Abstract: In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.

Abstract: Methods, apparatus, and computer-accessible storage media for controlling export of snapshots to external networks in service provider environments. Methods are described that may be used to prevent customers of a service provider from downloading snapshots of volumes, such as boot images created by the service provider or provided by third parties, to which the customer does not have the appropriate rights. A request may be received from a user to access one or more snapshots, for example a request to export the snapshot or a request for a listing of snapshots. For each snapshot, the service provider may determine if the user has rights to the snapshot, for example by checking a manifest for the snapshot to see if entries in the snapshot manifest belong to an account other than the customer's. If the user has rights to the snapshot, the request is granted; otherwise, the request is not granted.

Abstract: An exemplary method includes receiving data representative of a content instance over a network from an access device associated with a user, storing the content instance, encrypting the content instance in response to a command initiated by the user, providing a key configured to facilitate decryption of the encrypted content instance, transmitting data representative of the encrypted content instance to a requesting access device, receiving data representative of a request to access the key from the requesting access device over the network, and performing a predefined action related to the key in response to the request and in accordance with at least one access rule, the at least one access rule based on at least one of a user profile and an access device profile.

Abstract: In a communication system, a wireless communication device receives and processes a text message including a location request code and a communication code. In response to the location request code, the wireless communication device transfers a location query indicating the communication code. An authorization computer system receives the location query and processes the communication code to determine if the location request should be authorized. If the location request should be authorized, the authorization computer system transfers a location authorization. The wireless communication device processes the location authorization, and in response, transfers geographic location information using the communication code to control delivery of the geographic location information to a location receiving system.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens indicating a user is requesting access to a resource over a network. The apparatus may determine a condition associated with accessing the resource based on the plurality of tokens. The condition may be determined in addition to a determination to grant or deny access to the resource. The condition may include an obligation to be fulfilled and a message providing instruction regarding how to fulfill the obligation. The apparatus may generate a decision token representing the condition, and communicate the decision token to a resource provider to facilitate enforcement of the condition.

Abstract: A method for transmitting data confirmed by at least one person (KND), wherein data (TOR) to be transmitted are received and/or generated by an input device (BSW), wherein the input device (BSW) can be operated by the person (KND). A configuration for performing the method and a computer program for implementing the steps are also provided.

Abstract: Methods and systems described herein relate to enhancing security on a device by configuring one or more software functions in a trusted zone of a processor using object firewalls, IPC mechanisms, and/or a policy engine. An inter-process communication mechanism and inter-process communication bus enable secure inter-process communication between inter-process communication applications within the trusted zone and inter-process communication applications external to the trusted zone. Adapting, filtering, blocking, redirecting, or otherwise modifying inter-process communications is enabled by the inter-process communications mechanism. Modifications may be controlled by a policy engine within the trusted zone.

Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes receiving a first data transmission from a first client system, where the first data transmission including a first document, the first document having one or more portions that are marked as private; encrypting the marked portions of the first document using a key; and sending a second data transmission to a destination system, where the second data transmission includes a second document, the second document including the encrypted marked portions of the first document and a remainder of the first document that is not marked as private. The key is unavailable to the destination system. The second document is stored at the destination system.

Abstract: Controlling access to computational features includes: preparing a computational resource for execution by an execution system that has been provided a primary descriptor containing an identity value and that has associated a feature indicator with the primary descriptor; accessing a secondary descriptor containing the identity value and cryptographically assigned to the computational resource; and granting the computational resource access to a computational feature of the execution system based on the feature indicator.

Abstract: An entertainment device comprises communication means operable to receive media data from a media data source, storage means operable to store the received media data, in which the storage means limits the duration of access to the media data which was received from the media data source.

Abstract: A system and method that maintains a secure chain of trust from domain name owner to publication by extending the trust placed in existing cryptographic identity systems to the records published in the Internet's Domain Name System (DNS) and secured by its DNS Security Extensions (DNSSEC) infrastructure. Automated validation and processing occur within a secured processing environment to capture and preserve the cryptographic security from the source request.

Abstract: Techniques for distributed license management are provided. Three or more services or servers cooperate and negotiate with one another to establish primary, secondary, and tertiary licensing services. Initially, the primary is designated as a master licensing service and manages a license for a plurality of users over a network. If the primary fails to respond within a configurable period of time to both the secondary and tertiary licensing services, then the secondary dynamically assumes a master licensing service role for purposes of managing the license.

Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes generating a document, including marking one or more portions of the document as private; and sending the document to an intermediary system for transmission to a destination system. Prior to the document being transmitted to the destination system, the marked portions of the document are encrypted by the intermediary system using a key that is unavailable to the destination system.

Abstract: A device receives enterprise information associated with enterprises supported by a network, and determines enterprise identifiers for one or more enterprises identified in the enterprise information. The device also receives information associated with devices and subscribers of the network, and determines security key parameters based on the information associated with the devices and the subscribers of the network. The device further generates, based on the security key parameters, a security key for each of the enterprise identifiers.

Abstract: A system for executing trusted applications with a reduced trusted computing base. In one embodiment, the system includes a processor to dynamically instantiate an application protection module in response to a request by a program to be executed under a trusted mode. The system further includes memory to store the program which is capable of interacting with a remote service for security verification. In one embodiment, the application protection module includes a processor-measured application protection service (P-MAPS) operable to measure and to provide protection to the application.

Abstract: A remote user persona is received at a computing device. The computing device includes a local user persona having a plurality of subsets relating to preferences of a user of the computing device. The remote user persona is synchronized with the local user persona at the computing device and, accordingly, the behavior of the computing device is adjusted.

Abstract: A method, system and non-transitory computer-readable medium product are provided for enterprise-specific functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device associated with an enterprise and identifying at least one watermark template associated with an enterprise. The method further includes applying the at least one watermark template associated with the enterprise to at least one function of the user device associated with the enterprise and authorizing the request to perform the at least one function of the user device associated with the enterprise.

Abstract: A system and method for providing a unique encryption key including a receiver, at a Voice over Internet Protocol (VoIP) adapter, configured to receive a configuration file, a processor, at the VoIP adapter, configured to decrypt the configuration file using a default key stored in the VoIP adapter, update one or more profile parameters of the configuration file, and install an encryption key at the VoIP adapter using the configuration file, and a transmitter, at the VoIP adapter, configured to register, with a network element, for network service using the updated configuration file such that the receiver is configured to receive network service from the network element when the updated configuration file is authenticated by the network element.

Abstract: Embodiments of the present invention provide a method for voice approval, where the method includes: receiving voice approval request information sent by an enterprise application server; establishing a voice communication connection with the terminal according to the contact information of the approver terminal; sending approval content audio information corresponding to the voice approval request information to the approver terminal; receiving feedback information, and obtaining approval result information according to the feedback information; and sending the approval result information to the enterprise application server. Embodiments of the present invention also provide a device and system for voice approval. In the embodiments of the present invention, the enterprise application server and the enterprise gateway are combined and improved to enable an approver to approve, in voice mode, an approval request raised by an applicant, thereby increasing the approval efficiency.

Abstract: In a network comprising a plurality of network resources and at least one directory server, the directory server containing information with a predetermined level of trust about the network resources, a method for automatically providing a user device with information about a network resource in communication with the user device. The communication includes address information about the network resource. The method comprises: automatically retrieving information from the directory server about the network resource in communication; and automatically executing at least one of a set of predetermined actions based on the retrieved information.

Abstract: A system and method for providing a secure data container for an ambient intelligent environment are disclosed. A particular embodiment includes: collecting a set of information from a first digital network information endpoint associated with a vehicle; associating, by use of a data processor, a persistent digital identifier with the collected information, the persistent digital identifier being derived from information associated with the vehicle; enabling a user to specify a shared data set from the collected information; enabling the user to specify a set of sharing controls corresponding to the shared data set; combining information identifying the shared data set and the sharing controls in a secure container; and enabling to second digital network information endpoint to access the shared data set via the secure container upon presentation of a valid secure access token.

Abstract: For establishing a VPN connection in the call-back type, a VPN server establishes an always-on connection through a unique protocol different from the electronic mail delivery system. A client generates a client authentication data used for the client authentication implemented by the VPN server, and establishes the relay server through the unique protocol to transmit the client authentication data. The relay server device relays the client authentication data to the VPN server through the unique protocol. The VPN server implements the client authentication based on the relayed data. The VPN server establishes the VPN connection with the client based on the result of the authentication.

Abstract: A system, method and computer program product for a user to verify that a network resource address is trusted. At least one entity registration is stored at a server. Each entity registration comprises an identity of an entity and entity addressing information associated with the identity of the entity. The existence of at least one entity whose identity is included in the at least one entity registration is confirmed. A query comprising a target addressing information is received from a client. If the target addressing information matches the entity addressing information, the identity of the entity associated with the entity addressing information is determined and a result comprising the identity of the entity associated with the entity addressing information matching the target addressing information is transmitted to the client. If no entity addressing information matches the target addressing information, an indication of such is transmitted to the client.

Abstract: Systems and methods are provided for challenge/response animation. In one implementation, a request for protected content may be received from a client, and the protected content may comprise data. A challenge phrase comprising a plurality of characters may be determined, and a computer processor may divide the challenge phrase into at least two character subsets selected from the characters comprising the challenge phrase. Each of the at least two character subsets may include less than all of the characters comprising the challenge phrase. The at least two character subsets may be sent to the client in response to the request; and an answer to the challenge phrase may be received from the client in response to the at least two character subsets. Access to the protected content may be limited based on whether the answer correctly solves the challenge phrase.

Abstract: In one embodiment, a method includes receiving authorization data at a local node of a network. The authorization data indicates a particular network address of a different node in the network and an authenticated user ID of a user of the different node. Resource profile data is retrieved based on the user ID. The resource profile data indicates all application layer resources on the network that the user is allowed to access. The particular network address is associated at the local node with the resource profile data for the user. A request from the particular network address for a requested application layer resource on the network is blocked based on the resource profile data associated with the particular network address.

Abstract: An anti-malware approach uses a storage drive with the capability to lock selected memory areas. Platform assets such as OS objects are stored in the locked areas and thus, unauthorized changes to them may not be made by an anti-malware entity.

Abstract: Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device.

Abstract: Embodiments provided herein involve connected states between a mobile device and one or more zones in a network media system and different interactions between the mobile device and the network media system involving the connected states. The connected states may be established between the mobile device and the one or more zones such that further actions taken on media items identified in the playlist on the mobile device may also be taken on corresponding media items in a playback queue associated with the one or more zones. The interface on the mobile device may display various graphical representations to indicate the different interactions involving the connected states, including when a connected state is established, when a connected state is lost, and when a reconnected state is reestablished. The interface may further provide selectable icons to allow a user to navigate among the different media playback options involving the connected states.

Abstract: The present invention discloses a computer readable storage medium for storing an application program for network certification. The application program is implemented by an electrical device to execute a network certification process. The network certification process includes the following steps: a network module of the electrical device is driven to receive a certification code, which is broadcasted by a network access point (AP). Determine if the certification code is in an identified list. When the certification code is not in the identified list, the application program executes an action to limit communication between the electrical device and the network AP.

Abstract: A method of controlling access to a client over a computer network includes associating a user interface element with at least one tag and defining an access permission rule for a client, as a function of one or more tags, the function including at least one OR, NOT or inequality condition. The method further includes receiving a request of the client to access the user interface element and allowing the client to access the user interface element only if the tags of the user interface element meet the condition of the access permission rule.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: A system and method for verifying content on a network site is provided. A document such as a website is identified. The document is accessed over a network from a content provider system connected to the network to obtain information about the document. Through an automated process, using the information about the document to determine whether the document conforms to one or more predetermined rules associated with the content provider system governing the usage of content in the document.

Abstract: Systems and methods are described for, e.g., providing a statutory audio content service on a portable device that complies with the provisions of the Digital Millennium Copyright Act (DMCA). The user can select a playlist subject to DMCA restrictions but cannot access individual items. Content playback, including skipping of content, is restricted to enforce relevant DMCA provisions. Encryption used to implement digital rights management (DRM) may be modified to enforce such content play rules or, alternatively, an additional layer of encryption may be imposed. Limitations on playback are stored along with the playlist structure in a form that is protected against modification. Information logging content playback is maintained in protected form to be uploaded and relayed to the service provider for the purpose of calculating royalty payments.

Abstract: There is provided a system and method for a digital receipt for use with an interoperable keychest. There is provided a method for online registration of a digital receipt associated with a content, comprising performing a transaction to obtain from a first distributor the content encrypted by a title key and a first digital rights management (DRM) license usable with the first distributor to access the title key, receiving from the first distributor the digital receipt associated with the content including information relevant to the transaction, and transmitting the digital receipt to the interoperable keychest acting as a central key repository (CKR) for an online registration of the digital receipt associated with the content. Authorized media distributors may then generate new DRM licenses using the CKR, enabling interoperable content playback of the same universal file across different media distributors and clients.

Abstract: A method includes receiving transaction information at a mobile device from a merchant device. The transaction information includes a transaction amount and merchant information that identifies a merchant that operates the merchant device. The method further includes generating a funds transfer request in the mobile device. The funds transfer request includes the merchant information, information that indicates the transaction amount and information that identifies a customer of the merchant. The funds transfer request is for requesting that funds be transferred from a payment card account that belongs to the customer to a payment card account that belongs to the merchant. The method also includes transmitting, from the mobile device, the funds transfer request, to a financial institution that issued the customer's payment card account.

Abstract: Systems and methods for site-dependent embedded media playback manipulation whereby a media owner can enable limited embedding on non-owned or non-monetized websites to direct traffic to a more valuable location. The content owner can specify sets of internet locations with associated sets of rules governing content playback criteria as well as restrictions based upon user categorizations. A playback restriction system consists of a media delivery system and a playback rules system. The media delivery system controls the delivery of the media file with embedded restrictions. The playback rules system controls the nature of the restrictions and the rules of when they are applied. Users will be directed to the location of a more valuable website where the media can be viewed with a less restrictive set of rules.

Abstract: Anonymous information sharing systems and methods enable communication of information to parties in a privacy-preserving manner such that no one other than the designated parties can know the source, recipient, and content of the information. Furthermore, the communication can be accomplished without requiring trial decryption, and protection can be provided against of sharing of privileges.

Abstract: A gateway network device may establish secure connections to a plurality of remote network devices using tunneling protocols to distribute to the remote network devices multimedia content received from one or more content providers. The consumption of the multimedia content may originally be restricted to local network associated with the gateway network device. The secure connections may be set up using L2TP protocol, and the L2TP tunneling connections may be secured using IPSec protocol. Use of multimedia content may be restricted based on DRM policies of the content provider. DRM policies may be implemented using DTCP protocol, which may restrict use of the multimedia content based on roundtrip times and/or IP subnetting. Each content provider may use one or more VLAN identifiers during communication of the multimedia content to the gateway network device, and the gateway network device may associate an additional VLAN identifier with each secure connection.

Abstract: Embodiments of an invention for platform-hardened digital rights management key provisioning are disclosed. In one embodiment, a processor includes an execution unit to execute one or more instructions to create a secure enclave in which to run an application to receive digital rights management information from a provisioning server in response to authentication of the application by a verification server.

Abstract: Certain embodiments may take the form of a method of operating an electronic device to find and determine an identity of other local devices. The method includes transmitting electromagnetic signals from a first electronic device to find devices within a prescribed distance of the first device and receiving electromagnetic response signals from a second electronic device within the prescribed distance from the first electronic device. The method also includes identifying the second electronic device using information received in the electromagnetic response signals. Additionally, the method includes determining if the second electronic device is aware of other electronic devices and, if the second electronic device is aware of other electronic devices, obtaining identifying information of the other devices from the second electronic device.

Abstract: Some embodiments provide an advocate system to facilitate automated online presence verification for different entities on behalf of the entities. The advocate system places service providers on notice that profiles and information hosted by them and that form the online presence for a particular entity should first be verified with that particular entity. The advocate system further facilitates online presence verification by 1) directly or indirectly connecting the service providers that are placed on notice with the appropriate authoritative entities to facilitate the verification of the profiles and information, 2) selectively targeting service providers hosting profiles and information that are unverified, 3) automatedly verifying hosted profiles and information based on a verified profile lists and verified information that authoritative entities provide to a central repository.

Abstract: A method, system and non-transitory computer-readable medium product are provided for functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device and identifying at least one watermark template. The method further includes applying the at least one watermark template to at least one function of the user device and authorizing the request to perform the at least one function of the user device.

Abstract: Provided are an authentication device using a true random number generating element or a pseudo-random number generating element, for example, a USB token, an authentication apparatus using the same, an authentication method, an authentication system and the like. In the authentication system, the authentication device is prepared on a user side, and one code generated in the authentication device is used to encrypt another code. The authentication apparatus registers the codes and decrypts the encrypted code sent from the authentication device by using the registered codes to perform an authentication.

Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.

Abstract: Embodiments of the disclosure relate to proxying at least one email resource from at least one email service to at least one client device, determining whether the email resources are accessible to the client devices via at least one unauthorized application on the client devices, and modifying the email resources to be inaccessible via the unauthorized applications on the client devices in response to a determination that the email resources are accessible via the unauthorized applications on the client devices.

Abstract: Provided is an apparatus and method for managing Digital Rights Management (DRM) contents in a portable terminal. The method includes when a license of the DRM content is consumed, changing license information, which is stored in an external memory, on the DRM content; storing information relating to changed data of the external memory into an internal memory; determining whether the changed license information stored in the external memory has changed by using the information stored in the internal memory when the DRM content is used; and determining whether the DRM content is available according to whether the changed license information has changed.

Abstract: Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.

Abstract: A system and method for using content on multiple devices includes a head end associating a first user device and a second user device with a user account and authorizing the first user device and the second user device to receive content. The first user device forms a selection signal corresponding to a first content. The head end communicates the first content to the first user device corresponding to the selection signal. The first user device displays the first content on a first display associated therewith. The second user device receives the first content and displays the first content on a second display associated with the second user device.

Abstract: Invention embodiments are concerned with the problem of controlling access to a media storage device in response to, e.g., employees leaving or changing jobs. More specifically, embodiments provide a method of controlling access to a media storage device storing a plurality of media objects. Thus embodiments of the invention solve the afore-mentioned problem by providing a mechanism for updating the list of recipients based on data received from a user identification system after the media storage device has been dispatched.

Abstract: Invention embodiments are concerned with the problem of controlling access to a media storage device in response to, e.g., employees leaving or changing jobs. More specifically, embodiments provide a method of controlling access to a media storage device storing a plurality of media objects. Thus embodiments of the invention solve the afore-mentioned problem by providing a mechanism for updating the list of recipients based on data received from a user identification system after the media storage device has been dispatched.