Abstract: Techniques are described for incorporating advertisements into content in a content retrieval application. Embodiments receive a request to view content retrieved from source content containing one or more advertisements. In response to receiving the request, a timer is initiated. The timer is configured to expire after a period of time has elapsed. Embodiments determining whether to display any of the one or more advertisements, based upon whether the timer has expired.

Abstract: Methods and systems for configuring a network-attached storage (NAS) unit for use with heterogeneous client computers are described. Consistent with some embodiments of the invention, a NAS management module executing on a host computer provides a graphical user interface, and a wizard-like workflow in particular, which enables an administrator to provide configuration settings that make a folder accessible to both CIFS- and NFS-based clients.

Abstract: A device, method, and an action figure toy for implementing encrypted content for implementation in a game are disclosed. The encrypted content may relate to physical objects, such as action figure toys corresponding movie characters and/or any other physical objects. Such content may be encrypted separately and distinctively during a development stage of the game. Decryption information for decrypting the encrypted content may be stored on and distributed with corresponding physical objects. A set of encrypted content associated with such a physical object may be decrypted upon presence of the physical object detected by a reader configured to read information stored on the physical object and responsive to receiving the decryption key stored on the physical object. The decrypted content may be implemented in the game responsive to the presence of the physical object on the reader.

Abstract: A server-implemented method encrypting at least two pieces of indexed data as lists of elements, each element belonging to a finite set of indexed symbols on an alphabet. The data is encrypted to form a protected set, including: the server randomly generates, for each datum, a corresponding encoding function; if at least one element that constitutes a datum is the symbol of the alphabet, the server determines the image of the symbol of the alphabet via the encoding function corresponding to the datum to obtain a codeword coordinate and adds the codeword coordinate to an indexed set corresponding to the element of the alphabet; then the server completes the indexed set with error-inducing points; the server randomly reindexes the elements of the indexed set corresponding to the symbol of the alphabet; and the server adds the indexed set to the protected set. The method can identify an individual.

Abstract: Techniques are described for incorporating advertisements into content in a content retrieval application. Embodiments receive a request to view content retrieved from source content containing one or more advertisements. In response to receiving the request, a timer is initiated. The timer is configured to expire after a period of time has elapsed. Embodiments determining whether to display any of the one or more advertisements, based upon whether the timer has expired.

Abstract: Method and systems for accessing and providing protected content are disclosed herein. An example system includes a client configured to access a third-party application to receive at least one piece of content associated with a first identifier; wherein the client comprises a token generator configured to generate a token requesting the at least one piece of content, the token comprising at least one private encryption key and the first identifier. The system further includes an embedded module system comprising a database of content, the content separated into a plurality of modules, the embedded module system configured to receive the token and decrypt the at least one private encryption key. The embedded module system may further authorize the client by comparing the first identifier with a second identifier stored in the database.

Abstract: A method for authorizing media content transfer between a home media server and a client device and provisioning DRM credentials on the client device, the method comprising receiving a service authorization credential at a client authorization server from a PKI provisioning server, wherein the service authorization credential is associated with a client device, and sending a validation response from the client authorization server to the PKI provisioning server if the client authorization server determines that the service authorization credential was previously provided by the client authorization server to the client device, wherein the validation response releases the PKI provisioning server to send DRM credentials to the client device.

Abstract: A method includes a particular user application, without operating system kernel access, performing the operations of: identifying a set of applications that a user has permission to access, receiving a request to a access a particular application of the set of applications, and causing execution of the particular application.

Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.

Abstract: Subscriber (user) data is encrypted and stored in a service provider cloud in a manner such that the service provider is unable to decrypt and, as a consequence, to view, access or copy the data. Only the user knows a user-specific secret (e.g., a password) that is the basis of the encryption. The techniques herein enable the user to share his or her data, privately or publicly, without exposing the user-specific secret with anyone or any entity (such as the service provider).

Abstract: A data processing system comprises a plurality of electronic book reader devices, each of the electronic book reader devices having a display and being connectable to a wireless network of electronic book reader devices, in which: a first electronic book reader device of the plurality comprises a data transmitter configured to send, via the wireless network, reading position data defining: a current book data file being displayed by that electronic book reader device, and a current display position within that book data file; and at least a second, different, electronic book reader device of the plurality comprises a data receiver configured to receive, via the wireless network, the reading position data sent by the first electronic book reader device, and a display controller configured to control the second electronic book reader device to display at least an indication of the current book data file and the current display position of the first electronic book reader device.

Abstract: Adaptive encryption optimization is disclosed. A first secure tunnel is established between a device and a node. It is determined that a second secure tunnel between an application on the device and a server has been established. The second secure tunnel is established at least in part using the first secure tunnel. The first secure tunnel is removed based at least in part on the determination that the second secure tunnel has been established.

Abstract: A method may include identifying a media file to be retrieved from storage, transmitting a request for information identifying a location of the media file and identifying the location of the media file. The method may also include forwarding the identified location, transmitting a request for the media file and receiving the request for the media file. The method may further include creating a copy of the media file, storing a first virtual location corresponding to a location of the copy and forwarding a message indicating that the identified media file is available for processing.

Abstract: System, methods and computer program products for creating and maintaining an address book are described. The address book may collect or update its existing contact information from sent or received communications. Contact information associated with the existing contacts also may be collected (or updated based on information received) from outside sources (e.g., external to an application hosting or accessing the address book). The address book may intelligently combine profile data from various sources to enrich the existing records associated with the contacts.

Abstract: A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates.

Abstract: One or more elements on a computing device can be selected and locked from use. For example, a first user (e.g., adult) of a computing device can allow a second user (e.g., child) to use the former's device; however, the first user might not want the second user to have access to all of the elements on the device, and so the first user can select which elements he/she wants to share with the second user and which elements he/she does not want to share. For example, the first user can select elements and choose to lock the selected elements, lock all other elements, lock the selected elements for a certain period of time, or lock the selected elements but allow for earned usage, etc. The lock can be removed in response to an unlock event, which can comprise a user-initiated unlock, a timed unlock, or a user-earned locked.

Abstract: Indicia may include security threats that, when scanned by a barcode reader, may cause unwanted actions to be performed by a host device communicatively coupled to the barcode reader. To prevent these security threats from affecting the host device, security software running on a processor in the barcode reader or the host device compares the scanned data with items in a threat-signature library. Scanned data that match, at least part of, the threat signature library are blocked from being transmitted to the host device.

Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Abstract: The accessory is capable of connecting to a host device, which is physically separated from the accessory. The accessory includes a first communication module and a contactless module. The first communication module is used to wirelessly coupled to the host device, and receive a first credential from the host device. The contactless module is coupled to the first communication module. The contactless module includes a controller, a first security element, an antenna, and a storage unit. The controller receives the credential from the first communication module. The first security element is coupled to the controller for receiving and storing the first credential. The antenna is coupled to the controller to wirelessly communicate with a first reader for a first application by using the stored first credential. The storage unit stores at least one first transaction record generated during the first application is operating.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: Disclosed are systems, methods and computer program products for controlling privileges of consumers of personal data. An example method includes: formulating user requirements to personal data control quality; determining weighting factors for corresponding functions of application programming interfaces (APIs) for personal data control of a centralized personal data control system based on the formulated user requirements to personal data control quality; determining correspondence between the functions of APIs for personal data control of the centralized personal data control system and functions of APIs for personal data control of the consumer of personal data; calculating a personal data control rating of the consumer of personal data based on the determined correspondence and the determined weighting factors; and determining the privileges of the consumer of personal data based on the personal data control rating of the consumer of personal data.

Abstract: A compliance method and associated system is provided. The method includes generating backup devices for devices of a list of devices associated with a data storage environment. A device from the list of devices is selected and available credentials for connecting and authenticating the device are determined. Configuration and operational state data for the device are retrieved. A backup device associated with the device is selected and associated policies are loaded. Each policy is evaluated with respect to the backup devices, associated dependencies, and the configuration and operational state data. Compliant and non-compliant policies with respect to the backup devices are determined.

Abstract: An information communication apparatus includes: a communication portion; a storage apparatus connection portion that performs input and output operations with respect to a storage apparatus; a storage region management portion configured to provide, in the storage apparatus, a public region that makes an electronic file publicly accessible through the communication portion, and a private region that does not make an electronic file publicly accessible; and a file management portion that is capable of moving an electronic file that is stored in the storage apparatus, and is configured to move a predetermined electronic file to the private region.

Abstract: This is a system for controlling and restricting access (reading, writing, creating, deleting, manipulating, and control) to data and data representations of arbitrary processing engines through the use of secure containers, an access processing engine, and cryptographic keys.

Abstract: A system and method of providing a universal input/output (I/O) command translation framework in an application publishing environment is disclosed. A client-server computing system includes a network of one or more host computers and an application server that further includes an application publishing service supporting multiple client devices and a translation framework that provides a set of generic public APIs. Using the translation framework, an application-specific translation layer is created and integrated into remote applications, which enables I/O commands from client devices to be interpreted by remote applications whose control functions only exist internally (i.e., controls are private). The application-specific translation layer also receives the I/O commands of the client devices that may be generated via touch-based user input. Then, the application-specific translation layer translates the client I/O commands to the native internal control functions of the remote application.

Abstract: An example method includes receiving a media identifier and an impression identifier from a device, the media identifier being indicative of media presented at the device; receiving the impression identifier in association with first user information from a first database proprietor as a result of the first database proprietor obtaining a first identifier sent from the device, the first identifier identifying at least one of the device or a user; receiving the impression identifier in association with second user information from a second database proprietor as a result of the second database proprietor obtaining a second identifier sent from the device, the second identifier identifying at least one of the device or the user; identifying the first and second user information as associated with a same user based on the impression identifier; and associating the first and second user information with the media identifier.

Abstract: By injecting bytecode into a predetermined method of a sandbox environment, an application that uses an exploit to attempt to escape from the sandbox environment may be detected without knowledge of the application or the exploit used to attempt to escape from the sandbox environment. Upon indicating that the application has escaped the sandbox, the application may be terminated or the escape may be reported, allowing further monitoring of the application.

Abstract: Managed real-time communications between user devices may be provided. Upon receiving a request to instantiate a communication connection from an application, a secure session may be established between the application and a remote application. Input from a user of the application may be received, subjected to at least one management policy, and transmitted to the remote application.

Abstract: A method of providing normal security services and high security services with a single operating system in a computing system is disclosed. A secure thread is only accessible while the computing system is in a high security environment, and relates to one of the high security services. A pseudo normal thread is to be executed while the computing system in a normal security environment, and it works as a temporary of the secure thread, and is forwarded to a thread ordering service to gain access to resources of the computing system. When the pseudo normal thread gains access to the computing system resources, the computing system is changed to the high security environment to execute the secure thread.

Abstract: A system and computer-implemented method for securely managing enterprise related applications and associated data on one or more portable communication devices is provided. The system comprises one or more appboxes, residing on the one or more portable communication devices, configured to secure, monitor and collect information related to at least one of: one or more applications and associated data and the one or more portable communication devices. The system further comprises a server configured to facilitate one or more administrators to monitor and manage overall functionality of at least one of: the one or more applications and associated data and the one or more portable communication devices using the collected information.

Abstract: Multiple DRM-employing home files of the same content are “cleaned up” for archiving by copying licenses attached to one copy of content to an archived copy of the content for a user's home domain, or, when multiple copies are desired to remain extant, by copying all licenses associated with various copies to each copy of the content.

Abstract: A method and apparatus for providing a broadcast service in a communication system is provided. The method includes generating a key pair comprising a first key and a second key, generating at least one of forward encryption keys by applying a forward hash chain to the first key, generating at least one of reverse encryption keys by applying a reverse hash chain to the second key, generating at least one of encryption keys using the at least one of forward encryption keys and the at least one of reverse encryption keys, encrypting broadcast service data using the at least one of encryption keys, and broadcasting the encrypted broadcast service data.

Abstract: Migration of a virtual machine to a new host is coordinated while data that is mapped into virtual (swap) memory of a source instance of the virtual machine (or guest) is properly handled. Sharing rights for one or more swap devices can be modified to facilitate the use of the swap devices by a new host and a corresponding (target) instance of virtual machine running on the new host.

Abstract: A computer implemented method includes generating a first cryptographic hash based on at least one setting associated with a browser at a first time, storing the first cryptographic hash as a first bit string, generating a second cryptographic hash as a second bit string, wherein the second cryptographic hash is based on the at least one setting associated with the browser at a second time, determining that a setting associated with the browser has changed and that the setting change was made outside of the browser based on a comparison of the first and second bit strings, and if the setting change was made outside of the browser, setting the setting to a default value.

Abstract: A data storage device includes a non-volatile memory device including a memory cell array, where the memory cell array includes a first region and a second region, and a memory controller configured to judge whether a size of data externally provided according to a write request exceeds a reference size, and to control the non-volatile memory device according to a judgment result. When the externally provided data exceeds the reference size, the memory controller controls the non-volatile memory device such that a portion of the externally provided data is stored in the second region via a main program operation and such that a remainder of the externally provided data is stored in the first region via a buffer program operation.

Abstract: A method, system, and computer-readable storage media for licensing an application using multiple forms of licensing are provided herein. The method includes providing a first form of a license to a first computing device via a licensing service and providing a second form of the license to a second computing device via the licensing service. The method also includes determining a first state of the first form of the license and a second state of the second form of the license, synchronizing the first state and the second state to form a combined license state, and adjusting conditions of the license based on the combined license state.

Abstract: Techniques for causing a component loader associated with a hotpatch mechanism to execute a user-mode component which, when executed, creates a user-mode process, thread, or held reference are described herein. The component may further indicate to the component loader that it lacks hotpatch data, causing the component loader to unload the component. In some implementations, a kernel-mode module may initially provide the component to the hotpatch mechanism with an entrypoint of the component set to zero and with hotpatch data for the component loader. The hotpatch mechanism may apply the hotpatch data, modifying the component loader such that the component loader requests execute rights for a section object for the component. The kernel-mode module may then set the entrypoint such that the component becomes executable, and provides the section object and component to the hotpatch mechanism to cause the component loader to execute the component.

Abstract: Systems, methods, and software are disclosed herein for licensing applications using a preferred authorization process dynamically identified based on conditions associated with an initiation of an application. Authorization is then attempted using the preferred authorization process. In some examples, the preferred authorization process is selected from at least a keyless authorization process and a key-based authorization process.

Abstract: A system and method for providing whitelist functionality for use with a cloud computing environment. In accordance with an embodiment, software applications being deployed to the cloud are restricted from using certain classes or application program interfaces (APIs). During provisioning by, e.g., a Java cloud services (JCS) infrastructure, or another component of the cloud environment, an application's resources, such as its classes or API calls, can be matched against a whitelist of acceptable resources. If the application fails to be validated against the whitelist, it will not be deployed to the cloud, and the customer/user notified accordingly. In accordance with an embodiment, a whitelist functionality can be packaged within a software development kit (SDK), which customers/users can use during development of their applications, to verify that the applications will comply with, or successfully validate against the whitelist, prior to attempting to deploy the applications to the cloud.

Abstract: A protection relay installed at a power system and a network system including the protection relay are disclosed, the protection relay storing a security level of a plurality of systems or a plurality of source addresses, instructing whether to short-circuit a power by checking a security level of a data-transmitting system based on a security level stored in a security level setting device, or instructing whether to short-circuit a power by comparing the source addresses included in the data with the plurality of source addresses.

Abstract: Provided is a method for accessing e-book data, including: step A: e-book hardware establishes a connection with an electronic device and negotiates a reading key; step B: the electronic device downloads e-book data via a client, specifically is: firstly, the electric device establishes a connection with the client; the client sends a connection establishment request to a server; the server verifies the identification of the electronic device via the client; if the verification is not passed, then the access will be refused; if the verification is passed, then the server uses a downloaded key to encrypt the e-book data and sends the encrypted e-book data to the electronic device via the client; and step C: the electronic hardware establishes a connection with the electronic device, processes the encrypted e-book data using the downloaded key and/or the reading key, and the e-book hardware displays the e-book data.

Abstract: An authentication method and device, authentication centre and system are provided. The method comprises: receiving at least one access request and obtaining sub-key information from the access request; generating a group key according to the obtained sub-key information, and interacting with the network side according to the group key to perform the group authentication. The solution can solve the problem that the one-to-one authentication causes network load in the present art, implement the authentication of multiple nodes at one time, reduce network resources and the network load of the server, and can be appropriate for the authentication of the terminal nodes in the internet of things, and can greatly improve the availability of services in the internet of things.

Abstract: An operating method for a media stream transmission key includes: detecting, by a media gateway, lifetime status information of a media stream transmission key; and when the media gateway determines that a lifetime of the media stream transmission key expires, executing, by the media gateway, a media stream transmission key lifetime expiry behavior according to an instruction of a media gateway controller. The embodiments of the present invention fill a technical gap that an operation is performed on a lifetime status of a media stream transmission key in an architecture where an MG and an MGC are separated.

Abstract: A method for managing authentication of user interface elements in a user interface can be provided. The method can include displaying a plurality of widgets in the web browser and sending an HTTP request for data to a web site, wherein the HTTP request is sent via an XMLHttpRequest API. The method can further include receiving from the web site a 401 HTTP status code associated with a custom “WWW-Authenticate” header value indicating that the HTTP request is unauthorized for communication with the web site and detecting the custom “WWW-Authenticate” header value. The method can further include displaying in a first widget of the plurality of widgets a text field for entering user credentials. The method can further include sending to the web site an HTTP request including the user credentials entered by a user, wherein the HTTP request is sent via the XMLHttpRequest API.

Abstract: A method for unlocking a touch screen device includes providing a touch screen device in an idle mode. An area or region displayed on a screen of the device in the idle mode is contacted or activated to reveal at least one application icon associated with an active/unlocked state of the device. The region is moved, expanded or dragged to an edge of the device to change a state of the device to an active/unlocked mode and activate the revealed application.

Abstract: A key-based method for controlling access in a social network service includes: generating a core key and sub keys by segmenting a master key that is unique to a file owner, with the sub keys assigned differently to multiple groups that are divided according to trust level and relationship type; determining the group to which a file requester belongs by using at least one of a friend list of the file requester, a trust level between the file requester and the file owner, and a friend list of the file owner, and distributing a sub key corresponding to the determined group to the file requester, when the file requester requests a key distribution; and determining whether or not access to a file of the file owner is authorized by using the sub key distributed to the file requester and the core key, when the file requester requests the file.

Abstract: A transmission resource in a time domain subframe is divided into a plurality of equal duration resource elements in a time and frequency domain, the plurality of resource elements are segregated into a plurality of resource regions, information to be transmitted is modulated to generate a sequence of modulation symbols at a transmitter, the sequence of modulation symbols is mapped into the plurality of resource elements in the plurality of resource regions, and the modulation symbols are transmitted via a plurality of antennas using the respective corresponding resource elements to a receiver. The mapping of the modulation symbols in at least one resource region is independent of a certain control channel information that is carried in the time domain subframe, and the mapping of the modulation symbols in at least another resource region is dependent upon that certain control channel information.

Abstract: Methods and systems enable receiver devices to receive electronic coupons from mobile TV broadcast service providers. Coupon templates may be broadcasted to mobile devices. Coupon templates may be used to communicate with coupon managers to receive digitally signed coupons. Coupon managers may use received data to create digitally signed coupons for delivery to receiver devices via a unicast networks. Digitally signed coupons may also be broadcasted to receiver devices. A receiver device may verify received electronic coupons using the digital signature to identify those coupons intended for them. The electronic coupons may be redeemed at a point of sale. Merchants may locally verify coupons using their digital signature. Coupon digital signatures may be generated using a chain of X.509 certificates leading to a root X.509 coupon-signing authority to enable recipients to confirm that coupons originated from a trustworthy entity.

Abstract: A method includes receiving a first request from a first user device to access a first resource that includes data for a second user account for which access to the data is restricted to authorized users, the first request including an authorization token and associated with a first user identifier that identifies a first user; determining that the first user identifier does not identify an authorized user and in response: determining that the first user identifier identifies an authorized user based on the authorization token, and provide the first resource to the first user device; receiving a second request for access to data to the second user account, the second request associated with the first user identifier; and based on the first user identifier being determined to identify authorized user, providing access to the data to the second user account in response to the second request.

Abstract: An electronic device.