Abstract: This disclosure relates, e.g., to governing distribution of content on a web-based service.

Abstract: The inventive concept provides a security device capable of reducing an area of a die required for implementation of a stable PUF by increasing the value of entropy from a predefined number of entropy sources and/or minimizing a blind zone of a validity checking module. The security device uses an asynchronous configuration to minimize a blind zone. In various embodiments of the inventive concept, the blind zone is generated only in a period when a reset signal is at a first logic level. Therefore, it is possible to minimize the blind zone by minimizing a period in which the reset signal is at such logic level. A semiconductor device, semiconductor package, and/or smart card can be provided with such security device, as well as a method for determining a validity of a random signal using a semiconductor security device.

Abstract: A third party is configured to establish a virtual secure channel between a source SSD and a destination SSD via which the third party reads protected digital data from the source SSD and writes the protected digital data into the destination SSD after determining that each party satisfies eligibility prerequisites. An SSD is configured to operate as a source SSD, from which protected data can be copied to a destination SSD, and also as a destination SSD, to which protected data of a source SSD can be copied.

Abstract: Systems, methods, and program products are provided for selectively restricting the transmission of copy protected digital media content from a computer system, over a network, and to a remote display. In one embodiment, a method includes the steps of capturing digital media content rendered on the local display by a media player application executed by the computer system; determining whether the media player application is accessing copy protected digital media content; and, if the media player application is not accessing copy protected digital media content, converting the captured digital media content to a media stream and transmitting the media stream over a network for presentation on a remote display.

Abstract: Methods for remote activation and permanent or temporary deactivation of integrated circuits (IC) for digital rights management are disclosed. Remote activation enables designers to remotely control each IC manufactured by an independent silicon foundry. Certain embodiments of the invention exploit inherent unclonable variability in modern manufacturing for the creation of unique identification (ID) and then integrate the IDs into the circuit functionality. Some of the objectives may be realized by replicating a subset of states of one or more finite state machines and by superimposing additional state transitions that are known only to the designer. On each chip, the added transitions signals are a function of the unique IDs and are thus unclonable. The method and system of the invention is robust against operational and environment conditions, unclonable and attack-resilient, while having a low overhead and a unique key for each IC with very high probability.

Abstract: An information processing apparatus including: a data processing unit which performs copy processing for recording recorded data of a first medium in a second medium, wherein the data processing unit performs processing for referencing copy restriction information received from a management server, comparing the copy restriction information with apparatus setting information set in a memory of the information processing apparatus, determining whether or not the copy processing is permitted in accordance with the comparison result, and copying recorded data of the first medium to the second medium under the condition it is determined that the copy processing is permitted.

Abstract: A method and system for processing data is described, the method and system including encoding a string of symbols, each having a respective symbol value, as a sequence of vectors, each vector including a respective number of repetitions of a sub-vector of a predefined length, such that the respective number of the repetitions in each vector in the sequence is indicative of the respective symbol value of a corresponding symbol in the string, and applying a watermark to an item of content including digital data by inserting the sequence of the vectors into the data. Related methods, systems and apparatus are also described.

Abstract: Systems and methods for authenticating playback devices using timestamp validation in accordance with embodiments of the invention are disclosed. One embodiment includes securely storing at least one timestamp in memory within a playback device in response to the occurrence of at least one predetermined event, where a stored timestamp is based on the current time of a system clock when an event occurs, generating a cryptographic key using the at least one timestamp, securing cryptographic data using the cryptographic key, receiving a request to playback encrypted content, where the encrypted content is accessible using the cryptographic data, accessing the at least one timestamp, generating the cryptographic key, accessing the cryptographic data using at least the cryptographic key, and playing back the content using the playback device.

Abstract: Methods for scanning software for the existence of a licensing condition. Software may be uploaded, scanned and compared against known software stored in a datastore. If the uploaded software matches known software in the datastore, a license associated with the known software may be determined. The license may have information associated with it, such as a classification based on risk and obligations. The classification of the license, as well as the obligation information may be returned as a report to a requester that uploaded software to easily identify the risks associated with incorporating the software into a larger code base or project.

Abstract: A user can be authenticated via traversal of a three-dimensional structure and entry of an authentication code. For example, a user-entered authentication code can be compared to an authentication code, and a user-selected element of the structure can be compared to a destination element resulting from following an authentication path through the structure beginning at a starting element. As another example, a user-selected ordered series of elements of the structure and corresponding user-entered sub-codes can be respectively compared to an authentication ordered series of elements of the structure resulting from following ordered steps of an authentication path through the structure beginning at the starting element and to sub-codes of an authentication code.

Abstract: An optical writing apparatus has a part configured to superpose an unauthorized copy protection pattern on image data; a control part configured to recognize the unauthorized copy protection pattern, correct image data of the unauthorized copy protection pattern in pixel unit, and control a size of an isolated dot included in the unauthorized copy protection pattern; and a writing part configured to write a corresponding image on a photosensitive body based on the thus-corrected image data.

Abstract: To provide a configuration in which a unit classification number corresponding to a content playback path is set based on various units. A unit classification number defining a playback path of content including encrypted data having different variations generated by encrypting a segment portion which forms the content by using a plurality of segment keys and encrypted content generated by encrypting a non-segment portion by a unit key is set based on various units, such as a content management unit and an index. In a CPS unit key file storing key generating information concerning CPS units as content management units, settings of unit classification numbers are indicated. Based on the CPS unit key file, a unit classification number to which content to be played back belongs can be obtained.

Abstract: Disclosed are various embodiments for inhibiting or preventing automated data extraction from network pages. A source for a network page having a document structure is obtained. An obfuscated network page is generated from the network page by altering the document structure to inhibit automated extraction of data. The obfuscated network page is configured to have a visual appearance that is the same as that of the network page when rendered by a client for display. The obfuscated network page is sent to the client in response to a request from the client for the network page.

Abstract: An information processing system includes: a client executing acquisition and reproduction of contents; a management server providing the client with content selection information applied for acquisition of contents; and a content providing server receiving the content selection information from the client and providing the content selected in accordance with the content selection information, wherein the content selection information includes content identifiers as identifiers of encrypted contents respectively encrypted by different encryption keys and range information indicating data areas of range data which is configuration data of respective encrypted contents, and the content providing server provides the client with an encrypted content formed by combining range data as partial data of the encrypted contents specified by the content identifiers and the range information.

Abstract: A method and system are provided for counterfeit prevention for optical media. In one example, a system is provided for verifying authenticity information on an optical medium. The system receives the optical medium including a fingerprint having at least one probabilistic feature. A probabilistic feature is a physical feature having both a substantial chance to be read as a first value and a substantial chance to be read as a second value. The system receives an o-DNA signature-at-issuance. The system calculates an o-DNA signature-at-verification by reading each probabilistic feature plural times. The system calculates a vector-of-differences between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences includes a maximum distance metric between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences indicates the optical medium is authentic if the maximum distance metric is less than a threshold.

Abstract: Watermarks may be used to deter certain types of information leaks. In one example, leaks occur in the form of posting, in public forums, screen shots of private pages. To deter this example kind of leak, private web pages within an organization may be watermarked with an experience identifier that identifies the session in which the screen shot is captured. Other information may also be included in the watermark. The watermark may be designed to survive image compression, so that it can be recovered from either a compressed or uncompressed image of the web page. By using an experience identifier recovered from the watermark, and logs that describe activity associated with that experience identifier, it may be possible to identify the source of the information leak.

Abstract: The present invention provides a method and apparatus for the production and labeling of objects in a manner suitable for the prevention and detection of counterfeiting. Thus, the system incorporates a variety of features that make unauthorized reproduction difficult. In addition, the present invention provides a system and method for providing a dynamically reconfigurable watermark, and the use of the watermark to encode a stochastically variable property of the carrier medium for self-authentication purposes.

Abstract: A method of controlled access to content, comprising joining an access sharing network, obtaining a content item from the access sharing network which requires access control data to enable playback, obtaining the access control data, determining from the access control data that a particular other device is authorized to play back the content item, and enabling playback of the content item in accordance with the access control data upon a positive determination that said other device is a member of said access sharing network. Preferably the access control data is used also during a predetermined period of time after making a determination that said other device has ceased to be a member of the access sharing network. Also a device (101) configured to carry out the method.

Abstract: A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper.

Abstract: An image processing apparatus includes a determination unit configured to determine whether secret information that should not be transmitted to a web server is contained in an HTML file provided by a web server. A web browser does not transmit the secret information determined by the determination unit to the web server. A job control unit executes a device function using the secret information that is not transmitted to the web server according to determination by the determination unit.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: A method is provided in one example embodiment and it includes identifying a root term and determining one or more other terms belonging to a group associated with the root term. The method also includes selecting one or more of the terms from the group and generating a concept based on the selected terms from the group, wherein the concept is applied to a rule that affects data management for one or more documents that satisfy the rule. In more specific embodiments, the root term is identified via a search or via an incident list. In other embodiments, a collection of meaningful terms is provided to assist in determining the other terms for the group, the collection of meaningful terms being generated based on the root term. The concept can be used to automatically mark one or more documents that relate to the concept.

Abstract: A method and system process a document having attached thereto a set of digital rights specifications, the digital rights specifications specifying constraints on the processing of the document. A workflow controller selects candidate devices, for processing the document, from a plurality of devices and determines, for each candidate device, that the device meets the digital rights specifications requirements. A set of devices are assigned to process the document from the set of devices that meet the digital rights specifications constraints. The workflow controller detects a failed device included in the assigned set of devices to process the document and determines potential candidate devices to replace the failed device. For each potential candidate device, it is determined if the potential candidate device meets the digital rights specifications requirements. A device that meets the digital rights specifications constraints is assigned to replace the failed device.

Abstract: Provided are an IC chip and a method of verifying data thereof. The present invention verifies integrity of data by comparing an integrity verifying value generated from data using an integrity verifying value generating algorithm before a write operation for storing data in a storing unit is performed and an integrity verifying value generated from data stored in the storing unit using the integrity verifying value generating algorithm after the write operation is completed. According to the present invention, the present invention can confirm whether data stored in the IC chip is normally stored when manufacturing/issuing the IC chip and whether data stored in the IC chip is normally stored during the IC chip is used.

Abstract: A computing device detects a command to perform a print screen operation. On detecting the command to perform the print screen operation, the computing device identifies a file associated with a displayed application window. The computing device determines whether the file contains confidential information. Upon determining that the file contains confidential information, the computing device performs an action to enforce a data loss prevention policy.

Abstract: A computer-implemented method for clustering audio fingerprints from different set top boxes into groups based on their similarities is disclosed. The computer server receives audio fingerprints generated at different set top boxes and partitions them into multiple groups such that audio fingerprints within a group correspond to a respective TV program being played at the respective set top boxes. Upon receipt of an audio fingerprint from a set top box, the computer server identifies a group of audio fingerprints that are substantially similar to the audio fingerprint, determines TV program information for the audio fingerprint in accordance with the channel metadata associated with the identified group of audio fingerprints, and returns the TV program information to the requesting set top box.

Abstract: A method and a system for protecting data, a storage device, and a storage device controller are provided. In the present method, when a host accesses data in the storage device, whether the host performs a play operation or a copy operation on the data is first determined. If the host performs the play operation on the data, the storage device continues to execute the play operation so as to allow the host to access the data. On the other hand, if the host performs the copy operation on the data, the storage device executes an interference procedure so as to prevent or retard the data from being copied into the host.

Abstract: A virtual machine on a physical host computer provides controlled access to protected data by creating and storing a “stored system fingerprint” from stable system values (SSVs) as existing when creating the stored system fingerprint. The SSVs include virtual-machine-specific values that change upon cloning the virtual machine (VM) but do not change upon migration of the VM. Upon a request for access to the protected data, a current system fingerprint is calculated from the SSVs as existing when processing the request, the current system fingerprint is compared to the stored system fingerprint to determine whether there is a predetermined degree of matching, and the requested access to the protected data is permitted only if there is the predetermined degree of matching.

Abstract: One embodiment of the present invention provides a system for tracing information leaks. The system introduces linguistic and syntactic changes to a document, and associates these changes with a user identifier, which facilitates identification of a user that may have leaked the document. During operation, the system receives a document. The system then determines a most similar original document based on the received document. The system determines difference between the most similar original document and the received document, and determines a user identifier based on the determined difference.

Abstract: A method and apparatus for provisioning a subscription product is disclosed. The method comprises receiving a request for a subscription product; retrieving a profile and at least one subscription associated with the profile, wherein the at least one subscription comprises a plurality of subscription details; validating the plurality of subscription details; retrieving product data for the subscription product based on the validated subscription details; determining a dominant subscription product when there are at least two subscriptions associated with the profile; and sending the product data for the dominant subscription product, wherein the product data enables activation of a product license.

Abstract: Partial access to electronic documents and aggregation for secure document distribution is disclosed. The embodiments herein relate to providing access to electronic documents and, more particularly, to providing access to portions of electronic documents and aggregating such portions in secure document distribution environment. Existing document distribution mechanisms do not provide means to access partial documents based on the attributes such as roles of the agents within an organization, location of access, time of access, device ID and so on. The disclosed method allows agents to access partial contents of documents based on the attributes. Meta data tags are attached to the documents in order to control the access of the documents by the defined attributes.

Abstract: Systems and methods are provided to enable secure remote activation and/or unlocking of content or other media assets protected using one or more copy protection mechanisms or techniques. Existing trusted processor architectures used by electronic devices (e.g., HD-DVD or Blu-Ray optical disc readers) can be used to allow remote activation and/or unlocking of protected content. An authorization server is configured to identify the specific copy of the protected content or other media assets at the device from the request, and determine the correct correlation between the request and information that enables the device to initiate playback of the protected content. Accordingly, the authorization server maintains secret or private on the authorization server the information that can be used by other parties to obtain a correlation between the request and any response received from the authorization server that enable the device to initiate playback of the protected content.

Abstract: Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer.

Abstract: A computing system selects a portion of data of an unknown work and detects each event in the portion of data of the unknown work. An event is a perceptual occurrence in a work successively positioned in time. The system determines an event metric between each successive event in the portion of data in the unknown work and generates a list of event metrics between the events for the unknown work. The system compares the list of event metrics for the unknown work to a list of event metrics for a known work and determines the unknown work is a copy of the known work responsive to a match between the list of event metrics of the unknown work and the list of event metrics for the known work.

Abstract: Systems and methods are described for applying digital rights management techniques to manage zones in electronic content. In one embodiment, zones are defined in a piece of electronic content, and a license is associated with the electronic content that indicates how the zones are to be accessed or otherwise used. A digital rights management engine governs access to or other use of the zoned content in accordance with the license.

Abstract: A method and system for identifying a source of a copied work that in one embodiment includes obtaining at least some portions of a reference work, collecting at least some portions of the suspect work, matching the suspect work with the reference work, wherein the matching includes temporally aligning one or more frames of the reference work and the suspect work, spatially aligning frames of the reference work and the suspect work, and detecting forensic marks in the suspect work by spatiotemporal matching with the reference work.

Abstract: Methods and systems for reporting information about users who obtain copyrighted media illegally using a network are provided. A particular copyrighted media from a source of copyrighted media may be associated with a user's computer. Copyright fees have not been paid for the particular copyrighted media. Information about the user of the computer is reported.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.

Abstract: A method and apparatus for storing and retrieving program material for subsequent replay is disclosed. The method comprises the steps of receiving a data stream comprising the program material encrypted according to a first (CW) encryption key, decrypting the program material; re-encrypting the program material according to a second encryption key, and storing the re-encrypted material in a media storage device. The program material is played back by retrieving the re-encrypted material from the media storage device and decrypting the re-encrypted program material. In one embodiment, the media storage device also stores the second encryption key which has been further encrypted by a key that is unique to the device used to receive the program material.

Abstract: Techniques for detecting a cloned virtual machine instance. A method includes transmitting an identifier associated a virtual machine from an agent embedded in the virtual machine akin to a malware to a detection entity in a network, determining whether the identifier is a unique identifier or whether the identifier is a clone of an identifier associated with a separate virtual machine in the network, and initiating at least one remedial action with the agent embedded in the virtual machine if the identifier is determined to be a clone of an identifier associated with a separate virtual machine in the network.

Abstract: A computer-implemented method for validating ownership of deduplicated data may include (1) identifying a request from a remote client to store a data object in a data store that already includes an instance of the data object, (2) in response to the request, verifying that the remote client possesses the data object by (i) issuing a randomized challenge to the remote client, the randomized challenge including a random value which, when combined with at least a portion of the data object, produces an authentication token demonstrating possession of the data object and, in response to the randomized challenge, (ii) receiving the authentication token from the remote client; and, in response to receiving the authentication token from the remote client, (3) storing the data object in the data store on behalf of the remote client. Various other methods and systems are also disclosed.

Abstract: A method and system are provided for counterfeit prevention for optical media. In one example, a system is provided for verifying authenticity information on an optical medium. The system receives the optical medium including a fingerprint having at least one probabilistic feature. A probabilistic feature is a physical feature having both a substantial chance to be read as a first value and a substantial chance to be read as a second value. The system receives an o-DNA signature-at-issuance. The system calculates an o-DNA signature-at-verification by reading each probabilistic feature plural times. The system calculates a vector-of-differences between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences includes a maximum distance metric between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences indicates the optical medium is authentic if the maximum distance metric is less than a threshold.

Abstract: According to the type of each of a plurality of external input interfaces, it is decided whether digital watermark information is to be detected from data entered via the external input interface. Digital watermark information is not detected from data entered via the external input interface and from which it has been decided not to detect any digital watermark information, but the data is recorded. Thus, there can be provided a data recording apparatus which is not applied with a any heavy load owing to the omission of any unnecessary detection of digital watermark information.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.

Abstract: A hosted web service is provided to enable the legitimate sharing and reselling digital music among subscribers to the web service by leveraging the teachings of the first sale doctrine of copyright law. By maintaining a single copy of properly purchased song within the system that can be only accessed by one subscriber at a time, the web service preserves the rights of the copyright holder of the digital music while encouraging a community sharing.

Abstract: Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.

Abstract: A method of checking whether a content aggregator's content matches a content owner's content involves generating a fingerprint of the content and looking for a matching fingerprint from the content owner through a service provided by the content owner. In one aspect, the fingerprints are generated from an intermediate digest of the content instead of the original form.

Abstract: Whether a combination method defined in an output rule satisfies a combination condition of each content specified in a play list is judged in order of priority defined in a priority list. Based on the judgment result, the output rule is edited in such a manner that the combination condition of each content specified in the play list is satisfied. The resources of the combination target contents specified in the play list are combined in accordance with the combination method of the edited output rule.

Abstract: The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.

Abstract: A camera detector device for detecting the presence of an illegal camera inside a room. A camera takes multiple pictures of a room and identifies reflections in each still image. If a reflection with similar properties appears repeatedly overtime than the reflection is identified as an illegal camera positioned towards the camera detector device.