A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

A method and system is provided that simplifies the key management by allowing personalization data protected for one chip model to be used to provision device with another chip model with different global hardware root keys. The solution minimizes the changes needed to be performed on the device during provisioning and remains secure.

Systems and methods for managing data are disclosed. One method can comprise receiving a first request for a service, wherein the first request is associated with a first rights package. The first rights package can be processed to determine access to the service. An evaluation key can be generated, wherein the evaluation key represents the determination of access relating to the processing of the first rights package. A second request for a service can be received, wherein the second request is associated with a second rights package. The second rights package can be processed using the evaluation key.

A system and method for a centralized data asset marketplace including a single network or cloud platform environment for the sharing and distribution of data assets, a user interface layer providing a user access to the environment, data assets, an access control and audit component which stores user's requests and a single sign on component allowing the user to access the user interface layer, wherein the user interface layer includes a meta data management component, a service discovery component, a service request processing component, and a delivery service. The method of managing data assets includes registering of data assets, wherein the registering of the data assets includes registering meta data of the data assets; accessing and execution of data assets; searching for data assets, wherein the searching can be via a pre-configured search or custom created search queues; sharing of data assets, wherein the sharing of the data assets can be done for the corresponding meta data or of actual results of the data asset; checking out data assets, wherein checking out of the data assets includes adding the assets to a shopping cart; and authorization for selective execution of the data assets.

Systems, methods and media for managing digital rights in three-dimensional (3D) printing are provided. In one example, a registration of digital rights in a first 3D object is received from a first user and via a portal. The registration includes a certification device. The registration including the certification device is published in an online environment, and the first 3D object is made available for replication by second users via the portal. A request for access to the digital rights in the first 3D object is received from a second user for 3D printing of the first 3D object. Permission is granted under the digital rights in the first 3D object to the second user for printing the first 3D object. Instructions are electronically transmitted to a 3D printer to print the first 3D object, and the 3D printer prints the first 3D object based on the instructions.

The disclosure is directed to an access permission system that manages provisioning of access to an electronic resource through various types of access permissions. The access permission system provisions access by provisioning a license entitlement of a specified type. A provisioning optimization technique determines a combination of different types of license entitlements to be provisioned according to an optimization criterion associated with an attribute of a license entitlement. For example, the optimization criterion can based on a unit cost associated with a license entitlement, and the provisioning optimization technique can determine various types of license entitlements to be obtained (and therefore to be provisioned) in order to minimize a total cost of the license incurred in satisfying the consumption demand requests.

A method to provide negotiation control to data such that a person or entity can negotiate the use of data gathered beyond what is needed for a particular use by a third party transaction.

Disclosed in the present invention is a file permission control method. The method comprises: when a file is created, generate a unique identifier corresponding to the file, save the unique identifier into the file, encrypt the file, and save basic information of the file and author personal information into a DRM license server; when a user opens the file by means of a DRM client, acquire the basic information of the file and the corresponding author personal information from the DRM license server by means of the unique identifier, and send, by means of the author personal information, request information for acquiring permission information of the author, the request information comprising a user ID of the user in a user center server; the author queries for personal information of the user in the user center server according to the user ID, and if the personal information of the user is found, operates, by means of the DRM client, the ID and a permission granted to the user, and sends the ID and the permission to the DRM license server and the user; and after receiving the information indicating that the permission is granted, the user online acquires a permission template of the file from the DRM license server by means of the unique identifier, and opens the file according to an assigned permission.

There is provided a system for regulating access and managing distribution of content in a network, such as the Internet. The system includes communication gateways, installed at a subscriber site, internet control points, installed remotely, and various network elements installed throughout the network. The communication gateways and network elements operate in conjunction with the internet control points to restrict or allow access to specified Internet sites and to manage efficient distribution of content such as music, video, games, broadband data, real-time audio and voice applications, and software to subscribers.

Methods for securely purchasing, sharing and transferring music files using NFC technology. Method of sharing a music playlist using near field communication (NFC), including assigning a playlist Identifier (playlist ID) to a playlist of music files; receiving an NFC Identifier (NFC ID) from an NFC chip using an NFC enabled device; writing the playlist ID to the NFC chip using the NFC enabled device; storing the NFC ID and playlist ID to a server system; receiving the NFC ID and playlist ID from the NFC chip using a subsequent NFC enabled device; authenticating the received NFC ID and playlist ID on the subsequent NFC enabled device with the server system; and if authenticated, streaming the copy of the music files through the subsequent NFC enabled device without downloading the music files into long-term memory.