Abstract: At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.

Abstract: An application server (204, 300), a first user equipment, UE, (200, 400), a second UE (206, 500) and corresponding methods for use in an Internet protocol multimedia subsystem, IMS, and for streaming media content between the first UE and the second UE using the Rich Communications Services, RCS, standard. The first UE transmits media content to an application server (204, 300) as an RCS file transfer. The application server receives the media content from the first UE as an RCS file transfer and stores the media content in a memory (306). The first UE compiles a message comprising a media content identifier and transmits the compiled message to the second UE using an RCS text based communication. The second UE receives the RCS text based communication from the first UE and transmits a request for the media content to the application server.

Abstract: A method for protecting a computer program product, the computer program product being configured for operation in an operating environment (e.g., a virtual operating environment), includes: detecting at least one operating parameter of the operating environment in which the computer program product is executed, the at least one operating parameter having been defined outside of the operating environment; comparing the detected at least one operating parameter to a comparison value stored for each operating parameter; and outputting a warning signal if a plurality of comparison results exceeds a predetermined threshold value, wherein the comparison results indicate an execution of the computer program product in a different operating environment.

Abstract: A system and method for processing content access rights and/or entitlement rights are disclosed. A method, in one aspect, provides for receiving a selection of a content option, requesting access information associated with the selected content option, receiving access information comprising location information relating to a compatible format, requesting access rights from a first service associated with the location information, wherein the first service requests an access decision relating to the selected content option from a second service based upon the access rights, and receiving the access rights.

Abstract: Methods and systems for license management using a basic input/output system (BIOS) may involve performing license activation, monitoring, and enforcement. The BIOS may store license information to manage licenses for hardware and/or software components of an information handling system. License management by the BIOS may include monitoring a system clock of the information handling system for changes to avoid tampering with license durations.

Abstract: In one example, a device directory server may maintain a digital rights management list for a user device belonging to a device group associated with a user. The device directory server may maintain a primary digital rights management list associating a user device with a primary online account for a user having a content license for a digital content item. The device director server may receive a status update indicating the user device is still in use by the user if sent by the user device. The device directory server may determine whether a status update has been received from the user device. The device directory server may deactivate the user device on the primary digital rights management list when no status update has been received within a pruning period for the user device to be associated with the primary online account.

Abstract: A disclosed example method involves obtaining a third-party device identifier or user identifier corresponding to a client device; obtaining an opt-out flag indicative of whether a user of the client device has elected not to participate in third-party tracking corresponding to online activities; sending the third-party device identifier or user identifier, the opt-out flag, and a media identifier to an audience measurement entity, the media identifier corresponding to media accessed via the Internet; and receiving, from the audience measurement entity, an impression report corresponding to the media.

Abstract: A method includes a unified extensible firmware interface of a compute node identifying an option ROM or an OS boot loader within the compute node, wherein the option ROM or OS boot loader stores a signed image that can be verified using a required digital certificate. The method further includes determining that the unified extensible firmware interface does not store the required digital certificate in a revocation database or in an authorization database. Still further, the method includes automatically identifying the required digital certificate in a database of digital certificates other than the revocation database or the authorization database, and providing the required digital certificate to the authorization database.

Abstract: A server complex (102) includes an interface portal (116). The server complex exposes (401) a generic resource locator (402) pointing to the media content in a generic format at the interface portal. The server complex receives requests for media content (101) from at least a first client device (601) to receive the media content in a first format (603) and at least a second client device (602) to receive the media content in a second format (604). The server complex determines (405), from a header (407) of the request, whether the request is from the first client device or the second client device, generates (409) a response message (108) comprising a manifest file (109) comprising a device specific resource locator (410) pointing to the media content cached (412) in one of the first format or the second format, and transmits (411) the response message to the requesting client.

Abstract: Various embodiments of systems and methods for generating mnemonics are described herein. In an aspect, the method includes receiving a trigger for a mnemonic. Upon receiving the trigger, a menu including options for creating the mnemonic is displayed. A selection of an option from the menu is received for creating the mnemonic. Based upon the selection of the option, one or more pop-up windows for creating the mnemonic is rendered.

Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Abstract: A software package retention system that uses pre-defined rules to retain software packages based on how the packages are used, and not merely based on a package's date/time of creation (age) or type. A retention policy server in the system integrates with the build, deployments, and artifact storage systems of a software supplier/vendor to ensure appropriate retentions are met for audit and regulatory compliance and unneeded artifacts or packages are purged to save storage space and lower operational costs. The server has the capability to monitor software deployments to the customer and to developer test environments, and to make rule-based decisions on when and how to run retention policy clean-up jobs and on what packages. With increasing reliance on frequent build and release of software packages across the software industry, package management post-release using the rule-based retention policy provides an efficient and cost-effective solution for legal compliance with retention requirements.

Abstract: Embodiments of the present invention provide systems, methods, and computer storage media directed to providing unified digital rights management (DRM) across heterogeneous computing platforms. In embodiments, a unified DRM engine executed on a computing platform validates one or more constraints defined by a first content license associated with consumption of encrypted content. In response to successful validation, the unified DRM engine, in some embodiments, utilizes a second content license that is associated with the computing platform to enable a native DRM engine of the computing platform to decrypt the encrypted content. Other embodiments may be described and/or claimed.

Abstract: Described herein are various technologies pertaining to delivery of token-authenticated encrypted data. Content descriptor(s) (e.g., playlist(s)) can be modified to facilitate exchange of a token for a decryption key for browser(s) that do not provide logic to manage a flow of the token.

Abstract: Methods and systems are described for binding a data transaction to a person's identity using biometrics. The method comprises the generation of data which includes information associated with a transaction, or an encrypted transaction, between a server and a client device associated with a user, generating authentication data providing an irrevocable binding of the information to biometric characteristics of the user, by capturing biometric input by the user of said authentication data or information associated with the transaction, wherein this information is implanted into the captured data. A predetermined minimum number of quorum portions may be generated from a portion of the data generated or processed by the method, wherein at least a predetermined minimum number of received quorum data portions are required to reconstruct the data portion.

Abstract: A digital rights management (DRM) scheme enables a user having a valid license to digital content to create one or more copies of the content. The number of copies is limited by the DRM scheme. However, if the user is not connected or connectable to the content provider or licensing party when additional copies are desired, the user is permitted to create one or more additional copies without deleting or disabling other copies even though the additional copies exceed the number otherwise permitted by the DRM scheme. The number of such “float” copies may be limited. Rights to such additional copies may be withdrawn during a subsequent connection session between the user and the content provider.

Abstract: A method of booting a production computer system includes establishing a connection between a key computer system and the production computer system, gathering information about system data of the production computer system, transmitting the information about the system data of the production computer system to the key computer system, comparing the gathered information with comparison information stored in the key computer system, automated transmitting of a passphrase from the key computer system to the production computer system to decrypt encrypted file system date on a medium within the production computer system if the comparison is successful, decrypting the encrypted file system data on the medium by the passphrase, and loading the decrypted file system data and booting the production computer system.

Abstract: The present disclosure provides a method and system for generating digital content for a computing device which will function on the computing device only after successful validation. The system installs one or more checks in the digital content that restrict the execution of the digital content to a specific device for which the digital content is generated. The checks pertain to at least one or more parameters of a device including without limitation, a device ID, a device model, or any device specific feature. In addition, the system generates a protected version of the digital content with the one or more installed checks to be transmitted to a client.

Abstract: A barcode-reading system for a mobile device may include a camera assembly. The barcode-reading system may include a barcode-reading enhancement accessory and a barcode-reading application. The barcode-reading enhancement accessory may be securable to the mobile device and may be configured to provide an indication of license entitlement to the mobile device. The barcode-reading application may be stored in memory of the mobile device and executable by a processor of the mobile device. The barcode-reading application may also be configured to enable an enhanced mode of operation of the barcode-reading application conditional upon determining obtaining the license entitlement from the accessory.

Abstract: A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.

Abstract: Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided.

Abstract: As disclosed herein a method, executed by a computer, includes generating, by a software asset management tool (SAM), a baseline event set comprising a plurality of events corresponding to an environment. The method further includes receiving a future event set comprising one or more future events corresponding to the environment. The method further includes combining the future event set and the baseline event set to produce an effective event set. The method further includes performing calculations and generating reports corresponding to the effective event set. A computer system, and a computer program product corresponding to the method are also disclosed herein.

Abstract: There is a performing of digital rights management (DRM), operable in an offline mode with respect to a communications network. The performing includes identifying a stored rights object associated with a stored asset. The stored rights object includes reporting duration information associated with the stored asset. The performing also includes determining, utilizing a processor, whether a transmission of an early status message is a successful communication based on an early status message determination. If a failure in communicating the early status message is determined, utilizing the stored asset. The performing may also include transmitting an early status message and/or later status message after identifying the stored rights object. There is also a performing of digital rights management (DRM) associated with a DRM system and operable in an offline mode with respect to a communications network. There are also client devices, communicating systems, computer readable mediums and protocols.

Abstract: The described embodiments perform a proximity unlock operation. For the proximity unlock operation, a first electronic device in a locked operating state detects that an authorized second electronic device is in proximity to the first electronic device. Based on detecting the authorized second electronic device in proximity to the first electronic device, the first electronic device transitions from a locked operating state to an unlocked operating state. In the described embodiments, the transition to the unlocked operating state occurs without the user performing a manual authentication step that is performed in existing electronic devices to cause the transition from the locked operating state to the unlocked operating state.

Abstract: Systems and methods relating to obtaining group criteria for mobile devices to be associated with a user-specified group; determining that a first mobile device satisfies the group criteria; obtaining a release time for the group in connection with a first software update; determining that availability of the first software update should not be indicated prior to the release time to the first mobile device based on the determination that the first mobile device satisfies the group criteria; and indicating, at a first time, to the first mobile device that the first software update is available based on the first time occurring during or after the release time.

Abstract: A system of this invention is directed to an information processing system that allows a client to enjoy the execution result of a program acquired or to be acquired by the client, even if the program cannot be installed or executed in a client apparatus. In the information processing system, a first information processing apparatus and a second information processing apparatus are connected via communication media. It is requested, from the first information processing apparatus to the second information processing apparatus, to install a program acquired but inexecutable by the first information processing apparatus into the second information processing apparatus. Execution of the program installed in the second information processing apparatus in response to the request is synchronized with an operation for the program in the first information processing apparatus.

Abstract: The access from a host computer to a storage system is continued before and after data migration in the storage system. A first controller allocates a first logical storage area to a specific virtual storage area, stores first association information indicating the specific virtual storage area and the first logical storage area, and sends the first association information to the host computer. The first controller and the second controller perform data migration from the first logical storage area to a second logical storage area. The first controller releases the first logical storage area from the specific virtual storage area and reflects the release in the first association information. The second controller allocates the second logical storage area to the specific virtual storage area, stores second association information indicating the specific virtual storage area and the second logical storage area, and sends the second association information to the host computer.

Abstract: Systems and methods are disclosed for activating features of software products at a client device utilizing a features set ID embedded in an access token. In particular, in one or more embodiments, the disclosed systems and methods provide a master feature registry to a client device in conjunction with downloading a software product. Moreover, upon authenticating a user of the client device, the disclosed systems and methods generate a feature set ID indicating the software products the user is permitted to access. The disclosed systems and methods embed the generated feature set ID into an access token and send the access token to the client device. The client device can utilize the embedded feature set ID in conjunction with the master feature registry to identify authorized features. Moreover, the client device can activate the authorized features in relation to the software product.

Abstract: In the disclosed method, a current state of a network device indicative of no license key being associated with a network device is stored in a license database. Information indicative of a master state of the network device is received, via an input port, including at least one license key associated with the network device. The current state of the network device is updated to include the at least one license key associated with the network device, and the updated current state is stored in the license database.

Abstract: A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.

Abstract: Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid.

Abstract: Disclosed herein are systems, methods, and software to enhance updates to digital content. In at least one implementation, an update agent identifies from a set of files at least a file that is scheduled to be updated from a present version of the file to a new version of the file as part of an update to the set of files. The update may include a set of delta files for updating the file from previous versions of the file to the new version and a complete file for updating the file to the new version.

Abstract: In an electronic device, a first application sends a request to a second application for access by the first application to a resource of the electronic device, wherein the first and second applications run on an operating system of the electronic device. In response to the first request, the second application is used to ask a user of the electronic device for permission for the first application to access the resource. A first user input is received, providing permission for the first application to access the resource. In response to the first user input, the second application is used to grant permission to the first application to access the resource.

Abstract: A digital rights management system includes two digital rights management servers (RMS servers) connected to a client computer. The two RMS servers implement different but related digital rights management (DRM) policies, with the first RMS server implementing conventional DRM policies and the second RMS server implementing extended DRM policies. An application program on the client computer interacts with a document on the client computer, and communicates with the first RMS server to obtain access authorization for the document. A plug-in program in the client computer cooperates with the application program, and communicates with the second RMS server to obtain additional access authorization for the document. Access to the document is granted when both RMS servers grant access to the document. This achieves extended digital rights management control which can provide a more flexible access control than that provided by existing DRM systems.

Abstract: In virtualized environments a method of determining authorization to a resource cannot use a hardware specific identifier, such as a MAC address. As a result upgrading a virtual host may cause licenses associated with that host to be invalid, even though the upgraded virtual host should be authorized. Authentication methods and systems are disclosed such that a key may be shared with a second host along with a license file and, provided at least the second host has a key associated with its system identifier and a key associated with a license file, access to a licensed resource may be authorized.

Abstract: A method of binding a software to a device is disclosed. Accordingly, during a setup of the software in the device, a unique identifier is derived from contents stored in the device and the derived unique identifier is encrypted. The derived unique identifier is then stored in a configuration of the software. During a next invocation of the software in the device, a new unique identifier is derived from the contents stored in the device. The newly derived unique identifier is then matched with the stored unique identifier. The execution of the software is terminated if the matching fails.

Abstract: Disclosed are various embodiments for establishing risk profiles for software packages that have an insufficient security history. A security history for a software package is received. It is determined that the security history does not meet a sufficiency threshold. One or more other software packages are identified that are similar to the software package and have a corresponding security history that meets the sufficiency threshold. A risk profile of the software package is generated based at least in part on the corresponding security history of the other software package(s).

Abstract: A certificate for a target device includes encrypted system attributes that are verified against attributes of the target device prior to software usage. A certificate server securely obtains system attributes from the target system and generates a certificate with encrypted components including some system attributes. The certificate is stored on the target device and software installation/execution is made dependent on validation of the certificate. An encrypted system fingerprint in the certificate is decrypted by the software at the target device and compared with locally obtained system attributes to verify authorization for software usage on the target device. The certificate represents an easy to use paradigm for anti-piracy protection of software.

Abstract: Disclosed are various embodiments for providing limited versions of applications. A limited version of an application is automatically generated from a full version of the application. The limited version has a smaller data size than the full version. The limited version of the application is sent to the client computing device in response to a request for a trial of the application.

Abstract: A method for providing a Digital Rights Management (DRM) service in a network is provided. The method includes receiving a request message for device registration, which includes DRM-related identification information, from a user device; and registering registration information of the user device, which is distinguished according to a corresponding user account and according to a corresponding DRM solution, based on the DRM-related identification information.

Abstract: A method and apparatus for digital rights management (DRM) with steps and means for receiving a registration request from one of a plurality of DRM agent devices requesting to register one of a plurality of user accounts and the one DRM agent device to one of a plurality of rights issuers, completing a registration process in the one rights issuer, including establishment of a relationship among the one user account, the one DRM agent device and the one rights issuer; and returning a registration completion response to the one DRM agent device. The invention provides support to the many-to-many relationships among DRM entities, such as DRM agent device, user account and rights issuer, so that the DRM system can be applied to more business modes.

Abstract: An application as a service provided in a secure environment. A sandbox in a user's computing environment may be created. An application may be downloaded to the user's computing environment to run within the sandbox. Data sources associated with the user's computing environment may be searched and connectivity established with data registry of the data sources based on data description received with the application. The application may be run within the sandbox using the established connectivity. Metering may be performed to monitor usage of the application at the user's computing environment.

Abstract: A first electronic device is configured to operate in a restricted mode of operation, which restricted mode may be terminated or continued by one or more remotely located authorization devices, according to predetermined criteria. In a restricted mode, a first set of permitted applications stored on the first electronic device are executable, and a first set of data is accessible. While operating in the restricted mode, the first device detects a termination condition of the restricted mode and transmits an indication of the termination condition to one or more authorization devices. After transmitting the request, the first electronic device receives an indication that the restricted mode of operation has been continued according to predetermined criteria. Responsive to receiving the indication, the first electronic device continues to operate in the restricted mode according to the predetermined criteria.

Abstract: A first party's personal information is stored in a secure online database with security levels associated at granular level. A second party's request to access the first party's personal information is verified and a portion of the first party's personal information is sent to the second party based on the second party's request meeting certain conditions or criteria.

Abstract: A licensing service is disclosed that can be used in a virtual environment. A master license can be used by the licensing service to maintain a pool of licenses associated with a customer number. Multiple ephemeral licenses can be issued from the pool. The ephemeral licenses can have a short duration to ensure periodic renewal of the ephemeral licenses during the life of the master license. Tighter control of the licenses ensures that the ephemeral licenses are only used during the life of the master license. Additionally, autoscaling is promoted through the use of the license pool, which can adapt according to actual use.

Abstract: In an information processing apparatus, upon the calling of a web application being instructed, the information processing apparatus sets a URL corresponding to the web application in the web browser and makes a request to the web server, and when a request to perform a confirmation process for the license is received from the web server, the information processing apparatus generates signature information of the information processing apparatus, sends the signature information to the URL, and obtains authorization information from the web server. The web server confirms a license of the information processing apparatus in response to the request from the information processing apparatus, and responds to the information processing apparatus with web application content upon the license of the information processing apparatus being successfully confirmed.

Abstract: Described herein are various technologies pertaining to delivery of token-authenticated encrypted data. Content descriptor(s) (e.g., playlist(s)) can be modified to facilitate exchange of a token for a decryption key for browser(s) that do not provide logic to manage a flow of the token.

Abstract: A method of securely transmitting communication information from a first terminal operating in a first coordinate measurement domain to a second remotely-located terminal operating in a second coordinate measurement domain is described.

Abstract: Described herein are techniques related to sharing applications between two client devices assigned to the same user. This Abstract is submitted with the understanding that it will not be used to interpret or limit the scope and meaning of the claims. A shared-application tool allows a user to request to use an application that is installed on host computing device on a client computing device. The request to use the application is made to a directory service using a message-exchanging protocol. The application is run on the host computing device and provided to the client computing device using a peer-to-peer communication protocol.

Abstract: A user interface is used to assign different devices and device types to media services where the number of different devices and device types that are capable of being assigned is determined by access privilege information corresponding to such media services. When a number of devices of a specific type are assigned where such a number exceeds a limit specified in the access privilege information, the assignment of additional devices of that specific type is halted.