Abstract: A secure data storage system includes a mechanism that can be activated to inhibit access to stored data. In one embodiment, access to stored data can be prevented without having to erase or modify such data. An encryption key, or data used to generate the encryption key, is stored in an MRAM module integrated within the data storage system. The data storage system uses the encryption key to encrypt data received from a host system, and to decrypt the encrypted data when it is subsequently read by a host system. To render the stored data inaccessible, an operator (or an automated process) can expose the MRAM module to a magnetic field of sufficient strength to erase key data therefrom.

Abstract: Disclosed are various embodiments for inhibiting or preventing automated data extraction from network pages. A source for a network page having a document structure is obtained. An obfuscated network page is generated from the network page by altering the document structure to inhibit automated extraction of data. The obfuscated network page is configured to have a visual appearance that is the same as that of the network page when rendered by a client for display. The obfuscated network page is sent to the client in response to a request from the client for the network page.

Abstract: According to one aspect of the present disclosure, a method and technique for product license management for a clustered environment having a plurality of nodes is disclosed. The method includes unlocking a product on a first node of the plurality of clustered nodes; responsive to unlocking the product on the first node, indicating an unlocked status of the product on a shared storage device accessible to the plurality of clustered nodes; and transmitting a self-unlock message from the first node to remaining nodes of the cluster to enable the remaining nodes of the cluster to self-unlock the product on the respective remaining nodes based on the status indication of the shared storage device.

Abstract: A nonlinear feedback shift register for creating a signature for cryptographic applications includes a sequence of series-connected flip-flops which are connected to each other for forming at least one polynomial, with the aid of at least one signal feedback having at least one operator. The flip-flops are connected to at least one switching operator for forming at least two different polynomials, the switching operator switching between the polynomials as a function of an input signal. A method for nonlinear signature formation is also provided.

Abstract: A method of controlled access to content, comprising joining an access sharing network, obtaining a content item from the access sharing network which requires access control data to enable playback, obtaining the access control data, determining from the access control data that a particular other device is authorized to play back the content item, and enabling playback of the content item in accordance with the access control data upon a positive determination that said other device is a member of said access sharing network. Preferably the access control data is used also during a predetermined period of time after making a determination that said other device has ceased to be a member of the access sharing network. Also a device (101) configured to carry out the method.

Abstract: A non-transitory storage device stores instructions that, when executed by a hardware processor, causes the hardware processor to receive from an input device. The input identifies software licenses for software components to be included in an application. The instructions also cause the hardware processor to receive usage information identifying how the application is to be used and to determine whether an incompatibility exists between any of the software licenses for the software components and the usage information. Based on a determination of the existence of an incompatibility, the instructions cause the hardware processor to display a recommendation as to how to avoid the incompatibility.

Abstract: Embodiments provide systems and methods to optimize signature verification time for a cryptographic cache. Time is reduced by eliminating at least some of the duplicative application of cryptographic primitives. In some embodiments, systems and methods for signature verification comprise obtaining a signature which was previously generated using an asymmetrical cryptographic scheme, and determining whether an identical signature has previously been stored in a signature cache. If an identical signature has been previously stored in the signature cache, retrieving previously generated results corresponding to the previously stored identical signature, the results a consequence of application of cryptographic primitives of the asymmetrical cryptographic scheme corresponding to the identical signature. The results are forwarded to a signature verifier. In at least some embodiments, at least one of these functions occurs in a secure execution environment.

Abstract: A digital content protection apparatus and method for digital rights management (DRM) are provided in which a content file including a plurality of content parts is imported such that a header is included which stores location information required for decoding each of the content parts. Therefore, the number of content parts constituting the content file can be recognized, and a license that is required for the use of each of the content parts can be acquired by analyzing header information without necessitating the parsing of the transport packets of the content file. Accordingly, preparation time for using content can be reduced.

Abstract: A method for processing the copyright notice of a media file stored in digital format in an electronic device is provided. The copyright notice of the media file is checked during data transmission between two equivalent electronic devices, and if the copyright notice is not found, action is taken to insert the copyright notice.

Abstract: A method and system are disclosed for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content.

Abstract: An image processing apparatus includes a determination unit configured to determine whether secret information that should not be transmitted to a web server is contained in an HTML file provided by a web server. A web browser does not transmit the secret information determined by the determination unit to the web server. A job control unit executes a device function using the secret information that is not transmitted to the web server according to determination by the determination unit.

Abstract: A method and system process a document having attached thereto a set of digital rights specifications, the digital rights specifications specifying constraints on the processing of the document. A workflow controller selects candidate devices, for processing the document, from a plurality of devices and determines, for each candidate device, that the device meets the digital rights specifications requirements. A set of devices are assigned to process the document from the set of devices that meet the digital rights specifications constraints. The workflow controller detects a failed device included in the assigned set of devices to process the document and determines potential candidate devices to replace the failed device. For each potential candidate device, it is determined if the potential candidate device meets the digital rights specifications requirements. A device that meets the digital rights specifications constraints is assigned to replace the failed device.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: A method and an analysis system that help ensure that sensitive data, including in particular patient data, are not accessible to unauthorized persons is presented. The method and system help prevent sensitive data stored on portable devices from being transported along with a portable device to a location outside of a security perimeter. By determining if a portable device is outside of the security perimeter and then automatically erasing the sensitive data stored on the portable device if that is the case, the method and system help prevent disclosure of sensitive data to unauthorized persons.

Abstract: A method for adding a conditional access system to a digital audio/video transmission system that delivers content from a source to a security device associated with an audio/video processing device by providing at the broadcast source a datastream having system information data including an unused identifier reserved for security data associated with the additional conditional access system.

Abstract: Partial access to electronic documents and aggregation for secure document distribution is disclosed. The embodiments herein relate to providing access to electronic documents and, more particularly, to providing access to portions of electronic documents and aggregating such portions in secure document distribution environment. Existing document distribution mechanisms do not provide means to access partial documents based on the attributes such as roles of the agents within an organization, location of access, time of access, device ID and so on. The disclosed method allows agents to access partial contents of documents based on the attributes. Meta data tags are attached to the documents in order to control the access of the documents by the defined attributes.

Abstract: Systems and methods are provided to enable secure remote activation and/or unlocking of content or other media assets protected using one or more copy protection mechanisms or techniques. Existing trusted processor architectures used by electronic devices (e.g., HD-DVD or Blu-Ray optical disc readers) can be used to allow remote activation and/or unlocking of protected content. An authorization server is configured to identify the specific copy of the protected content or other media assets at the device from the request, and determine the correct correlation between the request and information that enables the device to initiate playback of the protected content. Accordingly, the authorization server maintains secret or private on the authorization server the information that can be used by other parties to obtain a correlation between the request and any response received from the authorization server that enable the device to initiate playback of the protected content.

Abstract: Systems, methods, and program products for managing digital production from one or more production devices with one or more sources providing inputs of production designs and/or production options are disclosed.

Abstract: Systems and methods are described for applying digital rights management techniques to manage zones in electronic content. In one embodiment, zones are defined in a piece of electronic content, and a license is associated with the electronic content that indicates how the zones are to be accessed or otherwise used. A digital rights management engine governs access to or other use of the zoned content in accordance with the license.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.

Abstract: Provided is an apparatus and method of securely moving security data. An apparatus for securely moving security stored in a first apparatus to a second apparatus, includes a status setting unit which set status information of the security data to a disabled state; a data providing unit which creates a copy of the security data and determines whether the created copy can be transmitted to the second apparatus; and a data deleting unit which deletes the security data when the copy is completely transmitted.

Abstract: A device, method, and computer-readable medium are disclosed. In one embodiment, the device includes an inbound port to receive information from an information retrieval peripheral. The device also includes an outbound port to send information to a local computing device. The device includes masking logic to cause the local computing device to recognize the portable security device as at least one of a plurality of endpoint devices. The device also includes data obfuscation logic that is capable of obfuscating simple data format data, received from the information retrieval peripheral, obfuscating that data into a non-simple data format, and sending the obfuscated data to the local computing device. The non-simple data format includes at least one frame of video.

Abstract: According to the type of each of a plurality of external input interfaces, it is decided whether digital watermark information is to be detected from data entered via the external input interface. Digital watermark information is not detected from data entered via the external input interface and from which it has been decided not to detect any digital watermark information, but the data is recorded. Thus, there can be provided a data recording apparatus which is not applied with a any heavy load owing to the omission of any unnecessary detection of digital watermark information.

Abstract: A method of checking whether a content aggregator's content matches a content owner's content involves generating a fingerprint of the content and looking for a matching fingerprint from the content owner through a service provided by the content owner. In one aspect, the fingerprints are generated from an intermediate digest of the content instead of the original form.

Abstract: Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.

Abstract: A method and system of binding content at first access is disclosed. A non-volatile storage device may provide a content access script and a content binding script in order to access protected content. An accessing application may attempt to access the protected content by executing a content access script. The accessing application must have permission to access and execute the content access script. If the accessing application cannot access or execute the content access script, the accessing application may access and execute the content binding script. The content binding script contains instructions that enable the accessing application to successfully execute the content access script. The content binding script, when executed, may disable itself from being executed again by moving critical information associated with the access to protected data. Thus, the content binding script may be executed once to enable an accessing application to successfully execute the content access script.

Abstract: Whether a combination method defined in an output rule satisfies a combination condition of each content specified in a play list is judged in order of priority defined in a priority list. Based on the judgment result, the output rule is edited in such a manner that the combination condition of each content specified in the play list is satisfied. The resources of the combination target contents specified in the play list are combined in accordance with the combination method of the edited output rule.

Abstract: A method for sharing and updating a key using a watermark is disclosed. The method includes receiving an image to be encoded from an image input device encoding the image, and inserting a master key value as a watermark into the encoded image, for use as an input of a key derivation function.

Abstract: The described embodiments comprise an electronic device that executes an application, the electronic device including a processing subsystem. In these embodiments, the processing subsystem is configured to acquire a receipt associated with the application, wherein the application was purchased by a purchasing entity and installed on the electronic device after being assigned to a user of the electronic device by the purchasing entity. The processing subsystem is further configured to determine, using the receipt, if the application has expired. When the application has not expired, The processing subsystem is configured to execute the application with predetermined functions of the application enabled. When the application has expired, The processing subsystem is configured to execute the application with the predetermined functions of the application disabled.

Abstract: Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) LAN, and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implement a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE.

Abstract: A method and an apparatus for moving a license between SRMs. A DRM agent obtains the license from a first SRM, and sets the license to a forwarding state locally; the DRM agent deducts one permission of moving the license; and the DRM agent sends the license to a second SRM.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.

Abstract: A method and system for protecting content presented in a web browser is provided. The method may include modifying a content item to obfuscate content, and then causing obfuscation to be dynamically removed when the content item is presented in the web browser.

Abstract: A method for information flow tracking is provided using, for example, a functional programming language based on lambda calculus, ?I. The method provides a unified information-tracking framework that supports multiple, interdependent dimensions of information. An expressive policy-specification system is separated from the underlying information-flow tracking mechanism. Arbitrary domain-specific policies are supported that can be developed and enforced independent of information flow tracking. Information-flow metadata is treated as a first-class entity, and information flow is correctly tracked on the metadata itself. Classes of information flow polices are defined using multiple dimensions that are application to both information flow data and to the information flows themselves. These classes of polices accurately model more realistic security policies, based on partial trust relations.

Abstract: An authentication system and method is presented for authenticating a first party to a second party, where an operation is performed on condition that the authentication succeeds. The authentication method verifies whether the first party is authenticated. If the first party is not authenticated, then it is determined if the first party qualifies for a sub-authorization. The sub-authorization depends on a value of a grace-counter associated with a number of times that first parties have been qualified for the sub-authorization. If the first party qualifies for the sub-authorization, the operation is performed and the grace counter is decremented. If the first party is authenticated, then the grace counter is set to a predetermined number.

Abstract: A touch screen device may include: a touch panel receiving a touch signal; a noise measurement unit measuring a noise value input to the touch panel; a determination unit determining whether or not the measured noise value exceeds a threshold; and a control unit controlling an operation mode to be maintained or switched according to a determination result of the determination unit.

Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller, executable sensors, and a virtual operating system. The wrap is verified, optionally through a connection to a verification server. After verifying the wrap, the wrap is opened and an executable controller is copied into the platform memory. The executable controller allows the platform processor to execute the virtual operating system, which gives the platform processor access to virtual operating system resources necessary to verify the platform and create a connection to a connection server.

Abstract: A method of managing a domain, a method of extending a domain, and a method of selecting a reference point controller are provided. The method of operating the domain includes: receiving a request for authenticating a reference point controller from a reference point controller candidate; invalidating a membership of the stored reference point controller; generating a unique reference point controller membership for verifying that the reference point controller candidate is a new reference point controller; and transmitting the generated reference point controller membership to the reference point controller candidate. Accordingly, even when an error occurs in the reference point controller, the function of the reference point controller can be rapidly replaced by using the reference point controller candidate.

Abstract: Various embodiments of the present invention generally relate to trademark searching and notification systems. More specifically, various embodiments of the present invention relate to systems and methods for informing requesters about trademarks similar to a provided input. Some embodiments of the present invention provide for a proactive system in which users are notified of similar trademarks before using specific term(s) and users proceed after understanding which trademarks actually exist and what areas those trademarks actually entail, and possibly being notified of newly applied trademarks and modified trademarks at later times that are similar to the specific term(s) being used.

Abstract: When a viewer views content, it is reproduced by a reproduction procedure depending on a dynamic condition set in the content. Here, a content object data input unit obtains an externally-input content object. The content object is stored in a content object data retention unit, if necessary. The content object includes a reproduction rule and a content data. A reproduction rule evaluation and execution unit obtains the reproduction rule in the content object and performs processing in accordance with the reproduction rule. The reproduction unit reproduces a reproducible data specified by the reproduction rule evaluation and execution unit. An identifier management unit retains an identifier of a content object reproduction device and provides the identifier upon request. It is thus possible to reproduce in accordance with the reproduction rule set in the content object data and to control the reproduction procedure depending on the dynamic condition.

Abstract: A system and method of publishing digital media content works is provided in which an individual content work is divided into multiple segments, and when a subscriber initiates a subscription to the content work, each individual content work segment is published via email to the subscriber on a fixed periodic basis until either the work is completely published or the subscriber terminates the subscription. The subscriber may interactively access the segments of the digital media content work via directly accessing the publication website or via an embedded link in the published segment. During interactive access, the subscriber may update subscription control data controlling segment publication so that the next segment published to the subscriber will be the next successive segment after the segment being accessed interactively. A table of unique book positions is maintained to control segment publication and thereby avoid excess accesses to underlying subscription data for a subscriber.

Abstract: A device and a portable storage device which are capable of transferring a rights object (RO) and a method of transferring an RO are provided. The method includes enabling a device to transmit an installation request message to a portable storage device for installing a copy of an original RO present in the device in the portable storage device, enabling the device to install the copy of the original RO in the portable storage device, and enabling the device to receive an installation response message indicating that the copy of the original RO has been successfully installed in the portable storage device from the portable storage device.

Abstract: Bit-stripping methods are described for protecting digital media content against illicit recording and sharing. In one such method, a client device receives the media content and performs bit stripping on the received media content, thereby creating two datasets: stripped data and recombination data. The client device then recombines the datasets to reconstitute the media content, and it plays back the media content. Preferably, the media content on the client device is not available to recording software, and either the stripped data or the recombination data is also unavailable to such software. The client device may store one of these datasets; when future playback is desired, the client device requests the other of the datasets from a server. The bit-stripping may be performed in a client-specific way to discourage sharing of datasets.

Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

Abstract: Various embodiments are disclosed relating to performing a trusted copy and paste operations between a source application and a target application. For example, a trust system may receive a paste request for pasting copied source content, and may compare a source trust level associated with the source content to a target trust level associated with a target application. In this way, for example, harmful or disruptive code may be prevented from being pasted into the target application.

Abstract: The invention provides a method of recovering from de-synchronization attacks includes registering original and altered digital content using nonlinear transformations to iteratively attempt to provide better-approximated registration. Approximation occurs at more than one level of granularity, by selecting among a greater number of possible transformation functions at each step. Transformations and comparisons might be conducted directly on pixel values, on coefficients for a set of basis wavelets, or on some transformation of the original and altered digital content. A human operator might assist this process, such as by suggesting transformations or providing evaluation of the degree of registration. Upon resynchronization, embedded identifying information in the original digital content is recovered.

Abstract: An owner of media data encrypts the media data using a session key. The session key is encrypted using a public key of a designated recipient of the media data. A key manager provides the encrypted session key to the recipient while the owner is sharing the media data with the recipient. The encrypted media data is published and accessed by the recipient over a public computer network. The encrypted session key and the encrypted media data are received in the recipient's computer, where the encrypted session key is decrypted into the session key using the recipient's private key and the encrypted media data is decrypted into the media data using the session key. When the owner is no longer sharing the media data with the recipient, the recipient is prevented from further receiving the encrypted session key from the key manager.

Abstract: Techniques are described for generating a license for software installed on a device. An entitlement certificate is generated including one or more entitlements describing license characteristics of the software. The one or more entitlements are determined in accordance with first information about the software. The first information includes at least one of a purchase token and package information. A binding certificate in accordance with a binding type for the software is generated. A license in accordance with said binding certificate and said entitlement certificate is generated. The binding certificate identifies an entity to which the license is bound.

Abstract: A copy prohibition method and system is disclosed, which can provide a preview page with copy prohibition means inserted thereinto, so as to prohibit a copy of information displayed on the preview page, the method comprising receiving a selection request for a preview page of a predetermined webpage from a user; inserting copy prohibition means into the preview page; and providing the preview page with the copy prohibition means inserted thereinto to the user. When providing the preview page to the user, the user is notified that the corresponding preview page has the copy prohibition function. Thus, the user becomes easily aware of that the copy is prohibited in the corresponding preview page.

Abstract: A system and method for providing load balanced secure media content and data delivery (10) in a distributed computing environment is disclosed. Media content is segmented and encrypted into a set of individual encrypted segments on a centralized control center (15). Each individual encrypted segment has the same fixed size. The complete set of individual encrypted segments is staged to a plurality of intermediate control nodes (17, 19). Individual encrypted segments are mirrored from the staged complete set to a plurality of intermediate servers (21a-b, 23a-b). Requests are received from clients (11) for the media content at the centralized control center. Each individual encrypted segment in the set is received from one of an intermediate control node and an intermediate server optimally sited from the requesting client. The individual encrypted segments are reassembled into the media content for media playback.