An access control apparatus comprises a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file. An access control system comprises: an access control apparatus that has a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file; and a management apparatus that is provided outside the access control apparatus, and provides, to the access control apparatus, at least one of the predetermined access control information and a judgment result based on the predetermined access control information.

The present disclosure related to managing a data license in a machine-to-machine (M2M) system, and a method for operating a first device may include generating a first resource including data and a second resource including information for managing a license of the data, receiving a message for requesting an operation for the data from a second device, determining, based on the information in the second resource, whether the operation is permitted, and transmitting a second message for performing the operation to the second device or a third device.

A Controlled Environment Secure Media Streaming System manages the delivery of content to Secured Devices. Cloud Services provide content to Integration Hub. The Integration Hub interfaces with various cloud services providers and prepares content for consumption by a resident of a secured facility. Integration Hub utilizes Content Filter to inspect content received from cloud service providers for suitability for use in a secured environment. Once content is retrieved, filtered, formatted, and packaged by Integration Hub, the content is stored in Data Warehouse. Secured Devices request content from the Distribution Hub, the Distribution Hub retrieves the content from the Data Warehouse, and then Distribution Hub manages the transfer of content to the Secured Devices. In some embodiments, Distribution Hub utilizes Content Filter to determine whether or not a particular Secured Device can access particular content.

A document management system processes application programming interface (API) requests received from entities. The document management system processes the API requests to perform operations such as modifying a document, executing a document, or sending a set of documents to another entity. The document management system enforces API limits on API requests received from entities and processed by the document management system. The document management system allows an entity to request a modification to an API limit to a target API limit and determines whether to approve the requested modification. The document management system determines whether to approve the requested API limits based on a comparison with other entities that are similar to the entity based on past API requests received from the other entities.

A system is described that allows for the transfer of data from a protected source file into a destination file that has the same or higher level of security than the source file, such that the security of the data is not compromised. Also described is a digital rights management system, capable of comparing the security levels on the source and destination files, and accordingly, allows or disallows the copying of content from the source file to the destination file.

A system obtains a use condition for restricting use of an application in a first client device of a first user. The system obtains a use status of the application in the first client device. Responsive to the use status not satisfying the use condition, the system sends a notification to a second client device of a second user different from the first user, and/or restricts the use of the application in the first client device.

Systems and methods for providing cryptographic services. A cryptography service obtains a request to provision a computing device to perform cryptographic operations. The cryptography service generates executable code for a protected execution environment. The computing device obtains and executes the executable code. The computing device fulfills requests for cryptographic operations in the protected execution environment.

Digital asset association techniques with search query data are described. In one example, A first digital asset is displayed at a location within digital content in a user interface. The location is specified using placeholder data of the digital content. An input is received via selection of an option as part of the user interface to initiate a search. Search query data associated with the placeholder data is obtained in response to the input. A search is initiated for a second digital asset using the search query data. The second digital asset is displayed at the location within the digital content in the user interface as specified by the placeholder data.

A trusted time service is provided that can detect resets of a real-time clock and re-initialize the real-time clock with the correct time. The trusted time service provides a secure communication channel from an application requesting a timestamp to the real-time clock, so that malicious code (such as a compromised operating system) cannot intercept a timestamp as it is communicated from the real-time clock to the application. The trusted time service synchronizes wall-clock time with a trusted time server, as well as protects against replay attacks, where a valid data transmission (such as transmission of a valid timestamp) is maliciously or fraudulently repeated or delayed.

A user device may strengthen the protection level of a digital content by dividing the security and normal modes and performing an operation. In order to further strengthen the protection level of the digital content, the user device may determine whether the main operating system is hacked or not, and blocks the operation in the secure mode. Otherwise, the device authorization information indicating the device security level of the user device is authorized by the content service server, and the user device blocks the operation in the secure mode according to the result.