Abstract: A system, method and computer program product for a user to verify that a network resource address is trusted. At least one entity registration is stored at a server. Each entity registration comprises an identity of an entity and entity addressing information associated with the identity of the entity. The existence of at least one entity whose identity is included in the at least one entity registration is confirmed. A query comprising a target addressing information is received from a client. If the target addressing information matches the entity addressing information, the identity of the entity associated with the entity addressing information is determined and a result comprising the identity of the entity associated with the entity addressing information matching the target addressing information is transmitted to the client. If no entity addressing information matches the target addressing information, an indication of such is transmitted to the client.

Abstract: Embodiments provided herein involve connected states between a mobile device and one or more zones in a network media system and different interactions between the mobile device and the network media system involving the connected states. The connected states may be established between the mobile device and the one or more zones such that further actions taken on media items identified in the playlist on the mobile device may also be taken on corresponding media items in a playback queue associated with the one or more zones. The interface on the mobile device may display various graphical representations to indicate the different interactions involving the connected states, including when a connected state is established, when a connected state is lost, and when a reconnected state is reestablished. The interface may further provide selectable icons to allow a user to navigate among the different media playback options involving the connected states.

Abstract: The present invention discloses a computer readable storage medium for storing an application program for network certification. The application program is implemented by an electrical device to execute a network certification process. The network certification process includes the following steps: a network module of the electrical device is driven to receive a certification code, which is broadcasted by a network access point (AP). Determine if the certification code is in an identified list. When the certification code is not in the identified list, the application program executes an action to limit communication between the electrical device and the network AP.

Abstract: Systems and methods are described for, e.g., providing a statutory audio content service on a portable device that complies with the provisions of the Digital Millennium Copyright Act (DMCA). The user can select a playlist subject to DMCA restrictions but cannot access individual items. Content playback, including skipping of content, is restricted to enforce relevant DMCA provisions. Encryption used to implement digital rights management (DRM) may be modified to enforce such content play rules or, alternatively, an additional layer of encryption may be imposed. Limitations on playback are stored along with the playlist structure in a form that is protected against modification. Information logging content playback is maintained in protected form to be uploaded and relayed to the service provider for the purpose of calculating royalty payments.

Abstract: Systems and methods for site-dependent embedded media playback manipulation whereby a media owner can enable limited embedding on non-owned or non-monetized websites to direct traffic to a more valuable location. The content owner can specify sets of internet locations with associated sets of rules governing content playback criteria as well as restrictions based upon user categorizations. A playback restriction system consists of a media delivery system and a playback rules system. The media delivery system controls the delivery of the media file with embedded restrictions. The playback rules system controls the nature of the restrictions and the rules of when they are applied. Users will be directed to the location of a more valuable website where the media can be viewed with a less restrictive set of rules.

Abstract: Anonymous information sharing systems and methods enable communication of information to parties in a privacy-preserving manner such that no one other than the designated parties can know the source, recipient, and content of the information. Furthermore, the communication can be accomplished without requiring trial decryption, and protection can be provided against of sharing of privileges.

Abstract: A method includes receiving transaction information at a mobile device from a merchant device. The transaction information includes a transaction amount and merchant information that identifies a merchant that operates the merchant device. The method further includes generating a funds transfer request in the mobile device. The funds transfer request includes the merchant information, information that indicates the transaction amount and information that identifies a customer of the merchant. The funds transfer request is for requesting that funds be transferred from a payment card account that belongs to the customer to a payment card account that belongs to the merchant. The method also includes transmitting, from the mobile device, the funds transfer request, to a financial institution that issued the customer's payment card account.

Abstract: A method of controlling access to a client over a computer network includes associating a user interface element with at least one tag and defining an access permission rule for a client, as a function of one or more tags, the function including at least one OR, NOT or inequality condition. The method further includes receiving a request of the client to access the user interface element and allowing the client to access the user interface element only if the tags of the user interface element meet the condition of the access permission rule.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: There is provided a system and method for a digital receipt for use with an interoperable keychest. There is provided a method for online registration of a digital receipt associated with a content, comprising performing a transaction to obtain from a first distributor the content encrypted by a title key and a first digital rights management (DRM) license usable with the first distributor to access the title key, receiving from the first distributor the digital receipt associated with the content including information relevant to the transaction, and transmitting the digital receipt to the interoperable keychest acting as a central key repository (CKR) for an online registration of the digital receipt associated with the content. Authorized media distributors may then generate new DRM licenses using the CKR, enabling interoperable content playback of the same universal file across different media distributors and clients.

Abstract: A system and method for verifying content on a network site is provided. A document such as a website is identified. The document is accessed over a network from a content provider system connected to the network to obtain information about the document. Through an automated process, using the information about the document to determine whether the document conforms to one or more predetermined rules associated with the content provider system governing the usage of content in the document.

Abstract: Some embodiments provide an advocate system to facilitate automated online presence verification for different entities on behalf of the entities. The advocate system places service providers on notice that profiles and information hosted by them and that form the online presence for a particular entity should first be verified with that particular entity. The advocate system further facilitates online presence verification by 1) directly or indirectly connecting the service providers that are placed on notice with the appropriate authoritative entities to facilitate the verification of the profiles and information, 2) selectively targeting service providers hosting profiles and information that are unverified, 3) automatedly verifying hosted profiles and information based on a verified profile lists and verified information that authoritative entities provide to a central repository.

Abstract: Embodiments of an invention for platform-hardened digital rights management key provisioning are disclosed. In one embodiment, a processor includes an execution unit to execute one or more instructions to create a secure enclave in which to run an application to receive digital rights management information from a provisioning server in response to authentication of the application by a verification server.

Abstract: A gateway network device may establish secure connections to a plurality of remote network devices using tunneling protocols to distribute to the remote network devices multimedia content received from one or more content providers. The consumption of the multimedia content may originally be restricted to local network associated with the gateway network device. The secure connections may be set up using L2TP protocol, and the L2TP tunneling connections may be secured using IPSec protocol. Use of multimedia content may be restricted based on DRM policies of the content provider. DRM policies may be implemented using DTCP protocol, which may restrict use of the multimedia content based on roundtrip times and/or IP subnetting. Each content provider may use one or more VLAN identifiers during communication of the multimedia content to the gateway network device, and the gateway network device may associate an additional VLAN identifier with each secure connection.

Abstract: Certain embodiments may take the form of a method of operating an electronic device to find and determine an identity of other local devices. The method includes transmitting electromagnetic signals from a first electronic device to find devices within a prescribed distance of the first device and receiving electromagnetic response signals from a second electronic device within the prescribed distance from the first electronic device. The method also includes identifying the second electronic device using information received in the electromagnetic response signals. Additionally, the method includes determining if the second electronic device is aware of other electronic devices and, if the second electronic device is aware of other electronic devices, obtaining identifying information of the other devices from the second electronic device.

Abstract: Provided are an authentication device using a true random number generating element or a pseudo-random number generating element, for example, a USB token, an authentication apparatus using the same, an authentication method, an authentication system and the like. In the authentication system, the authentication device is prepared on a user side, and one code generated in the authentication device is used to encrypt another code. The authentication apparatus registers the codes and decrypts the encrypted code sent from the authentication device by using the registered codes to perform an authentication.

Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.

Abstract: A method, system and non-transitory computer-readable medium product are provided for functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device and identifying at least one watermark template. The method further includes applying the at least one watermark template to at least one function of the user device and authorizing the request to perform the at least one function of the user device.

Abstract: Embodiments of the disclosure relate to proxying at least one email resource from at least one email service to at least one client device, determining whether the email resources are accessible to the client devices via at least one unauthorized application on the client devices, and modifying the email resources to be inaccessible via the unauthorized applications on the client devices in response to a determination that the email resources are accessible via the unauthorized applications on the client devices.

Abstract: Provided is an apparatus and method for managing Digital Rights Management (DRM) contents in a portable terminal. The method includes when a license of the DRM content is consumed, changing license information, which is stored in an external memory, on the DRM content; storing information relating to changed data of the external memory into an internal memory; determining whether the changed license information stored in the external memory has changed by using the information stored in the internal memory when the DRM content is used; and determining whether the DRM content is available according to whether the changed license information has changed.

Abstract: The present invention relates to a method and a device for determining access to multimedia content from an entry identifier, in a domain which comprises a number of entry identifiers, and where the multimedia content is assigned an access number n indicating the number of entry identifiers which may access the multimedia content. This is obtained by accessing a domain list indicating at least some of said entry identifiers in said network domain and by further determining that the entry identifier may access said multimedia content if said entry identifier is between the n entries in said domain list determined by an evaluation rule.

Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.

Abstract: The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.

Abstract: Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.

Abstract: A method of checking whether a content aggregator's content matches a content owner's content involves generating a fingerprint of the content and looking for a matching fingerprint from the content owner through a service provided by the content owner. In one aspect, the fingerprints are generated from an intermediate digest of the content instead of the original form.

Abstract: A system and method for processing an access request by a wireless device to access an IP data network is provided. An access request from a wireless device is received and denied a predetermined number of times, and the wireless device is granted a limited access to the IP data network. When the access request from wireless device is authenticated, the wireless device is granted an unlimited access to the IP data network.

Abstract: A system and method for using content on multiple devices includes a head end associating a first user device and a second user device with a user account and authorizing the first user device and the second user device to receive content. The first user device forms a selection signal corresponding to a first content. The head end communicates the first content to the first user device corresponding to the selection signal. The first user device displays the first content on a first display associated therewith. The second user device receives the first content and displays the first content on a second display associated with the second user device.

Abstract: A protected memory source device including removable non-volatile memory durably stores a signature such as a serial number or identifier, which is used to mark protected multimedia content legally stored on the protected memory device. The protected multimedia content is moved from the source device to another device, such as a target device used to aggregated protected content in a library. Moving the protected multimedia content involves replacing a source-specific header, comprising digital rights management metadata and/or other security metadata allowing only a device having the source device signature access to the content, with a target-specific header comprising digital rights management metadata and/or other security metadata allowing only a device having the target device signature access to the content. The transfer is done using one of a variety of transfer methods with either a trusted or un-trusted host system connecting the source device to the target device.

Abstract: Whether a combination method defined in an output rule satisfies a combination condition of each content specified in a play list is judged in order of priority defined in a priority list. Based on the judgment result, the output rule is edited in such a manner that the combination condition of each content specified in the play list is satisfied. The resources of the combination target contents specified in the play list are combined in accordance with the combination method of the edited output rule.

Abstract: A portable license for licensed content is obtained by a user along with a regular license in a local network, such as a home network or other private network. The portable license may be stored in a license server on a portable device, such as a smart phone or a tablet, which functions as a portable license server. The user may take the portable device to another location where it joins another local network. A device in the second network, which does not have a license to play the licensed content, may use the portable license on the portable device to execute the content, enabling the user to enjoy it in multiple environments. The device (e.g., a TV) in the second network may continue to play the content as long as the portable license or another valid license is present in the network.

Abstract: A data storage architecture for networked access by clients includes a file server capable of communication with the clients via the network, physical storage organized as a plurality of logical volumes, and an encryption device in communication with both the file server and the physical storage. The encryption device is operable in response to signaling from the file server, including an indication of a range of blocks of data, to cause encryption of the range of blocks with an encryption key that is unique within the physical storage. The encryption device includes nested tables mapping block ranges to encryption keys. Consequently, undesirable key sharing across files, file systems, and other units can be avoided down to the block level.

Abstract: A content management device, includes: a folder level access control information storage unit configured to store folder level access control information indicating access rights of a user to a folder where content is stored; an access control unit configured to acquire content level access control information indicating access rights of a user to content, from a predetermined content level access control unit; and a user interface configured to output display data for displaying a hierarchical structure between at least one folder and at least one content stored in the at least one folder, along with information indicating whether or not an inconsistency has occurred in access rights between the folder level access control information of the at least one folder and the content level access control information of the content stored in the at least one folder.

Abstract: A system and method of providing universal digital rights management system protection is described. One feature of the invention concerns systems and methods for repackaging and securing data packaged under any file format type, compression technique, or digital rights management system. Another feature of the invention is directed to systems and methods for securing data by providing scalability through the use of modular data manipulation software objects.

Abstract: A method for use in playing content that is made up of data includes establishing in a device a physical media storing a first portion of the data making up the content, receiving a streamed second portion of the data making up the content, wherein the second portion of the data includes essential information for reconstructing the content from the first portion of the data, and playing the content by combining the first portion of the data with the second portion of the data to correctly reconstruct the content. A method for use in enhancing security of content that is made up of data includes removing information from the data making up the content that is essential for playing the content.

Abstract: The present invention proposes a method for obtaining a digital right management (DRM) function for playing DRM contents on a user device according to need. To this end, the present invention comprises the steps of, when a user device requests a specific DRM contents or accesses a service system, a user device obtaining a rights object corresponding to a request; determining information on a current DRM function using the rights object; and when a new DRM function is required, installing a new DRM function or upgrading the standard DRM function.

Abstract: A system and method for managing control of a network interface device. Permissions for management of a NID are established. The permissions enable a user to deny a third party access to one or more portions of the NID. Access for the third party to the one or more portions of the NID are granted in response to receiving an authorized override command from the third party. Activities performed by the third party are logged by the one or more portions of the mid-in response to receiving the authorized override command from the third party.

Abstract: Apparatus and methods for enabling protected premises networking capabilities. In one embodiment, a white list of devices authorized to access a premises network and a black list of device not authorized to access a premises network are utilized. The black and white lists may be stored at a database in communication with an authorization manager or may be stored at the manager itself. When a client device is connected to a premise, the manager determines, based on the premises and/or device identity, whether the device is entitled to access. The authorization manager makes this determination based on whether the device is on the white or black list. If the device is on neither list, the manager may add the device to the white list upon appropriate verification. The manager may also facilitate removal of a device from the white list to the black list upon request or automatically.

Abstract: When license information is transferred between a server machine and a client machine, an identifier which is unique to a series of communication sequences is provided. The identifier is sent when a communication is performed between the two machines, as well as when the license information is updated. Therefore, when a message for transferring the license information is received by the use of the same identifier, a response message is returned without updating the license information.

Abstract: A system for security management for applications associated with multiple user registries can include an integrated console configured to host a one or more applications or resource objects in corresponding realms. The system also can include one or more roles mapped to different ones of the resource objects and also to different users permitted to access the integrated console. The system yet further can include a user relationship system having associations with multiple different ones of the roles. Finally, the system can include console security management logic programmed to manage authentication for the users using realm of the resource object while not requiring a separate user registry for the integrated console.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authorizing actions of a service provider. In one aspect, a method includes providing a user security key to a mobile device of a user. A request is received from a client device distinct from the mobile device to perform an action. A challenge token including a security signature matched to a service security key is generated, and the challenge token is provided to the mobile device. An approval value is received from the client device. The approval value is determined to be valid in reference to the challenge token and the user security key previously provided to the mobile device and to indicate approval to perform the action for the user. The action is performed in response to receiving the approval value.

Abstract: Trusted user accounts of an application provider are determined. Graphs, such as trees, are created with each node corresponding to a trusted account. Each of the nodes is associated with a vouching quota, or the nodes may share a vouching quota. Untrusted user accounts are determined. For each of these untrusted accounts, a trusted user account that has a social networking relationship is determined. If the node corresponding to the trusted user account has enough vouching quota to vouch for the untrusted user account, then the quota is debited, a node is added for the untrusted user account to the graph, and the untrusted user account is vouched for. If not, available vouching quota may be borrowed from other nodes in the graph.

Abstract: A method and wireless device for updating at least one cryptographic security key (116) associated with a wireless device (104) and an authentication module (108). An over-the-air programming message comprising security key update information is received (804) from an information processing system (118). The security key update information is processed (808). At least one new security key is extracted from the security key update information in response to the processing (806). At least one existing security key (116) is updated with the at least one new security key (124) that has been extracted.

Abstract: Provided are a method, system, and computer storage device for managing zone information for devices in a network. A zone table includes entries indicating whether devices in at least one zone are permitted to communicate. An attributes table has attributes of the devices indicated in the zone table. A determination is made of attributes from the attributes table for devices indicated in the zone table entries as being permitted to communicate. The entries in the zone table indicating that devices can communicate are verified by determining whether the attributes for the devices indicated as permitted to communicate in the entries in the zone table are consistent with the determined devices being able to communicate. Information is outputted indicating whether the entries in the zone table indicating that devices can communicate are in error.

Abstract: A method of using a mini filter driver to secure access to encrypted information stored on a removable storage device. The method comprises receiving a request to read information from the removable storage device. The mini filter driver ascertains if the request originated from an authorized client. The mini filter driver receives encrypted information read from the removable storage device, and decrypts the encrypted information in the event that the request originated from an authorized client. The decrypted information can then be conveyed to the authorized client. If the client is not authorized, then the mini filter driver does not decrypt the information.

Abstract: The invention provides a method and system for presenting information in a web document using a program applet to restrict further copying or redistribution. The web document includes a first region in which a graphical element or other information is displayed, and a second region covering the first region in which a program applet is invoked by a server for the web document. The program applet is dynamically created upon access, and assigned a serial number. The program applet contacts the server for permission to display the graphical element or other information; thus, the server can control, by granting or denying permission, when and if the program applet displays the graphical or other information.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting one or more portions of one or more items and that was in possession of a first user has been transferred from the first user to a second user; and marking, in response to said determining, the one or more portions of the one or more items to facilitate the computing device in returning to the one or more portions upon the computing device being at least transferred back to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Method for providing access to private digital content installed on a content server C(s), wherein a content manager server C(a) has a number of clients potentially interested in the private content; the method comprising the following steps performed at the content management server C(a): establishing a first communication channel with a client C(b) of the number of clients; receiving a query for private digital content from the client C(b) and sending an appropriate response, causing the client to establish a second communication channel with the content server; establishing a secure session with the content server C(s) over the first and second communication channel; establishing a new session key for the secure session and transmitting said new session key to the client C(b), so that the client can obtain the queried private digital content from the content server as if the client is the content management server.

Abstract: An electronic device, prior to entering a distribution channel, is equipped with a loss prevention client which permits limited use of the device until correct authentication is provided by a legitimate purchaser. By permitting limited use before authentication, the device remains both useful to a legitimate purchaser and valuable to a thief. While allowing operation in the possession of a thief, options can be provided to permit tracking of the device or to allow proper purchase of the device.

Abstract: A method for use in providing content that is made up of data includes providing a first portion of the data making up the content to a user, and making available for a limited amount of time an ability to stream a second portion of the data making up the content to a device having the first portion of the data. The second portion of the data includes essential information for reconstructing the content from the first portion of the data. Also disclosed are a storage medium storing a computer program for causing a processor based system to assist with providing content, and a system for use in providing content.

Abstract: A system and method of distributing a file maintained on a first device located at the top tier of a secured network having at least a second device at a lower tier, without needing to change security parameters of the secured network, is disclosed. Network administrators may access the top tier of the network, may add files into the system, and may generate a file privilege file. The file privilege file can include configuration information for a computer on a tier and may include information about files accessible to a computer on a specific tier. The network propagates the file privilege file from the first device through intermediate devices and onto the second device. The second device may then receive a file authorized from the first device via a connection in the secured network. The second device may also propagate files up to the first device.