Abstract: A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module.

Abstract: A method of logging in a health information tele-monitoring device by using a personal portable device. The method includes issuing a security key embedded in a health information tele-monitoring device to a personal portable device, storing the security key issued by the health information tele-monitoring device in the user's personal portable device; requesting the user's personal portable device to authenticate the health information tele-monitoring device in order to connect the health information tele-monitoring device to a healthcare server; and authorizing access of the health information tele-monitoring device to the healthcare server.

Abstract: System and method for creation and use of an agreement object having content packages and a transportable agreement, including both the content of the agreement and data used to validate the signatories and an audit trail for the agreement.

Abstract: The certificate with specified conditions under which copyrighted material can be played. Copyrighted material, such as videos are stored in a storage unit. They are stored along with a policy that indicates when the information can be played. The information can, for example be encrypted one stored, and the decryption key is available only when characteristics of the policy are met. When those characteristics are not met, the information can not be retrieved at all or only can be retrieved in some very limited format.

Abstract: Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.

Abstract: Aspects of the subject matter described herein relate to facilitating claim use in an identity framework. In aspects, a definition of a trust framework may be received and stored. A graphical interface may display a plurality of trust frameworks and allow an administrator to select which trust framework to instantiate. The graphical interface may also allow the administrator to define which rules of the trust framework to use in the instance of the trust framework. After receiving this information, the instance of the trust framework may be instantiated and configuration data provided to the administrator to allow the administrator to configure a Web service to invoke the instance of the trust framework to grant or deny access to the Web service.

Abstract: The disclosure provides a system and method of authenticating a user to a network. For the method, if a request for a resource initiated by the device is related to a restricted resource, then the method: redirects the request to the authentication server; initiates an authentication process at the server to request a user account and a password from the device to authenticate the device if it has not been authenticated; automatically provides the device with access to the restricted resource if the device previously had been authenticated to access the restricted resource; and provides a signal to the device indicating whether it has been authenticated to allow the device to update its graphical user interface to indicate an access status for the restricted resource. If the request relates to a non-restricted resource, then the method automatically provides the device with access to the non-restricted resource.

Abstract: A system, method and program product for controlling access to a restricted item. A method is provided that includes: receiving a request for access to a restricted item at a computer system associated with a provider, said request originating from a client system; determining an IP address of the client system; determining a mobile phone number of a mobile phone associated with the requester; transmitting to a third party service provider the IP address and mobile phone number; and receiving back from the third party service provider a confirmation message indicating whether or not the IP address and mobile phone are located within an acceptable range of each other.

Abstract: A terminal device controls delivery of information from a primary delivery destination to a secondary delivery destination. The terminal device stores a primary delivery condition regarding whether delivery of the information to the primary delivery destination is prohibited or permitted, and a trustability value showing a degree of trust of a user in the primary delivery destination. The terminal device judges whether or not to deliver the information to the primary delivery destination, by using the primary delivery condition. When judging to deliver the information, the terminal device calculates a secondary delivery condition using the trustability value and the primary delivery condition, the secondary delivery condition regarding whether delivery of the information from the primary delivery destination to the secondary delivery destination is prohibited or permitted. The terminal device then sends the generated secondary delivery condition to the primary delivery destination.

Abstract: Methods and systems for providing a centralized management system with an integrated license server and pluggable license features are provided. More particularly, the administration of application instances or other assets through the centralized management system results in the initiation of a license validation process by the central management system in cooperation with a license server. The system management application providing centralized asset management and the license server performing license validation are co-resident on a central management server. The availability of assets requiring a license is implemented through asset administration data maintained by the central management server, to indicate the existence of a required license, where the license server indicates that the required license is available. Access to an asset is denied where the license server indicates the absence of a required license to the system management server.

Abstract: A system and method for secure transport of data, the method comprising: sharing of key information with a key distributor, wherein the key information is for enabling decryption of first and second encrypted data, the key distributor being for making one or more decryption keys available to an authorized user; creating a container object, the container object comprising: first encrypted data having a first encryption based on at least a part of said key information; second encrypted data having a second encryption based on at least a part of said key information, wherein the first encryption is different to the second encryption; and metadata relating to the first encrypted data and the second encrypted data; and sending the container object to a data store or otherwise making the container object available, to allow user access to said data container object.

Abstract: A method begins by a processing module determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs). The method continues with the processing module determining whether one of the plurality of DSNs is a home DSN to a requesting entity when the data access request is requesting access to data stored in the plurality of DSNs. The method continues with the processing module utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN, validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate, and utilizing the valid signed certificate to access the one or more DS units of the non-home DSN when the plurality of DSNs includes the home DSN.

Abstract: An information processing system provisions a client account for a user to enable a client computer associated with the user to store information in an elastic storage system and to prohibit the client computer, the information processing system, and the elastic storage system from altering and from deleting the stored information during an authorized retention period. Data messages are received from one or more client computers and include information that is required to be stored for the authorized retention period. That information is transmitted via one or more data communications networks to the elastic storage system for storage so that the stored information is non-rewriteable and non-erasable during the authorized retention period. The secure data center receives the retrieved copy and provides it to the user device.

Abstract: A data center determines whether requested content is available at the data center. The content is available when the content is both present at the data center and current. When the requested content is available at the data center, the data center returns the requested content to the browser. When the requested content is locally unavailable at the data center, the requested content is retrieved from an origin server. When retrieval of the content is delayed, the request is prioritized and placed in a queue for handling by the origin server based on the priority of the request. A status page may be communicated to the browser to inform a user of the delay and provide alternate content and status information related to the request determined as a function of the request or the current state of the origin server.

Abstract: A system comprises a plurality of image forming apparatuses, wherein a first image forming apparatus includes: a correspondence determination unit that determines which function in the first image forming apparatus the service provider of the first image forming apparatus corresponds to; a provider determination unit that determines a second image forming apparatus in the plurality of image forming apparatuses that includes the same service provider as the service provider of the first image forming apparatus; a license verification unit that verifies whether license information is assigned to the service provider of the second image forming apparatus determined by the provider determination unit; and an assignment unit that assigns, to the second image forming apparatus to which the license information is not assigned, license information of the service provider from the first image forming apparatus to the second image forming apparatus and server relation information that is information for accessing a ser

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: The method of securing data transfer comprises: a step of attempting to transmit a document from a document sender to at least one document recipient, by implementing at least one transmission attribute and for at least one step of attempted transmission, a step of evaluating the value of at least one transmission attribute and a step of making the evaluation of the value of the transmission attribute available to the sender. Preferably, in the course of the evaluating step, the evaluation is dependent on the anomalies of correspondence that are observed for each attempted transmission. Preferably, in the course of the evaluating step, the evaluation is, moreover, dependent on the elements provided by the recipient in the course of a step of registering with an electronic document transmission service.

Abstract: A system and method for modifying material related to computer software. The system receives an original disclosure for a software system. A masquerading algorithm is applied to the original disclosure to generate a new disclosure. The subject matter of the new disclosure is different from the original disclosure but has the same functionality. The system also receives original source code for the software system and applies a camouflaging algorithm to the original source code to generate modified source code and conversion data for converting between the modified source code and the original source code.

Abstract: A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.

Abstract: A method of operation of a content delivery system includes: compiling a detected device ensemble; detecting user information to develop a profile; and retrieving a content with an access level matching the profile and compatible with the detected device ensemble for displaying on a device.

Abstract: Disclosed are a method for providing a license corresponding to encrypted contents to a client apparatus, which provides a license in response to a request of the license corresponding to contents super-distributed to a third person in a DRM conversion system, and a DRM conversion system using the same. First digital rights contents type first contents and a first license corresponding to the first contents are digital rights management converted to generate second digital rights contents type second contents and a second license corresponding to the second contents. A license request corresponding to the second contents super-distributed to a third person is received. A second license corresponding to the second contents super-distributed is requested from a server corresponding to the second digital right management. The second license corresponding to the second contents super-distributed is received and transmitted to the third person.

Abstract: A system and method for using content on multiple devices includes a head end associating a first user device and a second user device with a user account and authorizing the first user device and the second user device to receive content. The first user device forms a selection signal corresponding to a first content. The head end communicates the first content to the first user device corresponding to the selection signal. The first user device displays the first content on a first display associated therewith. The second user device receives the first content and displays the first content on a second display associated with the second user device.

Abstract: A server sets security configuration information and inserts the security configuration information into a file. The server generates a new file according to the security configuration information and the file, and displays content of the new file and operates the new file, in response to a determination that the client has authority to access and operate the new file. The server updates the security configuration information in the new file after the new file has been operated by the client.

Abstract: A piece of software code, as well as a series of semi-random character strings are embedded into a copy of a software application. The application executes the embedded code on activation and may also invoke the embedded code periodically thereafter. The embedded code generates a knowledge string from a seed string and then generates an activation code from the seed string and the knowledge string. The activation code is checked against an externally-supplied code to ensure that the codes match, indicating a non-pirated copy of the software application.

Abstract: A social networking system obtains parental authorization from a parent for a child to access a computing resource, where the parent and the child are users of the social networking system. The child user may request the authorization by identifying a purported parent user. The social networking system attempts to verify the validity of the purported parent user's account, the age of the user associated with the purported parent's account, and/or the existence of a parent-child relationship between users of the accounts associated with the purported parent and the child. The social networking system makes these determinations, at least in part, using social and transactional information associated with the purported parent user's account and the child user's account in the social networking system. Upon verification of these items, the social networking system may allow the purported parent to provide authorization responsive to the child's request to access the computing resource.

Abstract: Apparatus, system, and media for utilizing content. An exemplary system comprises a first computing device and a second computing device, wherein the first computing device transmits a request for access to content to the second computing device, receives the content from the second computing device, and grants at least one permitted utilization of the content, and wherein the second computing device receives the request for access to content from the first computing device, determines whether the first second computing device is permitted to receive the content, grants access to the content based at least in part on the first computing device being permitted to receive the content, and transmits the content to the first computing device based at least in part on the first computing device being permitted to receive the content.

Abstract: Systems and methods for authenticating a media device or other information handling system so as to be able to receive content from one or more media content providers. Authenticating the device includes determining what authentication information the media content providers require for access and then to generating and providing to the media device an authentication token that includes the required information. In some embodiments this may be accomplished by a service center, which removes the need for additional authentication steps to be performed by the media device or the media content providers. In addition, the service center may also determine when changes are made to the authentication information and may then ensure that the authentication token is changed or updated to reflect these changes. This ensures that the media device is at least partially immune to changes to authentication.

Abstract: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

Abstract: While a stream device is streaming a media program from a multimedia device to a client device, the streaming device may be configured to send a first portion of the media program to the client device, where the first portion is transcoded from a first format into a second different format and adapted for a first playing mode of the client device. The streaming device may be configured to receive an indication of a user command from the client device specifying a second different playing mode of the client device. The streaming device may be configured to send a second different portion of the media program to the client device, where the second portion is transcoded from the first format to the second format and adapted for the second playing mode of the client device.

Abstract: Systems and methods for searching secure electronic messages. An input search is received for use in searching content of electronic messages. The search includes searching content of secure electronic messages. The results of the search are provided.

Abstract: Disclosed herein are methods for protecting user information on a client device that may have a plurality of users. A user interface with a public machine designation portion is presented to a user prior to the start of the authentication process. The public machine designation removes web service account descriptions and any user specific information stored on the client device. Also, the client device is prevented from storing any new user specific information that is provided to the client device. The public machine designation is a persistent feature that may only be disabled by an affirmative action from the user.

Abstract: Provided are a method, system, and computer storage device for managing zone information for devices in a network. A zone group table includes entries for different pairs of zones, wherein each entry indicates whether access between a pair of the zones is permitted. An attribute zone table indicates whether devices in the zones are initiator, target and/or initiator/target. For a selected zone, indication is made of whether ports in the devices in the selected zone have an initiator, target and/or initiator/target attribute as indicated in the attribute zone table. A determination is made as to whether all the ports in the devices in the selected zone have the same attribute of initiator, target or initiator/target. If so, a division proposal is indicated for the selected zone proposing to separate devices in the selected zone into at least one new zone.

Abstract: A computer-implemented method for transferring authentication credentials may include 1) identifying a request to receive an authentication credential that is stored on a first computing device onto a second computing device, 2) identifying an asymmetric key pair on the second computing device, 3) generating an identifier of the asymmetric key pair on the second computing device, 4) transmitting an encryption key of the asymmetric key pair and the identifier of the asymmetric key pair to a credential repository, 5) displaying the identifier of the asymmetric key pair to facilitate retrieval of the authentication credential from the credential repository based on the identifier, and 6) retrieving the authentication credential, encrypted with the encryption key of the asymmetric key pair, from the credential repository. Various other methods and systems are also disclosed.

Abstract: Methods and systems for using a flexible serialization technique to determine whether certain protected content items (e.g., software) are eligible to be installed on a target computer system during an installation procedure are described. Consistent with some embodiments of the invention, a serial number entered by an end-user is decoded to identify a product identifier that corresponds with a select folder in a folder hierarchy on a storage medium that contains various payloads for installing digital content items on a target computer system. The folder that corresponds with the product identifier includes license configuration information that specifies a set of digital content items eligible for installation, based on the serial number entered by the end-user.

Abstract: A secure hash, such as a Hash-based Message Authentication Code (“HMAC”), is generated using a piece of secret information (e.g., a secret key) and a piece of public information specific to each escrow key (e.g., a certificate hash or public key). Using the secret key ensures that escrow key validation data can only be generated by knowing the secret key, which prevents an attacker from generating the appropriate escrow key validation data. Using the certificate hash as the public data ties each escrow key validation data to a particular certificate, thereby preventing the attacker from simply copying the validation data from another escrow key. Any escrow key that is found to be invalid may be removed from the file container and a system audit log may be generated so that a company, individual, or other entity can be aware of the possible attempt at a security breach.

Abstract: When a viewer views content, it is reproduced by a reproduction procedure depending on a dynamic condition set in the content. Here, a content object data input unit obtains an externally-input content object. The content object is stored in a content object data retention unit, if necessary. The content object includes a reproduction rule and a content data. A reproduction rule evaluation and execution unit obtains the reproduction rule in the content object and performs processing in accordance with the reproduction rule. The reproduction unit reproduces a reproducible data specified by the reproduction rule evaluation and execution unit. An identifier management unit retains an identifier of a content object reproduction device and provides the identifier upon request. It is thus possible to reproduce in accordance with the reproduction rule set in the content object data and to control the reproduction procedure depending on the dynamic condition.

Abstract: A method of sharing content for an electronic device is provided. The electronic device is capable of changing contents that are to be shared when a network changes. The content sharing method includes storing a list of contents shared between the electronic device and another electronic device via a network formed using an access point, such that the contents match the access point, and setting contents included in a list of contents stored to match the access point as contents to be shared in response to the electronic device being connected to the network via the access point.

Abstract: A network in which a client receives a network credential, such as a valid network address, following an exchange of messages with a credential server that includes security information. The security information may validate the credential, avoiding rogue devices inadvertently or maliciously distributing credential information that can interfere with clients attempting to connect to the network or with the network itself. If obtaining a network credential requires an exchange of information about the configuration of the client that could reveal security vulnerabilities, the security information may be used to ensure the confidentiality of that configuration information. The security information may be incorporated into messages according to a known protocol, such as by incorporating it into options fields of DHCP messages.

Abstract: Disclosed are systems, methods and computer program products for protecting cloud security services from unauthorized access and malware attacks. In one example, a cloud server receives one or more queries from security software of the user device. The server analyzes a system state and configuration of the user device to determine the level of trust associated with the user device. The server also analyzes the one or more queries received from the security software to determine whether to update the level of trust associated with the user device. The server determines, based on the level of trust, how to process the one or more queries. Finally, the server provides responses to the one or more queries from the security software based on the determination of how to process the one or more queries.

Abstract: A method and system for granting access to system and content is provided. A key is provided that allows access by a client computer to content that includes a plurality of resources. A server is accessed and the key is provided to the server. Based on the key, access is granted to the content. A program on the client computer requests a resource of the plurality of resources. If the resource is located locally, the resource is provided to the program. Otherwise, the resource is downloaded from the content server and stored locally. A data structure is modified to indicate that the resource is stored locally and the resource is provided to the program.

Abstract: A method for controlling access to protected computer resources provided via an Internet Protocol network that includes registering identity data of a subscriber identity module associated with at least one client computer device; storing (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module, and (iii) authorization data regarding the protect computer resources; receiving the identity data of a subscriber identity module, and a request for the protected computer resources; authenticating (i) the identity data of the at least one access server, and (ii) the identity data of a subscriber identity module; authorizing the at least one client computer device to receive at least a portion of the protected computer resources; and permitting access to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with

Abstract: An electronic device obtains a device password associated with the new enrollee device to be configured for a communication network. The device password is provided to a network registrar to cause the network registrar to configure the new enrollee device for the communication network. The network registrar performs an enrollment process based upon the device password and provides feedback to the electronic device to indicate whether or not the new enrollee device was successfully added to the communication network. Alternatively, when an electronic device detects the presence of a new enrollee device to be configured for the communication network, the electronic device generates a device password for the new enrollee device and provides the device password to the new enrollee device and to the network registrar, thereby causing the network registrar to initiate an enrollment process for the new enrollee device based upon the device password.

Abstract: The present disclosure is directed to a method for sending and receiving an encrypted message and a system thereof. The method includes steps of encrypting a message, transforming the encrypted message into network address, sending the network address to a receiver, and accessing a server according to the network address by the receiver, and a server decrypting the message, presenting the decrypted message to the receiver, and thereafter preventing the message from being accessed. Advantages include that any mobile phone capable of connection to a wireless network can read an encrypted message without installation of a decryption software on a mobile phone of a receiver.

Abstract: Various embodiments are disclosed relating to performing a trusted copy and paste operations between a source application and a target application. For example, a trust system may receive a paste request for pasting copied source content, and may compare a source trust level associated with the source content to a target trust level associated with a target application. In this way, for example, harmful or disruptive code may be prevented from being pasted into the target application.

Abstract: A method and system is provided for using an access list stored on a memory of a first computing device, the access list for controlling communication between the first computing device and a plurality of computing devices in a Bluetooth communication network.

Abstract: Digital certificate public information is extracted using a processor from at least one digital certificate stored within at least one digital certificate storage repository. The extracted digital certificate public information is stored to at least one dynamically-created certificate public information directory. At least a portion of the digital certificate public information stored within the at least one dynamically-created certificate public information directory is provided in response to a digital certificate public information request.

Abstract: In some embodiments, a method includes receiving a modifiable electronic document. The method includes generating a new version of the modifiable electronic document. The method also includes encrypting the new version of the modifiable electronic document using an encryption key that is used to encrypt the modifiable electronic document and different versions of the modifiable electronic document. The method includes saving the new version of the modifiable electronic document.

Abstract: A device for communicating with other devices to allow them to access applications, comprises: at least a first application; authentication means for authenticating a communicating device; and access control means accessible by a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication means. The device is further arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein if the arbitration requires an authentication of the communicating device, the access control means instructs the authentication means to authenticate the communicating device.

Abstract: Various data protection techniques are provided. In one embodiment, a memory device is provided. The memory device may initiate a security measure upon occurrence of one or more triggering events. The one or more triggering events may include receipt of a command signal. Various additional methods, devices, and systems are also provided.

Abstract: In embodiments of the present invention improved capabilities are described for securely viewing computer data content, such as documents, presentations, spreadsheets, emails, blog entries, texts, and the like, through a secure viewing facility, where the secure viewing facility utilizes a camera or other biometric sensor to monitor an authorized user's actions in the determination of whether the secure viewing facility will permit the computer data content to be viewed on the computer's display, and/or in the control of the viewing process itself.