Abstract: A method for using time from a trusted host device is disclosed. In one embodiment, an application on a memory device receives a request to perform a time-based operation from an entity authenticated by the memory device, wherein the entity is running on a host device. The application selects time from the host device instead of time from a time module on the memory device to perform the time-based operation and uses the time from the host device to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A method and system of independent generation of dynamic password by a client and a server for subsequent verification of the generated password by either the server or the client is provided. The method includes registration of user ID for identification of the client and associating client's related information. Then the client provides one or more static values and one or more variable values for the registered user ID. The server then drives the base value and further the instructions are then applied on the registered ID. Thus generating the random password and further verifying the generated password with the random password and thus authorizing the client.

Abstract: Computer implemented methods and systems are provided for mediating access to content based on digital rights management. A request is received from a mobile device for a unit of content. A digital rights holder identity is identified for the mobile device by using a unique identifier for the mobile device. The unique identifier is an equipment identifier, an international mobile subscriber identity, a mobile subscriber identification number, or a mobile identification number. Whether the digital rights holder identity is associated with a right to receive the unit of content is determined. The unit of content is provided to the mobile device in response to a determination that the digital rights holder identity is associated with the right to receive the unit of content.

Abstract: The present invention relates to the field of real-time executives and their adaptation for secure execution on a multicore processor. There is defined, in addition to the level of certification intrinsic to each task, a level of security relating to the criticality of the execution of the instance of the task in its context and by a method of sequencing distributed over the various cores which make it possible to exchange, during each time interval, the information relating to the level of certification and to the level of security of each of the tasks getting ready to be launched. A decision is then taken on each core for launching the task envisaged as a function of the relevant information received from the other cores.

Abstract: A certificate generation method executed by a computer, includes receiving specific information and configuration information of a communication device collected by an information processing apparatus, the specific information and the configuration information being transmitted from the communication device provided with the information processing apparatus having tamper resistance; determining a communication address of the communication device based on the specific information if a combination of the received specific information and the received configuration information of the communication device is equivalent to information stored beforehand in a storage unit; generating an electronic certificate including a part of or all of the specific information and the configuration information, and the determined communication address; and transmitting the electronic certificate to the communication device.

Abstract: This invention relates to a system and a method of generating an Authorized Domain (AI)), the method comprising the steps of selecting a domain identifier (Domain ID) uniquely identifying the Authorized Domain, binding at least one user (P1, P2, . . . , PN1) to the domain identifier (Domain ID), and binding at least one device (D1, D2, . . . , DM) to at least one user (P1, P2, . . . , PN1), thereby obtaining a number of devices (D1, D2, . . . , DM) and a number of users (P1, P2, . . . , PN1) that is authorized to access a content item (C1, C2, CN2) of said Authorized Domain (100). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of said Authorized Domain (100) is obtained. Additionally, it is possible to enable automatic assignment of imported content being imported on a device belonging to the Authorized Domain (AD) since it now is given to which person a given authorized device belongs to.

Abstract: A method is disclosed to selectively provide information to one or more remote computing devices. The method provides an information storage and retrieval system comprising first information, a first logical partition, and a second logical partition, where the first information is disposed in the first logical partition. The method further provides a data extraction algorithm, forms second information comprising an instantaneous point-in-time copy of the first information, and forms third information from the second information using the data extraction algorithm. The method then migrates the third information from the first logical partition to the second logical partition, and provides access rights to that third information to one or more computing devices capable of communicating with the information storage and retrieval system.

Abstract: A memory subsystem and method for loading and storing data at memory addresses of the subsystem. The memory subsystem is functionally connected to a processor and has a first mode of address encryption to convert logical memory addresses generated by the processor into physical memory addresses at which the data are stored in the memory subsystem. The memory subsystem is adapted to pull low a write enable signal to store data in the memory subsystem and to pull high the write enable signal to load data in the memory subsystem, wherein if pulled high the write enable signal alters the address encryption from the first mode to a second mode. The memory subsystem is adapted to be coupled to a local hardware device which supplies a key that acts upon the address encryption of the memory subsystem.

Abstract: A method of identity attribute validation at a computer server involves the computer server receiving an identity attribute validation request from a communication terminal. The computer server further receives a credential, and is configured with an attribute disclosure profile of attributes authorized for disclosure to the communication terminal. The computer server determines the validity of the credential, and provides the communication terminal with a response to the identity attribute validation request based on an outcome of the credential validity determination. The attribute validation response includes attributes data associated with the credential authorized for disclosure by the attribute disclosure profile but excludes attributes data associated with the credential not authorized for disclosure by the attribute disclosure profile.

Abstract: A system controlling online access to a study course verifies the identity of an individual taking a study course over a global computer network from a first computer at a node of the network. The first computer has a biometric identification program and communicates over the network with a second computer that is at a network node other than a node of the first computer. The second computer includes study program material. The first computer operates a biometric reader, which obtains a first set of biometric data from the individual and a second set of biometric data from the individual while access is granted to course material. The biometric identification program compares the first set of data with the second set of data to make a verification of the identity of the individual and communicates the verification to the second computer.

Abstract: Personal Digital Server (“PDS”) is a unique computer application for the storage, updating, management and sharing of all types of digital media files, including audio, video, images and documents, irrespective of their format. PDS provides users with a single location to store and access, both locally and remotely, all of their digital media. It also provides the user total control of the overall management of these assets.

Abstract: Various embodiments relating to remote installation of digital content on unlicensed computing machines are provided. In one embodiment, an unlicensed computing machine at which to install a licensed digital content item is identified by a licensed computing machine, a request to transfer a license for the licensed digital content item to the unlicensed computing machine is sent from the licensed computing machine to an authorization service computing machine, and delivery of the licensed digital content item to the unlicensed computing machine is initiated.

Abstract: A clipboard in an electronic system protects sensitive data by copying data into a clipboard of an electronic system as an entry and selectively blocking access to the sensitive data. An entry protect status is associated with a clipboard entry that is arranged to store copied data that is sensitive. The entry protect status is changed to indicate the entry protect status is set to block access to the copied data. Access to the copied data for which the entry protect status has been changed is selectively blocked.

Abstract: Systems and methods for managing access to electronic products are described. In an embodiment, a system implemented method includes receiving, from a source, a first code associated with an item; receiving, from another source, another first code and a second code associated with the item; evaluating the first code with the another first code; associating the second code with the first code based on a result from the evaluating; identifying an access key, and transmitting the access key to the second source, the access key is for accessing one or more rights associated with the item.

Abstract: A processor-implemented method, system, and/or computer program product defines multiple security-enabled context-based data gravity wells on a security-enabled context-based data gravity wells membrane. Non-contextual data objects are associated with context objects to define synthetic context-based objects. The synthetic context-based objects are associated with one or more security objects to generate security-enabled synthetic context-based objects, which are parsed into an n-tuple that includes a pointer to one of the non-contextual data objects, a probability that a non-contextual data object has been associated with a correct context object, probability that the security object has been associated with a correct synthetic context-based object, and a weighting factor of importance of the security-enabled synthetic context-based object.

Abstract: The present invention relates to a method for providing an interoperable digital rights management system for content data on a client based on synchronization technology, the method comprising the steps of: —receiving of a selection of content data from the, client, —generating of an XML file having a defined DTD format, the XML file comprising license information and a locator for the content data, —sending of the XML file to the client, synchronizing any license status relates data produced on the client back to the server.

Abstract: Methods and systems for defining and generating fine-grained access policy for authorizing software package updates are provided. The methods of defining and enforcing a package update policy include providing a package update policy file that identifies a set of software packages and users authorized to perform package updates in association with the set of software packages, and storing the policy file on computers in a managed network. When a computer in the managed network receives a request from an unprivileged user to update a software package on the computer, the computer retrieves the package update policy file and determines an authorization of the user to update the software package based on an identity of the user, an identity of the software package, and the policy file. The computer then processes the request based on the determined authorization of the user.

Abstract: A method for joining a user domain based on digital right management (DRM), a method for exchanging information between a user device and a domain enforcement agent, and a method for exchanging information between user devices belonging to the same user domain include sharing a domain session key between the user device and the domain enforcement agent or between the user devices belonging to the same user domain. Information is exchanged through a secure session set up between the user device and domain enforcement agent or between the user devices, and information exchange occurs through encryption/decryption using the domain session key.

Abstract: A system that controls access to program assets, such as software programs or modules, is described. During operation, this system associates a first license code with a first group of program assets and associates a first master code with the first license code, where the first group of program assets includes one or more program assets associated with a first provider, and the first license code identifies the first master code. Then, the system provides the first license code, the first master code, and a pre-defined function to the first provider, and hosts the first group of program assets on a website. Note that the first master code and the pre-defined function allow the first provider to generate a first validation code for a customer. Moreover, the first validation code and the first license code, at least in part, allow the customer to access the first group of program assets hosted on the website, thereby facilitating independent marketing of the first group of program assets by the first provider.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: Provided is a Captcha Access Control System (CACS) for generating an improved captcha that are based, in one described embodiment, upon a command in one format and a response in a different format, one or both of which are rendered in a format that is difficult for an automated system to interpret. A computer system or program to which a user is requesting access generates a textual or audible command. A video device captures the user's response and transmits the response to a response evaluation device. Based upon an analysis of the transmitted video and a comparison between the analyzed video and the command, the computer or program either enables access or denies access.

Abstract: A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement.

Abstract: Technologies are described herein for post attack man-in-the-middle detection. A first computer receives and stores public key certificates when connections are established. The first computer also uploads the stored public key certificates associated with a domain to a second computer each time a connection is established with the domain. The second computer receives the public key certificates from the first computer. The second computer then determines whether any of the public key certificates provided by the first computer are fraudulent certificates by comparing the received certificates to known valid certificates. If the second computer determines that the first computer has received one or more fraudulent certificates, the second computer may cause action to be taken with regard to the fraudulent certificates.

Abstract: A license receiver comprises a viewing license invalidating unit which invalidates a viewing license of a content a viewing time limit of which is not determined, and a first control unit. When the first control unit reproduces the content, (i) if the viewing license is valid, the first control unit determines the viewing time limit, and (ii) if the viewing license is invalid, the first control unit transmits a viewing license request including a request of determining viewing time limit, to the license server, and receives the determined viewing time from the license server. When the first control unit writes out the content to an exchangeable medium before reproducing the content, if the viewing license is valid, the first control unit invalidates the viewing license and writes out the non-determined viewing time limit to the exchangeable medium.

Abstract: A computing device and method for managing security of a memory or storage device without the need for administer privileges. To access the secure memory, a host provides a data block containing a control command and authentication data to the memory device. The memory device includes a controller for controlling access to a secure memory in the memory device. The memory device identifies the control command in the data block, authenticates the control command bused on the authentication data, and executes the control command to allow the host device to access the secure memory.

Abstract: The present invention provides a new method for user centered privacy which works across all 3rd party sites where users post content, or even for encryption of emails. Users have an identity with a Hyde-It Identity provider (HIP) which authenticates the user to a Hyde-It Service (HITS) which performs key distribution. The functionality can be invoked through a user toolbar, built into the browser or be downloaded on demand via a bookmarklet.

Abstract: A method and system for capacity licensing are disclosed. According to one embodiment, a computer implemented method comprises receiving a capability request from a device, sending a capability response to the device, the capability response comprising a serving of license rights. A deduction record is stored, the deduction record deducting a license from a license pool. An information request is received from the device, and an information response is sent.

Abstract: A method of operating an electronic device comprises detecting access to private information stored in memory of the electronic device. The detecting is performed by a privacy management module downloadable to the electronic device as object code for execution on the electronic device and the access is performed by a client application program. The method further comprises tracking, using the privacy management module, the private information being accessed by the client application program, and reconfiguring the electronic device, using the privacy management module, to change the access to the private information by the client application program according to at least one privacy access policy stored in the electronic device.

Abstract: A method, system, and device for verifying authorized issuance of a statement or expression, including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.

Abstract: A computing device detects a command to perform a print screen operation. On detecting the command to perform the print screen operation, the computing device identifies a file associated with a displayed application window. The computing device determines whether the file contains confidential information. Upon determining that the file contains confidential information, the computing device performs an action to enforce a data loss prevention policy.

Abstract: A method for programming a vehicle module via a secure programming system. The method carried out by the system involves generating a credentials media containing one or more secure credentials. Then, a credentials programmer programs one or more vehicle modules using the credentials media. During each stage of the vehicle module programming, the programming status is securely updated in the credential media. In case of a programming failure, the credentials media is used in a secondary credentials programmer to program the vehicle modules.

Abstract: A method and system configured to use HTML5 layout for rendering a native downloaded graphical user interface is disclosed herein. The system is comprised of a mobile device, a native downloadable application, a mobile web services API, a native application authoring tool, and an HTML5 authoring tool. The HTML5 authoring tool is used to create an application layout conformant with the HTML5 standards and practices.

Abstract: An approach is provided for relaying media and creating new content from the media via a social network. Audio content is caused to be received from one of a plurality of devices. The one device is associated with a member of a first list of contacts. New audio content is generated based on the received audio content. The new audio content is caused, at least in part, to be transmitted to another one of the devices. The other one device is associated with a member of a second list of contacts.

Abstract: In a method and arrangement for the secure transmission of at least one electronic message from a first terminal of a first user to at least one second terminal of a second user, the electronic message is generated by the first terminal. The electronic message is received by the second terminal. The electronic message is transmitted by an infrastructure for legally binding transmission of electronic messages from the first terminal to the second terminal. A first security module connected to the first terminal encrypts and/or signs the electronic message before the electronic message is transmitted by the infrastructure from the first terminal to the second terminal. A second security module, connected to the second terminal, decrypts the transmitted electronic message and/or verifies the signed electronic message.

Abstract: A method and system for service provision, including: a web browser in a first communications device (e.g. a personal computer) running a script from a source (e.g. a remote web server) trusted by the first communications device's user; sending, from the first device to a second communications device (e.g. a smartphone) that has a web server, a user-verified indication of the trusted source; sending, from the first device to the second device: a service request, for a service required by script currently running on the web browser, and an indication of the source of the current script; the second device comparing the indicated source of the current script to the indicated trusted source; and the second device providing the requested service only if the indicated source of the current script corresponds to the indicated trusted source.

Abstract: Systems, methods, and software for enabling software for industrial automation systems and equipment are provided herein. In one example, a non-transitory computer readable medium having stored thereon program instructions executable by a computing device is presented. When executed by the computing device, the program instructions direct the computing device to receive a request for enabling use of software for an industrial control device, identify a code capable of enabling the software based at least in part on the request, and communicate the code to a user to use to enable the software for the industrial control device.

Abstract: Methods and systems are provided for identifying a computing device and/or the user of such a device and granting or prohibit access to one or more devices based on the location of the computing device. User devices include receivers and emitters for localization signals, and behavior of user devices or user interaction devices are modified according to received localization signals. Example systems may provide tracking media streaming to local devices, automatic configuration of transmitters, or adaptation of multi-user interactions based on user location.

Abstract: Some embodiments of the invention provide a mobile device that restricts access to its applications. The mobile device, displays, on the device's touch screen display, a lock screen page for accessing the device in a primary access mode or a secondary access mode. The primary access mode provides access to several of the device's applications, and the secondary access mode provides access to a limited set of the applications. The mobile device receives a touch input on the lock screen page to access the device in the secondary access mode. The mobile device unlocks the device to the secondary access mode by allowing access to the set of applications and restricting access to the remaining applications in the plurality of applications.

Abstract: A method for accessing media content may include converting an artistic item on a hard-copy media implementation to a digital media file. The method may also include receiving a first request to access the digital media file from a client device. The method may include determining that the digital media file is available for the client device to access. The method may include approving the first request by providing a presentation of the digital media file to the client device. The method may further include receiving a second request from the client device to add one or more features to the presentation of the digital media file. The method may include adding the one or more features to the presentation of the digital media file.

Abstract: Provided are techniques for receiving a first request from a first application for a particular data element; making a determination, with respect to the first request, of whether or not to provide access to the particular data element to the first application; and in response to a determination to provide access to the first application, providing the first application with access to the particular data element; and in response to a determination not to provide access to the first application, providing the first application access to a first dummy data element.

Abstract: A device and method for an asset protection scheme includes receiving, by a data chunk serving server, a first request for an asset from a client device; transmitting, by the data chunk serving server, a plurality of data chunks to the client device, each of the data chunks corresponding to a portion of the asset; receiving, by a key serving server, a second request for key data from the client device, the key data corresponding to data removed from the asset to create the plurality of data chunks, wherein the plurality of data chunks and the key data correspond to an entirety of the asset; and transmitting, by the key serving server, the key data to the client device.

Abstract: A system for protecting the digital rights of content owners allows digital media to be delivered to only those media rendering client devices that have been approved for the media content. Before delivering requested media, the media service provider may determines whether the media rendering client device that requested the media is the type of device that is authorized to receive the request media. If it is, the media service provider may transmit the media to a middleman server over a network (such as the Internet). A middleman server may then serves the media to the client device over a local network. By allowing the media content to be distributed to approved devices only, the media service provider can prevent a user from using the media in a way that is not authorized by the content owner.

Abstract: A method responsive to receiving a data from a computing device connected to the computer in a cloud computing system or data center, identifies a criteria associated with the computing device, responsive to identifying the criteria, determines whether the data is authorized for transmission to a storage in the cloud computing system or data center, and responsive to determining that the data is authorized for transmission to the storage, forwards the data to the storage.

Abstract: A method and system for software package auditing is described. A processing device receives user input that identifies one or more software packages to be included in a software product release. The one or more identified packages are imported into a package audit tool executable by the processing device and the package audit tool automatically validates that the imported packages comply with a set of one or more requirements specified for the software product release using the package audit tool.

Abstract: Mobile devices provide security based on geographic location. With such a technique, a mobile device may automatically check its current location against geographic information as to the location(s) in which it is permitted to operate. When the user attempts access to the device, the mobile device will prompt the user for his/her credential only if the geographic location matches an allowed location. The user gains access then by inputting information corresponding to the credential, e.g. username and password, of a valid user. In the examples, if the geographic location does not match an allowed location, the mobile device provides a warning to the user, and the user is not allowed to enter any credential information. Optionally, the mobile device may send an alert message about the device being taken outside a specified boundary, e.g. to report the situation to other personnel.

Abstract: In one aspect, a computing apparatus is configured to verify a digital signature applied on a set of data received from a user device, including an user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.

Abstract: Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices.

Abstract: Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles.

Abstract: Systems and methods are presented for accessing an application available from a data center of a program execution service. The metadata associated with a user computing device may be used to determine whether the user computing device is authorized to access the application through a virtual desktop instance. At least a portion of the application may be executed by the virtual desktop instance and provided to the user. Applications may be purchased, licensed, or rented by a user.

Abstract: Apparatus, method, and media for utilizing content. An exemplary method comprises storing a description structure comprising one or more usage rights, storing content associated with the one or more usage rights, receiving a request for the content, the request corresponding to a utilization of the content, determining whether the utilization corresponds to at least one of the one or more usage rights, determining whether the computing device is an authorized device, and utilizing the content in accordance with the at least one of the one or more usage rights based at least in part on a determination that the utilization corresponds to the at least one of the one or more usage rights and a determination that the computing device is an authorized device.