09th week of 2013 patent applcation highlights part 51 |
Patent application number | Title | Published |
20130055295 | SCALABLE, HIGHLY AVAILABLE, DYNAMICALLY RECONFIGURABLE CRYPTOGRAPHIC PROVIDER WITH QUALITY-OF-SERVICE CONTROL BUILT FROM COMMODITY BACKEND PROVIDERS - Exemplary embodiments include a method for remapping subsets of host-centric application programming interfaces to commodity service providers, the method including receiving a commodity service providers object, embedding the commodity service providers object with a handle, transforming the handle into a serialized object readable by a hardware security module, generating a virtualized handle from the transformed handle, selecting a target hardware security module based on characteristics of the serialized object and mapping the virtualized handle to the target hardware security module. | 2013-02-28 |
20130055296 | DYNAMICALLY BINDING DATA IN AN APPLICATION - A method for binding data in an application. An expression is created via a framework based on input from a developer. The expression is received at an expression engine wherein the expression describes a relation between a first property of a first data of the application to a first property of a second data of the application. A binding is created between the first data and the second data based on the relation via the expression engine. The first property of the second data is changed based on a change to the first property of the first data wherein the changing occurs because of the binding. The receiving the expression, the creating the binding, and the changing the first property are orchestrated via the framework to manage when the expression is executed in the application. | 2013-02-28 |
20130055297 | DATA STORAGE DEVICE - In one embodiment of a data storage device, the inside of its housing | 2013-02-28 |
20130055298 | INFORMATION RECORDING MEDIUM AND METHOD FOR PRODUCING SAME, AND INFORMATION RECORDING MATERIAL - An information recording medium excellent in long storage and capable of high-density recording, method of manufacturing the information recording medium, and information recording material are provided. Pulse laser light is focused onto a recording layer in which a thermosetting epoxy resin having a skeleton with high planarity and a curing agent are polymerized to form a recording mark. With a molecular weight between cross-linking points of a cured material of the recording layer being set to be equal to or smaller than 2000 and, more preferably, equal to or smaller than 500, a distance between recording marks (cavities) can be shortened. | 2013-02-28 |
20130055299 | System and Method of Processing Service Product Orders - A method includes sending, from a service delivery system, a service product package indicating a service product offering to a service product ordering subsystem and indicating a service control group. The method further includes receiving, from the service product ordering subsystem, an order for the service product offering and information identifying a subscriber account associated with the order. The method further includes providing delivery data including a video item to a media content distribution system. The media content distribution system is configured to send the video item to an end user device associated with the subscriber account in response to receiving the delivery data. | 2013-02-28 |
20130055300 | METHOD AND APPARATUS FOR SOCIAL NETWORK UPDATES BY ACTIVITY RECOGNITION - A method and apparatus for engaging consumers in the performance of predetermined action. The method comprises the steps of determining performance of a predetermined action, broadcasting confirmation of performance of the predetermined action, and providing incentive based upon the broadcasting. The predetermined action may include comprises consuming a consumable item. The broadcasting may be performed via a social networking site, and wherein the broadcasting further may include transmitting a video of the performance of the predetermined action. The incentive may comprise a monetary incentive to the performer of the action, to one or more peers of the performer of the action viewing the broadcast, or to one or more peers of the performer of the action upon performance of the predetermined action by the one or more peers. | 2013-02-28 |
20130055301 | DELIVERY CHANNEL SELECTION AND APPLICATION LAYER HANDOVER OF PROGRAMS FOR A MOBILE SERVICE - Methods and devices provide channel assignments of programs delivered in a mobile setting. The channel assignments include unicast channels, multicast channels, and broadcast channels. The channel assignments are based on one or more of the type of program, user viewership information, or user voting information. Additionally, methods and devices provide for handover between mobile service areas at the application layer. Programs are buffered based on a handover time. During the handover, the buffered portion of the program is played. | 2013-02-28 |
20130055302 | TRUSTED CONTENT ACCESS MANAGEMENT USING MULTIPLE SOCIAL GRAPHS ACROSS HETEROGENEOUS NETWORKS - A method, system, and computer readable storage device (that stores the method) extract connectivity information from multiple telecommunication services, provided by a single multiple service provider. The method, system, and device merge the separate connectivity information from each service in a unified graph of telephone service users and digital service users (including common users of both services). The method, system, and device assigne trust values based on the connectivity information and shared data content between users. The method, system, and device may also issue a proxy certificate of authority (CA), by a trusted CA residing within the digital service, to provide digital service to a user of the telephone service in the unified graph, when the trusted CA is a nearest trusted CA in the unified graph. | 2013-02-28 |
20130055303 | CONTROLLING CONTENT ACCESS AND RELATED ACTIONS ON A DLNA NETWORK - A method of controlling ability of a client device to access media content available from a server device on a network is provided. The method includes the steps of receiving with the server device a request from the client device via the network for media content and determining with the server device a type of the client device and a type of the media content. Thereafter, a step of applying a policy stored in software form in the server device for determining actions allowable for the client device with respect to the media content is performed. After the applying step, access of the media content is provided to the client device only to an extent defined and permitted by the policy. A server device for functioning as a Digital Media Server (DMS) on a Digital Living Network Alliance (DLNA) network is also disclosed. | 2013-02-28 |
20130055304 | User Interface - A method of providing access to a block of stored content includes transmitting a general EPG at a content receiver for display on a presentation device, the EPG including a plurality of channels having a plurality of programs available at a plurality of times, receiving input from a user to display a block guide, and transmitting the block guide wherein, the block guide is associated with the block of stored content for accessing the block of stored content, the block guide including a plurality of channels having a plurality of programs available for a selected airing time. | 2013-02-28 |
20130055305 | RECORDING ADDITIONAL CHANNELS OF A SHARED MULTI-CHANNEL TRANSMITTER - A method for recording multiple pieces of content with a single tuner. A content delivery network can include multiple channels organized into bands with several channels per band. These bands can be transmitted on an up-link such as to a satellite. The bands can be relayed to receivers at the end user locations. The end user receivers can tune to one, two, or some other fraction of the total number of transmitted bands. When a user selects a program to view and/or record, a tuner of the receiver tunes to the band that includes the channel that includes the program. The method prompts the user regarding the other channels that form the set of channels on that band, and solicits input for recording one or more concurrent programs of the band, which can all be recorded on the single receiving tuner. | 2013-02-28 |
20130055306 | VIDEO CLIPPING SYSTEM AND METHOD - In one embodiment, the present invention is a t-commerce platform, which is linked to the content from a video signal that the user is currently watching. At some point during the broadcast of the content, a close-up of the product is shown. Simultaneous with this, a VBI-based trigger is added to the video signal of the broadcast. This trigger causes the television, a set-top box, or a similar device to capture in a memory, a “freeze-frame” of the image being shown. This action is transparent to the user while the video being displayed on the television is continuing normally. If the user chooses to perform an interactive “buy” transaction the saved image data is used as part of the interactive screen display. | 2013-02-28 |
20130055307 | METHOD, APPARATUS AND SYSTEM FOR INTERCUTTING ADVERTISEMENT - A method of intercutting advertisement disclosed comprises: receiving a playing request message carrying user information and media information from a user terminal; determining whether advertisement needs to be intercut for the user based on the user information and the media information; when it is determined that advertisement needs to be intercut for the user, making a pause in playing a stream media corresponding to the playing request message, obtaining an advertisement stream corresponding to the user information and the media information, and delivering the advertisement stream to the user to play; when it is detected that play of the advertisement stream is finished, sending the playing request message to a stream media server, and forwarding to the user terminal the stream media obtained from the stream media server, corresponding to the playing request message. | 2013-02-28 |
20130055308 | Television Media Application Integration - Embodiments herein enable users to manage applications on Television media devices through a Television Media Application Integration (TMAI) platform using a secondary device capable of running applications. The TMAI platform enables controlling of application on Television media device through secondary devices. Further, the TMAI platform enables adaptive behavior of applications on secondary device based on the stage of the interaction of user with the application on Television media device. Furthermore, the TMAI platform enables delivery of advertisements published by advertisement published based on user preferences and publisher preferences. The advertisements may be delivered on Television media devices or secondary devices. | 2013-02-28 |
20130055309 | TARGETING ONLINE ADS BASED ON POLITICAL DEMOGRAPHICS - Systems and methods for facilitating and targeting of online ads to voters within a selected political demographic are presented. Audience targeting may be accomplished in several ways including: geo-targeting; contextual targeting; behavioral targeting; site placement; and targeted household television ads. This segment or neighborhood level targeting allows more granularity based upon, for example, hot topics and people interested in those topics based upon where populations of people live (i.e., the location of the household) and voter registration. In this manner, a candidate may delivery an ad in order to influence a select group of people in a particular location. In some embodiments, the ad is delivered by dropping and later reading a tracking cookie that associates the voter's browser with political demographic information. | 2013-02-28 |
20130055310 | Backwards Guide - A receiver determines to transmit an EPG that includes schedule information regarding content available from a provider, determines that content is stored and is not currently available from the provider, incorporates information regarding the stored content in the EPG, and includes indicators indicating that the stored content is stored rather than available from the provider. The stored content may be recorded as part of recording a plurality of content received via a broadcast that are all included in the same frequency band and encoded with the same code word. The EPG may be divided into portions that include information regarding available content and portions that include information regarding previously available content and may include indications of which are stored. The EPG may be configured in a calendar arrangement based at least on the information regarding the available and information regarding when stored content were previously available from the provider. | 2013-02-28 |
20130055311 | On Screen Display Content with Information on Stored Content Service Features - A method and system incorporate information on a stored content service feature with on screen display content utilizing a content receiver. The stored content service feature enables the content receiver to simultaneously record multiple of instances of content for a plurality of programming channels during a timeframe. The content receiver generates on screen display content as an overlay to live or previously recorded instances of content or as an electronic programming guide, and the information for the stored content service feature incorporated within the on screen display content may be selected. In response to the selection, the content receiver may transmit a previously recorded instance of content from the plurality of simultaneously recorded instances of content, information for instances of content that have been, will be and/or are available to be recorded in connection with the stored content service feature. | 2013-02-28 |
20130055312 | MULTIMEDIA PROGRAM RECORDING SCHEDULE MANAGER - A multimedia program recording schedule manager for DVR systems is described. In a first embodiment, for example, a method implemented by one or more server computing devices, the method comprising: receiving input selecting a particular DVR system; receiving input selecting a particular multimedia program for the particular DVR system to record on a repeat basis; adding the particular multimedia program to a server-side instance of a repeat recording schedule for the particular DVR system; and synchronizing the server-side instance of the repeat recording schedule with another instance of a repeat recording schedule for the particular DVR system resulting in the addition of the particular multimedia program to the other instance of the repeat recording schedule. In one embodiment, the other instance of the repeat recording schedule for the particular DVR system is a data component of the particular DVR system. | 2013-02-28 |
20130055313 | METHOD, COMPUTER PROGRAM, RECEPTION APPARATUS, AND INFORMATION PROVIDING APPARATUS FOR ACCESSING CONTENT FROM A PLURALITY OF CONTENT SOURCES - A method, computer program, reception apparatus, and information providing apparatus for providing one or more virtual channel tables corresponding to one or more content sources. The reception apparatus includes an input unit and a processor. The input unit receives a channel selection from a user. The processor determines a source of content associated with the channel selection based on at least one virtual channel table stored in a memory. Based on the determined source of content, the processor controls a first communication interface to receive first content or a second communication interface to receive second content. The processor controls the first communication interface to receive the first content when the selected channel is determined to be associated with a first source, and controls the second communication interface to receive the second content when the selected channel is determined to be associated with a second source. | 2013-02-28 |
20130055314 | Recording Additional Channels of a Shared Multi-Channel Transmitter - A method for recording multiple pieces of content with a single tuner. A content delivery network can include multiple channels organized into bands with several channels per band. These bands can be transmitted on an up-link such as to a satellite. The bands can be relayed to receivers at the end user locations. The end user receivers can tune to one, two, or some other fraction of the total number of transmitted bands. When a user selects a program to view and/or record, a tuner of the receiver tunes to the band that includes the channel that includes the program. The method prompts the user regarding the other channels that form the set of channels on that band, and solicits input for recording one or more concurrent programs of the band, which can all be recorded on the single receiving tuner. | 2013-02-28 |
20130055315 | Method and Apparatus for Browsing Using Alternative Linkbases - Systems and methods for navigating hypermedia using multiple coordinated input/output device sets. Disclosed systems and methods allow a user and/or an author to control what resources are presented on which device sets (whether they are integrated or not), and provide for coordinating browsing activities to enable such a user interface to be employed across multiple independent systems. Disclosed systems and methods also support new and enriched aspects and applications of hypermedia browsing and related business activities. | 2013-02-28 |
20130055316 | METHOD AND APPARATUS FOR PROVIDING WIRELESS DIGITAL TELEVISION SERVICE - A system that incorporates teachings of the present disclosure may include, for example, a method for receiving one or more wireless digital television signals, wherein each of the one or more wireless digital television signals comprise a plurality of data segments for presenting media content, buffering the plurality of data segments of each of the one or more wireless digital television signals to generate one or more buffered data segments to cause a presentation delay of the media content, and detecting a missing data segment in the one or more buffered data segments. The method can further include transmitting a first request to a cellular communication system to provide the missing data segment, and receiving from the cellular communication system the missing data segment prior to an expiration of the presentation delay to continue a presentation of the media content without interruption. Other embodiments are disclosed. | 2013-02-28 |
20130055317 | Apparatus For Receiving And Displaying Cellular Television Content And Method For Billing For Same - An apparatus and method are provided for receiving and displaying cellular television content. In one embodiment, the apparatus includes a wireless communication device for establishing a connection to a wireless telecommunications network and for receiving video content over the connection. The apparatus includes a processor for receiving the cellular television content and the television signal. The processor generates a signal for display on a video display screen from the television signal and the video content. A video display screen is also provided in the apparatus for displaying the signal. The apparatus may also include a remote control interface and a remote control device that includes a keypad for establishing a wireless telephone call through the apparatus over the wireless telecommunications network. The apparatus may alternatively include an interface for receiving and communicating with a wireless telephone capable of establishing a connection to a wireless telecommunications network and receiving cellular television. | 2013-02-28 |
20130055318 | Method and device for transmitting multimedia broadcast multicast service control information - The present invention discloses a method and a device for transmitting multimedia broadcast multicast service control information. The method comprises: a base station stopping transmission of an MBMS service in a cell, and transmitting control plane information of the MBMS service, wherein, in the control plane information, contents of an SIB2, MCCH information and DSI remain unmodified, and contents of an SIB13 are modified or remain unmodified. The device comprises: a service stopping unit, configured to stop transmission of an MBMS service in a cell; a transmitting unit, configured to transmit control plane information of the MBMS service in the cell in which the MBMS service is stopped, wherein in the transmitted control plane information, contents of an SIB2, MCCH information and DSI remain unmodified, and contents of an SIB 13 are modified or remain unmodified. The present invention improves reliability of receiving an MBMS service by a UE. | 2013-02-28 |
20130055319 | APPARATUS AND METHOD FOR SHARING TELEVISION BROADCASTING - An apparatus and method for sharing television broadcasting are provided. The method includes, in a first portable terminal, connecting to a wireless network, and sending a TV broadcasting request to a TV module, for the first portable terminal to be granted a master function of switching a TV channel, receiving a password input request from the TV module, and transmitting a password to the TV module, in the first portable terminal, receiving the TV broadcasting from the TV module through the wireless network, and, in at least one or more additional portable terminals, receiving the TV broadcasting from the TV module through the wireless network, and sharing the TV broadcasting with the first portable terminal. | 2013-02-28 |
20130055320 | AIR-TO-GROUND COMMUNICATIONS SYSTEM AND METHOD - A video signal processing system and method is disclosed. The video signal processing system includes at least two receiving modules configured for independently receiving signals for the same video program. Each receiving module is further configured for processing the signals received and providing a corresponding video stream. The video signal processing system further includes a synchronization module and a data processing module. The synchronization module is configured for determining a latency difference between the at least two video streams, and the data processing module is configured for comparing and combining the at least two video streams to provide a merged video stream, which may have a reduced number of damaged or missing frames. | 2013-02-28 |
20130055321 | Inflight Entertainment System with Selectively Preloaded Seat End Video Caches - An inflight entertainment (IFE) system preloads from head end equipment onto seat end video caches subsets of prerecorded video entertainment programs from a library of prerecorded video entertainment programs stored on the head end equipment. Preloading is done independent of play requests made by passengers using the IFE system. The selected subsets are selected using selection metrics such as program popularity, passenger demographics and/or passenger preferences. The same or a different subset may be selected for different passengers. As a result of the selective preloading of the seat end video caches, if the head end equipment or the distribution system becomes inoperable during the flight, the IFE system is able to continue to deliver a limited offering of popular, demographically indicated and/or passenger preferred video entertainment from the seat end video caches, without requiring a large multiplier in storage capacity or loading time. | 2013-02-28 |
20130055322 | PERSONAL VIDEO NETWORK - The invention is a personal wireless network that generally comprises at least a lightweight wireless client to send and receive audio and video from another system component. The personal wireless network also provides a wireless-enabled routing component, which stands alone to route traffic within the personal wireless network. Also provided is a transmitter component that connects to a computing device, such as a server and sends and receives data Furthermore, a software algorithm provides a method for supporting a personal wireless network. | 2013-02-28 |
20130055323 | METHOD AND SYSTEM FOR CONNECTING A COMPANION DEVICE TO A PRIMARY VIEWING DEVICE - A method for enabling communication between a companion device and a primary viewing device includes determining presence of the primary viewing device; and determining presence of the second viewing device. The method further comprises determining that the second viewing device is a companion to the primary viewing device and causes establishment of a viewing group that includes the primary viewing device and the second viewing device. A notification message is provided to the primary viewing device with information enabling the primary viewing device to determine that there is a companion device for it. Additionally, a notification message is provided to the second viewing device with information enabling the second device to determine it is a companion device for the primary viewing device. | 2013-02-28 |
20130055324 | METHOD OF CONTROLLING MEDIA DEVICES OF A HOSPITALITY ESTABLISHMENT TO ASSOCIATE CREDIT WITH GUEST ROOM FOR USE TOWARD PAY-PER-USE MEDIA FUNCTION, AND SYSTEM AND CONTROLLER THEREOF - A hospitality establishment includes guest rooms having media devices installed therein. Each guest room has one or more in-room media devices for providing a pay-per-use media function. A media system controller dynamically associates a credit corresponding to a monetary value with a particular guest room in response to an occurrence of a first event, configures an in-room media device of the particular guest room to indicate the credit associated with the particular guest room and allow a guest of the particular guest room to utilize at least an amount of the credit toward an order of the pay-per-use media function, activates the pay-per-use media function on at least one of the in-room media devices of the particular guest room in response to a received order, and decreases the credit associated with the particular guest room according to the amount of the credit utilized toward the received order. | 2013-02-28 |
20130055325 | ONLINE ADVERTISING RELATING TO FEATURE FILM AND TELEVISION DELIVERY OVER THE INTERNET - A system for providing information to a viewer of a visual content presentation creates a scene database that includes details about many potential scenes planned for a visual content presentation. At least one scene in the scene database is shot then, after shooting scenes and prior to the editing process, the database is updated to reflect actual details used during shooting. The visual content presentation is then edited. After editing the visual content presentation, the database is updated to identify scenes that were actually used in the visual content presentation, and the order in which those scenes appear is specified. A request for details is received from the viewer about at least one aspect of a scene actually used in the visual content presentation, and details are transmitted to the viewer about a requested aspect of the scene actually used in the visual content presentation. | 2013-02-28 |
20130055326 | TECHNIQUES FOR DYNAMIC SWITCHING BETWEEN CODED BITSTREAMS - Techniques for dynamic switching in coded bitstreams are described. An apparatus may comprise a switching component operative to determine a timepoint to switch from broadcasting a first video stream to broadcasting a second video stream, the first video stream a first encoding of a video source at a first quality level and the second video stream a second encoding of the video source at a second quality level. Other embodiments are described and claimed. | 2013-02-28 |
20130055327 | MAPPING WEB CONTENT TO UNUSED BROADCAST CHANNEL - Provided is a method of mapping web content to an unused broadcast channel. The method detects an unused broadcast channel, maps web content to the unused broadcast channel and displays web content through the unused broadcast channel. | 2013-02-28 |
20130055328 | DISPLAY APPARATUS AND VIDEO DISPLAY METHOD - A display apparatus is provided. The display apparatus includes a first receiver, a display unit, a controller and a processor. The first receiver receives a network packet stream. The controller selectively sends one of a video signal generated by processing the network packet stream and an external video signal to the display unit for displaying the received video signal, according to a control signal. The processor determines whether the network packet stream comprises a display command. The processor sends the control signal to the controller for receiving and sending the video signal of the network packet stream to the display unit, when the network packet stream includes the display command. | 2013-02-28 |
20130055329 | Close-Captioning Uniform Resource Locator Capture System and Method - A particular method includes extracting uniform resource locator data from closed-captioning content using a set-top box. The closed-captioning content is included in a broadcast signal received by the set-top box. The method includes generating a web page using the set-top box. The web page includes a portion of the uniform resource data as one or more selectable links. A check box is associated with each of the one or more selectable links The web page includes a first selectable option to enable each selectable link associated with a checked check box to be added to a uniform resource locator address book. The method also includes sending the web page from the set-top box via a local area network to a device coupled to the set-top box by the local area network in response to a request from the device for the web page. | 2013-02-28 |
20130055330 | Presentation of Still Image Data on Display Devices Using a Wireless Home Entertainment Hub - A method of presenting still image data on multiple display devices using a wireless home entertainment hub comprises obtaining a registration of a plurality of devices with the wireless home entertainment hub, where the plurality of devices includes at least two display devices. An assignment of a zone for each display device of the at least two display devices is received. Still image data is caused to be displayed on a subset of the at least two display devices. | 2013-02-28 |
20130055331 | SYSTEM AND METHOD FOR VARIABLE VIDEO DEGRADATION COUNTER-MEASURES - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for variable video degradation counter-measures. A system configured according to this disclosure transmits a video communication over a network, detects the video quality degradation of the video communication, selects an appropriate counter-measure based at least in part on the particular type of degradation encountered, and implements the appropriate counter-measure. If multiple transmission paths are available in the system, either completely or partially disjoint, the paths can be evaluated based on ability to deliver video traffic. Throughout the transmission the system continues measuring and monitoring the video quality in real-time. The system can also accurately respond to the type and degree of the degradation by matching the type and degree of degradation to a table containing corresponding counter-measures. | 2013-02-28 |
20130055332 | BROADCAST RECEIVER APPARATUS AND BROADCAST RECEPTION METHOD - This invention provides a broadcast receiver apparatus capable of reducing power consumption that is not intended by the user. The broadcast receiver apparatus ( | 2013-02-28 |
20130055333 | Storing and Reading Multiplexed Content - A method for displaying content stored in a block of multiplexed content, the multiplexed content including a plurality of instances of content where each instance of content includes an associated content identifier, the method including receiving, at a content receiver, content identifying information for the content and instructions for displaying the content, determining a selected content identifier based on the content identifying information, selecting the block from one or more blocks based on the selected content identifier, scanning the block for a content identifier and encountering the content identifier, comparing the encountered content identifier to the selected content identifier, and processing an instance of content associated with the encountered content identifier where the encountered content identifier corresponds to the selected content identifier. A system for displaying and a system for storing multiplexed content are also described. | 2013-02-28 |
20130055334 | VIDEO PROCESSOR, TELEVISION DISPLAY DEVICE, AND VIDEO PROCESSING METHOD - According to one embodiment, a video processor includes: a list output module; a selection receiver; and a data controller. The list output module is configured to output screen information in which a plurality of pieces of list information are arranged. Each of the pieces of list information includes pieces of identification information each identifying a scene contained in video data and arranged in an order in which scenes are played. The selection receiver is configured to receive a selection of one of the pieces of identification information comprised in one of the pieces of list information. The data controller is configured to control playing the video data from a scene identified by the one of identification information received by the selection receiver. | 2013-02-28 |
20130055335 | SECURITY ENHANCEMENT METHODS AND SYSTEMS - In accordance with at least some embodiments of the present disclosure, a security enhancement method is provided for operating a computer system having a trusted environment and an untrusted environment. The method may include acquiring an identification data associated with an application installed in the untrusted environment, authenticating the identification data according to a predetermined rule in the trusted environment to acquire a corresponding authentication result, and executing the application in the untrusted environment or uninstalling the application from the computer system according to the authentication result. | 2013-02-28 |
20130055336 | SECURITY POLICY ENFORCEMENT FOR MOBILE DEVICES CONNECTING TO A VIRTUAL PRIVATE NETWORK GATEWAY - A method, apparatus and computer program product for providing secure policy enforcement for mobile devices is presented. A mobile device is connected to a computer system, the computer system having an active Virtual Private Network (VPN) tunnel with a VPN gateway. The computer system runs a security policy check on the mobile device. A determination is made whether the mobile device passed the security policy check and when the mobile device does pass the security policy check, a certificate is issued to the mobile device. The mobile device then uses the certificate to connect to a VPN. | 2013-02-28 |
20130055337 | Risk-based model for security policy management - A security policy management solution (such as a Data Loss Prevention (DLP) system) is augmented to enable a user to model and visualize how changes in a security policy may impact (positively or negatively) the effectiveness of a policy configuration as well as the risk associated with its deployment. This technique enables a user (e.g., a security policy administrator) to evolve enterprise information technology (IT) security policies and, in particular, to generate and display “what-if” scenarios by which the user can determine trade-offs between, on the one hand, the effectiveness of a proposed change to a policy, and on the other hand, the risk associated with the proposed change. | 2013-02-28 |
20130055338 | Detecting Addition of a File to a Computer System and Initiating Remote Analysis of the File for Malware - In certain embodiments, a computer system includes a memory unit and a processing unit. The processing unit executes a monitoring module stored on the computer system. The monitoring module monitors the computer system for addition of a file to the computer system and detects an addition of a file to the computer system. The monitoring module accesses policies to determine whether to communicate information associated with the detected addition of the file over a communication network to a remote malware analysis system to initiate a possible malware analysis of the file by the remote malware analysis system. The monitoring module initiates, in response to determining to communicate information associated with the detected addition of the file, communication over the communication network of information associated with the detected addition of the file to the remote malware analysis system, the remote malware analysis system operable to analyze the file for malware. | 2013-02-28 |
20130055339 | SECURITY EVENT MANAGEMENT APPARATUS, SYSTEMS, AND METHODS - Apparatus, systems, and methods may operate to include transforming subsequent unmarked contexts into additional tainted contexts in response to identifying a tainted event as a link between a prior tainted context and the subsequent unmarked contexts. Further operations may include publishing an event horizon to a display. The event horizon may include the tainted event and all other events associated with a linked chain of contexts that include the prior tainted context and the additional tainted contexts, where the tainted event and the other events share the taint in common. In this way, a taint associated with malicious behavior can be propagated and tracked as it moves between contexts. Additional apparatus, systems, and methods are disclosed. | 2013-02-28 |
20130055340 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - According to an aspect of the embodiment, an information processing unit includes a browser unit that receives page files and execute a web application; an application range management unit that receives application range information at the start of execution of the web application, and stores that information in a memory unit; a termination detecting unit that, when the page file being processed by the browser unit changes, determines whether or not the web application being executed has terminated depending on whether or not the new page file is included in the application range information; a usability determining unit that determines whether or not an add-on for which a call request is issued is allowed to be used in the web application being executed; and an add-on calling unit that calls an add-on when determined that the add-on is allowed to be used in the web application being executed. | 2013-02-28 |
20130055341 | RESTRICTION OF PROGRAM PROCESS CAPABILITIES - This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system. | 2013-02-28 |
20130055342 | Risk-based model for security policy management - A security policy management solution (such as a Data Loss Prevention (DLP) system) is augmented to enable a user to model and visualize how changes in a security policy may impact (positively or negatively) the effectiveness of a policy configuration as well as the risk associated with its deployment. This technique enables a user (e.g., a security policy administrator) to evolve enterprise information technology (IT) security policies and, in particular, to generate and display “what-if” scenarios by which the user can determine trade-offs between, on the one hand, the effectiveness of a proposed change to a policy, and on the other hand, the risk associated with the proposed change. | 2013-02-28 |
20130055343 | Methods, Devices, Systems, and Computer Program Products for Edge Driven Communications Network Security Monitoring - An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed. | 2013-02-28 |
20130055344 | SYSTEM AND METHOD FOR EVALUATING A REVERSE QUERY - Disclosed are real-time techniques for determining all access requests to an attribute-based access control policy which evaluate to a given decision, “permit” or “deny”. The policy is enforced to control access to one or more resources in a computer network. In one embodiment, a method comprises: (i) receiving a reverse query and a set of admissible access requests, each of which comprises one or more attributes in the policy and values of these; (ii) extracting attributes to which all access requests in the set assign identical values; (iii) reducing the ABAC policy by substituting values for the extracted attributes; (iv) caching the policy as a simplified policy; (v) translating the simplified policy and the given decision into a satisfiable logic proposition; (vi) deriving all solutions satisfying the proposition; and (vi) extracting, based on the solutions, all access requests from the set for which the policy yields the given decision. | 2013-02-28 |
20130055345 | Mobile Application Access Control - Systems and methods of controlling access to one or more mobile applications are provided. In some examples, a plurality of business groups may be identified. One or more mobile applications may be associated with each business group. An individual determined to be associated with the business group may then receive, on a mobile device, access to the one or more mobile applications associated with the business group with which he/she is associated. In some examples, the one or more mobile applications may include native applications, web or Internet based applications and/or third party applications provided in a portal. In some examples, the portal may “take over” or mimic the desktop of the mobile device. The systems, methods, and the like may also prevent access to one or more applications not associated with the business group of the individual. | 2013-02-28 |
20130055346 | Event Driven Multi-Factor Authentications For Internet Transactions - An event-driven multi-factor authentication system for internet transactions is implemented in a communication system including a user platform operably connected to an application platform. In embodiments described herein, the application platform receives and evaluates event data associated with one or more online transactions of the user to identify occurrences of any triggering events; and upon occurrences of triggering events, identifies and issues one or more predefined authentication challenges corresponding to the triggering events. The triggering events may comprise, without limitation, amount-based events, time-based events or geography-based events. In such manner, for example, multi-factor authentications may be triggered for transactions having specified monetary amounts, amounts within a specified time period, or initiated from certain geographic locations. The authentication challenges may characterize different numbers of authentication challenges (including, without limitation, a combination of single- and multi-factor authentication) for different events. | 2013-02-28 |
20130055347 | HARDWARE INTERFACE ACCESS CONTROL FOR MOBILE APPLICATIONS - Methods, articles of manufacture, and apparatus for hardware interface access control for mobile applications are disclosed. A disclosed example method includes restricting an application from accessing a set of hardware interfaces of a mobile device, and providing a virtual interface to the application via which the application is to access a first hardware interface in the set of hardware interfaces, the virtual interface provided by a program in a kernel layer of an operating system of the mobile device to control at least one of access or a method of access to the first hardware interface in the set of hardware interfaces, the first hardware interface that is accessible via the virtual interface being unknown to the application. | 2013-02-28 |
20130055348 | PROGRESSIVE AUTHENTICATION - Progressive authentication is generally employed to establish the authenticity of a user, such as a user of a computing device, or a user that wants to access a proprietary data item, software application or on-line service. This can entail inputting authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and a confidence level that estimates a reliability of the factor. Sensor readings captured by one or more sensors are also input. Each sensor senses a user attribute and are used to quantify each authentication factor confidence level. An overall confidence level is established based at least in part on a combination of the individual confidence levels. A user is then designated as being authentic whenever the established overall confidence level exceeds a prescribed authentication level. This process can be continuous with the overall confidence level being continually updated. | 2013-02-28 |
20130055349 | METHOD AND APPARATUS FOR RELEASING TCP CONNECTIONS IN DEFENSE AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS - Disclosed are an apparatus and method for releasing a TCP connection against a denial-of-service attack. The TCP connection releasing method, which is a method for releasing a connection of a communication session between a server and a remote host, includes obtaining information included in a last ACK packet transmitted from the server to the remote host from a session table in which information on the communication session is recorded, generating an RST packet for requesting release of the communication session connection using the information on the obtained last ACK packet, and transmitting the generated RST packet to the server. | 2013-02-28 |
20130055350 | Creating Incentives By Controlling Device Functions - Disclosed are various embodiments for systems, methods, and apparatus for controlling functions in a client device to thereby create incentives for the user of the client device. In one embodiment, a function of the device is controlled and a prompt is displayed on a user interface. A user then provides an answer to the prompt. If the answer is correct, for example, normal function of the device is returned. | 2013-02-28 |
20130055351 | Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, and encapsulating the received uplink interaction information in the secure digital card interface format. | 2013-02-28 |
20130055352 | Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format. | 2013-02-28 |
20130055353 | Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format. | 2013-02-28 |
20130055354 | BUSINESS REVIEW RELEVANCE USING GEO-BASED HISTORY - Architecture that manages a location guestbook by enabling a user to add a review based on actually having visited the location. The location of the user can be validated as part of ensuring that the user visited the location. If a user did not actually visit the location the user is not allowed to add a review in the guestbook. The architecture can also identify that a user has left the location (checked out), and hence, suggest to the user to add a review for the location. If a user has visited the location multiple times, the user review is given a higher weighting, and hence, can be considered more reliable. | 2013-02-28 |
20130055355 | METHODS, SYSTEMS, AND COMPUTER-READABLE MEDIA FOR EXCEPTION HANDLING OF INTERACTIVE COMMUNICATIONS PRIVILEGES GOVERNING INTERACTIVE COMMUNICATIONS WITH ENTITIES OUTSIDE A DOMAIN - Methods, systems, and computer-readable media for exception handling of interactive communications privileges governing interactive communications with entities outside a domain are disclosed. The interactive communications privileges may have been learned through domain administrator configuration or may have been self-learned without domain administrator input. The interactive communications privileges can be used to process interactive communications requests between entities inside a domain and entities outside the domain. Exceptions to the interactive communications privileges can be requested by user entities inside the domain for interactive communications with entities outside the domain. In this manner, if the interactive communications privileges are not sufficient according to user entities inside the domain, the user entities inside the domain can request exceptions for other interactive communications privileges with entities outside the domain. Approved exception requests can also be configured as part of the interactive communications privileges for interactive communications with entities outside the domain. | 2013-02-28 |
20130055356 | METHOD AND SYSTEM FOR AUTHORIZING AN ACTION AT A SITE - A method for authorizing a single action by a plurality of users at a site may include registering each of the users and at least one mobile communication device associated with that user with an authorization module, identifying the mobile communication device by a unique hardware identification number. The method may also include associating each of the users and the mobile communication device associated with that user with the site by the authorization module. The method may further include requesting each of the users to confirm the action by sending a confirmation request from the site to the mobile communication device associated with that user by the authorization module. The method may also include authorizing the action upon receiving confirmation from the mobile communication devices of all users that are required to authorize that action. | 2013-02-28 |
20130055357 | PERSONAL CONTROL OF PERSONAL INFORMATION - A personal information server provides personal information about an individual to a third-party only when authorized by the individual through use of a previously authenticated computing device. The personal information server authenticates both the computing device used by the third-party to access the personal data and the device used by the individual to grant or deny such access using highly secure digital fingerprints of each. The individual can allow the third-party multiple instances of access to the personal information within restrictions specified by the individual. Other advantages also arise from large-scale tracking of which devices access and control personal information of many people—particularly with respect to identifying and preventing fraud and identity theft. | 2013-02-28 |
20130055358 | SYSTEMS AND METHODS FOR PROVIDING CONTENT AND SERVICES ON A NETWORK SYSTEM - Systems and methods for managing and providing content and services on a network system. Aspects of the invention include location-based determination of network content and services that may be provided to client computers. Other aspects of the invention include authorization and authentication components that determine access rights of client computers. Additional aspects include systems and methods for redirecting client computers to different network content. The disclosed systems and methods may be used in numerous network system applications. | 2013-02-28 |
20130055359 | SECRET INFORMATION LEAKAGE PREVENTION SYSTEM, SECRET INFORMATION LEAKAGE PREVENTION METHOD AND SECRET INFORMATION LEAKAGE PREVENTION PROGRAM - Provided is a system in which two or more clients, each including an application program that transmits a network access request, and a server are able to communicate, wherein at least one client includes first control means for controlling the access request transmitted to the server, based on a security level assigned to the application program, and the server includes second control means for determining whether the first control means has been introduced to the client that has transmitted the access request, authorizing the access request when the determination result is positive, and controlling the access request based on a security level assigned to an access target when the determination result is negative. | 2013-02-28 |
20130055360 | CONTENTS SERVICE METHOD, AND MEMBER INFORMATION PROVIDING SERVICE SYSTEM AND METHOD USING COMMUNICATION NETWORK - The present invention relates to a technique capable of transmitting and receiving contents or finding lost objects using a code. According to the present invention, contents can be transmitted and received, and member information needed to find a lost object can be confirmed using a code as a medium. In addition, possibility of malicious use or misuse of information that is accessed through a code by a third party against the intention of a member can be prevented. | 2013-02-28 |
20130055361 | Mobile communications device security technique - The level of security associated with mobile communication device access is advantageously reduced while the mobile device resides at a location deemed to be “safe.” Determining whether the mobile communications device resides at a safe location depends on (a) location coordinates, and (b) frequency and duration of use of the mobile communication device at the location. | 2013-02-28 |
20130055362 | AUTHENTICATING VIA MOBILE DEVICE - A first server device is configured to receive an authentication request from a second server device; add the authentication request to a queue associated with a user; and provide a representation of the queue to a mobile device of the user. The representation of the queue includes an entry for the authentication request. The first server device is further configured to receive, from the mobile device, authentication information, provided by the user, for the authentication request; determine that authentication, of the user, for the authentication request is successful based on the authentication information; generate an authentication response that indicates that the authentication, of the user, for the authentication request is successful; and transmit, by the first server device, the authentication response to the second server device. | 2013-02-28 |
20130055363 | CONNECTING REMOTE AND LOCAL NETWORKS USING AN IDENTIFICATION DEVICE ASSOCIATED WITH THE REMOTE NETWORK - One or more portable identification devices associated with a first smart network can be carried with a user of the first smart network to a second smart network and used to automatically identify the first smart network and allow authorized access to the smart network via the second smart network. The one or more portable identification devices are configured to automatically provision the second smart network with the information necessary for the second smart network to identify the first smart network and the authorization credentials to connect to the first smart network. In some example embodiments, the portable identification devices may be RFID tags. | 2013-02-28 |
20130055364 | INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING THE SAME AND STORAGE MEDIUM - An information processing apparatus of this invention has a function of transmitting data to a server on a network and causing the server to store the data. Setting information including at least the validated period information of the data and the storage destination information of the server is stored. The information processing apparatus instructs the server to delete the data stored even after the elapse of a validated period represented by the validated period information based on the stored validated period information and the storage destination information of the server. | 2013-02-28 |
20130055365 | Credential Provider That Encapsulates Other Credential Providers - Systems, methods, and computer readable media for encapsulating multiple Windows® based credential providers (CPs) within a single wrapping CP are described. In general, CP credentials and fields from two or more encapsulated or wrapped CPs may be enumerated and aggregated in such a way that the order of fields from each CP is preserved, fields that may be used only once are identified and appear only once, and fields are given a new unique field identifier. The union of all such fields (minus duplicates of any one-use-only fields) may be used to generate a mapping so that the wrapping CP and CP credential may “pass-through” calls from the operating system's logon interface to the correct wrapped CP and CP credential. The disclosed techniques may be used, for example, to provide single sign-on functionality where a plurality of sign-on credentials may be used (e.g., user name/password and smart card PIN). | 2013-02-28 |
20130055366 | DYNAMICALLY PROVIDING ALGORITHM-BASED PASSWORD/CHALLENGE AUTHENTICATION - Provided are a computer program product, method and system for dynamically providing algorithm-based password/challenge authentication. A page is generated including selectable conversion operators to enable generation of an algorithm that applies at least one selected conversion operator of the selectable conversion operators on a string to generate a password. A created algorithm created using the at least one selected conversion operator in the page is received. The created algorithm is associated with a username for use in authenticating access by a presenter of the username to a computer service. | 2013-02-28 |
20130055367 | Multi-Factor Profile and Security Fingerprint Analysis - A security fingerprint architecture is disclosed. A security fingerprint comprises one or more behavioral factors which store a history of events associated with one or more users. The data in the security fingerprint is exposed by one or more modes, each of which determines the conditions that data in the security fingerprint may be accessed. Security fingerprints support a number of primitive operations that allow set operations to be performed. Security fingerprints may be used in for authentication, advertising, and other operations either alone, or in conjunction with third party data sources. An exemplary platform of security fingerprints built upon a cellular infrastructure is also disclosed. | 2013-02-28 |
20130055368 | Multi-Factor Authentication - According to some embodiments, a method provides a designated link in a notification to an intended recipient of the message. The designated link includes a unique identifier associated with the message. Upon receiving a request to access the message, the method authenticates the request. Authentication includes verifying whether the request corresponds to the designated link provided in the notification. If the request passes authentication, the method communicates the message. | 2013-02-28 |
20130055369 | SYSTEM AND METHOD FOR DAY-ZERO AUTHENTICATION OF ACTIVEX CONTROLS - A system and method in one embodiment includes modules for verifying a digital signature of a Microsoft® ActiveX® control, identifying an executable file of the ActiveX control, authorizing the executable file as an updater configured to enable trust propagation, if the digital signature is from an authorized issuer, and installing the ActiveX control. More specific embodiments include hooking an exported function in the executable file and marking a thread calling the exported function as an updater. Hooking the exported function includes patching the executable function so that when the exported function is called during execution of the executable file, a second function is executed before the exported function is executed. Other embodiments include extracting a cabinet file wrapping the ActiveX control, parsing an information file in the cabinet file, and downloading additional components for installing the ActiveX control. | 2013-02-28 |
20130055370 | SECURITY FOR FUTURE LOG-ON LOCATION - A system includes a location look-up module that determines a current location for a user log-on to the network, and determines a next location of the user log-on to the network. An analyzer module analyzes at least one portion of the network for potential future location information for authenticating with the determined next location by an authorization module. The authorization module authenticates the next log-on to the network based on a comparison with the potential future location information. | 2013-02-28 |
20130055371 | STORAGE CONTROL METHOD AND INFORMATION PROCESSING APPARATUS - Upon receipt of a first key and first data, a control unit exercises control to store second data indicating a second key in association with the first key in a first node and to store the first data in association with the second key in a second node. Upon receipt of an access request that specifies the first key, the control unit detects that data stored in association with the first key is the second data, and accesses the first data stored in the second node on the basis of the second key indicated by the second data. | 2013-02-28 |
20130055372 | DYNAMICALLY PROVIDING ALGORITHM-BASED PASSWORD/CHALLENGE AUTHENTICATION - Provided are a computer program product, method and system for dynamically providing algorithm-based password/challenge authentication. A page is provided to authenticate a presenter of a username including a string and a field for entry of a password. An entered password entered into the page is received. An algorithm associated with the username is applied to the string included in the page to generate a generated password. A determination is made as to whether the entered password matches the generated password. The username is successfully authenticated in response to determining that the entered password matches the generated password. | 2013-02-28 |
20130055373 | PROTOCOL RATE FILTERING AT EDGE DEVICE - A method includes configuring a plurality of rate filters for a plurality of protocols. The plurality of rate filters are associated with a plurality of rate thresholds for the plurality of protocols. An edge device receives a packet for a flow. The packet is received from a customer premise equipment device for sending through an egress interface of the edge device. A rate of packets being sent for the flow and a protocol in the plurality of protocols associated with the packet are determined A rate filter in the plurality of rate filters that is associated with the determined protocol is determined where the rate filter is associated with a rate threshold in the plurality of rate thresholds. The method determines an event is occurring when the rate of packets exceeds the rate threshold associated with the determined rate filter and performs an action to mitigate the event. | 2013-02-28 |
20130055374 | System and Method for Denial of Service Attack Mitigation Using Cloud Services - A method to mitigate attack by an upstream service provider using cloud mitigation services. An edge detection device, which located at the subscriber's network edge, is able to communicate information via status messages about attacks to an upstream service provider. The service provider is then able to mitigate attacks based on the status messages. There is a feedback loop whereby the amount of dropped traffic by the service provider is added to the network traffic to keep the mitigation request open and prevent flapping. Likewise, the detection device includes time-to-engage and time-to-disengage timers to further prevent flapping. | 2013-02-28 |
20130055375 | Method and Protection System for Mitigating Slow HTTP Attacks Using Rate and Time Monitoring - A system and methods for mitigation slow HTTP, SSL/HTTPS, SMTP, and/or SIP attacks. A protection system monitors each TCP connection between a client and a server. The protection system monitors the header request time and minimum transfer rate for each client and TCP connection. If the client has not completed the data transfer in the minimum time or the data are not transferred at the minimum transfer rate, the protection system determines the connections are potentially a slow attack and resets the connections for the protected devices. | 2013-02-28 |
20130055376 | IMAGE PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - This invention provides an image processing apparatus capable of allowing a user to easily confirm the display contents of a bulletin board without reducing operability if the user should confirm a message by the bulletin board function in authentication processing; a method of controlling the same; and a program. To accomplish this, in the image processing apparatus, an authentication processing unit acquires message information from a storage unit. When the message information is acquired, an authentication screen to execute authentication processing is displayed on a display unit together with the message information. If no message information is acquired, the authentication screen to execute authentication processing is displayed on the display unit. | 2013-02-28 |
20130055377 | PROVIDING SELECTIVE SYSTEM PRIVILEGES ON AN INFORMATION HANDLING DEVICE - Devices, methods and products are described that provide for selective system or root level access for applications on an information handling device. One aspect provides a method comprising determining whether an application has system privileges on an information handling device; and executing privileged code from the application on said information handling device responsive to determining that the application has system privileges through one or more native services operating on said information handling device. Other aspects and embodiments are also described herein. | 2013-02-28 |
20130055378 | METHOD AND PORTABLE DEVICE FOR CONTROLLING PERMISSION SETTINGS FOR APPLICATION - A method for controlling permissions of a portable device includes selecting an access control mode for an application, the access control mode being associated with one or more permissions to manage resources of the portable device, executing the application in the access control mode, and controlling the one or more permissions for the application according to the access control mode. A portable device to control permissions includes a mode setting unit to select an access control mode for an application, the access control mode being associated with one or more permissions to manage resources of the portable device, an execution unit to execute the application in the access control mode, and an access control unit to control the one or more permissions for the application according to the access control mode. | 2013-02-28 |
20130055379 | SYSTEM, DEVICE AND METHOD FOR AUTHENTICATION - A computing device and computing device implemented method for setting a security level of the computing device. The method may comprise the computing device presenting a challenge to a user of the computing device. The challenge requiring the user to register a password with the computing device. The computing device may receive the password through a user input interface of the computing device in response to the challenge. The computing device may process the received password to calculate a password strength value and evaluate the password strength value to assign the security level. In an aspect, the security level may assign a higher security level when the password strength value is relatively high. In an aspect, the security level may allow for an expanded range of user selectable security options when the password strength value is relatively high. | 2013-02-28 |
20130055380 | Method for Generating and Detecting Auditable Passwords - A method for creating a password on an electronic computing device is disclosed. On the electronic computing device, a first password is obtained. The first password comprises a string of one or more characters. A first character is appended to the first password to form a second password. A hash function is applied to the second password to generate a first hashed password. The first hashed password comprises a first bit string. A determination is made as to whether the first hashed password includes a predefined sequence of bits. When it is determined that the first hashed password includes the predefined sequence of bits, the second password is designated as an auditable password. | 2013-02-28 |
20130055381 | CREATION OF RHYTHMIC PASSWORD AND AUTHENTICATION BASED ON RHYTHMIC PASSWORD - A method and system for utilizing the biometric factors reflected in the typing as a kind of physiological password, to create a rhythmic password specific to the user, and to authenticate based on the rhythmic password. The method includes providing an original training text to a user, receiving an input training text provided by the user according to the original training text, extracting rhythmic characteristic values between adjacent text units of the input training text, and generating a rhythmic password of the user based on the extracted rhythmic characteristic values between adjacent text units. The invention utilizes the rhythm of a user inputting text can bring multiple advantages, including enhanced security of the password, and saving the user's cost of memorizing the password. | 2013-02-28 |
20130055382 | Managing Access to Storage Media - Embodiments of the invention relate to password management of one or more data storage devices. A set of passwords are employed to manage access to the storage devices, with authentication of both passwords enabling access to the subject storage device(s) for read and/or write operation privileges. The first password is known by the user and is used as an initial input string. The second password is not known by the user and is authenticated with the subject storage device(s) through BIOS and without input from the user. | 2013-02-28 |
20130055383 | COORDINATED DETECTION OF A GREY-HOLE ATTACK IN A COMMUNICATION NETWORK - In one embodiment, a security device receives one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device. The security device also receives one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device. By comparing the first and second unique identifications, the security device may then determine whether acknowledgments received by the first device were truly returned from the second device based on whether the first and second unique identifications exactly match. | 2013-02-28 |
20130055384 | DEALING WITH WEB ATTACKS USING CRYPTOGRAPHICALLY SIGNED HTTP COOKIES - According to one embodiment, a security gateway (SG) is coupled between a hypertext transport protocol (HTTP) client and a web application server. Responsive to a first HTTP message being transmitted between the HTTP client and the web application server as part of an HTTP session, the SG generates security gateway session security state information (SGI) based on a policy. The SG also generates a digital signature (SGS) from the SGI, creates an SG signed session security state information cookie (SGC), and sends the SGC to the HTTP client for storage instead of storing the SGI in the SG. Responsive to a second HTTP message of the HTTP session, the SG attempts to validate a claim made in the second HTTP request using at least the policy and the SGC that is supposed to be returned with the second HTTP message. | 2013-02-28 |
20130055385 | SECURITY EVENT MANAGEMENT APPARATUS, SYSTEMS, AND METHODS - Apparatus, systems, and methods may operate to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events. Additional operations may include extracting multiple security events from multiple security event data streams, and classifying the extracted multiple security events to form domain-specific, categorized data streams. A hierarchy of statistical data streams may then be generated from the domain-specific, categorized data streams. Additional apparatus, systems, and methods are disclosed. | 2013-02-28 |
20130055386 | APPARATUS AND METHOD FOR PREVENTING FALSIFICATION OF CLIENT SCREEN - An apparatus and method for preventing falsification of a client screen is provided, in which a web server dynamically generates URIs and provides them to clients, thus preventing the falsification of client screens due to a web injection attack or a memory hacking attack. The apparatus includes a random web generation unit for converting an identical web page into random URIs that are randomly generated, at a request of a plurality of clients, generating different random web sources, and providing the different random web sources to the respective clients. A web falsification determination unit compares display web source eigenvalues respectively generated by the clients with respect to any one of the random web sources with a generative web source eigenvalue for the one of the random web sources, thus determining whether screens corresponding to the random web sources displayed on the respective clients have been falsified. | 2013-02-28 |
20130055387 | APPARATUS AND METHOD FOR PROVIDING SECURITY INFORMATION ON BACKGROUND PROCESS - An apparatus and method for providing security information on a background process are provided. The method includes executing an application, detecting an event associated with the execution of the application, identifying a security related permission associated with the application, determining whether the security related permission matches a registered security related permission, determining an application identifier in response to the security related permission matching the registered security related permission, determining whether the event is associated with the background process, and displaying a security risk alert icon based on the detected event. The apparatus includes an application execution unit to execute an application; a security risk detection unit to detect an event associated with a background process of the application; and a screen configuration unit to configure a security risk alert icon to be displayed based on the detected event. | 2013-02-28 |
20130055388 | METHOD AND SYSTEM FOR TRACKING MACHINES ON A NETWORK USING FUZZY GUID TECHNOLOGY - A method for querying a knowledgebase of malicious hosts numbered from 1 through N. The method includes providing a network of computers, which has a plurality of unknown malicious host machines. In a specific embodiment, the malicious host machines are disposed throughout the network of computers, which includes a world wide network of computers, e.g., Internet. The method includes querying a knowledge base including a plurality of known malicious hosts, which are numbered from 1 through N, where N is an integer greater than 1. In a preferred embodiment, the knowledge base is coupled to the network of computers. The method includes receiving first information associated with an unknown host from the network; identifying an unknown host and querying the knowledge base to determine if the unknown host is one of the known malicious hosts in the knowledge base. The method also includes outputting second information associated with the unknown host based upon the querying process. | 2013-02-28 |
20130055389 | SECURITY EVENT LOGGING IN PROCESS CONTROL - A method and gateway are provided for extracting 61850 security events from general IEC 61850 events and merging them together with standard IT or other security events at station level or even higher system levels. Thus, the coexistence of two different protocols on the substation bus is allowed, providing greater flexibility in the design of a Substation Automation (SA) system, for example in SA systems with a mix of IEC 61850-compliant Intelligent Electronic Devices (IEDs) and SA devices that do not adhere to IEC 61850 communication protocols. | 2013-02-28 |
20130055390 | SEARCH INFRASTRUCTURE SUPPORTING TRADEMARK RIGHTS - A system and method monitors and weeds out illegitimate/illegal websites during search engine indexing and domain name registration. The whois database generated during domain name registration is used as a reference database for correlation with a database generated by the search crawler on a search engine server. A whois analyzer from the search engine server extracts a set of URLs into a database called the uncorrelated URL database. The uncorrelated URL database contains those URLs from both the aggregate whois database and reverse index database after removing common URLs. The uncorrelated URLs are contacted and advised by the whois administrator to take necessary action to be listed in the whois database and properly be indexed during search engine crawling. This process ensures that URLs are properly registered and identified on the Internet thus eliminating the success of illegal/unwanted websites. Trademark information may also be used in the site validation process. | 2013-02-28 |
20130055391 | METHOD AND APPARATUS FOR ADAPTIVE INTEGRITY MEASUREMENT OF COMPUTER SOFTWARE - Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform. | 2013-02-28 |
20130055392 | File System Event Tracking - Automated file system event tracking and reporting techniques are described in which file system events requested by a user application are intercepted and recorded prior to the request being permitted to pass to the file system for execution. Similarly, file system responses to a prior captured file system event are also intercepted and recorded. Predefined patterns of file system event may be aggregated and reported as a single event. | 2013-02-28 |
20130055393 | METHOD AND APPARATUS FOR ENHANCING PRIVACY OF CONTACT INFORMATION IN PROFILE - A mobility technology for strengthening safety for an invasion of privacy caused by leakage of contact information is provided. A privacy protection system may include an acquisition attempt detecting unit to detect an external communication terminal that attempts to acquire contact information included in the profile, and an access controller to provide the detected external communication terminal with a right to use the contact information, and to determine whether the contact information is to be provided. | 2013-02-28 |
20130055394 | NETWORK SECURITY RISK ASSESSMENT - A security risk of a computer network is assessed by simulating a threat environment of the computer network, wherein the threat environment includes a vulnerability and a website, simulating a protection environment of the computer network and a computer system in the computer network, and simulating network activity of the computer system. The security risk of the computer network is assessed based at least in part on the simulated threat environment, the simulated protection environment, and the simulated network activity of the computer system. | 2013-02-28 |