51st week of 2014 patent applcation highlights part 69 |
Patent application number | Title | Published |
20140373051 | METHOD AND APPARATUS FOR INFORMING OCCURRENCE OF EVENT OF COMMUNICATION TERMINAL IN DIGITAL TV - A method and apparatus for informing of the occurrence of an event of a communication terminal in a digital Television (TV) are provided. A method of a TV output generator of informing a digital TV of the occurrence of an event of a communication terminal is provided. The method includes receiving an input of event information from any one of a landline and a mobile terminal, generating a control signal including output information corresponding to the event information, and transmitting the control signal to the TV. | 2014-12-18 |
20140373052 | Current Device Location Advertisement Distribution - In embodiments of current device location advertisement distribution, a mobile network operator receives media content from a content service and can then communicate the media content to a client device via a wireless distribution point. A device location service determines that a current location of the client device is not within a geographic region associated with the client device, and updates the current location of the client device from location data that identifies the current location of the client device. The media content can then be updated for distribution to the client device along with advertisements that correspond to an advertising locale, which includes the current location of the client device. | 2014-12-18 |
20140373053 | SYSTEM AND METHOD FOR INSERTING LOCAL CONTENT INTO SATELLITE BROADCAST PROGRAMS AND EPG ON A NETWORK - The present invention relates to system of inserting locally stored content into satellite broadcast programs and electronic program guides. In particular, the system teaches a method of receiving satellite tuning parameters from a set top box, determine a request for locally stored content, and transmitting a multicast address in response to said reception of satellite tuning parameters. The locally stored content is then transmitted to the receiver over a network using the multicast address. | 2014-12-18 |
20140373054 | CONTENT DISTRIBUTION - A content receiver useable in a broadcast content distribution system includes a content source that broadcasts audio/video content for reception by content receivers with associated metadata defining links to other content for possible reproduction by the content receiver and information indicative of a category of each link. The content receiver is configured to generate link information for display in dependence upon received metadata relating to links having a subset of categories while reproducing the broadcast audio/video content, and includes a user control operable to select a link for which link information is currently displayed by the content receiver causing the content receiver to reproduce content defined by that link and a category memory storing category information defining the subset of categories, the content receiver configured to modify stored category information in dependence upon which links are selected using the user control. | 2014-12-18 |
20140373055 | EXTENDING CONNECTIVITY IN MULTIMEDIA PRESENTATION DEVICE - An extended connectivity apparatus provides multimedia data from a multimedia source device to a multimedia presentation device. An electrical connector mechanically couples to a connector of the multimedia presentation device to provide a communication path to the multimedia presentation device. A wireless communication interface, which is selectively separable from the multimedia presentation device at the electrical connector, receives multimedia data over a wireless communication channel. A processor, which is also selectively separable from the multimedia presentation device at the electrical connector, encodes the received multimedia data into a format compatible with presentation capabilities of the multimedia presentation device and conveys the encoded multimedia data to the multimedia presentation device through the electrical connector. | 2014-12-18 |
20140373056 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373057 | SYSTEM AND METHOD FOR SWITCHING BETWEEN MEDIA STREAMS FOR NON-ADJACENT CHANNELS WHILE PROVIDING A SEAMLESS USER EXPERIENCE - An electronic device with one or more processors, memory and a display receives a first request to display a first video stream that corresponds to a first channel in a predetermined sequence of channels. In response to the first request, the device displays the first video stream. While displaying the first video stream, the device receives a second request to display a second video stream that corresponds to a second channel in the predetermined sequence of channels and is separated from the first channel by one or more intervening channels. In response to receiving the second request, the device displays at least a portion of the first video stream concurrently with at recently received content of one or more of the intervening channels and displays recently received content of one or more of the intervening channels concurrently with least a portion of the second video stream. | 2014-12-18 |
20140373058 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373059 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table: At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373060 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373061 | Method, Device, and Computer Program Product - According to one embodiment, a program listing display method includes: obtaining data of a first program and data of a second program through a communication network; obtaining, though the communication network, first reservation information of the first program and second reservation information of the second program in an electronic device; and outputting data of a program listing containing the data of the first program, the data of the second program, the first reservation information, and the second reservation information. In the data of the program listing, in accordance with newness of the first reservation information or the second reservation information, a display mode of the data of the first program differs from a display mode of the data of the second program, or a display mode of the first reservation information differs from a display mode of the second reservation information. | 2014-12-18 |
20140373062 | METHOD AND SYSTEM FOR PROVIDING A PERMISSIVE AUXILIARY INFORMATION USER INTERFACE - A method and system are provided. The method and system are for providing a permissive auxiliary information user interface. The method includes receiving a user selection of one or more types of media asset auxiliary information that a user is interested in viewing during a trick mode operation invoked while playing back a media asset. The method further includes storing the user selection in a memory device. The method also includes providing, to the user on a display screen, media asset auxiliary information of the types indicated by the user selection, when the trick mode operation is invoked while playing back the media asset. | 2014-12-18 |
20140373063 | ENHANCED PROGRAM GUIDE - Systems and methods described herein relate to an enhanced program guide for programs that are broadcast according to a defined schedule. Program titles included in the guide can be ordered based on a relevance rank or score, potentially with no other parameter employed in determining a position of a program title within the guide. Presentation of the guide can be independent of a time axis or dimension and a channel axis or dimension. Titles can be displayed in a manner that is independent of a start time or running length of the associated program. | 2014-12-18 |
20140373064 | Method and Systems for Tiered Navigational Guide Creation - A method and system are provided. A server ( | 2014-12-18 |
20140373065 | DEVICE AND METHOD FOR SWITCHING TELEVISION CHANNELS - A method for switching channels comprises obtaining program information of programs of each channel. The obtained program information is displayed for a user to select one or more programs. The selected programs are regarded as favorite programs and added to a favorite program list. The currently airing favorite programs are determined, and a switch list recording the currently airing favorite programs is created. The channels of the favorite programs in the switch list can be switched according to a switch command. | 2014-12-18 |
20140373066 | METHOD AND SYSTEM FOR PREORDERING CONTENT IN A USER DEVICE ASSOCIATED WITH A CONTENT PROCESSING SYSTEM - A system and method for preordering content includes a content processing system and a user device in communication with the content processing system. The content processing system receives program guide data for linear channels and receives future available content data at the user device. The future available content data comprises an availability window having an availability start time and an availability end time. The user device stores the program guide data in the user device storing the future available content data in a memory of the user device, forms a future content selection, and stores the future content selection in a queue until the availability window is reached. When within the availability window, the user device communicates a material identification to the content processing system. The content processing system communicates the content corresponding to the material identification to the user device. | 2014-12-18 |
20140373067 | Electronic Device, Method, and Computer Program Product - According to one embodiment, an electronic device includes a processing circuitry to make a request to a server so as to acquire a channel list via a communication network, to compare a first channel list acquired newly with a second channel list acquired previously, and, if the second channel list is to be updated with the first channel list, to acquire first program information corresponding to the first channel list from the server, and to generate a program guide by using the first channel list and the first program information. | 2014-12-18 |
20140373068 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373069 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373070 | DIFFERENTIATED PSIP TABLE UPDATE INTERVAL TECHNOLOGY - An apparatus, method and data structure for generating at least one table in a broadcast environment, are provided. The apparatus includes a generator to generate an event information table (EIT) and an extended text table (ETT). The ETT has program guide information for an n-hour span and has a transmission interval. The ETT has a transmission interval and program description information according to the EIT. The transmission interval of the EIT is shorter than the transmission interval of the ETT. | 2014-12-18 |
20140373071 | DIFFERENTIATED PSIP TABLE UPDATE INTERVAL TECHNOLOGY - An apparatus, method and data structure for generating at least one table in a broadcast environment, are provided. The apparatus includes a generator to generate an event information table (EIT) and an extended text table (ETT). The ETT has program guide information for an n-hour span and has a transmission interval. The ETT has a transmission interval and program description information according to the EIT. The transmission interval of the EIT is shorter than the transmission interval of the ETT. | 2014-12-18 |
20140373072 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373073 | USER INTERFACE FOR ENTERTAINMENT SYSTEMS - Methods and apparatus for providing a search interface for an electronic device including a tuner configured to tune the electronic device to receive scheduled programming content. A search query is received and one or more data sources including information about media content are searched based, at least in part, on the search query. The results of the search are presented on a user interface using a time-based axis and a time-independent axis. | 2014-12-18 |
20140373074 | SET TOP BOX AUTOMATION - A computer-implemented method for integration of a set top box and an automation system is described. In one configuration, subscriber program content is provided. An aspect of a premises is monitored via one or more sensors. A monitor channel may be provided to display the monitored aspect of the premises. The monitor channel may be displayed in a channel guide among channels of the subscriber program content. | 2014-12-18 |
20140373075 | METHOD AND SYSTEM FOR DOWNLOADING CONTENT TO A CONTENT DOWNLOADER - A content downloader system including a display for displaying a user interface enabling a user to select content to be downloaded and initiate downloading; a set-top-box coupled to the display for providing the user interface and for receiving an Indication of the content to be downloaded; and a content downloader coupled to and separate from the set-top-box, the content downloader for receiving the content. The content downloader has at least one memory component for storing content, at least one input/output connection for communicating to electronic devices, optionally including a removable memory card and optionally including an encryption/decryption unit. The content downloader may have an identification whereby its identity is authenticated by the content provider. The content downloader downloads the content selected by the user after successful authentication whereby the selection is made using the display and the set-top-box, and the content downloaded to the content downloader separate than the set-top-box. | 2014-12-18 |
20140373076 | RADIO FREQUENCY AUDIO/VIDEO SWITCH AND INTERNET PROTOCOL DISTRIBUTION APPLIANCE - A switched radio frequency (RF) and Internet Protocol (IP) audio/video processing and distribution appliance that enables virtually any format of audio/video to be received, decrypted, transcoded, encrypted and distributed over a high speed IP backplane and output or modulated in a variety of formats. The system minimizes the number of points of failure to provide an extremely robust and cost effective solution for MDU and hospitality markets both in terms of initial cost and long-term maintenance costs. | 2014-12-18 |
20140373077 | METHODS FOR DISTRIBUTING CONTENT IN MULTI-ROOM ENVIRONMENT - A method enables a user to pause or stop content reproduction in one viewing room, and resume content reproduction in another viewing room according to a timing condition. According to an exemplary embodiment, the method is used in a system including first and second video devices, and includes steps of: receiving by the first video device while playing back a program, a first control signal to interrupt the playback; enabling display of a message by the second video device for a predetermined time interval asking a viewer whether to continue playback of the program by the second video device; receiving by the second video device a second control signal within the predetermined time interval to continue playback of the program; and enabling playback of the program by the second video device in response to the second control signal. | 2014-12-18 |
20140373078 | VIDEO ON DEMAND USING COMBINED HOST AND CLIENT ADDRESSING - A system and method for streaming a Video on Demand (VOD) asset includes receiving, at a host, a VOD asset request from a client over an internal network, and sending the VOD asset request from the host over an external network using a client/host address that includes a host address and a client address. The VOD asset targeted for the client including the client/host address is received at the host over the external network, and the VOD asset is streamed from the host to the client over the internal network. | 2014-12-18 |
20140373079 | EVENT-BASED MEDIA PLAYBACK - Particular portions or events of recorded television programming identified as having especially significant or interesting detail may be played-back at normal speed without user input; whereas other portions or events of the recorded television programming may be played-back at greater than normal speed. | 2014-12-18 |
20140373080 | Remote Storage Digital Video Recording Optimization Method and System - A remote storage digital video recording system ( | 2014-12-18 |
20140373081 | PLAYBACK SYNCHRONIZATION IN A GROUP VIEWING A MEDIA TITLE - A method and apparatus for synchronizing the playback of a media title to a group of client device platforms is disclosed. A synchronizer may make adjustments to the playback modes of one or more client device platforms within a group watching the same media title in order to ensure synchronized playback. When a client device platform is behind the group its playback mode may be changed to a fast playback mode. When a client device platform is ahead of the group its playback mode may be changed to a slow playback mode. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. | 2014-12-18 |
20140373082 | OUTPUT SYSTEM, CONTROL METHOD OF OUTPUT SYSTEM, CONTROL PROGRAM, AND RECORDING MEDIUM - A display system ( | 2014-12-18 |
20140373083 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373084 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-12-18 |
20140373085 | DIFFERENTIATED PSIP TABLE UPDATE INTERVAL TECHNOLOGY - An apparatus, method and data structure for generating at least one table in a broadcast environment, are provided. The apparatus includes a generator to generate an event information table (EIT) and an extended text table (ETT). The ETT has program guide information for an n-hour span and has a transmission interval. The ETT has a transmission interval and program description information according to the EIT. The transmission interval of the EIT is shorter than the transmission interval of the ETT. | 2014-12-18 |
20140373086 | DIFFERENTIATED PSIP TABLE UPDATE INTERVAL TECHNOLOGY - An apparatus, method and data structure for generating at least one table in a broadcast environment, are provided. The apparatus includes a generator to generate an event information table (EIT) and an extended text table (ETT). The ETT has program guide information for an n-hour span and has a transmission interval. The ETT has a transmission interval and program description information according to the EIT. The transmission interval of the EIT is shorter than the transmission interval of the ETT. | 2014-12-18 |
20140373087 | Automatic Code and Data Separation of Web Application - Aspects of the subject disclosure are directed towards detecting instances within a web application where code and data are not separated, e.g., inline code in the application. One or more implementations automatically transform the web application into a transformed version where code and data are clearly separated, e.g., inline code is moved into external files. The transformation protects against a large class of cross-site scripting attacks. | 2014-12-18 |
20140373088 | SYSTEM AND METHODS FOR ANALYZING AND MODIFYING PASSWORDS - A system for analyzing and modifying passwords in a manner that provides a user with a strong and usable/memorable password. The user would propose a password that has relevance and can be remembered. The invention would evaluate the password to ascertain its strength. The evaluation is based on a probabilistic password cracking system that is trained on sets of revealed passwords and that can generate password guesses in highest probability order. If the user's proposed password is strong enough, the proposed password is accepted. If the user's proposed password is not strong enough, the system will reject it. If the proposed password is rejected, the system modifies the password and suggests one or more stronger passwords. The modified passwords would have limited modifications to the proposed password. Thus, the user has a tested strong and memorable password. | 2014-12-18 |
20140373089 | APPROVAL OF CONTENT UPDATES - A method, computer program product, and system is described. An indication of a problem regarding a content item is received, the content item being subject to a workflow including an approval protocol. A request for an emergency exception to the workflow with respect to an update to the content item is received, the update being associated with the problem. Permission for circumvention of one or more aspects of the approval protocol with respect to the update is provided, in response to receiving the request for the emergency exception. | 2014-12-18 |
20140373090 | SYSTEMS AND METHODS FOR PROVIDING A SMART GROUP - The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component. | 2014-12-18 |
20140373091 | Distributed Network Security Using a Logical Multi-Dimensional Label-Based Policy Model - A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken. | 2014-12-18 |
20140373092 | PROVIDING DOMAIN-JOINED REMOTE APPLICATIONS IN A CLOUD ENVIRONMENT - Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a computer system receives authentication information for a private domain from an entity. The entity indicates that their private virtual machines are to be provisioned on a public cloud, where the entity's private domain is accessible using the authentication information. The computer system establishes a virtual network on the public cloud which is configured to host the entity's private virtual machines, where each virtual machine hosts remote applications. The computer system establishes an authenticated connection from the virtual network to the entity's private domain using the received authentication information and provides the entity's private virtual machines on the public cloud. The remote applications provided by the private virtual machines then have access to data stored within the entity's private domain using the authenticated connection. | 2014-12-18 |
20140373093 | ONLINE SECURE TRANSACTION VERIFICATION SYSTEM PROXY SERVER AND METHOD - In one example, a proxy server acts as a gateway to a website and modifies the traffic between a web browser on a user device and the website server, as necessary to request protection by providing step-up authentication and/or transaction verification. The proxy server blocks transactions when protection is required but has not occurred (either because the authentication was not proper or due to the detection of another problem). Associated methods and systems are also provided. | 2014-12-18 |
20140373094 | METHOD OF CONNECTING A USER TO A NETWORK - The present invention comprises a method of and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients. | 2014-12-18 |
20140373095 | BLOCKING/UNBLOCKING ALGORITHMS FOR SIGNALING OPTIMIZATION IN A WIRELESS NETWORK FOR TRAFFIC UTILIZING PROPRIETARY AND NON-PROPRIETARY PROTOCOLS - According to one aspect, the subject matter described herein includes a method for signaling optimization in a wireless network utilizing proprietary and non-proprietary protocols. A first session is established between an application on a mobile device and a local proxy on the mobile device, a second session is established between the local proxy and a proxy server not located on the mobile device, and a third session is established between the proxy server and a content server. A byte stream present within the first and second sessions is monitored to identify patterns within the byte stream. If a pattern is found, the pattern is used to determine a behavior of the application. If that behavior is one that is a candidate for optimization, signaling optimization is performed between the application and the content server. Signaling optimization includes dismantling the second session, replaying the pattern to the application via the first session, and replaying the pattern to the content server via the third session. | 2014-12-18 |
20140373096 | Roaming Internet-Accessible Application State Across Trusted and Untrusted Platforms - In one embodiment, a user device may store state data for an application at an internet-accessible data storage | 2014-12-18 |
20140373097 | SYSTEM FOR DOMAIN CONTROL VALIDATION - A system and method for domain control validation is presented. At a certificate authority a request is received. The request includes a certificate signing request and a first Internet protocol address. The certificate signing request identifies a domain and a certificate. A second Internet protocol address for the domain is retrieved from a domain name system. When the first Internet protocol address is the same as the second Internet protocol address, the certificate is signed, and the signed certificate is transmitted to a requester of the request. When the first Internet protocol address is not the same as the second Internet protocol address, the certificate signing request is rejected. | 2014-12-18 |
20140373098 | RUNTIME API FRAMEWORK FOR CLIENT-SERVER COMMUNICATION - In particular embodiments, a method includes receiving, by a computing device including an import/export framework, encoded client data. The client data may be encoded by a generic transcoding service. The method includes performing load-balancing based at least in part on the client data, authorizing the client's access of a remote application, and exporting the encoded client data to the remote application. | 2014-12-18 |
20140373099 | ASYNCHRONOUS USER PERMISSION MODEL FOR APPLICATIONS - Use of an application to engage services on behalf of a third party is contemplated. The services may be engaged one behalf of the third party with delivery of a third party permission to a Web service, optionally with the third party permission being recognized in the form of an access token (accessToken) provided from the application to the Web service without requiring the application to interact with an user-agent used to obtain the third party permission. | 2014-12-18 |
20140373100 | NFC Triggered Two Factor Protected Parental Controls - Disclosed is a two-factor method for protecting access to content, device functionality accounts and the like through portable devices. A master device may facilitate a subordinate device's access to the on-line account by situating the master device in close proximity to the unauthorized user's portable device. Once within close proximity of one another, the devices may exchange information that may eventually allow the subordinate device to access an account, an application or the like. | 2014-12-18 |
20140373101 | SENDING SESSION TOKENS THROUGH PASSIVE CLIENTS - A session token can be requested to be sent to a first computing service from a second computing service, and a first computing service can receive the requested session token from the second computing service. The first computing service can send a message that includes the session token through a passive client to the second computing service. The second computing service can receive the message that includes the session token from the passive client, and the second computing service can verify that the message is valid. This verification of the validity of the message can include verifying that the session token received back from the passive client matches the session token the second computing service sent to the first computing service. | 2014-12-18 |
20140373102 | SERVER DEVICE, CONTENT DISTRIBUTION CONTROL DEVICE, AND CONTENT DISTRIBUTION SYSTEM - A smartphone provides a content to a client device that displays the contents on a screen. The smartphone includes a gyro sensor and a control unit. The gyro sensor detects a direction that the smartphone is facing. The control unit stops transmission of a predetermined content for which confidentiality is to be preserved when the gyro sensor detects that the smartphone is facing a predetermined direction. | 2014-12-18 |
20140373103 | AUTHENTICATION SYSTEM, CONTROL METHOD THEREOF, SERVICE PROVISION DEVICE, AND STORAGE MEDIUM - An authentication system registers, in a service provision device, identification information for an information processing device that cooperates with the authentication system, associates the identification information for the information processing device with authorization information in accordance with an issuance of the authorization information corresponding to the information processing device, and saves them in the authorization service device, queries the authorization service device for the identification information for the information processing device associated with the authorization information in response to a request for obtaining the service and the issued authorization information from the information processing device, and provides, according to the request, the service with the information processing device in response to a correspondence between the identification information for the information processing device acquired as a result of the query and the identification information for the information processing device registered. | 2014-12-18 |
20140373104 | DATA SENSITIVITY BASED AUTHENTICATION AND AUTHORIZATION - Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item. | 2014-12-18 |
20140373105 | ENTERPRISE SECURITY MANAGEMENT SYSTEM USING HIERARCHICAL ORGANIZATION AND MULTIPLE OWNERSHIP STRUCTURE - A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user's group. All users within a group inherit the rights and restrictions of the group. | 2014-12-18 |
20140373106 | Handling Emails - Disclosed are various methods for handling emails. They involve including email addresses in envelope recipient and envelope sender fields that are different to the addresses that would normally be included. One method comprises: receiving an email message at a service provider, the email message having in an envelope sender field a sender's email address relating to an unprotected sending contact entity and in an envelope recipient field a receiving alias email address relating to a protected receiving contact entity; wherein the recipient's email address includes a domain that is controlled by the service provider such that the email message is addressed to the protected receiving contact entity via the service provider, identifying a database record containing the recipient's email address; extracting from the database record a protected entity delivery email address for the protected receiving contact entity; substituting the recipient's email address in the envelope recipient field of the email message with the protected entity delivery email address; and providing the email message with the substituted envelope recipient email address. | 2014-12-18 |
20140373107 | SYSTEM AND METHOD FOR CONTROLLING A DNS REQUEST - A system and method of controlling communication. An appliance is provided with a program suitable for issuing a DNS request and a control program enabling the DNS request to be intercepted. The control program includes communications elements for communicating with a DNS server to which the DNS request is transmitted, and for communicating with another server for authorization. An authorization request, distinct from the DNS request, including an identifier of the user of the appliance and the domain name, is transmitted to the DNS server. The authorization server returns to the DNS server a response established as a function of the identifier of the user of the appliance and as a function of the domain name contained in the authorization request. The communications elements for communicating with the issuing program transmit to the issuing program an IP address defined as a function of the response from the authorization server. | 2014-12-18 |
20140373108 | COLLABORATIVE AUTHORING MODES - A collaborative authoring application provides an authoring environment in which two or more users can edit a document concurrently. Each user edits a copy of the document, sends updates to a master copy of the document, and receives updates from the master copy of the document. The authoring environment may be configured into a public mode of operation, in which content and metadata are synchronized automatically, or into a private mode of operation, in which metadata is synchronized automatically and content is synchronized only at the request of the user. The authoring application may edit documents offline in public or private mode. | 2014-12-18 |
20140373109 | Cartridges in a Multi-Tenant Platform-as-a-Service (PaaS) System Implemented in a Cloud Computing Environment - Implementations for providing cartridges in a multi-tenant PaaS system of a cloud computing environment is disclosed. An example method includes maintaining a repository of a plurality of packages that provide functionality for multi-tenant applications executed by a node, each package of the plurality of packages comprising a software and a configuration information specifying a plurality of hooks, receiving a request to configure a first package from the plurality of packages, wherein the first package is to provide functionality for one of the multi-tenant applications, establishing a container to provide process space for the functionality of the first package, calling a configure hook from the plurality of hooks specified in the configuration information of the first package, and in response to calling the configure hook, embedding an instance of the software of the first package in the container, the instance of the software of the first package copied from the repository. | 2014-12-18 |
20140373110 | MOBILE DEVICE IDENTIFY FACTOR FOR ACCESS CONTROL POLICIES - A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway. | 2014-12-18 |
20140373111 | VIRTUAL KEY RING - A virtual key ring is disclosed. A graphical representation of a key ring or keychain having a plurality of keys is displayed on a computing device, and a pre-determined gesture input from a user indicative of an interaction with the key ring or chain, or one of the keys is received. The wireless operation of a lock can be managed by then accessing stored information associated with a virtual key or the lock in accordance with the pre-determined gesture. Pre-determined gestures can include, for example, movement along a predefined path on a touch screen in order to select a virtual key from among the plurality of virtual keys. The computing device can be a wireless mobile computing device such as a smartphone. The computing device can use any wireless communication technology, NFC and Wi-Fi being examples. | 2014-12-18 |
20140373112 | APPARATUS AND SYSTEM EFFECTIVELY USING A PLURALITY OF AUTHENTICATION SERVERS - A communication apparatus including: a plurality of physical ports to be coupled to different terminals via a network; a plurality of authentication processing units configured to execute an authentication process; and a controller configured to determine which one of the physical ports on which a packet was received from a terminal, to specify a preset authentication process corresponding to the determined physical port on which a packet was received, and to distribute the specified authentication process of the packet from the terminal to an authentication processing unit for executing. | 2014-12-18 |
20140373113 | Trust Based Digital Rights Management Systems - A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials. | 2014-12-18 |
20140373114 | APPARATUS AND METHOD FOR VALIDATION AND AUTHORIZATION OF DEVICE AND USER BY GLOBAL POSITIONING AND NON-PROMPTED EXCHANGE OF INFORMATION - An authorization and validation system and method for mobile financial transactions uses (1) historic Global Positioning System (GPS) and time at specific locations and (2) both visible and invisible prompts to allow access to assets and performance of financial transactions. Said system and method also determines when the mobile device, tablet or smart phone, is lost or is operated by an impersonator. Special attention is devoted when said system is engaged in determining whether the user is under threat or not. | 2014-12-18 |
20140373115 | METHOD AND SYSTEM FOR ALLOWING ANY LANGUAGE TO BE USED AS PASSWORD - Systems and methods are provided for operating an electronic device, the method comprising storing data related to at least one selected language used during password creation. At password entry prompt, the stored data related to the at least one selected language may be used to select a character mapping based on the stored data related to the at least one selected language, and the character mapping may be applied to the keyboard so that a password may be entered using that character mapping. | 2014-12-18 |
20140373116 | ESTABLISHING A SECURE FILE TRANSFER SESSION FOR SECURE FILE TRANSFER TO A DEMARCATION DEVICE - Systems, devices and techniques for establishing a secure file transfer session for secure downloading of configuration files to a Demarcation device are disclosed. Communication is established with a first network device. A password challenge message is received from the first network device. A username is generated. A password is generated using the password challenge message and a locally stored salt key. The username and the password are communicated to a second network device via the first network device, to facilitate establishing a secure file transfer connection with the second network device. | 2014-12-18 |
20140373117 | MOBILE CREDENTIAL REVOCATION - Managing validity status of at least one associated credential includes providing a credential manager that selectively validates associated credentials for at least one device, the device invalidating a corresponding associated credential, and the device requesting that the credential manager validate the corresponding associated credential after invalidating the associated credential. The associated credential may be invalidated based on an external event, such as a user invalidating the associated credential from a UI of the device, a user improperly entering a pin value, a user indicating that a corresponding device is lost, the device entering sleep mode, the device locking a user interface thereof, the device shutting down, and a particular time of day. The at least one associated credential may be provided on an integrated circuit card (ICC) that may be part of a mobile phone and/or a smart card. | 2014-12-18 |
20140373118 | SERVER APPARATUS, COMMUNICATION SYSTEM, AND DATA ISSUING METHOD - There is a server apparatus in which: an issuing unit issues data to devices; a distribution manager distributes the data to devices; a data manager manages data set as issued; a revocation manager detects, from the data set, data that satisfies a condition, and invalidates the detected data; and a filter manager updates and distribute to devices a filter having a predetermined bit length each time data is invalidated, by setting one of a first value and a second value to each of bits in the filter when a revoked data set is projected onto the filter; the data manager identifies data other than the invalidated data, having projection onto at least one of bits whose value has changed between before and after the update, and having the first value for all of bits projected onto the updated filter and reissues data to the device having the identified data. | 2014-12-18 |
20140373119 | PROVIDING TIME RATIO-BASED PASSWORD/CHALLENGE AUTHENTICATION - Providing registration for password/challenge authentication includes receiving an access code or pattern inputted by a user, recording a time message associated with each component of the access code or pattern via a processor, generating a data record in combining each component of the access code or pattern with the associated time message, and storing the data record. | 2014-12-18 |
20140373120 | MANAGING CLOUD ZONES - Methods and systems for managing cloud zones are described herein. A management server for a cloud of computing resources may add private zones to the cloud. The private zones may contain computers owned and operated by a user of the cloud, such as a cloud customer, rather than the cloud operator. The management server may manage the computing resources in the private zone by sending commands to an agent, which in turn relays the management server's commands to the individual computing resources. The agent may be authenticated using a token. | 2014-12-18 |
20140373121 | SYSTEM AND METHOD FOR PROVIDING INTERNAL SERVICES TO EXTERNAL ENTERPRISES - In certain embodiments, a system for providing internal services to third party enterprises comprises a memory module operable to store credentials associated with each of a plurality of third party enterprises, an interface module operable to receive a service request associated with a particular third party enterprise, the service request including a token associated with the particular third party enterprise, and a processing module operable to validate the particular third party enterprise, determine a particular internal service offered by an enterprise that is the subject of the service request, the interface module further operable to forward the service request to the particular internal service, receive results corresponding to the service request generated by the particular internal service, and communicate the results corresponding to the service request to the particular third party enterprise, and the memory module further operable to store the results corresponding to the service request. | 2014-12-18 |
20140373122 | Method and Apparatus for Electronic Device Access - A method on an electronic device for a wireless network is described. Unique IDs, detectable by the electronic device, are scanned over a period of time. A unique ID is detected. A plurality of detectable time intervals is determined, within the period of time, for the unique ID. An authentication start time and an authentication end time for the unique ID are determined based on at least three of the plurality of detectable time intervals. Authentication data for the unique ID is stored in a historical database. The authentication data includes the authentication start time and the authentication end time. The electronic device is unlocked based on a lookup of authentication data in the historical database. | 2014-12-18 |
20140373123 | SERVICE PROVIDING METHOD AND ELECTRONIC DEVICE USING THE SAME - A method of providing, by an electronic device, a service to an external device is provided. The method and electronic device includes receiving, from the external device, information about the external device and information about a service requested by the external device, displaying on a screen an object including the information about the external device and the information about the service requested by the external device, receiving an acceptance input of a user for providing the service requested by the external device, and providing the service requested by the external device to the external device based on the acceptance input. | 2014-12-18 |
20140373124 | MULTIPLE-USE WIRELESS NETWORK - In embodiments of the present disclosure improved capabilities are described for a dual-use wireless network where the network may be used concurrently by the general public and by a managing agency (e.g., government or other agencies), but limited as deemed necessary in times of access restriction as determined by the managing agency, where network access may be denied to users/entities whose priority value is lower than the minimum allowed priority value set by the managing agency, or is not one of a set of allowed high priority access values or classes set by the managing agency. | 2014-12-18 |
20140373125 | WEB SECURITY PROTECTION METHOD, DEVICE AND SYSTEM - A method, device and system for network security protection comprise: according to a received scan task, a network security device performs a security bug scan of the scan task appointed web site, and when a scan result is obtained, transmits the scan result to a network application firewall, so that the network application firewall can configure a individuality security strategy for the web site according to the received scan result. The problem that it can not he implemented complete individuality security configuration of the web site can be solved in this way. | 2014-12-18 |
20140373126 | USER AUTHENTICATION IN A CLOUD ENVIRONMENT - Embodiments are directed to authenticating a user to a remote application provisioning service. In one scenario, a client computer system receives authentication credentials from a user at to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications. The client computer system sends the received authentication credentials to an authentication service, which is configured to generate an encrypted token based on the received authentication credentials. The client computer system then receives the generated encrypted token from the authentication service, stores the received encrypted token and the received authentication credentials in a data store, and sends the encrypted token to the remote application provisioning service. The encrypted token indicates to the remote application provisioning service that the user is a valid user. | 2014-12-18 |
20140373127 | METHOD FOR DOMAIN CONTROL VALIDATION - A system and method for domain control validation is presented. At a certificate authority a request is received. The request includes a certificate signing request and a first Internet protocol address. The certificate signing request identifies a domain and a certificate. A second Internet protocol address for the domain is retrieved from a domain name system. When the first Internet protocol address is the same as the second Internet protocol address, the certificate is signed, and the signed certificate is transmitted to a requester of the request. When the first Internet protocol address is not the same as the second Internet protocol address, the certificate signing request is rejected. | 2014-12-18 |
20140373128 | SECURE MECHANISM TO DELIVER MOBILE TRAFFIC MANAGEMENT CONFIGURATION UPON STUB ACTIVATION ON A MOBILE DEVICE OF A GLOBAL SERVICE DISCOVERY SERVER - A system, a network, and a mobile device are disclosed in which the mobile device includes an embedded stub that interacts with a global service discovery server to obtain information about an operating server that handles communications from the mobile device. The stub causes the mobile device to communicate with the global service discovery server when the mobile device initially boots up, when the mobile device resets; or when a SIM card is changed. The global service discovery server identifies information for the mobile device such as the network operator, the country of use, the IMEI number, a device manufacturer, a carrier, a country of use, a mobile country code (MCC) and/or a mobile network code (MNC). Once the operating server is identified the mobile device and request and receive application software from the operating server. | 2014-12-18 |
20140373129 | System and Method for Building Intelligent and Distributed L2 - L7 Unified Threat Management Infrastructure for IPv4 and IPv6 Environments - A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service. | 2014-12-18 |
20140373130 | Integrating Web Protocols With Applications and Services - Techniques for integrating a security protocol in an application include receiving a web protocol request generated by the application at an interceptor, the interceptor configured to read and write the web protocol request; receiving a selection of a role comprising one or more validation aspects and a plurality of extended application components; based on reading the web protocol request, retrieving configuration data associated with the web protocol request; adding the plurality of extended application components using the configuration data; and executing the web protocol in the application using the selected role. | 2014-12-18 |
20140373131 | METHOD FOR CONTROLLING THE ACCESS TO A SPECIFIC TYPE OF SERVICES AND AUTHENTICATION DEVICE FOR CONTROLLING THE ACCESS TO SUCH TYPE OF SERVICES - A method and device for controlling access to a specific type of services among a plurality of type of services proposed by a service supplier. The method includes entering, into an authentication device of the user, a personal identification code specific to the user, the personal identification code being identical for at least two different types of services proposed by the service supplier; and indicating, by said user, said specific type of services for which the access is required, the indication being made in the authentication device. The method further comprises transforming said personal identification code, in a way depending on a cryptographic function specific to said user and to said required specific type of services, the cryptographic function being memorized in the authentication device; transmitting the result of the transformation of said personal identification code to the service supplier; authenticating the user by the service supplier by means of the transmitted result of said transformation, and assigning an access right according to the result of the authentication. The device implements the record. | 2014-12-18 |
20140373132 | GESTURE-BASED AUTHENTICATION WITHOUT RETAINED CREDENTIALING GESTURES - This document describes techniques and apparatuses enabling gesture-based authentication without retained credentialing gestures. The techniques are capable of determining an identifier for a credentialing gesture where the identifier can be reproduced on receiving a similar authentication gesture at a later time. The identifier for the credentialing gesture can be encrypted, sent to a secure authentication entity, and then, when an authentication gesture is received, an identifier for the authentication gesture can also be determined, encrypted, and sent to the secure authentication entity. If the secure authentication entity determines that the encrypted identifiers match, the user is authenticated. | 2014-12-18 |
20140373133 | Method and System to Capture and Find Information and Relationships - A method and system to improve the computer in light of the global information network with numerous computer devices services, and apps, so that a user can capture and find information with high security and usability. The method improves capturing information and the user intentions, while minimizing the work that needs to be done by the user to obtain a benefit from the computer system. The invention includes the following methods for the computer: to simplify account creation for new users; to identify them progressively by requesting just the information necessary to provide a service; to authenticate an identity without a priori preparation of security questions and by requesting a user an effort proportional to the value of the service; and to capture the user intentions of permission of information by progressively and interactively asking who can and must not find it. | 2014-12-18 |
20140373134 | PORTABLE INFORMATION TERMINAL AND PROGRAM - Configuration information of a portable information terminal can only be changed by reliable applications. A ROM area stores a first inter-process communication function unit that partially constitutes a first administrative application having an administrative privilege and is capable of transmitting information to and from other applications, and an authentication application name that partially constitutes the first administrative application and is used to authenticate an application that is a source of transmission of information, and an application name, a shared name, and a signature of a second administrative application having no administrative privilege. A RAM area stores an application name, a shared name, and an ID of an installed application and is managed via an OS. The first inter-process communication function unit authenticates an application, which is the source of transmission of the information, using a shared name corresponding to the ID of the application and the authentication application name. | 2014-12-18 |
20140373135 | AUTHORIZATION LOGIC IN MEMORY CONSTRAINED SECURITY DEVICE - Architecture that utilizes logical combinations (e.g., of Boolean logic) of authorizations as a logical authorization expression that is computed through a proofing process to a single proof value which equates to authorizing access to an intended entity. The authorizations are accumulated and processed incrementally according to an evaluation order defined in the authorization expression. The logical combinations can include Boolean operations that evaluate to a proof value associated with a sum of products expression (e.g., combinations of AND, OR, etc.). The incremental evaluations output corresponding hash values as statistically unique identifiers used in a secure hash algorithm that when evaluated in order allow execution of a specific command to access the entity. The architecture, employed in a trust module, uses minimal internal trust module state, and can be employed as part of a device system that handles trust processing to obtain authorization to access the intended entity. | 2014-12-18 |
20140373136 | PROACTIVE SECURITY SYSTEM FOR DISTRIBUTED COMPUTER NETWORKS - According to some embodiments, a method and apparatus are provided to receive, at a central security manager located on a computer network, first network information from a first network resource associated with a first network perspective and receive, at the central security manager, second network information from a second network resource associated with a first network perspective. The first network information and the second network information are aggregated. A potential attack to the network is determined and a defensive measure is implemented in response to the potential attack to the network. | 2014-12-18 |
20140373137 | MODIFICATION OF APPLICATION STORE OUTPUT - Technologies for electronic communication may include receiving a group of indications. Each indication of an element of digital content may be configured to be downloaded to a client from a digital distribution framework. The technologies may also include evaluating each of the elements of digital content and, based on the evaluations, suppressing a display of one or more of the indications on the client. | 2014-12-18 |
20140373138 | METHOD AND APPARATUS FOR PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACK - An apparatus for preventing a distributed denial of service (DDoS) attack transmits a redirect message containing a redirect URL (Uniform resource Locator) to a client terminal that has transmitted a request for accessing a web server, in place of the web server. The apparatus authenticates the client terminal that re-sends the request for accessing the web server as a normal client terminal, and permits the client terminal to access the web server. | 2014-12-18 |
20140373139 | METHOD AND SYSTEM OF DISTINGUISHING BETWEEN HUMAN AND MACHINE - A method and a system of distinguishing between a human and a machine are disclosed. The method includes: when a request for accessing a designated network service is received, recording information of the request which include a time of receiving the request and information of an access object that sends the request; computing a statistical value of requests sent by the access object in real time based on a record; and determining the access object to be abnormal when the statistical value of the requests sent by the access object falls outside a predetermined normal range. The disclosed system of distinguishing between a human and a machine includes a recording module, a computation module and a determination module. Identification between humans and machines using the disclosed scheme is difficult to be cracked down and can improve an accuracy rate of human-machine identification. | 2014-12-18 |
20140373140 | DATA CENTER REDUNDANCY IN A NETWORK - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for data center redundancy in relation to a computer network. In particular, the present disclosure provides for one or more available redundant data centers, or bunkers, associated with a computer network. In one embodiment, the bunker data centers are configured to absorb traffic intended for an application operating on a data center when the traffic threatens to overwhelm the application. For example, during a distributed denial of service (DDOS) attack, the bunker data centers are configured to absorb some of the traffic from the DDOS attack to prevent the application that is the target of the attack from being overwhelmed. | 2014-12-18 |
20140373141 | REPUTATION-BASED THREAT PROTECTION - Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient. | 2014-12-18 |
20140373142 | SYSTEMS AND METHODS FOR REPORTER-BASED FILTERING OF ELECTRONIC COMMUNICATIONS AND MESSAGES - Methods and apparatuses for filtering electronic communications in a communication system. The method includes receiving a message report from a user in response to an electronic message received by the user, and identifying a confidence value associated with the user from whom the message report is received. The method also includes adding, if the confidence value exceeds a predetermined confidence value threshold, the confidence value to a signature value associated with the electronic message, and determining if the signature value exceeds a signature value threshold. The method further includes filtering the electronic message if the signature value exceeds the signature value threshold. | 2014-12-18 |
20140373143 | METHOD AND SYSTEM FOR DETECTING AND MITIGATING ATTACKS PERFORMED USING CRYPTOGRAPHIC PROTOCOLS - A method and system for detecting and mitigating attacks performed using a cryptographic protocol are provided. The method comprises establishing an encrypted connection with the client using the cryptographic protocol, upon receiving an indication about a potential attack; receiving an inbound traffic from a client, wherein the inbound traffic is originally directed to a protected entity; analyzing application layer attributes of only the inbound traffic received on the encrypted connection to detect at least one encrypted attack; and causing to establish a new encrypted connection between the client and the protected entity, if the at least one encrypted attack at the application layer has not been detected. | 2014-12-18 |
20140373144 | System and method for analyzing unauthorized intrusion into a computer network - The method analyzes unauthorized intrusion into a computer network. Access is allowed through one or more open ports to one or more virtualized decoy operating systems running on a hypervisor operating system hosted on a decoy network device. This may be done by opening a port on one of the virtualized decoy operating systems. A network attack on the virtualized operating system is then intercepted by an introspection module running on the hypervisor operating system. The attack-identifying information is communicated through a private network interface channel and stored on a database server as forensic data. A signature-generation engine uses this forensic data to generate a signature of the attack. An intrusion prevention system then uses the attack signature to identify and prevent subsequent attacks. A web-based visualization interface facilitates configuration of the system and analysis of (and response to) forensic data generated by the introspection module and the signature generation engine, as well as that stored in the processing module's relational databases. | 2014-12-18 |
20140373145 | SIGNED RESPONSE TO AN ABUSIVE EMAIL ACCOUNT OWNER AND PROVIDER SYSTEMS AND METHODS - Systems and methods for abusive email account detection and transmission of a signed response to an abusive email account owner and provider. The methods include receiving an email from a first email account on a second email account, wherein the email contains malicious content, determining if a trust relationship exists between a first email server corresponding to the first email account and a second email server corresponding to the second email account, and transmitting, using a hardware processor of the second email server, an alert email to the first email account corresponding to the trust relationship, wherein the alert email includes a digital signature and a secure field having an abusive category descriptor in an email header. The secure field may include an abusive category descriptor, for example transmitting spam, transmitting malware, transmitting phishing attempts, and committing fraud. | 2014-12-18 |
20140373146 | DOS DETECTION AND MITIGATION IN A LOAD BALANCER - A load balancer that is able to detect and mitigate a Denial of Service (DOS) attack. The load balancer is placed in the flow path of network data packets that are destined for one or more tenant addresses. The load balancer analyzes performance parameters regarding the network data packets that are destined for the one or more tenant addresses and are received at the load balancer. The performance parameters describe network data packet flow to the tenant addresses. The load balancer detects, based on the analysis of the performance parameters, that one or more of the tenant addresses are being subjected to a DOS attack. The load balancer performs a mitigation operation to isolate the one or more tenant addresses being subjected to the DOS attack. | 2014-12-18 |
20140373147 | SCANNING FILES FOR INAPPROPRIATE CONTENT DURING SYNCHRONIZATION - The present invention extends to methods, systems, and computer program products for scanning files for inappropriate content during file synchronization. Embodiments of the invention are mindful of the order of operations when scanning files for inappropriate content and in subsequent file processing. In some embodiments, during synchronization, an intermediary server scans a file for inappropriate content. The file is not permitted to be fully downloaded to a client device until the scan determines that the file does not contain inappropriate content. In other embodiments, during synchronization, a client device scans a newer version of a file for inappropriate content. An older version of the file is not deleted until the scan determines that the newer version of the file does not contain inappropriate content. In further embodiments, server side scanning and client side scanning are both used to enhance capabilities for detecting inappropriate content. | 2014-12-18 |
20140373148 | SYSTEMS AND METHODS FOR TRAFFIC CLASSIFICATION - Systems and methods of classifying network traffic may monitor network traffic. Monitored traffic may be compared with a control protocol template (CPT). When a similarity between the monitored traffic and the CPT exceeds a match threshold, the monitored traffic may be associated with the CPT. | 2014-12-18 |
20140373149 | TIME ZERO DETECTION OF INFECTIOUS MESSAGES - Detecting infectious messages comprises performing an individual characteristic analysis of a message to determine whether the message is suspicious, determining whether a similar message has been noted previously in the event that the message is determined to be suspicious, classifying the message according to its individual characteristics and its similarity to the noted message in the event that a similar message has been noted previously. | 2014-12-18 |
20140373150 | SYSTEMS, METHODS, AND MEDIA FOR DETECTING NETWORK ANOMALIES - Systems, methods, and media for detecting network anomalies are provided. In some embodiments, a training dataset of communication protocol messages having argument strings is received. The content and structure associated with each of the argument strings is determined and a probabilistic model is trained using the determined content and structure of each of the argument strings. A communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network is received. The received communication protocol message is compared to the probabilistic model and then it is determined whether the communication protocol message is anomalous. | 2014-12-18 |