Abstract: A technique for preventing malicious observance of private information includes receiving an instruction of entering a mode of inputting private information; determining a correspondence between actual inputs and expected inputs; receiving an actual user input; and converting the actual input into an expected input as private information inputted by the user according to the correspondence. This security technique can prevent discovery of the private information of a user through observation.

Abstract: A technique for preventing malicious observance of private information includes receiving an instruction of entering a mode of inputting private information; determining a correspondence between actual inputs and expected inputs; receiving an actual user input; and converting the actual input into an expected input as private information inputted by the user according to the correspondence. This security technique can prevent discovery of the private information of a user through observation.

Abstract: Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL.

Abstract: Methods and systems for activating a software application while provisioning a web service to operate with the software application are described. Consistent with some embodiments, a product activation procedure is performed during a workflow to provision a web service to operate with a software application. By activating the software application during the web service provisioning workflow, an end-user can establish ownership of a proper license for the software application without having to input any license information, such as a serial number or product key, associated with the end-user's license.

Abstract: Systems and methods for application identification in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor and memory configured to store an application, a session manager, an application identifier, and at least one shared library, and the processor is configured by the session manager to communicate the application identifier and the application identifier data to an authentication server and permit the execution of the application in response to authentication of the application by the authentication server.

Abstract: A secure active network includes a plurality of secure elements which communicate with one another to share and log information such as identification, location, and user activity associated with each secure element. Secure elements exchange data with one another, and log data received. The periodicity of communication between secure elements, encryption of the information, and the operating frequency in which the information is transmitted and received may be changed if communication is lost between any of the secure elements or if a determination is made that a secure element has traveled outside a predetermined zone. The integrity of the secure network may be verified at any time by comparing the logged information to a reference network.

Abstract: Systems and methods are described for aggregating information obtained from messages between playback devices and content protection systems, including but not limited to conditional access systems, downloadable conditional access systems, and digital rights management systems, that include a unique identifier and applying user modifiable rules to the aggregated information to identify abnormal behavior associated with the unique identifier including but not limited to one or more clone playback devices utilizing the unique identifier or a rogue playback device utilizing a unique identifier. One embodiment includes a plurality of playback devices connected to a headend via a network, where the headend includes at least one content protection system, and a clone monitor configured to register playback devices based upon a unique identification supplied by each playback device, when communicating with the at least one content protection system.

Abstract: A method for distributing content in a content distribution system is disclosed which comprises the steps of: encrypting at a Content Packager a content using a content encryption key to generate an encrypted content; sending the content encryption key to a Licensing Authority; receiving from the Licensing Authority a distribution key containing an encryption of the content decryption key (Kc) for a given set of authorized devices; creating a secure link between the content encryption key (Kc) and the content protected by this content encryption key using a signature of the content; and distributing the encrypted content together with the signature of the content. A method for receiving content distributed according to the above-mentioned method in a device able to play back the content is also disclosed where the content signature is checked before any play back of the content.

Abstract: According to one embodiment of the present disclosure, a method includes receiving an event notification from a virtual machine manager operable to control the execution of one or more virtual machines, the event notification corresponding to a first virtual machine and indicating an event type associated with the first virtual machine. The method also includes updating an inventory indicating a number of active instances of one or more applications based on the event notification. The method further includes determining compliance or non-compliance with one or more license policies based on the inventory, each license policy corresponding to at least one of the one or more applications.

Abstract: Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL.

Abstract: A method of connecting a computing device to a conference. One method comprises finding one or more potential dial-in numbers and looking up the one or more potential dial-in numbers in at least one database. One method further comprises one of, accessing a conference reception zone with one of the potential dial-in numbers when the one of the potential dial-in numbers is found in the at least one database and attempting to access the conference reception zone with the one or more potential dial-in numbers when the one or more potential dial-in numbers are not found in the at least one database. One or more potential conference pin numbers are obtained and it is determined whether one or more additional conference pin numbers are associated with the one or more potential dial-in numbers. A selected conference pin number is assigned a confidence level and the conference pin number is entered in the conference reception zone prior to accessing the conference.

Abstract: A mobile terminal including an interface module configured to connect the mobile terminal to a personal computer; a communication unit configured to communicate with the personal computer via a first communication mode, a controller configured to selectively transmit a communication mode change program to the personal computer via the interface module, the communication mode change program instructing the personal computer to communicate with the mobile terminal via a second communication mode that is different than the first communication mode, and a receiving unit configured to receive a mode change instruction from the personal computer instructing the mobile terminal to communicate with the personal computer via the second communication mode.

Abstract: Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to known boundaries of location associated with the user, such as the user's residence, place of business or the like. As such, the present invention serves to expedite the process for authenticating a user who desires to gain access to a network service, such as a banking application or the like.

Abstract: The described systems and methods are directed at configuring a server based on a selected role. An installation application is configured to install core components in a server where these core components enable the server to perform the basic functions of a network computing device. A role management application is configured to enable a system administrator to select a role for the server and to automatically determine software components associated with the selected role. The role management application is then configured to build the software components and install the components on the server. The role management application is further configured to configure the components for the selected role. The automated installation process performed by the role management application enables a server to be efficiently configured for a particular role without installing other unnecessary components unrelated to the role.

Abstract: A method includes receiving, at a communications gateway associated with a customer premises, multimedia content from a communications network. The method includes superimposing, via the communications gateway, a heartbeat signal on an alternating current electrical power signal associated with an electrical wiring system of the customer premises. The method includes encoding the multimedia content based on the heartbeat signal to produce encoded multimedia content at the communications gateway. The method also includes wirelessly transmitting the encoded multimedia content from the communications gateway to a device.

Abstract: Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device.

Abstract: Shareable content items links with use restrictions. In one embodiment, for example, a method comprises: receiving, from a client computing device used by a link submitter, a request to access a server-stored content item at a sharable link; denying the access requested by the link submitter based on one or more use restrictions associated with the shareable link; prompting the link submitter to request approval to access to the server-stored content item at the shareable link; responsive to receiving approval for the link submitter to access the server-stored content item at the shareable link, modifying the use restrictions associated with the shareable link to allow the link submitter to access the server-stored content item at the shareable link.

Abstract: Techniques for trusted platform module (TPM) assisted data center management are provided. A data center registers TPM remote attestations for physical processing environments of physical devices within a data center. Each time a physical processing environment is established; a new TPM remote attestation is generated and validated against the registered TPM remote attestation. Additionally, during registration other identifying information is supplied to the physical processing environments that permit each physical processing environment to be authenticated, validated, and controlled via unique identities. Inter-data center communication is established for sharing virtual processing environments and administrative operations are authenticated within each of the data centers perform any administrative operation is permitted to process within a particular data center.

Abstract: System and method for auditing for usage of licensed software in which a client executing the software generates and transmits a license key and a covert key to a server via network connection. The license key is transmitted to the server upon activation of the licensed software at the client. The covert key is generated based on at least a portion of the software code activated at the client and is transmitted to the server at random or at predetermined time intervals after transmission of the licensed key so as to avoid detection by a user. The license and covert keys are each associated with a device fingerprint that uniquely identifies the device transmitting each one of the respective keys. Unauthorized software usage at a client is determined at least when a covert key does not correspond to a device fingerprint having an associated license key.

Abstract: A system and method relate to a platform for distributing digital contents (digital content) to various client devices. A digital rights management platform allows a content provider to forward digital contents that is automatically ingested and processed in accordance with various requirements associated with providing the digital contents to the client devices. Information regarding the ingested digital contents may be provided to a coordinator device that uses this information to form a digital rights locker associated with the digital contents. A client device accesses the digital rights locker to obtain a rights token, or a proof of purchase, that is used to obtain rights data for accessing the digital contents.

Abstract: According to one embodiment, a system includes an overlay network device which includes an interface adapted for electrically communicating with a virtual overlay network (VON) gateway, logic adapted for receiving a plurality of packets from the VON gateway, logic adapted for determining whether the plurality of packets comprise an overlay header, logic adapted for de-encapsulating inner packets of packets comprising an overlay header, logic adapted for performing services on the plurality of packets or the de-encapsulated inner packets, and logic adapted for encapsulating the serviced inner packets or the serviced packets with an overlay header to be switched to a destination address in a virtual network and sending the encapsulated packets to the VON gateway or logic adapted for sending the serviced packets to the VON gateway without encapsulating the packets with an overlay header to be switched to a destination address in a non-virtual network.

Abstract: Provided is a system that improve security of data processing by determining whether processing of the data received from an image processing apparatus is restricted, communicating with the image processing apparatus when processing of the data is restricted, and receiving a response whether the processing of the data is permitted. It is determined in the portable terminal whether processing of the data received from the image processing apparatus is restricted. If processing of the data is restricted, the portable terminal communicates with the image processing apparatus, and the portable terminal processes data when it received information that indicates the processing of the data is permitted. If processing of the data is restricted, the portable terminal processes the data without communicating with the image processing apparatus.

Abstract: Methods, systems, and computer readable media can be operable to detect possible fraudulent use of a customer premise equipment device. Information identifying a device connected to a customer premise equipment device can be retrieved and compared to historical information identifying one or more devices previously connected to the customer premise equipment device. The customer premise equipment device can be classified as a device suspected of fraudulent use when the current information identifying a device connected to the customer premise equipment device is different than the historical information identifying the one or more devices previously connected to the customer premise equipment device.

Abstract: Embodiments of the invention relate to methods, apparatus and systems, including computer program products for license management in one or more computer systems. A first computer runs a master license server process instance. The master license service process instance is associated with a hardware identifier relates to the first computer and has a license to run a predefined number of concurrent production license server process instances that are responsible for license management towards clients. A request is received by the master license server process instance for a license from a production license server process instance in a second computer. The master license server process instance provides a virtual identifier to the production license server process instance to be used as a unique identifier for license management purposes towards clients by the production license server process instance. The virtual identifier is cryptographically secured against modification.

Abstract: One aspect of the present invention includes a configuration of a storage management system that enables the performance of deduplication activities at both the client (source) and at the server (target) locations. The location of deduplication operations can then be optimized based on system conditions or predefined policies. In one embodiment, seamless switching of deduplication activities between the client and the server is enabled by utilizing uniform deduplication process algorithms and accessing the same deduplication index (containing information on the hashed data chunks). Additionally, any data transformations on the chunks are performed subsequent to identification of the data chunks. Accordingly, with use of this storage configuration, the storage system can find and utilize matching chunks generated with either client- or server-side deduplication.

Abstract: A non-transitory computer readable medium may include executable instructions which, when executed by a processor, cause the processor provide for a repository of digital content and to create a first license based on the digital content. The instructions further cause the processor to transmit the first license and the digital content to a non-destructive testing (NDT) device, and wherein the digital content is configured to be executed by, used by, or displayed by the NDT device, or a combination thereof, based on the first license.

Abstract: Techniques for personalizing content are presented. A principal requests access to content. Policy is evaluated in response to the request for the content. Scripts are processed in response to the policy evaluation to rewrite and modify the content. The modified content is then delivered to the requesting principal to personalize the content for the principal.

Abstract: A method for accessing information during a teleconferencing event. The method includes identifying a reference to a document transmitted by a telecommunication device participating in a teleconferencing event and identifying a name of the referenced document. The method includes determining, by a computer, an identity of a user of the participating telecommunication device. The method further includes determining the user has permission to access the identified document and, in response, transmitting the identified document to the participating telecommunication device.

Abstract: Methods are provided for tracking data corresponding to a mobile device that accesses a web page. Once a mobile device is registered with a network, the mobile device is instructed to request permission before accessing a web page. An access request is received, and based on a user profile, the access request is approved such that the mobile device may access the web page. Access data that corresponds to the mobile device accessing the web page is collected so that it can be added to and stored in a database.

Abstract: Protecting sensitive content, such as business critical documents or other computer files, is disclosed. In various embodiments, upon receiving an indication that a threat pattern associated with a content item has been matched, the protected content “self-destructs”, such as rendering the content item inaccessible, e.g., at a client and/or to a particular user or group of users.

Abstract: A terminal device may include a storage medium and a processor. The processor may be configured to execute instructions stored in the storage medium to operate a browser under an instruction of a user of the terminal, wherein the browser may include a private mode and a non-private mode; obtain data generated by an operation of the browser by the user; and switch the browser from the non-private mode to the private mode in response to a private mode entry instruction received from the user. When the terminal device receives a data display request from the user, the processor may display the data obtained when the browser is in the private mode and the data obtained when the browser is in the non-private mode together when the browser is in the private mode; and display the data obtained when the browser is in the non-private mode only when the browser is in the non-private mode.

Abstract: In one embodiment a controller comprises logic configured to establish a pairing with a remote processor in a second electronic device, create a first secure communication channel with the remote processor, transmit a first portion of a processing task to the remote processor via the first secure channel, receive, via a second communication channel, an input from the first portion of the processing task, and complete at least a second portion of the processing task using the input. Other embodiments may be described.

Abstract: A physical, non-human readable representation of a digital key may be in a physical key article. The key article may enable a person to generate a signal representing the digital key from a user interface device in communication with a computer by physical manipulation of the key article. Access to digital content via the computer may be unlocked in response to receiving the signal. In addition, a key may be represented by a pattern of unreadable errors in a computer-readable medium.

Abstract: A data source may be configured to provide usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage. A data warehouse server may be configured to perform operations including: decrypting subscriber identifiers included in usage data received from the data source using a two-way rolling key groups algorithm; re-encrypting the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and correlating the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: A method and system for facilitating interaction between an electronic device and a plurality of content provider websites are disclosed. In one embodiment, the method includes receiving at a server a plurality of information portions provided from the websites, where each of the information portions is associated with a respective copy of information that is available at each of the websites. The method also includes aggregating at the server the information portions so that they are combined into an overall grouping, with the respective information portions being maintained respectively as distinct subportions within the grouping. Further, the method includes sending from the server a message for receipt by a part of the electronic device, the primary message including the grouping. The grouping is sent together with an additional copy of the information or with an indication of that information to which the overall grouping relates.

Abstract: A mobile device enabled tiered data exchange via a vehicle is disclosed. A mobile device can access profile information related to a tiered-data sharing profile. The tiered-data sharing profile can associate data with a sharing tier designating security, privacy, or authorization constraints on sharing the associated data. A sharing tier can further designate obfuscation of the data as a constraint on sharing the data. The mobile device can enable access to the data subject to the constraints of the tiered-data sharing profile. In an embodiment, tiered data can be shared from the mobile device to an external service device via vehicle device. In another embodiment, tiered data can be shared from the mobile device to a service device of the vehicle.

Abstract: A method for protecting content of a storage device including a memory for storing data and a controller for managing data input and output of the memory is provided, in which a Data Encryption Key (DEK) for encrypting the data stored in the memory is generated, an IDentifier (ID) of the memory is acquired, the DEK is encrypted using user secret information and the ID of the memory, and the encrypted DEK is stored in the memory.

Abstract: Embodiments relate generally to systems and methods for provisioning vehicle based digital rights management (DRM) for content delivered through a brought-in mobile device. Content may be delivered by the content provider to the vehicle via connection with the mobile device, wherein the content may be accessed using a computer system (or head unit) in the vehicle. Access to the content may be controlled or managed using a DRM package associated with a vehicle identification number (VIN) of the vehicle.

Abstract: A system for protecting an electronic system against malware includes an operating system configured to execute on the electronic device, a driver coupled to the operating system, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more resources for changing filters of the driver, trap an attempted access of the one or more resources that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic system accessing the one or more resources for changing filters of the driver.

Abstract: A system administrator of a wireless LAN 100 manipulates a personal computer PC1 to change a WEP key. The personal computer PC1 authenticates a memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, changed setting information, as well as a previous WEP key before the change of the setting information, is written into the memory card MC. The system administrator then inserts this memory card MC into a memory card slot of a printer PRT1. The printer PRT1 authenticates the memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, the setting information is updated. This arrangement effectively relieves the user's workload in setting wireless communication devices, while ensuring the sufficiently high security.

Abstract: A system in which a communication apparatus and first and second information processing apparatuses are communicably connected, comprises a comparison unit which compares a first disclosure range set in the first information processing apparatus with a second disclosure range set in the second information processing apparatus, and a notification unit which sends a notification to the communication apparatus. The information processing apparatuses distributes the content to a third-party terminal included in a disclosure range decided based on the result of the comparison.

Abstract: Methods and systems for remotely provisioning applications from the cloud in secure environments with robust license control failover options using a hierarchical server topology. Cloud-based servers provide applications and licenses to an organization's local servers, which in turn serve applications and licenses to end user devices. By synchronizing information including license and application provision information among the local and cloud-based servers, an organization's local servers can continue to serve applications and licenses when one or more of the organization's local servers fail.

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The Actors include components of a cable system that can include a Conditional Access System, Middleware, a Browser for a Set-Top-Box, a Guide and a Guide Data Provider. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes a Hook IP function IPF1. Other Actors who wish to use software functions F that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.

Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, an authorization signature may also be utilized to authorize a connected-state guest operation environment in the host device.

Abstract: A download method of media contents, and which includes receiving and storing, by an electronic book terminal, a DRM (Digital Right Management) code from a contents server, the DRM code being stored in a memory of the electronic book terminal; receiving a media contents list from the contents server by requesting the media contents list at the contents server; decoding the received media contents list with the DRM code stored in the memory; displaying the media contents list on a screen of the electronic book terminal; requesting at least one media contents at the contents server, the at least one media contents being selected in the media contents list in response to a user input; receiving the at least one media contents from the contents server; and decoding the received at least one media contents with the DRM code stored in the memory.

Abstract: A secure element (SE) unit 102 holding service data used by an application is provided in a UIM card 100. Thus, when the user identify module (UIM) card 100 is transferred between portable terminals, service data and accompanying information of the application can be moved together with the UIM card 100 to another portable terminal. In addition, an access management unit 400 included in a portable terminal 200 compares UIM information of a UIM information storage unit 103 with UIM information, held by an authority information holding unit 205, of a UIM card of which use authority is possessed by an application. If they do not agree, access to service data stored in the SE unit 102 is restricted.

Abstract: A service integration platform system for providing Internet services includes: an interface configured to receive a service request message that is initiated by a user of an application provided by an Independent Software Vendor (ISV), the service request message being implemented according to an Application Programming Interface (API) type and including a plurality of platform-level parameters that conform to the API type.

Abstract: Disclosed are computers and methods of operating those computers. In the methods, a computer in a touch lock state displays a lock screen image showing a cover layer superimposed over, and obscuring, a background layer. A user enters a touch input to a touch screen of the computer, thereby specifying a portion of that touchscreen. The lock screen image is then modified so that the cover layer does not obscure the background layer in the specified portion of the touchscreen. The cover layer in the region of the touchscreen that is not specified in the touch input continues to obscure the background layer in those regions. If the portion of the touchscreen specified by the touch input exceeds a threshold amount the computer may be changed from being in a touch lock state to being in a touch unlock state.

Abstract: A technique for associating data with an account is described. During this technique, a user uploads data to a computer system from an electronic device one or more times without providing log-in credentials for the account. Instead, the data is stored along with an identifier determined from characteristics or attributes of the electronic device. If the user subsequently logs into the account from the electronic device, the computer system determines that the identifier for the electronic device matches the previously determined identifier. At this point, the computer system associates data with the account.