| Entries |
| Document | Title | Date |
|---|
| 20080201764 | METHOD AND SYSTEM FOR CONTROLLING THE SMART ELECTRIC APPLIANCE - The present invention discloses a method for controlling the smart electric appliance by connecting a key device to a smart electric appliance and performing control operations on the smart electric appliance in accordance with the control settings for the key device after positively authenticating the internal device descriptor of the key device. Also, the present invention discloses a system according to the method mentioned above, including a smart electric appliance comprising a USB interface module, an authentication module, an execution module and a general control module, and a key device comprising a smart storage module. By introducing the key device, authenticating the key device before allowance of use of the smart electric appliance, and setting different control operation levels for different users of the smart electric appliance, it becomes very secure to use the smart electric appliance, while it becomes more flexible to use the same. | 08-21-2008 |
| 20080209508 | Digital Pen System - A digital pen system comprising a pen | 08-28-2008 |
| 20080209509 | APPARATUS AND METHOD FOR PROCESSING DIGITAL DOCUMENT AND COMPUTER PROGRAM - A digital document processing apparatus stores a digital document, an application program used for editing the digital document, where the application program runs on an application platform, and a filter program used for restricting a function executed by the application program. The digital document processing apparatus includes a function determination unit configured to determine whether a function executed by the application program is restricted by the filter program, and a function restricting unit configured to restrict the function executed by the application program using the filter program if the function determination unit determines that the function executed by the application program is restricted by the filter program. | 08-28-2008 |
| 20080209510 | Memory Device - A memory device that has a function used to continue or disrupt a supply of electric power used to retain data stored in a recording medium or a supply of operating electric power of a circuit used to read out data stored in a storage medium, using personal identification information is provided. When the recording medium is formed of a volatile memory, this memory device has a power supply used to manage a supply of electric power that is used for retention of the stored data using the personal identification information and to retain or erase stored data by continuation or disruption of a supply of electric power by use of the personal identification information. | 08-28-2008 |
| 20080209511 | AUTHENTICATION METHOD FOR PHARMACEUTICAL PRODUCTS HAVING CODED PACKAGING - A method for authenticating a pharmaceutical product, the pharmaceutical product being associated with packaging having disposed thereon or therein coded data including a number of coded data portions, each coded data portion being indicative of an identity of the pharmaceutical product and at least part of a digital signature of at least part of the identity. The method includes, using a sensing device to sense at least one coded data portion. A processor then determines the identity at least one determined signature part, and uses these to authenticate the pharmaceutical product. The coded data is arranged in accordance with at least one layout having n-fold rotational symmetry, where n is at least two. The layout includes n identical sub-layouts rotated 1/n revolutions apart about a centre of rotation. At least one sub-layout includes rotation-indicating data that distinguishes that sub-layout from each other sub-layout | 08-28-2008 |
| 20080209512 | AUTHENTICATION METHOD FOR PHARMACEUTICAL PRODUCTS HAVING SYMMETRICALLY CODED PACKAGING - A method for authenticating a pharmaceutical product, the pharmaceutical product being associated with packaging having disposed thereon or therein coded data including a number of coded data portions, each coded data portion being indicative of an identity of the pharmaceutical product and at least part of a digital signature of at least part of the identity. The method includes, using a sensing device to sense at least one coded data portion. A processor then determines the identity at least one determined signature part, and uses these to authenticate the pharmaceutical product. The coded data is arranged in accordance with a n-fold rotationally symmetric layout. The layout encodes data comprising a sequence of an integer multiple m of n-symbols. Each encoded symbol is distributed at n-locations about a centre of rotational symmetry such that decoding the symbols produces n-representations of the data each comprising a different cyclic shift of the data. | 08-28-2008 |
| 20080209513 | Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system - A system comprising a switching entity disposed between healthcare data processing resources and non-healthcare data processing resources. The switching entity is capable of operation in a first state in which an end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session. If the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a memory purge at the end user device. Attacks on the healthcare data processing resources, both from the non-healthcare resources directly and via the end user device, are thus prevented. | 08-28-2008 |
| 20080216151 | Electronic data authenticity assurance method and program - The present invention provides an electronic document authenticity assuring method in which a series of procedures concerning redactable signature are divided into procedures dependent on a document to be signed and procedures dependent on a redactable signature method. Further, the present invention provides program codes that realize the divided procedures and a system comprising apparatuses for implementing those program codes. According to the present invention, even when type of electronic document to be signed is changed or added to, it is sufficient to add a procedure dependent on a document to be signed, without changing procedures dependent on redactable signature methods. Similarly, even when a redactable signature method is to be changed or added, it is sufficient to add a procedure dependent on the redactable signature method without changing procedures dependent on document to be signed. | 09-04-2008 |
| 20080216152 | PASSWORD GENERATOR, SYSTEM AND USE THEREOF - A password generator for use with a detector and a verifier in an encapsulated system is provided, as is a system for generating and verifying passwords. The password generator comprises a support, a sensor for detecting a signal from the detector, a data transmitter for transmitting binary data as pulses, a processor that is initialized by the verifier and that controls the data to be sent, a controller for activating the processor and a connector to releasably connect the password generator with the verifier. The system employs a mouse as the detector. | 09-04-2008 |
| 20080222699 | System and Method for Extensible Lobby Services - A server comprising a transceiver configured to support communications from a user terminal and a processor configured to maintain a virtual lobby having one or more variables associated therewith, the processor being further configured to receive from the user terminal one or more variables, and allow the user terminal access to the virtual lobby if each of the one or more variables received from the user terminal match the one or more variables associated with the virtual lobby. | 09-11-2008 |
| 20080235762 | Pressure Map Based Fingerprint Authentication Method and System - A fingerprint system ( | 09-25-2008 |
| 20080235763 | System and method of providing security for a multimedia timeline - Systems and methods of providing security for a multimedia timeline are disclosed. A first set of multimedia items may be provided to a visual display to obtain access to a multimedia timeline. A first selection of at least one of the first set of multimedia items may be received. Access may be provided to the multimedia timeline when the first selection matches a first key. | 09-25-2008 |
| 20080235764 | Resource authorizations dependent on emulation environment isolation policies - A system, method, computer program product, and carrier are described for obtaining a resource authorization dependent upon apparent compliance with a policy of causing an emulation environment to isolate a first software object type from a second software object type and signaling a decision whether to comply with the policy of causing the emulation environment to isolate the first software object type from the second software object type. | 09-25-2008 |
| 20080235765 | INFORMATION PROCESSING APPARATUS, ACCESS CONTROL METHOD, ACCESS CONTROL PROGRAM PRODUCT, RECORDING MEDIUM, AND IMAGE FORMING APPARATUS - A disclosed information processing apparatus to which an application can be added determines whether access to a resource attempted by the application is allowable, based on access control information defining whether the application is given access authority to access the resource. Information regarding the attempted access is saved in a log file in the event that the application attempts to access the resource. | 09-25-2008 |
| 20080235766 | APPARATUS AND METHOD FOR DOCUMENT CERTIFICATION - A method and apparatus for authenticating documents is described. A document from a client is processed to determine if it is authentic and then tags are generated to indicate that a document is authentic or not. The tags can be added to the document before it is sent to a recipient. The document is also stored and made available to the sender, recipient or third party together with a certificate of authenticity. | 09-25-2008 |
| 20080244698 | Authorized Content Verification Method, Content Transmission/Reception System, Transmitter, and Receiver - In a system which attaches update information required to create a content key used for content encryption/decryption to encrypted content and transmits the encrypted content, there is used an authorized content verification method including a verification request step of, by a receiver, transmitting an authorization verification request including update information received from a transmitter, an update information check step of, by the transmitter, checking whether the update information included in the received authorization verification request is predetermined update information, a message-of-acceptance transmission step of creating a message of acceptance using the update information and an exchange key shared between the transmitter and the receiver and transmitting the message of acceptance if the update information matches the predetermined update information, and an authorized content determination step of, by the receiver, determining that content is authorized content on the basis of reception of the message of acceptance. | 10-02-2008 |
| 20080244699 | IDENTIFICATION MEANS AND METHOD FOR THE LOGICAL AND/OR PHYSICAL ACCESS TO A TARGET MEANS - A means for the secure personalized identifying and allowing or prohibiting of a logical and/or physical access to a target means. The means comprises a portable identification means for outputting an authorization signal comprising at least one biometric sensor, at least one output elemental, a processor having a memory and a software as well as a sending- and receiving electronic for the wireless data exchange. The identification medium is configured in such a manner that upon successfully authentifying by an authorized user, an authorization signal is output over the output element. The portable identification medium is arranged at a wristband to be fixed at a user's wrist. The means comprises at least one security means which is configured to interrupt and/or prohibit the outputting of the authorization signal in case the wristband is opened and/or disconnected and/or the removing of the means from the user's wrist. | 10-02-2008 |
| 20080244700 | METHODS AND SYSTEMS FOR GRAPHICAL IMAGE AUTHENTICATION - Systems and methods for providing authentication using an arrangement of dynamic graphical images, which may display a popup element while a pointing device indicator is over a graphical image. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes. | 10-02-2008 |
| 20080244701 | CONFIGURATION SYSTEM AND METHOD - An authentication method includes determining that a unique overt identifier is associated with a product; detecting that a random covert identifier is associated with the product, wherein the covert identifier includes at least one taggant particle, the unique overt identifier is combined with the random covert identifier, and the unique overt identifier is not a function of the random covert identifier; and comparing the unique overt identifier and the random covert identifier respectively to a unique overt number and a random covert number stored in a database. | 10-02-2008 |
| 20080256596 | SYSTEM AND METHOD FOR MARKETING IN A DEVICE DEPENDENT RIGHTS PROTECTION FRAMEWORK - A system and method for marketing in a device dependent rights protection framework where digital property is protected through the binding of at least one unique client device identifier with the digital property in the creation of a protected content file. Decryption at a client device would be based on a comparison of the unique client device identifier that is extracted from the protected content file with a unique client device identifier of the device that is seeking to access the digital property. If such a comparison indicates that access is unauthorized, marketing information is provided based on information extracted from the protected content file. | 10-16-2008 |
| 20080256597 | MEDIA AUTHENTICATION VIA PHYSICAL ATTRIBUTES OF A MEDIUM - An optical disc is authenticated by measuring physical attributes of the disc. A challenge is presented to the drive comprising the disc. The challenge includes locations on the disc to be used for authentication. The locations are determined each time the disc is to be authenticated. No restriction is placed on the locations on the medium, and no restriction is placed on the number of locations. Locations on the disc are accessed and an answer to the challenge is calculated in accordance with a physical attribute pertaining to the locations. The answer can include an angle between the locations, the physical separation between the locations, an amount of time elapsed between detection of the locations, an amount of time taken to read data between written between the locations, or a number of rotations occurring between detection of the locations. The answer is analyzed to determine the validity of the disc. | 10-16-2008 |
| 20080256598 | SYSTEM AND METHOD FOR AUTHENTICATING A POWERED DEVICE ATTACHED TO A POWER SOURCING EQUIPMENT FOR POWER PROVISIONING - A system and method for authenticating a powered device attached to a power sourcing equipment for power provisioning such as power over Ethernet (PoE) enabled device communicating with a PoE enabled switch. Powered devices such as computing devices, security cameras, VoIP phones, wireless access points, or the like, can be detected by a PoE switch upon connection. Power applied to the powered device is restricted until information received from the powered device is authenticated. | 10-16-2008 |
| 20080256599 | APPARATUS AND METHOD FOR PROTECTING SYSTEM IN VIRTUALIZED ENVIRONMENT - Provided is an apparatus and method for protecting a system in a virtualized environment. The apparatus includes a domain unit including a plurality of domains, each having one or more device drivers; a system resource unit forming hardware of the system; a direct memory access (DMA) driver; and a control unit including an access control module which controls the access of the domain unit to the system resource unit in the virtualized environment. | 10-16-2008 |
| 20080256600 | Device, System and Method for Determining Authenticity of an Item - This invention relates to physical uncloneable function (PUF) devices for determining authenticity of an item, systems for determining authenticity of a physical item, and methods for determining authenticity of an item. A PUF pattern of the PUF device is damaged when using the item for the first time. | 10-16-2008 |
| 20080263629 | METHODS AND SYSTEMS FOR COMPLETING, BY A SINGLE-SIGN ON COMPONENT, AN AUTHENTICATION PROCESS IN A FEDERATED ENVIRONMENT TO A RESOURCE NOT SUPPORTING FEDERATION - A system for distributed authentication includes a client machine, in a first domain in a federation, that receives from a user a first set of authentication credentials. The system also includes an intermediate machine in a second domain in the federation, a server, also in the second domain, a password management program executing on the server and a non-federated resource. The intermediate machine authenticates the user responsive to receiving the first set of authentication credentials and identifies a second set of authentication credentials. The server in the second domain authenticates the user, responsive to the second set of authentication credentials. The password management program, executing on the server, retrieves a third set of authentication credentials associated with the user. The non-federated resource authenticates the user, responsive to receiving, from the password management program, the third set of authentication credentials. | 10-23-2008 |
| 20080263630 | Confidential File Protecting Method and Confidential File Protecting Device for Security Measure Application - A confidential file protecting method for a security measure application is provided that can restrain degradation in the performance of a security measure application, and surely protect a confidential file. The confidential file protecting method for a security measure application according to the present invention is characterized by comprising: a first step of communicating between a authentication module for authenticating an application requesting access to the confidential file and a communication module implemented in the security measure application, and authenticating the application as an application permitted to access the confidential file and recording the application as an authenticated application in a management table if the communication module sends back a valid response code; and a second step by said authentication module, of permitting the request to access to said confidential file to access if the access requesting application is an authenticated application that has been recorded in said management table. | 10-23-2008 |
| 20080263631 | USER PROFILE, POLICY, AND PMIP KEY DISTRIBUTION IN A WIRELESS COMMUNICATION NETWORK - An authentication server may be adapted to (a) authenticate an authentication peer seeking to establish communications via a first network access node; (b) retrieve user profile information associated with the authentication peer; and/or (c) send the user profile information to a network gateway node that facilitates communication services for the authentication peer. A PMIP network node may be adapted to (a) provide wireless network connectivity to an authentication peer via a first network access node; (b) provide a PMIP key to both ends of a PMIP tunnel between the first network access node and a PMIP network node used to provide communications to the authentication peer; (c) provide the PMIP key to a first authenticator associated the first network access node; (d) receive a request at the PMIP network node from a requesting entity to reroute communications for the authentication peer; and/or (e) verify whether the requesting entity knows the PMIP key. | 10-23-2008 |
| 20080271115 | Method and System for Authentication of a Low-Resource Prover - A method is presented for enabling authentication of a prover in a Radio Frequency Identification system comprising the prover and a verifier, the method comprising the steps of: the prover sending a prover identifier and a parent identifier to the verifier, the verifier sending a verifier identifier to the prover, the prover calculating a first common secret by means of a prover polynomial, where an unknown in the prover polynomial is substituted by a result calculated using a function of at least the verifier identifier, and the verifier calculating the first common secret by means of a first verifier polynomial, wherein a first unknown in the first verifier polynomial is substituted by the prover identifier and a second unknown in the first verifier polynomial is substituted by the parent identifier, the prover creating a first message by modulating a first core secret with regard to at least the first common secret, aid prover sending the first message to the verifier, and the verifier creating a first candidate for the first core secret by demodulating the first message with the first common secret, whereby the candidate for the first core secret is for use in the authentication. This allows the verifier and prover to independently create a common secret, used for modulating the core secret. Furthermore, no pre-registration of the prover with the verifier is required and calculation using polynomials requires little processing power. A corresponding system, prover and verifier are also presented. | 10-30-2008 |
| 20080271116 | SYSTEM AND METHOD FOR ENROLLING IN A BIOMETRIC SYSTEM - The present invention is a system and method of enrolling potential system users for a biometric system for identity verification. Potential system user information is entered into the system, either by the user or a system operator, and is stored as a partially-enabled user record. The user of a partially-enabled user record fully enables the record by presenting information previously stored in the user record and presenting the remainder of user information necessary to complete record activation. Enrollment data is used to authenticate the system user's identity and authorize related transaction accesses in a biometric system for identity verification. | 10-30-2008 |
| 20080276298 | SECURE TIME/DATE VIRTUALIZATION - A system is provided that includes a processor and a system memory coupled to the processor, the system memory stores at least one application for execution by the processor. The system also includes logic coupled to the processor, the logic providing a secure time reference. The processor selectively accesses the secure time reference to generate a virtual time reference for the at least one application. | 11-06-2008 |
| 20080276299 | WIRELESS TERMINAL APPARATUS AND METHOD OF PROTECTING SYSTEM RESOURCES - A wireless terminal apparatus is provided, which includes a domain unit having a first domain which drives a first application and a second domain, separated from the first domain, which drives a second application; a system resource unit composed of hardware of the wireless terminal apparatus; and a control unit which controls an operation of the domain unit that accesses the system resource unit. | 11-06-2008 |
| 20080282322 | Authentication Medium, Authenticable Substate, Authentication Medium Label, Authentication Medium Transfer Sheet, Authenticable Sheet, and Authenticable Information Recording Medium - The invention relates to an authentication medium capable of eliminating problems with the formation of an authentication portion with and embossed hologram, for instance, difficulty with which fabrication time is cut down, and difficulty with which an authentication pattern is changed due to an increased step counts at the time of embossing mold fabrication. A thin-film layer( | 11-13-2008 |
| 20080289002 | Method and a System for Communication Between a User and a System - The present invention relates to a method of communication ( | 11-20-2008 |
| 20080289003 | Security Between Electronic Components of a Portable Secured Electronic Unit - A portable secured electronic unit includes at least two electronic components, one of which is embodied in the form of a primary electronic component and the second in the form of an interface electronic component, wherein the two electronic components are interconnected by communication elements and at least one electronic component includes security elements for securing the communication thereof the other electronic component. | 11-20-2008 |
| 20080295150 | METHOD FOR IMPROVING APPLICATION PERFORMANCE AND USER DIRECTORY INTEGRITY | 11-27-2008 |
| 20080295151 | METHOD AND SYSTEM FOR ANONYMOUS INFORMATION VERIFICATION | 11-27-2008 |
| 20080295152 | Safety management system | 11-27-2008 |
| 20080301767 | Techniques for Detecting, Analyzing, and Using Visible Authentication Patterns - Improved techniques for making copy detection patterns and using them to detect copying relationships between digital representations. The techniques include techniques for including a message in a copy detection pattern without altering the copy detection patterns entropy and reading the message, techniques for using a copy detection pattern on an analog form to determine whether the analog form is an original analog form without reference to a digital representation of the original of the analog form's copy detection pattern, techniques for increasing the sensitivity of copy detection using copy detection patterns by modifying one of two copy detection patterns that are being compared to take into account alterations resulting from the copying process, techniques for distributing a copy detection pattern across a document, and techniques for using the entropy of a copy detection pattern to locate the copy detection pattern. Also disclosed are applications of copy detection patterns with copying that involves transformations between the digital and analog forms and with digital-to-digital copying. | 12-04-2008 |
| 20080301768 | METHOD FOR ISSUING ATTRIBUTE CERTIFICATE FROM AN LDAP ENTRY - A method and apparatus for issuing an attribute certificate for attributes of a Light Weight Directory Access Protocol (LDAP) entry stored in an LDAP repository. In one embodiment, the method includes receiving a request for an attribute of an LDAP entry. The method further includes, in response to the request, sending a reply that includes an attribute value of the requested attribute and a digital signature to authenticate the attribute value. | 12-04-2008 |
| 20080301769 | LDAP GROUPING FOR DIGITAL SIGNATURE CREATION - A method and apparatus for grouping Light Weight Directory Access Protocol (LDAP) entries for signature generation. In one embodiment, the method includes grouping attributes of one or more repository entries to form a collection of values based on a pre-determined grouping policy. The method further includes generating a digital signature for the collection to authenticate any of the values in the collection. | 12-04-2008 |
| 20080301770 | Identity based virtual machine selector - A method and apparatus for allowing an authenticated user to select and access a virtual machine (VM) over the network. In one embodiment, the method includes maintaining a map to associate a user with a list of VMs. The VM runs a guest operating system for providing a computing environment for the user when loaded onto a physical machine. The method further includes receiving a request identifying the user, and sending a reply indicating locations of the VMs to the physical machine for selection by the user. | 12-04-2008 |
| 20080301771 | ELECTRONIC DEVICE, APPLICATION AUTHENTICATION METHOD, APPLICATION EXECUTION SYSTEM, AND COMPUTER READABLE MEDIUM CONTAINING EXECUTABLE PROGRAM INSTRUCTION - The present invention claims and discloses an electronic device comprising a storage part for storing a license check processing program for checking a license in order to execute a processing function of an application program, license setting information containing location information where the license check processing program is executed within the application program; and an application program execution part for executing the application program by associating the license check processing program with a location preset in the application program based on the license setting information stored in the storage part. The present invention further teaches performing a license check processing by the license check processing program associated with the location, and when the license is not properly authenticated, the program in accordance with the present invention will skip the processing function corresponding to the license check processing program to execute a subsequent processing function. | 12-04-2008 |
| 20080301772 | Authentication system and method, identification information inputting method and apparatus and portable terminal - An authentication system in which unauthorized acquisition of the private information by a third party in the course of authentication of a user by a service provider is rendered difficult. In an authentication system in which a card | 12-04-2008 |
| 20080307494 | Memory device with circuitry for improving accuracy of a time estimate used to authenticate an entity - A memory device with circuitry for improving accuracy of a time estimate used to authenticate an entity is disclosed. In one embodiment, a memory device receives a request to authenticate an entity. Before attempting to authenticate the entity, the memory device determines if a new time stamp is needed. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to authenticate the entity using a time estimate based on the new time stamp. In another embodiment, the memory device comprises a plurality of different time stamp update policies (TUPs) that specify when a new time stamp is needed, and the determination of whether a new time stamp is needed is based on a TUP associated with the entity. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination. | 12-11-2008 |
| 20080307495 | Memory device with circuitry for improving accuracy of a time estimate used in digital rights management (DRM) license validation - A memory device with circuitry for improving accuracy of a time estimate used in digital rights management (DRM) license validation is disclosed. In one embodiment, a memory device receives a request to validate a DRM license stored on the memory device, wherein the DRM license is associated with a time stamp update policy (TUP) that specifies when a new time stamp is needed. Before attempting to validate the DRM license, the memory device determines if a new time stamp is needed based on the TUP associated with the DRM license. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to validate the DRM license using a time estimate based on the new time stamp. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination. | 12-11-2008 |
| 20080307496 | Video receiving apparatus and broadcast receiving apparatus - An video receiving apparatus which reduces waiting time till image is displayed on a monitor include: a plurality of authentication executing units which perform respectively an authentication process to the external devices connected to each of the plurality of input terminals; a terminal selecting unit which selects one of the plurality of input terminals as a video input terminal based on an operation input from outside; an video receiving unit which receives the video information through one of the authentication executing units corresponding to the selected input terminal from the external devices connected through the selected input terminal; and a display control unit which outputs the received video information to a monitor. | 12-11-2008 |
| 20080313703 | Integrating Security by Obscurity with Access Control Lists - Aspects of the subject matter described herein relate to providing and restricting access to content. In aspects, information (e.g., a URL) that identifies content and a user is provided to a user. In conjunction with providing the information to a user, a data structure (e.g., an access control list) is updated to indicate that the user has access to the content. The user may use the information to access the content and/or may send this information to other users. The other users may use the information (e.g., by pasting it into a browser) to access the content and may be added to the data structure so that they may subsequently access the content without the use of the information. Access to the content via using the information may be subsequently revoked. | 12-18-2008 |
| 20080313704 | Electronic Message Authentication - This invention concerns electronic message authentication, such as email messages, to ensure valuable messages are reliably delivered to the recipient, while reducing the delivery of unwanted messages. The invention involves: Receiving an electronic message addressed to a recipient. Rejecting messages sent to unknown recipients, from compromised machines or otherwise found invalid. Testing the messages to valid recipients to determine whether the status of the sender of the message can be categorised as trusted or not-trusted. If the status of the sender cannot be categorised either way, then automatically sending a challenge message, and holding the received message pending receipt of a reply. If an acceptable reply is received, categorising the sender as trusted. And, if the sender is categorised as trusted, delivering the message to the recipient. | 12-18-2008 |
| 20080313705 | Systems And Methods For Added Authentication In Distributed Network Delivered Half-Duplex Communications - In half-duplex communications over a wireless network, a user from a private organisation sends the request for half-duplex communication through a private server controlled by the private organisation. The private server sets up a private account with the wireless carrier and the user communicates via the private account. | 12-18-2008 |
| 20080313706 | Method of Verifying an Object - A method of verifying an object using a computer system which receives a verification request indicative of an identity of the object and at least one signature fragment, the signature being a digital signature of at least part of the identity. The method includes determining the identity, and using this to determine at least one criterion relating to the verification from a database. The verification request is compared to the at least one criterion allowing the object to be verified if the criterion is satisfied. | 12-18-2008 |
| 20080313707 | Token-based system and method for secure authentication to a service provider - A method is provided for authenticating the current user of a device to a service provider. The method comprises (a) capturing an initial set of credentials from the owner of the device; (b) storing the initial set of credentials in a memory provided in the device; (c) storing the owner's secrets corresponding to a plurality of service providers in the memory provided in the device; (d) receiving an authentication request from one of said plurality of service providers; (e) in response to the authentication request, capturing a set of credentials from the current user of the device; and (f) revealing the owner's secrets which correspond to the service provider requesting the authentication if and only if the current user's credentials match the owner's credentials. | 12-18-2008 |
| 20080320554 | SECURE DATA STORAGE AND RETRIEVAL INCORPORATING HUMAN PARTICIPATION - A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves. | 12-25-2008 |
| 20080320555 | RESET-TOLERANT AUTHENTICATION DEVICE - An authentication device comprises a processor having a reset input, a trigger source coupled to the reset input of the processor, and interface circuitry for outputting codes generated by the processor. The trigger source may comprise, for example, a trigger button having an associated switch that when actuated supplies a reset to the reset input. The processor is configured to analyze a given reset applied to the reset input to determine if the reset is an inadvertent reset or a reset generated by the trigger source. The processor generates a code responsive to the reset if the reset is determined to be a reset generated by the trigger source. The code may be supplied to a host device which communicates the code to an authentication server for authentication. | 12-25-2008 |
| 20080320556 | METHOD FOR RECOGNIZING INFORMATION FLOW AND DETECTING INFORMATION LEAKAGE BY ANALYZING USER'S BEHAVIORS - A method for analyzing user's behaviors is provided. API function call patterns occurring when operations on various objects are performed on a computer system are configured with contexts. User's behaviors are recognized as associations between the contexts and systematically expressed. Information flow occurring in the user's behaviors (i.e., associations between the contexts) is tracked. The information flow chain is divided into a source and a destination. When the information flow a confidential object to a leakage point occurs, the information leakage is rapidly detected and blocked. By exactly recognizing behaviors belonging to the corresponding information flow chain, user's behaviors related to the information leakage can be detected. Furthermore, the behavior expression based on the contexts configured with the API function call patterns with respect to the system object can be achieved by naturally connecting the API function call occurring on the system as an abstract behavior. | 12-25-2008 |
| 20080320557 | BATCH VERIFICATION DEVICE, PROGRAM AND BATCH VERIFICATION METHOD - Realization of batch verification having both high security and high efficiency. | 12-25-2008 |
| 20080320558 | CONTENT VIEWING SYSTEM, CONTENT VIEWING APPARATUS, AND VIEWING APPROVAL APPARATUS - Disclosed herein is a content viewing system including a content viewing apparatus, and a viewing approval apparatus used by a viewing approval party to perform an approval process. The content viewing apparatus includes: a viewing approval requesting section that transmits a viewing approval request to the viewing approval apparatus when it has been determined that approval for viewing of a content is necessary; and a content viewing control section that receives, from the viewing approval apparatus, an approval/disapproval response, and, if the approval/disapproval response indicates that the viewing of the content has been approved, enables the viewing of the content. The viewing approval apparatus includes: an output section that outputs information concerning the viewing approval request; an input section that accepts input of the approval/disapproval response; and an approval/disapproval response notification section that notifies the content viewing apparatus of the approval/disapproval response. | 12-25-2008 |
| 20080320559 | Limiting access to publicly exposed object-oriented interfaces via password arguments - Limiting access to publicly exposed object-oriented interfaces is disclosed. A system includes inter-related first objects that share a predetermined password. First object-oriented interfaces define methods supported by the first objects. The first objects publicly expose the first interfaces, which are queryable by the first objects and second objects. Each first interface includes a password argument to limit access to the first objects. The system may also include second object-oriented interfaces that define methods supported by the first objects that publicly expose the second interfaces, which are queryable by the first and the second objects. The second interfaces are required by specification, such as that for the Common Information Model (CIM), and correspond to the first interfaces. The second interfaces lack password arguments to limit access, and the methods defined thereby return “not implemented” messages when invoked. Each second interface is a non-implemented and password-free version of a first interface. | 12-25-2008 |
| 20090007229 | TIME-BASED METHOD FOR AUTHORIZING ACCESS TO RESOURCES - Upon receiving a request for access to a resource, a current clock value is determined. Based on information including the resource, the identity of the user requesting the access, and the current clock value, the system identifies applicable access controls. If the applicable access controls indicate that the user can be granted access to the resource at the current time, the request is granted. Otherwise, the request is denied. | 01-01-2009 |
| 20090007230 | RADIO-TYPE INTERFACE FOR TUNING INTO CONTENT ASSOCIATED WITH PROJECTS - A user can receive content relating to a common topic, such as a project, through a radio-type interface. A frequency or other indicator associated with the project can be selected on a user device. The common topic can be presented to the user, based on the selected frequency and/or an authentication. Presented information can also be provided in a common format requested by the user or as a function of the rendering device. The common format can be facilitated by a conversion component that can change information from a first format to at least a second format. The information can also be presented in more than one format. | 01-01-2009 |
| 20090007231 | Secured systems and methods for tracking and management of logistical processes - A method is provided for providing access to data relating to a plurality of processes associated with a supply chain network. The method may include identifying a user from a plurality of users. The method may also include identifying data from a plurality of data, wherein the identified data includes a subset of the plurality of data. The method may further include providing the user with access to the identified data. Providing the user with access to the identified data may include defining a user profile by establishing at least one permission associated with the identified data. The established permission may allow the user to access the identified data, and the user profile may be based on one of employee characteristics, work assignments, or geographical locations. | 01-01-2009 |
| 20090007232 | Information processing system and information processing apparatus - A disclosed information processing system includes an authentication information acquisition unit that acquires first authentication information and second authentication information different from the first authentication information. An authentication reference information storage unit stores first authentication reference information for authentication of the first authentication information and second authentication reference information for authentication of the second authentication information. A first authentication determination unit determines success or failure of first authentication using the first authentication information and the first authentication reference information. A second authentication determination unit determines success or failure of second authentication using the second authentication information and the second authentication reference information. An authentication information control unit stores the second authentication reference information and the first authentication information in the authentication reference information storage unit so as to correspond to each other when the first and second authentications are successful. | 01-01-2009 |
| 20090007233 | System and methods for defending against root - A method is disclosed for securing sensitive material on a computer system comprising a network of computers from unauthorized access by a root level user of the computer system, the method including the steps of: limiting access to the sensitive material to one or more authorized users; controlling the operation of one or more system functions to prevent unauthorized access to the sensitive material. | 01-01-2009 |
| 20090013379 | METHODS AND APPARATUS FOR VERIFYING ELECTRONIC MAIL - A computer extracts the header information from an electronic mail, including an originality guarantee. The computer generates a header characterization for the header information subject to originality guarantee, and extracts message body information from the electronic mail and generates a body characterization for the message body information as well. The generated characterization set applies the header characterization and the body characterization, combined. The verification information is added to the generated characterization set for applying a signature, and characterization set is linked to electronic mail. | 01-08-2009 |
| 20090019519 | Authentication device and method using electronic certificate files having hierarchical relationship - This authentication device includes: a volatile memory; a non-volatile memory which stores a plurality of electronic certificate files; a unit which refers to the non-volatile memory upon start-up, and which stores a hierarchical relationship between the plurality of electronic certificate files in the volatile memory; a unit for searching for a desired electronic certificate file based upon the hierarchical relationship between the plurality of electronic certificate files in the volatile memory; and an authentication unit which performs authentication using the electronic certificate file which has been found by the search unit. | 01-15-2009 |
| 20090019520 | Systems and Methods for Efficiently Authenticating Multiple Objects Based on Access Patterns - Techniques for efficiently authenticating multiple objects and clustering objects based on access patterns are provided. For example, in an illustrative aspect of the invention, a technique for generating and/or reading authentication information, wherein the authentication information provides evidence that a plurality of objects were one of generated and sent by an entity, comprises using one or more object access patterns indicative of whether at least two of the plurality of objects are accessed within a similar time period to group objects together to reduce an overhead for at least one of generating and reading the authentication information. | 01-15-2009 |
| 20090031397 | USE MANAGEMENT SYSTEM - A use management system includes: a facility equipment which includes a use control unit for executing control of switching the facility equipment between a usable state and a disabled state; a portable storage medium which stores identification information; a portable storage medium reading device which reads the identification information from the portable storage medium; and an information management device which is connected to and communicates with the facility equipment and the portable storage medium reading device. The information management device includes: a use authority information database which is associated with the identification information, and which registers individual information of a person having the portable storage medium and use authority information of the facility equipment; a determination unit which determines existence or nonexistence of a use authority of the facility equipment based on the identification information received from the portable storage medium reading device and the use authority information registered in the use authority information database; and a unit which transmits an instruction signal to make the facility equipment usable to the facility equipment when it is determined in the determination unit that the use authority exists. | 01-29-2009 |
| 20090037978 | SELF-ADAPTIVE MULTIMODAL BIOMETRIC AUTHENTICATION METHOD AND SYSTEM FOR PERFORMANCE THEREOF - A method for authentication of an individual based upon biometric mode and biometric instance data comprising the steps of: storing at least a first biometric data having at least one biometric data mode and at least two biometric data instances capable of identifying an individual associated with the first biometric data; creating an at least second biometric data having the at least one biometric data mode and the at least two biometric data instances capable of identifying a specific individual associated with the second biometric data; determining which of said at least one biometric data mode and said at least two biometric data instances are to be compared; in accordance with predetermined rules; and comparing the at least second biometric data to said at least first biometric data to determine whether the selected biometric data mode and selected biometric data instances of the at least first biometric data corresponds to the selected at least one of biometric data mode and selected at least two biometric data instances of the at least second biometric data. | 02-05-2009 |
| 20090037979 | Method and System for Recovering Authentication in a Network - Described is a system and method for recovering authentication of a mobile unit in a network. The method includes performing an attempt to authenticate a mobile unit based on a first profile; determining, if the attempt is unsuccessful, a number of attempts to authenticate based on the first profile including the attempt; performing, if the number of attempts is less than or equal to a predefined number, a further attempt to authenticate the mobile device based on the first profile; performing, if the number of attempts is greater than the predefined number, a profile roam to a second profile; and performing an additional attempt to authenticate the mobile unit based on the second profile. | 02-05-2009 |
| 20090037980 | DOCUMENT PROCESS SYSTEM, IMAGE FORMATION DEVICE, DOCUMENT PROCESS METHOD AND RECORDING MEDIUM STORING PROGRAM - A document process system, which includes: an authentication section that authenticates an operator of an operation target document; an extraction section that extracts specific information for setting operation restriction information of the document; a setting section that sets the operation restriction information of the document based on authentication information of the operator authenticated by the authentication section and the specific information extracted by the extraction section; and a generation section that generates a protected document to which the operation restriction information is set by the setting section based on the operation target document. | 02-05-2009 |
| 20090037981 | Authentication system, image forming apparatus, and authentication server - An authentication system includes an authentication information input device to which a user inputs authentication information, an authentication server, and at least one image forming apparatus, all connected via a network. The authentication server acquires the authentication information input via the authentication information input device and performs user authentication based on the authentication information. The authentication server includes a transmitter to transmit a result of the user authentication indicating whether or not the user authentication is successful and information of the user identified by the authentication information to at least one of the image forming apparatuses. The image forming apparatus includes a receiver to receive the result of the user authentication and the user information transmitted from the authentication server, and an apparatus controller to switch the image forming apparatus from an unusable state to a usable state according to the result of the user authentication and the user information. | 02-05-2009 |
| 20090055892 | AUTHENTICATION METHOD AND KEY DEVICE - The present invention discloses an authentication method and a key device and relates to the information security field. The authentication method comprises initiating user authentication, generating a dynamic code and then a first verification code on the basis of the dynamic code, and outputting the dynamic code, by a key device; and receiving a second verification code entered by a user via a host, and collating the second verification code with the first verification code, by the key device, and if a match is found, the user access is authorized to the key device; otherwise, the user access is prohibited. The key device comprises a trigger module, a generator module, an output module, a communication module, a collator module, a controller module and a security module. According to the present invention, better security is achieved by reducing the possibility of sensitive information disclosure and misuse in case of password theft for the key device. | 02-26-2009 |
| 20090055893 | METHOD AND SYSTEM FOR IMPLEMENTING A DYNAMIC VERIFICATION VALUE - A method is disclosed, which includes receiving a message including an account identifier and a first verification value. The method uses the account identifier to select a dynamic verification value process from at least two dynamic verification value processes. Then, using the selected dynamic verification value process, a second verification value is determined. Next, the method determines if the first verification value and the second verification value match or are within an expected range. | 02-26-2009 |
| 20090055894 | METHOD AND SYSTEM FOR PROVIDING ONLINE RECORDS - A method for providing a user with the ability to access and collect legal records associated with the user includes assigning a phone number to the user for fax and voice communications from a legal services provider, associating access information with the user for the user to use to access a secure web site, providing the user with a document to provide to the legal services provider exercising rights of the user for access to the legal records, the document requesting the legal services provider to send the legal records to the phone number, receiving a private fax communication comprising a legal record associated with the consumer for which the consumer has requested and given permission to the legal services provider to send, converting the private fax communications into an image file format, storing the legal services record encoded in the image file format, and providing the user with secure access to the web site using the access information and providing on the web site an interface to the legal records of the user for the user to access the legal record. | 02-26-2009 |
| 20090055895 | Method and Apparatus for a Non-Revealing Do-Not-Contact List System - A method and apparatus for a non-revealing do-not-contact list system in which a do-not-contact list of one-way hashed consumer contact information is provided to a set of one or more entities. The set of entities determine whether certain consumers wish to be contacted with the do-not-contact list without discovering actual consumer contact information. | 02-26-2009 |
| 20090064274 | Dual non-volatile memories for a trusted hypervisor - In one embodiment, the present invention includes a method for executing a first code portion of a pre-boot environment from a first non-volatile memory, authenticating a trusted hypervisor in the first non-volatile memory using the first code portion, executing the trusted hypervisor if the trusted hypervisor is authenticated, and authenticating a basic input/output system (BIOS) present in a second non-volatile memory with the trusted hypervisor and transferring control from the trusted hypervisor to the BIOS if the BIOS is authenticated. Other embodiments are described and claimed. | 03-05-2009 |
| 20090064275 | DOCUMENT MANAGEMENT SYSTEM, MANAGEMENT DEVICE, RECORDING MEDIUM STORING DOCUMENT MANAGEMENT PROGRAM, DOCUMENT MANAGEMENT METHOD AND DATA SIGNAL - A document management system, which includes a management section that manages identification information corresponding to a component included in a document; a setting section that sets the identification information managed by the management section to the component included in the document; and a history management section that manages history information of the component corresponding to the identification information that is set to the component by the setting section. | 03-05-2009 |
| 20090064276 | Analytical Instrument with Automatic Lockout against Unauthorized Use - An analytical instrument includes a contactless memory reader, such as an RF-ID reader. Each person authorized to use the instrument carries a contactless memory, such as an RF-ID tag in an identification (ID) badge. The instrument scans for a contactless memory containing information identifying an authorized user prior to performing an analysis or prior to operating in a predetermined mode, thus preventing unauthorized persons from operating the instrument or from operating the instrument in an unauthorized mode. | 03-05-2009 |
| 20090064277 | INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - A method for controlling an information processing apparatus includes storing identification information to identify a type of authentication information which is necessary to use each of a plurality of files stored in a memory unit from among a plurality of types of authentication information, and causing a display unit to display the plurality of files stored in the memory unit and the stored identification information in association with each other. | 03-05-2009 |
| 20090064278 | Techniques for Entry of Less than perfect passwords - A technique of allowing entry of the password which is not 100% correct. This password would be used to verify identity and/or login information in low security techniques. The password is scored relative to the correct password. The scoring can take into effect least mean squares differences, and other information such as letter groups, thereby detecting missed characters or extra characters, as well as shift on the keyboard. | 03-05-2009 |
| 20090070855 | INFORMATION PROCESSING APPARATUS, AUTHENTICATION CONTROL METHOD, AND AUTHENTICATION CONTROL PROGRAM - An information processing apparatus includes a user information managing part that manages registered user information, an authentication part that performs user authentication using the registered user information managed by the user information managing part, an external authentication part that controls an external computer to perform authentication on user information input via an input interface and acquires authenticated user information from the computer when the input user information is successfully authenticated by the computer, and a registration part that registers the authenticated user information acquired by the external authentication part in the user information managing part as the registered user information. | 03-12-2009 |
| 20090070856 | Image forming apparatus and utilization limiting method - An image forming apparatus and a utilization limiting method enable flexible limitation of utilization of resources. The image forming apparatus includes a utilization condition managing unit for managing utilization condition information including a utilization condition for a resource; a resource utilization unit for enabling the resource to be utilized based on the utilization condition included in the utilization condition information in response to a user request; a privilege information managing unit for managing privilege information that defines the presence or absence of privilege of the user to the resource; and a determination unit for determining whether utilization of the resource should be granted based on the privilege information. The determination unit grants utilization of the resource based on the utilization condition information when the user has no privilege to the resource. | 03-12-2009 |
| 20090077628 | HUMAN PERFORMANCE IN HUMAN INTERACTIVE PROOFS USING PARTIAL CREDIT - A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs a partial credit algorithm in order to allow a user to make one or more mistakes during consecutive HIP challenges and still be identified as a human. The algorithm assigns a user partial credit based upon getting part of the challenge incorrect. The partial credit is tracked and if during one or more consecutive subsequent challenges the same user gets a portion of the challenge incorrect again, they can still be identified as human. | 03-19-2009 |
| 20090077629 | INTEREST ALIGNED MANUAL IMAGE CATEGORIZATION FOR HUMAN INTERACTIVE PROOFS - A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs images from a large private database of manually categorized images to display as part of a Turing test challenge. The private database contains a sufficient quantity of images, such that the more economical manner to pass the HIP is to employ a human to take the challenge. The owner of the private database makes the database available to the presenter of the HIP due to an alignment of interests between both parties. The HIP is displayed with ads on behalf of the owner of the private database and the presenter of the HIP gains access to a large quantity of private manually categorized images. | 03-19-2009 |
| 20090077630 | AUTHENTICATION DEVICE AND AUTHENTICATION CONTROL METHOD - An authentication device and method of a semiconductor chip which sends and receives authentication information, performs a login process for permitting an input to the semiconductor chip and an output from the semiconductor chip, controls acquisition of the authentication information and controls installation or uninstallation of a loadable program, assignment of a session to the loadable program unit, and use of the loadable program unit based on the session. | 03-19-2009 |
| 20090083832 | Modal and linear techniques for access control logic - Access control logic may use logical constructs such as “says” and “speaks for”, and may be translated to modal logic. The modal logic may be used to determine the truth or falsehood of formulas in access control logic, which may be used in access control decisions. The modal logic may be S | 03-26-2009 |
| 20090083833 | AUTHENTICATION WITH PHYSICAL UNCLONABLE FUNCTIONS - Physical Unclonable Functions (PUFs) for authentication can be implemented in a variety of electronic devices including FPGAs, RFIDs, and ASICs. In some implementations, challenge-response pairs corresponding to individual PUFs can be enrolled and used to determine authentication data, which may be managed in a database. Later when a target object with a PUF is intended to be authenticated a set (or subset) of challenges are applied to each PUF device to authenticate it and thus distinguish it from others. In some examples, authentication is achieved without requiring complex cryptography circuitry implemented on the device. Furthermore, an authentication station does not necessarily have to be in communication with an authority holding the authentication data when a particular device is to be authenticated. | 03-26-2009 |
| 20090083834 | ACCESSORY AUTHENTICATION FOR ELECTRONIC DEVICES - Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another. One aspect pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect pertains to provisioning software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices can, for example, be provisioned differently depending on different degrees or levels of authentication, or depending on manufacturer or product basis. Still another aspect pertains to using an accessory (or adapter) to convert a peripheral device (e.g., USB device) into a host device (e.g., USB host). The improved techniques are particularly well suited for electronic devices, such as media devices, that can receive accessory devices. One example of a media device is a media player, such as a hand-held media player (e.g., music player), that can present (e.g., play) media items (or media assets). | 03-26-2009 |
| 20090089858 | METHOD OF MANUFACTURING AN ELECTRONIC KEY WITH USB CONNECTOR - A method of manufacturing an electronic key with USB connector comprises the making of a key body | 04-02-2009 |
| 20090094676 | METHOD FOR REDUCING THE TIME TO DIAGNOSE THE CAUSE OF UNEXPECTED CHANGES TO SYSTEM FILES - A method for monitoring access to a file within a file system includes steps or acts of: monitoring a plurality of requests for access to files; intercepting the requests; and analyzing metadata located in the file. If the metadata includes a directive entry, the method includes these additional steps: identifying information about any application requesting access to the file, including a sequence of function calls that preceded the file access request; and logging the information to generate an action trail of the application. A mechanism for monitoring file access includes the following: a file system configured for monitoring accesses to any file residing within it; an access control mechanism which can execute pre-defined actions when an unauthorized file access occurs; and a tool to specify the list of files to be monitored. | 04-09-2009 |
| 20090094677 | METHOD FOR EVALUATING AND ACCESSING A NETWORK ADDRESS - The invention relates to a method for evaluating or accessing a network address, comprising the steps of: receiving a network address ( | 04-09-2009 |
| 20090094678 | Mulimode device - A mode indexing table is used for listing the available modes in a multimode device. From information in the mode indexing table, a host recognizes the modes as listed in the table. The host has a mandatory initialization mode using a known technique, such that the device can enter into an initialization mode directly or via a boot function. During initialization, the host receives the remaining part of the table from the multi-mode device and recognizes the functionality of each of the listed modes in the table. Among the available modes, some modes are allowed to access data of other modes according to the level of access. The multimode device has some commands that can be used for direct mode switching. | 04-09-2009 |
| 20090100500 | Scalable distributed web-based authentication - Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol. | 04-16-2009 |
| 20090100501 | Content Providing System, Content Providing Method, and Optical Disk - A terminal transmits disk identification information and user information to a content delivery server for purchase of initial content in the case where the content to be stored in an optical disk is provided to a user. The user information and the content delivered by the content delivery server are written on the optical disk. The optical disk storing the initial content is set in the terminal for purchase of additional content. The terminal transmits, to the content delivery server, disk identification information, the user information and content information. The content delivery server determines whether or not the purchase of the additional content is authorized. When the content delivery server determines that the purchase of the additional content is authorized, the content delivery server delivers the additional content to the terminal. The terminal writes the additional content on the optical disk. It is therefore possible to prevent content from being copied and obtained in an unauthorized manner and provide content based on preferences and characteristics of the user. | 04-16-2009 |
| 20090100502 | PROTECTING AGAINST COUNTERFEIT ELECTRONIC DEVICES - An embodiment of the invention includes a method of authenticating a second device connected to a first device. The method includes transmitting a first data string from the first device to the second device and receiving a second data string at the first device from the second device. The method also includes generating a third data string using an alteration key at the first device and comparing the third data string and either the first data string or the second data string. The method further includes authenticating the second device if the compared data strings match. | 04-16-2009 |
| 20090106820 | SYSTEM AND METHOD FOR USER AUTHENTICATION BASED ON ODOR RECOGNITION - A system for a user authentication includes an odor sensor unit for sensing an odor of a user's body to generate an odor biometric information vector, and a learning unit for performing an initial learning using the odor biometric information vector to generate a comparative odor biometric information vector. An authentication unit performs the user authentication by comparing an odor biometric information vector of the user's body to be authenticated from the odor sensor unit with the comparative biometric information vector if the user authentication is required. The authentication unit further performs an incremental learning of the comparative odor biometric information vector using the odor biometric information vector used in the authentication to create an incrementally learned odor biometric information vector. The comparative odor biometric information vector is updated with the incrementally learned odor biometric information vector. | 04-23-2009 |
| 20090119748 | System management mode isolation in firmware - A system, method, and computer-readable medium with instructions for capturing a system management interrupt instruction by trusted system management mode code running in a system. The system management interrupt instruction is dispatched to other system management mode code, which may be untrusted. In response to an attempt to access a protected resource of the system by the other system management mode code, a determination is made whether the second system management mode code is authorized to access the protected resource. If the second system management mode code is not authorized to access the protected resource, access to the protected resource by the other system management mode code is prevented. Other embodiments are described and claimed. | 05-07-2009 |
| 20090125979 | COMMUNICATION SYSTEM, AUTHENTICATION METHOD, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND BATTERY - An authenticating system according to the present invention has a characteristic structure of which an authenticating section | 05-14-2009 |
| 20090133099 | METHODS AND SYSTEMS FOR TRANSPARENT SOFTWARE LICENSE SUSPENSION - Methods and systems for license sharing in a computing system that include receiving a request for a license being currently used by a process in execution, pausing the execution of the process, and releasing the license to a shared pool. | 05-21-2009 |
| 20090144804 | METHOD AND APPARATUS TO SUPPORT PRIVILEGES AT MULTIPLE LEVELS OF AUTHENTICATION USING A CONSTRAINING ACL - Embodiments of the present invention provide systems and techniques for creating, updating, and using an ACL (access control list). A database system may include a constraining ACL which represents a global security policy that is to be applied to all applications that interact with the database. By ensuring that all ACLs inherit from the constraining ACL, the database system can ensure that the global security policy is applied to all applications that interact with the database. During operation, the system may receive a request to create or update an ACL. Before creating or updating the ACL, the system may modify the ACL to ensure that it inherits from the constraining ACL. In an embodiment, the system grants a privilege to a user only if both the ACL and the constraining ACL grant the privilege. | 06-04-2009 |
| 20090144805 | INFORMATION TRANSFER APPARATUS AND CONTROL METHOD THEREOF - According to one embodiment, when a power source of an information transfer apparatus is turned off, information indicating termination of authentication with an AV apparatus externally connected is stored and whether or not the AV apparatus is set in a disconnected state in a power-off period is detected. Then, in a case where it is detected that the AV apparatus is not set in the disconnected state in the power-off period when the power source is turned on, a digital signal is transferred with respect to the AV apparatus based on the stored information indicating termination of authentication. | 06-04-2009 |
| 20090150974 | DIGITAL CABLE SYSTEM AND METHOD FOR PROTECTION OF SECURE MICRO PROGRAM - Provided is a digital cable system and method for protecting a secure micro (SM) client, and more particularly, a digital cable system and method for protecting an SM program that can improve the security of an SM program through authentication of a host and integrity verification of the SM program. A method of protecting an SM program includes: receiving host authentication information associated with a host from a trusted authority; verifying validity of the secure micro program based on the host authentication information; and sending, to an authentication proxy, a HostStateInformation message that includes host state information associated with validity verification information of the SM program. | 06-11-2009 |
| 20090158388 | Ethernet Connectivity Fault Management With User Verification Option - An access node (e.g., DSLAM, OLT/ONT) is described herein that implements a trust verification method comprising the steps of: (a) filtering an up-stream message initiated by a non-trusted device (e.g., CPE); (b) intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message (e.g., LB message, LBR message, CC message); (c) inserting a trusted identification into the intercepted up-stream message; and (d) outputting the intercepted up-stream message with the inserted trusted identification. Thereafter, a trusted device (e.g., BRAS) receives and analyzes the outputted up-stream message with the inserted trusted identification message to ascertain a trustworthiness of the non-trusted device (e.g., CPE). Several different ways that an access network (e.g., IPTV network) can implement the trust verification method are also described herein. | 06-18-2009 |
| 20090158389 | COMPUTER METHOD AND APPARATUS FOR AUTHENTICATING UNATTENDED MACHINES - An unattended computer-based machine is authenticated by the present invention method, system or apparatus. The subject machine may be an auto-restarted machine or similar machine configured to be unattended. Upon receipt of initializing input from a user at a subject computer-based machine, a working process authenticates the user and generates resulting credentials. The working process stores the generated credentials in a memory area of the subject machine. Separate from and independent of the working process is a security monitor of the present invention. A monitoring module of the present invention monitors user activity on the subject machine and upon detecting suspect activity destroys the stored credentials of the working process. Suspect activity includes any activity raising a suspicion of compromise. | 06-18-2009 |
| 20090158390 | METHOD, SYSTEM AND APPARATUS FOR AUTHENTICATION - An authentication method disclosed herein includes a requester sending an authentication request to an authenticator, the authenticator returning a response message which carries a source MAC address and a destination MAC address, the requester comparing the source MAC address between at least two authenticators and selecting an authenticator as a specified authenticator according to the set address selection rule to perform authentication with the requester. Further, the present disclosure discloses an authentication system. The present disclosure supports 802.1x authentication in a scenario with one requester and multiple authenticators. The disclosure also discloses a requester and an authenticator. | 06-18-2009 |
| 20090158391 | Method and Apparatus for Handling Files Containing Confidential or Sensitive Information - A method, apparatus, and computer instructions for managing files in a data processing system. An attribute for a file is specified as having a special designation. The file with the attribute having the special designation is processed, by the operating system, in a different manner from other files when performing operations, such as, for example, copying the file to a removable media, printing the file, or sending the file over a network. | 06-18-2009 |
| 20090165085 | VECTOR GENERATION DEVICE, VECTOR GENERATING METHOD, AND INTEGRATED CIRCUIT - An object of the invention is to provide a vector generation apparatus, a vector generation method, and an integrated circuit for generating data (vector) as a basis for authentication processing such as biometric authentication while protecting information that can be authenticated at high speed using the resources of a server and should be handled as secrete information typified by a biometric template against secondary use. | 06-25-2009 |
| 20090165086 | RANDOM NUMBER GENERATION THROUGH USE OF MEMORY CELL ACTIVITY - Systems and/or methods that facilitate security of data are presented. A random number generation component generates random numbers based in part on electron activity in a select memory cell(s) to facilitate data security. Sensor components that are highly sensitive can be employed to sense activity of the select memory cell(s) and/or reference memory cell in a noise margin associated with respective memory cells in the memory component. The activity of the select memory cell is compared to the reference memory cell(s) to facilitate generating binary data. The binary data is provided to the random number generation component where the binary data is evaluated to determine whether a predetermined level of entropy exists in the binary data. The binary data, or a portion thereof, can be processed to generate random numbers that are utilized in cryptographic processes and/or as a physical signature to facilitate data security. | 06-25-2009 |
| 20090165087 | Media registration and validation service to protect against unauthorized media sharing - A Media Registration and Validation Service (“MRVS”) facilitates protection against unauthorized media sharing. In the media registration function, the MRVS receives, registers and stores one or more samples of media content defining source content. In the media evaluation function, the MRVS receives samples of media content (“examination content”) submitted for examination relative to the source content. The MRVS searches the database to determine instances of source content corresponding to the examination content, yielding corresponding content; and produces a report including indicia of the corresponding content. Protection against media sharing is thereby accomplished in one aspect by providing notice of registered source content to one or more prospective disclosers of corresponding content (including, without limitation, the submitters of examination content); and in another aspect, the prospective disclosers can rely on the notice to decide whether or not to disseminate their corresponding content. | 06-25-2009 |
| 20090172775 | MOBILE ANTI-PHISHING - A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated. | 07-02-2009 |
| 20090172776 | Method and System for Establishing and Managing Trust Metrics for Service Providers in a Federated Service Provider Network - A system for issuing, validating, and managing trust between two or more entities authenticated to operate in a federated network includes one or more servers for issuing trust certificates based on one or more trust metrics, and one or more servers for validating issued trust certificates. Entities operating through a communications interface may be issued trust certificates pursuant to evaluation relative to certain trust metrics, the certificates accompanying communications between entities the certificates subject to validation at communication end points of interaction. | 07-02-2009 |
| 20090172777 | SYSTEM AND METHOD FOR TRACKING DOCUMENTS - Systems and methods for tracking documents are described. In certain examples, systems and methods for authenticating and tracking physical documents through a multiple party work flow across a geographically dispersed area using digital pens and RFID tags are described. | 07-02-2009 |
| 20090172778 | Rule-based security system and method - A rule-based security system and method that uses an environmental access control software program (EAC) loaded into the working memory of an electronic device to prevent unauthorized usage of selected hardware components, the operating software program or data files stored on the electronic device. The EAC includes a filter driver, a rules database, an environmental detection engine, a rules application engine, key generator, and a rules menu interface generator. During setup, the rules menu interface generator creates a menu that allows the administrator to select one or more environmental rules that are linked or coupled to various environmental factors on or connected to the electronic device. Some or all of these factors are assigned to a key share value. When accessed to a protected resource is requested, the environmental rule for the resource is determined and the key shares values associated with the resources recite in the environmental rule are combined to create a master access key or a temporarily access key that is compared to a stored master access key so that access to the resource is provided. | 07-02-2009 |
| 20090178113 | APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING PORTABLE COMMUNICATION IDENTITY SERVICES - Apparatus, methods, and computer program products for providing portable communication identity services are provided. A request is received to access a portable communication identity from a communications device. User information is received that is input by a user of the communications device, and the user information is authenticated. Capabilities of the communications device are accessed, and the portable communication identity is transmitted in accordance with the capabilities of the communications device. | 07-09-2009 |
| 20090178114 | EDUCATIONAL LOG-ON METHOD - An example method of accessing a computer includes receiving identification information from a user and receiving an answer to an educational query. The educational query is based on the identification information. The method limits access to a computer based on the answer, the time spend answering queries, or both. | 07-09-2009 |
| 20090178115 | Receiving an access key - In an embodiment, a secure module is provided that provides access keys to an unsecured system. In an embodiment, the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment, the access keys are sent to the unsecured system after receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. Each of these embodiments may be used separately. | 07-09-2009 |
| 20090183229 | License Authentication Device and License Authentication Method - A user-specific information is generated from unique information of an external device. A determination is made as to whether an entered license key has been generated based on the user-specific information. As a result of the determination, if the license key has been generated based on the user-specific information, the entered license key is authenticated as a correct license key. | 07-16-2009 |
| 20090183230 | SYSTEMS AND METHODS FOR SERVER AIDED PROCESSING OF A SIGNED RECEIPT - A method for processing security communication protocol compliant signed receipts at a mobile communication device linked to a host system is provided. The host system receives an email message linked to a digital signature, and a signed receipt. The host system redirects the signed receipt to the mobile communication device. The host system determines if the email message is available at the mobile communication device, and if not, the host system retrieves the email message and redirects the email message to the mobile communication device. The mobile communication device can then verify the signed receipt based on the email message. Optionally, rather than the email message, the host system retrieves and/or recalculates data elements associated with the email message and required to verify the signed receipt, and redirects these data elements to the mobile communication device. A related system is provided, as well as server computer program for the host system, and device computer program for the mobile communication device. | 07-16-2009 |
| 20090183231 | USER TERMINAL WITH SECURITY FUNCTION AND SECURITY-CONTROL METHOD - A user terminal apparatus with a security function and a security-control method are provided, which may prevent unauthorized use of the user terminal apparatus without requiring a user to lock up the user terminal apparatus. The user terminal apparatus includes an input sensing unit which senses a user's input to the user terminal apparatus, an information collecting unit which collects information regarding an input state, which is determined based on the user's input, and a transition of the determined state, and a security-control unit which determines whether the user is valid based on the collected information and controls a security function. | 07-16-2009 |
| 20090193499 | METHOD FOR APPLICATION-TO-APPLICATION AUTHENTICATION VIA DELEGATION - Apparatus, methods, and computer program products are disclosed that present a delegated-right to a delegation system by a service-application provisioned with the delegation system. The delegated-right enables the service-application to perform an operation/access on behalf of a delegator-user. The method then attempts to perform the operation/access. | 07-30-2009 |
| 20090193500 | NEAR FIELD COMMUNICATION ACTIVATION AND AUTHORIZATION - A method of activation and authorization of a near field communication (NFC) enabled device comprising: receiving login information from an NFC enabled device; sending packet data via a network in response to receiving the login information from the NFC enabled device; and receiving corresponding data from the NFC enabled device in response to the sending of the packet data, the sending of the packet data and the receiving of the corresponding code facilitates the activation and authorization of the NFC enabled device, and the subsequent activation of the NFC device via a NFC link without further authorization of the NFC enabled device, is described herein. | 07-30-2009 |
| 20090199269 | ACCESS PROVISIONING VIA COMMUNICATION APPLICATIONS - Described herein is technology for, among other things, provisioning access to shared resources. It involves various techniques for creating accounts for recipients of communications with shared resources. Further, the resources may available by an easy to find permanent location (e.g., URL). Such a provisioning process facilitates the growth of the network as recipients are given fully featured accounts. Therefore, the technology avoids the sign up process that users would otherwise have to go through in order to access the shared resource. | 08-06-2009 |
| 20090199270 | IMAGE FORMING APPARATUS, IMAGE FORMING METHOD, AND STORAGE MEDIUM - A disclosed image forming apparatus includes an authentication information unit including login information of a user and an authentication key; an authentication key providing unit including the authentication key; functional units; and a functional-unit authentication unit including authentication information of the functional units and a first verification unit configured to determine whether the functional units are authenticated. Each of the functional units includes an authentication key obtaining unit for obtaining the authentication key from the authentication key providing unit if the first verification unit determines that the functional unit is authenticated. The authentication information unit further includes a second verification unit for determining whether the authentication key obtained by the authentication key obtaining unit matches the authentication key in the authentication information unit, and a login information providing unit for providing the login information to the functional unit if the second verification unit determines that the authentication keys match. | 08-06-2009 |
| 20090210924 | METHOD AND APPARATUS FOR ADAPTING A CHALLENGE FOR SYSTEM ACCESS - A method and apparatus for accessing a device via an adaptive challenge is provided herein. During operation, the challenging device will determine a user's context. The challenge used to access the system ( | 08-20-2009 |
| 20090210925 | Authentication control apparatus and authentication control method - An authentication control apparatus is disclosed that includes plural authentication units that perform authentication for an operator with different authentication methods; a corresponding information management unit that manages corresponding information between the mode of an authentication request and the authentication unit to be used; and an authentication control unit that determines the authentication unit corresponding to the mode of the authentication request based on the corresponding information in response to the authentication request from the operator and causes the determined authentication unit to execute the authentication for the operator. | 08-20-2009 |
| 20090217348 | Methods and Apparatus for Wireless Device Registration - Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network. In some embodiments, the subscription server may be further configured for downloading subscription credentials to subscribing wireless devices. | 08-27-2009 |
| 20090217349 | IMAGE FORMING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM STORING INFORMATION PROCESSING PROGRAM - An image forming apparatus having plural program runtime environments in which a program can be added to at least one of the plural program runtime environments is disclosed. The image forming apparatus includes a storage unit in which usage acceptance information showing whether a resource of the image forming apparatus can be used by the program is stored in each of the program runtime environments, and a determining unit which determines whether the resource of the image forming apparatus can be used by the program to be executed in one of the plural program runtime environments based on the usage acceptance information. | 08-27-2009 |
| 20090222886 | UNIT USING OS AND IMAGE FORMING APPARATUS USING THE SAME - A chip mountable on a customer replaceable unit monitoring memory (CRUM) unit used in an image forming job includes a central processing unit (CPU) with its own operating system (OS), which operates separately from an OS of the image forming apparatus, to perform authentication communication with a main body of the image forming apparatus using the OS of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented. | 09-03-2009 |
| 20090222887 | SYSTEM AND METHOD FOR ENABLING DIGITAL SIGNATURES IN E-MAIL COMMUNICATIONS USING SHARED DIGITAL CERTIFICATES - A system and method for digitally signing an email communication using a shared digital certificate. The system includes a means for selecting a digital certificate and a matching private key, a header-field editor for populating a sender-field of the digital message with an address associated with the authentication means, and a means for digitally signing the digital message with the private key matching the digital certificate. | 09-03-2009 |
| 20090235326 | SYSTEM AND METHOD FOR UPDATING USER IDENTIFIERS (IDs) - Provided are a system and method for updating a user identifier (ID). The user ID updating method includes: (a) collecting unauthorized access attempt information for a user ID; (b) creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information collected in operation (a); (c) storing the user ID update policy created in operation (b); (d) loading the user ID update policy stored in operation (c) and determining whether or not to update the user ID; and (e) creating a new user ID if it is determined in operation (d) that the user ID should be updated, and changing the user ID to the new user ID. Therefore, it is possible to ensure security for user IDs, by dynamically creating and updating user IDs according to security environments. | 09-17-2009 |
| 20090235327 | SELECTABLE CAPTCHAS - A system for displaying a set of selectable CAPTCHAs produces a first set of CAPTCHAs whose images are based at least partially on an alphanumeric sequence, where a respective CAPTCHA in the first set is associated with a CAPTCHA property. The system also produces a second set of CAPTCHAs whose images are based at least partially on an alphanumeric sequence, where a respective CAPTCHA in the second set is not associated with a CAPTCHA property. Next, the system displays the first and second sets of CAPTCHAs. Finally, the system makes respective CAPTCHAs in the first and second sets of CAPTCHAs selectable, thereby allowing a user to pass a CAPTCHA challenge by distinguishing the first set of CAPTCHAs from the second set of CAPTCHAs without typing the words associated with the images. | 09-17-2009 |
| 20090249442 | ENABLING SELECTED COMMAND ACCESS - A method, medium and implementing processing system are provided for enabling access to specific privileged commands that are required to successfully execute tasks within an application only to individuals assigned a predetermined role to perform such tasks. In one example, the system administrator defines roles that contain the authorizations needed in order to provide the granularity of security that the users' company has defined. Once the system administrator defines the roles and assigns them to the users, then each user will have the authorizations needed in order to authenticate with the console and perform the system management tasks that they have been assigned. Thus, a web console consisting of a collection of web applications is enabled with the functionality to restrict access to privileged commands necessary to perform selected system management tasks. | 10-01-2009 |
| 20090249443 | METHOD FOR MONITORING THE UNAUTHORIZED USE OF A DEVICE - The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device. | 10-01-2009 |
| 20090254973 | SYSTEM AND METHOD FOR SOURCE IP ANTI-SPOOFING SECURITY - A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. | 10-08-2009 |
| 20090260057 | Method for distributing a list of certificate revocations in a vanet - In a vehicle-to-vehicle wireless communication system utilizing certificates to verify trustworthiness of received communications, a method for distributing a list of certificate revocations to vehicles in the communication system. At least one main station transmits a list of certificate revocations to at least one vehicle and the vehicle thereafter transmits the list of certificate revocations to other vehicles in the communication network. Each of the other vehicles in the communication network updates its list of certificate revocations in response to the receipt of the list of certificate revocations from another vehicle in the system. The other vehicles thereafter transmit their updated list of certificate revocations to other vehicles in the system. | 10-15-2009 |
| 20090260058 | Validity checking system, validity checking method, information processing card, checking device, and authentication apparatus - OBJECTIVE A user is prevented from inadvertently inputting authentication information to an unauthorized authentication system. In this manner, authentication information leakage is certainly avoided. | 10-15-2009 |
| 20090265758 | ATTACH DETECTION WITH COATING PUF - The present invention relates to a method of authenticating a physical token ( | 10-22-2009 |
| 20090265759 | INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING SAME, AND STORAGE MEDIUM - An information processing apparatus which is capable of ensuring mutual security in cases where security information is displayed in a state in which an image displayed on a display is open to the outside. A display displays an operation screen of the apparatus. An input section receives an operation instruction to the apparatus, and a network interface receives an operation instruction to the apparatus from an external device. A control section determines whether an instruction for displaying an operation screen containing security information is received from the input section or via the network interface. When determining that the instruction is received via the network interface, the control unit cause screen data for displaying the operation screen to be transmitted to the external device, and the operation screen containing the security information to be prevented from being displayed on the display. | 10-22-2009 |
| 20090271844 | SAFE AND EFFICIENT ACCESS CONTROL MECHANISMS FOR COMPUTING ENVIRONMENTS - Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System). | 10-29-2009 |
| 20090276829 | SYSTEM FOR COPYING PROTECTED DATA FROM ONE SECURED STORAGE DEVICE TO ANOTHER VIA A THIRD PARTY - A third party is configured to establish a virtual secure channel between a source SSD and a destination SSD via which the third party reads protected digital data from the source SSD and writes the protected digital data into the destination SSD after determining that each party satisfies eligibility prerequisites. An SSD is configured to operate as a source SSD, from which protected data can be copied to a destination SSD, and also as a destination SSD, to which protected data of a source SSD can be copied. | 11-05-2009 |
| 20090282461 | METHOD OF AND SYSTEM FOR CONTROLLING ACCESS TO AN AUTOMATED MEDIA LIBRARY - A method of controlling access to an automated media library receives a request for access to the library from an individual having an identity. Access may include importing media to the library, exporting media from the library, and opening a locked door to a cabinet containing the library. If the access includes the importing media, the method moves a robotic media handler to a locked import/export station. If the access includes exporting media, the method moves the requested media to the locked import/export station. If the access includes the opening the door, the method takes a first inventory of the media in the library. The method authenticates the identity of the individual and determines an access level associated with the individual. If the access level is insufficient for the requested access, the method denies the requested access and issues an alert. If the access level is sufficient for the requested access, the method determines if the requested access requires a second authentication. If a second authentication is required, the method prompts the individual to perform the second authentication. If the second authentication is verified, the method logs the access by the individual and grants the access. If the access is granted and the access is importing or exporting media, the method unlocks the import/export station. If the access is granted and the access is opening the door, the method unlocks the door. The method closes and locks the import/export station a predetermined length of time after unlocking the import/export station. The method locks the door a predetermined length of time after unlocking the door and takes a second inventory of the media. The method issues an alert if the second inventory differs from the first inventory. | 11-12-2009 |
| 20090288137 | Distributed Digital Rights Management System and Method - A digital rights management system includes an authentication module and a decryption module. If desired, the modules can be implemented in separate integrated circuits. The authentication module retrieves authentication information for protected content and powers down after the authentication information is retrieved. The decryption module decrypts the protected content based on the authentication information while the authentication module is powered down. | 11-19-2009 |
| 20090288138 | Methods, systems, and apparatus for peer-to peer authentication - Peer-to-peer authentication involves generating an authenticatable, globally unique, peer-to-peer identifier to associate a device with a user identity. The user identity is associated with one or more peer devices of a user. The peer-to-peer identifier, together with authentication credentials of a legacy Internet service, is sent to an infrastructure authentication service. The legacy Internet service is capable of verifying the user identity based on the authentication credentials. Based on verification of the authentication credentials, a list of authenticatable, globally unique, peer-to-peer identifiers that bind the peer devices to the user identity is received from the infrastructure authentication service. A peer-to-peer identifier that binds the selected peer device to the user identity is received from a selected one of the peer devices, and the selected peer device authenticated as associated with the user identity based on receiving the respective peer-to-peer identifier. | 11-19-2009 |
| 20090288139 | INTERFACE FOR ACCESS MANAGEMENT OF FEMTO CELL COVERAGE - Access management of femto cell service through access control list(s), or “white list(s)” is disclosed. Such white list(s) can be configured via a networked interface which facilitates access management to a femto cell. White list(s) includes a set of subscriber station(s) identifier numbers, codes or tokens, and can also include additional fields for femto cell access management based on desired complexity. Various interfaces and user profiles are associated with granting different levels of access to requesting UEs. | 11-19-2009 |
| 20090288140 | ACCESS CONTROL LISTS AND PROFILES TO MANAGE FEMTO CELL COVERAGE - System(s) and method(s) provide access management to femto cell service through access control list(s) (e.g., white list(s), or black list(s)). White list(s) includes a set of subscriber station(s) identifier numbers, codes, or tokens, and also can include additional fields for femto cell access management based on desired complexity. White list(s) can have associated white list profile(s) therewith to establish logic of femto coverage access based on the white list(s). Values of attribute fields that determine white list(s), black list(s), or white list profile(s) can be generated through various sources. An access list management component facilitates generation and maintenance of white list(s), black list(s), or white list profile(s). Values for identifier attribute field(s) available for inclusion in a white list are validated prior to inclusion therein. Various example aspects such as white list(s) management, maintenance and dissemination; automatic population or pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided. | 11-19-2009 |
| 20090293102 | REMOTE DOM ACCESS - A method for protecting a browser from malicious processes, comprises providing at least one process-proxy object and at least a browser-proxy object, interposed between the browser and a process, such that when the process invokes one of the DOM entry points, the process-proxy object isolates it from the real browser implementation and executes the process-proxy object's code instead. | 11-26-2009 |
| 20090300717 | HARDWARE ACCESS AND MONITORING CONTROL - Various embodiments described and illustrated here include one or more of systems, methods, software, and data structures that may be used to implement policies for hardware access and monitoring control. One embodiment includes obtaining device property data from each device coupled to a system and determining if each device is a device authorized for use with the system. Such embodiments may further include allowing only devices authorized for use with the system to be accessed by processes of the system. | 12-03-2009 |
| 20090300718 | SYSTEM AND METHOD FOR LOST DATA DESTRUCTION OF ELECTRONIC DATA STORED ON A PORTABLE ELECTRONIC DEVICE WHICH COMMUNICATES WITH SERVERS THAT ARE INSIDE OF AND OUTSIDE OF A FIREWALL - A data security system and method protects stored data from unauthorized access. According to one aspect of the invention, a client computing device communicates periodically with a server. If communications is note established between the client and the server for a selected activation interval and a subsequent grace period, the data is determined to be lost, and programmed security rules are automatically executed. The server with which the client computer device communicates includes one server located inside the firewall of a particular organization, or a mirror server located outside the firewall, and thereby allow for the re-setting of the activation interval when the client is properly outside of the firewall through communication with the mirror server, as well as the to provide command an control over a lost or stolen client by pushing updated rules if communication is subsequently attempted with the mirror server. | 12-03-2009 |
| 20090307748 | METHOD AND ARRANGEMENT FOR USER FRIENDLY DEVICE AUTHENTICATION - The present invention relates to fraud prevention and authentication of a device to a user. The method of authenticating a personal device according to the invention comprises a set up sequence, wherein at least a first preferred output format is selected by the user, and a device configuration verification sequence. In the device configuration verification sequence a checksum is calculated and converted to a user friendly output format based on the user selected preferred output format. In addition the checksum may be calculated based on variable, and user selectable, keying material. The personal device, after being authenticated according to the above, may be used to authenticate a second device. | 12-10-2009 |
| 20090313677 | Mathematical definition of roles and authorizations in RBAC system - A process, apparatus and program product create a new role in a Role Based Access Control (RBAC) system by using mathematical operators with either one or more authorizations, or one or more existing roles, or a combination thereof. | 12-17-2009 |
| 20090313678 | AUTHENTICATING SERIALIZED COMMODITIES - A system for authenticating a serialized commodity is presented. A fixed identification, serial number, and authentication code are received for a serialized commodity to be checked for authenticity. A reference table is searched for an entry that matches the received fixed identification. In response to finding an entry in the reference table that matches the received fixed identification, a fixed identification key is retrieved from the reference table that is associated with the received fixed identification. A recreated authentication code is generated for the serialized commodity using the retrieved fixed identification key, the received fixed identification, and the received serial number. Then, it is determined whether the recreated authentication code matches the received authentication code. In response to determining that the recreated authentication code does match the received authentication code, an authentication code match message is outputted to authenticate the serialized commodity. | 12-17-2009 |
| 20090320095 | OBTAINING DIGITAL IDENTITIES OR TOKENS THROUGH INDEPENDENT ENDPOINT RESOLUTION - A federated identity provisioning system includes relying parties, identity providers, and clients that obtain tokens from identity providers for access to a relying party's services. When a client contacts a new relying party, the relying party provides information that the client can independently resolve and evaluate for trustworthiness. For example, the relying party provides a generic domain name address. The client can then resolve the domain name address over various, authenticated steps to identity an endpoint for a digital identity provisioning service. The client can further interact with and authenticate the provisioning service (e.g., requiring digital signatures) to establish a trust relationship. Once determining that the client/user trusts the provisioning service, the client/user can then provide information to obtain a digital identity representation. The client can then use the digital identity representation with the corresponding identity provider to obtain one or more tokens that the relying party can validate. | 12-24-2009 |
| 20090320096 | MANAGING ACCESS TO A HEALTH-RECORD - A method to regulate access to a health record of an individual includes receiving a request from an application, the request identifying an item in the health record to which access is requested. The method further includes presenting the request to a marshal of the health record via a user interface and receiving a response from the marshal of the health record via the user interface, the response indicating whether access to the item is authorized or withheld. The method further includes granting the application access to the item if the response indicates that access to the item is authorized, and denying access to the item from the application if the response indicates that access to the item is withheld. | 12-24-2009 |
| 20090328139 | NETWORK COMMUNICATION DEVICE - A disclosed network communication device having plural addresses includes an address obtaining unit configured to obtain plural addresses corresponding to a name or an identifier of another network communication device by address resolution, and an address specifying unit configured to specify one or more of the obtained addresses as security communication addresses with which security communications can be performed by comparing the obtained addresses to a setting of the security communications. | 12-31-2009 |
| 20090328140 | ADVANCED SECURITY NEGOTIATION PROTOCOL - This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP). | 12-31-2009 |
| 20090328141 | AUTHENTICATION, IDENTITY, AND SERVICE MANAGEMENT FOR COMPUTING AND COMMUNICATION SYSTEMS - Improved techniques for obtaining authentication identifiers, authentication, and receiving services are disclosed. Multiple devices can be used for receiving service from a servicing entity (e.g., Service Providers). More particularly, a first device can be used to authenticate a first entity (e.g., one or more persons) for receiving services from the servicing entity, but the services can be received by a second device. Generally, the first device can be a device better suited, more preferred and/or more secure for authentication related activates including “Identity Management.” The second device can be generally more preferred for receiving and/or using the services. In addition, a device can be designated for authentication of an entity. The device releases an authentication identifier only if the entity has effectively authorized its release, thereby allowing “User Centric” approaches to “Identity Management.” A device can be designated for obtaining authentication identifiers from an identity assigning entity (e.g., an Identity Provider). The authentication identifiers can be used to authenticate an entity for receiving services from a servicing entity (e.g., a Service Provider) that provides the services to a second device. The same device can also be designated for authentication of the entity. The device can, for example, be a mobile phone allowing a mobile solution and providing a generally more secure computing environment than the device (e.g., a Personal Computer) used to receive and use the services. | 12-31-2009 |
| 20090328142 | Systems and Methods for Webpage Verification Using Data-Hiding Technology - A system for webpage verification comprises an authentication module configured to authenticate a user identifier if the user identifier is unique in the system, the user identifier being related to the identity of a user, a data-hiding module configured to generate a first data-hidden object based on a unique user identifier, at least one webpage identifier and a base object in accordance with a data-hiding algorithm, each of the at least one webpage identifiers being related to the identity of one of at least one webpage of the user, a memory module to store at least one of the said user identifier, the at least one webpage identifier, the base object, and the required parameters of data-hiding algorithm, and a verification module configured to retrieve the first data-hidden object from one of the at least one webpage based on one of the at least one webpage identifier, retrieve a user identifier and all of the webpage identifiers from the memory module based on the one webpage identifier, generate a second data-hidden object based on the retrieved webpage identifiers, the retrieved user identifier and the base object, and compare the first data-hidden object with the second data-hidden object. | 12-31-2009 |
| 20090328143 | METHOD OF SELF-AUTHENTICATING A DOCUMENT WHILE PRESERVING CRITICAL CONTENT IN AUTHENTICATION DATA - An improved document authentication method in which critical content, such as signatures, is preserved at a high-resolution in the authentication data carried on the self-authenticating document. When generating authentication data, signatures are compressed without down-sampling to preserve their resolution and quality. The compressed signature data (a bit string) is embedded in an image segment on the document. For example, each bit of the bit string is stored in the low bits of one or more image pixels. A hash code is calculated from the bit string and stored in a barcode printed on the document. To authenticate a scanned-back document, the bit string is recovered from the image segment. A hash code is calculated from the recovered bit string and compared to the hash code extracted from the barcode. The signatures re-generated from the recovered bit string are compared to the signatures in the scanned document. | 12-31-2009 |
| 20090328144 | MOBILE APPLICATION REGISTRATION - A method of registering an application on a mobile terminal in a mobile network with an application server, said mobile terminal comprising an identity module, said method comprising the steps of: receiving at the application server a first message for registering the application, said first message comprising a telephone number associated with the identity module; generating by the application server a unique identifier and associating the unique identifier with the telephone number; sending a second message from the application server to the mobile terminal, said second message comprising the unique identifier; and generating and storing at the mobile terminal a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal. | 12-31-2009 |
| 20100005507 | ENGINE CONTROL UNIT - Provided is an engine control unit, which supports an antitheft system outputting, when a key ID registered in a portable device matches an authentication-purpose key ID registered in a receiver, a receiver status signal that contains information indicating that the portable device has been authenticated, and which is initiated in response to an initiating instruction has not been issued from an external, includes: starting control unit for controlling a starting operation of an engine in response to a start permission signal; storage unit registered with an authentication-purpose receiver ID for authenticating the receiver; and antitheft function install/non-install judging unit for judging whether or not the antitheft function is installed to the moving object, in which, when the authentication-purpose receiver ID is not registered in the storage unit and the receiver status signal is not entered, the antitheft function install/non-install judging unit judges that the antitheft function is not installed, and outputs the start permission signal to the starting control unit. | 01-07-2010 |
| 20100005508 | USER AUTHENTICATION APPARATUS AND METHOD THEREOF - A user authentication apparatus includes an information collection unit which collects user information from a plurality of personal portable devices of a user within a predetermined distance, and a control unit which identifies the user as a user corresponding to the collected information based on the amount of user information collected. Accordingly, user authentication can be easily performed using portable devices of a user, resulting in increased user convenience. | 01-07-2010 |
| 20100011413 | METHOD FOR AND APPARATUS FOR RETRIEVING USERNAME AND PASSWORD IN AN AUTHENTICATION PROTOCOL - Disclosed is a computer implemented method and apparatus to retrieve authentication records required for user validation and creation of authentication credentials from an authentication sever to be passed to the user. The method is comprised of the authentication server storing a first authentication record, then generating a first authentication credential based on the first authentication record. The authentication server associates the first authentication record with a first credential expiration time. The authentication server stores a second authentication record. The authentication server generates a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time. Next, the authentication server associates the second authentication credential with a second credential expiration time. The authentication server determines that the first credential expiration time is earlier than the second credential expiration time and caches the first authentication record to cache. | 01-14-2010 |
| 20100017848 | VERIFYING CERTIFICATE USE - A method, system, and computer usable program product for verifying certificate use are provided in the illustrative embodiments. A secure data communication is directed to a certificate use verification application. A test certificate that may be stored in a data storage associated with a data processing system is presented to an originator of the secure data communication. The test certificate includes an identity, and the identity identifies an entity other than the intended party to the secure data communication as being the holder of the test certificate. A determination is made whether the originator responds to continue the secure data communication when presented with the test certificate. If the originator responds to continue the secure data communication, a report is made that the originator does not perform a verification of the identity from the test certificate. | 01-21-2010 |
| 20100017849 | THIRD-PARTY SOFTWARE PRODUCT CERTIFICATION - According to one general aspect, a method of software certification comprising establishing a host application server software (HASS) on a system. The method further comprising installing, on the system, an third-party software product (TPSP) that uses the HASS. In various embodiments, the method may also comprise verifying that the TPSP functions to at least a predefined standard. In some embodiments, the method may also include uninstalling the third-party software product. The method also including testing that the HASS functions to at least a predefined standard once the TPSP has been uninstalled. | 01-21-2010 |
| 20100017850 | METHODS AND SYSTEMS TO FINGERPRINT TEXTUAL INFORMATION USING WORD RUNS - The present invention provides methods and systems to enable fast, efficient, and scalable means for fingerprinting textual information using word runs. The present system receives textual information and provides algorithms to convert the information into representative fingerprints. In one embodiment, the fingerprints are recorded in a repository to maintain a database of an organization's secure data. In another embodiment, textual information entered by a user is verified against the repository of fingerprints to prevent unauthorized disclosure of secure data. This invention provides approaches to allow derivative works (e.g., different ordering of words, substitution of words with synonyms, etc.) of the original information to be detected at the sentence level or even at the paragraph level. This invention also provides means for enhancing storage and resource efficiencies by providing approaches to optimize the number of fingerprints generated for the textual information. | 01-21-2010 |
| 20100017851 | System and process for registering and later confirming a written or printed document is genuine and unaltered, while mitigating the risk of its loss - A method for authenticating a document including: radio frequency scanning at least a portion of the document; optically scanning the document; generating a document data dependently upon the radio frequency scanning and optical scanning; comparing the generated data to stored data, the stored data being previously generated dependently upon a prior radio frequency scanning of the portion of the document and prior optical scanning of the document; and providing an output indicative of the document being authentic if the generated data is sufficiently identical to the stored data as determined by the comparing. | 01-21-2010 |
| 20100017852 | Electronic board provided with security functions and method for ensuring electronic board security - To prevent being able to capture sensitive signals between electronic circuits placed on an electronic card, these circuits are arranged in a protected zone in such a manner so as not be distant from each other by more than a determined distance. The circuits of the protected zone comprise at least one control circuit. The electronic card further comprises another zone defining a non-protected environment; the circuits of this zone do not need to comply with the distance constraint. The communication between the circuits of the protected zone and the non-protected environment is carried out by means of a communication circuit allowing or not allowing the electrical signals to pass. The passage of the electrical signals in the communication circuit is conditioned by an electrical control signal sent by the control circuit. The invention also relates to a method allowing the control circuit to be blocked if the electrical status of the signal controlling the passage of the signals does not correspond to the status imposed by the control circuit. | 01-21-2010 |
| 20100024000 | Method for improving accuracy of a time estimate used in digital rights management (DRM) license validation - A method for improving accuracy of a time estimate used in digital rights management (DRM) license validation is disclosed. In one embodiment, a memory device receives a request to validate a DRM license stored on the memory device, wherein the DRM license is associated with a time stamp update policy (TUP) that specifies when a new time stamp is needed. Before attempting to validate the DRM license, the memory device determines if a new time stamp is needed based on the TUP associated with the DRM license. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to validate the DRM license using a time estimate based on the new time stamp. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination. | 01-28-2010 |
| 20100024001 | Securing Blade Servers In A Data Center - Securing blade servers in a data center, the data center including a plurality of blade servers installed in a plurality of blade server chassis, the blade servers and chassis connected for data communications to a management module, each blade server chassis including a chassis key, where securing blade servers includes: prior to enabling user-level operation of the blade server, receiving, by a security module, from the management module, a chassis key for the blade server chassis in which the blade server is installed; determining, by the security module, whether the chassis key matches a security key stored on the blade server; if the chassis key matches the security key, enabling, by the security module, user-level operation of the blade server; and if the chassis key does not match the security key, disabling, by the security module, operation of the blade server. | 01-28-2010 |
| 20100024002 | Authentication system - An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one. | 01-28-2010 |
| 20100031312 | METHOD FOR POLICY BASED AND GRANULAR APPROACH TO ROLE BASED ACCESS CONTROL - A method includes receiving input parameters comprising a user identifier, a sensitive command name, and a filename; setting a return code to a default of success; and checking for a global (ANYUSER) entry in a sensitivity database. If there is a global entry in the sensitivity database, the following are performed: comparing the received sensitive command name to a sensitive command in the global entry in the sensitivity database; if the received sensitive command name matches a sensitive command in the global entry, checking for an allow flag or not allow flag; if a not allow flag is found, setting the return code to failure. A check is made for a userID entry in the sensitivity database matching the received user identifier. If the user identifier matches the userID entry, a check is made for an allow flag or not allow flag. The return code is output. | 02-04-2010 |
| 20100031313 | RELAY DEVICE, AUTHENTICATION SERVER, AND AUTHENTICATION METHOD - A relay device includes a security information reception unit, a security information processing unit, and a security information transmission unit. The security information reception unit receives, from a terminal device, first security information containing a user ID and user authentication information of a user of the terminal device. The security information processing unit adds a relay device ID and relay device authentication information to the first security information to generate second security information. The security information transmission unit transmits the second security information to an authentication server. | 02-04-2010 |
| 20100037293 | Systems and Methods for Security in a Wireless Utility Network - Methods and systems a provided for security in a wireless utility network. The methods and systems use different levels of trust to securely enroll new nodes into a network through other nodes acting as proxies. A node's security state with respect to another node in the network is categorized into one of several trust levels. A node responds to certain requests, actions or messages depending based on its trust level with the other entity. Initially, a node is not trusted. A first trust level is established based on a digital certificate that is stored in a node when the node is manufactured. A second trust level is established based on a second digital certificate obtained from a certifying authority while a node is in the first trust level. A node with a verified second certificate can be fully enrolled in the network and participate as a network node with minimal or no constraints. | 02-11-2010 |
| 20100037294 | METHOD AND APPARATUS FOR PROVIDING A HIERARCHICHAL SECURITY PROFILE OBJECT - A hierarchical security policy that can be imposed by a policy maker upon a class of entities in an interactive television environment. A general policy is defined for a class of entities. A specific policy may also be defined for any subclass of entities, such as the grouping of advertisements or programs. A specific policy may be defined for any given entity, such as a specific television program as an exception to a class. | 02-11-2010 |
| 20100043054 | AUTHENTICATION OF USER DATABASE ACCESS - A database system and method combines the ability to concurrently utilize LDAP based authentication and operating system-based authentication. The database authentication tries both methods of authentication, both at the database layer and at the application layer. Security authentication of the user then occurs by whichever mechanism is first to return a successful result. Database administrators can, if desired, configure the system to prefer one mechanism (LDAP or operating system) over the other. With the present invention, a large end user population can be managed using standard LDAP tools, in an automated, administered, or “self-service” manner, as preferred. Thus, system accounts, such as the database owner, can remain within the operating system, easing installation and maintenance of the database product itself. | 02-18-2010 |
| 20100043055 | METHODS AND SYSTEMS FOR ONLINE FRAUD PROTECTION - This disclosure describes, generally, methods and systems for certifying user identities (IDs). The method includes receiving, from a customer, a certification request for a user ID. The method then identifies the user ID's owner and collects information about the owner. The information may include financial information, personal information, biographical information, etc. The method then analyzes the collected information to generate a risk score associated with the user ID, and based on the risk score exceeding a threshold, the method certifies the user ID. | 02-18-2010 |
| 20100043056 | PORTABLE DEVICE ASSOCIATION - A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association. | 02-18-2010 |
| 20100043057 | METHOD FOR DYNAMIC SECURE MANAGEMENT OF AN AUTHENTICATED RELATIONAL TABLE IN A DATABASE - Method for the dynamic secure management of an authenticated relational table forming part of a database; the method comprises the following steps: store the authenticated relational table in a secondary memory’ with a high storage capacity and a slow data access time; maintain an authenticated skip list within the authenticated relational table in order to create an authentication superstructure; determine a signed hash or basis value which characterises the entire authenticated relational table; authenticate the presence or otherwise of a set of elements belonging to the skip list via a root path suitable for calculating a check hash value comparable to the signed hash value which characterises the entire authenticated relational table; and validate the result of the authentication step by checking that the check hash value calculated by means of the root path is equal to the signed hash value that characterises the entire authenticated relational table. | 02-18-2010 |
| 20100050233 | VERIFICATION ENGINE FOR USER AUTHENTICATION - Computer-implemented system and methods for authenticating the identity of a person, for example a customer ( | 02-25-2010 |
| 20100058437 | GRAPHICAL SYSTEM AND METHOD FOR USER AUTHENTICATION - System and method for graphical user authentication using compact collages of regions of images. Image corpus is constructed by selecting similar quality images and filtering to further homogenize image quality. Regions are detected within the images and scored according to similarity and neighborhood information. Regions with lower scores provide less information about other regions and are more secure secrets. During enrollment, user selects secret images; decoy images are chosen by the system accordingly. Regions from secret images are selected as secrets according to the scoring of regions and regions from decoy images are selected as decoys. A collage is formed with secrets and decoys. Compact rendering enhances security and is suitable for small displays of mobile devices. Several rounds of challenge, requiring identification of secrets, are presented to the user. User is authenticated if a certain number of correct identifications of secrets within a number of rounds are achieved. | 03-04-2010 |
| 20100058438 | SIMPLE VISUAL AUTHENTICATION OF DOCUMENTS EXCHANGED IN COMMERCE - Verifying the integrity of a received binary object by calculating a first displayable authenticator derived from an input binary object. The first authenticator is then attached to the input binary object, producing a first composite binary object, which is sent to a remote receiver. A second composite binary object is received back from the remote receiver, wherein the second composite binary object includes a received binary object, a received first displayable authenticator, and a second displayable authenticator. A third displayable authenticator is calculated, derived from the second composite binary object, then a display of the first displayable authenticator is compared to a display of the third displayable authenticator, and verification of the integrity of the received binary object is indicated by an exact match between displays of the first and third displayable authenticators. | 03-04-2010 |
| 20100058439 | INFORMATION MANAGEMENT METHOD, INFORMATION MANAGEMENT SYSTEM, COMPUTER-READABLE MEDIUM AND COMPUTER DATA SIGNAL - An information management method includes: receiving a request for certain operation of certain electronic information associated with operation right information that defines permitted operation for each user; determining as to whether or not at least one of (i) a history of previous operations, executed by the user, of the certain electronic information and (ii) a history of previous operations, executed by the user, of a location associated with the certain electronic information meets a predetermined condition, and if it is determined that the at least one of (i) the history of previous operations, executed by the user, of the certain electronic information and (ii) the history of previous operations, executed by the user, of the location associated with the certain electronic information meets the predetermined condition, starting to execute the certain operation. | 03-04-2010 |
| 20100064343 | OPERATION SUPPORTING APPARATUS AND OPERATION SUPPORTING METHOD - There is provided an operation supporting technique by which an operation environment which is set in an apparatus for each user can be more easily reflected in another apparatus. An operation supporting apparatus includes an authentication section to authenticate a user by acquiring authentication information from a storage medium to store the authentication information used for user authentication and specific information about a location of setting information about setting contents of an operation environment of the user, a specific information acquisition section to acquire the specific information from the storage medium from which the authentication information is acquired, a setting information acquisition section to acquire, when the authentication section succeeds in the authentication of the user, the setting information by using the specific information acquired by the specific information acquisition section from the storage medium from which the authentication information of the user is acquired, and a setting reflection section to cause setting contents based on the setting information acquired by the setting information acquisition section to be reflected in the operation environment of the user. | 03-11-2010 |
| 20100071030 | METHOD AND SYSTEM FOR SECURELY IDENTIFYING COMPUTER STORAGE DEVICES - In a private network setting in which various computers can be attached, the confidential or sensitive data within the various devices on the private network is vulnerable. The ability to copy such confidential or sensitive data to a storage device communicatively coupled to a client computer on the network is governed and controlled. Only devices that include an authentic stamp or digital certificate can be accessed by client computers. If a device does not have a valid stamp or the stamp has been black listed, then the access to the device can be prevented or greatly limited. | 03-18-2010 |
| 20100071031 | MULTIPLE BIOMETRIC SMART CARD AUTHENTICATION - Techniques for multiple biometric smart card authentication are provided. At least two biometric readings are obtained from a requesting user. Both biometric readings are verified before access to resources of a smart card are made available to the requesting user. | 03-18-2010 |
| 20100071032 | Techniques for Authenticated Posture Reporting and Associated Enforcement of Network Access - Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional. | 03-18-2010 |
| 20100077446 | CENTER APPARATUS, TERMINAL APPARATUS, AND AUTHENTICATION SYSTEM - The present invention provides a system and a method, in which after authenticating a device, the user authentication methods are switched and used. Specifically, in performing user authentication via a terminal apparatus, the terminal apparatus is authenticated first and then based on this authentication result, a practical use of the terminal apparatus is determined, and the user authentication methods are switched so as to suit this practical use and the resultant method is implemented. | 03-25-2010 |
| 20100088744 | System For Online Compromise Tool - An Activity Access Control (AAC) utility controls access to applications and devices by allowing an administrator to set terms of use/access regarding a applications and/or devices for a group of users, whose activity are monitored. The AAC utility also enables administrator and user access to a compromise facility via a centralized access point to establish or request changes to the terms of use/access. The AAC utility allows the administrator to dynamically update information and set terms based on real-time information collected during activity monitoring. Dynamic updates may also occur based on the monitored user's request, the priority of the requesting user(s), historical data, occurrence of a special event, completion of other internal or/external tasks, and/or pre-set limitations or thresholds. In addition, the AAC utility facilitates the real-time display or publishing of the terms of use, status information, and statistical information to users and the administrator. | 04-08-2010 |
| 20100088745 | METHOD FOR CHECKING THE INTEGRITY OF LARGE DATA ITEMS RAPIDLY - The embodiments read, by a computer, target data and divide the target data into chunks. Initial digest values for each chunk of the target data are maintained. Digest values for a subset of the chunks, based upon the target data, is obtained. And a computer compares the obtained subset of digest values of the target data with corresponding subset of maintained initial digest values and verifies integrity of the target data according to the comparison. | 04-08-2010 |
| 20100107218 | SECURED COMPARTMENT FOR TRANSACTIONS - Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment. | 04-29-2010 |
| 20100107219 | AUTHENTICATION - CIRCLES OF TRUST - Within a surface computing environment users are provided a seamless and intuitive manner of modifying security levels associated with information. If a modification is to be made the user can perceive the modifications and the result of such modifications, such as on a display. When information is rendered within the surface computing environment and a condition changes, the user can quickly have that information concealed in order to mitigate unauthorized access to the information. | 04-29-2010 |
| 20100115583 | METHOD FOR FAULT-TOLERANT USER INFORMATION AUTHENTICATION - A method for user information authentication which includes setting user information for a user account, such user information being the set user information; inputting user information by a user for the user account into a device, such user information being the input user information; evaluating the input user information for correspondence with the set user information according to fault-tolerant user information rules, wherein such rules evaluate the input user information for content and closeness to the set user information and noting if the input user information is a valid user information, a fault-tolerant user information, or an invalid user information; authorizing access to the user account if the input user information is a valid user information. In one embodiment of the invention, the method includes incrementing an invalid user information counter only if the user information is an invalid user information. In another embodiment of the invention, the method includes providing a message to the user if the user information is a fault-tolerant user information, the message being descriptive of the input user information's correspondence with the fault tolerant user information rules. | 05-06-2010 |
| 20100122319 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - A system includes a web server and an apparatus with a web browser configured to display an operation screen provided by the web server. The apparatus authenticates a user and transmits authentication information to the web server when the user is authenticated and requests the operation screen which is to be displayed on the web browser. The web server determines whether the authentication information has been received from the apparatus when the operation screen is requested and transmits the operation screen to the apparatus when it is determined that the authentication information has been received from the information processing apparatus as a result of the determination. | 05-13-2010 |
| 20100125892 | SWITCHING APPARATUS, AUTHENTICATION SERVER, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND COMPUTER PROGRAM PRODUCT - A switching apparatus includes an authentication client unit that requests user authentication to a user authentication server that performs user authentication of the switching apparatus, and, when the requested user authentication is successfully performed, receives from the user authentication server, information of success of the user authentication and setting information used when terminal authentication of a terminal to be connected to the switching apparatus is relayed to a terminal authentication server that performs terminal authentication; an authentication setting unit that sets the setting information to an authentication relay unit that relays terminal authentication; and a control unit that allows the authentication relay unit to relay the terminal authentication when the setting information is set to the authentication relay unit. | 05-20-2010 |
| 20100146587 | AUTHENTICATION OF CONTROLLED DOSING PROCESSES - Authentication of products dispensed in an automated chemical dispensing system occurs via electronic communication of product information. The dispensing system includes a plurality of dispense stations, each of which is configured to dispense a corresponding specified chemical product. A product container includes an electronically readable label or tag that includes product information that identifies the chemical product in the container. A product dispenser reads the product information and automatically determines whether the specified product has been loaded onto or into the dispense station. If the product is thus “authenticated,” the system may permit dispensing of the chemical product. If the product is not authenticated, the system may prevent dispensing of the chemical product and/or generate an error message. | 06-10-2010 |
| 20100162352 | FALSIFICATION DETECTING SYSTEM, FALSIFICATION DETECTING METHOD, FALSIFICATION DETECTING PROGRAM, RECORDING MEDIUM, INTEGRATED CIRCUIT, AUTHENTICATION INFORMATION GENERATING DEVICE AND FALSIFICATION DETECTING DEVICE - A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit | 06-24-2010 |
| 20100162353 | TERMINAL AUTHENTICATION APPARATUS AND METHOD IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - A terminal authentication apparatus and method in a Downloadable Conditional Access System (DCAS) is provided. The terminal authentication method may determine whether terminal authentication information, received from a DCAS terminal, is valid by referring to a database, may transmit DCAS image information and pairing information about the terminal authentication information to a user terminal, when the terminal authentication information is valid, and thereby may enable the DCAS terminal to set the user terminal based on the pairing information. | 06-24-2010 |
| 20100162354 | TRANSCRIPTION DATA SECURITY - A computer program product for use with dictated medical patient information resides on a computer-readable medium and comprises computer-readable instructions for causing a computer to analyze the dictated information, identify likely confidential information in the dictated medical patient information, and treat the likely confidential information disparately from likely non-confidential information in the dictated medical patient information. | 06-24-2010 |
| 20100162355 | TRANSCRIPTION DATA SECURITY - A computer program product for use with dictated medical patient information resides on a computer-readable medium and comprises computer-readable instructions for causing a computer to analyze the dictated information, identify likely confidential information in the dictated medical patient information, and treat the likely confidential information disparately from likely non-confidential information in the dictated medical patient information. | 06-24-2010 |
| 20100162356 | Hierarchical Trust Based Posture Reporting and Policy Enforcement - A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies. | 06-24-2010 |
| 20100180320 | ACCESS MANAGEMENT METHOD - The invention relates to a data transmission system that includes the step of a first user or at least one second user accessing a resource. The novel feature of the invention is the fact that access to said resource is inhibited as long as said first and second users have not requested access thereto. | 07-15-2010 |
| 20100192197 | Context-Sensitive Confidentiality within Federated Environments - Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards. | 07-29-2010 |
| 20100192198 | CACHING OF PRIVATE DATA FOR A CONFIGURABLE TIME PERIOD - A computer implemented method, apparatus, and computer program product for generating cookies. A cookie value is retrieved in response to receiving the request. An expiration for the cookie value is set based on a time period in which the request is received. A set of unique identifiers, including the expiration, are added to the cookie value and a cookie name to form a cookie. A response to the request is sent to an intermediate server. The response includes data responsive to the request and the cookie. The validity of the data for the response is related to the expiration. | 07-29-2010 |
| 20100211990 | Packet Detection Method for Wireless Communication Device and Related Device - A packet detection method for a wireless communication device includes receiving a wireless communication signal and demodulating the wireless communication signal into a packet signal; comparing the packet signal according to an access code to generate a comparison result; estimating energy distribution of the packet signal to generate an estimation result; and determining whether the packet signal belongs to the wireless communication device according to the comparison result and the estimation result. | 08-19-2010 |
| 20100269150 | USAGE METERING BASED UPON HARDWARE AGING - Techniques are generally disclosed for using an operating entity, including a method, apparatus, and/or system to control usage of the operating entity. In various embodiments, an in-use signal generator may be configured to generate at least one in-use signal, with the at least one in-use signal having a signal duration representative of at least one usage episode of the operating entity. An aging circuit may be coupled to the in-use signal generator and configured to output at least one age-affected signal in response to the at least one in-use signal. A metering module may be coupled to the aging circuit and, in response to the at least one age-affected signal, and configured to measure a signal characteristic of the at least one age-affected signal and translate the signal characteristic into a generated quantity of accumulative usage of the aging circuit. | 10-21-2010 |
| 20100269151 | MIGRATION ACROSS AUTHENTICATION SYSTEMS - A system, method, program product and a method for deploying a system for providing migration across authentication systems are disclosed. A system is provided that includes a login system that collects information from a user during a login process, a migration list check system that compares the information to a migration list to determine if the user is selected for migration, and a migration logic system that migrates the user from the existing authentication system to the new authentication system during the login process if the user is selected. | 10-21-2010 |
| 20100275242 | METHOD OF CONTROLLING APPLICATIONS INSTALLED ON A SECURITY MODULE ASSOCIATED WITH A MOBILE TERMINAL, AND AN ASSOCIATED SECURITY MODULE, MOBILE TERMINAL, AND SERVER - The invention relates to a method of controlling applications installed in a security module associated with a mobile terminal and adapted to increment at least one transaction value during a transaction effected by an application and, if that transaction value reaches an associated predetermined value, sending at least one connection command to a management server and blocking at least one application if the command fails. The invention also relates to a method of managing such applications adapted to receive a connection command, verify the user rights and update at least one transaction value and/or block at least one application as a function of the verification result. The invention further relates to a management server, a mobile terminal and a security module that can be used with a mobile terminal. | 10-28-2010 |
| 20100275243 | SECURING WAKEUP NETWORK EVENTS - In an embodiment, a method is provided. The method of this embodiment provides receiving a packet having a wake-up pattern, and waking up if the wake-up pattern corresponds to one of a number of dynamically modifiable passwords on a pattern wake list, each of the dynamically modifiable passwords being based, at least in part, on a seed value | 10-28-2010 |
| 20100281517 | System, Apparatus, Program, and Method for Authentication - According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P | 11-04-2010 |
| 20100306819 | INTERACTIVE PHISHING DETECTION (IPD) - Systems and methods for use with a client device and a server provide interactive phishing detection at the initiation of the user. Detection of phishing is based on the user's comparison of a visual indicator sent from the server to the client device with a another identical looking visual indicator displayed, for example, on a trusted website. Several security measures may be employed such as changing the visual indicator periodically, generating the visual indicator in a random manner, and authenticating the client device to the server before the server will transmit the visual indicator to the client device. User comparison of the website-displayed visual indicator with the user's client device user interface-displayed visual indicator may facilitate user verification of authenticity of a software application. | 12-02-2010 |
| 20100325694 | CENTRALIZED IDENTITY AUTHENTICATION FOR ELECTRONIC COMMUNICATION NETWORKS - A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user's identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user's identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users. | 12-23-2010 |
| 20100333173 | System and Method of User Authentication in Wireless Communication Networks - Methods and systems taught herein provide for authentication information for authenticating a user terminal to be shared between a network entity that supports IMS-AKA authentication of the user terminal and a network entity that supports GBA-AKA authentication of the user terminal. Sharing authentication information between these entities allows all or part of the authentication information generated for IMS-AKA authentication of the user terminal to be used subsequently for GBA-AKA authentication of the user terminal, or vice versa. | 12-30-2010 |
| 20110010755 | INTERACTION BETWEEN SECURED AND UNSECURED ENVIRONMENTS - A method comprising: receiving a data structure including an identifier identifying a process for performance by a secured environment; and identifying to an unsecured environment the process identified by the data structure. | 01-13-2011 |
| 20110010756 | VIRTUAL APPLICATION PROGRAM SYSTEM, STORING DEVICE, METHOD FOR EXECUTING VIRTUAL APPLICATION PROGRAM AND METHOD FOR PROTECTING VIRTUAL ENVIRONMENT - The present invention relates to a virtual application program system, a storage device, a method of executing a virtual application program, and a method of protecting a virtual environment. The virtual application program system includes an execution control module for executing a virtual application program, and a virtual environment protection module loaded by the execution control module and configured to block non-permitted application programs from accessing a virtual environment accessed by the virtual application program. Accordingly, the virtual environment can be protected from a host application program, etc., and independency and security of a task using a virtual application program can be guaranteed. | 01-13-2011 |
| 20110016511 | METHOD AND SYSTEM FOR MONITORING USER INTERACTION WITH A COMPUTER - A system is provided to monitor a user's interaction with a computer. The system may comprise a random reference data generator to generate a random reference string, an image generator to create an image including the random reference string, a modification module to iteratively modify the image until a distortion criterion is satisfied, and a communications module to communicate the image to a client computer for display to a user. The random reference string comprises a plurality of alphanumeric characters. | 01-20-2011 |
| 20110035784 | METHOD AND APPARATUS FOR DETECTING CYBER THREATS - A method and apparatus for detecting cyber threats using reinforced cookies, which include HTTP cookies, history cookies, cache cookies and/or other types. A history cookie comprises an entry for a particular web page in a browser's navigation history. A cache cookie comprises an entry for a particular object (e.g., an image file) within a browser's cache. Upon a client's first visit to a web server, an identifier record is generated comprising data such as a user ID, a client device ID, an age (e.g., a counter), a cookie type, an authentication field, etc. From the unique identifier, one or more types of reinforced cookies are generated and stored with the client browser. On a subsequent visit, the client's cookie configuration is examined to determine whether the client may be the perpetrator or victim of a cyber attack. Cookies may be updated or replaced on some or all visits. | 02-10-2011 |
| 20110035785 | INFORMATION PROCESSING SYSTEM, CONTROL METHOD THEREOF AND STORAGE MEDIUM - This invention provides an information processing system which allows an application on a Web server to execute authentication processing of a user in an information processing apparatus and a control method thereof. To accomplish this, in an information processing system of this invention, a Web application of a Web server requests a service provider of an MFP to execute authentication processing. The service provider instructs a login application to execute an authentication function, and transmits generated authentication information to the Web application. | 02-10-2011 |
| 20110055891 | DEVICE SECURITY - Security of a device, such as a mobile device, is maintained via a heartbeat signal. As long as the heartbeat signal is detected, the device is allowed to perform operations. If the heartbeat signal is not detected, appropriate action is taken. Appropriate action can include powering down the device, restricting access to files, erasing files, erasing the contents of a disk on the device, preventing access to designated files, reporting the location of the device, and/or preventing the device from being turned on after it is turned off. In an example configuration, the heartbeat signal is a low-power consuming, low data rate, signal allowing for processing of the heartbeat signal to be accomplished, at least in part, via the SIM of the device. | 03-03-2011 |
| 20110067086 | Using Metadata In Security Tokens to Prevent Coordinated Gaming In A Reputation System - To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client. | 03-17-2011 |
| 20110072491 | AUTHENTICATION METHOD EMPLOYED BY PORTABLE ELECTRONIC DEVICE, ASSOCIATED CONTROLLER, HOST COMPUTER HAVING STORAGE MEDIUM STORING ASSOCIATED COMPUTER PROGRAM, AND MACHINE-READABLE MEDIUM STORING ASSOCIATED COMPUTER PROGRAM - An authentication method employed by a portable electronic device includes: generating first data; deriving reference data according to the first data; receiving a second data from a host computer; and determining whether the host computer is permitted to access the portable electronic device according to the reference data and the second data. | 03-24-2011 |
| 20110083160 | APPARATUS AND METHOD FOR SECURE CONFIGURATION OF SHARED POWERLINE DEVICES - Client adapter and method simplify security deployment in an EPN, including the shared services electrical power lines of a premises. With direct coupling, piggybacked adapter receives network signals and electrical from EPN-connected first adapter through a shared medium port. An authenticating adapter exchanges security management services and information with supplicant adapter. Two or more adapters may be piggybacked. Piggybacked adapters exchange security management service information without rogue intrusion. Exchanged information, stored, is later used to communicate securely. Defined adjacency (neighborhood) information can be exchanged, and a neighborhood established on an EPN, where one authorized neighbors securely communicate. | 04-07-2011 |
| 20110083161 | VEHICLE, MAINTENANCE DEVICE, MAINTENANCE SERVICE SYSTEM, AND MAINTENANCE SERVICE METHOD - The vehicle includes electronic control units, and performs an authentication process to judge the validity of an external device outside the vehicle, e.g. a maintenance device, which tries accessing the electronic control unit. Based on the result of the judgment, the vehicle decides a range in which the maintenance device can access the electronic control unit. In the authentication, e.g. both the maintenance device and the vehicle use authentication microcomputers respectively. According to the invention, an external device outside the vehicle can be inhibited from making an unwanted access to the electronic control unit of the vehicle. | 04-07-2011 |
| 20110093918 | SECURE METHOD OF ACCESSING AN INFORMATION SYSTEM OF AN AIRCRAFT - In the method of accessing an information system of an aircraft the system receives an authenticator request from a connector of the aircraft; the system determines whether the connector presents a predetermined characteristic; and in the event that the system determines that the connector does indeed present the predetermined characteristic, the system sends an authenticator to the connector. Provision is also made for: the system receives an authenticator the system determines whether the authenticator is valid; and in the event that the system determines that the authenticator is indeed valid, the system authorizes access to the system from a connector of the aircraft from which the authenticator was sent. | 04-21-2011 |
| 20110107394 | AUTHENTICATION METHODS AND DEVICES - Embodiments of the device have a plurality of authentication slots for authenticating users, a port configured to receive an authentication request from a user, a memory, a queue maintained in the memory, and a processing engine configured to monitor the port and the authentication slots such that if an authentication request from a user is received and no authentication slots are available, an identifier associated with the user is enqueued on the queue, and wherein if one of the authentication slots is or becomes available and the queue is not empty, an identifier is dequeued from the queue and the associated user is authenticated using one of the available authentication slots. | 05-05-2011 |
| 20110107395 | METHOD AND APPARATUS FOR PROVIDING A FAST AND SECURE BOOT PROCESS - An apparatus for providing a fast and secure boot process may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus to perform at least performing a first security check on critical security software during a boot sequence of a device, powering down or resetting the device in response to failure of the first security check, performing a second security check on at least a first portion of general critical software in response to the first security check passing, enabling operation of the device with respect to general critical software that passes the second security check, and disabling functionality associated with general critical software that fails the second security check. | 05-05-2011 |
| 20110107396 | AUTHENTICATION METHOD, INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - An information processing apparatus acquires user name information contained in user authentication information transmitted from an authentication server. Then, the information processing apparatus describes the acquired user name information according to a predetermined format which the printer driver can refer to, and stores it in a storage area which the printer driver can refer to. The printer driver, if the user name information is stored in the storage area, and the user name information satisfies a condition described in the format, transmits the user name information added to the print data to a printer apparatus. | 05-05-2011 |
| 20110138443 | SYSTEM AND METHOD FOR VALIDATING A LOCATION OF AN UNTRUSTED DEVICE - In a system of mobile agents operating in a region of interest, it may be necessary to validate the position of an untrusted device prior to allowing the untrusted device to perform agent functions within the region of interest. Trusted mobile agents within the region of interest may activate wireless access points with randomly generated identifiers. The untrusted device may be instructed to provide a list of identifiers of visible wireless access points to confirm that the untrusted device is within the ROI. | 06-09-2011 |
| 20110154436 | Provider Management Methods and Systems for a Portable Device Running Android Platform - A provider management method conforming to an Android platform is provided. An authentication procedure is performed between a consumer and a provider, wherein the authentication procedure is performed via a binding unit, and the binding unit is an interface enabling inter-process communication conforming to the Android platform. | 06-23-2011 |
| 20110162041 | METHOD AND APPARATUS FOR PROVIDING SOFTWARE SECURITY - A method and apparatus for providing software security is provided. In the software security method, an installation file of software that includes at least one execution file and at least one data file which are stored in a user terminal is executed. Accordingly, at least one virtual execution file corresponding to the at least one execution file and at least one virtual data file corresponding to the at least one data file are installed in a user area of the user terminal, and the at least one execution file, the at least one data file, and a controller for controlling the at least one virtual execution file and the at least one execution file are installed in a security area of the user terminal. | 06-30-2011 |
| 20110179465 | APPARATUS, AND AN ASSOCIATED METHOD, FOR FACILITATING SECURE OPERATIONS OF A WIRELESS DEVICE - An apparatus, and an associated method, facilitates security at a wireless device, such as a wireless device comprising a mobile computing platform. A security decision engine is provided that monitors for an event necessitating a security decision. When a security decision is required, request is made of a knowledge fetcher, provided by a trusted third-party, installed at the wireless device for the security decision. The knowledge fetcher obtains the security decision, such as by obtaining the security decision from a remote, trusted third-party server, and provides the security decision to the decision engine. Use is made of the security decision pursuant to a setting for which the security decision is needed. | 07-21-2011 |
| 20110197259 | METHOD AND SYSTEM FOR PROCESSOR OR WEB LOGON - A system is for a proof of knowledge enrollment or authentication. The system includes a processor having an input, an output and a routine; and a display having an image from the output of the processor. The routine is structured to input from the input of the processor a plurality of different position selections and/or a plurality of different path selections on the image. The routine is further structured to authenticate the proof of knowledge as a function of the plurality of different position selections and/or the plurality of different path selections on the image. | 08-11-2011 |
| 20110214158 | WIRELESS COMMUNICATIONS SYSTEM PROVIDING MOBILE DEVICE AUTHENTICATION BYPASS BASED UPON USER-WEARABLE SECURITY DEVICE AND RELATED METHODS - A wireless communications system may include a user-wearable device including a clasp having open and closed positions, a first wireless security circuit (WSC), and a first controller coupled to the clasp and the first WSC. The system may further include a mobile wireless communications device including a portable housing, an input device(s), a second WSC carried by the portable housing and configured to communicate with the first WSC when in close proximity therewith, and a second controller carried by the portable housing and coupled to the second WSC and the input device(s). The second controller may be configured to enable mobile wireless communications device(s) function based upon a manual entry of an authentication code via the input device(s), and bypass the manual entry and enable the mobile wireless communications device function(s) based upon a communication from the user-wearable device and a position of the clasp. | 09-01-2011 |
| 20110239272 | NON-NUMERIC PERSONAL IDENTIFICATION - Various methods and systems are provided for allowing a user to select a non-numeric PIN or password and use that to access content instead of a conventional numerical PIN. A series of visual, textual, and/or audio “digits” form the PIN, where each succeeding digit may be related to one or more of the preceding digits. | 09-29-2011 |
| 20110265143 | SLICE RETRIEVAL IN ACCORDANCE WITH AN ACCESS SEQUENCE IN A DISPERSED STORAGE NETWORK - A method begins by a processing module receiving a data retrieval request to retrieve data stored as a plurality of sets of encoded data slices in a dispersed storage network memory. The method continues with the processing module determining an access sequence for retrieving the plurality of sets of encoded data slices in accordance with the access sequence, entering a loop to produce recovered decoded data that includes sending a slice retrieval message for a set of encoded data slices of the plurality of sets of encoded data slices, receiving at least a decode threshold number of encoded data slices of the set to produce received encoded data slices, dispersed storage error decoding the received encoded data slices to produce the recovered decoded data, and exiting the loop when a set of encoded data slices is not requested in accordance with a system maintained access sequence. | 10-27-2011 |
| 20110302627 | USER AUTHENTICATON - A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database. This improves security, since a password database would be vulnerable to malicious code. | 12-08-2011 |
| 20110314514 | METHOD AND APPARATUS FOR PROVIDING SCAN CHAIN SECURITY - A scan chain security capability is provided herein. The scan chain security capability enables secure control over normal use of a scan chain of a system, e.g., for purposes such as testing prior to deployment or sale of the system, in-field testing after deployment or sale of the system, in-field modification of the system, and the like. The scan chain security capability enables secure control over normal use of a scan chain by enabling control over interruption of a scan chain and re-establishment of an interrupted scan chain. A scan chain security component is configured for removing an open-circuit condition from the scan chain in response to a control signal. The control signal may be generated in response to validation of a security key, in response to successful completion of a challenge-based authentication process, or in response to any other suitable validation or authentication. The scan chain security component also may be configured for creating an open-circuit condition in the scan chain in response to a second control signal. The second control signal may be a scan register value received via the scan chain. | 12-22-2011 |
| 20110314515 | INTEGRATED PHYSICAL AND LOGICAL SECURITY MANAGEMENT VIA A PORTABLE DEVICE - Integrated physical and logical security management is extended to a mobile device, such as a portable wireless device or radio The Mobile-IMPACT solution extends the reach of authonzed users to hand-held devices for momtoπng, managing and/or controlling of IT/network and physical security Allowing authorized users to view and control access events while not in their office and logged into their console, mobility within and outside of a facility or campus organization no longer requires a laptop computer With new handheld technologies more widely accessiable and dropping in mice while still gaining additional functionality, a chief security officer and their security staff can now monitor access to their building/doors/control zones, look-up user and card information, trigger queries/reports, set new alarm conditions and monitor sensors or a perimeter from a handheld device anywhere in the world using an electronic communication medium. | 12-22-2011 |
| 20110321124 | Enterprise Evidence Repository - A controller is configured to generate and propagate instructions to an execution agent which, in turn, is configured to collect and deposit collected artifacts into a repository. Write access to a location in the repository for collected artifacts that are to be deposited into a specified location is granted to the execution agent. Once the execution agent deposits the collected artifacts in the specified location in the repository, a summary of collected artifacts is propagated to the controller. The controller manages appropriate levels of access to the collected artifacts, while the repository enforces the level of access. The controller can grant read only access to the collected artifacts or it can allow for controlled changes to be made to the metadata associated with the collected artifact. An agent processes the data and generates additional metadata that can be associated with the collected artifacts and then saved in the repository. A system can have more than one repository, where the controller allocates storage in an appropriate repository and issues instructions to the execution agent with the location in an appropriate repository. The summary of the actual collections is then propagated to the controller from the repositories. | 12-29-2011 |
| 20110321125 | AUTHENTICATION DEVICE, AUTHENTICATION METHOD AND PROGRAM FOR CAUSING COMPUTER TO EXECUTE THE SAME - Provided is an authentication device and an authentication method of, even in the case of selecting correct images for authentication from among the displayed images to perform authentication, making hard to be read by others and improving security, and a program for causing a computer to execute the same. A main control portion | 12-29-2011 |
| 20120011564 | Methods And Systems For Graphical Image Authentication - Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes. | 01-12-2012 |
| 20120011565 | SYSTEM AND METHOD FOR STORING AND PROVIDING ACCESS TO SECURED INFORMATION - The embodiments of the present invention relate to an electronic transfer and storage system implemented in a medical records environment or application using a card with memory capabilities and biometric (includes finger, palm, iris, facial photo, scent, voice recognition and other biometric attributes) data to authenticate the account holder (patient, nurse, Doctor, Pharmacist, EMS or EMT). With such a card, reader and system, a patient is able to be enrolled with a physician using biometric input for authentication. | 01-12-2012 |
| 20120023548 | APPARATUS, AND AN ASSOCIATED METHOD, FOR IMPLEMENTING A PARENTAL CONTROL FEATURE AT A WIRELESS DEVICE - An apparatus, and an associated method, facilitates implementation of a parental control feature at a mobile station. A parental authority selects a parental control feature to be implemented at the mobile station and by way of a user interface at a computer workstation or a master mobile station. Detection is made of the selection, and a control signal is generated that includes identification of the selection. The control signal is sent to the affected mobile station. Once received at the mobile station, the control signal is detected, its contents ascertained, and the parental control feature is implemented at the mobile station. | 01-26-2012 |
| 20120023549 | CAPTCHA AND reCAPTCHA WITH SINOGRAPHS - A method for inviting a challenged entity to provide input concerning a sinograph includes displaying, to the challenged entity, a first region having an image of a challenge sinograph; displaying at least a first event-sensitive region, the first event-sensitive region having an image of a real root of the challenge sinograph; and displaying at least a second event-sensitive region. The second event sensitive region has an image of a faux root of the challenge sinograph. | 01-26-2012 |
| 20120030730 | PROVIDING A MULTI-PHASE LOCKSTEP INTEGRITY REPORTING MECHANISM - In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed. | 02-02-2012 |
| 20120036555 | INFORMATION SHARING DEVICE, INFORMATION SHARING METHOD AND INFORMATION SHARING SYSTEM - The load of setting and managing the access rule for access control is large. Provided is an information sharing system comprising an information gathering means, a transportable storage device for storing at least first information and second information, a certified acquisition request generation means, and a certified acquisition request processing means, sheering the information gathering means gathers the first information and the second information from the transportable storage device, the certified acquisition request generation means transmits a certified acquisition request including certification information comprising at least part of the second information, and the certified acquisition request processing means determines, on the basis of the result of checking whether or not the certification information included in the received certified acquisition request matches any part of the first information, whether or not to transmit the first information to a device equipped with the certified acquisition request generation means that is a transmission source of the certified acquisition request. | 02-09-2012 |
| 20120042356 | MANAGEMENT DEVICE OF EMISSION AMOUNT OR REDUCTION AMOUNT OF GREENHOUSE GASES, AND MANAGEMENT METHOD - A management device of the emission amount or reduction amount of greenhouse gases including: a communication unit that performs communication with an IC card on which an ID and history information on activities outside of a designated area are recorded; a control unit that performs authentication by the read ID via the communication unit, and in a case when authentication is successful, reads the history information via the communication unit, and obtains information relating to the emission amount or reduction amount of greenhouse gases from the read history information; and a display unit that displays the information relating to the emission amount or reduction amount of greenhouse gases. | 02-16-2012 |
| 20120042357 | Secure one-way data transfer system using network interface circuitry - Network interface circuitry for a secure one-way data transfer from a sender's computer (“Send Node”) to a receiver's computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node. | 02-16-2012 |
| 20120047557 | Method and System for Device Integrity Authentication - Device integrity authentication is performed by receiving, at a second device, a measured integrity value from a first device. The measured integrity value of the first device is compared at the second device to an embedded integrity value associated with the second device. A level of trust for the first device is determined by the second device based on the comparison. Application of a policy to the first device is facilitated by the second device based on the comparison. | 02-23-2012 |
| 20120066740 | SYSTEM, METHOD AND APPARATUS FOR ENABLING TRANSACTIONS USING A USER ENABLED PROGRAMMABLE MAGNETIC STRIPE - The present invention provides a system, method and apparatus that includes a user device having a magnetic field generator disposed within a substrate that is normally inactive, an initiator mounted on the substrate, a memory disposed within the substrate and a processor disposed within the substrate that is communicably coupled to the magnetic field generator, the initiator and the memory. The processor is operable to process information received from the initiator, generate a time varying code in response to the received information and activate the magnetic field generator. A power source is also disposed within the substrate. The magnetic field generator can create a spatial magnetic signal using a magnetic stripe and one or more induction coils, or create a time-varying magnetic signal for emulating data obtained from swiping a traditional magnetic stripe card through a magnetic card reader. | 03-15-2012 |
| 20120066741 | ELECTRONIC KEY FOR AUTHENTICATION - An electronic key supports a plurality of authentication methods and effectively prevents bidding-down attacks. For this purpose, security information is additionally provided by the electronic key, based on which a card reading device recognizes which authentication methods are supported by the electronic key. When the reading device recognizes based on said information that the electronic key supports a stronger second authentication method, but the authentication method was not recognized by the card reading device, the electronic key is, for example, rejected. | 03-15-2012 |
| 20120084832 | Time Managed Challenge-Response Test - A method of generating a time managed challenge-response test is presented. The method identifies a geometric shape having a volume and generates an entry object of the time managed challenge-response test. The entry object is overlaid onto the geometric shape, such that the entry object is distributed over a surface of the geometric shape, and a portion of the entry object is hidden at any point in time. The geometric shape is rotated, which reveals the portion of the entry object that is hidden. A display region on a display is identified for rendering the geometric shape and the geometric shape is presented in the display region of the display. | 04-05-2012 |
| 20120090015 | DEVICE AND METHOD FOR AUTHENTICATING BIOLOGICAL INFORMATION - An biological-information authentication device includes, a biological-information reading section configured to read biological information; a comparing section configured to compare biological information read by the biological-information reading section with registered biological information to determine whether they match; a registration section configured to register biological information; a biological-information-input-operation extraction section configured to extract input operation data indicating an input operation of biological information read by the biological-information reading section. The device further includes an approval-input-operation determination section configured to determine whether the input operation data of the biological information extracted by the input-operation extraction section matches approval input operation data indicating an input operation for approval that is stored in advance when the comparing section determines that the biological information is unregistered biological information and that biological information input next to the unregistered biological information matches the registered biological information of an administrator having approval authority. | 04-12-2012 |
| 20120090016 | Method and apparatus for registering agents onto a virtual machine monitor - A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent dining integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed. | 04-12-2012 |
| 20120096516 | Software Signing Certificate Reputation Model - A request from a software developer is received to digitally sign software included in the request. A security policy associated with the software developer is accessed where the security policy describes criteria for valid request by the software developer. A determination is made whether the request is valid based at least in part on the security policy. The software is digitally signed responsive to the determination indicating that the request is valid. The digitally signed software is provided to the software developer. | 04-19-2012 |
| 20120110639 | STORAGE DEVICE, AND AUTHENTICATION METHOD AND AUTHENTICATION DEVICE OF STORAGE DEVICE - An authentication method of a storage device includes requesting an EID (Encoded IDentifer) to the storage device by an authentication device for authenticating the storage device, receiving the EID by the authentication device, restoring original ID information by decoding the received EID, and verifying individual ID information corresponding to use of the storage device included in ID information by using ID authentication information received from the storage device, wherein the ID information includes multiple pieces of individual ID information corresponding to the use of the storage device. | 05-03-2012 |
| 20120117618 | METHOD FOR CALIBRATING A TEMPERATURE FLOAT OF A ONE TIME PASSWORD TOKEN AND A ONE TIME PASSWORD TOKEN THEREOF - A method for calibrating a temperature float of a one time password token and a device thereof are provided in the invention relating to the information security field. The method includes steps: the one time password token measures a current ambient temperature at intervals of a first predetermined time, retrieves a data table for a characteristic value relating to the measured temperature, and calibrates a current time value inside the token according to the characteristic value at intervals of a second predetermined time. The one time password token includes a timer module, a measuring module, a retrieving module, a table storing module, a calibrating module, a triggering module, a generating module and a displaying module. The invention calibrates time differentiation of the one time password token caused by the temperature float. | 05-10-2012 |
| 20120117619 | SECURE NETWORK CONNECTION ALLOWING CHOICE OF A SUITABLE SECURITY ALGORITHM - The invention provides for a method for use in a mobile radio communications device network connection procedure and including the step of, at a network, sending to a mobile radio communications device a list of a plurality of security algorithms supported in the network and so as to allow choice of a suitable algorithm irrespective of the degree of update that the device may have experienced. | 05-10-2012 |
| 20120151557 | Progressive Consent - A consent management system is described which manages an entity's consent to consume application functionality on a per-feature level of granularity. To perform this task, the consent management system maintains consent information which describes a plurality of use conditions associated with the features of the application functionality. In one case, the consent information has a hierarchical data structure that identifies a hierarchy of application features. In operation, the consent management system accesses the content information whenever an entity seeks to access a particular application feature; it grants or denies access to the feature based on the consent information. The consent management system also includes a consent maintenance module that allows an administrator (or other entity) to cancel or modify any use condition in the consent information. | 06-14-2012 |
| 20120159570 | PROVIDING A SECURITY BOUNDARY - In order to enable potentially conflicting applications to execute on the same computer, application programming interface (API) calls are intercepted when an application attempts to access a computer system's resources. During a learning mode of operation, a security monitor stores data in a security monitor database identifying which applications are allowed to access the computer system resources. At runtime of an application, the security monitor operates in an enforcement mode and utilizes the contents of the security monitor database to determine if an application is permitted to access system resources. If data associated with the application is located in the security monitor database, the application is allowed to access computer system resources, if data associated with the application is not located in the security monitor database, the application is not allowed to access computer system resources. | 06-21-2012 |
| 20120167169 | METHOD, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR AUTHENTICATING A COMPUTING DEVICE - A method, system, and computer-readable storage medium for authenticating a computing device are provided. According to embodiments of the invention, a first computing device generates a message using first secret data and second secret data, the first secret data for authenticating to a second computing device, the second secret data for authenticating to a third computing device. The first computing device sends the message to the second computing device. In some embodiments, challenge-response authentication is implemented. For example, the first computing device receives a challenge from the second computing device and generates the message based at least in part on the challenge. The second computing device compares local information with information received from the first computing device. The first computing device can thereby be authenticated to the second computing device. Furthermore, the first computing device can be authenticated to the third computing device by a similar process. | 06-28-2012 |
| 20120167170 | METHOD AND APPARATUS FOR PROVIDING PASSIVE USER IDENTIFICATION - A method for providing passive user identification may include causing selective processing of data indicative of characteristics of a user of a device by aggregating one or more modality specific biometric classification processes conducted in background operation of the device, comparing the selectively processed data to a profile of a currently logged in or default user to determine a likelihood that the user corresponds to the currently logged in or default user, and selectively implementing an active authentication process based on a result of the determining. A corresponding apparatus and computer program product are also provided. | 06-28-2012 |
| 20120167171 | Voice-capable system and method for authentication query recall and reuse prevention - A system and method for use with a voice-capable system, includes but is not limited to a method including receiving an authentication request by the voice-capable system from a user computationally networked to the voice-capable system, and determining an authentication session in response to the authentication request, the determining the authentication session including identifying a series of questions associated with the user, the series of questions determined via consulting a predetermined period of time configured to prevent one or more questions from the series of questions from being reused until the predetermined period of time has elapsed. | 06-28-2012 |
| 20120167172 | INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM AND PROGRAM - The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner. | 06-28-2012 |
| 20120167173 | Context-Sensitive Confidentiality within Federated Environments - Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards. | 06-28-2012 |
| 20120174187 | SYSTEMS AND METHODS FOR PROVIDING PHYSICAL LAYER SECURITY - The present invention describes systems and methods for providing physical layer security. An exemplary embodiment of the present invention provides a method of providing physical layer security involving receiving message data at a pre-processing device in a wireless transmission device. Furthermore, the method of providing physical layer security involves pre-processing the message data into channel data with the pre-processing device and transmitting the channel data from the wireless transmission device over a wireless transmission link having a path loss. Subsequently, the method of providing physical layer security involves receiving the channel data at a post-processing module in a reception device. Additionally, the method involves post-processing the channel data into the message data with the post-processing module, such that an unauthorized reception device is unable to post-process the channel data when a path loss experienced over the transmission link is greater than a predetermined value. | 07-05-2012 |
| 20120174188 | REMOVABLE DEVICES - Methods and removable devices are provided. Some such removable devices may include a secure partition and a public partition. The secure partition is not accessible by an operating system of a host for some embodiments. The secure partition is configured to store information so that formatting/reformatting does not alter the stored information for other embodiments. | 07-05-2012 |
| 20120185916 | APPARATUS AND METHOD FOR STATISICAL USER AUTHENTICATION USING INCREMENTAL USER BEHAVIOR - Provided are an apparatus and method for statistical user identification that improves a user's convenience while ensuring security. The apparatus may store a confidence value that statistically represents whether a user is identified as a user that has permission to use a terminal, based on a user event that occurs when the user manipulates the terminal. The apparatus may determine whether to execute a user requested application by comparing the confidence value of the user with a reference value that is defined for the requested application. | 07-19-2012 |
| 20120192249 | VERIFIABLE SERVICE POLICY IMPLEMENTATION FOR INTERMEDIATE NETWORKING DEVICES - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, an intermediate networking device acts as a service intermediary or intermediate connection between a network and one or more communications devices; implements a service policy set for assisting control of the intermediate networking device use of a service set on the network, the service policy set including one or more service policies associated with the intermediate networking device or one or more communications devices connected to the intermediate networking device, the service set being one or more network services used by the intermediate networking device or one or more communications devices; and monitors use of the service set based on the first service policy set, in which the implementation of the service policy set is verified. | 07-26-2012 |
| 20120192250 | Device, System, And Method For Registering And Authenticating Handwritten Signatures And Archiving Handwritten Information - There is provided an electronic pen device configured to be used with a remote secure server for registering handwritten signatures, the secure server comprising an authentication database storing authentication information in connection with pre-registered users and a signature registration database for registering handwritten signatures, the electronic pen device comprising: an input/output (I/O) interface; a memory; a tip and capturing means connected thereto for capturing handwritten signatures; a network interface adapted to be connected to a data network, and a processing unit connected to the I/O interface, to the capturing means, to the memory and to the network interface. As another aspect of the invention, there is further provided a system for registering handwritten signatures. As another another aspect of the invention, there is further provided a method of authenticating handwritten signatures. As a further aspect of the invention, there is provided a method of signing a document by a plurality of contracting user. As a further further aspect of the invention, there is provided an electronic pen device configured to be used with a remote server for archiving handwritten information. | 07-26-2012 |
| 20120198518 | OBSERVABLE MOMENT ENCRYPTION - A method, system and apparatus for encrypting a consumer identification number contained in a portable consumer device by gradually changing a consumer identification number when an observable moment is observed is disclosed. Observable moments can be exposure to light or an electromagnetic field, use of the portable consumer device or a change in temperature. A pattern or history of how the consumer identification number is gradually changed is used to authenticate the portable consumer device or the consumer. | 08-02-2012 |
| 20120204223 | SYSTEM FOR MANAGING DIGITAL INTERACTIONS - A system for managing digital interactions comprising an identity module for creating an identity, wherein the identity includes a unique identifier associated with a first party and a plurality of proposed terms for a relationship with a second party; and a relationship module, in communication with the identity module, for receiving and evaluating the plurality of proposed terms, including accepting or rejecting the plurality of proposed terms and, if accepted, for allowing the first party to communicate with the second party in accordance with the plurality of proposed terms. | 08-09-2012 |
| 20120210393 | RESPONSE DETERMINATION APPARATUS, RESPONSE DETERMINATION METHOD, RESPONSE DETERMINATION PROGRAM, RECORDING MEDIUM, AND RESPONSE DETERMINATION SYSTEM - The present invention includes: acquiring a question including text information and a correct answer to the question; converting part of a character string or character in the question into a different character string or character, and generating a character-converted question ( | 08-16-2012 |
| 20120216250 | IMAGE FORMING APPARATUS, IMAGE FORMING METHOD, AND AUTHENTICATION PROGRAM PRODUCT - An image forming apparatus provided with a document transport unit that transports a document placed thereon, a confirmation unit that confirms whether a detachable recording medium is connected and whether the document is placed, an authentication control unit that controls an authentication and, when the authentication is succeeded, switches an authentication status from a non-authenticated mode to an authenticated mode, and a function execution unit that executes a function, while the authentication status is the authenticated mode. The authentication control unit controls a switching of the authentication status from the authenticated mode to the non-authenticated mode, on the basis of a status indicating whether the recording medium is connected and a status indicating whether the document is placed during the non-authenticated mode, as well as a status indicating whether the recording medium is connected and a status indicating whether the document is placed during the authenticated mode. | 08-23-2012 |
| 20120227084 | Handling of Public Identities - The invention relates to a subscriber data entity, method and a computer program product for defining a first record including a wildcarded public user identity covering plurality of public user identities of users, defining a second record including a public user identity of a user, wherein the public user identity belongs to the plurality of public user identities which the wildcarded public user identity covers and assigning the first record and the second record to the same registration set, wherein the registration set includes public user identities to be registered together. | 09-06-2012 |
| 20120233658 | GENERATING LOG WITH LOCATION AND ACCELEROMETER HISTORY - A method and system for generating a log with location and accelerometer history and verifying the authenticity of the user based on the log. A stroke and capture module captures stroke data from a user. A location identifier module identifies the portable computing device's location. An accelerometer determines the portable computing device's acceleration. A logging module generates metadata that includes the location and accelerometer history. A verification module receives the location and the accelerometer history. The verification module determines the user's mode of transportation based on the accelerometer history. The location and the mode of transportation are compared with information from an authority. If the data matches, the verification authenticates the document. | 09-13-2012 |
| 20120246699 | DISPLAY APPARATUS, CONTROL METHOD THEREOF AND CONTROL METHOD OF EXTERNAL DEVICE - A display apparatus, a control method thereof and a control method of an external device are provided. The display apparatus includes a contents processing unit which reproduces contents, a communication unit which communicates with an external device which reproduces contents, and a control unit which receives reproduction information of the contents reproduced in the external device from the external device through the communication unit, and controls the contents processing unit to reproduce contents corresponding to the contents reproduced in the external device, based on the received reproduction information. | 09-27-2012 |
| 20120284772 | DATA STORAGE DEVICE AUTHENTICATION APPARATUS AND DATA STORAGE DEVICE INCLUDING AUTHENTICATION APPARATUS CONNECTOR - An authentication apparatus includes a data storage unit for storing authentication apparatus identification information, an interface unit for connecting to a host device through a first interface, and an authentication processor that executes an authentication process using the authentication apparatus identification information stored in the data storage unit. The authentication processor executes the authentication process upon receipt of an authentication request signal from the host device through the interface unit, and outputs an authentication response signal including data indicative of a result of the authentication process to the host device via the interface unit. The authentication request signal is for requesting authentication of a data storage device connected to the host device through a second interface. | 11-08-2012 |
| 20120291093 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM - There is provided a communication device including a determination unit for determining whether authentication information presented to a user of another communication device is consistent with comparison information transmitted from the other communication device capable of obtaining and transmitting the authentication information, and an authentication unit, when it is determined that the authentication information is consistent with the comparison information, for authenticating the other communication device as an opposite communication party. | 11-15-2012 |
| 20120304254 | Systems and Methods for Identifying Devices by a Trusted Service Manager - Embodiments of the invention provide systems and methods for identifying devices by a trusted service manager. According to one example embodiment of the invention, a method for identifying communications is provided. The method can include receiving, by a service provider from a device, a message comprising card production life cycle (CPLC) information associated with a secure element incorporated into the device; and evaluating, by the service provider, the received CPLC information in order to identify the secure element. | 11-29-2012 |
| 20120311667 | AUTHENTICATION APPARATUS, AUTHENTICATION METHOD AND COMPUTER READABLE INFORMATION RECORDING MEDIUM - An authentication apparatus authenticates an information processing apparatus in cooperation with an external authentication apparatus. The authentication apparatus responds to a request from the information processing apparatus to carry out authentication and obtain item values, and carries out authentication for a required account; responds to the authentication being carried out, and obtains from the external authentication apparatus an item value corresponding to an item name that is set as an item to be synchronized each time; updates an item value in a local database by the obtained item value; obtains a set of item values including the updated item value; and returns to the information processing apparatus a result of the authentication having been carried out and the obtained set of item values. | 12-06-2012 |
| 20120311668 | PROJECTOR PROJECTING PASSWORD - A projector system of the present invention includes a projector 10 and a personal computer PC as an information terminal, which communicate with each other via a network connection. The projector 10 generates a password required for establishment of the network connection and projects the password on a screen SC. A user of the personal computer PC inputs the password projected on the screen SC. The password is used for authentication of the network connection between the projector 10 and the personal computer PC and cipher communication therebetween. This arrangement of the present invention enhances the convenience of the projector that is capable of establishing a network connection with the information terminal, while ensuring secrecy of communicating data. | 12-06-2012 |
| 20120324534 | METHOD AND SYSTEM FOR AUTOMATICALLY CHECKING THE AUTHENTICITY OF AN IDENTITY DOCUMENT - The process comprises a data-acquisition phase with the creation of a database of multicomponent digital signatures constituting fingerprints of identity documents, linked to a central server relocated relative to a primary database comprising variable textual data and images of reference identity documents. | 12-20-2012 |
| 20120324535 | STATELESS HUMAN DETECTION FOR REAL-TIME MESSAGING SYSTEMS - Stateless human detection for real-time systems allows a real-time message system to challenge incoming messages suspected of being generated by an automated application. When a suspect message is detected, a challenge is presented to a sender of the message. The challenge is designed to require human intervention to provide a correct answer to the challenge. A challenge packet is sent with the challenge and includes a challenge answer and, possibly, a server identifier, a challenge identifier and/or a time stamp that can be used to prevent attacks on the challenge. The challenge packet is encrypted so that the sender cannot access the contents thereof. When the sender provides a response to the challenge, the sender returns the challenge packet. The challenge packet is decrypted and the challenge answer is compared to a sender answer. If the answers match, the sender is allowed subsequent access to the messaging system. | 12-20-2012 |
| 20130014213 | VEHICLE CONTROL SYSTEM AND AUTHENTICATION METHOD - A vehicle control system has a plurality of electronic control devices that are included in a vehicle, a radio wave transmitting body that transmits operation information operating a device included in the vehicle and unique radio-wave-transmitting-body identification information using a radio signal, a first electronic control device that transmits and receive the radio signal to and from a second electronic control device and the radio wave transmitting body, and the second electronic control device that transmits and receive the radio signal to and from the first electronic control device and the radio wave transmitting body. The first electronic control device includes a first storage in which the radio-wave-transmitting-body identification information on the radio wave transmitting body or identification information on the second electronic control device is stored, and a first transmitting/receiving unit that transmits and receives the radio signal. | 01-10-2013 |
| 20130014214 | System Security Process Method and Properties of Human Authorization Mechanism - A system and method for automatically determining if a computer user is a human or an automated script. Human interactive proofs (HIPs) are currently used to deter automated registration for web services by automated computer scripts. Unfortunately, whilst every endeavor is made to obscure the HIPs from such automated processes, the presentation of current HIPs leaves systems very much open to malicious attack from automated computer scripts and processes such as optical character readers (OCR). Those HIPs that have proven more successful in foiling malicious attacks have proved difficult for humans to decipher. The system and method of the invention in one embodiment provides a Pseudo-Isochromatic challenge or puzzle or any other visual illusion generated on the basis of Pseudo-Isochromatic imagery (PICPVI), to be employed within a challenge generator, the invention is created in such a way as to make it extremely difficult for an automated process to read, decipher or otherwise interpret the PICPVI but relatively easy for the human end user to successfully complete. In one embodiment the end user issues a request to a service provider for access to services, the service provider requests HIP by generating a PICPVI. The PICPVI is generated for the user and the response can be provided as the whole or part of the access to service request, making it extremely difficult for an automated process to access services unlawfully or maliciously. | 01-10-2013 |
| 20130014215 | SECURITY MEMORY ACCESS METHOD AND APPARATUS - Various embodiments comprise apparatuses and methods to allow access to a memory device by an external device. A method includes receiving, at the memory device, a request from the external device to access a storage area of the memory device and performing an unlock procedure of the storage area. The unlock procedure includes sending a first code from the memory device to the external device, and receiving a second code at the memory device from the external device. The second code is to be generated by a first encryption process performed on the first code to obtain the second code. The storage area is temporarily unlocked to allow the external device to access the storage area based on a determination that the received second code has a predetermined relationship to the first code. Additional apparatuses and methods are described. | 01-10-2013 |
| 20130019278 | CAPTCHA IMAGE AUTHENTICATION METHOD AND SYSTEMAANM SUN; HUNG-MINAACI Hsinchu CityAACO TWAAGP SUN; HUNG-MIN Hsinchu City TWAANM YEH; CHUN-HAOAACI New Taipei CityAACO TWAAGP YEH; CHUN-HAO New Taipei City TWAANM CHEN; YAO-HSINAACI New Taipei CityAACO TWAAGP CHEN; YAO-HSIN New Taipei City TW - The present disclosure relates to a Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) image authentication method and system. The CAPTCHA image authentication method comprises the steps of: collecting a plurality of first objects; defining a plurality of variables so as to be used as basis for classifying and dividing the plural first objects into M groups accordingly while allowing each group in the M groups to correspond to at least one variable selected from the plural variables; selecting at least one group from the M groups while further grading and dividing the first objects in the selected group into subgroups of N grades based upon a standard unit of the variable corresponding to the selected group; sorting and storing the subgroups of N grades; and selecting a plurality of authentication objects from the subgroups of N grades to be used in an authentication process. | 01-17-2013 |
| 20130031603 | SECURITY METHOD FOR ENGINEERING TOOLS AND INDUSTRIAL PRODUCTS, AND SECURITY SYSTEM - The invention includes a read-restriction setting step of setting read restriction on a program stored in hardware of an industrial product in response to a read restriction request, and a read requesting step of transmitting a read request for the program to the industrial product from an engineering tool that is a read request source. In the read-restriction setting step unique individual information retained in the hardware of the industrial product or unique individual information retained in hardware for executing an engineering tool that is a read-restriction request source is registered as registration individual information, and in the read requesting step, unique individual information retained in hardware for executing the engineering tool that is the read request source or unique individual information retained in the hardware of the industrial product is compared with the registration individual information. | 01-31-2013 |
| 20130047209 | AUTHENTICATION PROCESSING METHOD AND APPARATUS - A physical unclonable function (PUF) device, and a PUF reader which extracts PUF parameters required to calculate a response output from a challenge input by analyzing an operation of the PUF device. Operation parameters characterizing an operation state are obtained by observing a power waveform, an electromagnetic waveform, or a processing time of the PUF device at that time. Authentication of the PUF device is based on the extracted parameters. The PUF reader executes authenticity determination as to whether or not the PUF device is a valid PUF device by monitoring an operation of the PUF device during response generation based on the operation parameters. | 02-21-2013 |
| 20130067533 | GENERATING A TEST LICENSE FOR A DEVELOPER APPLICATION - One or more techniques and/or systems are disclosed for generating a test application license for a developer application, such as to test a licensing portion of the developer application on a developer machine. An application identifier (appID) can be created that is particular to the developer application. Developer binding data associated with an authenticated developer of the developer application can be created that is particular to the developer. The appID and developer binding data are combined to create bound application developer data. The test application license is generated for the developer application based at least upon an authenticated developer certificate and the bound application developer data. The generated test application license provides for the licensing portion of the developer application to be tested on the developer machine. | 03-14-2013 |
| 20130067534 | COMPUTER MOTHERBOARD HAVING PERIPHERAL SECURITY FUNCTIONS - A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer. | 03-14-2013 |
| 20130074148 | METHOD AND SYSTEM FOR COMPILING A UNIQUE SAMPLE CODE FOR SPECIFIC WEB CONTENT - Methods for compiling a unique sample code for specific web content. Methods for providing specific web content with such a unique sample code. Methods for gaining access to specific web content provided with such a unique sample code. Methods for indexing web content in a search engine. Methods of processing an Internet search query using a search engine having indexed web content, Related index repositories. Methods for gaining access to specific web content provided with a unique sample code by using a searching engine having indexed web content. | 03-21-2013 |
| 20130081106 | BUS MONITORING SECURITY DEVICE AND BUS MONITORING SECURITY SYSTEM - A bus monitoring security device is connected to a bus, which includes a tool side bus having a tool connection terminal and an ECU side bus. The ECU side bus is coupled with an ECU, and the tool side bus is coupled with a tool capable of communicating with the ECU via the tool connection terminal. The tool side bus and the ECU side bus are separately coupled with the bus monitoring security device. The bus monitoring security device includes: a controller for determining whether the tool being to access the ECU is connected to the ECU side bus, and for restricting transmission and reception of data between the tool and the ECU when the controller determines that the tool is connected to the ECU side bus. | 03-28-2013 |
| 20130086633 | METHOD AND SYSTEM FOR PROVIDING SECURE, MODULAR MULTIMEDIA INTERACTION - An approach is provided for the secure exchange of multimedia content through a mobile telephony device. A docking station receives a control signal from a media headset, and in response thereto determines to establish a communication link. The docking station selects one of a plurality of communication options corresponding to different networks based on the type of the communication link. The docking station initiates an authentication procedure for the communication link according to the selected communication option. Subsequent to successful authorization, the docking station receives multimedia content over the authenticated communication link, and transmits the received media signal to the media headset. | 04-04-2013 |
| 20130091545 | DELIVERY OF CUSTOMIZED CONTENT FOR UNIQUELY IDENTIFIED MEMORY DEVICES - In particular embodiments, customized content is determined and provided to a user based on a unique identifier stored on a memory device. In one embodiment, a method of delivering content can include: accessing a unique identifier from a memory device that is removably coupled to a computing device, where the memory device includes the unique identifier and preloaded content; using the unique identifier to determine personalized information about a user of the memory device; authenticating the memory device by using the unique identifier from the memory device; determining customized content for the user if the memory device is authenticated, where the customized content is based on the unique identifier; and providing the customized content for presentation to the user along with the preloaded content and the personalized information. | 04-11-2013 |
| 20130097668 | METHOD AND APPARATUS FOR OPERATING MOBILE TERMINAL - A method and apparatus for easily restricting a use right and improving use convenience in a mobile terminal are provided. The method includes displaying a profile list for selecting a set operation mode of the mobile terminal from the displayed profile list; setting an operation mode of the mobile terminal as the selected operation mode, when the set operation mode is selected from the displayed profile list; and displaying a screen associated with the selected operation mode, wherein the set operation mode includes an open mode to use all functions of the mobile terminal and a limited mode to use only set functions. | 04-18-2013 |
| 20130117813 | KILL SWITCH SECURITY METHOD AND SYSTEM - The present invention provides, in at least one embodiment, a system and method to bolster website and mobile authentication providing an additional security layer for access to password protected information. An authorized user is asked to select a kill switch, including one or more image categories or alphanumeric characters that the authorized user would never select while inputting their password. If the kill switch is entered once or too many times, as defined and specified ahead of time by a set of rules and conditions, during password entry, the kill switch kills the password entry operation. User input can be evaluated at the time of entry according to these rules by a rule processing decision engine. Killing the operation can include taking one or more actions, such as locking out the user, sending a notification of breach, and cataloging information about the source of the breach. | 05-09-2013 |
| 20130125204 | SYSTEMS AND METHODS OF DEVICE AUTHENTICATION INCLUDING FEATURES OF CIRCUIT TESTING AND VERIFICATION IN CONNECTION WITH KNOWN BOARD INFORMATION - A method and system for authenticating a device, board, assembly or system includes obtaining or processing test/scan information provided via extraction of ECID or other unique identifying information regarding a board. | 05-16-2013 |
| 20130133031 | Retention Based Intrinsic Fingerprint Identification Featuring A Fuzzy Algorithm and a Dynamic Key - A random intrinsic chip ID generation employs a retention fail signature. A 1 | 05-23-2013 |
| 20130145424 | SECURE PROVISION OF A DIGITAL CONTENT PROTECTION SCHEME - Methods, apparatuses and storage medium associated with securely provisioning a digital content protection scheme are disclosed. In various embodiments, a method may include forming a trust relationship between a media application within an application execution environment of a device and a security controller of the device. The application execution environment may include an operating system, and the operating system may control resources within the application execution environment. Additionally, the security controller may be outside the application execution environment, enabling components of the security controller to be secured from components of the operating system. Further, the method may include the security controller in enabling a digital content protection scheme for the media application to provide digital content to a digital content protection enabled transmitter within the application execution environment for provision to a digital content protection enabled receiver. Other embodiments may be disclosed or claimed. | 06-06-2013 |
| 20130160077 | INFORMATION PROCESSING APPARATUS, METHOD FOR RELEASING RESTRICTION ON USE OF STORAGE DEVICE, AND STORAGE MEDIUM - An information processing apparatus includes an authentication information storage unit that stores authentication information for releasing restriction on use of a storage device, a release unit that releases the restriction on use of the storage device based on the authentication information, a generation unit that generates new authentication information for releasing the restriction on use of the storage device, and a setting unit that, after the restriction on use of the storage device is released, set the new authentication information in the storage device. | 06-20-2013 |
| 20130160078 | USER AUTHENTICATION APPARATUS AND METHOD THEREOF - A user authentication apparatus includes an information collection unit which collects user information from a plurality of personal devices of a user within a predetermined distance, and a control unit which identifies the user as a user corresponding to the collected information based on the amount of user information collected. Accordingly, user authentication can be easily performed using devices of a user, resulting in increased user convenience. | 06-20-2013 |
| 20130179940 | Protection of Safety Token Against Malware - Security token for the authentication of access to a self-service terminal, comprising an interface for a connection to the self-service terminal, comprising authentication information, characterized by a second interface that allows a connection of a memory stick the contents of which are made available to the self-service terminal, wherein access to the memory stick is dependent on the authentication information. | 07-11-2013 |
| 20130185764 | FILE SYSTEM ACCESS FOR ONE OR MORE SANDBOXED APPLICATIONS - Methods, systems, and machine-readable storage medium are described wherein, in one embodiment, identifiers, such as bookmarks, are used to allow access to files or folders in a sandboxed environment. One or more applications are restricted by an access control system, which can be, for example, a trusted software component of an operating system. In one embodiment, the bookmarks or other identifiers allow an application to have access to a file even if the file is renamed or moved by a user while the application has been terminated. In one embodiment, a resource manager, or other trusted access control system, can interact with an application to allow for the use of bookmarks in an environment in which a sandbox application controls access to the files such that each application must make a request to the sandbox application in order to obtain access to a particular file or folder. | 07-18-2013 |
| 20130212642 | Resilient Device Authentication System - A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data. | 08-15-2013 |
| 20130212643 | TRANSMISSION APPARATUS, ELECTRONIC APPLIANCE, RECEPTION APPARATUS, AND AUTHENTICATION SYSTEM - There is provided a transmission apparatus including a terminal electrically connected to a terminal of another apparatus, a body information acquiring unit acquiring body information of a user holding the transmission apparatus, and a transmission unit operable, by carrying out load modulation in accordance with the terminal contacting or being positioned close to the terminal of the other apparatus, to transmit, via the terminal, information on which the body information acquired by the body information acquiring unit is superimposed. | 08-15-2013 |
| 20130227642 | APPARATUS AND METHOD FOR DETECTING ILLEGAL USER - An apparatus for detecting an illegal user includes a user characteristics analysis unit configured to analyze difference of unique characteristics between an illegal program and a normal user; and a recognition method determination unit configured to determine a recognition method for recognizing the illegal program on the basis of the difference of the unique characteristics. Further, the apparatus for detecting the illegal user includes an illegal user detection unit configured to detect the illegal user using the illegal program within a game by the recognition method. | 08-29-2013 |
| 20130239173 | COMPUTER PROGRAM AND METHOD FOR ADMINISTERING SECURE TRANSACTIONS USING SECONDARY AUTHENTICATION - Administering secure transactions using secondary authentication includes receiving a transaction request from a user using a first client device, determining whether the requested transaction is a type of transaction that is already approved, determining whether one or more current parameters of the transaction are within limits that are already established if the type of transaction is already approved, transmitting a secondary authentication request to the user to approve the transaction if the current parameters are outside of already established limits or if the type of transaction is not already approved, receiving a response to the secondary authentication request from the user, determining from the response whether the user approved the transaction, aborting the transaction if the user denies the transaction, and performing the transaction if the user approves the transaction or if the type of transaction is already approved and the current parameters are within already established limits. | 09-12-2013 |
| 20130239174 | DATA TRANSMITTING SYSTEM AND METHOD, DRIVE UNIT, ACCESS METHOD, DATA RECORDING MEDIUM, RECORDING MEDIUM PRODUCING APPARATUS AND METHOD - A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data). | 09-12-2013 |
| 20130247145 | TEMPERATURE-PROFILED DEVICE FINGERPRINT GENERATION AND AUTHENTICATION FROM POWER-UP STATES OF STATIC CELLS - A method, system and computer program product for generating device fingerprints and authenticating devices uses initial states of internal storage cells after each of a number multiple power cycles for each of a number of device temperatures to generate a device fingerprint. The device fingerprint may include pairs of expected values for each of the internal storage cells and a corresponding probability that the storage cell will assume the expected value. Storage cells that have expected values varying over the multiple temperatures may be excluded from the fingerprint. A device is authenticated by a similarity algorithm that uses a match of the expected values from a known fingerprint with power-up values from an unknown device, weighting the comparisons by the probability for each cell to compute a similarity measure. | 09-19-2013 |
| 20130263215 | Display Authentication - Security can be improved in electronic devices that use authentication images and trusted user interfaces (TUIs), and it can still be easy for users to see the TUIs by making more dynamic use of the authentication images and possibly adding color effects. | 10-03-2013 |
| 20130276058 | DOCUMENT VERIFICATION WITH DISTRIBUTED CALENDAR INFRASTRUCTURE - Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. A combination of root values is published in a permanent medium. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current root value or to the published value. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value. | 10-17-2013 |
| 20130276059 | ELECTRONIC PHYSICAL UNCLONABLE FUNCTIONS - An electronic asymmetric unclonable function applied to an electronic system being evaluated includes an electronic system and an AUF array electronically associated with the electronic system. The AUF array includes a plurality of non-identical cells. Each of the non-identical cells includes a test element representing a characteristic of the electronic system being evaluated and a measurement device evaluating the test element. A comparison unit processes an output of the measurement device to provide a multi-bit output value representing a magnitude of differences. | 10-17-2013 |
| 20130326582 | ABOVE-LOCK NOTES - A note-capture application is disclosed that allows notes to be displayed on the lock screen. In one embodiment, a note-capture application can be invoked when a mobile device is in an above-lock state. Note data can be captured using the note-capture application, and the captured data can be persistently displayed on the lock screen. A user can perform a unique gesture from the lock screen to invoke the note-capture application. In another embodiment, multiple input modes can be available for note data capture. For example, voice data, text data, camera data, etc. can all be used to capture notes for display on the lock screen. | 12-05-2013 |
| 20130332992 | METHODS AND SYSTEMS FOR IDENTIFYING A TRUSTABLE WORKFLOW BASED ON A COMPREHENSIVE TRUST MODEL - Methods and systems for identifying a trustable workflow based on a comprehensive trust model. One or more trustable links between two or more abstract services among a number of combinations of concrete services can be searched and the trustable link combined to realize an abstract workflow so as to construct a candidate trustable workflow space. The K trustable workflows can be determined by randomly selecting the trustable link with respect to each pair of connected abstract services and combining the selected trustable links. The trustable link in the workflow can be selected to be replaced with another candidate trustable link to provide a higher selection probability to the trustable link in a critical path. | 12-12-2013 |
| 20130340037 | DATA STORAGE APPARATUS WITH AUTHENTIFICATION FACILITY AND A METHOD OF AUTHENTIFICATION - A data storage apparatus, and specifically a flash drive comprises a first authentication device and a second authentication device apart. The authentication facility is for accessing a storage module of the flash drive. The first authentication device comprises a microphone and is configured to receive a voice signature from the user. If the user requires authentication, the voice signature has to be delivered to the flash drive which will be captured by the microphone and a processing device compares the received voice signature with the stored voice signature. If they match, then authentication is provided. The second authentication device comprises a button or a switch and is used to select a set of colour codes from red and green flashing LEDs. If the colour codes selected is the same as the colour codes stored as compared by the processing device, then authentication is provided. | 12-19-2013 |
| 20130340038 | ENABLE/DISABLE METHOD OF ADDITIONAL-FUNCTION UNIT, SYSTEM FOR SAME, PROGRAM FOR SAME, AS WELL AS ADDITIONAL-FUNCTION UNIT - The objective of the present invention is to disable functionality of an additional-function unit if an unauthorized program has been installed in an information processing device, thereby preventing an unauthorized program from acquiring, in an unauthorized manner, information from the additional-function unit. The present invention is an enable/disable method for an additional-function unit in an information processing device to which the additional-function unit has been added, which has a step for calculating a first directional function value on the basis of data included in a recording medium storing a boot loader and an operating system so as to store the first directional function value at manufacture time into the additional-function unit, a step for calculating a second directional function value on the basis of data included in the recording medium after the information processing device has been started up, and a step for disabling the functionality of the additional-function unit if the first directional function value and the second directional function value are different. | 12-19-2013 |
| 20130347063 | HANDLING CLAIMS TRAVERSING SECURITY BOUNDARIES - Sharing security claims across different security contexts. A method includes, for a first security context, identifying a first set of security claims. The method further includes for the first security context identifying a second set of security claims from the first set of security claims that is allowed to be sent from the first security context. The first set of security claims is modified to create the second set of security claims. For a second security context, security claim requirements are identified. The second set of security claims is modified to satisfy the security claim requirements for the second security context. | 12-26-2013 |
| 20130347064 | METHOD AND APPARATUS FOR SECURE APPLICATION EXECUTION - Systems, methods, apparatuses, and computer-readable media are described for securely installing, executing and/or migrating a security sensitive application in a trusted execution environment on a mobile device. For example, techniques described herein allow a mobile device to verify the operating environment of the mobile device, the security sensitive application itself and discover a trusted execution environment on the device to install the security sensitive application. Furthermore, techniques are disclosed for verifying the state of one or more applications on the mobile device against a synchronized copy of the trusted execution environment operating in the cloud and also migrating the state of one or more applications from a trusted execution environment from a first mobile device to a second mobile device in the event that the mobile device is compromised, lost, stolen or being upgraded. | 12-26-2013 |
| 20130347065 | SYSTEM AND METHOD FOR CLONING A WI-FI ACCESS POINT - Systems and methods for cloning a Wi-Fi access point. A determination is made by a network monitoring device to transition communications between a Wi-Fi device and a first access point (AP) to a second AP. The SSID and the security configuration information, and, optionally, network address translation (NAT) information of the first access point are acquired and provided to a second AP. The second AP instantiates the SSID and the security configuration information and, optionally, the NAT information. The networking monitoring device directs the first AP to cease using the SSID and the security configuration information and, optionally, the NAT information in response to receipt of confirmation that the second AP has instantiated the SSID and the security configuration information and, optionally, the NAT information of the first AP. | 12-26-2013 |
| 20130347066 | METHODS AND SYSTEMS FOR SECURE KEY ENTRY VIA COMMUNICATION NETWORKS - According to some embodiments, a member authentication request is received at a security server from a client server. The member authentication request may be associated with, for example, a member attempting to access confidential information from the client server. A secure key associated with the member may be determined and data associated with that key may be transmitted to the member (e.g., via his or her wireless device or computer). Secure key information may be received from the member and validated. Based on the validated secure key information, it may be arranged for the member to receive the confidential information from the client server. | 12-26-2013 |
| 20140007188 | SYSTEMS AND METHODS FOR SECURE HANDLING OF SECURE ATTENTION SEQUENCES | 01-02-2014 |
| 20140013387 | EFFICIENT SINGLE SIGN-ON AND IDENTITY PROVIDER CONFIGURATION AND DEPLOYMENT IN A DATABASE SYSTEM - Various techniques and procedures related to user authentication, identity providers, and single sign-on (SSO) are presented here. One approach creates an SSO link between two organizations in a streamlined manner using an internal cross-user systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. Another approach presented here configures an identity provider service for an entity or organization by processing a single user command. The identity provider service is automatically configured in the background without processing any additional user commands, user instructions, or user-entered data. | 01-09-2014 |
| 20140020055 | NETWORK SELECTION TOOL FOR INFORMATION HANDLING SYSTEM - A user information handling system (IHS) link analysis tool intercepts requests to navigate to a webpage, such as a link. The user IHS link analysis tool transmits the link to a security IHS link analysis tool. The user IHS link analysis tool receives a network selection message from the security IHS indicating which network the user IHS should utilize based upon the content of the link. | 01-16-2014 |
| 20140020056 | INTEGRATED PHYSICAL ACCESS CONTROL AND INFORMATION TECHNOLOGY (IT) SECURITY - Embodiments described herein provide security for a user integrated technology (IT) account by integrating a facility's physical access controls with its IT security system to provide authorization and access. When a user is granted facility access, his/her accounts are automatically enabled or provisioned via an IT security system. When the user exits the facility, his/her accounts are automatically disabled or de-provisioned via the IT security system. The IT security system maintains the user IT account in a secured state until the user credentials are verified at an access control point to enable access to the user IT account, and returns the user IT account to the secured state after receiving the user credentials at the access control point to disable access to the user IT account. As such, the user IT account is secured when not needed by the user to reduce periods of vulnerability. | 01-16-2014 |
| 20140020057 | NETWORK SELECTION TOOL FOR INFORMATION HANDLING SYSTEM - A user information handling system (IHS) link analysis tool intercepts requests to navigate to a webpage, such as a link. The user IHS link analysis tool transmits the link to a security IHS link analysis tool. The user IHS link analysis tool receives a network selection message from the security IHS indicating which network the user IHS should utilize based upon the content of the link. | 01-16-2014 |
| 20140020058 | METHODS AND SYSTEMS FOR IMPROVING THE SECURITY OF SECRET AUTHENTICATION DATA DURING AUTHENTICATION TRANSACTIONS - A method for improving the security of secret authentication data during authentication transactions is provided that includes converting the secret authentication data of a user into scrambled secret authentication data by associating a different text-string with each item of information included in the secret authentication data. The method also includes capturing the scrambled secret authentication data with a communications device, and conducting an authentication transaction with the captured authentication data. | 01-16-2014 |
| 20140020059 | CONTENT SHARING SYSTEM, INFORMATION COMMUNICATION APPARATUS, CONTENT SHARING METHOD, AND COMMUNICATION METHOD - When a user who shares content is selected in a first information communication apparatus used by one of the users who share content, sharing space securement information for the selected user is generated and transmitted to the server. When sharing space connection information for accessing a sharing space, which is generated by the server based on the sharing space securement information, is received by the first information communication apparatus, the sharing space connection information transmitted to the second information communication apparatus used by the user who share the content. | 01-16-2014 |
| 20140040982 | Functionality Watermarking and Management - A method, system and non-transitory computer-readable medium product are provided for functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to establish an association between a watermark template and a function of at least one user device and determining whether the request to establish the association between the watermark template and the function of the at least one user device is authorized. The method further includes authorizing the request to establish the association between the watermark template and the function of the at least one user device in response to a determination that the request to establish the association between the watermark template and the function of the at least one user device is authorized. | 02-06-2014 |
| 20140040983 | TERMINAL AUTHENTICATION METHOD AND TERMINAL - Disclosed are a terminal authentication method and a terminal. The authentication method comprises: setting on the terminal a detection device; setting on a stylus a label device capable of being detected by the detection device; the detection device detecting for label information preconfigured in the label device, and authenticating the stylus according to a detection result. Employment of the technical solution of the disclosure solves the technical problems in the related art of the incapability of the terminal to authenticate the stylus. | 02-06-2014 |
| 20140047505 | Automated Entity Verification - Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code. | 02-13-2014 |
| 20140059643 | WIRELESS COMMUNICATION APPARATUS, RECORDING MEDIUM, AND METHOD - A wireless communication apparatus includes an optical wireless receiving unit receiving a pseudo random number; an authentication code generator generating an authentication code based on the pseudo random number received by the optical wireless receiving unit; and a wireless communication unit determining whether authentication using the authentication code with a given wireless communication apparatus is successful, and performing wireless communications with the given wireless communication apparatus when determining that the authentication using the authentication code with a given wireless communication apparatus is successful. | 02-27-2014 |
| 20140059644 | METHOD AND APPARATUS FOR SHARING CONTENT - A method and apparatus for sharing content by selecting a device with which the content is to be shared and performing authentication by using a device which is being called. The method of sharing content of a first device includes: performing authentication of a remote access service for sharing the content with a second device based on a call connection state between the first device and the second device; remotely accessing the second device according to a result of the authentication; and sharing the content based on the remote access. | 02-27-2014 |
| 20140090015 | INFORMATION PROCESSING DEVICE AND METHOD - An information processing device includes a meeting determination unit, an authentication reception unit, and an authentication determination unit. The meeting determination unit determines whether a user who is an authenticatee meets a user who is an authenticator based on information received from terminals used by the users. The authentication reception unit receives information indicating that an authentication operation is performed for the authenticatee from the terminal of the authenticator who is determined to have met the authenticatee. The authentication determination unit permits the authenticatee to use a predetermined information service, when receiving, from a predetermined number of terminals of authenticators, tho information indicating that the authentication operation is performed for the authenticatee. | 03-27-2014 |
| 20140109181 | SECURING ACCESS OF REMOVABLE MEDIA DEVICES - A security adapter for an electronic device comprises a body, a device connector and host connectors that include a male connector and a female connector and an interlocking structure. The host connector is capable of engaging with a host, and the device connector is capable of engaging with an electronic device. In a first position, the interlocking structure is configured to lock an unlocked engagement of the interlocking structure to the device connector, and in a second position, the interlocking structure is configured to unlock a locked engagement of the interlocking structure to the device connector. Electronic circuitry of the security adapter is operable to identify the security adapter to the host. The electronic circuitry communicates with an access control application running on the host for controlling data access operations between the host and a device that is connectable to the security adapter. | 04-17-2014 |
| 20140115661 | USER AUTHENTICATION METHOD AND SYSTEM FOR USING WEB MULTI CONTENTS - The present invention relates to an information protection technology for management of a web mashup content authority. An exemplary embodiment of the present invention provides a user authentication method for using a web multi content, which includes: confirming whether to include authority information of a user for at least one content to request a domain which supplies the content to verify an authority of the user; performing authentication for the user who wants to use the content; verifying whether a request of the user to use the content is within an authenticated authority; and decoding the content to be supplied. According to the present invention, in a web service environment where only one protocol is used by the same origin policy, access control for data convergence is provided. In a web convergence service environment, a modification or plagiarism of a content (data or code) is prevented in advance. | 04-24-2014 |
| 20140115662 | Mechanism for Detecting Human Presence Using Authenticated Input Activity Timestamps - When a service request associated with an initiated online service transaction is received, an attestation identifying a human-input activity is requested. Upon receiving a signature attesting the human-input activity, the previously initiated service transaction is authenticated based at least in part on the signature. | 04-24-2014 |
| 20140123220 | BUSINESS METHOD INCLUDING CHALLENGE-RESPONSE SYSTEM TO SECURELY AUTHENTICATE SOFTWARE APPLICATION PROGRAM INTERFACES (APIs) - A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that is provided to validate whether the parties involved are licensed to use the system which includes rights to Intellectual Property (IP) and corresponding obligations. The handshake is a Challenge-Response protocol that includes several steps. First, a Claimant sends a request to a Verifier requesting access to a function through an API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant. The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under the license, known as Hook IP, and issues a Response to the Verifier. The Verifier compares the possibly-correct Candidate Response from the Claimant to the known-correct Target Response and if a match occurs the Verifier allows the Claimant access to the API. | 05-01-2014 |
| 20140130123 | METHOD FOR OPERATING INVISIBLE SYSTEM SERVICES ON ANDROID PLATFORM - A method for operating an invisible system service on Android platform is disclosed. The method for operating system services on Android platform includes selectively registering a created system service in a context manager according to a type of the created system service, where the type of the system service comprises a first type for permitting access from an outside and a second type for not permitting access from the outside, and the selectively registering comprises registering in the context manager the created system service belonging to the first type and not registering in the context manager the created system service belonging to the second type. | 05-08-2014 |
| 20140130124 | Partially Virtualizing PCR Banks In Mobile TPM - In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering, with an entity of a device, an attestation with a trusted platform module/mobile platform module of the device; and in response to the triggering, sending information comprising a platform configuration register value towards the entity, where the platform configuration register depends on measurements of the entity triggering the attestation. | 05-08-2014 |
| 20140150055 | DATA REFERENCE SYSTEM AND APPLICATION AUTHENTICATION METHOD - A server system includes an application server and a data server. The application server includes an application authentication unit that authenticates an application on the basis of information that has been received from a communication terminal and that is related to the application included in the terminal and includes a token issuing unit that issues, when the legitimacy of the application has been authenticated, signature information that includes server information that indicates a server that stores therein data accessed by the application. The data server includes an authentication unit that determines, on the basis of the signature information received from the communication terminal, whether the server information included in the signature information indicates the data server and includes a control unit that permits the application in the communication terminal to access the data when the server information indicates the data server. | 05-29-2014 |
| 20140150056 | FUEL DISPENSER USER INTERFACE SYSTEM ARCHITECTURE - A vending machine can include a touch display and a touch controller operatively connected to the touch display and configured to transmit display data to the touch display and receive input data from a touchscreen function of the touch display. The vending machine also includes a secure device operatively connected to the touch display for securing the display by managing touch input information provided to one or more applications based on the input data received from the touchscreen functionality. The vending machine has a processor operatively connected to the secure device for communicating access requests for the touch display to the secure device from the one or more applications along with an indication of whether the one or more applications are signed by an authorized entity. The secure device manages the touch input information provided to the one or more applications further based at least in part on the indication. | 05-29-2014 |
| 20140150057 | METHOD AND APPARATUS FOR RECOGNIZING IMAGE CONTENT - Embodiments of the present invention provide a method and apparatus for recognizing image contents. In one embodiment of the present invention, there is provided a method for recognizing image contents, comprising: providing at least a first image pair and a second image pair to a user; obtaining a first answer and a second answer from the user, wherein the first answer and the second answer respectively indicate the user's determination on whether the image contents in the first image pair and the second image pair are same or not; and modifying a weight of the second image pair in response to the first answer matching a predetermined answer. In one embodiment of the present invention, there is provided an apparatus for recognizing image contents. | 05-29-2014 |
| 20140157362 | RECOVERING FROM UNEXPECTED FLASH DRIVE REMOVAL - Techniques for recovering from unexpected removal of (or other unexpected power loss) a flash memory device from a computer system. An interpolated device driver notes whenever the flash memory device is unexpectedly removed, or otherwise unexpectedly powers off or enters a locked state. If the flash memory device is reinserted, the interpolated device driver reinitializes the flash memory device, and satisfies any flash memory device security protocol, so the flash memory device and the computer system can be restored to their status just before unexpected removal. The interpolated device driver caches requests to the flash memory device, and when status is restored to just before removal, replays those requests to the flash memory device, so the flash memory device responds to those requests as if it had ever been removed. The computer system does not notice any break in service by the flash memory device due to removal and reinsertion. | 06-05-2014 |
| 20140157363 | METHODS AND SYSTEMS FOR SECURE STORAGE SEGMENTATION BASED ON SECURITY CONTEXT IN A VIRTUAL ENVIRONMENT - A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host. | 06-05-2014 |
| 20140165141 | SELF-AUTHENTICATING CHIP - Embodiments of the present invention provide an authenticating service of a chip having an intrinsic identifier (ID). In a typical embodiment, an authenticating device is provided that includes an identification (ID) engine, a self-test engine, and an intrinsic component. The intrinsic component is associated with a chip and includes an intrinsic feature. The self-test engine retrieves the intrinsic feature and communicates it to the identification engine. The identification engine receives the intrinsic feature, generates a first authentication value using the intrinsic feature, and stores the authentication value in memory. The self-test engine generates a second authentication value using an authentication challenge. The identification engine includes a compare circuitry that compares the first authentication value and the second authentication value and generates an authentication output value based on the results of the compare of the two values. | 06-12-2014 |
| 20140173689 | PROVIDING A REAL-TIME INDICATION OF PLATFORM TRUST - Methods and apparatuses for providing a real-time indication of platform trust are provided. Embodiments include an integrity reporting module determining that a platform is currently operating in a system management mode (SMM) and receiving from an integrity measurement module, an integrity measurement results signal. Embodiments also include the integrity reporting module determining whether the received integrity measurement results signal indicates the platform is trusted. If the received integrity measurement results signal indicates that the platform is trusted, the integrity reporting module provides to a user of the platform, a real-time visual indication that the platform is trusted. If the received integrity measurement results signal indicates that the platform is not trusted, the integrity reporting module provides to the user a real time visual indication that the platform is not trusted. | 06-19-2014 |
| 20140181900 | Quantifying Risk Based on Relationships and Applying Protections Based on Business Rules - An embodiment of the invention provides a method for controlling access to a system, wherein a request to access the system and metadata of the request are received from a user, the request including a user identification. The metadata includes: information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and/or confirmation of the user identification by an entity physically proximate to the user. A database is queried with the user identification and the metadata to identify relationship data. The relationship data indicates the relationship between the individual assigned the user identification and an entity owning the system, an entity leasing the system, and/or an entity operating the system. The relationship data is input into a rules engine; and, security measure(s) are selected with the rules engine based on the relationship data. | 06-26-2014 |
| 20140196109 | Method and device for the authentication of at least two agricultural devices coupled via a data bus - A method for the authentication of at least two agricultural devices coupled via a data bus includes subjecting the each of the agricultural devices to authentication, automatically and independently of every of the agricultural device by use of an authentication device, which is also coupled to the data bus. The method also includes allowing a direct data exchange or indirect data exchange between the successfully authenticated agricultural devices, automatically. If authentication of the at least two data devices is unsuccessful, data exchange between the unsuccessfully authenticated agricultural devices is disallowed. | 07-10-2014 |
| 20140245383 | METHOD AND APPARATUS FOR PACKET SOURCE VALIDATION ARCHITECTURE SYSTEM FOR ENHANCED INTERNET SECURITY - A system of enhanced global computer network security provides for a globally unique human signature code that is provided in the header of a data packet and that is used to uniquely identify a sender of a data packet in a global computer network. The signature code is of the form that identifies the source as an owner of the server that has control over the server that originated the data packet. The signature code includes, (i) a caller id of a mobile telephone provided by a cellular telephone network, (ii) time and date of a call to a key server, (iii) cellular network identification of the geographic location of the caller, and (iv) a random code. | 08-28-2014 |
| 20140245384 | Nonvolatile Memory Device Having Authentication, and Methods of Operation and Manufacture Thereof - A memory device package encloses two separate die, one being a standard nonvolatile memory integrated circuit (“IC”) die, and the other being any suitable authentication IC die. Either die may be stacked upon the other, or the die may be placed side-by-side. The external contacts may correspond to the power and signal requirements of the standard nonvolatile memory IC die so that the pin-out of the memory device package may present a standard pinout. The power and signal requirements of the authentication IC die may be satisfied with some or all of the pins for the nonvolatile memory integrated circuit die, or with other unused pins of the device package. One or more additional external contacts may be added exclusively for the authentication integrated circuit die. One or more signals may be dedicated as between the standard nonvolatile memory IC die and the authentication IC die. | 08-28-2014 |
| 20140250494 | APPLICATION EXECUTION IN A RESTRICTED APPLICATION EXECUTION ENVIRONMENT - Application programming interface (API) calls made by an application are intercepted at runtime. A determination is made as to whether each intercepted API call is allowed or blocked by a restricted application execution environment. Each API call that is blocked by the restricted application execution environment is modified so that the API call is allowable such as, for instance, modifying the API call to execute against a shadow resource. Remediation code might also be executed at runtime to reformat the API call so that it is allowed to execute in the restricted application execution environment. | 09-04-2014 |
| 20140259101 | APPARATUS AND METHOD FOR INHERITING A NON-SECURE THREAD CONTEXT - Disclosed is a method for inheriting a non-secure thread context. In the method, a first secure monitor call associated with a first non-secure thread of a non-secure environment of a processing system is received. A first secure thread is created, in response to the first secure monitor call, that inherits a first interrupt state of the first non-secure thread. | 09-11-2014 |
| 20140259102 | PROTECTION AGAINST ILLEGITIMATE LINK TERMINATION IN A WIRELESS NETWORK - A wireless access point may be openly accessible to public use. The wireless access point receives an association communication from a computer device to establish a wireless communication link with the wireless access point. The association communication can includes unique information such as vendor specific information associated with a network interface card in the computer device, an IP (Internet Protocol) network address assigned to the computer device, etc. The wireless access point establishes a wireless communication link between the wireless access point and the computer device. The wireless access point utilizes the unique information to verify authenticity of the request to terminate the wireless communication link. In a similar vein, a computer device can receive unique information associated with a wireless access point and use the unique information to verify authenticity of a request by the access point to terminate the wireless communication link. | 09-11-2014 |
| 20140259103 | ACCESS CONTROL, ESTABLISHING TRUST IN A WIRELESS NETWORK - A wireless access point provides a subscriber access to use of a core network. Several techniques are implemented to build trust that the subscriber is connected with and using a safe wireless network. Additional techniques can be used to control use of services provided by the wireless access point. | 09-11-2014 |
| 20140259104 | AUTOMATIC CONSTRUCTION OF HUMAN INTERACTION PROOF ENGINES - Human Interaction Proofs (“HIPs”, sometimes referred to as “captchas”), may be generated automatically. An captcha specification language may be defined, which allows a captcha scheme to be defined in terms of how symbols are to be chosen and drawn, and how those symbols are obscured. The language may provide mechanisms to specify the various ways in which to obscure symbols. New captcha schemes may be generated from existing specifications, by using genetic algorithms that combine features from existing captcha schemes that have been successful. Moreover, the likelihood that a captcha scheme has been broken by attackers may be estimated by collecting data on the time that it takes existing captcha schemes to be broken, and using regression to estimate the time to breakage as a function of either the captcha's features or its measured quality. | 09-11-2014 |
| 20140282863 | Document Verification With Distributed Calendar Infrastructure - Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current calendar value or onward to a composite calendar value that is a function of calendar values in a calendar, which comprises a set of computed calendar values, such that the calendar values have a time correspondence. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value, indicating authentication of the candidate digital record. The authentication process as such is independent of any trust authority that issues cryptographic keys. | 09-18-2014 |
| 20140289796 | RECONCILIATION OF ACCESS RIGHTS IN A COMPUTING SYSTEM - Systems and methods are provide for reconciling access rights of a computing system are described. Access right information that respectively corresponds to access rights of a computing system may be obtained and evaluated. Reconciliation tasks may be performed using the access right information, and a reconciliation report may be generated during performance of at least one of the reconciliation tasks. The reconciliation report may indicate that one or more of the access rights should either be provisioned or revoked at the computing system. | 09-25-2014 |
| 20140298411 | ACCESSING A SECURE ELEMENT THROUGH A MANAGEABLITY ENGINE - One example provides a system including a Near Field Communication (NFC) module including a secure element and a host computer communicatively coupled to the NFC module. The host computer includes a manageability engine. A secure NFC application of the host computer is to access the secure element through the manageability engine. | 10-02-2014 |
| 20140298412 | System and Method for Securing a Credential via User and Server Verification - Systems and methods for securing a credential generated by or stored in an authentication token during an attempt to access a service, application, or resource are provided. A secure processor receives a credential from an authentication token and securely stores the credential. The secure processor then verifies the identity of the individual attempting to use the authentication token and cryptographically verifies the identity of the server being accessed. The credential is only released for transmission to the server if both the identity of the individual and the identity of the server are successfully verified. Alternatively, a secure connection is established between the secure processor and the server being accessed and a secure connection is established between the secure processor and a computing device. The establishment of the secure connections verifies the identity of the server. After the secure connections are established, the identity of the user is verified. | 10-02-2014 |
| 20140304770 | TERMINAL - A terminal which selects an access point (AP) and a method thereof are provided. The method for selecting the AP includes: receiving a plurality of packets from a plurality of APs which provide wireless communication services, analyzing the received plurality of packets and calculating reliability for security of the plurality of APs, and displaying the calculated reliability and identification information of the plurality of APs. | 10-09-2014 |
| 20140304771 | APPLICATION EXECUTION IN A RESTRICTED APPLICATION EXECUTION ENVIRONMENT - Application programming interface (API) calls made by an application are intercepted at runtime. A determination is made as to whether each intercepted API call is allowed or blocked by a restricted application execution environment. Each API call that is blocked by the restricted application execution environment is modified so that the API call is allowable such as, for instance, modifying the API call to execute against a shadow resource. Remediation code might also be executed at runtime to reformat the API call so that it is allowed to execute in the restricted application execution environment. | 10-09-2014 |
| 20140310771 | Time-based Functionality Restrictions - Time-based functionality restrictions may be provided. Periodic scans may be performed to identify requests to perform functions on user devices, to determine whether the functions are compliant with compliance rules associated with the user devices that specify time periods during which the user devices are authorized to perform the functions, and to perform remedial actions if the functions are not compliant with the compliance rules. | 10-16-2014 |
| 20140310772 | Location-based Functionality Restrictions - Location-based functionality restrictions may be provided. Periodic scans may be performed to identify requests to perform functions on user devices, to determine whether the functions are compliant with compliance rules associated with the user devices that specify location where the user devices are authorized to perform the functions, and to perform remedial actions if the functions are not compliant with the compliance rules. | 10-16-2014 |
| 20140317686 | SYSTEM WITH A TRUSTED EXECUTION ENVIRONMENT COMPONENT EXECUTED ON A SECURE ELEMENT - A distributed trusted execution environment is provided for a device, where the distributed trusted execution environment is split into two components: a trusted execution environment that is executed on a tamper-resistant secure element, and a trusted execution environment proxy that is executed on the device. The trusted execution environment proxy acts a proxy between the trusted execution environment that is executed on the secure element, and one or more hardware components or software components of the device. | 10-23-2014 |
| 20140325593 | USER SECURITY COMPARISON AND REVERSION - A web interface may generate reports regarding changes in user security parameters in a computer network. The report may ease administrator's duties analyzing log files to determine the modifications to user accounts. The administrator may be presented with an option to revert a user to a prior state of user security parameters. Thus, the interface provides the administrator the ability to generate reports and modify user accounts from a single web page. | 10-30-2014 |
| 20140325594 | Methods and Systems for Secured Authentication of Applications on a Network - A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end. | 10-30-2014 |
| 20140325595 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING SYSTEM, METHOD OF PERFORMING STATUS MONITORING TO CHECK IF AUTHENTICATION SERVER RECOVERS FROM DOWN STATUS, AND RECORDING MEDIUM - An image processing apparatus comprises: a transmitter that transmits user information input by a user, to an authentication server; a receiver that receives an authentication result from the authentication server; a job execution portion that executes a job if the user is successfully identified as an authorized user; a register storage that stores accumulated information including information about the executed job; an information transfer portion that transfers the accumulated information to the authentication server; a detector that detects an event if the authentication server is down; a time settings portion that specifies either “at a predetermined time” or “when log-on is requested”, as the time to check the status of the authentication server; and a status checking portion that: transmits acknowledgment request data to the authentication server at the specified time; and checks the status of the authentication server if acknowledgment data is received from the authentication server. | 10-30-2014 |
| 20140359699 | METHOD AND SYSTEM FOR RESTRICTING SPECIFIC USERS FROM ACCESSING PREDETERMINED PORTIONS OF MES SCREENS DEPENDING ON THE STATE OF THE WEB SCREEN PAGE - In a generic set-up of an MES screen, a panel always contains the data available but blocks the data from view until a data segregation service removes the blocking according to user roles and a state of the MES screen page. The data segregation service controls which data of the manufacturing execution system can be accessed by the logged user. The panel used in the MES screens contains all the data that can be hidden. The contextualization service allows storage of all the data that is currently selected on the MES Screen. Further, the data access management is applied at a GUI level of each specific MES screen. The main advantage is therefore that a set of predetermined generic MES screens can be delivered. | 12-04-2014 |
| 20140380416 | CONNECTION DETECTION APPARATUS AND IN-VEHICLE RELAY APPARATUS - A connection detection apparatus in includes a gateway to which communication lines are connected, and which detects whether an unauthorized communication device has been connected to the communication lines. The gateway samples a signal several times from each of the communication lines, and generates waveform information, such as an eye pattern in which the waveforms are superimposed on one another. Furthermore, the gateway has stored therein normal waveform information, such as a mask generated based on the eye pattern at normal times. The gateway compares the generated waveform information with the stored waveform information, and recognizes that the waveform information is abnormal if it does not sufficiently match the normal waveform information. If the waveform information is abnormal, it is determined that an unauthorized communication device has been connected to one or more of the communication lines. | 12-25-2014 |
| 20150020154 | ANONYMOUS COUPLING PLATFORM METHOD AND SYSTEM - The subject matter discloses a system and methods for facilitating a platform for anonymous coupling via a computerized network. In some embodiments, the computerized network is an internet network. Such a platform enables a user to find a match with one or more other users according to profile definition without exposing his identity. | 01-15-2015 |
| 20150040185 | VISUALIZATION OF ACCESS PERMISSION STATUS - Queries regarding access permissions of users and rights to directories in a complex enterprise are executed in near real-time, using lookups to tables that form a condensed database maintained for each file server. User information is condensed by arranging users in user groups having common data access rights. Directory permissions storage is condensed by showing only distinctive permissions to a directory in a table entry, and referencing inherited permissions of parent directories. The tables indicate recursive and ancestral relationships among the user groups and directories. They are developed and updated in advance of any queries. A consolidated view of the query results is presented on a single display screen. Using the tables results can be obtained without exhaustive searches of large file system tables. | 02-05-2015 |
| 20150067771 | Access Enablement Security Circuit - A system-on-chip (SoC) is provided that includes a centralized access enablement circuit for controlling access to a plurality of security features for multiple hardware modules of the system. Progressive security states corresponding to different stages in a chip's design, manufacture and delivery are utilized to enable different access control settings for security features as a part moves from design to end-use. The access enablement circuit for a SoC implementing different security states provides individual access control settings for security features in the different security states. One-time programmable memory and register controls are provided in one embodiment that allow different access control settings for an individual security feature in the same or different security states of the system. | 03-05-2015 |
| 20150067772 | APPARATUS, METHOD AND COMPUTER-READABLE STORAGE MEDIUM FOR PROVIDING NOTIFICATION OF LOGIN FROM NEW DEVICE - An apparatus for providing a notification of a login to a user account from a device includes an information analysis unit for determining whether the device is a new device, in response to a login request received from the device, and a login notification unit for providing a notification of a login from the new device using a preset notification method, based on results of determination by the information analysis unit. A login notification is provided when a user logs in via a new device other than devices usually used thereby, thus allowing the user to promptly cope with an illegal login so that the illegal use of the user's account can be prevented if an illegal login is performed. | 03-05-2015 |
| 20150067773 | SYSTEM FOR MANAGING SECURE AND NONSECURE APPLICATIONS ON ONE AND THE SAME MICROCONTROLLER - An electronic microcontroller system including: plural processors; at least one interface for exchange with at least one peripheral, the peripheral being user master of the electronic microcontroller system; a mechanism for access to a shared memory space; an interconnection matrix for interconnecting the exchange interface, the processors and the mechanism for access to a shared memory space; a mechanism managing applications involving a guaranteed level of security and integrity and of applications exhibiting a nonguaranteed level of security and integrity. The exchange interface cooperates with a secure isolation cell of the memory situated between the user master peripheral and the interconnection matrix. | 03-05-2015 |
| 20150074757 | Certisafe, a novel Credential Authentication Process and System ( CAPS ) - Certisafe is a novel Credential Authentication Process and System (CAPS), where a CertiSafe ID is generated once and only once the Issuer confirms the Authenticity of the Credential of a Candidate. This CertiSafe ID is a unique electronic ID, unique to the Candidate and also unique to the unique Credential, can be used repeatedly and endlessly in lieu of paper based copies that a Candidate usually submits to the Requestor through an application (physical I electronic). This method also purports to save precious paper and time for candidates each time they have to apply to an institution or an organization, by making redundant completely, the requirement of paper copies of the credentials and also their subsequent attestation. The verified credential, through CertiSafe ID, gives the Requesting organization the confidence of absorbing the right candidate and not a candidate with dubious credentials. | 03-12-2015 |
| 20150082380 | METHODS AND APPARATUS FOR SECURE COMMUNICATION IN A VEHICLE-BASED DATA COMMUNICATION SYSTEM - A method provides secure communication between a first module and a second module within a vehicle communication network. A first anti-replay counter is provided within the first module, and a second anti-replay counter is provided within the second module. A message is transmitted from the first module to the second module over the vehicle communication network. The message includes a partial counter including only a portion of the contents of the first anti-replay counter, and the message is authenticated based on the partial counter. | 03-19-2015 |
| 20150095978 | METHOD AND APPARATUS FOR SOFTWARE-HARDWARE AUTHENTICATION OF ELECTRONIC APPARATUS - The present invention discloses a method for software-hardware authentication of an electronic apparatus includes receiving a challenge string (CS) from the electronic apparatus through a challenge string input port (CSIP). The challenge string is a string of trace data generated according to some operations of software running on the electronic apparatus. An authentication result for use in an authentication process for the software to authenticate a hardware unit of the electronic apparatus or for the hardware unit to authenticate the software is generated according to the string of the trace data. The authentication process is performed according to the generated authentication result. | 04-02-2015 |
| 20150113592 | METHOD OF ESTABLISHING A TRUSTED IDENTITY FOR AN AGENT DEVICE - A trusted identity may be established for an agent device for performing trusted communication with one or more application providing apparatuses. The method of establishing the trusted identity includes determining which of a number of authentication models is a selected authentication model to be used for uniquely authenticating the agent device. First and second authentication information is generated according to the selected model. The first authentication information is for uniquely authenticating the identity of the device and the second authentication information is for verifying that the agent device has the first authentication information. The first authentication information is embedded in the agent device while the second authentication information is transmitted to a registry apparatus for maintaining a device of agent devices. Authentication model information identifying which is the selected authentication model is also sent to the registry. | 04-23-2015 |
| 20150121454 | VOIP AND UNIFIED COMMUNICATION AUTHENTICATION MECHANISM USING COMPONENTS OF THE SUBSCRIBER IDENTITY MODULE (SIM) AND RELATED HARDWARE AND FIRMWARE EQUIVALENTS IN MOBILE DEVICES. - The invention solves the problems associated with existing authentication and cryptographic systems used by Voice over IP (VoIP) and Unified Communication (UC) applications by providing a mechanism to enable VoIP and Unified Communication applications running on mobile devices, smart phones and tablets, to utilize software interfaces provided by the invention to perform the critical functions needed to authenticate and secure a VoIP or UC session. The invention performs these functions in a secure processing environment provided by the mobile device. Depending on the device type, the secure processing environment will be provided by the Secure Element component of a Subscriber Identify Mobile (SIM), by the Open TrustZone implemented on ARM chips, or by firmware included in the device. In each case the invention will interface with the secure processing environment using a published API providing low level access functions. | 04-30-2015 |
| 20150121455 | Methods and Systems for Selectively Obtaining End User Authentication Before Delivering Communications - Methods of operating a communications service are provided in which a communication that is addressed to a user of a communication service is received. A determination is made that end user authentication is required before the communication may be delivered to a first recipient electronic device. A request for end user authentication may then be forwarded to the first recipient electronic device in response to determining that end user authentication is required. End user authentication information may be received from the first recipient electronic device. The received end user authentication information may be compared to stored end user authentication information for the user. The communication may be forwarded over a network to the first electronic device in response to determining that the received end user authentication information matches the stored end user authentication information for the user. | 04-30-2015 |
| 20150128215 | INTEGRATED CLOUD STORAGE SERVICE THROUGH HOME GATEWAY - Provided is a method of providing an integrate cloud storage service through a home gateway communicating with smart devices through a first network formed by the home gateway and communicating with cloud storages through a communication network. The method may include obtaining information on cloud storage accounts associated with a smart device, as cloud storage account information, upon generation of a predetermined event associated with the smart device, generating an integrated cloud storage list based on information on folders and data of cloud storages accessible by the cloud storage account information, and providing the generated integrated cloud storage list to the smart device. | 05-07-2015 |
| 20150135267 | FLASH DRIVE WITH MULTIPLE FUNCTIONS INTEGRATED VIA A CONTROLLER - A method and apparatus that includes multiple functions integrated utilizing a single control module of a flash drive is disclosed. The integrated functions can be utilized by the flash drive to communicate with computing devices to which the flash drive is connected. The functions integrated using the single control module can include, for example, functionality to handle USB and Peripheral Protocol communications, to manage communications with a flash memory, and to communicate with a Security IC. Using the single control module, which can be implemented on an IC, the flash drive can, for example, communicate via USB with a laptop computer running the Windows OS, and can communicate via the Peripheral Protocol and USB with a smartphone running iOS. Data from the laptop computer, such as a movie, can be copied to the flash drive, and then can be copied or streamed to the smartphone. | 05-14-2015 |
| 20150143459 | PROTECTING PRIVACY IN WEB-BASED IMMERSIVE AUGMENTED REALITY - An “AR Privacy API” provides an API that allows applications and web browsers to use various content rendering abstractions to protect user privacy in a wide range of web-based immersive augmented reality (AR) scenarios. The AR Privacy API extends the traditional concept of “web pages” to immersive “web rooms” wherein any desired combination of existing or new 2D and 3D content is rendered within a user's room or other space. Advantageously, the AR Privacy API and associated rendering abstractions are useable by a wide variety of applications and web content for enhancing the user's room or other space with web-based immersive AR content. Further, the AR Privacy API is implemented using any existing or new web page coding platform, including, but not limited to HTML, XML, CSS, JavaScript, etc., thereby enabling existing web content and coding techniques to be smoothly integrated into a wide range of web room AR scenarios. | 05-21-2015 |
| 20150143460 | IC CHIP, INFORMATION PROCESSING APPARATUS, SYSTEM, METHOD, AND PROGRAM - An IC chip, an information processing apparatus, system, method, and program are provided. An IC chip includes an authentication control unit configured to authenticate a request using authentication information. The request and/or the authentication information is received from outside the IC chip. | 05-21-2015 |
| 20150310203 | Nonvolatile Memory Device Having Authentication, and Methods of Operation and Manufacture Thereof - A memory device package encloses two separate die, one being a standard nonvolatile memory integrated circuit (“IC”) die, and the other being any suitable authentication IC die. Either die may be stacked upon the other, or the die may be placed side-by-side. The external contacts may correspond to the power and signal requirements of the standard nonvolatile memory IC die so that the pin-out of the memory device package may present a standard pinout. The power and signal requirements of the authentication IC die may be satisfied with some or all of the pins for the nonvolatile memory integrated circuit die, or with other unused pins of the device package. One or more additional external contacts may be added exclusively for the authentication integrated circuit die. One or more signals may be dedicated as between the standard nonvolatile memory IC die and the authentication IC die. | 10-29-2015 |
| 20150317480 | SYSTEM AND DEVICE FOR VERIFYING THE INTEGRITY OF A SYSTEM FROM ITS SUBCOMPONENTS - A system and device for verifying the integrity of a system from its subcomponents, the system comprising a plurality of subcomponents each having a physical state, the system and the device comprising a processor that is connected to each of the subcomponents, the processor configured to verify systemic integrity by performing verification on some or all specified subcomponents. The verification may be individual (1,1) or threshold (n,1), and may be interactive or non-interactive. | 11-05-2015 |
| 20150317481 | SYSTEM AND DEVICE FOR VERIFYING THE INTEGRITY OF A SYSTEM FROM ITS SUBCOMPONENTS - A system and device for verifying the integrity of a system from its components, the system comprising a plurality of components each having a physical state, the system and the device comprising a processor that is connected to each of the components, the processor configured to verify systemic integrity by performing verification on some or all specified components. The verification may be individual (1, 1) or threshold (n, 1), and may be interactive or non-interactive. | 11-05-2015 |
| 20150324576 | METHOD FOR IMPLEMENTING A COMMUNICATION BETWEEN CONTROL UNITS - A method for implementing a communication between at least two control units, and a control unit interconnection for implementing the method are provided. An electronic hardware security module is provided in each control unit, the communication taking place via an additional communications link. | 11-12-2015 |
| 20150332039 | Operation Limiting Device, Operation Limiting Method, and Storage Medium - Provided is an operation limiting device which makes it possible to achieve more robust security and safety in processing of a workpiece by a processing apparatus. The operation limiting device limits operations relating to processing of a workpiece by a processing apparatus, and is provided with: an authentication unit for authenticating each of a plurality of users; a receiving unit for receiving an operation request or permission for said operation, from a plurality of authenticated users; an operation enabling unit for enabling an operation if an operation request or permission has been received from the plurality of authenticated users; and a releasing unit for releasing the operation enabled state set by the operation enabling unit if processing relating to the operation has terminated or if a predetermined period of time corresponding to the operation has elapsed. | 11-19-2015 |
| 20150347731 | METHOD FOR GENERATING A HUMAN LIKENESS SCORE - One embodiment of the invention is a method utilizing a CAPTCHA to generate a human likeness score including blocks: a) receiving a user solution to the CAPTCHA; b) receiving a user interaction pattern descriptive of an interaction undertaken by the user, through a graphical interface of the CAPTCHA, to achieve the user solution; c) determining the accuracy of the user solution; d) comparing the user interaction pattern against an interaction model generated from interaction patterns of previous users; e) calculating the human likeness score based upon the determination of block c) and the comparison of block d), wherein the human likeness score lies within a continuum of human likeness scores. | 12-03-2015 |
| 20160012214 | ENABLING DEVICE FUNCTIONALITY BASED ON INDOOR POSITIONING SYSTEM DETECTION OF PHYSICAL CUSTOMER PRESENCE | 01-14-2016 |
| 20160028711 | METHODS AND APPARATUS FOR ELECTRONIC FILE USE AND MANAGEMENT - Methods and apparatus are disclosed for facilitating online storage of files (e.g., audio tracks, video, etc.) for playback/access or sale/exchange by the owners of the files without violating copyrights that copyright holders have in the files. For example, by providing a playback service that does not store additional versions of an audio file when the file is transmitted to, and immediately played on, a user device without buffering, the present invention avoids violating copyright laws by not making copies of the file. Numerous other aspects are disclosed. | 01-28-2016 |
| 20160034276 | ADAPTIVE INTERFACE FOR CROSS-PLATFORM COMPONENT GENERATION - Exemplary embodiments provide adapted components that may be used by a computer program under different execution contexts. The adapted components may include platform independent source code which may be executed regardless of the execution context in which the component is deployed. Adaptation logic may wrap the execution context independent component in a wrapper. The wrapper may perform data marshaling between the execution context independent component and a computer program invoking the execution context independent component, or the host system on which the computer program is deployed. The execution context independent component may be adapted to a new execution context dynamically the first time that the execution context independent component is invoked in the execution context. Thereafter, the execution context independent component may be invoked statically without the need to re-adapt the component. | 02-04-2016 |
| 20160078219 | AUTHENTICATION USING PROOF OF WORK AND POSSESSION - Password-based authentication in which the authenticating entity uses proof of work based on the password as well as proof of possession of the password in order to authenticate to an authentication system, both of which provided by the authenticating entity to the authentication system at setup. In subsequent authentication attempts, the authentication system will compare any proof of possession and proof of work received in the request against this initially set up proof of possession and proof of work to perform authentication. The authentication system might perform work on the proof of work to generate a further proof of work that is then compared against a further proof of work that the authentication system generated at the time the authentication mechanism was originally set up. Upon subsequent authentication requests, the authenticating entity need not regenerate the proof of work, but instead provides the stored proof of work. | 03-17-2016 |
| 20160085965 | EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION ON A POINT-TO-POINT INTERCONNECT SYSTEM - Methods and apparatus for initiating secure operations in a microprocessor system are described. In one embodiment, a system includes a processor to execute a secured enter instruction, and a chipset to cause the system to enter a quiescent state during execution of the secured enter instruction. | 03-24-2016 |
| 20160110535 | Methods and Apparatus for Setting the Address of a Module Using a Voltage - A method of operating a module is disclosed. The method includes determining if a voltage between a power connection and a ground connection exceeds a predetermined threshold and if so determined then setting a module communication address to a first address, responding to a first serial communication received via the serial communication connection addressed to the module communication address, and not responding to a second serial communication received via the serial communication connection addressed to a different address than the module communication address. Other methods and devices are disclosed. | 04-21-2016 |
| 20160140357 | SECURITY METHOD AND APPARATUS TO PREVENT REPLAY OF EXTERNAL MEMORY DATA TO INTEGRATED CIRCUITS HAVING ONLY ONE-TIME PROGRAMMABLE NON-VOLATILE MEMORY - A method for generating a secure nonce using a one-time programmable (OTP) memory within an integrated circuit to provide persistence, the method including randomly selecting k currently-unprogrammed bits in the OTP memory, creating a data set using data derived from current contents of the OTP memory altered by changing the states of the k currently-unprogrammed bits of the OTP memory, and employing as the secure nonce the data set or data derived from the data set. The selected k bits are programmed in the OTP memory. | 05-19-2016 |
| 20160154958 | SYSTEM AND METHOD FOR SECURE AUTHENTICATION OF A "SMART" BATTERY BY A HOST | 06-02-2016 |
| 20160171207 | METHOD FOR TRANSFERRING USER DATA BETWEEN TWO INSTANCES OF AN APPLICATION | 06-16-2016 |
| 20160171253 | FUEL DISPENSER USER INTERFACE SYSTEM ARCHITECTURE | 06-16-2016 |
| 20160188848 | TECHNOLOGIES FOR AUTHENTICATING A USER OF A COMPUTING DEVICE BASED ON AUTHENTICATION CONTEXT STATE - Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state. | 06-30-2016 |
| 20170235937 | HARDWARE TOOLS AND METHODS FOR CAPACITIVE SENSOR ENABLED AUTHENTICATION | 08-17-2017 |
| 20170235939 | SECURITY ENHANCEMENT OF CUSTOMER REPLACEABLE UNIT MONITOR (CRUM) | 08-17-2017 |
| 20180025149 | METHODS AND SYSTEMS FOR AUTHENTICATING A HEADSET FOR A TRANSPORTATION VEHICLE | 01-25-2018 |
| 20220141660 | AUTHENTICATION ENHANCEMENT WITH NEIGHBOR DEVICE - In embodiments of the present disclosure, there is provided a method for authenticating an access point. In the method, a request for joining a network is received from an access point. A neighbor authentication notification is transmitted to the access point for obtaining an authentication code from a neighbor access point that is connected in the network in accordance with a determination that the access point is verified. The authentication code that is generated by the neighbor access point is received from the access point. The access point is accepted to join the network in accordance with a determination that the authentication code is valid. Embodiments of the present disclosure present a safe and effective way for authenticating the access point that is requesting to join the network, which provides enhanced authentication and increases the security level of the network. | 05-05-2022 |
