Abstract: Techniques for automatically performing one or more actions responsive to a successful login. In one embodiment, an action automatically performed responsive to the login uses content created prior to the login.

Abstract: According to some embodiments, an electronic file security management platform may receive a request from a user to access a first electronic file associated with a first application, such as a word processing document. A security characteristic associated with the user may be determined, and an encrypted version of the first electronic file may be decrypted in accordance with the security characteristic. The electronic file security management platform may then arrange for the user to access the first electronic file via the first application such that: (i) a first portion of the first electronic file is available to the user based on a first security requirement associated with the first portion and the security characteristic, and (ii) a second portion of the first electronic file is not available to the user based on a second security requirement associated with the second portion and the security characteristic.

Abstract: An architecture and techniques to facilitate lending of digital content at an authorized location to an authenticated electronic device.

Abstract: An approach for authorizing access to computing resources (e.g., electronic files) based on calendar events (e.g., meetings of a user) in a networked computing environment (e.g., a cloud computing environment) is provided. A portion/segment (e.g., private cloud) of the networked computing environment may be designated for storing at least one electronic file to be shared (e.g., as stored in a computer storage device associated with the portion). The portion of the networked computing environment may then be associated (e.g., graphically) with an electronic calendar entry (e.g., a meeting having a set of attendees). Based on the calendar entry, a set of users (e.g., the meeting attendees) authorized to access the at least one electronic file may be determined based on the electronic calendar entry. Thereafter, access (e.g., a related permissions) to the at least one electronic file may be authorized for the set of users.

Abstract: A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorized users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium.

Abstract: A method of controlled access to content, comprising joining an access sharing network, obtaining a content item from the access sharing network which requires access control data to enable playback, obtaining the access control data, determining from the access control data that a particular other device is authorized to play back the content item, and enabling playback of the content item in accordance with the access control data upon a positive determination that said other device is a member of said access sharing network. Preferably the access control data is used also during a predetermined period of time after making a determination that said other device has ceased to be a member of the access sharing network. Also a device (101) configured to carry out the method.

Abstract: A client device (100) determines whether or not access is allowed, based on security levels that are set for an application program and data held in a server device (200), and performs authentication with the server device (200) based on a challenge code generated using packet data from the application program. The server device (200), when the challenge code is transmitted thereto, transmits a preset response code to the client device (100), and permits access by the client device (100) if the server device (200) receives a set response to the response code from the client device (100).

Abstract: In certain embodiments, an information obfuscation service may be incorporated directly into the main applications processor of a portable computing device such that the applications processor and its relevant storage peripherals may be securely shared via a virtualization firmware module, avoiding the use of specialized hardware or major modifications of the operating system. The virtualizing and obfuscating storage firmware module may enable a much higher level of assurance in information-at-rest protection while using only the memory protection and privilege mode facilities inherent in common portable device applications microprocessors. The virtualizing and obfuscating storage firmware may interpose storage accesses originating from the operating system. This interposition may be performed seamlessly, without explicit knowledge of the operating system.

Abstract: Techniques involving detection of misuse of digital licenses pertaining to application use. An identification of unsigned applications or other use-protected applications enabled for use at a user device is obtained. The identification of such applications is directed to a licensing authority to seek digital license renewal for using the applications. A renewed digital license is received if the provided identification of use-protected applications corresponds to what is authorized by the licensing authority for use at the user device. In other embodiments, verification information may be provided to protect the identification of unsigned applications from tampering, such as information indicative of whether the identification of unsigned applications originated at the user device in which the use-protected applications are used, and indicative of whether the identification of the unsigned applications is a copy of a previous identification of the unsigned applications.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Abstract: A method and system for instant personalization security are provided. The system includes a platform for a user to open applications and/or access web sites. When an application is integrated with the platform, the identification of the application can be combined with the ID of the user and encrypted into a hashed ID. The application does not have access to the user's fully identifying profile (e.g., UID or other public information). Instead, the application only has access to a pseudonymous profile (e.g., the hashed ID, first name, last initial, small profile pictures, and/or other non-fully identifying profile information) of the user. One or more options are then provided for the user to authorize or reject the application to access the user's fully identifying profile. Upon the user's authorization, an access token is provided to the application to access a subset of the user's fully identifying profile.

Abstract: A method of presenting content, in accordance with one embodiment of the present invention, includes receiving a request for an item of content and selectively verifying ownership of the requested content. If verification of ownership is not to be performed for the particular request, the item of content may be served. If ownership is substantiated for the particular request, the content may also be served. If ownership is not substantiated for the particular request, the content may be purged. Ownership verification may be by access to a physical copy of the content (e.g., DVD, CD or the like).

Abstract: An encryption key module in a content providing server receives a request to stream electronic media data to the user device. The encryption key module identifies a predefined shared secret key corresponding to a key in a subscriber identity module (SIM) in the user device. The predefined shared secret key is used for encryption of data. The encryption key module encrypts the requested electronic media data based on the shared secret key and provides the encrypted electronic media data to the user device over a wireless network.

Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

Abstract: Methods and apparatus for providing media content offered by media content subscription service to portable media player devices associated with subscribers of the service are described herein. In various embodiments, particular fulfillment module, request module and media player are provided to fulfillment server(s) of the subscription service, request client devices, and portable media player devices, respectively.

Abstract: A system for automatically updating personal consumer and business contact information is disclosed. A server located “in the cloud” automatically controls a database of contact data elements, some of which have preferred privacy protocol. These protocols may restrict some data elements from being shared unless a data-owner's explicit permission is obtained. When the server receives a request for such a restricted data element, the server issues an email or text message in order to obtain the necessary permissions. If permission is granted, the server then supplies the requested data.

Abstract: Example embodiments provide a Shipment Preparation System (“SPS”), which facilitates the preparation of shipments, such as by producing shipping labels. In one embodiment, the SPS is configured to receive shipment preparation information from a bar code or other machine-readable data block in a packing list. The shipment preparation information identifies a uniform resource identifier (“URI”) that identifies a code module that is remote from the SPS. The shipment preparation information and/or the URI further includes an access token. The SPS then uses the URI to communicate with the code module in order to access shipment information (e.g., to read a read a shipping address, to store an indication that a shipment is ready for pick up). The code module restricts access to the shipment information based on the access token, such as by only allowing a limited number or duration of access via the token.

Abstract: Computer implemented methods and systems are provided for mediating access to content based on digital rights management. A request is received from a mobile device for a unit of content. A digital rights holder identity is identified for the mobile device by using a unique identifier for the mobile device. The unique identifier is an equipment identifier, an international mobile subscriber identity, a mobile subscriber identification number, or a mobile identification number. Whether the digital rights holder identity is associated with a right to receive the unit of content is determined. The unit of content is provided to the mobile device in response to a determination that the digital rights holder identity is associated with the right to receive the unit of content.

Abstract: A method for using time from a trusted host device is disclosed. In one embodiment, an application on a memory device receives a request to perform a time-based operation from an entity authenticated by the memory device, wherein the entity is running on a host device. The application selects time from the host device instead of time from a time module on the memory device to perform the time-based operation and uses the time from the host device to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for using a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, search a database of records based on the identification information, and in response to determining a match between information associated with a record in the database and the identification information, enable first access to an application initiated on the mobile device.

Abstract: A computer-implemented method may include maintaining a set of password-protection policies configured to prevent unauthorized access to a mobile device at different physical locations. The computer-implemented method may also include identifying a current physical location of the mobile device and searching a database that stores the set of password-protection policies for a particular password-protection policy that corresponds to the current physical location of the mobile device. The computer-implemented method may further include identifying, based on the search of the database, the particular password-protection policy that corresponds to the current physical location of the mobile device and then implementing the particular password-protection policy on the mobile device in response to the identification of the particular password-protection policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system of independent generation of dynamic password by a client and a server for subsequent verification of the generated password by either the server or the client is provided. The method includes registration of user ID for identification of the client and associating client's related information. Then the client provides one or more static values and one or more variable values for the registered user ID. The server then drives the base value and further the instructions are then applied on the registered ID. Thus generating the random password and further verifying the generated password with the random password and thus authorizing the client.

Abstract: A method may include storing user information associated with a first user, where the user information includes at least two of location information, presence information, address book information or calendar information. The method may also include storing access control information identifying criteria for allowing parties to access the user information and receiving, from a first party, a request for access to at least a first portion of the user information. The method may further include determining, based on the access control information, whether the first party is authorized to access the first portion of the user information and providing access to the first portion of the user information, when it is determined that the first party is authorized to access the first portion of the user information.

Abstract: A broadband gateway, which enables communication with a plurality of devices, handles at least one physical layer connection to at least one corresponding network access service provider. Security boundaries such as conditional access (CA) and/or digital right management (DRM) boundaries associated with the broadband gateway are identified based on security profiles associated with the plurality of devices and/or a service from networks. The identified security boundaries are utilized to determine or negotiate CA information for content access for the service. The received content may be distributed according to the determined CA information and the security profiles of the corresponding devices. The broadband gateway may be automatically and dynamically configured based on the identified security boundaries to secure content distribution to the devices.

Abstract: A web services hub receives a request from a data source system, transforms the request, and transmits the transformed request to an external system. A secure service router is coupled to the web services hub. The secure service router authenticates the data source system and locates a transformation service to transform the request.

Abstract: The present invention relates to the field of real-time executives and their adaptation for secure execution on a multicore processor. There is defined, in addition to the level of certification intrinsic to each task, a level of security relating to the criticality of the execution of the instance of the task in its context and by a method of sequencing distributed over the various cores which make it possible to exchange, during each time interval, the information relating to the level of certification and to the level of security of each of the tasks getting ready to be launched. A decision is then taken on each core for launching the task envisaged as a function of the relevant information received from the other cores.

Abstract: A certificate generation method executed by a computer, includes receiving specific information and configuration information of a communication device collected by an information processing apparatus, the specific information and the configuration information being transmitted from the communication device provided with the information processing apparatus having tamper resistance; determining a communication address of the communication device based on the specific information if a combination of the received specific information and the received configuration information of the communication device is equivalent to information stored beforehand in a storage unit; generating an electronic certificate including a part of or all of the specific information and the configuration information, and the determined communication address; and transmitting the electronic certificate to the communication device.

Abstract: A method is disclosed to selectively provide information to one or more remote computing devices. The method provides an information storage and retrieval system comprising first information, a first logical partition, and a second logical partition, where the first information is disposed in the first logical partition. The method further provides a data extraction algorithm, forms second information comprising an instantaneous point-in-time copy of the first information, and forms third information from the second information using the data extraction algorithm. The method then migrates the third information from the first logical partition to the second logical partition, and provides access rights to that third information to one or more computing devices capable of communicating with the information storage and retrieval system.

Abstract: Personal Digital Server (“PDS”) is a unique computer application for the storage, updating, management and sharing of all types of digital media files, including audio, video, images and documents, irrespective of their format. PDS provides users with a single location to store and access, both locally and remotely, all of their digital media. It also provides the user total control of the overall management of these assets.

Abstract: This invention relates to a system and a method of generating an Authorized Domain (AI)), the method comprising the steps of selecting a domain identifier (Domain ID) uniquely identifying the Authorized Domain, binding at least one user (P1, P2, . . . , PN1) to the domain identifier (Domain ID), and binding at least one device (D1, D2, . . . , DM) to at least one user (P1, P2, . . . , PN1), thereby obtaining a number of devices (D1, D2, . . . , DM) and a number of users (P1, P2, . . . , PN1) that is authorized to access a content item (C1, C2, CN2) of said Authorized Domain (100). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of said Authorized Domain (100) is obtained. Additionally, it is possible to enable automatic assignment of imported content being imported on a device belonging to the Authorized Domain (AD) since it now is given to which person a given authorized device belongs to.

Abstract: A method of identity attribute validation at a computer server involves the computer server receiving an identity attribute validation request from a communication terminal. The computer server further receives a credential, and is configured with an attribute disclosure profile of attributes authorized for disclosure to the communication terminal. The computer server determines the validity of the credential, and provides the communication terminal with a response to the identity attribute validation request based on an outcome of the credential validity determination. The attribute validation response includes attributes data associated with the credential authorized for disclosure by the attribute disclosure profile but excludes attributes data associated with the credential not authorized for disclosure by the attribute disclosure profile.

Abstract: A memory subsystem and method for loading and storing data at memory addresses of the subsystem. The memory subsystem is functionally connected to a processor and has a first mode of address encryption to convert logical memory addresses generated by the processor into physical memory addresses at which the data are stored in the memory subsystem. The memory subsystem is adapted to pull low a write enable signal to store data in the memory subsystem and to pull high the write enable signal to load data in the memory subsystem, wherein if pulled high the write enable signal alters the address encryption from the first mode to a second mode. The memory subsystem is adapted to be coupled to a local hardware device which supplies a key that acts upon the address encryption of the memory subsystem.

Abstract: A system controlling online access to a study course verifies the identity of an individual taking a study course over a global computer network from a first computer at a node of the network. The first computer has a biometric identification program and communicates over the network with a second computer that is at a network node other than a node of the first computer. The second computer includes study program material. The first computer operates a biometric reader, which obtains a first set of biometric data from the individual and a second set of biometric data from the individual while access is granted to course material. The biometric identification program compares the first set of data with the second set of data to make a verification of the identity of the individual and communicates the verification to the second computer.

Abstract: A clipboard in an electronic system protects sensitive data by copying data into a clipboard of an electronic system as an entry and selectively blocking access to the sensitive data. An entry protect status is associated with a clipboard entry that is arranged to store copied data that is sensitive. The entry protect status is changed to indicate the entry protect status is set to block access to the copied data. Access to the copied data for which the entry protect status has been changed is selectively blocked.

Abstract: Systems and methods for managing access to electronic products are described. In an embodiment, a system implemented method includes receiving, from a source, a first code associated with an item; receiving, from another source, another first code and a second code associated with the item; evaluating the first code with the another first code; associating the second code with the first code based on a result from the evaluating; identifying an access key, and transmitting the access key to the second source, the access key is for accessing one or more rights associated with the item.

Abstract: Various embodiments relating to remote installation of digital content on unlicensed computing machines are provided. In one embodiment, an unlicensed computing machine at which to install a licensed digital content item is identified by a licensed computing machine, a request to transfer a license for the licensed digital content item to the unlicensed computing machine is sent from the licensed computing machine to an authorization service computing machine, and delivery of the licensed digital content item to the unlicensed computing machine is initiated.

Abstract: A processor-implemented method, system, and/or computer program product defines multiple security-enabled context-based data gravity wells on a security-enabled context-based data gravity wells membrane. Non-contextual data objects are associated with context objects to define synthetic context-based objects. The synthetic context-based objects are associated with one or more security objects to generate security-enabled synthetic context-based objects, which are parsed into an n-tuple that includes a pointer to one of the non-contextual data objects, a probability that a non-contextual data object has been associated with a correct context object, probability that the security object has been associated with a correct synthetic context-based object, and a weighting factor of importance of the security-enabled synthetic context-based object.

Abstract: Methods and systems for defining and generating fine-grained access policy for authorizing software package updates are provided. The methods of defining and enforcing a package update policy include providing a package update policy file that identifies a set of software packages and users authorized to perform package updates in association with the set of software packages, and storing the policy file on computers in a managed network. When a computer in the managed network receives a request from an unprivileged user to update a software package on the computer, the computer retrieves the package update policy file and determines an authorization of the user to update the software package based on an identity of the user, an identity of the software package, and the policy file. The computer then processes the request based on the determined authorization of the user.

Abstract: The present invention relates to a method for providing an interoperable digital rights management system for content data on a client based on synchronization technology, the method comprising the steps of: —receiving of a selection of content data from the, client, —generating of an XML file having a defined DTD format, the XML file comprising license information and a locator for the content data, —sending of the XML file to the client, synchronizing any license status relates data produced on the client back to the server.

Abstract: A method for joining a user domain based on digital right management (DRM), a method for exchanging information between a user device and a domain enforcement agent, and a method for exchanging information between user devices belonging to the same user domain include sharing a domain session key between the user device and the domain enforcement agent or between the user devices belonging to the same user domain. Information is exchanged through a secure session set up between the user device and domain enforcement agent or between the user devices, and information exchange occurs through encryption/decryption using the domain session key.

Abstract: A system that controls access to program assets, such as software programs or modules, is described. During operation, this system associates a first license code with a first group of program assets and associates a first master code with the first license code, where the first group of program assets includes one or more program assets associated with a first provider, and the first license code identifies the first master code. Then, the system provides the first license code, the first master code, and a pre-defined function to the first provider, and hosts the first group of program assets on a website. Note that the first master code and the pre-defined function allow the first provider to generate a first validation code for a customer. Moreover, the first validation code and the first license code, at least in part, allow the customer to access the first group of program assets hosted on the website, thereby facilitating independent marketing of the first group of program assets by the first provider.

Abstract: A method and system for capacity licensing are disclosed. According to one embodiment, a computer implemented method comprises receiving a capability request from a device, sending a capability response to the device, the capability response comprising a serving of license rights. A deduction record is stored, the deduction record deducting a license from a license pool. An information request is received from the device, and an information response is sent.

Abstract: Provided is a Captcha Access Control System (CACS) for generating an improved captcha that are based, in one described embodiment, upon a command in one format and a response in a different format, one or both of which are rendered in a format that is difficult for an automated system to interpret. A computer system or program to which a user is requesting access generates a textual or audible command. A video device captures the user's response and transmits the response to a response evaluation device. Based upon an analysis of the transmitted video and a comparison between the analyzed video and the command, the computer or program either enables access or denies access.

Abstract: A computing device and method for managing security of a memory or storage device without the need for administer privileges. To access the secure memory, a host provides a data block containing a control command and authentication data to the memory device. The memory device includes a controller for controlling access to a secure memory in the memory device. The memory device identifies the control command in the data block, authenticates the control command bused on the authentication data, and executes the control command to allow the host device to access the secure memory.

Abstract: A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: A license receiver comprises a viewing license invalidating unit which invalidates a viewing license of a content a viewing time limit of which is not determined, and a first control unit. When the first control unit reproduces the content, (i) if the viewing license is valid, the first control unit determines the viewing time limit, and (ii) if the viewing license is invalid, the first control unit transmits a viewing license request including a request of determining viewing time limit, to the license server, and receives the determined viewing time from the license server. When the first control unit writes out the content to an exchangeable medium before reproducing the content, if the viewing license is valid, the first control unit invalidates the viewing license and writes out the non-determined viewing time limit to the exchangeable medium.

Abstract: Technologies are described herein for post attack man-in-the-middle detection. A first computer receives and stores public key certificates when connections are established. The first computer also uploads the stored public key certificates associated with a domain to a second computer each time a connection is established with the domain. The second computer receives the public key certificates from the first computer. The second computer then determines whether any of the public key certificates provided by the first computer are fraudulent certificates by comparing the received certificates to known valid certificates. If the second computer determines that the first computer has received one or more fraudulent certificates, the second computer may cause action to be taken with regard to the fraudulent certificates.

Abstract: The present invention provides a new method for user centered privacy which works across all 3rd party sites where users post content, or even for encryption of emails. Users have an identity with a Hyde-It Identity provider (HIP) which authenticates the user to a Hyde-It Service (HITS) which performs key distribution. The functionality can be invoked through a user toolbar, built into the browser or be downloaded on demand via a bookmarklet.

Abstract: A method of operating an electronic device comprises detecting access to private information stored in memory of the electronic device. The detecting is performed by a privacy management module downloadable to the electronic device as object code for execution on the electronic device and the access is performed by a client application program. The method further comprises tracking, using the privacy management module, the private information being accessed by the client application program, and reconfiguring the electronic device, using the privacy management module, to change the access to the private information by the client application program according to at least one privacy access policy stored in the electronic device.