Abstract: A computer-implemented method for information protection comprises: determining one or more data inputs and one or more data outputs for a transaction, wherein the data inputs are associated with input data types respectively, and the data outputs are associated with output data types respectively; encrypting the input data types and the output data types; committing each of the encrypted input data types and the encrypted output data types with a commitment scheme to obtain corresponding commitment values; obtaining at least a parameter R based at least on the commitment values; and submitting the transaction to one or more nodes in a blockchain network with disclosure of the parameter R and without disclosure of the input data types and output data types for the nodes to verify consistency between the input data types and the output data types.

Abstract: This disclosure is directed to avoiding redundant memory encryption in a cryptographic protection system. Data stored in a device may be protected using different encryption systems. Data associated with at least one trusted execution environment (TEE) may be encrypted using a first encryption system. Main memory in the device may comprise data important to maintaining the integrity of an operating system (OS), etc. and may be encrypted using a second encryption system. Data may also be placed into a memory location via direct memory access (DMA) and may be protected utilizing a third encryption system. Redundant encryption may be avoided by encryption circuitry capable of determining when data is already protected by encryption provided by another system. For example, the encryption circuitry may comprise encryption control circuitry that monitors indicators set at different points during data handling, and may bypass certain data encryption or decryption operations based on the indicator settings.

Abstract: A computing apparatus configured to perform software verification and validation is provided. The computing apparatus includes a processor coupled to a main memory, and a write only memory module, wherein the processor is configured to execute an application under test. The application under test is configured to write output data to the main memory. The processor directs the output data to the write only memory module and transfers the output data to the main memory when the execution of the application under test is successful, or erases the output data from the write only memory module when the execution of the application under test is unsuccessful.

Abstract: A method includes dynamically generating an authentication grid that identifies an association between a first set of characters and a second set of characters. Based on a shared secret associated with a user, an encrypted version of the authentication grid is generated and transmitted to a first computing device associated with the user. A challenge is generated and transmitted to a second computing device associated with the user. User input is received, and the user is authenticated based at least in part on the authentication grid and a mapping of at least one character in a first set of characters in the challenge to at least one second character the user input.

Abstract: A method of communicating data using virtualization includes splitting, at endpoint software running on a first device, first data for communication to a destination device into a first plurality of data streams; selecting, at the first device by the endpoint software, a first plurality of deflects for use in communicating the first plurality of data streams; communicating each of the first plurality of data streams over a different one of the selected first plurality of deflects; splitting, at the first deflect, a particular data stream of the first plurality of data streams into a second plurality of data streams; selecting, at the first deflect, a second plurality of deflects for use in communicating the second plurality of data streams; and communicating each of the second plurality of data streams over a different one of the selected second plurality of deflects.

Abstract: A device for managing multiple accesses to a secure module of a system on chip of an apparatus, and comprises a stream ciphering means arranged for computing on the fly and in a single pass an integrity check for data to be transferred between secure and non secure modules of the system on chip with a seed and an encryption key, and for encrypting/decrypting on the fly and in this single pass these data with the encryption key, and a control means for providing the encryption key and seed to the stream ciphering means and for requesting data transfer and retrieving status to the secure and non secure modules for allowing the transfer of encrypted/decrypted data between the secure and non secure modules.

Abstract: An error correction apparatus may be provided. The error correction apparatus may be configured to perform a scrambling operation before an error correction code (ECC) operation is performed.

Abstract: A computing device includes a processor and a machine-readable storage medium storing instructions. The instructions are executable by the processor to: initiate a transition mode in a database comprising a plurality of data elements; and responsive to a first query for a first data element during the transition mode, determine whether the first data element is already encrypted in the database. The instructions are further executable to, responsive to a determination that the first data element is already encrypted in the database: decrypt the first data element, and return the decrypted first data element to the first query. The instructions are further executable to, responsive to a determination that the first data element is not already encrypted in the database: return the first data element to the first query without decryption, and encrypt the first data element in the database.

Abstract: Systems, methods, and computer program products for credential management. An application deployment system receives a deployment manifest for deploying an application in a cloud computing environment. A deployment director of the application deployment system determines a resource to be used by the application. The deployment director determines, from the deployment manifest, an identifier, e.g., a name, of credentials for accessing the resource. The deployment director requests the credentials from a credential manager of the application deployment system. Upon receiving the credentials, the deployment director modifies the deployment manifest by replacing the identifier with the received credentials. The application deployment system deploys the application using the modified deployment manifest and then deletes the modified deployment manifest.

Abstract: In some embodiments, an apparatus includes a memory and a processor. The processor is configured to receive an index file that associates a characteristic in a set of documents with a set of information associated with the characteristic in the set of documents. The processor is further configured to generate an index identifier associated with the index file and calculate a set of pseudorandom logical block identifiers associated with a set of storage locations of a database based on the index identifier. The processor is then configured to parse the index file into a set of index data portions and send a signal to the database to write each index data portion from the set of index data portions at a different storage location within the database as indicated by a different identifier from the set of pseudorandom logical block identifiers.

Abstract: The invention relates to a device for direct communication in simplex mode between mobile devices, in particular mobile phones, using carrier frequencies of a cellular mobile phone system, wherein each carrier frequency transmits a TDMA frame with a TDMA frame duration of 4.615 ms and each TDMA frame comprises 8 time slots with a duration of 577 microseconds, wherein the device comprises a hardware module which controls direct communication, wherein the device is designed to combine TDMA frames into a multi-frame which comprises 13 TDMA frames with the positions 0 to 12 and is configured in such a manner that in simplex mode the mobile devices involved constantly transmit and receive in time slots which are separate from one another and within each multi-frame in each TDMA frame only the first time slot TS0 is assigned to transmitting or receiving, while the other time slots TS1 to TS7 of the TDMA frame are left free.

Abstract: Techniques are disclosed for managing encrypted data stored in one or more blocks of a first data structure. One embodiment presented herein includes a computer-implemented method, which includes retrieving the encrypted data from the one or more blocks. The method further includes placing the encrypted data in a container object. The method further includes applying an encryption technique to the container object to generate an encrypted container object and a key. The method further includes generating a second data structure. A first block of the second data structure may include either the encrypted container object or information related to the encrypted container object.

Abstract: A data storage device utilized for confirming firmware data includes a flash memory and a controller. The controller is coupled to the flash memory to receive first firmware data and first sorting hash data related to the first firmware data, and it divides a first hash data generated from the first firmware data into a plurality of data groups, and re-assembles the data groups according to a mapping and sorting algorithm to generate second sorting hash data. The controller includes an efuse region for writing the mapping and sorting algorithm. When the controller determines that the second sorting hash data is identical to the first sorting hash data, the first firmware data is allowed to update the controller.

Abstract: Improved systems and devices for pre-caching of related medical imaging are provided. A medical imaging order may be received from a medical facility that includes medical imaging of a site generated by a medical imaging device. The medical imaging order may include metadata, such as user data, site data, and modality data. A search may be executed for supplemental medical imaging of the user using the user data. The supplemental medical imaging may be filtered using the site data to return only that medical imaging related to the site. The filtered supplemental medical imaging may be prioritized using the modality data. The prioritized supplemental medical imaging may be appended to the request, and the request may be transmitted to a radiologist for generation of a medical imaging report.

Abstract: A method of creating and recovering digital wallet is implemented using a storage device and a connected device that are connected to each other. The storage device has a private key stored thereon for confirming a digital asset transaction, and includes an information conveying unit, an operation interface, a processor and a security element. The method includes following steps: a user uses the connected device to generate and transmit a digital wallet creating request to the security element via the processor; the security element verifies there is not any digital wallet stored thereon and accordingly creates a digital wallet; the processor requests a recovery mnemonic from the security element and provides the same via the information conveying unit for the user to back it up; and the connected device obtains and decodes an encoded asset message stored in the digital wallet to create a piece of public digital wallet information.

Abstract: Lightweight trusted execution technologies for internet-of-things devices are described. In response to a memory request at a page unit from an application executing in a current domain, the page unit is to map a current virtual address (VA) to a current physical address (PA). The policy enforcement logic (PEL) reads, from a secure domain cache (SDC), a domain value (DID) and a VA value that correspond to the current PA. The PEL grants access when the current domain and the DID correspond to the unprotected region or the current domain and the DID correspond to the secure domain region, the current domain is equal to the DID, and the current VA is equal to the VA value. The PEL grants data access and denies code access when the current domain corresponds to the secure domain region and the DID corresponds to the unprotected region.

Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.

Abstract: The present disclosure relates to a method for processing queries in a database system having a first database engine and a second database engine. The method includes: storing a first instance of a first table in the first database engine in plaintext; encrypting at least one predefined column of the first table, resulting in a second instance of the first table containing at least part of the data of the first table in encrypted format. The second instance of the first table in the second database engine is stored in the second database engine. It may be determined whether to execute a received query in the first database engine on the first table or in the second database engine on the second instance of the first table, where the determination involves a comparison of the query with encryption information.

Abstract: A method for data processing comprises: S100. if a to-be-sent email needs to be saved cryptographically or sent cryptographically, automatically converting a main body of the mail into an html file, the html file including an attachment link for linking a mail attachment; S200. compressing a filename of the html file and a filename of the mail attachment into a new html filename and a new mail attachment name using a first open source algorithm based on a first password preset between a sender and a recipient, thereby obtaining a renamed html file and a renamed mail attachment; S300. compressing the renamed html and the renamed mail attachment using a second open source algorithm based on a second password preset between the sender and the recipient, thereby obtaining a compressed file; and S400.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating protection of data in a database environment in an on-demand services environment according to one embodiment. In one embodiment and by way of example, a method includes detecting, by a first computing device in the database environment, sensitive data associated with a user having access to a second computing device, where the sensitive data is capable of being communicated within a geographic residency. The method may further include performing, by the first computing device, secured communication of the sensitive data between at least one of multiple computing devices and multiple application frames within the geographic residency, wherein the first computing device includes a proxy server that is locally situated within the geographic residency.

Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.

Abstract: A data processing device with a processor, a memory and an access control mechanism, the device having secure and non-secure modes, the memory having secure and non-secure regions, the secure region containing cryptographic data, and the access control mechanism preventing the processor from reading the cryptographic data when the device is operating in the non-secure mode. Also, methods of manufacturing and authenticating such a device, manufacturing an item of electronic equipment that includes such a device, a computer program for storing data on such a device, secure data processing hardware including such a computer program and a method of updating data stored in an item of electronic equipment including such a data processing device.

Abstract: Apparatuses, methods and storage medium associated with media streaming through section change detection markers are disclosed herein. In an example, an apparatus may include one or more processors, devices, and/or circuitry to identify a plurality of section change transitions of content of the media file. The one or more processors, devices, and/or circuitry may be to select at least some of the identified section change transitions, and generate metadata responsive to the selecting. The one or more processors, devices, and/or circuitry may be to transmit the generated metadata over an electronic network for delivery to a streaming client.

Abstract: A data storage apparatus includes an interface and one or more processors. The interface is configured for communicating with a cloud-based object storage system having a built-in versioning mechanism that assigns version numbers to objects stored therein. The one or more processors are configured to receive data for storage from one or more workloads, to store the data as objects in the cloud-based object storage system, and to update and record reference counts for at least some of the objects, by forcing the built-in versioning mechanism of the cloud-based object storage system to update the version numbers so as to match the reference counts.

Abstract: An embodiment includes a dielectric material; a trench included in the dielectric material, the trench having first and second opposing sidewalls; wherein the trench includes: (a)(i) a first trench portion extending from the first sidewall to the second sidewall, (a)(ii) a second trench portion extending from the first sidewall to the second sidewall, and (a)(iii) a third trench portion extending from the first sidewall to the second sidewall; wherein the second trench portion is between the first trench portion and the third trench portion; wherein the first trench portion is substantially filled with a first material, the second trench portion is substantially filled with a second material, and the third trench portion is substantially filled with a third material; wherein (b)(i) the first material includes nitrogen, and (b)(ii) the first material includes more nitrogen than the third material. Other embodiments are described herein.

Abstract: A method according to an example of the present disclosure includes, obtaining an encrypted version of a shared reference file that is shared by a group of one or more confidants, receiving a request from a particular confidant in the group to encrypt a data segment for the group, and selecting a portion of the encrypted version of the shared reference file as an encryption key for the request. The selecting is performed based on a date and time of the request. The encryption key is used to encrypt the data segment. A computing device and computer program product are also disclosed.

Abstract: Provided are a device and method for generating an identification key using process variation during a bipolar junction transistor (BJT) process. A BJT may be produced by designing such that the effective base width of the BJT is at least a first threshold value but not more than a second threshold value, or, such that the total of the width of a second depletion region formed by connection with a collector region and the width of a first depletion region formed by connection with an emitter region, within a base region, differs from the width of the base region by a value that is at least the first threshold value but not more than the second threshold value. Whether or not there is a short circuit between the emitter region and the collector region is stochastically generated, and if ordinary turn-on voltage is not applied, whether or not there is a short circuit is identified.

Abstract: A method for information processing is provided, which includes the follows. Whether a target OAT file corresponding to a target DEX file that an application relies on is missing is detected, in response to a start control instruction for the application detected. Existence of a backup target OAT file is detected when the target OAT file is missing. A hard-link file configured to back up the target OAT file is determined, and the target OAT file is read from the hard-link file, when the backup target OAT file exists. Validity of the target OAT file is verified. The target OAT file is loaded when the target OAT file is valid.

Abstract: In an information processing apparatus having a hardware security module (HSM), an HSM function that makes it possible to encrypt and decrypt data using the encryption key of the HSM is able to be set to be enabled under the condition that the encryption key of the HSM is able to be backed up.

Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.

Abstract: Methods, systems, and computer readable media for execution by a cloud storage system are provided. One example method is for storage processing on a cloud system. The method includes executing a storage application on a compute node of the cloud system, and the storage application is configured to process write commands and read commands to and from storage of the cloud system. The write commands and the read commands are from an application. The method includes processing, by the storage application, a write command from the application. The processing includes writing data blocks to memory cache provided by the compute node for the storage application; writing data blocks written to memory cache to a write cache of a block storage that is part of the storage of the cloud system; and writing select data blocks written to memory cache to a read cache of block storage that is part of storage of the cloud system.

Abstract: A printing apparatus includes: a printing apparatus storage unit that stores firmware to which a public key is added, the public key being information related to a public key encryption method; a printing apparatus network-communication unit that receives signature information obtained by encrypting a hash value of overwriting firmware with a private key corresponding to the public key, from the management server, and that receives the overwriting firmware from the file providing server; and a printing apparatus control unit that determines validity of the overwriting firmware by comparing a hash value generated by decrypting the signature information which is received from the management server with the public key stored in the printing apparatus storage unit, and a hash value of the overwriting firmware which is received from the file providing server.

Abstract: A control circuit causes a first cryptographic module to perform a dummy operation in a command processing period and a data processing period in which a second cryptographic module performs a normal operation while the first cryptographic module does not perform a normal operation.

Abstract: An example method of enforcing granular access policy for embedded artifacts comprises: detecting an association of an embedded artifact with a resource container; associating the embedded artifact with at least a subset of an access control policy associated with the resource container; and responsive to receiving an access request to access the embedded artifact, applying the access control policy associated with the resource container for determining whether the access request is grantable.

Abstract: A microcontroller system including a main core and a secondary core and a communication bus for transmitting data and a data memory for storing data, wherein the data memory has a memory area for which the secondary core at least does not have any write rights, and wherein the microcontroller system includes a memory access module and a configuration memory area, wherein a configuration for authorizing writing of data provided by the secondary core to the memory area of the data memory is provided in the configuration memory area, wherein the data are written to the memory area of the data memory by the memory access module. The invention furthermore describes a corresponding method.

Abstract: An apparatus is described. The apparatus includes a memory controller to receive data from a memory device. The memory controller includes error checking logic circuitry. The error checking logic circuitry is to receive an error checking code from the memory device. The error checking code is generated within the memory device from the data. The error checking logic circuitry includes circuitry to generate a second version of the error checking code from the data that was received from the memory device and compare the received error checking code with the second version of the error checking code to understand if the data that was received from the memory controller is corrupted.

Abstract: A method includes dispersed storage error encoding, by a computing device, a data segment of a data file to produce a set of encoded data slices. The method further includes determining, by the computing device, a storage & error encoding scheme for storing the set of encoded data slices. The method further includes sending, by the computing device, the set of encoded data slices to the set of storage units. The method further includes receiving, by a first storage unit, one or more encoded data slices. The method further includes processing, by the first storage unit, the one or more encoded data slices in accordance with a first version of the storage & erroring encoding scheme to produce a first set of encoded data sub-slices. The method further includes storing, by the first storage unit, the first set of encoded data sub-slices in a set of memory devices.

Abstract: An encrypted data receiving unit (201) receives encrypted data which has been encrypted, in which a decryption condition to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is embedded. A data storage unit (202) stores the encrypted data received by the encrypted data receiving unit (201) in an encrypted state. A revocation processing unit (209) adds revocation information in which a user attribute of a revoked user who is no longer the decryption-permission user is indicated, to an embedded decryption condition that is embedded in the encrypted data, while the encrypted data remains in an encrypted state.

Abstract: Systems and methods are provided herein for automatically configuring newly installed secondary storage computing devices and managing secondary storage computing devices when one or more become unavailable. For example, a storage manager can then detect the computing resources available to the newly installed secondary storage computing device, assign a role to the newly installed secondary storage computing device based on the detected computing resources, configure the newly installed secondary storage computing device with deduplication and storage policies used by the other secondary storage computing devices, re-partition secondary storage devices to allocate memory for the newly installed secondary storage computing device, and instruct other secondary storage computing devices to replicate their managed data such that the newly installed secondary storage computing device has access to the replicated data.

Abstract: During an encryption process, a database system may generate an index value based on the plaintext to be encrypted, an encryption key, a data field-specific salt, or a combination thereof. The database may store the index value in an index associated with the ciphertext output of the encryption process. In some cases, the database may receive a query specifying a plaintext value for filtering on a data field, where the database may return data objects with the specified plaintext value in the given data field. The database may compute a set of index values associated with the specified plaintext, and may identify indexes with index values included in the set of index values and associated with the given data field. The database may decrypt the ciphertexts associated with the identified indexes to check if they match the specified plaintext.

Abstract: Method includes determining that a personal communication device is within a designated range of a medical system. The personal communication device is configured to transmit and receive data through a telecommunication network. The method also includes receiving an identifying signal from the personal communication device while within the designated range of the medical system for identifying a user associated with the personal communication device. The method also includes determining that the user associated with the personal communication device is permitted to use the medical system. The method also includes opening a session for the user to use the medical system. The method also includes establishing a dedicated link between the personal communication device and the medical system such that other users are unable to use the medical system during the session. The method also includes closing the session, thereby permitting the other users to use the medical system.

Abstract: A method includes adding a key version tag to an encryption key store that stores encryption keys. The key version tag is inserted into a data stream. The data stream including the key version tag is written to media. The data in the data stream is erased by scrambling the encryption keys and incrementing the key version tag in the encryption store by a digit. The data stream is replaced with a replacement data pattern when the key version tag stored in the encryption store and the key version tag located in the data stream mismatch.

Abstract: One or more embodiments provide techniques for migrating virtual machines (VMs) from a private data center to a cloud data center. A hybrid cloud manager determines a scope of migration from the private data center to the cloud data center. The hybrid cloud manager groups each VM included in the scope of migration into one or more clusters. The hybrid cloud manager defines one or more migration phases. Each migration phase comprises a subset of the one or more clusters. The hybrid cloud manager generates a migration schedule based on at least the one or more migration phases. The hybrid cloud manager migrates the VMs from the private data center to the cloud data center in accordance with the migration schedule.

Abstract: Systems and methods for generating a data map for retrieval of a data object. An example method includes: receiving an indication to generate a data entry for the data map, the data entry corresponding to a field identifier and a field value related to the field identifier; obfuscating the field identifier to generate a record locator associated with the data entry based, at least in part, on one or more variable storage parameters; and encrypting the field identifier and field value and storing the data entry in the data map as an encrypted field identifier and field value in association with the record locator.

Abstract: Systems and methods are provided for monitoring time-series data relative to a temporal logic specification regarding expected behavior of a system, such as a vehicle. The time-series data and a threshold value(s) specified in the temporal logic specification may be encrypted and analyzed without decrypting the time-series data to maintain the privacy of a user(s) of the vehicle. Encryption of the time-series data and the threshold value(s) may be accomplished using an order preserving encryption scheme. Analysis of the time-series data may be accomplished utilizing a batch processing-type architecture or a continuous processing-type architecture. When utilizing the continuous processing-type architecture, historical time-series data may be stored and utilized to determine whether currently-monitored time-series data satisfies the temporal logic specification.

Abstract: An online system receives tracking requests from client devices interacting with a website. The online system analyzes user interactions with websites using the tracking requests. The online system predicts an accurate label for the web page that caused the tracking request to be generated. The online system uses the accurate label for generating reports describing user interactions with the website. The online system predicts the label of a web page received by the client device based on metadata extracted from markup language documents by the client device and provided to the online system via tracking requests. Examples of metadata extracted from markup language documents include labels and description of widgets in the web page that triggered the tracking request from the client device. The online system generates reports describing the quality of the tracking requests.

Abstract: Techniques for assisting owners to remotely administer their digital content items stored at non-owners' personal computing devices. The techniques involve identifying owned content items from among content items stored in a synchronization replica that is synchronized with synchronization replicas at the non-owners' personal computing devices. The techniques further involve allowing owners to remotely perform certain administrative actions on owned content items. For example, in response to a command initiated at an owner's personal computing device, a network signal or signals can be sent to a synchronization agent installed on the non-owners' personal computing devices to automatically remove all owned content items from the synchronization replicas at the non-owners' personal computing devices.

Abstract: A configuration capable of performing reliable source analysis of illegal copy content using content in which a reproduction path is settable is implemented. Content in which an individual segment region including a plurality of pieces of variation data which include different identification information embedded therein and are decryptable using different keys and a common segment region including single data are provided, and variation data is configured with an aligned unit is set. A content reproducing device calculates a reproduction path by applying a device key and selects and reproduces an aligned unit corresponding to the reproduction path on the basis of a variation data identifier recorded in an adaptation field in a plain text region at the head of a plurality of aligned units constituting the variation data.

Abstract: Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.

Abstract: A method is provided for dynamically adding customized advertisements with media content on digital media storage devices. A user may provide identification data to an automated machine or salesperson selling the media content at a retail location. Based upon the identification of the user, advertisements may be selected to be added to the media content. The selection of advertisements may be based upon previous transaction data, the genre of the media content, or characteristics identified for the user. Users may also select to change the quantity of advertisements to view based upon fees paid by the user for the media content. The user may pay additional fees to view less advertisements and the user may pay fewer fees and have more advertisements included with the media content.