsive to the request: security information, a query corresponding to the request and associated rules applicable to the information responsive to the request at the respective remote database; and at least one processor being configured to apply at least one security rule responsive to the query of the automated security rule base, and index information derived from a plurality of the remote databases, in a manner which permits application of the rules and which restricts ins

Abstract: A method is provided for managing fonts in a radio communication terminal, which can receive fonts in order to render contents on a screen. One such method involves the use of the following elements in the terminal, namely: a font database that lists all of the fonts or font portions stored by the terminal and matches at least one management parameter with each of the fonts; and set of font management commands including at least one command, which is applied to a font portion and which belongs to the group containing at least a command for transmitting a font portion for storage in the terminal, a command for updating a font portion stored in the terminal and a command for deleting a font portion stored in the terminal.

Abstract: A method is provided for managing fonts in a radio communication terminal, which can receive fonts in order to render contents on a screen. One such method involves the use of the following elements in the terminal, namely: a font database that lists all of the fonts or font portions stored by the terminal and matches at least one management parameter with each of the fonts; and a set of font management commands, which is transmitted in a multimedia data flow.

Abstract: Embodiments of the invention provide a portable consumer device configured to store dynamic authentication data in memory. The portable consumer device also includes an interface for transmitting data to and receiving power from an external device. The dynamic authentication data is read from the memory by a read-write device located on the portable consumer device. The authentication data is updated and the updated data may be written into memory using the read-write device. In some embodiments, an authentication value read from the memory may be used to generate another authentication value based on an algorithm. The portable consumer device is further configured to transmit authentication data to an external device. The process of reading, updating, generating, transmitting, and rewriting the authentication data may occur each time external power is provided to the portable consumer device via the interface.

Abstract: The provided software application includes a module that determines a machine fingerprint of a client device at an appropriate time, such as during initial software load on the client. The fingerprint may comprise various machine-determinable measures of system configuration for the client. Each application copy may be associated with a serial number. A license host may collect serial number, fingerprint and/or IP address information from clients on which the application is installed. The host may generate a map of application installations, including geographic locations of installations and number of unique serial numbers per client in specified regions.

Abstract: A method of verifying the identity of a dispensed pharmaceutical includes the steps of: reading identifying indicia on a pharmaceutical vial containing a dispensed pharmaceutical; determining the identity of a prescribed pharmaceutical called for by the identifying indicia; acquiring an image of the dispensed pharmaceutical through the vial; comparing the image of the dispensed pharmaceutical to data storage comprising image data associated with pharmaceuticals; acquiring spectral data for the dispensed pharmaceutical through the vial; comparing the spectral data of the dispensed pharmaceutical to data storage comprising spectral data associated with pharmaceuticals; and automatically determining whether the image and the spectral data of the dispensed pharmaceutical confirm that the dispensed pharmaceutical matches the prescribed pharmaceutical.

Abstract: A computerized method and system for managing security risk, where risk associated with a breach of security is analyzed and quantified according to weighted risk variables. The analysis is accomplished by a computerized security risk management system that receives information relating to physical, informational, communication and surveillance risk, and structures the information such that it can be related to risk variables and a security risk level can be calculated according to a relevance of associated risk variables. The security risk level can be indicative of a likelihood that a breach of security may occur relating to a particular transaction or facility. Similarly, a security confidence level can be indicative of how secure a particular facility or practice is and a security maintenance level can be indicative of a level of security that should be maintained in relation to an analyzed subject.

Abstract: Techniques are disclosed for sharing information in a wide variety of contexts. An information sharing system is described that allows both an explicit capture process and an implicit capture process to add information items to a staging area. Further, the information sharing system supports both implicit and explicit consumption of information items that are stored in said staging area. A rules engine is provided to allow users to create and register rules that customize the behavior of the capture processes, the consuming processes, and propagation processes that propagate information from the staging areas to designated destinations. Techniques are also described for achieving exactly-once handling of sequence of items, where the items are maintained in volatile memory. Techniques are also provided for recording DDL operations, and for asynchronously performing operations based on the previously-performed DDL operations.

Abstract: A printer system includes a printer and a printing consumable detachably mounted on the printer. The printer has a first integrated circuit which generates a random number, reference information using the random number and a secret key. The printing consumable has a second integrated circuit which generates validation information using the random number and the secret key received from the first integrated circuit. The printer also has processing circuitry configured for receiving the reference information from the first integrated circuit; receiving the validation information from the second integrated circuit; and comparing the reference information and validation information so as to validate the printing consumable device for use with the printer.

Abstract: Techniques are described regarding providing consumers with devices on which digital content appropriate for those consumers has been loaded, such as digital media player devices or other consumer devices that are able to play or otherwise present digital media loaded on those devices. In some situations, when a consumer orders such a digital media player or other consumer device from a merchant (or other distributor of the device), the merchant preloads a copy of the device with digital media content before delivering that device to the consumer or other specified recipient, such as digital media items that are automatically selected in a personalized manner for the recipient to whom the device will be sent. This abstract is provided to comply with rules requiring an abstract, and is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: Methods and systems are provided for a secured electronic communication in a network that includes a verification station, a registration station, and a authentication station. At the registration station, a request for a digital certificate is received from a user. The registration station instructs the verification station to forward to the user a message associated with the request. The message is compared against the user at the authentication station to determine whether the message properly identifies the user. A first signal indicating the result of the comparison is sent to the verification station. If the first signal indicates that the message properly identifies the user, a second signal is sent to the registration station. Based on the second signal, the registration system then generates a digital certificate.

Abstract: An apparatus and a computer-implemented method for protecting confidential knowledge in a software system design which includes a plurality of artifacts. The method includes the steps of calculating a correlation between the confidential knowledge and the software system design, acquiring inter-dependencies between the artifacts in the software system design, and determining protection mechanisms for the respective artifacts according to the correlation and the inter-dependencies. The system includes a correlation calculating section for calculating a correlation between the confidential knowledge and the software system design; an inter-dependency acquiring section for acquiring inter-dependencies between the artifacts in the software system design; and a mechanism designing section for determining protection mechanisms for the respective artifacts according to said correlation and said inter-dependencies.

Abstract: Methods and systems to assign an application and a video frame buffer to a protected memory domain to render an image of a keyboard from the protected memory domain to a random position of the video frame buffer and correlate user input from a pointing device to the rendered keyboard image. The keyboard image may be randomly repositioned following a user input. The keyboard image may be rendered over a secure user image. An acknowledgment image may be rendered from the protected memory domain to a random position of the video frame buffer, and may be randomly repositioned in response to a user input that does not correlate to the acknowledgment image. User inputs that do not correlate to a randomly positioned image may be counted, and one or more processes may be aborted when the number of non-correlated user inputs exceeds a threshold.

Abstract: A conflict or dispute between at least two parties is managed to reflect the cultural context of the parties. When the party is from a low context culture, conflict management assumes the party prefers to adopt a transactional viewpoint and to select from a set of possible resolutions. When the party is from a high context culture, dispute resolution assumes the party prefers to view the dispute as part of a relationship and to be advised as to appropriate actions. A system bridges between the cultural contexts of the parties by collecting and providing information in accordance with the preferred procedure of each party.

Abstract: An apparatus is provided for authentication of an item or a label by storing unique random serial numbers or codes in a remote secure storage that can be used to authenticate the item or the label, generating a pointer to each stored unique random serial number/code and storing the generated pointer(s) in a client data storage. During or prior to a production run of the item(s) or label(s): the generated pointer(s) are sent from the client data storage to one or more media devices, the generated pointer(s) are obtained from the media device using a post-content manager, the unique random serial number(s)/code(s) are obtained from the server via the post-content manager using the generated pointer(s), the obtained unique random serial number(s)/code(s) are sent to the media device, and the received unique random serial number(s)/code(s) are imprinted on the item(s) or the label(s) using the media device.

Abstract: The Secure Networked Data Shadowing System is connected to a plurality of monitored computer systems via an existing communication medium to store the shadowed data. The data is encrypted by the monitored computer system using a cryptokey, and the data file is processed using a hash function prior to encryption, so the contents of this file are uniquely identified. Thus, the encrypted file is stored in its encrypted form and the hash index is used to identify the encrypted file. A “data de-duplication” process avoids storing multiple copies of the same files by identifying instances of duplication via the hash index. Files that have the same hash index can be reduced to a single copy without any loss of data as long as the file structure information for each instance of the file is maintained.

Abstract: The present invention is directed to a system and method that allows a central election office to maintain control over actions taken on voting devices located at various polling locations. In an exemplary embodiment, a poll worker or other user contacts the central election office with a request to perform an action on a voting device. An election management system located at the central election office executes a hashing algorithm to generate a first hash code associated with the action. The central election office communicates the first hash code to the polling location, and the poll worker or other user inputs the first hash code into the voting device. The voting device executes the same hashing algorithm to generate a second hash code associated with the action, and compares the second hash code to the first hash code to verify the validity of the first hash code.

Abstract: There is provided a method of, computer programs for and apparatus for providing and accessing digital content such as a news item. A news provider generates a news item, creates a digitally signed version of the news item and packages them together with a digital certificate issued by a certificate authority containing the public key required to decrypt the digitally signed version. The package is posted to a server and is transmitted, or made available or transmission, over a public data network together with a computer program for verifying the news item. A receiving party receives, over the public data network, the package at a client device and is provided with means for launching, and if necessary first downloading, the verifying program. The verifying program uses the public key contained in the certificate to verify the digitally signed news item.

Abstract: Methods, apparatuses, and computer program products are provided for providing network-accessible patient health records. A method may include generating a patient health record document. The method may further include obtaining a set of one or more symmetric keys from a health record trust entity. The method may additionally include encrypting at least a portion of the patient health record document with the obtained set of symmetric keys. The method may also include causing the encrypted patient health record document to be published to a location on a network. The published encrypted patient health record document may have a resource identifier enabling the published encrypted patient health record document to be accessed over the network. Corresponding systems, apparatuses and computer program products are also provided.

Abstract: A client computing system inserts selected advertising into digital content. Ads may be inserted into content based on a dynamic advertising matching process that is securely implemented within a hardware-based root of trust. User profiles used in ad matching may be privacy protected and maintained with confidentiality protection in the client computing system and/or a service provider server, respectively. When a client computing system makes a request to the service provider server for content with specified ad slots, the request may be made with the client's EPID signature, which is inherently privacy protected. The hardware-based root of trust protects insertion of selected ads into the linear rendering flow of the content.

Abstract: A communications manager of an enterprise receives an add-conference request to host a conference by the enterprise from an organizer client, wherein the conference to enable an anonymous user that does not have enterprise credentials to join the conference. The communications manager sends an add-conference response to the organizer client indicating that the conference is organized.

Abstract: Embodiments of the invention provide a system for generating an Interactive Voice Response (IVR) database, the system comprising a processor and a memory coupled to the processor. The memory comprising a list of telephone numbers associated with one or more destinations implementing IVR menus, wherein the one or more destinations are grouped based on a plurality of categories of the IVR menus. Further the memory includes instructions executable by said processor for automatically communicating with the one of more destinations, and receiving at least one customization record from said at least one destination to store in the IVR database.