A digital rights management system is provided that includes a receiving device for receiving an encryption key request from a client device, a first database for storing a set of supported security capabilities corresponding to client device, a second database for storing a set of required security capabilities corresponding to at least one of the encryption key and content associated with the encryption key, a content management system for establishing rules to determine the set of required security capabilities corresponding to content, and a processing device. The processing device may be configured to identify the set of supported security capabilities corresponding to the client device and identify the set of required security capabilities corresponding to the content associated with the encryption key. The content management system may be configured to configure the set of supported security capabilities and configure the set of required security capabilities.

Systems and methods for securing digital content using hidden folders are disclosed. In one embodiment, a method comprises displaying an application, the application including a user interface for displaying digital content items and receiving input events; monitoring keystrokes entered by a user of the client device while the application is displayed; generating a candidate passcode based on the keystrokes; determining that the candidate passcode is a valid passcode has been entered when the candidate passcode is equal to a known passcode; transmitting a request for one or more hidden items from a server device, the request including the valid passcode; receiving the one or more hidden items; and updating the user interface to display the one or more hidden items.

An internet end-user device includes a processor, a network interface controller; and a memory including instructions that, when executed by the one or more processors cause the end-user device to configure the end-user device to use a red network and perform dependency verification of the end-user device. A method includes configuring an end-user device to use a red network; and performing dependency verification of the end-user device. A non-transitory computer readable medium includes program instructions that when executed, cause an internet end-user device for use by end users to configure the end-user device to use a red network and perform dependency verification of the end-user device.

Systems and methods for performing security event mitigation with firmware are discussed. A firmware-based security event framework receives notifications of security events occurring in a firmware-controlled operating environment on a computing platform, logs information related to the event and optionally performs mitigation operations to address the security event.

The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

An integrated circuit (122) includes an on-chip boot ROM (132) holding boot code, a non-volatile security identification element (140) having non-volatile information determining a less secure type or more secure type, and a processor (130). The processor (130) is coupled to the on-chip boot ROM (132) and to the non-volatile security identification element (140) to selectively execute boot code depending on the non-volatile information of the non-volatile security identification element (140). Other technology such as processors, methods of operation, processes of manufacture, wireless communications apparatus, and wireless handsets are also disclosed.

A system and method of establishing a resource provider as a trusted listing are disclosed. The method includes receiving, by a directory server computer, an indication from a user that a resource provider is trusted. The directory server computer is programmed to provide a first level of authentication. The method then includes storing, in a database, data representing the indication from the user that the resource provider is trusted. The method then includes receiving an authentication request message from the user conducting an interaction at the resource provider computer and determining that the data representing the indication from the user that the resource provider is trusted is present. In response to determining, the method includes providing a second level of authentication to the user before the user is allowed to complete the interaction. The second level of authentication is lower than the first level.

A method for making a playlist available to the public, in which the playlist comprises user-defined descriptor information. The user-defined descriptor information is entered as free form text or prose.

A computer system that includes one or more processors configured to execute a secure sovereign manager that controls remote execution of commands on a sovereign cloud computing platform. The secure sovereign manager is configured to create an escorted session for an unqualified user for invoking commands on the sovereign cloud computing platform. The unqualified user does not have sovereign-trusted credentials that define qualifications required for accessing the sovereign cloud computing platform. The escorted session is asynchronously supervised by a qualified user that has sovereign-trusted credentials. The secure sovereign manager is configured to receive an indication of approval or denial of invocation of a received command. Based on at least receiving an indication of approval, the secure sovereign manager invokes the received command on the sovereign cloud computing platform.

Some embodiments of the invention provide systems and methods for securing configuration information for cloud-based services. Some embodiments include a system comprising a data store and data sets including plant process information and configuration information. A memory device stores computer-executable instructions executable by a processor coupled to the cloud service. When executed, the instructions receive configuration information, store it in a data file, apply a generated certificate to the file, and deploy the resulting protected configuration data file to the cloud-based service. In addition, the protected configuration data file is made available by obtaining the file from the cloud-based service.