Abstract: Embodiments of systems and methods for the rules based distribution of managed content across heterogeneous storage distributed in a network environment are disclosed. In particular, certain embodiments may employ entity rules in association with a content management system. An entity rule may be a rule specifying a set of parameters and a destination secondary storage location. When the entity rule is evaluated by the content system, a set of content managed by the content management system responsive to the rule may be determined using the parameters of the rule. Responsive content can be determined, for example, by searching the content of the content management system based on the parameters. Responsive content may be moved from the primary storage location of the content management system to the secondary storage location specified by the entity rule.

Abstract: A software and/or hardware facility that can be used by content owners to assert ownership of content so that copyright friendly websites and services can take action against copyright piracy effectively, efficiently and is scalable is disclosed. The facility makes available to all content owners watermarking/fingerprinting technology so an identifier (e.g., a unique code) can be embedded in the content (e.g., video/audio portion of each video content asset). The facility utilizes blockchain technology to add information related to each unique identifier in a database and allows an authorized user (e.g., the owner) to update the information through a blockchain transaction.

Abstract: In embodiments, methods and systems for implementing source code extraction are provided. Source code extraction facilitates processing obfuscated byte code and extracting source code representations of original source code of applications. Source code extraction is implemented based on leveraging and monitoring an interpreter (e.g., a software interpreter running on a virtual machine) when portions of obfuscated byte code (i.e., obfuscated compiled version of source code) are loaded or executed using the interpreter. In operation, the obfuscated byte code is accessed at the interpreter. The interpreter, processing the obfuscated byte code, is monitored using a source code extraction manager that supports instrumentation instances associated with functions of the obfuscated byte code. Instruction sequences of functions that the interpreter is processing are recorded using the source code extraction manager.

Abstract: An image forming apparatus includes a reading device and a controller. The reading device reads an image of a source document, and generates image data. The controller receives an input of the image data generated by the reading device. Further, the controller decides that the source document is a chargeable item, when image information indicating that the source document is the chargeable item, for which charging a usage fee corresponding to the source document to a predetermined third party is permitted, is included in the image data.

Abstract: An embodiment of the present invention is directed to classifying attributes into respective PI/PG categories based on metadata. An embodiment of the present invention may classify each attribute into PII/Non-PII and then into various Protection group codes that define access, roles permissions, privileges and/or other action. An embodiment of the present invention may leverage various statistical techniques, natural language processing (NLP) methods and different combinations of algorithms customized to improve prediction accuracies of a classifier model.

Abstract: Systems and methods of generating a software module, including: receiving a cryptographic key identification (ID) and a cryptographic operation type from at least one executable program, generating a software module configured to perform the cryptographic operation with a cryptographic key, sending the software module to the at least one executable program, and performing the operation having the cryptographic operation type with the software module, wherein the software module is generated based on at least one of: a transformation of the cryptographic key corresponding to the received cryptographic key ID, and the received cryptographic operation.

Abstract: A method for managing keys and encrypting data is provided. The method includes receiving data to be written to a logical disk, generating an encryption table indicating one or more locations on the logical disk for storing the data and indicating a key used for encrypting the data, encrypting the data to be written to the logical disk, and transmitting the encrypted data and the encryption table to a storage array.

Abstract: A digital rights management system is provided that includes a receiving device for receiving an encryption key request from a client device, a first database for storing a set of supported security capabilities corresponding to client device, a second database for storing a set of required security capabilities corresponding to at least one of the encryption key and content associated with the encryption key, a content management system for establishing rules to determine the set of required security capabilities corresponding to content, and a processing device. The processing device may be configured to identify the set of supported security capabilities corresponding to the client device and identify the set of required security capabilities corresponding to the content associated with the encryption key. The content management system may be configured to configure the set of supported security capabilities and configure the set of required security capabilities.

Abstract: Methods and apparatus are described for enabling actionable content by embedding title materials corresponding to digital bearer instruments in digital media.

Abstract: A method and system are described for controlling access to online applications using memetic authenticators that are de-identified and passwordless. The method includes curating, issuing ownership, and registering memetic authenticators. The method involves assembling an authenticator package including a fingerprint hash value, matched pairs of user-selected memetic authenticator records, a timer, and encrypting the package using a cipher issued and uniquely-assigned by a service provider. Ciphers may be regenerated on each authentication event providing for episodic re-verification. Fingerprints assign ownership for memetic authenticators, with such associations stored on networked nodes of a distributed database. On authenticating, the client-supplied authenticator package is decrypted and compared to ownership records on an identity network for verification and granting or denying access.

Abstract: Provided herein are systems, methods and computer readable media for consumer monitor and tracking. An example method may include receiving client device ID and client device profile data, comparing client device ID and client device profile data to a plurality of known client device versions, generating an updated known client device version in an instance in which the client device ID correlates to at least one of the plurality of known client device versions and the client device profile data does not correlate to the at least one of the plurality of known client device versions and generating a new known client device version in an instance in which the client device ID does not correlate to at least one of the plurality of known client device versions.

Abstract: Content source and sink devices and methods help to guard against compromising security of content transferred from a source device to a sink device, for example where a primary encryption mechanism protecting the content has been compromised. A content source device is configured to connect to a content sink device to transmit digital media content to the content sink device. The content source device includes a connection module configured to establish a connection to the sink device, encrypt a digital media content for transmission across the connection with a first cipher using a connection key, and transmit the encrypted digital media content to the sink device over the connection. The content source also includes a protection module configured to prevent the sink device from using the digital media content without authorisation.

Abstract: According to one embodiment, a system receives, at a runtime library executed within a trusted execution environment (TEE) of a host system, a request from an application to invoke a predetermined function to perform a predefined operation. In response to the request, the system identifies a kernel object associated with the predetermined function. The system verifies an executable image of the kernel object using a public key corresponding to a private key that was used to sign the executable image of the kernel object. In response to successfully the system verifies the executable image of the kernel object, transmitting the verified executable image of the kernel object to a data processing (DP) accelerator over a bus to be executed by the DP accelerator to perform the predefined operation.

Abstract: A monitoring module interfaces with existing non-retrospective data storage systems, thus providing mechanisms for detecting and reporting changes in data values stored in such systems. The monitoring module acts as a change detection layer that can operate in connection with multiple disparate systems and/or locations, so as to provide users with a unified view into data stored in such systems. For example, a user can consult a single app, website, or software application, to view changes for data values stored in multiple disparate systems and/or locations; the app can be configured to automatically generate notifications and alerts to users, and can provide the ability to respond to such notifications and alerts, take actions, and/or dive deeper into underlying data.

Abstract: Nowadays much information pertaining to the user's life tends to be stored on their mobile device. Some of this information is considered strictly confidential by the user—not to be divulged to anybody else, not even to family members, co-workers or other intermittent borrowers of the user's device. Hence the significant user demand for an on-device Secure Vault for the placement of all such confidential content-files, with access to each such file individually-protected by a user-keyed access restriction method. This invention fulfils that demand.

Abstract: A method for encrypting plaintext data is enclosed that includes operations of receiving the plaintext data, the plaintext data including a plurality of data portions, encrypting each of the plurality of data portions using a specific key for each data portion, merging each of the plurality of data portions together to form a single data stream, generating a data map of the single data stream, appending the data map to the single data stream, and performing a master cipher to form an encrypted distributable stream. Operations of the encrypting include: an additive operation on each byte of the first data portion using the additive table, an XOR operation on each byte of the first data portion as modified by the additive operation, a substitution operation on each byte of the first data portion using the substitution table as modified by the XOR operation.

Abstract: Systems and methods are described for implementing a framework for testing on-demand code execution that is configured to be executed on coordinated devices. The testing framework allows the execution of tasks in a network based on-demand system. The resulting generation of an I/O file for accessing local resources can be intercepted and either processed via a handler process or transmitted to the local resource.

Abstract: A monitoring system includes sensors that monitor activity within a designated territory. The sensors include visual sensors that make video recordings. A local processing system located within or proximate to the designated territory receives signals from the sensors. The local processing system processes and analyzes the signals from the sensors to produce messages that describe activity within the designated territory as monitored by the sensors. The messages do not include audio, visual or other direct identifying information that directly reveal identity of persons within the designated territory. A monitoring station outside the designated territory receives the messages produced by the local processing system and makes the messages available to external observers.

Abstract: Systems and methods of the present disclosure enable for a delayed, two-factor authentication to occur in networked devices. The system and methods can enable the immediate delivery of digital components, which results in fewer abandoned requests, and saves network resources. The system and methods can enable the authorization of data transmissions in networked computer devices that include limited user interfaces, such as voice-based interfaces.

Abstract: A monitoring system includes sensors that monitor activity within a designated territory. The sensors including visual sensors that make video recordings. A local processing system located within or proximate to the designated territory receives signals from the sensors. The local processing system processes and analyzes the signals from the sensors to produce messages that describe activity within the designated territory as monitored by the sensors. The messages do not include audio, visual or other direct identifying information that directly reveal identity of persons within the designated territory. A monitoring station outside the designated territory receives the messages produced by the local processing system and makes the messages available to external observers.

Abstract: A system for operating system remediation intercepts input/output (I/O) requests to write to one or more files and stores, as file restore data, (i) a restore copy of the one or more files to the system cache prior to performing write operations of the I/O requests and (ii) identification information for one or more processes or entities making the corresponding I/O requests in the system cache. The system reverts to the restore copy of the one or more files using the file restore data and based at least on a later determination that one or more processes making the corresponding I/O requests was malware. A current version of the one or more files is thereby replaced with the restore copy of the one or more files with improved automatic remediation support and a greater likelihood that data can be restored from the cache in the case of malware attacks.

Abstract: A computer-implemented method of providing security for a software container, according to an example of the present disclosure includes, receiving a software container image with a software application and security agent that is separate from the software application. An execution entry point of the software container image that was previously configured to launch the software application has been modified to instead launch the security agent. The method includes receiving a request to instantiate the software container image as a software container, launching the security agent based on the request, authenticating the contents of the software container image, and controlling operation of the software application based on the authenticating.

Abstract: A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys. The first cryptographic keys are encrypted by second cryptographic keys. The first cryptographic keys and second cryptographic keys are redundantly stored in a data storage system to enable access of the data objects, such as to respond to requests to retrieve the data objects. The second cryptographic keys may be encrypted by third keys and redundantly stored in the event access to a second cryptographic key is lost.

Abstract: Systems, methods, and non-transitory computer readable media can detect an event relating to a copy of a content item. A determination can be made that the content item is associated with sensitive information. The copy of the content item can be modified.

Abstract: Systems, apparatus, and methods relating to a physical object that are associated with a virtual game world are described. Some embodiments of the physical object have an in-game value within the virtual game world. Software operating the virtual game world ascribes purchasing power or attributes having offensive, defensive, opportunity, or set values as their in-game values. Methods associated with the subject matter relate to relocating an asset of the game component from one asset storage area to another asset storage area. When relocated, an asset's authenticity is validated, retrieved from a first storage area, exchanged over a communications interface, or stored in a second asset storage area.

Abstract: The present invention relates to methods and systems for providing privacy enabled surveillance for a portion of a building with a building automation system. The building automation system comprises sensors communicatively coupled to a controller. The controller detects a number of persons based on information from a first set of sensors, authenticates the number of persons detected with the first set of sensors by comparing the information from the first set of sensors with registered information of the building automation system, determines a number of authenticated persons, detects the number of persons based on information from a second set of sensors for detecting physical parameters associated with the portion of the building, and activates a sensor for surveillance based on a difference between the number of authenticated persons in the portion of the building and the number of persons detected by the second set of sensors.

Abstract: A dynamic code extraction-based automatic anti-analysis evasion and code logic analysis apparatus, includes: a recognition module that extracts a DEX file and a SO file by unpacking an execution code of an application and recognizes an analysis avoidance technique by comparing a signature which is included in the extracted DEX file and SO file; a instrumentation module that extracts a code to be analyzed from a byte code configuring the DEX file and a native code configuring the SO file, compares the extracted code with the data stored in a database, and outputs a code excluding an anti-analysis technique as a log file; and a deobfuscation module that deobfuscates an obfuscated code which is included in the APK on the basis of the output log file and generates an APK file in which an obfuscation technique is released on the basis of the deobfuscated code.

Abstract: An apparatus, for information processing, is configured to execute an embedding process that includes finding equipment based on equipment information described as an attribute of an input field of a form screen and dynamically embedding an equipment control module corresponding to the equipment, execute a data acquisition process that includes acquiring data from the equipment by using the equipment control module as input data to the input field of the form screen, and execute an information output process that includes associating the data acquired from the equipment with an input field descriptor to identify the input field and storing the data in a first storage area and a second storage area, wherein the first storage area is a storage area in which editing of stored data is possible and the second storage area is a storage area in which editing of stored data is prohibited.

Abstract: Embodiments of systems and methods for the rules based distribution of managed content across heterogeneous storage distributed in a network environment are disclosed. In particular, certain embodiments may employ entity rules in association with a content management system. An entity rule may be a rule specifying a set of parameters and a destination secondary storage location. When the entity rule is evaluated by the content system, a set of content managed by the content management system responsive to the rule may be determined using the parameters of the rule. Responsive content can be determined, for example, by searching the content of the content management system based on the parameters. Responsive content may be moved from the primary storage location of the content management system to the secondary storage location specified by the entity rule.

Abstract: There is provided mechanisms for service interruption reporting of a multicast bearer for group communications. A method is performed by a client node. The method comprises obtaining instruction from a control node of the multicast bearer, where the instruction instructs whether or not the client node is to report service interruption of the multicast bearer. The method comprises detecting service interruption of the multicast bearer. The method comprises selectively reporting the service interruption to the control node in accordance with the instruction.

Abstract: Computationally implemented methods and systems include acquiring a device-based encrypted image that is an image that has previously been encrypted through use of a particular device code associated with an image capture device configured to capture the image, wherein the image includes a representation of a feature of an entity, decrypting the device-based encrypted image in response to an indication that the image has been approved for decryption, and creating a client-based encrypted image through encryption of the decrypted image through use of a particular client code that is associated with a client that is linked to the image capture device configured to capture the image. In addition to the foregoing, other aspects are described in the claims, drawings, and text.

Abstract: In an embodiment, an information processing apparatus is connected to external apparatuses. The information processing apparatus includes: a device key storage unit configured to store a device key; a shared key storage unit configured to store one or more shared keys shared by the external apparatuses; a key generating unit configured to generate a media key from the device key and media key blocks; and an updating unit configured to generate the shared keys as generated shared keys, which is updated, based upon the media key and the shared keys stored in the shared key storage unit, and to store the generated shared keys into the shared key storage unit.

Abstract: A license manager includes a processor and non-transitory computer readable media having encoded thereon a set of instructions executable by the at least one processor to receive a request, from a virtual machine, to reserve an individual license of the set of authorized licenses for a vendor software instance, determine the availability licenses for the requested vendor software, register a unique identifier of the virtual machine in association with an available individual license, grant the individual license to the virtual machine, and prevent the granted individual license from concurrent use by other virtual machines or devices.

Abstract: An apparatus for privacy management may include a processor. The processor may be configured to access one or more privacy options. In this regard, each privacy option may be configured to provide members of one or more groups access to content. The processor may also be configured to provide for selection of a privacy option in association with the content. Associated methods and computer program products may also be provided.

Abstract: A system and method for uniquely identifying physical trading cards and/or incorporating trading card game items in a video game is provided. In certain implementations, a unique code that identifies a trading card may be obtained. A graphical representation of the unique code may be generated based on a graphical coding scheme. The graphical representation of the unique code may comprise at least a part of: (1) a depiction of a game item that is usable in the video game; or (2) a border of the trading card. Content associated with the depiction of the game item may be obtained. The trading card may be generated based on the content associated with the depiction of the game item and the graphical representation of the unique code such that the generated trading card depicts the game item and the graphical representation of the unique code.

Abstract: Systems and methods for obfuscating a circuit design are described. One of the methods includes receiving the circuit design from a user computing device. The circuit design includes a plurality of circuit components. The method further includes obfuscating each of the circuit components by transforming layout features associated with the circuit design into a generic layout feature representation. The generic layout feature representation excludes scaled representations of the layout features. The method also includes generating a visual representation of the obfuscated designs. Each of the obfuscated designs has an input port and an output port. The method further includes enabling placement of the obfuscated designs and routing between the input ports and the output ports of the obfuscated designs. The method includes generating an obfuscated integrated circuit design having a master input port, a master output port, the obfuscated designs, and the routing between the obfuscated designs.

Abstract: Embodiments are directed to a sender side of a network communication, being sent from a sender to a destination over a network path, expressing certain conditions and actions in a form of a script and encoding the script into network packets, thus enabling routing decisions to be made. Routing devices along the network path are equipped with an execution environment and an application program interface (API) to allow the script to execute and intervene (i.e., “talk” with the routing device) in the routing process. Embodiments provided herein may be implemented to coexist with other existing routing protocols or may completely replace other existing routing protocols.

Abstract: A number of licenses for play of a video game may be modified or adjusted based on in-game activities of the video game. The in-game activities may be activities of game characters controlled by game players.

Abstract: The present disclosure provides computing systems and techniques for providing a certificate to sue to securely connect to a server. More particularly, the present disclosure provides a computing device certificate rotation server arranged to provide certificates to the computing device for use by an application executing on the computing device to securely connect to a server.

Abstract: Data reproduction is performed in a mode decided on the basis of disc type information which is record data of a disc. A reading rate compatible with a physical format of a disc is compared with a reading rate compatible with a disc type, and in a case where the reading rates do not coincide with each other, data read from the disc at the physical format compatible rate is stored in the buffer, and the reproduction process is performed using the data output from the buffer at the disc type compatible rate. In a case where the physical format is BD-R or BD-RE, and the logical format is a logical format compatible with BDMV-UHD, the emulation mode reproduction accompanied with the rate conversion using the buffer is performed.

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content.

Abstract: A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.

Abstract: Systems and methods are described herein for providing content for consumption on a mobile device by temporarily licensing the content to the mobile device while the mobile device is travelling between two locations having media devices licensed to provide the content for consumption, or while temporarily outside a location having a media device licensed to provide the content for consumption. Upon detecting that the mobile device is leaving a location at which the content is being provided it is determined whether the mobile device is within a threshold distance of the location, or if the content is licensed to be provided for consumption by a media device at an identified destination. The content is temporarily licensed for consumption on the mobile device to allow the mobile device to provide the content for consumption while outside the first location or while travelling to the second location.

Abstract: A system and method to control access to data are disclosed. A command to mount a specified file system as a trusted file system is received. Whether the specified file system is marked as a trustable file system is determined, where marking as a trustable file system based on verifying integrity protection for the specified file system. The specified file system is mounted as a trusted file system based on determining that the specified file system is marked as a trustable file system. A command to access data on the specified file system is received. A determination is made as to whether the specified file system was mounted with a specification to be a trusted file system. Access to the data is permitted or denied based on determining that the mounting specified mounting as a trusted file system.

Abstract: A communication device comprising: a tag reader (202) configured to: —read an identification tag signal (204) comprising an identification indication of a target communication device (105), a discovery module (206) configured to: —send a discovery request (210) to a registration service infrastructure (205), comprising the identification indication, —receive a discovery response (211) from the registration service infrastructure (205), comprising network location information of the target communication device (105), a session control module (207) configured to: —send a shift request (209) to a home communication node (107) for shifting a communication session from the initial communication device to the target communication device (105), wherein the home communication node (107) handles all communication sessions with the initial communication device, the shift request (209) comprising the network location information of the target communication device (105), —terminate the communication session with the remo

Abstract: Encrypted SFTP file transfers and other encrypted file transfers may be audited and what files can be transferred may be controlled at a firewall or other gateway. Transferred files may be subjected to data loss prevention analysis and/or virus checks.

Abstract: In an approach to encryption key management, a computing device, responsive to a key storage condition, stores, in a cache memory, a first e/d key. The computing device receives a request to read a first file. The computing device, responsive to the request, accesses the first file, with the accessing of the first file including: accessing, from the cache memory, the first e/d key, decrypting the first file using the first e/d key and a second e/d key, and accessing the decrypted version of the first file.

Abstract: In embodiments, methods and systems for implementing source code extraction are provided. Source code extraction facilitates processing obfuscated byte code and extracting source code representations of original source code of applications. Source code extraction is implemented based on leveraging and monitoring an interpreter (e.g., a software interpreter running on a virtual machine) when portions of obfuscated byte code (i.e., obfuscated compiled version of source code) are loaded or executed using the interpreter. In operation, the obfuscated byte code is accessed at the interpreter. The interpreter, processing the obfuscated byte code, is monitored using a source code extraction manager that supports instrumentation instances associated with functions of the obfuscated byte code. Instruction sequences of functions that the interpreter is processing are recorded using the source code extraction manager.

Abstract: A method of displaying, buying, and trading electronic trading cards on a computer or handheld electronic device by running an electronic trading card application on the computer or handheld device that communicates via the internet with at least one remote server containing a registry of all electronic trading cards. The electronic trading card application running on the computer or handheld device transmits a transaction request to the at least one remote server to execute a purchase or trade between two users of one or more electronic trading cards. The electronic trading card application further displays various components of an electronic trading card based upon user inputs.

Abstract: There is provided mechanisms for service interruption reporting of a multicast bearer for group communications. A method is performed by a client node. The method comprises obtaining instruction from a control node of the multicast bearer, where the instruction instructs whether or not the client node is to report service interruption of the multicast bearer. The method comprises detecting service interruption of the multicast bearer. The method comprises selectively reporting the service interruption to the control node in accordance with the instruction.