An information processing apparatus includes a data processing unit which executes processing for decoding and reproducing encrypted content. The data processing unit executes processing for determining whether the content can be reproduced by applying an encrypted content signature file. The encrypted content signature file stores information on issue date of the encrypted content signature file and an encrypted content signature issuer certificate with a public key of an encrypted content signature issuer. In determining whether the content can be reproduced, the data processing unit compares expiration date of the encrypted content signature issuer certificate with the information on issue date of the encrypted content signature file, and does not perform processing for decoding and reproducing the encrypted content when the expiration date is before the issue date, and performs the processing for decoding and reproducing the encrypted content only when the expiration date is not before the issue date.

A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.

A first electronic device comprises a transmitter, a secure processor, a secure memory, and one or more biometric sensors. The first electronic device is configured to communicate securely via the transmitter with a second electronic device that is separate from the first electronic device. The first electronic device receives first biometric information of a user via the one or more biometric sensors. In response to receiving the first biometric information, the first electronic device compares, via the secure processor, the first biometric information to second biometric information stored in the secure memory; and determines, based on the comparison, whether the user meets authentication criteria. In accordance with a determination that the user meets authentication criteria, the first electronic device generates a verification signal that, when received by the second electronic device, grants access to operate the second electronic device, and transmits the verification signal to the second electronic device. In accordance with a determination that the user does not meet the authentication criteria, the first electronic device forgoes generating the verification signal and transmitting the verification signal to the second electronic device.

A system for securely downloading and playing coherent digital content such as music and preventing its play by unauthorized users. The system may include mass server/storage devices for receiving and storing digital content having predetermined gaps; and client devices communicating with the server/storage devices, and providing authorization to proceed. During playing of the digital content by the client devices, the missing gaps may be filled into the appropriate places, to allow the play of the coherent digital content.

An information processing device includes: a data processing unit that executes a process of reproducing content recorded in a medium; and a memory storing a content revocation list in which an identifier (ID) of revoked content is recorded, wherein the data processing unit compares a minimum allowable version of a content revocation list recorded in a token which is management data corresponding to content recorded in the medium with a version of a content revocation list acquired from the memory, and when the version of the content revocation list acquired from the memory is an old version lower than the minimum allowable version of the content revocation list recorded in the token, the data processing unit halts determination on revocation of content based on the content revocation list acquired from the memory and reproduction of content.

Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.

According to one embodiment, a method for borrowing licenses. The method may include retrieving a license file associated with a software program from a data storage device, whereby the license file includes a plurality of borrowing information. The method may also include recording a plurality of usage information to the data storage device based on a plurality of user interactions with the software program. The method may further include updating the plurality of borrowing information within the retrieved license file using the recorded plurality of usage information. The method may also include revoking the retrieved license file based on the updated plurality of borrowing information expiring.

Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.

Examples include a system and computer-implemented method to receive a notification from an application programming interface (API) of creation of a just in time (JIT) grant, the JIT grant defining a request for a user to be authorized to access a cluster according to a JIT policy; determine if access to the cluster by the user is authorized according to the JIT policy; grant access to the user to the cluster when access is authorized according to the JIT policy; and send a notification to the API that access by the user to the cluster is granted.

The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.