Abstract: An approach is provided for performing a device-level and/or an application-level security check of a device. In the device-level check, a device hash is generated based on a subscriber identity module identifier (SIM ID), a device identifier, the number of secured applications, and the names of the secured applications. A temporary device hash is generated during a booting of the device. If the device hash is determined to not match the temporary device hash, the applications are removed from the device during the booting of the device. In the application-level check, an application hash is generated based on the SIM ID, the device identifier, and the application name. A temporary application hash is generated during a loading of the application. If the application hash is determined to not match the temporary application hash, the application is removed from the device without running the application.

Abstract: Embodiments provide IP address partitioning features that can be used to source outbound email communications, but the embodiments are not so limited. In an embodiment, a computer-based method operates to remove blocked or potentially misused IP addresses from a partition and/or move good or reputable IP addresses from other partitions to account for volumetric shortfalls. A method of one embodiment operates to repair removed IP address reputations as part of recycling and reusing IP addresses. A system of an embodiment is configured in part to remove misused IP addresses from one or more partitions, source reputable IP addresses from other partitions, and/or repair and reuse IP addresses as needed. Other embodiments are included.

Abstract: A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.

Abstract: The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the host device is received from a server via a wide area network, routing information of the client device is provided to the server, and authentication information is provided to the host device via the wide area network. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device.

Abstract: A system and apparatus for transferring data between communication elements is disclosed. A system that incorporates teachings of the present disclosure may include, for example, a communication device having a controller element to receive data from a web server to update one or more entries of an identity module coupled to the controller element. The data can be retrieved by the web server from a second communication device. Additional embodiments are disclosed.

Abstract: User specific logs in multi-user applications. Level data associating a user of a multi-user application with a respective log level is received. The multi-user application then records an amount of information determined by the log level corresponding to the user presently using the multi-user application.

Abstract: Systems, methods and computer program products for enabling enforcement of an administrative policy on one or more mobile devices are described herein. In an embodiment, an administrator uses a policy server to create and provide an enforcement policy to a mobile device. An enforcement policy may include information on mobile device resources which may be controlled by an administrator. An enforcement policy also includes information on how mobile device features will be set, configured or disabled. An enforcement device driver and an enforcement monitor on a mobile device use the enforcement policy to control access to resources associated with the mobile device regardless of whether the mobile device is “online” and connected to a network or “offline” and disconnected from a network.

Abstract: The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the client device is received from the server by a host device, communication with the server is maintained, and authentication information from the client device is received by the host device. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device.

Abstract: High-security communications against information leakage as well as high-speed communications are realized using present optical fiber networks. The methods are as follows: (1) A seed key is shared between a transmitter and a receiver in advance. Random numbers are transmitted using carrier light accompanied by fluctuations and bases that are decided by random numbers. The transmitter and receiver compare a shared basis that is determined by the seed key with the random basis, and decompose the random numbers superimposed on each bit into two sequences, based on whether the shared basis coincides with the random basis or not. Error correction is processed for each sequence in the receiver, and then the random numbers are shared between the transmitter and the receiver. (2) The amount of the random numbers shared between the transmitter and the receiver is reduced to secret capacity through privacy amplification, and the resultant random numbers are used as a secret key.

Abstract: An image processing device includes a processing unit that performs processing on image data, an obtaining unit that obtains a number of users, and a control unit that executes a job by controlling the processing unit to perform the processing in one of control modes. The control unit switches between the control modes based on the number of users.

Abstract: Extensions to the Fragment Mapping Protocol are introduced which protect a disk array from malicious client access by exporting file system access information to the storage device. FMP requests received at the storage device can be authorized at a block granularity prior to completion, thereby limiting the exposure of the disk array to malicious clients. Client authorizations can be cached at the storage device to enable the permissions to be quickly extracted for subsequent client accesses to pre-authorized volumes.

Abstract: Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.

Abstract: A graphics processing unit (GPU) is configured to access a first memory unit according to one of an unsecure mode and a secure mode. The GPU may include a memory access controller configured to allow the GPU to read data from only an unsecure portion of the first memory unit when the GPU is in the unsecure mode, and configured to allow the GPU to write data only to a secure portion of the first memory unit when the GPU is in the secure mode.

Abstract: A method, apparatus, and computer program product, responsive to receiving a data from a computing device connected to the computer in a cloud computing system or data center, identifies a criteria associated with the computing device, responsive to identifying the criteria, determines whether the data is authorized for transmission to a storage in the cloud computing system or data center, and responsive to determining that the data is authorized for transmission to the storage, forwards the data to the storage.

Abstract: A document encryption and decryption system for selectively encrypting and decrypting files and any other items and method for same to protect or secure its contents by helping to prevent unauthorized individuals from viewing data in human-perceivable or readable form. The encryption system includes remote authentication to verify a user's credentials stored on a remote database hosted by a web server. The encryption system further includes remote delete to automatically delete encrypted items stored on the user's computer, handheld or portable device, smartphone, and any other computing device of any kind when it logs onto a network if the user's computer or computing device is reported lost, stolen, or otherwise compromised. Decryption keys allow selective decryption of encrypted items that are on the computer or computing device of any kind. A Windows Communication Foundation service helps with authenticating the users with the encryption key and login process stored and processed by the web server.

Abstract: A device includes a memory which stores a program, and a processor which executes, based on the program, a procedure comprising establishing a session with a request source when a request for a service, made to a second providing source, has been received from the request source, the second providing source providing the service based on data stored in a first providing source; and when an inquiry about whether to transmit the data to the second providing source has been received from the first providing source, notifying, so as to encrypt a mask range of the data, the first providing source of session information indicating the session established with the request source and notifying the request source of the session information so as to decrypt the encrypted mask range of data based on the session information.

Abstract: A method, system, and computer-readable storage media for licensing an application using sync providers are provided herein. The method includes receiving a request for a license for an application from a client sync provider at a licensing service and receiving information relating to the license from a commerce partner offering the application via a commerce partner sync provider. The method also includes returning the license for the application to a client computing device, receiving information relating to a state of the license from the client sync provider, and adjusting conditions of the license according to the state of the license.

Abstract: A computing system such as a game console maintains and updates a biometric profile of a user. In one aspect, biometric data of the user is continuously obtained from a sensor such as an infrared and visible light camera, and used to update the biometric profile using a machine learning process. In another aspect, a user is prompted to confirm his or her identify when multiple users are detected at the same time and/or when the user is detected with a confidence level which is below a threshold. A real-time image of the user being identified can be displayed on a user interface with user images associated with one or more accounts. In another aspect, the biometric profile is managed by a shell on the computing system, where the shell makes the biometric profile available to any of a number of applications on the computing system.

Abstract: A content reception equipment for accessing an in-home content transmission equipment from a remote place executes a first authentication process with the content transmission equipment in advance, executes the remote access information sharing process required for access from a remote place, and causes the information on the content reception equipment and the remote access information to be registered in an equipment information table of the content transmission equipment.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for verifying a message based on application of a hashing algorithm. In one aspect, a method includes obtaining a license, from a remote server, for a content item to be presented using a player file executed by a multimedia player on a computing device. The license includes an encryption key and an authorization to present the content item using one or more authorized player files. A particular player file is received for use in presenting the content item, and a determination is made whether the particular player file is authorized for use in presenting the content item based on the authorization. The content item is decrypted using the encryption key, and the content item is presented using the particular player file in accordance with the determination.

Abstract: Technologies for labeling diverse content are described. In some embodiments, a content creation device generates a data structure that may include encrypted diverse content and metadata including at least one rights management (RM) label applying to the diverse content. The RM label may attribute all or a portion of the diverse content to one or more authors. The metadata may also be signed using an independently verifiable electronic signature. A consumption device receiving such a data structure may verify the authenticity of the electronic signature and, if verification succeeds, decrypt the encrypted diverse content in the data structure. Because the metadata is encapsulated with the diverse content in the data structure, it may accompany the diverse content upon its transfer or incorporation into other diverse content.

Abstract: Techniques and systems for authentication with an untrusted root between a client and a server are disclosed. In some aspects, a client may connect to a server. The server and client may initiate a secure connection by exchanging certificates. The server may accept a client certificate having an untrusted root that does not chain up to a root certificate verifiable to the server certificate authority. In further aspects, the server may enable the client to associate an untrusted certificate with an existing account associated with the server. The client certificate may be hardware based or generated in software, and may be issued to the client independent of interactions with the server.

Abstract: The present invention has the aim of providing a method of an activity information notification service in which a server can receive activity information from a user of a target terminal, depending on his or her privacy setting, and then transmit the received activity information to a selected receiving user, and in which any receiving user can transmit a notification request to a target user in order to receive desired activity information. According to an embodiment of the present invention, a method of an activity information notification service at a server, the method includes steps of receiving activity information from a target terminal; determining a receiving terminal to which the received activity information will be transmitted, depending on a privacy setting of the target terminal stored in a storage unit; and transmitting the activity information to the determined receiving terminal.

Abstract: Systems and methods of providing a secure access layer in a mobile phone and a computer system coupled to the mobile phone to provide authentication for transmitting data between the phone and the computer system.

Abstract: Intelligent content delivery enables content to be delivered to different devices in formats appropriate for those devices based on the capabilities of those devices. A user might access the same piece of content on two different devices, and can automatically receive a higher quality format on a device capable of playing that higher quality format. The user can purchase rights to content in any format, such that as new formats emerge or the user upgrades to devices with enhanced capabilities, the user can receive the improved formats automatically without having to repurchase the content. Further, the user can pause and resume content between devices even when those devices utilize different formats, and can access content on devices not otherwise associated with the user, receiving content in formats that are appropriate for those unknown devices even if the user has not previously accessed content in those formats.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting one or more portions of one or more items and that was in possession of a first user has been transferred from the first user to a second user; and marking, in response to said determining, the one or more portions of the one or more items to facilitate the computing device in returning to the one or more portions upon the computing device being at least transferred back to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: A system and method for restricting access to requested data based on user location are disclosed. The method comprises receiving a data request and determining origin location information of the data request from a source providing information having accuracy to a predetermined standard. The method further comprises retrieving one or more policies associated with the requested data, comparing the origin location information with the policies, and dynamically adjusting access restrictions to the requested data based on the comparison.

Abstract: One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message.

Abstract: An apparatus is disclosed including one or more security structures. The one or more security structures includes: a weldable frame; a plurality of composite panels, each panel securable to the weldable frame, each composite panel configured to form at least one joint with at least one adjoining composite panel; and a respective security element embedded within each of the composite panels. The security element is configured to detect a breach in the composite panel.

Abstract: A communication service system includes a SNS server 1 that manages contents, and client terminals 10 to 30 that can make access to the SNS server 1 via a network 40. Each of the client terminals 10 to 30 includes a portion with which the client terminal can obtain an object. The SNS server 1 manages objects input by the client terminals 10 to 30, and allows a plurality of client terminals that are connected to the network 40 and browse the same content to share objects.

Abstract: Content access may be provided and processed by assigning responsibility for obtaining entitlement data to the client's browser. Thus, in one example, the client may be configured to synchronize and coordinate data lookups associated with a content request, rather than relying on the server to do so. The network architecture may use a mediator design pattern, in which the client's browser acts as the mediator (i.e., middleman) between a content server and an entitlement data server. Accordingly, synchronous calls between server-side services might not be required. Instead, data necessary for the content server to process a client request for access to protected content may be received in the incoming request from the client's browser.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A system and method for controlling use of content in accordance with usage rights associated with the content and determined in accordance with the environment of a user device. A request is received for secure content from a user device and the integrity of the environment of the user device is verified. Appropriate usage rights are retrieved based upon the results of the verification of integrity and the content is rendered on the user device in accordance with the appropriate usage rights.

Abstract: An automated system and method for piracy control based on user generated updates is described. The system and method described renders human intervention for piracy control superfluous and, therefore, is cost-effective, and consumes less time. The automated system and method for piracy control based upon update requests significantly reduces the number of update requests by pirated copies of the software, reduces the burden on the update server and smoothens the overall user experience for the legitimate users of the software.

Abstract: Terminal certification means of a communication terminal manages a content and certification information on the content in association with each other. Upon access to a server associated with the execution of the content, request means sends the server a request including certification information associated with the content. In response to the request from the communication terminal, the server uses server certification means to certify the request. Access control means performs access control based on policy information stored in policy information storage means.

Abstract: A configuration is achieved in which content copying between media and content downloading are performed effectively and under strict management. In content copying between media, the identification information (medium ID) of a copying destination medium is obtained using an API for providing a predefined processing, then the obtained medium ID is transmitted to a server to obtain copying permission information from the server, and then content copying is performed under the management of the server. This configuration allows a copying destination medium to be managed, which can eliminate the unauthorized use of the content. Also, the configuration in which content downloading from the server is performed according to, for example, a Java® program allows a ROM disc on which the content is recorded to store the program and to be provided to a user.

Abstract: A system, method, and computer program product are provided for validating receipt of digital content by a client device. In one embodiment, a transmission of digital content over a network to a client device is identified. Additionally, receipt of the digital content by the client device is validated utilizing a system remote from the client device. In another embodiment, it is determined whether actual digital content transmitted over a network to a client device is digital content expected by the client device. Further, the transmission of the actual digital content is validated to a remote third party system, based on the determination.

Abstract: A method, system and program product are provided that include verifying a credential of the user of a first avatar in the virtual universe; and establishing a zone that causes an indication of the credential of the user of the first avatar to appear in response to an action being taken relative to the zone.

Abstract: Media rights are managed to include not just device authentication, but to include elements of user, device, and service authorization. A user can play media on a mobile device, continue playing the media on a desktop computer, and subsequently move to a large screen television and media rights are automatically identified to provide the most appropriate authorized content. This allows an authorized user to seamlessly access different forms of the same content on a variety of authenticated devices using the same digital rights management mechanisms.

Abstract: According to one embodiment, a cryptographic apparatus includes: cryptographic cores (“cores”), an assigning unit, a concatenating unit, and an output controlling unit. If a CTS flag thereof is on, each core encrypts using a symmetric key cipher algorithm utilizing CTS, while using a symmetric key. When an input of a CTS signal is received, the assigning unit assigns first input data to a predetermined core and turns on the CTS flag thereof. The concatenating unit generates concatenated data by concatenating operation data generated during encrypting the first input data, with second input data that is input immediately thereafter. The output controlling unit controls outputting the concatenated data to the predetermined core, outputting first encrypted data obtained by encrypting the concatenated data, and over outputting second encrypted data obtained by encrypting the first input data, and further turns off the predetermined core's CTS flag.

Abstract: Generally, aspects of this disclosure are directed to copy protection techniques. Areas in memory may be secured to establish a secure memory area in the memory that is not accessible by unauthorized clients. A request to decode video content stored in the secure memory area may be received. If the video content to be decoded is stored in the secure memory area, a first MMU associated with the hardware decoder may enforce a rule that the video content is to be decoded into one or more output buffers in the secure memory area. A request to display the decoded video content stored in the secure memory area may be received. If the decoded video content is stored in the secure memory area, a second MMU associated with a hardware display processor may enforce a rule that a secure link be established between the hardware display processor and an output device.

Abstract: When a content write unit records a content on a medium, a control unit controls to record a dummy license which is generated by a dummy license generation unit and an expiration time limit is set into a past time, into the medium. When a recording of the content on the medium is completed, the control unit controls to delete the dummy license recorded on the medium and to record a normal license into the medium.

Abstract: According to one embodiment, an apparatus may monitor a session that facilitates the processing of a transaction. The transaction may represent an action taken against a resource during the session. The apparatus may determine that the transaction qualifies for additional monitoring, and in response, generate a tag. The tag may be unique to the transaction. The apparatus may then associate the tag with the transaction to facilitate tracing of the transaction. The apparatus may then trace the transaction during the processing of the transaction by following the tag, and communicate a message to transfer the transaction to an isolated processing unit. The isolated processing unit processes the transaction in isolation.

Abstract: Generally described, the disclosed subject matter is directed to improved processes for securely accessing a meter. In accordance with one embodiment, a method for providing a mobile meter reader with an authorization that may be used to establish a secure session with a meter is implemented. In particular, the method includes issuing a request for authorization to access the meter from the mobile meter reader. If the mobile meter reader maintains sufficient rights, an authorization having an encoded digital signature is generated at a host computer system and provided to the mobile meter reader. Then the method formulates and transmits an authorization command to the meter having the encoded digital signature that was generated by the host computing system.

Abstract: A system and method for upgrading remote control application resident on a device. To this end, a markup language file is created. The markup language file has a representation of information used to setup the remote control application to communicate with an appliance. The markup language file may be executed, on the device or an intermediate client with which the device is synchronized, to upload the representation of the information to a remote server. At the remote server, the uploaded information is used to automatically display user-selectable, downloadable data files relevant to the control of the appliance. Downloaded data files, which may include command codes and/or graphical user interface elements, may be used within the device to upgrade the ability of the remote control application to communicate with the appliance. The information uploaded to the server may also be used to generate demographic data regarding consumer preferences.

Abstract: Systems and methods are provided for challenge/response animation. In one implementation, a request for protected content may be received from a client, and the protected content may comprise data. A challenge phrase comprising a plurality of characters may be determined, and a computer processor may divide the challenge phrase into at least two character subsets selected from the characters comprising the challenge phrase. Each of the at least two character subsets may include less than all of the characters comprising the challenge phrase. The at least two character subsets may be sent to the client in response to the request; and an answer to the challenge phrase may be received from the client in response to the at least two character subsets. Access to the protected content may be limited based on whether the answer correctly solves the challenge phrase.

Abstract: A control API controls secret data to be stored in a secret data storage area which is accessible only to the control API. Moreover, the control API controls the file information storing part in the secret data storage area to store (i) storing location information of the stored secret data and (ii) administrative storage location information notified by the web application so that the storing location information and the administrative storage location information are associated with each other. This makes it possible to (i) prevent a leakage of confidential information and (ii) allow an authorized web application to easily use the confidential information.

Abstract: A method of packet management for restricting access to a resource of a computer system. The method includes identifying client parameters and network parameters, as a packet management information, used to determine access to the resource, negotiating a session key between client and server devices, generating a session ID based on at least the negotiated session key, inserting the packet management information and the session ID into each information packet sent from the client device to the server device, monitoring packet management information in each information packet from the client device, and filtering out respective information packets sent to the server device from the client device when the monitored packet management information indicates that access to the resource is restricted.

Abstract: A method, device and system for enablement of desktop software functionality based on IT policy comprising determining if IT policy settings are associated with a mobile device connected to the desktop software and restricting functionality of the desktop software based on the IT policy settings for the connected mobile device.

Abstract: A system, a method, and a computer program product for public exposed objects in packaged interfaces of business process applications are provided. A service provider of a service registers a public exposed object for use by a client of the service provider by identifying the public exposed object and associating a predetermined access protocol for accessing the registered public exposed object by the client. The registered public exposed object is accessible from the service provider only. The service provider provides the registered public exposed object to the client during a transaction. The client accesses the registered public exposed object using an identifier, an attribute, an access location of the registered public exposed object, and the predetermined access protocol.