Abstract: A programmable display device includes a communication driver, a file system process unit that accesses the portable storage medium storing backup/restore target information that includes a target control device and target setting information respectively specifying the control device on which the backup/restore process is performed out of the control devices connected to the programmable display device and setting information, and a setting-information obtaining/writing process unit that accesses the control device via the communication driver based on the backup/restore target information and performs the backup/restore process of the setting information by accessing the portable storage medium via the file system process unit.

Abstract: A system and methods for location authentication are presented. An estimated server signal is estimated based on a generated known code signal, and a client received satellite signal is received from a client device. The client received satellite signal is compared to the estimated server signal to provide a comparison result.

Abstract: A method and apparatus for determining whether a second computing system meets a minimum level of protection for a DLP policy of a first computing system are described. A DLP agent may monitor outbound data transfers performed by the first computing system, and determines a violation of a DLP policy in a current one of the outbound data transfers to a second computing system. The DLP agent initiates a handshake protocol with the second computing system to determine whether the second computing system meets a minimum protection level for the DLP policy. If the second computing system does not meet the minimum protection level for the DLP policy, the DLP agent prevents the current data transfer to the second computing system; otherwise, the DLP agent permits the current data transfer.

Abstract: An information processing apparatus includes a determination unit configured to determine whether user information has been input to a printing apparatus before a print instruction for printing document data is received, and a transmission unit configured to transmit, when the determination unit determines that the user information has been input to the printing apparatus before the print instruction for printing the document data is received, a print job to the printing apparatus to which the user information has been input.

Abstract: The invention, related to information security field, discloses a method for protecting software, and device and system thereof. The method includes that a security device is connected with a terminal device; the security device receives service instruction, determines whether the clock inside the security device is activated, reads the current time of the clock and determines whether the current time is valid; if so, the security device executes the service instruction and returns the executing result to the terminal device; otherwise, the security device returns false result to the terminal device. The invention provides more secure service to the protected software, meanwhile, extends lifetime of the security device.

Abstract: An apparatus connected to a license management apparatus, storing license status data with license identifiers, via a network, and includes a part for receiving a request to acquire a license corresponding to a license identifier, a part for receiving designation of at least one electronic device for acquiring the license, a part for obtaining a license file corresponding to the license identifier from the license management apparatus, updating the license status data corresponding to the license identifier, and recording the license file to a storage part with the electronic device, a part for executing acquirement, and a part for executing re-execution in a case where the acquiring of the license by the electronic device is determined as a failure according to the result. The re-execution includes displaying the failure of the acquirement on a screen and re-executing the acquirement with the license file based on data input to the screen.

Abstract: A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device.

Abstract: A computer implemented method, apparatus, and computer usable program code for assuring data integrity is shown. A partition receives a request to execute an executable file from a source external to the partition. A memory region is created within the partition. The partition or service interface makes an authentication determination. The partition executes an executable file in the memory region based on the request, provided there is a positive authentication determination.

Abstract: A computer program product that includes a computer useable storage medium to store a computer readable program for proximity-based authentication for managing personal data that, when executed on a computer, causes the computer to perform operations. The operations include receiving a request for personal data from a data access device, determining a first location corresponding to a location of the data access device, and determining a second location corresponding to a location of an authentication device. The operations also include transmitting the personal data to the data access device if the first location is within a threshold distance of the second location.

Abstract: A system and method that enables secure system boot up with a restricted central processing unit (CPU). The system includes a memory, a segmenting device, and a security sub-system. The memory is a NAND flash memory with a block structure that comprises a guaranteed block and non-guaranteed blocks. The guaranteed block is guaranteed to be useable. A boot code is segmented into boot code segments and the boot code segments are stored separately in the guaranteed and non-guaranteed blocks. The security sub-system is configured to locate the boot code segments stored in the non-guaranteed blocks and validate them independently based on data in the guaranteed block. The security sub-system is further configured to assemble the boot code segments into the boot code and execute the boot code.

Abstract: A computer program product that includes a computer useable storage medium to store a computer readable program for proximity-based authentication for managing personal data that, when executed on a computer, causes the computer to perform operations. The operations include receiving a request for personal data from a data access device, determining a first location corresponding to a location of the data access device, and determining a second location corresponding to a location of an authentication device. The operations also include transmitting the personal data to the data access device if the first location is within a threshold distance of the second location.

Abstract: Methods and systems to allow for the streaming of media from a file server to a client, where the streaming occurs concurrently with the execution of an information security protocol. The security protocol allows the client to securely receive one or more keys that allow the client to access the media. This permits a user to access the media sooner than would otherwise be possible, while allowing timely performance of security related processing.

Abstract: An improved technique involves creating a new lockbox mechanism which is configured to work on a new or upgraded operating platform having different operating platform parameters, and then storing confidential information within the new lockbox (e.g., a copy of credentials which are also stored at a main site). When the new lockbox is then moved to the new or upgraded operating platform, the new lockbox mechanism properly works. Such operation enables the maintained compatibility with applications, control and maintenance of lockbox security throughout, and can be performed automatically and/or remotely.

Abstract: A system and method that regulates the various operations between computing stations and storage devices. Storage devices are the storage means that are contained upon devices that are able to have data stored upon them. Any operation that involves or may lead to the exchange or accessing of content (data) between a storage device and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage device, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed upon a computing station for specific user(s) and will regulate the data operations that may take place between the computing stations and storage devices based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied.

Abstract: A method begins by a processing module receiving, from a user device, a request to access secure data, wherein the request includes a user identification code and at least one object name for the secure data. The method continues with the processing module processing the request to determine a security level associated with the user device and to determine security parameters associated with the secure data. The method continues with the processing module determining a level of access to the secure data based on the security level associated with the user device and the security parameters. The method continues with the processing module retrieving a set of encoded data slices from dispersed storage units, wherein the set of encoded data slices includes less than a reconstruction threshold number of encoded data slices and generating a response that includes the set of encoded data slices when the level of access is a partial access level.

Abstract: A method of logging in a health information tele-monitoring device by using a personal portable device. The method includes issuing a security key embedded in a health information tele-monitoring device to a personal portable device, storing the security key issued by the health information tele-monitoring device in the user's personal portable device; requesting the user's personal portable device to authenticate the health information tele-monitoring device in order to connect the health information tele-monitoring device to a healthcare server; and authorizing access of the health information tele-monitoring device to the healthcare server.

Abstract: A data leakage prevention system, method, and computer program product are provided for preventing a predefined type of operation on predetermined data. In use, an attempt to perform an operation on predetermined data that is protected using a data leakage prevention system is identified. Additionally, it is determined whether a type of the operation attempted includes a predefined type of operation. Furthermore, the operation on the predetermined data is conditionally prevented based on the determination to prevent circumvention of the protection of the data leakage prevention system.

Abstract: A first request is received, at a service application programming interface (API) of an authorization server, to change a permission of a first role for accessing a first resource. In response to the first request, a first role-based permission data structure associated with the first role is accessed to identify an entry associated with the first resource, where the first role-based permission data structure includes entries corresponding to resources, respectively. Each resource is associated with one or more permissions for a user of the first role to access the corresponding resource. One or more permissions are updated in the identified entry associated with the first resource.

Abstract: The invention provides a method for accessing the mass memory of a data carrier with a mass memory and a chip. The data carrier has been or is personalized by an individual date of a use device which is or has already been stored in(to) the chip to a use device for accessing the data carrier, so that the data carrier can only be used with this use device.

Abstract: A method and apparatus is provided for decrypting an encrypted transport stream, comprising. The method includes receiving the encrypted transport stream over a content delivery network. The encrypted transport stream is encrypted using a first control word that serves as an encryption/decryption key. A variable control word is received over the content delivery network. The variable control word is mathematically constrained to create a second control word. The encrypted transport stream is decrypted using the second control word if the second control word is the same as the first control word.

Abstract: A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module.

Abstract: Embodiments of the invention are generally directed to systems, methods, devices, and machine-readable mediums for implementing gesture-based signature authentication. In one embodiment, a method may involve generating a data protection policy from an un-trusted software environment to govern access to protected data stored in memory in the local computer system. Then the method maps the data protection policy to an enforceable system-level data protection policy managed by an Information Flow and Tracking Protection (IFTP) logic. Next, the method flags the first memory page containing the protected data. Finally, the method enforces the generated data protection policy for the first memory page containing the protected data using the IFTP logic and the enforceable system-level data protection policy.

Abstract: The certificate with specified conditions under which copyrighted material can be played. Copyrighted material, such as videos are stored in a storage unit. They are stored along with a policy that indicates when the information can be played. The information can, for example be encrypted one stored, and the decryption key is available only when characteristics of the policy are met. When those characteristics are not met, the information can not be retrieved at all or only can be retrieved in some very limited format.

Abstract: System and method for creation and use of an agreement object having content packages and a transportable agreement, including both the content of the agreement and data used to validate the signatories and an audit trail for the agreement.

Abstract: Aspects of the subject matter described herein relate to facilitating claim use in an identity framework. In aspects, a definition of a trust framework may be received and stored. A graphical interface may display a plurality of trust frameworks and allow an administrator to select which trust framework to instantiate. The graphical interface may also allow the administrator to define which rules of the trust framework to use in the instance of the trust framework. After receiving this information, the instance of the trust framework may be instantiated and configuration data provided to the administrator to allow the administrator to configure a Web service to invoke the instance of the trust framework to grant or deny access to the Web service.

Abstract: Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.

Abstract: A method begins by a processing module determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs). The method continues with the processing module determining whether one of the plurality of DSNs is a home DSN to a requesting entity when the data access request is requesting access to data stored in the plurality of DSNs. The method continues with the processing module utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN, validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate, and utilizing the valid signed certificate to access the one or more DS units of the non-home DSN when the plurality of DSNs includes the home DSN.

Abstract: A terminal device controls delivery of information from a primary delivery destination to a secondary delivery destination. The terminal device stores a primary delivery condition regarding whether delivery of the information to the primary delivery destination is prohibited or permitted, and a trustability value showing a degree of trust of a user in the primary delivery destination. The terminal device judges whether or not to deliver the information to the primary delivery destination, by using the primary delivery condition. When judging to deliver the information, the terminal device calculates a secondary delivery condition using the trustability value and the primary delivery condition, the secondary delivery condition regarding whether delivery of the information from the primary delivery destination to the secondary delivery destination is prohibited or permitted. The terminal device then sends the generated secondary delivery condition to the primary delivery destination.

Abstract: A system, method and program product for controlling access to a restricted item. A method is provided that includes: receiving a request for access to a restricted item at a computer system associated with a provider, said request originating from a client system; determining an IP address of the client system; determining a mobile phone number of a mobile phone associated with the requester; transmitting to a third party service provider the IP address and mobile phone number; and receiving back from the third party service provider a confirmation message indicating whether or not the IP address and mobile phone are located within an acceptable range of each other.

Abstract: The disclosure provides a system and method of authenticating a user to a network. For the method, if a request for a resource initiated by the device is related to a restricted resource, then the method: redirects the request to the authentication server; initiates an authentication process at the server to request a user account and a password from the device to authenticate the device if it has not been authenticated; automatically provides the device with access to the restricted resource if the device previously had been authenticated to access the restricted resource; and provides a signal to the device indicating whether it has been authenticated to allow the device to update its graphical user interface to indicate an access status for the restricted resource. If the request relates to a non-restricted resource, then the method automatically provides the device with access to the non-restricted resource.

Abstract: A system and method for secure transport of data, the method comprising: sharing of key information with a key distributor, wherein the key information is for enabling decryption of first and second encrypted data, the key distributor being for making one or more decryption keys available to an authorized user; creating a container object, the container object comprising: first encrypted data having a first encryption based on at least a part of said key information; second encrypted data having a second encryption based on at least a part of said key information, wherein the first encryption is different to the second encryption; and metadata relating to the first encrypted data and the second encrypted data; and sending the container object to a data store or otherwise making the container object available, to allow user access to said data container object.

Abstract: Methods and systems for providing a centralized management system with an integrated license server and pluggable license features are provided. More particularly, the administration of application instances or other assets through the centralized management system results in the initiation of a license validation process by the central management system in cooperation with a license server. The system management application providing centralized asset management and the license server performing license validation are co-resident on a central management server. The availability of assets requiring a license is implemented through asset administration data maintained by the central management server, to indicate the existence of a required license, where the license server indicates that the required license is available. Access to an asset is denied where the license server indicates the absence of a required license to the system management server.

Abstract: An information processing system provisions a client account for a user to enable a client computer associated with the user to store information in an elastic storage system and to prohibit the client computer, the information processing system, and the elastic storage system from altering and from deleting the stored information during an authorized retention period. Data messages are received from one or more client computers and include information that is required to be stored for the authorized retention period. That information is transmitted via one or more data communications networks to the elastic storage system for storage so that the stored information is non-rewriteable and non-erasable during the authorized retention period. The secure data center receives the retrieved copy and provides it to the user device.

Abstract: A data center determines whether requested content is available at the data center. The content is available when the content is both present at the data center and current. When the requested content is available at the data center, the data center returns the requested content to the browser. When the requested content is locally unavailable at the data center, the requested content is retrieved from an origin server. When retrieval of the content is delayed, the request is prioritized and placed in a queue for handling by the origin server based on the priority of the request. A status page may be communicated to the browser to inform a user of the delay and provide alternate content and status information related to the request determined as a function of the request or the current state of the origin server.

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.

Abstract: A system comprises a plurality of image forming apparatuses, wherein a first image forming apparatus includes: a correspondence determination unit that determines which function in the first image forming apparatus the service provider of the first image forming apparatus corresponds to; a provider determination unit that determines a second image forming apparatus in the plurality of image forming apparatuses that includes the same service provider as the service provider of the first image forming apparatus; a license verification unit that verifies whether license information is assigned to the service provider of the second image forming apparatus determined by the provider determination unit; and an assignment unit that assigns, to the second image forming apparatus to which the license information is not assigned, license information of the service provider from the first image forming apparatus to the second image forming apparatus and server relation information that is information for accessing a ser

Abstract: A system and method for modifying material related to computer software. The system receives an original disclosure for a software system. A masquerading algorithm is applied to the original disclosure to generate a new disclosure. The subject matter of the new disclosure is different from the original disclosure but has the same functionality. The system also receives original source code for the software system and applies a camouflaging algorithm to the original source code to generate modified source code and conversion data for converting between the modified source code and the original source code.

Abstract: The method of securing data transfer comprises: a step of attempting to transmit a document from a document sender to at least one document recipient, by implementing at least one transmission attribute and for at least one step of attempted transmission, a step of evaluating the value of at least one transmission attribute and a step of making the evaluation of the value of the transmission attribute available to the sender. Preferably, in the course of the evaluating step, the evaluation is dependent on the anomalies of correspondence that are observed for each attempted transmission. Preferably, in the course of the evaluating step, the evaluation is, moreover, dependent on the elements provided by the recipient in the course of a step of registering with an electronic document transmission service.

Abstract: Disclosed are a method for providing a license corresponding to encrypted contents to a client apparatus, which provides a license in response to a request of the license corresponding to contents super-distributed to a third person in a DRM conversion system, and a DRM conversion system using the same. First digital rights contents type first contents and a first license corresponding to the first contents are digital rights management converted to generate second digital rights contents type second contents and a second license corresponding to the second contents. A license request corresponding to the second contents super-distributed to a third person is received. A second license corresponding to the second contents super-distributed is requested from a server corresponding to the second digital right management. The second license corresponding to the second contents super-distributed is received and transmitted to the third person.

Abstract: A server sets security configuration information and inserts the security configuration information into a file. The server generates a new file according to the security configuration information and the file, and displays content of the new file and operates the new file, in response to a determination that the client has authority to access and operate the new file. The server updates the security configuration information in the new file after the new file has been operated by the client.

Abstract: A method of operation of a content delivery system includes: compiling a detected device ensemble; detecting user information to develop a profile; and retrieving a content with an access level matching the profile and compatible with the detected device ensemble for displaying on a device.

Abstract: A system and method for using content on multiple devices includes a head end associating a first user device and a second user device with a user account and authorizing the first user device and the second user device to receive content. The first user device forms a selection signal corresponding to a first content. The head end communicates the first content to the first user device corresponding to the selection signal. The first user device displays the first content on a first display associated therewith. The second user device receives the first content and displays the first content on a second display associated with the second user device.

Abstract: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

Abstract: A social networking system obtains parental authorization from a parent for a child to access a computing resource, where the parent and the child are users of the social networking system. The child user may request the authorization by identifying a purported parent user. The social networking system attempts to verify the validity of the purported parent user's account, the age of the user associated with the purported parent's account, and/or the existence of a parent-child relationship between users of the accounts associated with the purported parent and the child. The social networking system makes these determinations, at least in part, using social and transactional information associated with the purported parent user's account and the child user's account in the social networking system. Upon verification of these items, the social networking system may allow the purported parent to provide authorization responsive to the child's request to access the computing resource.

Abstract: Apparatus, system, and media for utilizing content. An exemplary system comprises a first computing device and a second computing device, wherein the first computing device transmits a request for access to content to the second computing device, receives the content from the second computing device, and grants at least one permitted utilization of the content, and wherein the second computing device receives the request for access to content from the first computing device, determines whether the first second computing device is permitted to receive the content, grants access to the content based at least in part on the first computing device being permitted to receive the content, and transmits the content to the first computing device based at least in part on the first computing device being permitted to receive the content.

Abstract: Systems and methods for authenticating a media device or other information handling system so as to be able to receive content from one or more media content providers. Authenticating the device includes determining what authentication information the media content providers require for access and then to generating and providing to the media device an authentication token that includes the required information. In some embodiments this may be accomplished by a service center, which removes the need for additional authentication steps to be performed by the media device or the media content providers. In addition, the service center may also determine when changes are made to the authentication information and may then ensure that the authentication token is changed or updated to reflect these changes. This ensures that the media device is at least partially immune to changes to authentication.

Abstract: A piece of software code, as well as a series of semi-random character strings are embedded into a copy of a software application. The application executes the embedded code on activation and may also invoke the embedded code periodically thereafter. The embedded code generates a knowledge string from a seed string and then generates an activation code from the seed string and the knowledge string. The activation code is checked against an externally-supplied code to ensure that the codes match, indicating a non-pirated copy of the software application.

Abstract: While a stream device is streaming a media program from a multimedia device to a client device, the streaming device may be configured to send a first portion of the media program to the client device, where the first portion is transcoded from a first format into a second different format and adapted for a first playing mode of the client device. The streaming device may be configured to receive an indication of a user command from the client device specifying a second different playing mode of the client device. The streaming device may be configured to send a second different portion of the media program to the client device, where the second portion is transcoded from the first format to the second format and adapted for the second playing mode of the client device.

Abstract: A secure hash, such as a Hash-based Message Authentication Code (“HMAC”), is generated using a piece of secret information (e.g., a secret key) and a piece of public information specific to each escrow key (e.g., a certificate hash or public key). Using the secret key ensures that escrow key validation data can only be generated by knowing the secret key, which prevents an attacker from generating the appropriate escrow key validation data. Using the certificate hash as the public data ties each escrow key validation data to a particular certificate, thereby preventing the attacker from simply copying the validation data from another escrow key. Any escrow key that is found to be invalid may be removed from the file container and a system audit log may be generated so that a company, individual, or other entity can be aware of the possible attempt at a security breach.