A method is disclosed. The method includes receiving, by a user device, an encrypted message from a server computer. The encrypted message is a message encrypted with a master secret key or a key derived from the master secret key. The user device signs the encrypted message with a secure element private key. The user device, using a whitebox, cryptographically recovers a secure element public key from a certified key using a server computer public key. The certified key is certified by the server computer and based on at least the secure element public key. The user device, using the whitebox, cryptographically recovers the encrypted message from the signed encrypted message using the secure element public key. The user device, using the whitebox, decrypts the encrypted message using the master secret key or the key derived from the master secret key in the whitebox to obtain the message.

A method is provided that determines whether to allow an application (app) for use or restrict the app on a set top box (STB). The method includes the steps of measuring at the STB, one or more resources used by the app; comparing at the STB, one or more thresholds set by an operator; and determining if the one or more resources used by the app exceed one or more thresholds set by the operator. Another method is provided that monitors applications (apps) that are installed a set top box (STB) for illegal or harmful activity by a policy manager. This method includes downloading and copying an app from an external source; installing or uninstalling the app into an application folder; providing a notification informing the policy manager of the installing or uninstalling of the app; and evaluating the app be installed or uninstalled.

The present disclosure relates to an information processing device, an information processing method, a program, and an information processing system each capable of achieving flexible use of a storage region of a secure element. When a trigger is acquired by an external trigger device from the outside, an applet is installed or deleted into and from the secure element according to the type of the acquired trigger. The information processing device and the like of the present disclosure are applicable to an electronic apparatus including a secure element.

The present technology pertains to responding to a kernel level file event for a content item and presenting a file event window associated with the content item. A client device can detect the kernel level file event for the content item. This can be accomplished using a kernel extension on a client device that is networked with a content management system. The client device can then retrieve data associated with the content item, including an instruction for the content item. The client device can then perform the instruction. This instruction can be to retrieve collaboration data from the content management system and present the collaboration data in a file event window.

A method for controlling execution of a software application a) determining the point in time of at least one installation of an operation system, installation of a computer program, updating of the operation system, updating of the computer program, b) generating platform information based on the installed/updated system/program and the determined point in time, c) generating a first fingerprint based on the platform information, which is characteristic for the execution platform at the determined time, d) generating a license including said first fingerprint, which defines terms of allowed execution of the software application, and e) controlling the execution by—determining platform information used for generating the first fingerprint and generating a second fingerprint based on said platform information—comparing the second fingerprint with the first fingerprint, and—allowing execution of the software application if the second fingerprint complies with the first fingerprint.

In an information processing apparatus, upon the calling of a web application being instructed, the information processing apparatus sets a URL corresponding to the web application in the web browser and makes a request to the web server, and when a request to perform a confirmation process for the license is received from the web server, the information processing apparatus generates signature information of the information processing apparatus, sends the signature information to the URL, and obtains authorization information from the web server. The web server confirms a license of the information processing apparatus in response to the request from the information processing apparatus, and responds to the information processing apparatus with web application content upon the license of the information processing apparatus being successfully confirmed.

Embodiments of systems and methods disclosed herein include renewable secure boot systems for renewing and booting a target device. Systems and methods include techniques by which a secure boot may be implemented in a renewable fashion on a reprogrammable device. More specifically, in certain embodiments, systems and methods are described where target devices securely receive an encrypted boot image and one or more authorization codes from a third party. The one or more authorization codes are derivatives of a target device hardware secret, allowing the authorization codes to be changed at will, thus increasing flexibility and security of the system.

An electronic device includes a memory configured to store a lab certificate, a code authentication certificate and the executable code. The electronic device also includes a processor associated with a unique device identifier. For a first operational condition of the plurality of operational conditions, the processor is configured to: retrieve the code authentication certificate associated with the executable code; determine that a valid lab certificate is present in the memory; authenticate the code authentication certificate by determining that the code authentication certificate is signed with a private developer key and that the signature is valid; and execute the executable code on the electronic device responsive to determining that the lab certificate is valid and authenticating the code authentication certificate.

A method and system for secure automated deployment of an emulated computer system. The method includes providing a download package for installation on a target machine. The download package includes a generic emulated computer system having no unique identity, no model identity, no features, and minimal processing components. The download package also includes a customer order file based on an order from a customer of the target machine. The customer order file includes a machine identity, at least one machine capability, and control data. The download package also includes at least one enabling key configured to enable the emulated computer system on the target machine. The enabling key is customized based on the order from the customer of the target machine, and includes identity information that restricts the use of the emulated computer system on any computer system other than the target machine. The method also includes delivering the download package to the target machine for installation of the emulated computer system on the target machine. The download package prevents the unauthorized cloning of the emulated computer system onto any hardware platforms other than the target machine, and prevents the unauthorized use of any hardware other than the hardware of the target machine.

A digital rights management (DRM) server receives data associated with a device security profile (DSP) from a content owner device. The DSP specifies requirements for client devices to access content items associated with a content owner. The requirements differ based on a resolution level of the accessed content items. The DRM server stores the DSP and an indication of the content owner. The DRM server receives, from a content server storing the content items associated with the content owner, a pull request for DSP updates. The DRM server transmits the DSP to the content server in response to the pull request. The DSP causes the content server to limit client devices that access the content items according to the DSP.