Abstract: A computer-implemented method for transferring authentication credentials may include 1) identifying a request to receive an authentication credential that is stored on a first computing device onto a second computing device, 2) identifying an asymmetric key pair on the second computing device, 3) generating an identifier of the asymmetric key pair on the second computing device, 4) transmitting an encryption key of the asymmetric key pair and the identifier of the asymmetric key pair to a credential repository, 5) displaying the identifier of the asymmetric key pair to facilitate retrieval of the authentication credential from the credential repository based on the identifier, and 6) retrieving the authentication credential, encrypted with the encryption key of the asymmetric key pair, from the credential repository. Various other methods and systems are also disclosed.

Abstract: Disclosed herein are methods for protecting user information on a client device that may have a plurality of users. A user interface with a public machine designation portion is presented to a user prior to the start of the authentication process. The public machine designation removes web service account descriptions and any user specific information stored on the client device. Also, the client device is prevented from storing any new user specific information that is provided to the client device. The public machine designation is a persistent feature that may only be disabled by an affirmative action from the user.

Abstract: Methods and systems for using a flexible serialization technique to determine whether certain protected content items (e.g., software) are eligible to be installed on a target computer system during an installation procedure are described. Consistent with some embodiments of the invention, a serial number entered by an end-user is decoded to identify a product identifier that corresponds with a select folder in a folder hierarchy on a storage medium that contains various payloads for installing digital content items on a target computer system. The folder that corresponds with the product identifier includes license configuration information that specifies a set of digital content items eligible for installation, based on the serial number entered by the end-user.

Abstract: Systems and methods for searching secure electronic messages. An input search is received for use in searching content of electronic messages. The search includes searching content of secure electronic messages. The results of the search are provided.

Abstract: When a viewer views content, it is reproduced by a reproduction procedure depending on a dynamic condition set in the content. Here, a content object data input unit obtains an externally-input content object. The content object is stored in a content object data retention unit, if necessary. The content object includes a reproduction rule and a content data. A reproduction rule evaluation and execution unit obtains the reproduction rule in the content object and performs processing in accordance with the reproduction rule. The reproduction unit reproduces a reproducible data specified by the reproduction rule evaluation and execution unit. An identifier management unit retains an identifier of a content object reproduction device and provides the identifier upon request. It is thus possible to reproduce in accordance with the reproduction rule set in the content object data and to control the reproduction procedure depending on the dynamic condition.

Abstract: Provided are a method, system, and computer storage device for managing zone information for devices in a network. A zone group table includes entries for different pairs of zones, wherein each entry indicates whether access between a pair of the zones is permitted. An attribute zone table indicates whether devices in the zones are initiator, target and/or initiator/target. For a selected zone, indication is made of whether ports in the devices in the selected zone have an initiator, target and/or initiator/target attribute as indicated in the attribute zone table. A determination is made as to whether all the ports in the devices in the selected zone have the same attribute of initiator, target or initiator/target. If so, a division proposal is indicated for the selected zone proposing to separate devices in the selected zone into at least one new zone.

Abstract: A method of sharing content for an electronic device is provided. The electronic device is capable of changing contents that are to be shared when a network changes. The content sharing method includes storing a list of contents shared between the electronic device and another electronic device via a network formed using an access point, such that the contents match the access point, and setting contents included in a list of contents stored to match the access point as contents to be shared in response to the electronic device being connected to the network via the access point.

Abstract: A method for controlling access to protected computer resources provided via an Internet Protocol network that includes registering identity data of a subscriber identity module associated with at least one client computer device; storing (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module, and (iii) authorization data regarding the protect computer resources; receiving the identity data of a subscriber identity module, and a request for the protected computer resources; authenticating (i) the identity data of the at least one access server, and (ii) the identity data of a subscriber identity module; authorizing the at least one client computer device to receive at least a portion of the protected computer resources; and permitting access to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with

Abstract: Disclosed are systems, methods and computer program products for protecting cloud security services from unauthorized access and malware attacks. In one example, a cloud server receives one or more queries from security software of the user device. The server analyzes a system state and configuration of the user device to determine the level of trust associated with the user device. The server also analyzes the one or more queries received from the security software to determine whether to update the level of trust associated with the user device. The server determines, based on the level of trust, how to process the one or more queries. Finally, the server provides responses to the one or more queries from the security software based on the determination of how to process the one or more queries.

Abstract: A method and system for granting access to system and content is provided. A key is provided that allows access by a client computer to content that includes a plurality of resources. A server is accessed and the key is provided to the server. Based on the key, access is granted to the content. A program on the client computer requests a resource of the plurality of resources. If the resource is located locally, the resource is provided to the program. Otherwise, the resource is downloaded from the content server and stored locally. A data structure is modified to indicate that the resource is stored locally and the resource is provided to the program.

Abstract: A network in which a client receives a network credential, such as a valid network address, following an exchange of messages with a credential server that includes security information. The security information may validate the credential, avoiding rogue devices inadvertently or maliciously distributing credential information that can interfere with clients attempting to connect to the network or with the network itself. If obtaining a network credential requires an exchange of information about the configuration of the client that could reveal security vulnerabilities, the security information may be used to ensure the confidentiality of that configuration information. The security information may be incorporated into messages according to a known protocol, such as by incorporating it into options fields of DHCP messages.

Abstract: An electronic device obtains a device password associated with the new enrollee device to be configured for a communication network. The device password is provided to a network registrar to cause the network registrar to configure the new enrollee device for the communication network. The network registrar performs an enrollment process based upon the device password and provides feedback to the electronic device to indicate whether or not the new enrollee device was successfully added to the communication network. Alternatively, when an electronic device detects the presence of a new enrollee device to be configured for the communication network, the electronic device generates a device password for the new enrollee device and provides the device password to the new enrollee device and to the network registrar, thereby causing the network registrar to initiate an enrollment process for the new enrollee device based upon the device password.

Abstract: A device for communicating with other devices to allow them to access applications, comprises: at least a first application; authentication means for authenticating a communicating device; and access control means accessible by a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication means. The device is further arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein if the arbitration requires an authentication of the communicating device, the access control means instructs the authentication means to authenticate the communicating device.

Abstract: A method and system is provided for using an access list stored on a memory of a first computing device, the access list for controlling communication between the first computing device and a plurality of computing devices in a Bluetooth communication network.

Abstract: Various embodiments are disclosed relating to performing a trusted copy and paste operations between a source application and a target application. For example, a trust system may receive a paste request for pasting copied source content, and may compare a source trust level associated with the source content to a target trust level associated with a target application. In this way, for example, harmful or disruptive code may be prevented from being pasted into the target application.

Abstract: In some embodiments, a method includes receiving a modifiable electronic document. The method includes generating a new version of the modifiable electronic document. The method also includes encrypting the new version of the modifiable electronic document using an encryption key that is used to encrypt the modifiable electronic document and different versions of the modifiable electronic document. The method includes saving the new version of the modifiable electronic document.

Abstract: The present disclosure is directed to a method for sending and receiving an encrypted message and a system thereof. The method includes steps of encrypting a message, transforming the encrypted message into network address, sending the network address to a receiver, and accessing a server according to the network address by the receiver, and a server decrypting the message, presenting the decrypted message to the receiver, and thereafter preventing the message from being accessed. Advantages include that any mobile phone capable of connection to a wireless network can read an encrypted message without installation of a decryption software on a mobile phone of a receiver.

Abstract: Digital certificate public information is extracted using a processor from at least one digital certificate stored within at least one digital certificate storage repository. The extracted digital certificate public information is stored to at least one dynamically-created certificate public information directory. At least a portion of the digital certificate public information stored within the at least one dynamically-created certificate public information directory is provided in response to a digital certificate public information request.

Abstract: Various data protection techniques are provided. In one embodiment, a memory device is provided. The memory device may initiate a security measure upon occurrence of one or more triggering events. The one or more triggering events may include receipt of a command signal. Various additional methods, devices, and systems are also provided.

Abstract: In embodiments of the present invention improved capabilities are described for securely viewing computer data content, such as documents, presentations, spreadsheets, emails, blog entries, texts, and the like, through a secure viewing facility, where the secure viewing facility utilizes a camera or other biometric sensor to monitor an authorized user's actions in the determination of whether the secure viewing facility will permit the computer data content to be viewed on the computer's display, and/or in the control of the viewing process itself.

Abstract: Providing for client-selected user authentication in relation to accessing or acquiring online media content is described herein. In response to an access request transmitted by a client device, a server can determine a type of request employed by the client device and identify a type of media playback device associated with the client. Identification can be based on information specified within the access request, information derived from information pertaining to the access request, information derived from stored associations between access request and types of playback devices, or suitable combinations thereof. Once identified, promotional content or service(s) can be allocated to a subscriber account in response to the access request satisfying one or more criteria. In this manner, a service provider can facilitate client-selection of a mode of user authorization, while incentivizing a particular type of playback device for acquiring content from or generally interfacing with the service provider.

Abstract: A first wireless device is paired with a second wireless device for communication over a wireless connection. The first wireless device receives an input that indicates a device identifier of the second wireless device, and then matches the device identifier with one of the data entries in a data repository to obtain a code of the second wireless device without user interactions. The data repository contains a plurality of data entries associating a plurality of wireless devices with their corresponding codes. Based on the code of the second wireless device, the first wireless device authenticates the second wireless device and establishes the wireless connection.

Abstract: A method and system for authenticating access to a protected application are disclosed. For example, the method receives from a protected application a request by a user to gain access to the protected application. In one embodiment, the request contains an identification of the user and an identification of at least one media device of the user. The method then verifies the identification of the user and the identification of at least one media device of the user, e.g., via a database operated by a proxy server. The method then generates an access code if the identification of the user and the identification of at least one media device are verified. Finally, the method sends the access code to both the user and to the protected application.

Abstract: A device includes a first memory area being used to store a first key and unique secret identification information, the first memory area being restricted from being read and written from outside; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information, the second memory area being allowed to be read-only from outside; a third memory area being readable and writable from outside; a first data generator configured to generate a second key by using the first key; a second data generator configured to generate a session key by using the second key; and a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation, wherein the encrypted secret identification information and the authentication information are output to outside.

Abstract: A method and apparatus for securing media asset distribution for a marketing process is described. In one embodiment, the method includes generating a dynamic security component for each media asset allocation to at least one receiver, wherein the dynamic security component verifies the at least one receiver upon login, coupling the dynamic security component to at least one file having a media asset and communicating a locator reference associated with the at least one file to the at least one receiver, wherein the locator reference is created using the dynamic security component.

Abstract: The invention provide systems and methods for management of digital media objects, comprising first and second client digital data processors (e.g., personal (or private) computers, laptops, dedicated music devices, electronic book readers, and so forth) that are in communications coupling with one or more stores (e.g, dedicated disk drives, flash drives, cloud storage, etc.). At least one digital media object (DMO) or copy thereof is stored in one or more of those stores and is accessible by at least one of the first and second client digital data processors.

Abstract: There is provided an authentication method for a system (10) comprising several devices (30). The method involves: a) providing each device (30) with an identity value (pi: i=1, . . . , n) and a polynomial (P) for generating a polynomial key; (b) including a verifier device (p1) and a prover device (P2)amongst said devices (30); (c) arranging for the prover device (p2) to notify its existence to the verifier device (P1); (d) arranging for the verifier device (pi) to challenge the prover device (p2) to encrypt a nonce using the prover (P2)device's polynomial (P) key and communicate the encrypted nonce as a response to the verifier device (p1); (e) arranging for the verifier device (p1) to receive the encrypted nonce as a further challenge from the prover device (pZ) and: (i ) encrypt the challenge using the polynomial keys generated from a set of stored device identities; or (ii) decrypt the challenge received using the set of polynomial keys; until said verifier device (p1) identifies an authentication match.

Abstract: The described embodiments relate generally to methods, systems and security devices for authorizing use of a software tool. Certain embodiments of the invention relate to a security device. The security device comprises at least one communication subsystem for enabling communication between the security device and a first external device, wherein the first external device has a software tool executable on the first external device. The security device further comprises a memory and processor coupled to the at least one communication subsystem and configured to control the at least one communication subsystem. The memory is accessible to the processor and stores a key for authorizing use of the software tool. The memory further stores program instructions which, when executed by the processor, cause the processor to execute a security application.

Abstract: One embodiment of the present invention provides a system that facilitates issuing rights in a digital rights management system. The system operates by sending a request to perform an operation on an item of content from a client to a rights-management server, wherein the request includes a usage parameter which specifies constraints involved in performing the operation. Next, the system receives a response from the rights-management server, wherein the response indicates whether or not the client has rights to perform the operation in accordance with the constraints specified by the usage parameter. Note that the response may also include a hint that facilitates generating subsequent requests to perform the operation. Finally, if the client has rights to perform the operation, the system performs the operation on the item of content.

Abstract: A request, from a requester, is received to view user information on a user's personal site associated with a user. A relationship is determined between the requester and the user. User information is provided to the requester based on the requester's relationship to the user.

Abstract: In order to ensure that an entertainment access system is enabled to unify and simplify a user's enjoyment of content by managing the user's devices, entertainment content and usage rights, it is important to ensure the user devices, and the services they offer, function in accordance with well-established specifications and standards. Importantly, these specifications need to be the same from one device manufacturer to another. This is needed to ensure that the entertainment access system will be able to provide a consistent, reliable and predictable user experience to its users. In some illustrative examples, a certification program is implemented for user devices that receive and render the entertainment content received from the entertainment access system. The certification program establishes specifications to which the devices are to conform regardless of their manufacturer.

Abstract: A method and system of verifying and authenticating personal history data of a subject comprising requesting the personal history data of the subject from a data base provider, searching the data base for the personal history data of the subject, transmitting the requested personal history data to the requester, reviewing the personal history data by the subject and verifying the accuracy of the personal history data by the subject and authenticating the verified personal history data by the subject.

Abstract: Various methods, systems and apparatus for associating fictitious user identities (e.g. screen names, user names, handles, etc.) used in electronic communications (e.g. over the internet or mobile networks via instant messenger, e-mail, social networks, eCommerce and auction websites, etc.) with real personal information (e.g. the true identity of an individual such as their name, address, credit score, driving record, etc.) are disclosed. One apparatus, according to aspects of the present invention, may include means of associating real personal information, submitted by a user, with fictitious user identities, means of verifying the real personal information and the ownership of the real personal information by the submitting user, and means of receiving a request for some personal information associated with a fictitious user identity, from a remote user, abstracting a user's true identity from information associated with them.

Abstract: In one embodiment, a method for enabling user privacy for content on a network includes receiving input from a first user instructing at least one change in user access to shared content provided by a network system. The change modifies the user access from an existing set of one or more users of the network system to a different set of one or more users of the network system. The method checks a privacy setting associated with each of one or more referred users of the network system who are referred to by the shared content. The privacy setting indicates whether the associated referred user is to be sent a notification indicating that the at least one change in user access has been instructed.

Abstract: Files of computer documents are classified into confidential levels without extracting and analyzing contents of the files. Files created by particular users may be clustered into groups of files based on file characteristics, such as file type (e.g., file extension) and file naming convention. A prediction confidential score may be generated for each group of files. A log of a file retention resource may be consulted to identify files created by users. A file created by a user may be assigned a prediction confidential score of a group of files having the same file characteristic as the file and created by the same user. The prediction confidential score may be used to determine a confidential level of the file when the file is found to be inaccessible.

Abstract: A system and method for establishing a group of wireless devices having shared media stored thereupon associates each group member device of the group of wireless devices, communicates with at least some of the group member devices of the group of wireless devices to identify shared media and upon receiving a request transmitted by a group member device of the group of wireless devices, supports access to shared media. The shared media may be stored on a different group member device, upon a managing server computer, or a media server. Upon a successful validation, the group member device that made the request is notified to facilitate the access to the shared media. The notification includes access information.

Abstract: Secure networking processes, such as packet encapsulation and decapsulation, can be executed upstream of a user or guest operating system provisioned on a host machine, where the user has substantially full access to that machine. The processing can be performed on a device such as a network interface card (NIC), which can have a separate network port for communicating with mapping systems or other devices across a cloud or secure network. A virtual image of the NIC can be provided to the user such that the user can still utilize at least some of the NIC functionality. In some embodiments, the NIC can work with a standalone processor or control host in order to offload much of the processing to the control host. The NIC can further handle headers and payload separately where possible, in order to improve the efficiency of processing the various packets.

Abstract: A method for enabling access to digital rights managed (DRM) content from a server to a portable playback device using a device that functions as a proxy for enabling communication between the server and the portable playback device. The method provides for establishing a connection with a device capable of operating as a gateway device for passing data between the portable playback device and the server, requesting that the device establish a connection with the server and operate as a proxy for enabling data exchange between the portable playback device and the server, sending to the server, upon establishing the connection with the server via the device operating as a proxy, data indicating DRM solutions supported by the portable playback device, and a list comprising requested DRM content to be downloaded to the portable playback device, and receiving from the server, via the device operating as a proxy, the requested DRM content and DRM rules associated with the received content.

Abstract: To expand the after-sales services offered for a product purchased by a user, a service server that provides services accesses a specified navigation system, which is the product purchased by the user, using a device ID that is uniquely assigned to the navigation system, and then transmits service information to the specified navigation system. In other words, the service server actively accesses a navigation system, which is fundamentally one of countless terminal apparatuses on a communication network, and provides service information to that navigation system. By operating in this way, a great variety of services can be provided whenever appropriate.

Abstract: A method of operating a virtual computing system includes receiving at a security controller security data corresponding to a candidate virtual machine that is proposed to be included in a virtualization environment managed by a virtualization environment manager, comparing the security data of the candidate virtual machine to security data of other virtual machines in the virtualization environment, and in response to the comparison, recommending that the virtualization environment manager exclude the candidate virtual machine from the virtualization environment. Related systems and computer program products are disclosed.

Abstract: A method of selectively deactivating features on a computing device is described herein. The method can include the step of determining an examination time period for one or more students in which each of the students is in possession of a computing device. The examination time period can be set aside to enable the students to participate in a testing exercise. The method can further include the steps of generating a deactivation signal and transmitting the deactivation signal. The deactivation signal, when received at the student computing devices, can cause the student computing devices to selectively deactivate predetermined features of the student computing devices. The predetermined features may be based on a factor of providing an unfair advantage to a student during the examination time period.

Abstract: An approach is provided for providing uniform content management for a user equipment. A uniform content management platform determines new content from a plurality of content of different categories. The uniform content management platform further initiates presentation of the new content via a graphical user interface that includes: a dashboard providing a layout of the new content, a content manager that is invoked upon selection of a particular one of the new content for managing a group of content of a common category, and a content editor that is invoked upon selection of one of the content in the group for editing the selected content.

Abstract: This invention allows connection of an apparatus with a low security level without lowering the security level of a network even when such apparatus issues a connection request. This invention is directed to an access point which makes wireless communications with a station using an encryption method (AES). Upon reception of a connection request message including information indicating an encryption method (WEP) that can be used by a station, the access point checks if the encryption method (WEP) recognized based on the received connection request message is different from the encryption method (AES). When it is determined that the two encryption methods are different, the access point launches a controller which makes wireless communications with the station using that encryption method (WEP).

Abstract: A system and method for performing backup operations is provided. Mechanisms facilitate a secure centralized backup system with a locally derived authentication model. A local centralized storage server may generate an authentication model, including credentials, and create a share/directory for each client. Clients store their credentials and use them to access centralized storage. Credentials are maintained and provisioned locally. A remote host server may establish trust by providing a list of clients in a circle.

Abstract: An embodiment of the invention is directed to a data processing system having a plurality of users, a portion of which were previously assigned permissions respectively corresponding to system resources. The embodiment includes acquiring data from a first data source, containing information pertaining to the portion of users and their permissions, and further includes acquiring data from a second data source, containing information pertaining to attributes of each user of the plurality. A set of permissions is determined for a given role, from both first and second data sources. First and second criteria are determined for assigning users to the given role, from information in the first and second data sources, respectively. A particular user is selected for admission to the given role only if the particular user is in compliance with both the first criterion and second criterion.

Abstract: A server connectable to an apparatus providing contents and an image display apparatus includes an index information processing part configured to provide the image display apparatus with index information for causing a list of information items associated with the contents to be displayed by the image display apparatus, an image data processing part configured to provide the image display apparatus with image data for causing a content associated with an information item selected from the list to be displayed by the image display apparatus, and an apparatus authentication part configured to cause the index information processing part and the image data processing part to execute respective processes when the identification information of the image display apparatus that has requested to obtain the content associated with the selected information item by using access authority information regarding authority to access the content is managed in correlation with the access authority information.

Abstract: Embodiments of the present invention provide an authorization method and a terminal device. A terminal device receives a right application request from a control device having no access right. The terminal device notifies a control device having an administrator right to assign a right to the control device having no access right. The terminal device receives a right assignment command from the control device having an administrator right and assigning a right to the control device having no access right.

Abstract: Presence applications running on different devices are used to access and command devices through a communications server. A communication channel is established between at least two instances of a presence application that are running on different devices. A device that is associated with an instance of a presence application is remotely commanded by a received message from the communications server from another instance of the presence application on a different device.

Abstract: A system of screening servers, screener client computers, and screening kiosks distribute an applicant screening process among multiple sites and multiple participants. To facilitate and secure communications of screening results and applicant actions, a personal identification code is provided that identifies individual sets of screening results. In this manner, the applicant is authenticated and can then enter appropriate applicant profile data into a secure screening account, such as via a screening kiosk. Screening results may be generated for the applicant in association with a unique personal identification code. This code can then be communicated to the screener, who can access the screening results along with a recommendation, if desired, by sending the code to a screening server.

Abstract: A medical image and data application service provider system provides a way of remotely viewing and manipulating medical images and data for diagnostic and visualization purposes by users unconstrained by geography. Medical images and data are stored on one or more servers running application service provider software along with meta-data such as access control information, origin of information and references to related data. A set of medical data consisting related information is sent as an encrypted stream to a viewing station running client software in a secure execution environment that is logically independent of the viewing station's operating system.