Abstract: Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom.

Abstract: A display method and apparatus, an electronic device, and a non-transitory computer-readable medium are provided. The display method includes: in the case that a graphic code is displayed in a first display region, receiving a first input; in response to the first input, intercepting a target portion of the graphic code, the size of the target portion of the graphic code matching the size of a second display region, and the second display region being located in a side edge screen of the electronic device; and displaying the target portion of the graphic code in the second display region.

Abstract: An information processing apparatus includes a processor configured to receive, from a user, entry of an access right granting request to grant another user a right to access data included in managed data; where the other user is an unregistered user who hasn't been registered yet in a database, receive entry of information on the other user, receive entry of approval of the other user by an administrator who manages the managed data, register the other user in the database on a basis of the approval, and permit the other user to access the data, and in a case where the other user has been already registered in the database on a basis of past approval by the administrator, permit the other user to access the data without entry of the approval by the administrator received after the receipt of the entry of the access right granting request.

Abstract: A system for managing a financial account in a low cash mode. The system may include a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include providing an interface; providing a notification to a user when a balance in the first account is deemed to be in low cash mode; presenting, when the first account balance is deemed to be in low cash mode, an option for a transfer request; receiving, a selection of the option for the transfer request to connect the first account with a second account; transferring funds from the second account to the first account; notifying the user that funds have been transferred from the second account to the first account; and further notifying the user that the balance in the first account is greater than the threshold value.

Abstract: A system and method for concealing information associated with a physical mail package. A standardized schema defining a set of roles is maintained. A public-private key pair is generated for each role. A dataset corresponding to the package is received, including data elements associated with the roles. Data access locations are assigned to each data element and encrypted using the public keys of the corresponding roles. machine-readable codes are generated for each encrypted access location and printed on the package. User devices associated with the roles can scan the codes and use the private keys to decrypt the access locations and obtain the data elements for their respective roles.

Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to initiate a management session between a voice application service and a management service based on receiving a first request from the voice application service. The program instructions can cause the computing device to initiate an application session between a voice-driven application and the management service based at least in part on a second request received from the voice application service. The program instructions can cause the computing device to enforce a compliance policy on a data request for the voice-driven application. The data response can be transmitted to the voice application. The voice application service can provide the data response to the client device for playback.

Abstract: Techniques for controlling access to a software application according to at least one software license agreement using a client computer and a server computer are presented. The client computer is configured to detect an initiation of the software application, suspend an execution process of the software application, determine that the software application is subject to a plurality of software license entitlement criteria defined by the at least one software license agreement, and request from the server computer a license for a usage of the software application on the client computer. The server computer is configured to determine that the usage of the software application on the client computer satisfies the plurality of software license entitlement criteria, and provide to the client computer a license for the usage of the software application on the client computer. The client computer is configured to resume the initiation of the software application.

Abstract: An acceptance hash code is disclosed herein. An acceptance hash code is a value generated by a device using a hash function. The acceptance hash code itself may represent a legally enforceable document. The acceptance hash code may be structured in a manner such that a device operated by a user can transmit a legally enforceable document over a network using a smaller file size than is possible with conventional secure transaction techniques. In addition, the manner in which the acceptance hash code is generated allows a receiving device to verify that the document elements of the document are as expected and to verify an identity of a user that allegedly executed the document. Thus, even if a malicious user attempts to alter document elements or perform other fraudulent activity, the receiving device can use the acceptance hash code to identify such activity and prevent a transaction from being completed.

Abstract: Disclosed herein are systems and methods for the presentation and marking of media modules. In different aspects, the systems and methods may allow a user to present and consume a media module, particularly a media module containing data that is typically presented in a serial manner such as audio, visual, or video media, and to create a marked media module for quickly and easily returning to a marked point of interest in the media module at a later time or on a different device.

Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.

Abstract: A distributed ledger is maintained in accordance with an enterprise. The distributed ledger includes a plurality of nodes such that one or more entities internal to the enterprise and one or more entities external to the enterprise each have access to at least one of the plurality of nodes. Electronic agreements (for example, product/service licenses) between at least a portion of the one or more entities internal to the enterprise and at least a portion of the one or more entities external to the enterprise are managed in association with the distributed ledger. Management includes generating and recording transactions associated with the electronic agreements on the distributed ledger to enable the one or more entities internal to the enterprise and the one or more entities external to the enterprise permissioned access to one or more of the recorded transactions.

Abstract: In one embodiment, a device classification service classifies a device in a network as being of a first device type. The service applies a first network policy that has an associated expiration timer to the device, based on its classification as being of the first device type. The service determines whether the device was reclassified as being of a different device type than that of the first device type before expiration of the expiration timer associated with the first network policy. The service applies a second network policy to the device, when the service determines that the device has not been reclassified as being of a different device type before expiration of the expiration timer associated with the first network policy.

Abstract: A secure storage for an X.509v3 digital certificate is provided (301, 302). Ports of a first and second apparatus (101, 102) are mutually authenticated (303) by using 802.1X based authentication and 802.1AR certificates. Traffic types are divided (304, 305) by an operator-configurable selector function into user plane, control plane, synchronization plane, and management plane traffic types. For Ethernet transport a virtual port is created for each traffic type, and a different MACsec secure connectivity association is created for each virtual port. For Ethernet transport an operator-programmable security policy is maintained for each traffic type. For IP transport an IPsec security association is created for each traffic type, and an operator-programmable security policy is maintained for each security association. For IP transport, TLS support may be enabled for compatibility with network management traffic. A port is repeatedly re-authenticated by an operator-definable timer value.

Abstract: Persistent profile identifiers can be produced to identify clusters of devices accessing a network in different time periods. In one embodiment, an apparatus uses a first identifier from a first group of identifiers to identify a first cluster of devices and uses a second identifier from a second group of identifiers to identify a second cluster of devices. Further, the apparatus determines that the first cluster of devices identified by the first identifier and the second cluster of devices identified by the second identifier form an edge in a maximum cluster matching. The apparatus provides the first identifier as a persistent identifier for the first cluster of devices and the second cluster of devices.

Abstract: An information provision method includes accumulating, in a first database, a first identifier identifying each of one or more service providers, and first device information indicating an electrical device to be designated by each of the one or more service providers in association with each other; accumulating, in a second database, a second identifier identifying each of one or more users, and second device information indicating an electrical device to be used by the one or more users in association with each other; extracting a service provider associated with the first device information when the second device information is updated by addition of a new electrical device to be used by one of the one or more users, and when the new electrical device is included in the electrical devices indicated by the first device information.

Abstract: A method for automatically attaching a purpose-built electronic device to a provider network includes steps of discovering, by a Wi-Fi module of the purpose-built electronic device, a wireless data network in operable communication with the provider network selecting, by the Wi-Fi module, the wireless data network, transmitting a primary authentication certificate from the Wi-Fi module to an authentication, authorization, and accounting server of the provider network, receiving, by an application server of the provider network, a secondary authentication certificate from a functionality module of the purpose-built electronic device authenticating, by the provider network, the primary and secondary authentication certificates, and attaching the purpose-built device to the provider network.

Abstract: The disclosed computer-implemented method for generating device-specific security policies for applications may include (1) installing, onto a computing device, an application requested by the computing device, (2) while the application is running on the computing device, monitoring interactions between the application and a computing environment in which the computing device operates to identify (A) computing resources within the computing environment required by the application and (B) potential security concerns related to the application within the computing environment, and then (3) generating, based on the monitored interactions, a set of device-specific security policies to enforce for the application while the application runs on the computing device that allow the application to access the required computing resources while mitigating the potential security concerns. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In some examples, a configurator device maps a configuration attribute received from a wireless device to a credential attribute, the credential attribute to be mapped to a network policy. The configurator device sends the credential attribute to the wireless device, the credential attribute useable by the wireless device to access an access point (AP), and useable by the AP to obtain the network policy to apply to a communication of the wireless device.

Abstract: An apparatus and method of managing a licensable item includes accessing a licensing policy related to managing a licensable item, and a license agent making a determination to act to enforce the licensing policy or to first communicate with a server before acting to enforce the licensing policy. Further, the apparatus and method include enforcing the licensing policy in accordance with the determination to act to enforce the licensing policy or to first communicate with a server before acting.

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

Abstract: An image forming apparatus includes a first image forming unit configured to form an image with a decolorable material, a second image forming unit configured to form an image with a non-decolorable material, an RFID processor configured to write data in an RFID tag, a memory unit for storing a table indicating one or more attributes associated with the decolorable material and one or more attributes associated with the non-decolorable material, and a controller configured to control the first image forming unit to carry out image forming on a medium including the RFID tag for information of which attribute is associated with the decolorable material in the table, and control the second image forming unit to carry out image forming on the medium for information of which attribute is associated with the non-decolorable material in the table.

Abstract: The present invention provides for a method and apparatus for distributing digital information, such as software applications, to application users. By providing the digital information on unused memory space of a computer system, and providing a process for authorizing access to the information, the information can be efficiently and cost effectively transferred to users. Traditional inventory and distribution channel difficulties are avoided.

Abstract: In a method for reproducing an original copy of a work of authorship, processing information received from a data input device relating to authentication of the original copy of the work of authorship, identifying information in a database corresponding to the information received from the data input device, determining whether an authorization for reproduction of the work of authorship should be granted, and if authorization is granted, reproducing the work of authorship.

Abstract: A system and method for secure authentication performed on a mobile communication device. The method includes an authentication application carrying out the steps of: receiving a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application; receiving an encrypted transaction from a remote secure server; decrypting or obtaining decryption of the transaction with a private key of the authentication application; signing or obtaining signing of the transaction with the private key; signing the transaction with the unique identifier; and transmitting the signed transaction back to the remote secure server.

Abstract: Systems, methods, and devices for inter-network service selection are described herein. Through the use of one or more of device identifiers and device classes, information including a randomization metric can be transmitted to networked devices indicating which devices and/or device classes are permitted or denied to access a given network service. Equipment seeking access may alter the selection based on this information. Equipment providing access may enforce access request based on this information. As an example, selection between eHRPD and LTE may be load balanced based on device class or identifiers.

Abstract: A method includes receiving first information at a remote computer system during a first user-initiated communication session for a user station not previously identified to the remote computer system, sending second information that is a function of and different from the first information to the user station over the communications network during the first user-initiated communication session stored automatically at the user station, storing third information based on the first information at a location remote from the user station, receiving the second information over the communications network during a subsequent and separate user-initiated communication session automatically from the user station, retrieving the stored third information using the received second information, during the subsequent and separate communication session and using the retrieved third information for interaction with the remote computer system during the subsequent and separate communication session.

Abstract: A method includes receiving the second information at the remote computer system during a second user initiated communication session from the user station automatically, wherein the user station triggers automatically sending the second information to the remote computer system, retrieving the previously stored third information at the remote computer system and matching at least a portion of the received second information with the stored third information.

Abstract: A storage section stores therein one or more sets of music content and/or function executing programs, at least a part of the sets of music content and/or function executing programs being set in a non-usable state at least in an initial state. An audio signal containing additional information is received from an external electronic audio apparatus, and a determination is made as to whether the additional information satisfies a predetermined condition. If the additional information satisfies the predetermined condition, any of the sets of music content and/or function executing programs, stored in the storage section, that is currently set in the non-usable state is updated to a usable state. A model of the external electronic audio apparatus is identified, and any of the sets of music content and/or function executing programs that corresponds to the identified model is updated to the usable state.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for creating, exporting, viewing and testing, and importing custom applications in a multitenant database environment. These mechanisms and methods can enable embodiments to provide a vehicle for sharing applications across organizational boundaries. The ability to share applications across organizational boundaries can enable tenants in a multi-tenant database system, for example, to easily and efficiently import and export, and thus share, applications with other tenants in the multi-tenant environment.

Abstract: Technologies for establishing and managing a connection with a power line communication network include establishing a communication connection between an electronic device and a security server. A default device encryption key associated with the electronic device is changed to correspond with a new device encryption key of the security server. Thereafter, the electronic device may only join a power line communication network of a particular security server using a network membership key, which is encrypted with the device encryption key that the particular security server associates to the electronic device. The electronic device contains a circuit interrupt to interrupt a circuit of the electronic device if the electronic device is not able to successfully decrypt the network membership key.

Abstract: One or more techniques and/or systems are disclosed for matching a client device with an appropriate network service provider data package. A device ID for the client device can be decomposed to one or more device ID ranges in a device decomposition set. One or more ranges of client ID can be assigned to a network service provider data package, which can be decomposed into a set of package decomposition ranges in a package decompositions set. The device decomposition set can be compared to the package decomposition set, and if an intersection is identified between the sets, the network service provider data package can be provided to the client device.

Abstract: The present disclosure discloses a method, a system and a computer program product for secure data communication between a user device and a server. User credentials, a device id and a first hash are received at server from a user device. The first hash is generated using the user credentials. At server, a second hash is computed using the user credentials stored in the database of the server. The first hash is verified with the second hash. Once verified, an encryption key and a sequence number corresponding to the user credentials and device id are generated. The encryption key and the sequence number are encrypted using a pre-defined key and one or more user credentials. The encrypted encryption key and the sequence number are sent to the user device to encrypt data.

Abstract: Systems and methods are provided for computing a secret shared with a portable electronic device and service entity. The service entity has a public key G and a private key g. A message comprising the public key G is broadcast to the portable electronic device. A public key B of the portable electronic device is obtained from a manufacturing server and used together with the private key g to compute the shared secret. The portable electronic device receives the broadcast message and computes the shared secret as a function of the public key G and the portable electronic device's private key b. The shared secret can be used to establish a trusted relationship between the portable electronic device and the service entity, to activate a service on the portable electronic device, and to generate certificates.

Abstract: Various embodiments include an apparatus, system, and method to control the distribution and usage of copyrighted digital content. The processing of a data file received over a communications network such as the Internet occurs both in a host digital appliance, such as a personal computer, notebook computer, audio player, video player, and the like, and in a very small digital rights management (DRM) module that is removably connected with the host. The processing makes it extremely difficult for the content of the data file to be obtained by an unauthorized person and/or utilized with an unauthorized DRM module.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: Systems and methods of theft prevention of communication devices are provided. In one embodiment, the method may include, for example, one or more of the following: registering a communication device being used at a home, where the device is connected to a communication network; entering validation information relating to the communication device; and analyzing the validation information to determine whether the communication device is authorized for use in the communication network.

Abstract: Software activation and revalidation.

Abstract: Methods and systems for identification of objects using a laser. Data for an application including transactional data associated with a user is accessed from a computerized database in a system. Systems and methods operate to select objects from an electronic display. In an example, these systems and methods operate to select objects from an electronic display using a handheld laser identification device. In an example, an electronic display is in communication with a database that updates the display of objects displayed on the electronic display.

Abstract: An information processing device includes: a local memory unit storing data including encrypted content; a memory storing data including key information to be used in a process of reproducing the encrypted content; and a data processing unit selectively reproducing encrypted content stored in a disk or the local memory unit, wherein the data processing unit reads a medium ID from the disk when the content to be reproduced is stored in the disk and reads a medium ID from the memory when the content to be reproduced is stored in the local memory unit.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enrolling a user in a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, receive user information associated with a user, the user information enabling identification of the user, associate the device identification information with the user information, and create a record based on the device identification information and the user information.

Abstract: A system and method of encrypting digital content in a digital container and securely locking the encrypted content to a particular user and/or computer or other computing device is provided. The system uses a token-based authentication and authorization procedure and involves the use of an authentication/authorization server. This system provides a high level of encryption security equivalent to that provided by public key/asymmetric cryptography without the complexity and expense of the associated PKI infrastructure. The system enjoys the simplicity and ease of use of single key/symmetric cryptography without the risk inherent in passing unsecured hidden keys. The secured digital container when locked to a user or user's device may not open or permit access to the contents if the digital container is transferred to another user's device. The digital container provides a secure technique of distributing electronic content such as videos, text, data, photos, financial data, sales solicitations, or the like.

Abstract: Described herein are methods and systems for using unique identifiers to identify systems in collaborative interaction in a mesh network. For example, in at least certain embodiments, upon initiation of a collaborative application each system can broadcast packets that include a unique hash identifier for each system to other systems in the mesh network. Each system then can determine when the system has received packets that include the unique hash identifiers from all systems. Then, each system can sort the unique hash identifiers to identify each system.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles.

Abstract: An optimized server for streamed applications provides a streamed application server optimized to provide efficient delivery of streamed applications to client systems across a computer network such as the Internet. The server persistently stores streamed application program sets that contain streamed application file pages. Client systems request streamed application file pages from the server using a unique set of numbers common among all servers that store the particular streamed application file pages. A license server offloads the streamed application server by performing client access privilege validations. Commonly accessed streamed application file pages are stored in a cache on the streamed application server which attempts to retrieve requested streamed application file pages from the cache before retrieving them from persistent storage. Requested streamed application file pages are compressed before being sent to a client as well as those stored in the cache.

Abstract: A system is configured to provide access between a plurality of terminals and a plurality of different conditional access systems (CASs) associated with the terminals. The system includes a CAS switcher configured to receive requests from the plurality of terminals and, for each of the requests, identifies and sends the requests to a corresponding CAS. The CAS switcher also receives messages from the CASs responsive to the requests and, for each of the messages, identifies and sends the message to a corresponding terminal.

Abstract: A network management system is described for assuring that a network device complies with a device-specific configuration policy. One example of the network management system contains one or more business rules that describe a business policy regarding a computer network in a network-independent form. In general, the business rules refer to high-level business requirements and not to device-specific configuration information. The network management system uses the business rule to determine which business policies are currently in force. In addition, the network management system contains one or more network design rules that describe relationship between the business policy and one or more device-specific configuration policies. The network management server uses the network design rules to determine whether to deploy a device-specific configuration policies.

Abstract: Embodiments related to systems and methods comprising receiving payment data at an access device; receiving an identifier for a phone at the access device; and generating and sending an authorization request message to a payment processing network, wherein the payment processing network generates a verification token, which is then sent to the phone whereby the phone is thereafter used to conduct payment transactions.

Abstract: A method and apparatus for updating firmware of terminals in a mobile broadcast system including a Broadcast Service Distribution/Adaptation fragment (BSDA) and a Broadcast service Subscription Management (BSM). The method includes requesting creation of a content fragment, by the BSM, by transmitting a firmware package file for a firmware update of the terminals to the BSDA; creating a content fragment including the firmware package file and broadcasting the created content fragment to the terminals by the BSDA; detecting the firmware package file from the received content fragment; and performing the firmware update using the firmware package file.

Abstract: Executable applications on a gaming machine are verified before they can be executed, for security purposes and to comply with jurisdictional requirements. Unlike in prior systems for authenticating the executable applications, embodiments allow for new executable applications to be provided and verified over time with different private and public key pairs, even after the operating code of the gaming machine is certified by the jurisdiction and deployed in the field.