| Entries |
| Document | Title | Date |
|---|
| 20080201765 | METHOD AND APPARATUS FOR AUTHENTICATING A COMMUNICATION DEVICE - A method and apparatus for authenticating a communication device is disclosed. An system that incorporates teachings of the present disclosure may include, for example, an authentication system having a controller element that receives from a communication device over a packet-switched network a terminal ID and a request to authenticate said communication device, generates a first registration ID, stores the first registration ID and a first communication identifier, transmits the first registration ID to the communication device, receives from an interactive response system a second communication identifier and a second registration ID that the interactive response system received during a communication session with the communication device over a circuit-switched network, and authenticates the communication device in response to detecting a match between the first and second communication identifiers and the first and second registration IDs. Additional embodiments are disclosed. | 08-21-2008 |
| 20080209514 | Digital Asset Distribution System - Digital asset distribution systems and methods are provided. The method may include receiving a digital asset and associated permissions from each of a plurality of publishers, and hosting the digital assets received from each publisher on a digital asset server system. The method may further include receiving a request from a user to access a requested digital asset via the digital asset server system, determining whether the user is authorized to access the requested digital asset according to the permissions for the digital asset. If the user is not authorized, the method may include displaying a substitute to the user. The substitute may include a link to the digital asset server system by which the user may obtain authorization to download the digital asset. | 08-28-2008 |
| 20080209515 | Location attestation service - In one embodiment a computer system comprises a processor and a memory module coupled to the processor and comprising logic instructions stored in a computer readable medium. The logic instructions, when executed, configure the processor to initiate, in a client computing device, a service request, in response to the service request, initiate a request for a location attestation certificate, and complete the client service request when the location attestation certificate is granted. | 08-28-2008 |
| 20080209516 | Signature and identity authentication and documentation using a third party witnessed authenticator via a video conference - The method of the present invention functions to perform signature and identity authentication using a third party witness whereby the parties are enjoined via a video conference and whereby an authorized identity document is created. The invention is suited to transactions that require a legally binding, traditional witnessed authentication. The method of the present invention creates legally binding documents that comprise biometric information, including at least one of the group of, a passport, a drivers license, government issued identity card, or an corporate identity document. | 08-28-2008 |
| 20080209517 | Systems and methods for generating, managing, and displaying alarms for wireless network monitoring - The present disclosure is directed to systems and methods for generating, managing, and displaying alarms associated with monitoring a wireless network. Advantageously, the present disclosure provides one alarm per security event, and the ability to see an event in context over time and aggregate information. This results in a significant reduction in alarm volume for wireless monitoring which increases manageability and reduces storage requirements. Further, this provides better security by avoiding the “needle in the haystack” problem where you see few actionable alarms rather than being flooded by multiple copies of the same event over time. Finally, the present disclosure provides improved system scalability with large deployments by managing alarms through lesser alarm volume, and through visual representation. | 08-28-2008 |
| 20080209518 | Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session - A method performed in an intrusion detection/prevention system, a system or a device for determining whether a transmission control protocol (TCP) segment in a TCP connection in a communication network is acceptable. The TCP connection can include TCP segments beginning with a three way handshake. A TCP segment can include a field for a timestamp. A timestamp policy of plural timestamp policies is identified, the timestamp policy corresponding to a target associated with the segments in a TCP connection. A baseline timestamp is identified based on a three way handshake in the TCP connection. Segments in the TCP connection are monitored. The segments in the TCP connection are filtered as indicated in the timestamp policy corresponding to the target, the timestamp policy indicating whether the segments are to be filtered out or forwarded to the target by comparing the timestamp of the segments to the baseline timestamp. | 08-28-2008 |
| 20080209519 | IMAGE FORMING APPARATUS - An image forming apparatus. The image forming apparatus performs security management functions such as security transmission and security printing of data stored in a hard disk of the image forming apparatus and shared with a plurality of host computers through a network, to which a security tag is added for the security of the data so as to increase the security of the data. The image forming apparatus is connected to the network to be shared with the host computers to receive and store data transmitted from the host computers, and includes a storage device to store IP address information of a host computer which transmitted data and security data to which a security tag is added for the security of the transmitted data corresponding to the IP address information, and an image forming controller to perform security management function of the security data. | 08-28-2008 |
| 20080209520 | Method For Authenticating a User and Device Therefor - The invention concerns a method for authenticating a user via a terminal ( | 08-28-2008 |
| 20080216153 | Systems and methods for facilitating authentication of network devices - Systems, apparatuses and methods for facilitating authentication and logons for network devices. An identifier that is already affiliated with a device is used as a username in an authentication process. A password and an authentication key are generated based on at least the username, and the password and authentication key are provided to the device. Upon attempted access to a network service by the device, the username, password and authentication key are exchanged in some manner to determine the authenticity of the device. | 09-04-2008 |
| 20080216154 | IDENTITY-BASED WIRELESS DEVICE CONFIGURATION - Techniques are provided for the relating identity information with wireless configuration information for a wireless device or a wireless network. A trusted system may be used to generate wireless configuration parameters for a wireless network based on identity information. The identity-based wireless configuration information may be stored on the trusted system remote to the wireless network and accessible to the wireless device. The wireless configuration may be migrated from the trusted system to the wireless device. | 09-04-2008 |
| 20080216155 | Image forming apparatus - An image forming apparatus is provided that is capable of preventing a print data from being leaked even where a user forgets to print out the print data with which an authentication data is attached. The image forming apparatus of the present invention has: a network interface receiving the print data, the authentication data, and an importance degree data; a hard disk drive storing the print data, the authentication data, and the importance degree data received by the network interface; an operation panel with which the user inputs the authentication data that is used to authenticate the print data; an authentication control unit comparing the authentication data stored in the hard disk drive with the authentication data input by the user; a control comprising a print processing unit controlling print processing of the print data stored in the hard disk drive based on the comparison result; and a time management unit measuring a time for which the print data is stored in the hard disk drive, wherein the control unit deletes the print data based on the importance degree data and the time for which the print data is stored in the hard disk drive. | 09-04-2008 |
| 20080222700 | Challenge/Response in a Multiple Operating System Environment - a secure challenge-response virtualization system including a computer having a memory divided into at least a first and a second logical partition, where the first partition is operative to receive a challenge from an entity, and a challenge/response manager configured with the second partition, where the first partition is configured to provide the challenge to the challenge/response manager configured with the second partition, and where the challenge/response manager is configured to generate a response to the challenge and provide the response to the first partition. | 09-11-2008 |
| 20080222701 | Using secondary bearer to detect proximity of a device - A new and unique method or apparatus for providing protected transport of digital content from a first device to a second device, featuring activating a proximity link between the first and second devices; performing proximity detection between the first device and the second device; delivering the digital content from the first device to second device over a communications link when it is determined that the proximity between devices is within a predetermined range. The proximity link may take the form of a wireless link that is limited in its range with adequate authentication mechanisms, and may be either is an additional link compared to, for example, a wireless broadband link, or may even form part of the wireless broadband link if its broadband is sufficient. In operation, an actual streaming transfer or other suitable data transfer would be provided from one device to the other device using the additional link, such as the wireless broadband link. In particular, the proximity link may ensure that the physical proximity of the other device is in a certain range. | 09-11-2008 |
| 20080222702 | SYSTEM AND METHOD FOR PREVENTING VIRUSES FROM INTRUDING INTO NETWORK - Some embodiments of the present invention provide a system and method for preventing viruses from intruding into a network. The system for preventing viruses from intruding into a network includes: a detection unit for performing virus detection to traffic passing through the network, and a control unit arranged between terminals and the network. The control unit is adapted to control access of the terminals to the network, and decide whether to allow the terminals to access the network according to detection result from the detection unit. According to the invention, all the traffic of a terminal infected by a virus is limited, and the connection between the terminal and the network is interrupted, thereby preventing the virus from diffusing and propagating widely over the network, and improving operation security of the network. | 09-11-2008 |
| 20080222703 | DATA REPRODUCING APPARATUS AND TRANSMITTER AUTHENTICATING DATA REPRODUCING APPARATUS - A data reproducing apparatus includes a receiver receiving the content and outputting the received content to an image display apparatus prepared in advance, and a transmitter transmitting the content to the receiver when authentication of the receiver is successful. Before transmitting the content, the transmitter transmits a request to start authentication to the receiver and executes an authentication process after a predetermined time. When the receiver cannot be authenticated, the transmission of the request to start authentication and the execution of the authentication process are repeated. Here, the predetermined time is variably set according to the number of times the request to start authentication is transmitted and the authentication is executed. | 09-11-2008 |
| 20080222704 | Method and Apparatus for Computer Network Security - Techniques are provided for computer network security. The techniques include obtaining operational data for at least a first networked application; obtaining enterprise data for at least a second networked application; correlating the operational data with the enterprise data to obtain correlated data; and using the correlated data to improve security of the computer network. | 09-11-2008 |
| 20080229389 | RESTRICTING ACCESS TO HARDWARE FOR WHICH A DRIVER IS INSTALLED ON A COMPUTER - Users of a computer are prevented from directly accessing certain hardware for which a driver is installed on the computer. The users are provided a limited, indirect manner to access the hardware for a specific purpose or to do a specific job. One example of such hardware is a wireless hardware communication interface. The wireless activity of the computer may be restricted so that the wireless hardware communication interface is prevented from communicating with any devices compatible with the wireless hardware communication interface other than one or more specific devices. | 09-18-2008 |
| 20080229390 | Method and Apparatus for Handling Invites to a Multi-User Communication Session - A method of handling Invite messages for a multi-user communication session utilizing the IP Multimedia Subsystem to set up and control the session. Two or more access servers control user access. A first access server receives from a session-initiating user, an Invite that identifies as a potential participant, at least one user group which is owned by a second access server. The first access server sends to the second access server, an Invite that identifies the user group. The second server resolves the group identification into a set of group member identities and sends the identities in a response to the first access server. The first access server then sends Invites to at least some of the group members identified in the response. | 09-18-2008 |
| 20080229391 | CONTENT MANAGEMENT APPLICATION FOR AN INTERACTIVE ENVIRONMENT - The content management application is an intranet application which provides a process for implementing changes to an internet website of a company by providing the company the ability to define and enforce a common style of page layout. The application can be accessed via a desktop browser and multiple users may access the application for multiple reasons at the same time. The application also dynamically generates new page designs and new component design with various people assigned to groups or teams enabling the continuous creation and processing of content. Once the content is created and reviewed, it is then launched onto the company's internet site for viewing by the internet users accessing the company's web page. | 09-18-2008 |
| 20080235767 | Method of Controlling Access to a Communication Network - A method of controlling access to infrastructure ( | 09-25-2008 |
| 20080235768 | SYSTEM AND METHOD FOR AUTHENTICATION OF A COMMUNICATION DEVICE - A system and method for authentication of a communication device is disclosed. A system that incorporates teachings of the present disclosure may include, for example, an authentication system can have a controller element that receives from a communication device by way of a packet-switched network an authentication request comprising a first identification (ID) of a gateway and a second ID of the communication device. The gateway and at least one network element of the packet-switched network can be provisioned to have a physical association with each other such that other network elements of the packet-switched network deny services to the gateway when the gateway attempts to operate outside of said physical association. From said physical association and the aforementioned IDs the controller element can authenticate the communication device. Additional embodiments are disclosed. | 09-25-2008 |
| 20080235769 | SYSTEM AND METHOD FOR ADAPTIVE TARPITS USING DISTRIBUTED VIRTUAL MACHINES - A system and method for adaptive tarpits using distributed virtual machines. A method in an embodiment may include determining an intrusion prevention strategy in response to a potential attack on a network. Then, based on the intrusion prevention strategy, allocating at least one virtual tarpit in the network, where the at least one virtual tarpit is implemented as a virtual machine, and the adapting the at least one virtual tarpit in the network includes one or more of suspending a virtual tarpit, resuming a suspended virtual tarpit and migrating a virtual tarpit to another virtual machine in the network. Other embodiments are described and claimed. | 09-25-2008 |
| 20080244702 | Method, Apparatus, System, Medium, and Signals for Intercepting a Multiple-Party Communication - Systems, apparatus and methods related to multiple-party communications conducted between client computers in a computer network. For example, a method and apparatus for intercepting a multiple-party communication between a plurality of client computers in communication with a server in a computer network is disclosed. The method involves receiving an input message at the server, the message representing user input received at one of the plurality of client computers, producing an output message representing the user input provided by the input message. The method further involves authorizing a designated client computer that is not part of the multiple-party communication to communicate with the server to cause the server to transmit output messages to the designated client computer, and transmitting the output message to each of the plurality of client computers and to the designated client computer. A method and apparatus for supporting access to a plurality of saved messages by a designated client computer in communication with a server in a computer network is also disclosed. | 10-02-2008 |
| 20080244703 | Quarantine System and Method - A quarantine system QS includes a network connection control apparatus | 10-02-2008 |
| 20080244704 | MOBILE COMMUNICATION DEVICE MONITORING SYSTEMS AND METHODS - Systems and methods are directed to monitoring the communications to and from a mobile communication device in accordance with some embodiments of the present invention. For example in accordance with an embodiment, each of the data services on a mobile communication device may be monitored against rules stored in a central data center repository. The data services may include all forms of communications between the mobile communication device and a third party along with changes to application or data within the mobile communication device. An alert may be provided to an administrator when unauthorized data service activity and/or a message may be sent to the mobile communication device to prevent the unauthorized data service activity. | 10-02-2008 |
| 20080244705 | METHOD AND APPARATUS FOR EXTENDING REMOTE NETWORK VISIBILITY OF THE PUSH FUNCTIONALITY - An approach is provided for extending remote network visibility for push functionality. An application is transmitted, via a push agent, from a first network to a device of a second network, wherein the device is configured to execute the application. The device is remotely controlled using the application. | 10-02-2008 |
| 20080250475 | AUTOMATICALLY CHANGING THE APPEARANCE OF A SOFTPHONE BASED ON A USER PROFILE - A software phone (“softphone”) application enables a user to make a phone call from a computing device user Voice over Internet Protocol (VoIP). While the functionality of the softphone remains the same, its appearance is defined by a skin that can be changed. A server stores a profile for users of the softphone. Based on the user profile, the server selects a skin and pushes the skin to the user's softphone, thereby changing the appearance of the softphone. The skin can include advertisement and can include several layers that can be displayed simultaneously. Some of the layers are static, and some of the layers are animated. | 10-09-2008 |
| 20080256601 | Strategies for Controlling Use of a Resource that is Shared Between Trusted and Untrusted Environments - A strategy is described for controlling access to a resource which is shared between a trusted environment and an untrusted environment. The resource can represent a clipboard module. The trusted environment can include trusted client functionality, while the untrusted environment can include potentially untrusted network-accessible entities (e.g., websites) which seek to access the clipboard module. The strategy provides a security presentation which notifies a user when a network-accessible entity is attempting to access the clipboard module, identifying the entity which is making the attempt, together with the nature of the information being read or added to the clipboard module. The security presentation invites the user to approve or deny the particular attempt (or all such attempts from the network-accessible entity), and/or clear the clipboard module. The security presentation does not block the user's interaction with other parts of a user interface presentation. | 10-16-2008 |
| 20080256602 | Filtering Communications Between Users Of A Shared Network - Methods, systems, and products are provided for filtering communications between users of a shared network. Embodiments include receiving a communication from a sender for delivery to a recipient; retrieving a receipt policy for the recipient; retrieving a profile for the sender; determining whether the sender's profile complies with the receipt policy for the recipient; delivering the communication to the recipient if the sender's profile complies with the receipt policy for the recipient; and blocking the communication if the sender's profile does not comply with the receipt policy for the recipient. | 10-16-2008 |
| 20080256603 | Method and system for securing a commercial grid network - A method for securing a commercial grid network involves receiving a lease request from a client to lease a computing resource selected from multiple computing resources in the commercial grid network, mapping a unique identifier of the client to a security label selected from multiple unmapped security labels to obtain a client-label mapping based on the lease request, mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings, and authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings. | 10-16-2008 |
| 20080256604 | System for Managing Proprietary Data - A content distribution system ( | 10-16-2008 |
| 20080263632 | System and Method for Managing Use and Access of a Communication Network - The present invention provides a system and method for managing access and use of a communication network or service or service. When a user requests the use of a communication network or service and this network is experiencing a level of use which is above a predetermined threshold, one or more incentives can be offered to the user in return for deferring access to the communication network or service for a predetermined period of time. In this manner, usage of the communication network or service can be managed such that variability of the usage level over time can be reduced. | 10-23-2008 |
| 20080263633 | Systems and Methods of Network Operation and Information Processing, Including Data Acquisition, Processing and Provision and/or Interoperability Features - According to some embodiments of the present invention, a system, apparatus and method of network operation and information processing, including data acquisition, data processing, data provision, and/or data interoperability features is presented. In some exemplary embodiments, the method includes registering users logging-on to a computer network and gathering user-related information from users. In one or more embodiments, user-profile and location-centric information for each user may be gathered and/or processed in connection with processing targeting and content information. | 10-23-2008 |
| 20080263634 | Method and System for Providing On-Demand Media Streaming from a User's Own Library to a Receiving Device of the User - A system and method are provided for on-demand media streaming from a user's own media library to a user's receiving device that may be located in a different location from that where the media library is stored. The present invention provides an out-of-the box on-demand media server device that may be used by itself, in conjunction with a personal computer, or in conjunction with a personal home stereo system or video system. The on-demand media server includes security mechanisms that allow a user to establish a private server that only the user may communicate with and gain access to the user's media library. In one particular embodiment, a smart card or other removable media are used as a security device to ensure that access to the media files on the user's personal on-demand media streaming server is limited to the user. In addition, the system and method provides an on-demand conversion of the media in the user's personal media library to an appropriate format. | 10-23-2008 |
| 20080271117 | Cascading Authentication System - Generally speaking, systems, methods and media for authenticating a user to a server based on previous authentications to other servers are disclosed. Embodiments of a method for authenticating a user to a server may include receiving a request to authenticate the user to the server and determining whether authenticating the user requires matching an authentication plan. If a plan is required, the method may also include accessing a stored authentication plan with authentication records each having expected information relating to user access to a different server. The method may also include receiving an indication of the user's current authentication plan from an authentication store where the plan has authorization records each having current information relating to user access. Embodiments of the method may also include comparing the stored authentication plan with the received current authentication plan to determine whether they match and, in response to a match, authenticating the user. | 10-30-2008 |
| 20080271118 | METHOD OF PROTECTING AGAINST DENIAL-OF-SERVICE ATTACKS - An apparatus and method of protecting against a denial-of-service (DoS) attack are described. The apparatus comprises a classification engine, a meter engine, and a copy engine. The method comprises assigning a received packet to a meter based upon a classification of the network packet, determining that a DoS attack is in progress based upon a meter count, copying at least one packet from the meter to a processor; and suppressing the copying of subsequently received network packets to the processor. | 10-30-2008 |
| 20080271119 | BEHAVIORAL ADVERTISING AND CREATION OF AD-HOC MICROCOMMUNITIES THROUGH USER AUTHENTICATION - Implementations of behavioral advertisement targeting and creation of ad-hoc microcommunities through user authentication are described. In one implementation, a user is allowed to submit authentication information on a webpage associated with a third party website. For example, a user can identify himself by entering a username and password to an email account unaffiliated with the third party website. The authentication information can then be used to access a personal account associated with the user. For example, behavioral data associated with the user can be gathered from the personal account and be used to present advertisements on the webpage targeting a specific behavioral profile of the user. Alternately, the user can be presented with options to interact with information in the personal account. For example, the user may be given the opportunity to invite members of a contacts list in the personal account to visit the webpage. | 10-30-2008 |
| 20080271120 | Network Pre-Authentication - A method of dynamic pre-authentication includes receiving at an access point from one or more content platforms a white-list of internet domains that are to be deemed valid for serving content to a non-authenticated user. Updates to the white list are dynamically received from the one or more content platforms which are each responsible for a particular promotional campaign that features specific content. A request is received at the access point from a non-authenticated user for certain of the specific content, which is allowed such that a domain of the content platform responsible for the certain specific content is accessed by the user. | 10-30-2008 |
| 20080276300 | Program Execution Device - To provide a program execution device which is capable of notifying time and information related to download and activation of a program. | 11-06-2008 |
| 20080276301 | Method and System for Software Installation - A network based installation management system that dynamically manages secure software installation on a client. The server is configured to determine the software required and prepare an appropriated response containing the list of software and an information file containing the respective attributes of the list of software. The server encoded this response and the encoded response is transmitted to the client. The client on receiving the response is configured to authenticate the response and install the encoded response after authentication. Highly accurate and reliable software installation using the network based installation management system may be achieved using a respective hardware element on the client and the server, which is configured to encode and decode a request and/or response suitably thereby providing a high level of security and trust in an un-trusted network environment. | 11-06-2008 |
| 20080276302 | System and Method for Providing Data and Device Security Between External and Host Devices - A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request. | 11-06-2008 |
| 20080276303 | Network Type Advertising - A technique for network type awareness involves providing network type information associated with a wireless network to stations. The stations, or users of the stations, can then select which network best meets their needs. | 11-06-2008 |
| 20080282323 | ACCESS CONTROL APPARATUS, ACCESS CONTROL METHOD, AND ACCESS CONTROL PROGRAM - Additional information indicating photographic conditions for a received image signal is compared with additional information indicating photographic conditions for an access target image signal. If the both conditions satisfy a predetermined relationship, an access to the access target image signal is permitted. | 11-13-2008 |
| 20080282324 | Secure Social Networking System with Anti-Predator Monitoring - The invention provides a method for managing an online social network, the method including the steps of: a) identifying patterns associated with inappropriate user activity; a) monitoring the online actions of at least one user of the social network; b) evaluating online actions taken by the at least one user; and c) comparing the online actions to the identified patterns associated with inappropriate activity. | 11-13-2008 |
| 20080289004 | Method and Module for Protecting Against Attacks in a High-Speed Network - A method, module and computer program for protecting a target against attacks in a high-speed network. The method according to the invention comprises the steps of generating a question, after having received a request from an initiator identified by a sourceID associated to a certain node in the network, sending the question to the node identified by the sourceID, in case that an answer to the question is received, evaluating the answer, and in case that a proper answer has been received, enabling communication between the initiator and the target by sending a further message from the target to the initiator. | 11-20-2008 |
| 20080289005 | SYSTEM AND METHOD FOR DIGITALLY AUTHENTICATING FACILITY MANAGEMENT REPORTS - A method for generating and digitally authorizing a report indicating the performance conditions of a facility are provided. The method is intended for use in allowing facility managers to document the performance of their facilities. The present invention allows a user to generate a PDF report indicating the status of facility that can be digitally authenticated by the user. Any attempted modifications of a digitally authenticated report are documented so that the accuracy of the report can be verified. | 11-20-2008 |
| 20080295153 | SYSTEM AND METHOD FOR DETECTION AND COMMUNICATION OF COMPUTER INFECTION STATUS IN A NETWORKED ENVIRONMENT | 11-27-2008 |
| 20080301773 | METHOD AND APPARATUS FOR SECURITY CONFIGURATION AND VERIFICATION OF WIRELESS DEVICES IN A FIXED/MOBILE CONVERGENCE ENVIRONMENT - A system and method is described that enables autonomic discovery of wireless network security mechanisms by mobile devices. Stateful monitoring of wireless devices facilitates identification of pending network connectivity loss, enabling a handoff server to proactively advertise new points of access and their associated security mechanisms to devices before connectivity is lost. As a result, devices may seamlessly transition between secure networks. Stateful monitoring of device reachability may be used together with device certificates and/or tokens to decrease the potential of MAC spoofing and further secure the network. Stateful monitoring of device connectivity status during network transitions facilitates the identification of rogue access points. The token or certificate on the device may be used to authenticate the device while transitioning between networks by a centralized entity, managing the initiation and the execution of the handover for the device. | 12-04-2008 |
| 20080301774 | INFORMATION PROCESSING APPARATUS - An information processing apparatus includes: a processor; a first auxiliary storage device that stores data; a second auxiliary storage device that is provided separate from the first auxiliary storage device at a position inaccessible to a user, the second auxiliary storage device being configured to be rewritable; and a firmware memory that stores a firmware program that is initially executed when a power of the apparatus is turned on, wherein the firmware program causes the apparatus to operate: performing an user authentication; permitting an access to the first auxiliary storage device when the user authentication is successful; and initiating an authentication failure processing program that is stored in the second auxiliary storage device to be performed by the processor when is the user authentication is unsuccessful. | 12-04-2008 |
| 20080301775 | Method and apparatus for securing data in a memory device - A Method and a terminal intended for securing information in a local memory device which is couplable to a terminal having a data link interface. At the terminal, the method comprises the following steps. The method divides | 12-04-2008 |
| 20080301776 | System method for providing secure access to a communications network - A system and method for providing secure access to a telecommunications network system. In one embodiment, a cellular device produces a communication session key and utilizes an index and corresponding timing intervals previously provided by the network to the cellular device. The session key is divided into multiple segments that are placed into separate data packets. The data packets, separated by the timing intervals, are sent to the network where a comparison is made between the information in the data packets and the time intervals between the data packets. The timing intervals between the data packets must match an identical set of time intervals stored in the network and if so, the network assembles the data packets to provide a session key for secure communications between the network and the access device. | 12-04-2008 |
| 20080301777 | Hot standby server system - A server system has servers that can be operated through switching as a primary system and a standby system, and a shared disk unit for storing data accessed by the servers. Each of the servers has a driver that acquires information on a configuration inside the shared disk unit after starting of the system. The driver sets the shared disk unit in an active state in which an access request can be sent to the shared disk unit. Access control determines whether the access request issued by an application should be sent on the basis of a management table indicating inhibited types of access requests for each access destination. The access control sends the access request to the driver when the access request is not inhibited for an access destination of the access request. By this arrangement, hot standby switching processing can be performed at high speed. | 12-04-2008 |
| 20080307497 | Method And System For Preventing Malicious Code From Being Introduced Into A Protected Network - A method, system, and device for secure communications are provided, including at least one of means for configuring two or more computer devices as a single computer device; and means for separating the two or more computer devices from one or more computer networks. | 12-11-2008 |
| 20080307498 | ACCESS CONTROL FOR SERVER-BASED GEOGRAPHIC INFORMATION SYSTEM - A number of geospatial attributes or parameters associated with GIS data are used to filter requests for geo-visualization of the data and to determine whether the request is subject to a restriction. Access to GIS data may be controlled for a variety of reasons including security concerns, proprietary concerns, or merely to generate revenue for a particular data source. In an open or public platform, contributors of GIS data accessible for geo-visualization may place limits or restrictions on the availability of or accessibility of the GIS data. The contributor may tag or otherwise encode an entire dataset or portions of the dataset with restriction instructions associated with one or more geospatial attributes. In a public platform, access to data is controlled based upon the geospatial attributes, for example, the geospatial location (coordinates) of a map tile request, scale of a map tile request, resolution of a map tile request, payment for access, the combination of layers requested, or freshness or staleness of data requested. | 12-11-2008 |
| 20080307499 | Upgradable Security Module - The aim of the present invention is to provide a security module capable of supporting the different functions of the latest and the previous generations, by avoiding any possible attack due to this adaptability. | 12-11-2008 |
| 20080307500 | USER IDENTITY MANAGEMENT FOR ACCESSING SERVICES - Previously, a first server generates the identity of the user of a terminal. A second server generates a digital identification file concerning the user and including at least one access attribute for access to a first server. In response to a request relating to a service from the terminal to a third server dispensing the service, the reference of a selected file selected by the user is transmitted from the terminal to the second server. The second server transmits the access attribute to the terminal so that the terminal transmits it to the third server. The third server requests in conjunction with this attribute an authentication of the user by the first server. When the user is authenticated, an authentication file is stored and the user identity is transmitted from the first server to the third server that enables the requested service to be transmitted to the terminal. | 12-11-2008 |
| 20080307501 | Network Device Management - A method is provided to dynamically interact with a plurality of enabled devices within a personal network. Individual ones of the devices are configured to interoperate with a service provider network and configure or alter services to individually identifiable devices. | 12-11-2008 |
| 20080313708 | Data content matching - A method, device and system for matching data content, including identifying items of data that would be potentially harmful if transferred through a network, creating a list containing the identified items of potentially harmful data, deriving a hash value for each item of data on the list, receiving a data stream containing data packets, calculating a hash value for each data packet in the data stream, evaluating whether any of the hash values calculated for the data packets in the data stream match any of the hash values derived for each item of data on the list, discovering a hash value match between one of the data packets in the data stream and one of the items of data on the list, comparing the actual contents of the one data packet in the data stream to the actual contents of the one item of data on the list, confirming a match between the actual contents of the one data packet in the data stream and the one item of data on the list, and applying a filter policy that restricts a further transfer of the one data packet through the network. Some embodiments also include identifying a field of interest for each item of data on the list and for each data packet in the data stream. | 12-18-2008 |
| 20080313709 | METHOD AND APPARATUS FOR VERIFICATION OF DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) RELEASE MESSAGE - An apparatus and method for verification of a DHCPRELEASE message comprising extracting a IP address from the ciaddr field of the DHCPRELEASE message, determining a tunnel-associated IP address, comparing the IP address and the tunnel-associated IP address to determine if there is a match, and releasing the IP address if there is a match, and wherein the tunnel-associated IP address is the IP address associated with the tunnel from which the server receives the DHCPRELEASE message. | 12-18-2008 |
| 20080313710 | COMMUNICATIONS DEVICE, COMMUNICATIONS METHOD, COMMUNICATIONS PROGRAM, AND COMPUTER-READABLE STORAGE MEDIUM STORING THE COMMUNICATIONS PROGRAM - The communications device of the present invention performs an authentication with the device at the other end automatically or through a simple operation, independently of an authentication scheme supported by the device at the other end. A communications device includes: a connecting section for establishing a connection with the other communications device according to the IrSimple scheme; an authentication section for performing an authentication by the IrSimple scheme; a connecting section for establishing a connection with the other communications device according to the IrDA scheme, an authentication section for performing an authentication according to the IrDA scheme; and a protocol switching section for causing the connecting section to initiate a connection and causing the authentication section to perform an authentication, when an authentication by the authentication section is unsuccessful. This makes it possible to switch to a protocol of the IrDA scheme and perform communications according to the IrDA scheme when the other communications device does not support device authentication of the IrSimple scheme although being compliant with the IrSimple scheme. | 12-18-2008 |
| 20080320560 | Delegating or Transferring of Access to Resources Between Multiple Devices - A gatekeeper device delegates an ability to access a resource to an access device by transmitting metadata, which includes access information for accessing the resource. The access device uses the metadata to retrieve the associated resource from a resource server. By transmitting the metadata in lieu of the resource, flexible use of the resources is implemented while enabling compliance with various restriction schemes. The system may condition the delegation or transfer of resource access on one or more factors, such as proximity between the gatekeeper device and the access devices. Using information about an access device, the resource server may optimize the resources for the receiving access device. | 12-25-2008 |
| 20080320561 | Method and System for Collaboration Involving Enterprise Nodes - A method and system for a communication network containing both trusted peers and untrusted hosts within the network. Trusted peers can collaborate with each other to observe and monitor the activity of the untrusted hosts. In addition, a trusted peer instantiated with a virtual machine can have an operating system kernel collaborate with a hypervisor to determine whether threats are present. A trusted peer that needs particular functionality installed can collaborate with other trusted peers and with an administrative console to have that functionality installed. An untrusted host can have a driver directly inserted into it by an administration console, which will facilitate in the collaboration process. | 12-25-2008 |
| 20080320562 | EFFORTLESS REGISTRATION WITH CONTENT PROVIDERS AND METHODS THEREOF - A communication system ( | 12-25-2008 |
| 20080320563 | SYSTEM AND PROGRAM PRODUCT FOR ASSOCIATING EVENT CATEGORIZATION AND ROUTING WITH SECURITY AUTHORIZATION ROLES - Under the present invention, when an event is received on a server, it is stored and then categorized. In being categorized, an event group pertaining to the event is identified. Based on the group of events, a set (e.g., one or more) of destinations to which the event should be routed can be determined. The group of events is then associated with an access control list (ACL) that contains entries identifying users (or groups of users) and their permissions to interact with events in that group. Once the association is made, the event and optionally the ACL is routed to the appropriate destinations. Based on the permissions contained in the ACL, the destinations will interact with the event accordingly. | 12-25-2008 |
| 20090007234 | COMPUTER SYSTEM FOR AUTHENTICATING A COMPUTING DEVICE - A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device. | 01-01-2009 |
| 20090007235 | Course development program - The present invention is directed to a method of operating a knowledge capture program. The knowledge capture program has the steps of starting the knowledge capture program wherein a user can access content that is either existing content or creating new content. Once the content has been selected then a source subject matter can be selected and displayed, and then captured and incorporated into the content. The source subject matter can be edited and saved into the content. The content can then be retrieved and played in a desired mode of learning. | 01-01-2009 |
| 20090007236 | System And Method For Using A Communication Lease To Open A Communication Channel - A system and method for using a communication lease to open a communication channel is provided. An initiation terminal transmits a channel initiation request for access to a resource manager through a target terminal. Evaluation of a communication lease controlling access to the resource manager is awaited. Approval of the channel initiation request is received upon the successful evaluation of the communication lease. A communication channel is opened between the initiation terminal and the target terminal upon receipt of the approval. | 01-01-2009 |
| 20090007237 | METHOD AND SYSTEM FOR PROVIDING ONLINE RECORDS - A method is provided for providing a user with the ability to access and collect records associated with the user in a secure and private manner. The method includes assigning a phone number to the user for private fax and voice communications from service providers, associating access information with the user for the user to use to access a web site, receiving a private fax communication comprising a record associated with the user for which the user has requested and given permission to the service provider to send to the phone number, converting the private fax communications into an image file format, storing the record encoded in the image file format, and providing the user with access to the web site using the access information and providing on the web site an interface to the records of the user for the user to access the record. | 01-01-2009 |
| 20090013380 | Networks - A Personal Area Network Security Domain (PSD) is formed between devices ( | 01-08-2009 |
| 20090013381 | User Authentication and Authorisation in a Communications System - A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server. | 01-08-2009 |
| 20090013382 | SECURITY SYSTEM, TERMINAL, INFORMATION DELIVERING METHOD, PROGRAM AND RECORDING MEDIUM - A security system including a multiple number of terminals and a delivering apparatus, the terminal including: an acquiring portion for acquiring information to be delivered; a reception portion for accepting a recipient selected from the plural terminals; and a controller which, when the reception portion accepts the recipient, transmits a session initiation request and recipient information representing the recipient to the delivering apparatus and which, when receiving session establishment information that indicates that a communication session has been established between the recipient and its terminal, transmits the information to be delivered that was acquired by the acquiring portion to the delivering apparatus, wherein the delivering apparatus includes: a manager which, when receiving the session initiation request and the recipient information, establishes a communication session between the sender of the session initiation request and the recipient and transmits session establishment information that indicates that a communication session between the sender and the recipient has been established, to the sender; and a delivering portion which, when receiving the information to be delivered from the sender, pushes and delivers the information to be delivered to the recipient. | 01-08-2009 |
| 20090019521 | CONTROLLING ACCESS PRIVILEGES IN A WIRELESS DOMAIN - Various systems, methods, and programs executable on a computer readable medium are provided for providing secure communications in a wireless domain. In one embodiment, a method is provided in which access to a network is established a client in an originating subnet associated with an originating controller in a wireless domain. The access rights for the client are set based upon a first active control list. Access to the network for the client is established in a foreign subnet associated with a foreign controller in the wireless domain when the client roams from the originating subnet to the foreign subnet. A second active control list is tunneled from the foreign subnet to the originating subnet. The access rights to the network for the client in the originating controller are reset based upon the second active control list. | 01-15-2009 |
| 20090019522 | WEB BASED APPLICATION CONSTRUCTOR USING DATA SPACES - A web-based application constructor can be used for constructing a web display. The web-based application constructor can obtain data from heterogeneous data sources to produce the web display. The web display can contain page components and display the data from at least some of the heterogeneous data sources. The system can allow for the construction of user interfaces to access different types of data. | 01-15-2009 |
| 20090019523 | CONTROLLING NETWORK COMMUNICATIONS - A technique of establishing communication between a server apparatus and a client apparatus in a manner that satisfies a desired security level of network communications is disclosed. | 01-15-2009 |
| 20090019524 | System and method for network operation - A network of secure servers, requiring no central entity to administer user identities or access permissions. Each autonomous server hosts a set of user accounts. Users may link to and access the accounts of all other users in the network. Resources in accounts are private, but users may grant each other partial permissions to them. Links and permissions are independent of the location of accounts, and are cryptographically authenticated. Users may migrate their account between servers without loosing accumulated permissions, or breaking links that others have to their account. The ability to grant permissions may be delegated to reflect complex organizational structures. A permission may be configured to unlock data in a multitude of accounts. The system will support applications that require secure information sharing across multiple organizational boundaries, and provides a distributed security model which is feasible to deploy as it is wholly administered by its users. | 01-15-2009 |
| 20090019525 | DOMAIN-SPECIFIC LANGUAGE ABSTRACTIONS FOR SECURE SERVER-SIDE SCRIPTING - A method and apparatus is disclosed herein for secure server-side programming. In one embodiment, the method comprises creating a server-side program with one or more abstractions and compiling the server-side program by translating the server-side program, including the one or more abstractions, into target code that is guaranteed to execute in a secure manner with respect to a security criteria. | 01-15-2009 |
| 20090019526 | ELECTRONIC CONFERENCE SERVER APPARATUS AND ELECTRONIC CONFERENCE SYSTEM - An electronic conference server apparatus is provided, which carries out proper access management over electronic data used at an electronic conference in accordance with an access authority of each participant in the electronic conference. A folder making portion makes a folder for each participant in the electronic conference, the folder being accessible only by the participant, in a participant data recording portion, and copies electronic data limited in access in accordance with an access authority level set for the participant, to the made folder. An access managing portion permits a participant's access to a folder that is made for the participant, but denies other participants' access to the folder. | 01-15-2009 |
| 20090025058 | Methods and apparatuses for introducing devices with simple user interfaces into a secure network community - A method for introducing devices with simple user interfaces into a network community. A user pushes a button on a first device that listens for messages from central points for two seconds and, if no such message is received, becomes a central point and starts sending broadcast ID messages. The user the pushes a button on a second device to be insert, which after interaction with the central point enters a selected state. Noticing this on the user interface of the second device, the user pushes the button on the first device again, and after further communication between the devices, they enter an associated state, which can be verified on the user interface of the first device. Also provided is a first device. | 01-22-2009 |
| 20090025059 | IP SERVICE AUTHORIZATION IN WIRELESS COMMUNICATIONS NETWORKS - Systems and methodologies are described that facilitate protocol address assignment using protocols compatible with specified domains for mobile devices. Devices can request wireless network access through a gateway, which can forward an authentication/authorization request to an authentication server. Upon successful authentication, the authentication server can transmit one or more domain identifiers related to the device or a user thereof. Using the domain identifier, compatible protocols can be determined for use in configuring the device for subsequent domain communication. | 01-22-2009 |
| 20090025060 | METHOD AND APPARATUS TO IMPLEMENT SECURITY IN A LONG TERM EVOLUTION WIRELESS DEVICE - A wireless transmit receive unit (WTRU) is configured to receive unciphered and ciphered messages. The unciphered messages include identity requests, authentication requests, non-access stratum (NAS) security mode commands and tracking area update responses. The ciphered messages may come from the NAS and a Radio Resource Controller (RRC). The messages are ciphered using security keys. | 01-22-2009 |
| 20090031398 | ROLE DETERMINATION FOR MESHED NODE AUTHENTICATION - Techniques are provided for determining respective roles of a first meshed node (MN) and a second MN during an authentication process. The first MN and the second MN determine whether at least one of the first MN and the second MN have a secure connection to an authentication server. When the first MN and the second MN each have a secure connection to the authentication server, the first MN and the second MN determine whether a first authentication message forwarding cost (AMFC) associated with the first MN is the same as a second AMFC associated with the second MN. When the first AMFC associated with the first MN is the different than the second AMFC associated with the second MN, the MN having the lower AMFC to an IAP (coupled to the authentication server) assumes the authenticator role, and the other MN having the higher AMFC assumes the supplicant role. | 01-29-2009 |
| 20090031399 | Method and Apparatus for Content Based Authentication for Network Access - A method and apparatus are provided for authenticating the contents of a device requesting access to a first network, such as an enterprise network. If a device has connected to at least one other network then the content of the device is evaluated prior to obtaining access. The scope of the content evaluation may be based, for example, on properties of the other network or on one or more defined content authentication rules. If a device attempts to access a network, the content of the device is evaluated and the device may be restricted to accessing only one or more restoration services if the content fails to satisfy one or more predefined criteria, such as a content item that is out of date or a determination that the device connected to one or more external networks. The restoration service(s) can update a content item that is out of date, reinstall one or more programs or return configuration settings to default values. | 01-29-2009 |
| 20090037982 | METHOD AND SYSTEM FOR AUTHENTICATING A PARTY TO A TRANSACTION - One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message | 02-05-2009 |
| 20090044249 | SYSTEMS, METHODS AND COMPUTER PRODUCTS FOR A SECURITY FRAMEWORK TO REDUCE ON-LINE COMPUTER EXPOSURE - Systems, methods and computer products for a security framework to reduce on-line computer exposure. Exemplary embodiments include a computer security method, including initiating a computer session on a first computer, receiving a grace period entry into the first computer, monitoring mouse and keyboard on the first computer activity during the computer session, monitoring long-running jobs initiated on the first computer during the computer session, monitoring authorized computer access of a plurality of computers to the first computer, determining which computers of the plurality of computers can access the first computer and for what time period and terminating computer traffic related to the first computer in response to an expiration of the grace period. | 02-12-2009 |
| 20090044250 | Embedded Self-Contained Security Commands - A set of commands is provided to a system for execution in order to modify a security related aspect of the system. The system executes the set of commands absent an intervening command being executed. | 02-12-2009 |
| 20090044251 | MEETING SYSTEM INCLUDING DISPLAY DEVICE AND DATA PROCESSING APPARATUS CONNECTED THERETO, DATA PROCESSING APPARATUS CONNECTED TO DISPLAY DEVICE, DATA OUTPUT METHOD, AND DATA OUTPUT PROGRAM - In order to prevent leakage of confidential data, a meeting system includes a MFP and a projector. The MFP includes a data obtaining portion to obtain data, a participant information obtaining portion to obtain user identification information as participant information, an access permission determination portion and an output permission determination portion to determine whether or not a user identified by the participant information can access the obtained data, to determine that the obtained data can be output if the determination result shows that all the meeting participants can access the obtained data, and to determine that the obtained data cannot be output if any one of the meeting participants cannot access the obtained data, and an output portion to output data on condition that it is determined by the output permission determination portion that data can be output. The display device displays an image based on the data output from the data processing apparatus. | 02-12-2009 |
| 20090044252 | SYSTEM, METHOD, AND PROGRAM FOR INSTANT MESSAGINGS - A method for delivering an instant message in a server connected to two or more computers via a network is provided. The two or more computers include groupware clients in which a user can perform login at the same time, using the same user ID, and for which status that may be different from each other can be set. Embodiments of the method includes authenticating a user of a groupware client who attempts to perform login using a user ID, recording the user ID and status information in association with an instant messaging user ID, receiving an instant message addressed to the user ID, and determining, on the basis of the status information, which of two or more client computers the instant message is sent to. | 02-12-2009 |
| 20090049519 | TERMINAL AND ACCESS POINT FINDING METHOD FOR COMMUNICATING WITH STEALTH ACCESS POINT - There is provided a terminal that is capable of not sending a useless probe request to detect a stealth access point. The terminal communicates with a normal access point that reports a network identifier and a stealth access point that does not report a network identifier. The terminal includes an access point information accumulating section | 02-19-2009 |
| 20090049520 | METHOD OF CONTROLLING A CONFERENCE SYSTEM, PROGRAM PRODUCT, AND STORAGE MEDIUM - A conference system includes a storage unit configured to store electronic data used as conference material, a display unit configured to display electronic data stored in the storage unit, an identifying unit configured to identify an attendee of a conference, and a memory unit configured to store information about an attendee identified by the identifying unit as viewing history information in association with electronic data displayed by the display. | 02-19-2009 |
| 20090055896 | NETWORK CONNECTION CONTROL PROGRAM, NETWORK CONNECTION CONTROL METHOD, AND NETWORK CONNECTION CONTROL SYSTEM - The present invention prevents a computer, which is infected by an unauthorized program such as a virus or spyware when the computer is brought out, from being connected with a secure network such as an intracompany LAN. When a user terminal is started, a connection with the intracompany LAN is attempted. Then, a network connection is temporarily stopped and an environment is compared with the one where the user terminal operated at a previous time. When there is no difference between both of the environments, the connection with the intracompany LAN is restored. However, when it is determined that the user terminal is connected with a network other than the intracompany LAN when the user terminal was operated at a previous time, an inspection for a virus or the like is executed by a USB memory where the latest anti-virus software is stored. After it is confirmed that the user terminal is safe, the connection with the intracompany LAN is restored. | 02-26-2009 |
| 20090055897 | SYSTEM AND METHOD FOR ENFORCING NETWORK DEVICE PROVISIONING POLICY - Systems and methods are provided for enforcing a network device provisioning policy. In one embodiment, a method may employ a computer based system to restrict access to data center resources, receive provisioning requests for access to the data center resources, authorize the provisioning requests after compliance with the network provisioning policy and allow the network device to access authorized data center resources. In another embodiment, a system includes interfaces for provisioning policy, request and task status information. The information provided by these interfaces is then used to determine compliance with applicable network device provisioning policies and restrict or allow access to the data center resources according to the provisioning policy. | 02-26-2009 |
| 20090055898 | PANA for Roaming Wi-Fi Access in Fixed Network Architectures - A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE. | 02-26-2009 |
| 20090064279 | System for secure remote access and control of computers - A system that anyone with a internet browser can use to set up a high security VPN between a mobile wireless hand-held devices or computer and a remote computer and operate control the remote computer. A automated internet browsers sign-up process that sets up a subscription to a VPN service and installs the required software components. A system to provide data and access control security as well as simulating a display, keyboard and mouse on a hand-held device with only a touch screen is also disclosed. | 03-05-2009 |
| 20090064280 | FRAMEWORK FOR DELEGATING ROLES IN HUMAN RESOURCES ERP SYSTEMS - Embodiments presented herein provide transaction delegation systems and methods that allow a delegator to select any user to act as a proxy on that manager's behalf with respect to certain transactions. In embodiments, a manager is able to select different users to manage different transactions. A user can accept a proxy request and obtain the necessary security access when the delegation is active. Thus, the proxy user is able to approve and/or initiate the selected transactions even if the security for those transactions is higher than what the proxy user would normally have. In embodiments, an administrator is able to configure the delegations and can ensure that the delegated authority is revoked when the delegated authority expires. | 03-05-2009 |
| 20090064281 | AUTHENTICATION DEVICE AND NETWORK AUTHENTICATION SYSTEM, METHOD FOR AUTHENTICATING TERMINAL DEVICE AND PROGRAM STORAGE MEDIUM - When an authentication identifier is contained in a first message required for receiving authentication with respect to IEEE 802.1X from a terminal device, the authentication is assumed to be successful and then a data link is established with the terminal device, and a filtering unit is set so as to pass a first packet which should be passed for receiving authentication with respect to a higher layer protocol from among packets sent from the terminal device through the data link and to block a second packet different from the first packet. If a second message required for receiving authentication with respect to the higher layer protocol from the terminal device is received through the filtering unit, the authentication with respect to the higher layer protocol is performed. When the authentication is successful, the filtering unit is set so as to pass the second packet. | 03-05-2009 |
| 20090070857 | COMMUNICATION APPARATUS - An authentication unit performs an authentication processing to obtain a permission for a physical interface including a driver to establish a connection to a network to perform a data transfer. A detecting unit detects authentication state information indicating a state of the authentication processing. Upon receiving the authentication state information from the detecting unit, a transmission control unit controls a transmission of data received from a module for performing a communication based on a protocol of an upper-level layer with respect to a data link layer to an external device based on the state of the authentication processing. | 03-12-2009 |
| 20090077631 | ALLOWING A DEVICE ACCESS TO A NETWORK IN A TRUSTED NETWORK CONNECT ENVIRONMENT - A computer implemented method of allowing a device access to a network in a trusted network connect environment. Responsive to receiving a request from the device to access the network, a type of the device is determined. Responsive to determining the type of the device, a policy for the device is determined based on the type of the device. Responsive to determining the policy for the device based on the type of the device, determining whether an integrity of the device satisfies the policy. Responsive to determining that the device does not satisfy the policy, performing a remediation action on the device. Responsive to determining that the device satisfies the policy, allowing the device access to the network. | 03-19-2009 |
| 20090077632 | PROACTIVE NETWORK ATTACK DEMAND MANAGEMENT - Various embodiments described and illustrated herein provide one or more of systems, methods, software, and firmware to handle attack generated demand proactively using distributed virtualization. One goal of some such embodiments is to provide a time window of stable operational response within which an intrusion detection system may detect an attack and/or cause a countermeasure against the attacks to be activated. Demand excursions which are not caused by an attack are supported during the variability of demand providing transparent response to legitimate users of the system. These embodiments, and others, are described in greater detail below. | 03-19-2009 |
| 20090077633 | COMMUNICATION DEVICE, COMMUNICATION METHOD, COMMUNICATION PROGRAM, ITS RECORDING MEDIUM, AND INTEGRATED CIRCUIT - It is an object of the present invention to provide technology capable of presenting information for selecting an introducer of content. A communication device is provided, the communication device sending content or content identification information to another communication device and receiving content or content identification information from another communication device, comprising: an evaluation value calculation unit | 03-19-2009 |
| 20090083835 | NETWORK ACCESS CONTROL - An system for controlling access to a network by a user device. The system includes a criteria engine that generates a plurality of criteria to be monitored on the user device and a checker that generates at least one check for each of the plurality of criteria. The system further includes a profiler that retrieves a profile for the user device, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria, a comparator that compares a summary of the retrieved profile to a summary of a profile received from the user device and a communicator that communicates a message to the user device based on the comparison. | 03-26-2009 |
| 20090083836 | PREVENTING A NON-HEAD END BASED SERVICE PROVIDER FROM SENDING MEDIA TO A MEDIA PROCESSING SYSTEM - Systems and methods that prevent unauthorized access in a communications network are provided. In one embodiment, a system that prevents unauthorized access to a network device may include, for example, a network device and a headend. The headend may be coupled to a communications network. The network device may be deployed in a home environment and may be communicatively coupled to the communications network via the headend. The headend may be adapted, for example, to determine whether a request to access the network device is authorized. | 03-26-2009 |
| 20090089859 | Method and apparatus for detecting phishing attempts solicited by electronic mail - A phishing filter employs a plurality of heuristics or rules (in one embodiment, 12 rules) to detect and filter phishing attempts solicited by electronic mail. Generally, the rules fall within the following categories: (1) identification and analysis of the login URL (i.e., the “actual” URL) in the email, (2) analysis of the email headers, (3) analysis across URLs and images in the email other than the login URL, and (4) determining if the URL is accessible. The phishing filter does not need to be trained, does not rely on black or white lists and does not perform keyword analysis. The filter may be implemented as an alternative or supplemental to prior art spam detection filters. | 04-02-2009 |
| 20090089860 | METHOD AND APPARATUS FOR LIFECYCLE INTEGRITY VERIFICATION OF VIRTUAL MACHINES - A method and system for verifying the integrity of virtual machines and for verifying the integrity of discrete elements of the virtual machines throughout the lifecycle of the virtual machines. A virtual machine manager capable of managing one or more virtual machine images is installed on a physical hardware platform. An integrity verification component can be communicatively coupled to the virtual machine manager and an integrity reference component so that the integrity verification component can compare digests of the virtual machine image or discrete virtual machine image elements to virtual machine integrity records accessible from the integrity reference component. | 04-02-2009 |
| 20090089861 | PROGRAMMABLE DATA PROTECTION DEVICE, SECURE PROGRAMMING MANAGER SYSTEM AND PROCESS FOR CONTROLLING ACCESS TO AN INTERCONNECT NETWORK FOR AN INTEGRATED CIRCUIT - A data protection device for an interconnect network on chip (NoC) includes a header encoder that receives input requests for generating network packets. The encoder routes the input requests to a destination address. An access control unit controls and allows access to the destination address. The access control unit uses a memory to store access rules for controlling access to the network as a function of the destination address and of a source of the input request. | 04-02-2009 |
| 20090094679 | Detection and Management of Controlled Files - A remote device may receive a policy definition, search a file system for files that are to be protected, and disposition identified files to protect the files. After completing the protection, a report is generated and transmitted to a centralized location. The policy definition may include keywords, directory paths, metadata, or other information that may be used to identify files for protection. After identification, the files may be dispositioned by removal, tagging, encrypting, applying rights management, or other actions. | 04-09-2009 |
| 20090094680 | ACCESS MANAGEMENT FOR WIRELESS COMMUNICATION - Provisioning and access control for communication nodes involves assigning identifiers to sets of nodes where the identifiers may be used to control access to restricted access nodes that provide certain services only to certain defined sets of nodes. In some aspects provisioning a node may involve providing a unique identifier for sets of one or more nodes such as restricted access points and access terminals that are authorized to receive service from the restricted access points. Access control may be provided by operation of a restricted access point and/or a network node. In some aspects, provisioning a node involves providing a preferred roaming list for the node. In some aspects, a node may be provisioned with a preferred roaming list through the use of a bootstrap beacon. | 04-09-2009 |
| 20090100503 | AUTHENTICATION FOR SHARED WIRELESS PERIPHERALS HAVING AN INTERNAL MEMORY STORE FOR SHARING DIGITAL CONTENT ACROSS MULTIPLE HOSTS - The present solution can authenticate a first host to access a memory space of a shared wireless peripheral communicatively linked to the first host via a bus and a device controller. Digital content displayed within a graphical user interface of the first host can be selected. Either a CUT or COPY clipboard operation can be detected that is conducted from the first host. The selected content can be copied to the memory space of the peripheral. The second host can be authenticated to access a memory space of the peripheral communicatively linked to the second host via a bus and a device controller. A PASTE clipboard operation conducted from the second host can be detected. The selected content obtained from the first host can be conveyed from the memory space of the shared wireless peripheral to a cursor specified location within a graphical user interface of the second host. | 04-16-2009 |
| 20090100504 | Methods and Apparatus for Adaptively Determining Trust in Client-Server Environments - Techniques are disclosed for adaptively determining trust in client-server environments. By way of example, a method for assigning a trust level to a client in a client-server environment including at least one client communicating with a plurality of servers includes the following steps. Information associated with a server s | 04-16-2009 |
| 20090100505 | Third-party-secured zones on web pages - A computer-implemented method is provided, including storing, in an authentication server system, a URL identifying at least one web page, and providing a secure zone browser-side script to be placed on the web page. Upon opening of the web page in a browser, the secure zone browser-side script triggers execution of a server-side script at the authentication server system. The server-side script creates, on the web page, an inline frame, which is controlled by the authentication server system during a session that is associated with the inline frame. The authentication server system retrieves a referrer address from the session, and compares the referrer address with the stored URL. Upon finding a match between the referrer address and the stored URL, the authentication server system delivers web content to or via the inline frame. Other embodiments are also described. | 04-16-2009 |
| 20090106821 | CALL LIMITER FOR WEB SERVICES - Embodiments of methods, apparatuses, devices and systems associated with web services are disclosed. | 04-23-2009 |
| 20090113520 | Techniques for Limiting Remote Control of a Computer System - A technique for limiting remote control of a computer system includes receiving user input via an input device associated with the computer system. The user input is encoded, at the input device, using a first coding procedure to provide an encoded signal, which is communicated to an input queue of the computer system. The encoded signal is then decoded, at the input queue, using the first coding procedure to provide the user input. | 04-30-2009 |
| 20090113521 | Private network access using IPv6 tunneling - A connection to a private network may use an IPv6 tunneling client to connect to a corresponding IPv6 tunneling router at the edge of the private network. The client may be configured to automatically establish a tunneling connection and may have a routing table for routing IPv6 addresses for hosts within the private network through the tunneling connection. The client may be connected to an IPv4 or IPv6 connection outside the private network. The connection between the IPv6 tunneling client and IPv6 tunneling router may be an authenticated and secure connection. | 04-30-2009 |
| 20090119749 | METHOD AND SYSTEM FOR DIRECTING USER BETWEEN CAPTIVE AND OPEN DOMAINS - A method for limiting user access to a captive domain or an open domain. The captive domain may include electronically accessible content that is selected/controlled by a service provider and the open domain may include electronically accessible content that is not completely selected/controlled by the service provider. The method may include configuring a modem or other user device in such a manner as to limit use access to the desired domain. | 05-07-2009 |
| 20090119750 | PROVIDING ACCESS CONTROL LIST MANAGEMENT - Control list management may be provided. First, it may be detected that an event has occurred on a data network. Then, it may be determined, in response to the detected event, that a device on the data network needs to be provided with an access control list. Next, the access control list may be obtained from a database central to the data network. Then, the device may be provided with the obtained access control list. | 05-07-2009 |
| 20090119751 | Communication device - A communication device includes an authenticating unit authenticating a wireless communication device, depending on whether predetermined authentication conditions are satisfied or not, when a connection request is received from the wireless communication device, a unit relaying the communications by the wireless communication device when the authenticating unit can authenticate the wireless communication device, a unit receiving connection information containing identifying information for identifying an access point relaying the communications by the wireless communication device from another communication device, a unit receiving, from the wireless communication device, the identifying information for identifying the access point relaying the communications by the wireless communication device, and a unit permitting the relay of the communications by the wireless communication device when the identifying information received from the wireless communication device is contained in the connection information received from the another communication device. | 05-07-2009 |
| 20090125980 | NETWORK RATING - Methods and systems for operation upon one or more data processors for assigning a reputation to a messaging entity by analyzing the attributes of the entity, correlating the attributes with known attributes to define relationships between entities sharing attributes, and attributing a portion of the reputation of one related entity to the reputation of the other related entity. | 05-14-2009 |
| 20090125981 | SYSTEM AND METHOD FOR WIRELESS NETWORK AND PHYSICAL SYSTEM INTEGRATION - In one embodiment, an apparatus includes an intrusion detection arrangement and a location identification arrangement. The intrusion detection arrangement determines when a client without authorization attempts to access a wireless network of which the intrusion detection arrangement is a part. The location identification arrangement identifies at least a first approximate physical location of the client without authorization when the client without authorization attempts to access the wireless network. The location identification arrangement is configured to communicate the first approximate physical location to a surveillance arrangement which monitors the first approximate physical location | 05-14-2009 |
| 20090125982 | COMPUTER SYSTEM FOR PORT FORWARDING - A computer system includes multiple computer modules each including at least a calculator and a storing unit. A first computer module of the computer modules includes: a storing unit that stores authentication information for connection with a second computer module of the computer modules; an authenticator that authenticates an information processing device accessing the first computer module, and allows the information processing device to access thereto based on an authentication result; and a relay connector that connects the information processing device allowed to access the first computer module to the second computer module based on the authentication information. | 05-14-2009 |
| 20090133100 | ACCESS CONTROL ON DYNAMICALLY INSTANTIATED PORTAL APPLICATIONS - The present invention relates to a method and system for controlling access rights to dynamically instantiated portal applications in a portal environment, wherein new instances of a portal application and respective access control information on resources used in the application are generated dynamically from an automated programmed mechanism, and wherein a user-application role mapping is demanded for the portal application by a respective runtime access control function implemented at the portal environment. The method includes: assigning an individual user-to-application role mapping to a respective individual one of the created instances of the portal application, wherein for each incoming user request to one of the created instances the runtime access control function checks a target application instance identifier, which identifies an individual application instance desired to be addressed by the incoming request; and granting access rights to incoming user requests according to the application roles as they are defined for the target application instance. | 05-21-2009 |
| 20090133101 | SECURE FILE TRANSFER METHOD - An on-board telecommunication system, partitioned into a secure area and a non secure area, including at least a first telecommunication equipment unit in the secure area, a second telecommunication equipment unit in the non secure area, and a first one-way link from the first to the second equipment. The first equipment unit is configured to transmit data on the first link according to a first protocol. The system further includes a second link from the second to the first equipment unit, in accordance with a second protocol, the first two layers of which are distinct of those of the first protocol, the second equipment configured to transmit data on the second link as messages in accordance with the first protocol and encapsulated in frames in accordance with the second protocol. | 05-21-2009 |
| 20090144806 | Handling of DDoS attacks from NAT or proxy devices - A method for authenticating communication traffic includes receiving an initial incoming message, sent over a network from a source address to a destination address. In reply to the initial incoming message, an outgoing message containing an encoded token is sent to the client. Upon receiving a number of further incoming messages from the source address containing the encoded token, delivery of one or more of the further incoming messages to the destination address is inhibited when the number exceeds a predetermined threshold. | 06-04-2009 |
| 20090144807 | METHOD, APPARATUS AND SYSTEM FOR IMPLEMENTING ACCESS AUTHENTICATION - The method, apparatus and system for access authentication include: the network node sends the authentication information to the authentication server, the authentication server deals with the authentication process. When the authentication is successful, the network node is trusted. The UE may send authentication information through the trust node to the authentication server, and the authentication server deals with the authentication process. At the same time, the trust node controls the UE according to the information, which is from the policy server. So the NSP may account to the different users according to the different services, and prevent the illegal action, and the network node may deal with local monitoring according to the policy information. | 06-04-2009 |
| 20090150975 | METHOD AND APPARATUS FOR PROVIDING INTERNET GATEWAY SERVICE USING PLURALITY OF UNIVERSAL PLUG AND PLAY INTERNET GATEWAY DEVICES - Provided is a Universal Plug and Play (UPnP) Internet Gateway Device (IGD). A plurality of IGDs existing in a UPnP network interchange IGD information that is managed in order to provide a gateway service with each other, and thus the bandwidth of a device connected to the Internet can be increased, handover of a device can be successfully performed in the presence of an error of an IGD, and loads can be balanced between a plurality of IGDs. Accordingly, various Internet services can be efficiently provided to the UPnP device. | 06-11-2009 |
| 20090150976 | IP SERVICE CAPABILITY NEGOTIATION AND AUTHORIZATION METHOD AND SYSTEM - A method and system for negotiating and authorizing one or more IP services among a plurality of network entities in a wireless communication system is disclosed. In one embodiment, a system includes a transceiver module configured to receive one or more parameters of an access service network at a home connectivity service network of a mobile station. In addition, the one or more parameters of the access service network may be received at a visited connectivity service network, which transmits the one or more parameters of the access service network and one or more parameters of the visited connectivity service network to the home connectivity service network. This system further includes a home server unit authorizing one or more IP services, and transmitting network configuration information related to the authorized one or more IP services to the access service network. | 06-11-2009 |
| 20090150977 | SECURE REMOTE MANAGEMENT APPLIANCE - A computer network management system with an embedded processor, an analog communication means and a digital interface for network management provides a system for remotely and securely managing a network. Backup power in the form of an uninterrupted power supply, or other power means as appropriate, allows the modem to provide power outage notification to a remote site. The system further provides authentication and authorization capabilities for security purposes. | 06-11-2009 |
| 20090158392 | DYNAMIC AUTHENTICATION GATEWAY - A dynamic authentication broker is configured to process authentication requests received from a network access server formatted in any of a plurality of protocols and received over any of a plurality of ports. Processing authentication requests may include authenticating and/or authorizing a particular user, user device and/or network access server. | 06-18-2009 |
| 20090158393 | Delegation of user's consent in federation of services and identity providers - The present invention is aimed to provide a mechanism whereby any person can have user's attributes in a web service provider for sharing with a web service consumer, even if such person is not enabled to provide user's consent to share such user's attributes, and provided that other persons at a hierarchically higher position are enabled to provide such user's consent instead of the owner of the user's attributes, whilst respecting high requirements on privacy for both. Therefore, the present invention provides for a number of cooperating entities and a new method, the cooperating entities being configurable in such manner that delegation modules comprising different relationships of user's consent may be distributed among some of the cooperating entities, and transmitted between the number of cooperating entities, depending on the required level of privacy set on a per network basis and on a per user basis. | 06-18-2009 |
| 20090158394 | SUPER PEER BASED PEER-TO-PEER NETWORK SYSTEM AND PEER AUTHENTICATION METHOD THEREOF - Provided are a super peer based P2P network system and a peer authentication method thereof. The authentication method includes a first authentication process and a second authentication process. In the first authentication process, a user and a peer which want to use a P2P network are verified by submitting authentication information and a public key infrastructure (PKI) certificate, and receive the permission of connection. In the second authentication process, a user and a peer requesting the use of a specific service are authenticated by using an authentication ticket and a service access-permitted time is limited in order to reinforcing the security of the specific service, which is searched in the P2P network and provided by the peer. Accordingly, the service providers can verify users more securely and limit the service available time of each user with respect to a specific service provided by the peer by using the lifetime of the ticket. | 06-18-2009 |
| 20090158395 | METHOD AND APPARATUS FOR DETECTING DOWNLOADABLE CONDITIONAL ACCESS SYSTEM HOST WITH DUPLICATED SECURE MICRO - A method where a Downloadable Conditional Access System Provisioning Server (DPS) detects a duplicated secure micro is provided. A method of detecting a duplicated secure micro, the method including: generating authentication time difference information associated with a value of a difference between a time when a host is finally authenticated in a first address and a time when the host is authenticated in a second address; comparing the authentication time difference information with a first reference value and a second reference value, the second reference value being less than the first reference value; and determining whether the secure micro is duplicated based on a result of the comparing. | 06-18-2009 |
| 20090165088 | METHOD AND SYSTEM FOR PROVIDING A CONTENT LIST AND CONTENT CLIPS TO A USER NETWORK DEVICE THROUGH AN INTERMEDIATE WEB PROVIDER - A method and system for providing content includes an intermediate web provider having content therein and a user network device communicating a user identifier data to the intermediate web provider. The intermediate web provider communicates the user identifier data for the user network device to a primary service provider. The system also includes a primary service provider authenticating the user network device using the user identifier. The intermediate web device forms a content list corresponding to at least some of the content provided to the intermediate web provider. The intermediate web provider communicates the content list to the user network device from the intermediate web provider. The user network device forms a selection from the content list at the user network device and communicates the selection to the partner service provider. The intermediate user device communicates the content corresponding to the selection to the user network device. The user network device displays the content on a display associated therewith. | 06-25-2009 |
| 20090165089 | Methods and Apparatus for Management of User Presence in Communication Activities - Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles. | 06-25-2009 |
| 20090165090 | METHODS, SYSTEMS AND PROGRAM PRODUCTS FOR CREATION OF MULTIPLE VIEWS AND OPTIMIZED COMMUNICATIONS PATHWAYS BASED ON PERSONAL DESCRIPTORS - Multiple views and optimized communications pathways of personal descriptors are provided over a communications network for a globally accessible contact list of contacts in a database. User descriptors are automatically populated in a dynamic repository, and subsequently form personal descriptors. User queries and contact information are received anonymously and stored in a dynamic repository, based on adding the contact to an instant messaging roster state database, where the contact information is categorized, based on identifiable relationships between user descriptors and a group of user defined rules. Such user contact information is transmitted and/or received to and/or from contacts in the globally accessible contact list so as to share presence and access information, and where the user is an authorized user providing varying levels of access information. Sharing access to the personal descriptor includes the use of a communications broker, rendering an animated personal descriptor and completing social and business interactions. | 06-25-2009 |
| 20090165091 | METHOD AND SYSTEM FOR NETWORK ACCESS AND NETWORK CONNECTION DEVICE - A network access method and system and a network connection device are provided. A network connection device connected between a first network and a second network obtains first network attribute information about a first network device according to an access request for accessing the second network from the first network device on the first network. The network connection device performs authentication on whether the first network device has a right to access the second network based on the first network attribute information. If the authentication is passed, the network connection device connects the first network device into the second network. If the authentication is not passed, the network connection device prohibits the first network device from accessing the second network. | 06-25-2009 |
| 20090172779 | MANAGEMENT OF SPLIT AUDIO/VIDEO STREAMS - Described herein is a method that includes receiving multiple requests for access to an exposed media object, wherein the exposed media object represents a live media stream that is being generated by a media source. The method also includes receiving data associated with each entity that provided a request, and determining, for each entity, whether the entities that provided the request are authorized to access the media stream based at least in part upon the received data and splitting the media stream into multiple media streams, wherein a number of media streams corresponds to a number of authorized entities. The method also includes automatically applying at least one policy to at least one of the split media streams based at least in part upon the received data. | 07-02-2009 |
| 20090172780 | Server for displaying contents - Provided are a user/viewer-friendly device and system for displaying various contents such as moving images, still images, and texts, and a service using these. A screen (terminal) for displaying the contents and a terminal for operating display switching, etc. are separated from each other. A display terminal (television, large screen display, etc.) and an operation terminal (mobile phone terminal) are connected to a server through a network. The server manages association and operation of both the terminals. | 07-02-2009 |
| 20090172781 | TRUSTED VIRTUAL MACHINE AS A CLIENT - The embodiments provide generating a dedicated virtual machine image (DVMI) including functionality for a target service provider and launching the DVMI in the host device as a dedicated virtual machine (DVM). A measurement of the DVMI and/or the launched DVM, as a Trusted Dedicated Virtual Machine (TDVM), is transmitted to the target service provider server. The target service provider determines a trust level for the TDVM, based upon the measurement and provides a level of service by the target service provider server to the TDVM, according to the trust level of the TDVM. | 07-02-2009 |
| 20090178116 | Communication control device and communication control system - The present invention provides a technique for improving the security of access to contents. | 07-09-2009 |
| 20090178117 | SYSTEM AND METHOD OF RETRIEVING A SERVICE CONTACT IDENTIFIER - Aspects of the invention relate to a system and method of retrieving a service contact identifier for providing a service to a user is proposed. The method is performed in a system comprising at least one server system configured for connecting to a user device of said user. The server system has access to a database comprising at least a first service contact identifier required for providing a first service and a second service contact identifier required for providing a second service. The first service is identified by a first service identifier. The first service contact identifier and second service contact identifier are different service contact identifiers. The first service identifier and a service contact identifier are received from the user device of said user. The first service contact identifier may then be retrieved in dependence of the received first service identifier and the received service contact identifier, irrespective of whether said received service contact identifier is said first service contact identifier or said second service contact identifier. | 07-09-2009 |
| 20090178118 | Methods of and Systems for Offering and/or Providing Information - There is provided a method of selecting information, the method comprising attempting to authenticate a mobile device ( | 07-09-2009 |
| 20090183232 | Data processing network and method for operating a data processing network - During operation of a data processing network, including a number of individual devices enabling user access, an identification object that can be carried by a user of the data processing network exchanges data in a wireless fashion with an access control device connected to an individual device, as soon as the identification object is sufficiently close to the access control device. In at least one embodiment, the user is allowed access to the data processing network as a function of data stored on the identification object and transmitted to the individual device. If a second identification object approaches the access control device, the different identification objects are assigned different usage rights as a function of the time that has elapsed between the detection of the identification objects by the access control device. | 07-16-2009 |
| 20090187969 | SYSTEM AND METHOD FOR SYNCHRONIZING SECURITY SETTINGS OF CONTROL SYSTEMS - A method for communicating data between a first and second control system (FCS and SCS). FCS ( | 07-23-2009 |
| 20090187970 | NETWORKING AS A SERVICE: DELIVERING NETWORK SERVICES USING REMOTE APPLIANCES CONTROLLED VIA A HOSTED, MULTI-TENANT MANAGEMENT SYSTEM - Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates. | 07-23-2009 |
| 20090187971 | METHOD AND PROCESSOR FOR DELEGATED TRANSMISSION/ RECEPTION OF A SESSION INITIATION PROTOCOL, SIP, MESSAGE - A method for delegated transmission/reception of a Session Initiation Protocol, SIP, message, where delegation related header fields or header field parameters are extended in the SIP message and a SIP processor processes the message according to the extended header fields or header field parameters to implement the delegation function at the SIP layer. Accordingly, an SIP processor is provided. Because delegation is implemented at the SIP layer, the delegation mechanism is independent of services and therefore can be applied to different services. This facilitates multiplexing and uniform management of the delegation function. | 07-23-2009 |
| 20090187972 | METHODS AND APPARATUS OF OVER-THE-AIR PROGRAMMING OF A WIRELESS UNIT - Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. They key is generated by the K-algorithm having the identifier associated with the K-algorithm input. In response to the receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match. When finding the match, the unit uses the parameters for programming of the unit in the particular communications system. When failing to find the match, the unit fails to use the parameters for the programming. | 07-23-2009 |
| 20090193501 | DOCUMENT EVIDENCE AND ARTICLE RETRIEVAL AND IDENTIFICATION SYSTEM - The invention involves document evidence and article retrieval and identification system which provides solution to track a document, or article within a control environment. This solution provides the integrated human identity, embedded tracking devices into physical evidence record to enable tracking of movement by authorized person or personnel. The system is capable to capture and track the activities life cycle of the document, evidence, file or article life cycle using the tracking management system server. This invention provide highly security feature to integrate human identity for access authentication interrogative with the confidential document or evidence or file or article. | 07-30-2009 |
| 20090193502 | Authentication system, server apparatus and authentication method - An authentication system includes: a server apparatus; a terminal device; and an authentication device connected to the terminal device and used for authentication when establishing a session between the terminal device and the server apparatus. The server apparatus has an authentication request data creating unit configured to create authentication request data to authenticate the terminal device, and a sending unit configured to send authentication request data. The terminal device has a receiving unit configured to receive authentication request data, an authentication reply data creation requesting unit configured to request the authentication device to create authentication reply data, and a sending unit configured to send the authentication reply data. The server apparatus further has: an authentication processing unit configured to authenticate the terminal device based on the authentication reply data, and as a result of authentication, data is sent to the terminal device when the terminal device is authenticated. | 07-30-2009 |
| 20090199271 | IMPLICIT POPULATION OF ACCESS CONTROL LISTS - Communication applications may include lists of users with which a user of the application communicates. If two users of a communications application each include the other user on their user lists, an implicit trust may be established between the users. For example, if user A includes user B in her list and user B includes user A in his list, then it may be determined that each user knows and/or trusts the other user. As a result, a connection or communications pathway may be automatically created between the client devices of the users to facilitate communications between the users based on the implicit trust. | 08-06-2009 |
| 20090199272 | AUTHENTICATION USING A TURING TEST TO BLOCK AUTOMATED ATTACKS - System and methods for authenticating a transaction between a user system and a host system are described herein. In one embodiment, the system and methods use a text-reading test (TRT) image as part of the authentication process. The TRT image is presented to the user upon initiation of a transaction by the user. Information provided by a user, via the user system, after perception of the TRT image is compared to the source information in the TRT image. If the user input corresponds to the source information, the user is authenticated and transaction is allowed to proceed. | 08-06-2009 |
| 20090210926 | METHOD FOR MAINTAINING PLESIOCHRONOUS ENTITIES - Methods and system are provided such that a Client device can send a synchronization signal to a Server device, and the Server can make the necessary adjustments to maintain the two devices plesiochronous. Further, the server is provided with the capabilities to calculate the Client time. That is, the server is configured to perform the necessary steps, as per the methods of this invention, in order to be able to compute the Client's CT | 08-20-2009 |
| 20090210927 | AUTHENTICATION APPARATUS, AUTHENTICATED PRINTING SYSTEM, AND AUTHENTICATION METHOD - An authentication apparatus of the invention performs an authentication process based on authentication data input from a device used for data entry. The authentication apparatus receives device identification information for identifying the device and matches the received device identification information against authentication-authorized device identification information representing that the device is authorized to be used for authentication. In the case of failed matching of the received device identification information with the stored authentication-authorized device identification information, the authentication apparatus restricts the authentication process. This arrangement ensures the high security in an authenticated printing system including a printing apparatus connectable with at least one device used for entry of authentication data. | 08-20-2009 |
| 20090217350 | DYNAMIC INTERNET ADDRESS ASSIGNMENT BASED ON USER IDENTITY AND POLICY COMPLIANCE - In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client. | 08-27-2009 |
| 20090217351 | TECHNIQUES FOR ANONYMOUS INTERNET ACCESS - Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained. | 08-27-2009 |
| 20090217352 | Web managed multimedia asset management method and system - A system for multimedia asset management includes: multimedia assets stored in storage locations, the assets containing collections of associated multimedia files and metadata; a web portal in communications with the storage locations and configured to provide a user access to the assets; a search engine accessible to the user through the web portal and configured, responsive to a user search query, to search for assets based on asset metadata and provide corresponding search results to the user. The web portal is configured: responsive to a user's selection of a selected asset located by the search engine, to provide the user access to the selected asset; and to automatically determine how the asset is presented to the user based, at least in part, on the nature of the user's connection to the storage location storing the selected asset and on an available application on the user's client machine. | 08-27-2009 |
| 20090217353 | METHOD, SYSTEM AND DEVICE FOR NETWORK ACCESS CONTROL SUPPORTING QUARANTINE MODE - This invention discloses a network access control method supporting quarantine mode. Access devices can identify access control strategies identifications of which are returned from the AAA server during identity authentication processes. When the security policy server needs to assign an access control strategy to the access device for the terminal, the AAA server puts the identification of the required access control strategy into the identity authentication response to be sent to the access device, and then the access device recognizes and applies the access control strategy. Thus access devices from any vendors can cooperate with the security policy server in quarantine mode. This invention also discloses a network access control system supporting quarantine mode, and the system consists at least of a security policy server, an AAA server, and some user terminals. | 08-27-2009 |
| 20090217354 | CONTROLLING ACCESS OF A CLIENT SYSTEM TO ACCESS PROTECTED REMOTE RESOURCES SUPPORTING RELATIVE URLS - A response can be received from an access protected remote resource in response to a client request to the access protected remote resource. The access protected remote resource is configured in such a way that the client system is not allowed to directly access the access protected remote resource but all client requests are rerouted via the web application which is authorized to access the access protected remote resource. All references that are defined by absolute URLS and point to access protected remote resources can be identified within responses. A rewritten URL replaces each original URL of the identified reference to an access protected remote resource. Generation of the rewritten URL can occur by splitting the original URL into a base part and a resource part, by generating an authentication identifier by applying an authentication method to at least the base part, and by concatenating the URL of the web application, the base part, authentication identifier, and resource part. The original URL of the references contained in the response can be replaced by the rewritten URL including the authentication identifier. The response including rewritten URL and authentication identifier can be sent to the client system. When the client system triggers said rewritten URL, the web application extracts the base part and authentication identifier from the URL and verifies the authentication identifier by applying the same authentication method on the base part in order to ensure that the base part has not been changed. Only if the authentication identifier is verified correctly, the web application builds the full resource URL from the rewritten URL and returns the respective resource to the client system. | 08-27-2009 |
| 20090217355 | Method and Apparatus For Providing Network Security Using Role-Based Access Control - A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field. | 08-27-2009 |
| 20090222888 | COMMUNICATING A PASSWORD SECURELY - A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base. | 09-03-2009 |
| 20090222889 | REMOTE DISABLEMENT OF A COMPUTER SYSTEM - Methods and arrangements for ensuring that, when a computer system is stolen or otherwise misplaced, the system is rendered unusable (i.e., locked down). Conventional solutions have required software running on the system to perform the lockdown action, but in accordance with at least one preferred embodiment of the present invention is the linkage of TPM (Trusted Platform Module) and AMT (Active Management Technology) solutions whereby an AMT arrangement can remove secure data or identifiers so that any encrypted data present on the system will become unusable. | 09-03-2009 |
| 20090222890 | METHOD AND APPARATUS FOR PROVIDING STREAMING SERVICE BASED ON P2P AND STREAMING SERVICE SYSTEM USING THE SAME - A method and apparatus for providing a stream service based on P2P and a streaming service system using the same are provided. In order to provide the stream service to peers without concentrating the load thereof to a server, the each peer includes an apparatus for providing a streaming service. The streaming service apparatus includes a peer communication module, a storing unit, and a peer server unit and a peer client unit. By using a streamable software list and a peer list transmitted from the peer communication module, the peer server unit for receiving a streaming service request from other peers, reading corresponding software from the storing unit and providing a streaming service for the read software. Also, the peer client unit requests a streaming service for predetermined software to other peer, and stores streamable software, which is received from other peers through the streaming service, in the storing unit. | 09-03-2009 |
| 20090222891 | METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USER IDENTITY - A method and system for authenticating an internet user identity by cross-referencing and comparing at least two independent sources of information. A first IP address of an internet user is identified and the geographical location of the first IP address is traced to determine a first location. The geographical-location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated. Geographical information is maintained in an updatable cache. | 09-03-2009 |
| 20090222892 | REMOTE ACCESS SYSTEM, METHOD AND PROGRAM - A remote access system comprises a remote terminal, an access server accommodating a connection from the remote terminal, and first and second logical channels logically connecting the remote terminal and the access server. The remote terminal comprises a flow search processing unit that classifies flows. The access server comprises a pass determining unit that determines whether a flow can pass or not, and a flow search processing unit that classifies flows. The first logical channel is used to transfer packets included in a flow that needs to be judged by the access server as to whether it can pass or not. The second logical channel is used to transfer packets included in a flow that has been permitted by the access server to pass. | 09-03-2009 |
| 20090241168 | SYSTEM AND METHODS FOR PROTECTING CONFIDENTIAL INFORMATION ON NETWORK SITES BASED ON SECURITY AWARENESS - A system for protecting confidential information based upon user security awareness is provided. The system includes a network interface for connecting the system to a plurality of remotely-located network sites. The system also includes one or more processors on which at one or more data processing feature execute in response to a request received from a user of one of the remotely-located network sites. The system further includes a security-awareness module configured to execute in conjunction with the one or more processors for determining a measure of security awareness of the user, and for granting or denying the user access to the at least one data processing feature based upon the measure of security awareness. | 09-24-2009 |
| 20090241169 | AUTHENTICATION OF DEVICES IN A WIRELESS NETWORK - A method for authentication of devices (D | 09-24-2009 |
| 20090241170 | ACCESS, PRIORITY AND BANDWIDTH MANAGEMENT BASED ON APPLICATION IDENTITY - A method or system for managing packet flow is disclosed. The packets each include an inserted application identifier identifying a registered application. The method includes receiving packets destined for one or more resources, determining, by a packet processor, the inserted application identifier for each of the respective packets received and managing the packet flow of each received packet sent from a security node based at least in part on the inserted application identifier of the received packet. | 09-24-2009 |
| 20090241171 | WEARABLE COMPUTER SYSTEM AND METHOD CONTROLLING INFORMATION/SERVICE IN WEARABLE COMPUTER SYSTEM - A wearable system and a method for transferring and controlling information/service based on biologically generated information from a user are provided. In the method, an intuitive bio signal generated by a user is sensed and a device pointed by the sensed bio signal is selected. Then, bio signal information is created using the sensed bio signal and the generated bio signal information is transmitted to the selected device. After transmitting, the information/service is transferred to the selected device after confirming that the selected device that receives the bio signal information is activated. | 09-24-2009 |
| 20090249444 | METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR OPERATING A COMMUNICATIONS NETWORK WITH ENHANCED SECURITY - A communications system includes a plurality of patch panels having a plurality of connector ports connected to individual communication channels, a switch that provides access to multiple networks via one or more switch ports, a system manager that controls interconnections between the patch panels and the switch, and a plurality of patch cords configured to selectively interconnect patch panel connector ports. The system manager is configured to receive a request to connect an individual communication channel to a specific network, to identify which patch panel connector ports are required to be patched together via one or more patch cords in order to establish a circuit to the requested network, and to enable a switch port to activate the circuit. The system manager is configured to monitor connectivity of a circuit and to park a switch port associated with the circuit in response to detecting a change in circuit connectivity. | 10-01-2009 |
| 20090249445 | Authentication of Websites Based on Signature Matching - There are disclosed methods, computer-readable media, and apparatus for authenticating a target website. A repository that stores data on a plurality of known authentic websites may be provided. The stored data for each of the plurality of known websites may include identifying labels and a signature content set. A target website may be authenticated by comparing the identifying labels and a signature content set of the target website to corresponding data stored in the repository. | 10-01-2009 |
| 20090249446 | METHOD AND SYSTEM FOR MANAGING ENTERPRISE CONTENT - A method and system for providing a consistent flow documents and data content across different organizational units of a company or agency where the documents and data come from different enterprise systems and data stores but are related to linked processes that share models for organizing the content in the business context and in a format that enables a user to relate the content to the process step or steps they are performing. The system includes a network service that enables a configuration utility to automatically discover the objects and metadata and provides for a mapping of selected fields of the metadata to regions displayed in the user interface view with provision for filtering the data by mapping selected fields to a user input form. Thereby, a business analyst can create solutions without writing and maintaining complex program logic for each combination of presentation environment, enterprise system and data store. | 10-01-2009 |
| 20090254974 | Method and Apparatus for Open Internet Security for Mobile Wireless Devices - A method and apparatus for a wireless communication network with mobile wireless devices, where the wireless communication network is at least in part controlled by a wireless network service provider that provides wireless network services to subscribers, the wireless devices including terminals capable of communication in the wireless communication network and capable of connecting to the Internet, each terminal having a removable USIM under the control of the wireless network service provider, wherein the USIM is provided to a subscriber for installation in the subscriber's terminal for controlling the terminal's access to the service provider's wireless communication network and to the Internet. | 10-08-2009 |
| 20090254975 | Location Based Authentication - The present invention relates to authenticating a mobile device using logical location information associated with the device which provides an indication of the proximity of the device to other devices. The present invention provides a mechanism for authenticating a mobile device based on location related information or a “logical location”, but without requiring an actual location. The mobile user device identifies or discovers other devices, using direct wireless communication, within its vicinity and forwards this information to the authenticating authority. If this information matches previous or otherwise predetermined information, then the device is authenticated. | 10-08-2009 |
| 20090254976 | CONDITIONAL DATA DELIVERY TO REMOTE DEVICES - In one embodiment a method comprises enrolling a mobile device in a local area network by setting a variable to a mobile device identifier and authenticating the mobile device using a network gateway and the mobile device identifier. A request for data is received from the mobile device and the data is delivered from a service provider to the mobile device. | 10-08-2009 |
| 20090260059 | Method and System for Secure Management of Co-Located Customer Premises Equipment - A method, system, and apparatus for managing customer premise equipment according to one embodiment includes establishing a secure connection between a first transport unit and a second transport unit. The secure connection includes an embedded operations channel and is operable to isolate a management plane from a data plane. The method further includes the first transport unit receiving a request for access to the first transport unit from the second transport unit. The method further includes establishing a secure terminal session between the first transport unit and the second transport unit using the embedded operations channel in response to receiving the request for access. The first transport unit then receives a management command from the second transport unit and the first transport unit performs at least one management function in response to receiving the management command. | 10-15-2009 |
| 20090260060 | RICH MEDIA COLLABORATION SYSTEM - A user annotates a shared document with text, sound, images, video, an e-mail message, graphics, screen snapshots, web site snapshots to share with others. The document and its annotations are stored in a digital object repository to which other users have access. Within the closed collaboration system, only users who are authenticated may upload digital objects, annotate digital objects and view objects and their annotations. The user sends a message to other users to invite them to view the object and its annotations and to add their own annotations. An annotated object generates an alert for all of the invited users. A remote authentication gateway authenticates users and has a repository for user metadata. Digital object repositories are separate from the authentication gateway, thus providing for disintermediation of the user metadata from the digital object data. The collaboration system may be hosted by a third party on a server computer available over the Internet that displays a web site. A user is not required to have collaboration system software on his or her computer and may annotate any image on the web site for later viewing by other users of the web site. | 10-15-2009 |
| 20090260061 | SYMBIOTIC NETWORK DIGITAL DOCUMENT LAYERING AND/OR STEGANOGRAPHY METHOD, ARTICLE AND APPARATUS - What is provided are methods, articles and apparatuses for digital document layering, watermarking holding messages, and/or general steganography over a symbiotic network. | 10-15-2009 |
| 20090260062 | REAL-TIME ONLINE COMMUNICATIONS MANAGEMENT - Every day many people use real-time online communication applications in business communications. Although instant message communications can be sent via a secure channel, users can accidentally send instant messages to unintended recipients by typing or pasting text and images. This can lead to unintended information security failures. Implementing functionality to prioritize chat windows within a real-time online communication application reduces the likelihood of sending messages to incorrect recipients. | 10-15-2009 |
| 20090260063 | IMAGE FORMING SYSTEM AND IMAGE FORMING APPARATUS - An image forming system includes: an authentication server device having user information, for performing a user authentication via a computer network; and an image forming apparatus including: an authentication unit for accessing the authentication server device to perform an authentication processing for a user; and a data storage device for storing therein document data generated by an image forming processing based on the user's operation, and storing document attribute information, which has the same attribute items as a part of, or all of, attribute items of the user information held by the authentication server device, in association with the document data. | 10-15-2009 |
| 20090265760 | COMPONENT-ORIENTED ARCHITECTURE FOR WEB MASHUPS - A component-oriented web mashup system and method for communicating between component-oriented Web gadgets to facilitate secure Web mashups. Embodiments of the system and method redefine the traditional definition of gadget to mean a Web component having a verifiable controlled communication channel (a CompoWeb gadget). A CompoWeb gadget is created and defined using new HTML tags and global script objects and functions that extend the functions of the browser. CompoWeb gadget content is treated as a component that is isolated from other gadgets and frames by a browser, and only those allowed access can view data and code therein. Called functions of a CompoWeb gadget are run in the callee's environment instead of the caller's environment. This adds security, because all the requesting CompoWeb gadget receives is the run result. Embodiments of the system and method also include delayed binding of CompoWeb gadgets, such that binding is performed at run time. | 10-22-2009 |
| 20090265761 | ONLINE HOME IMPROVEMENT DOCUMENT MANAGEMENT SERVICE - An online home improvement document management service includes a host server having a web-based interface adapted to facilitate secure customer access to the host server. The host server is configured to receive home improvement data communicated from the customer through use of a computing device. A processing module is in operative communication with the host server and is configured to process the home improvement data communicated from the customer. A processing software application is trained to classify the processed home improvement data and selectively extract data therefrom based on the classification. The processing software application is configured to selectively present the processed home improvement data for a customer verification via the web-based interface upon at least one of an unsuccessful classification and an unsuccessful extraction of data. A storage device is in operative communication with the processing module and is configured to store the extracted data as metadata upon at least one of the customer verification and the extraction. A content management software application is configured to detect at least one of a customer request through the web-based interface and at least one triggering condition corresponding to the metadata. The content management software application generates at least one report based on the detection of at least one of the customer request and the at least one triggering condition. | 10-22-2009 |
| 20090265762 | ONLINE MANAGEMENT SERVICE FOR IDENTIFICATION DOCUMENTS - An online identification document management service includes a host server having a web-based interface adapted to facilitate secure customer access to the host server. The host server is configured to receive identification data communicated from the customer through use of a computing device. The identification data includes at least one of an imaged identification document and information related to the imaged identification document. A processing module is in operative communication with the host server and is configured to process the identification data communicated from the customer. A processing software application is trained to classify the processed identification data and selectively extract data therefrom based on the classification. The processing software application is configured to selectively present the processed identification data for a customer verification via the web-based interface upon at least one of an unsuccessful classification and an unsuccessful extraction of data. A storage device is in operative communication with the processing module and is configured to store the extracted data as metadata upon at least one of the customer verification and the extraction of data. The processing software application is cumulatively trained to subsequently classify the processed identification data successfully upon the customer verification thereof. A content management software application operates on the host server and is configured to process a customer request through the web-based interface to selectively generate at least one reproduction of the processed identification data. | 10-22-2009 |
| 20090265763 | Content-Based Notification and User-Transparent Pull Operation for Simulated Push Transmission of Wireless Email - Exemplary system, method, software and apparatus embodiments provide for creating a content-based notification for a mobile device, as a simulated push operation, for devices which do not have push capability. The system comprises a database, a server, and may also include a second web server for user account configuration. The database is adapted to store user account configuration and preference information. The server is adapted to receive a first message having a first protocol, such as SMTP, and to determine whether the content-based notification for the first message should be provided. When the content-based notification is to be provided, the server is adapted to extract a subset of information from the first message, and using the subset of information, to create a second message having a second, different protocol, such as SMS. The second message is transferred to a wireless network for transmission to the mobile device, with the second message providing the content-based notification of the first message. The information extracted from the first message enables a user to determine whether they want to download the complete message, as a user-transparent pull operation, and typically includes the from, to, size, date, subject fields, and a portion of the body of the first message, up to the remaining capacity of the second message. | 10-22-2009 |
| 20090271845 | METHOD AND DEVICE FOR INITIATING SESSION - A method and device for initiating a session are disclosed. The method includes: receiving a session triggering message from a Data Synchronization or Device Management (DS/DM) server, where the message carries indication information indicating whether to report at least one of security authentication information and device information; and if the at least one of the security authentication information and the device information needs to be reported, sending a session initiation message carrying the required information to the DS/DM server. | 10-29-2009 |
| 20090276830 | Facilitating Protection Of A Maintenance Entity Group - According to one embodiment, maintenance points of a maintenance entity group are identified. The maintenance points comprise end points and intermediate points. A secure connectivity association set is established for the maintenance points. The following is performed for each frame of a number of frames: determining security data of the secure connectivity association set; placing the security data into a frame; and communicating the frame to a maintenance point. The maintenance point is configured to determine whether a frame is acceptable from the security data of the frame. | 11-05-2009 |
| 20090276831 | Method for logging in to computer information processing apparatus and computer-readable information recording medium - In a method for logging in to a computer, a log-in display is carried out on a terminal unit when the terminal unit is connected to a system management apparatus. A display is carried out to urge to carry out a physical operation when a log-in starting operation is carried out to the terminal unit in response to the log-in display. An operation detection signal is sent when detecting the physical operation carried out to an operating panel. The computer enters a logged-in state when the operation detection signal is detected. | 11-05-2009 |
| 20090282462 | Controlling Access to Documents Using File Locks - Examples are related to systems and methods for controlling access to document files on a document server. One example system includes document files stored on a document server, at least one of the document files referencing a file lock, and a document access processing module. The example document access processing module includes a file sharing processing module that determines a coauthoring status of a software application of a client computer requesting access to the document file, and a file lock processing module that stores one or more file locks and that controls the setting and resetting of file locks. The example document access processing module uses the coauthoring status of the software application and the file lock status of a document file to determine whether a software application is permitted to have write access to the document file. | 11-12-2009 |
| 20090288141 | PRE-EMPTIVE PRE-INDEXING OF SENSITIVE AND VULNERABLE ASSETS - A system and method for identifying sensitive content or indications of vulnerabilities is provided. A local search engine may index content at a data center. Specifications of sensitive data or fingerprints of vulnerabilities may be received from various internal or external sources. Targeted data may include vulnerable software, confidential content, dynamic or static web pages, or application data. Based on searches for targeted data, one or more components may be notified, enabling one or more security actions, including restricting publication of the targeted data. | 11-19-2009 |
| 20090288142 | AUTHENTICATION DETECTION - A device, system, and method are directed towards facilitating a registration of a user for a network service. In one embodiment, a server receives, from a user at a client device, user information including at least one text block. The server analyzes the text block to determine an authenticity value of the user information. The analysis may be based on the length of a lexicon of the text block, the size of a word such as the longest word in the text block, or the number of clauses in the text block. The analysis may be further based on expected values determined by such values in authentic text blocks of a similar nature. Based on the authenticity value, the system may allow the user to access the network service, disallow access to the network, allow conditional access, queue the registration application for further review, or take other actions. | 11-19-2009 |
| 20090288143 | MULTI-FACTOR PASSWORD-AUTHENTICATED KEY EXCHANGE - Apparatus, methods, and computer program products are disclosed that enable a first computer and a second computer to mutually authenticate each other over a network. A first computer sends first authentication evidence to a second computer. The first authentication evidence is used to prove to the second computer that the first computer has access to a first plurality of authentication secrets without exposing the first plurality of authentication secrets. In addition, the second computer sends second authentication evidence to the first computer. The second authentication evidence is used to prove to the first computer that the second computer has access to a second plurality of authentication secrets without exposing the second plurality of authentication secrets. The first plurality of authentication secrets is related to the second plurality of authentication secrets. Thus, the first computer is authenticated to the second computer and the second computer is authenticated to the first computer. | 11-19-2009 |
| 20090288144 | TIME-DEPENDENT WHITE LIST GENERATION - A method is provided to control access to a femto cell. The method includes configuring one or more time-dependent parameters that specify access to a femto cell service. An access control list is employed for the femto cell service, where the access control list utilizes the time-dependent parameters to enable or deny access to the femto cell service. Access is granted to the femto cell service according to the access control list and the time-dependent parameters. | 11-19-2009 |
| 20090288145 | INTERACTIVE CLIENT MANAGEMENT OF A WHITE LIST - System(s) and method(s) provide access management to femtocell service through access control list(s) (e.g., white list(s)). Such white list(s) can be configured via a networked interface which facilitates access management to a femtocell. White list(s) includes a set of subscriber station(s) identifier numbers, codes or tokens, and also can include additional fields for femtocell access management based on desired complexity. Various example aspects such as white list(s) management, maintenance and dissemination; pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided. An access management component can facilitate automatic population of a white list(s) associated with a femtocell and can prompt a communication device detected in the femtocell coverage area to inquire whether the communication device desires to connect to the femtocell, be entered into the white list(s), and access a services associated with the femtocell, on a permanent basis or temporarily for a specified period of time. | 11-19-2009 |
| 20090293103 | FEDERATING TRUST IN A HETEROGENEOUS NETWORK - A check of a processing device is performed. A device may receive a network access request to access a network from a first processing device. A security check may be caused to be performed on the first processing device. Whether to grant the network access request to the first processing device is based on a result of the security check. | 11-26-2009 |
| 20090300719 | SYSTEMS AND METHODS FOR MANAGEMENT OF SECURE DATA IN CLOUD-BASED NETWORK - Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud. | 12-03-2009 |
| 20090300720 | CENTRALIZED ACCOUNT REPUTATION - A centralized account reputation system differentiates between illegitimate users and legitimate users using reputation scores associated with the users' online accounts. The system restricts the access of illegitimate users to certain network services while minimizing its negative effects on legitimate users. The system can manage the life cycle of an online account, considering data about the account that is obtained throughout the account network to compute the online account reputation score and allocating access to network services based on the online account reputation score. For example, a reputation score may be embedded in a security token that can be accessed by multiple services on the account network, so that each service can determine the appropriate level of access to be granted to the associated user account based on the reputation score. Various types of online account behavior over time can improve or diminish the online account's reputation. | 12-03-2009 |
| 20090300721 | Reverse VPN over SSH - A system and method for enabling access to a computer server operating within a private network, in which the computer server is isolated by access restrictions that prevent incoming connections from a public network. In one embodiment, the method includes identifying a remote client operating in a public network outside the private network, initiating a secure communication channel with the remote client, and instructing the remote client to initiate a Point-to-Point Protocol (PPP) session with the computer server via the secure communication channel. | 12-03-2009 |
| 20090307749 | APPARATUS AND METHOD FOR INTELLECTUAL PROPERTY MANAGEMENT AND PROTECTION - Provided is an apparatus and method for intellectual property management and protection (IPMP). The present research provides an interface for confirming IPMP tools and exchanging information and an interface for managing a domain. The IPMP apparatus using a tool for managing and protecting intellectual property of contents and the other tool interacting with the first tool, includes: a tool information extraction unit for detecting information of the second tool based on a request of the first tool; and a tool reference unit for detecting a location of’ the second tool based on a request of the first tool and the extracted information of the second tool. The present research is applied to an IPMP apparatus. | 12-10-2009 |
| 20090307750 | Internet-based access controlled consumption of content and services using client-side credentials - System and methods for controlling access to internet content, comprising: a web-server; a client computer comprising a web-browser, communicating with the web-server over the internet; means for adding at least one characteristic of the client computer user to a web-page request sent from the client computer to the web-server; means for identifying the at least one characteristic of the client computer user; and means for selectively responding to the web page request, based on said at least one characteristic. | 12-10-2009 |
| 20090307751 | PRESERVING SECURITY ASSOCATION IN MACSEC PROTECTED NETWORK THROUGH VLAN MAPPING - According to one general aspect, a method of using a network device may include receiving, via an ingress port, a data packet that includes a payload portion, a source network address and a destination network address. In various embodiments, the method may also include determining if the data packet includes a security tag that includes a role based authentication tag. In some embodiments, the method may include, if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address. | 12-10-2009 |
| 20090307752 | NETWORK DEVICE MANAGEMENT APPARATUS AND CONTROL METHOD THEREOF - A network device management apparatus includes a search unit configured to search for a network device supporting a first communication protocol, an authentication information input unit configured to input authentication information used in communication with the network device using the first communication protocol, an authentication executing unit configured to execute authentication of the network device by using the authentication information, a first checking unit configured to, when the authentication by the authentication executing unit is successful, check whether a second communication protocol different from the first communication protocol is enabled in the network device, and a setting changing unit configured to change a setting of the second communication protocol depending on a result of the checking performed by the first checking unit. | 12-10-2009 |
| 20090307753 | NETWORK ACCESS CONTROL SYSTEM AND METHOD FOR DEVICES CONNECTING TO NETWORK USING REMOTE ACCESS CONTROL METHODS - A system and method for network access control (NAC) of remotely connected devices is disclosed. In embodiments, agents support role mapping and policy-based scanning. Embodiments automatically perform authentication, assessment, authorization, provisioning, and remediation. Capabilities include user authentication, role-based authorization, endpoint compliance, alarms and alerts, audit logs, location-based rules, and policy enforcement. Processes collect information about the user as well as the host being used from sources including, but not limited to, LDAP, the remote access device, and the agent. Once this data has been obtained, embodiments construct a comprehensive model of the host. This model is subsequently used to govern the actual host's network access when it connects to the network. Passive monitoring includes vulnerability scanning to control access rights throughout the duration of the connection. | 12-10-2009 |
| 20090307754 | METHODS, SYSTEMS, AND STORAGE MEDIUMS FOR IMPLEMENTING ISSUE NOTIFICATION AND RESOLUTION ACTIVITIES - Exemplary embodiments include methods, systems, and storage mediums for implementing issue notification and resolution activities. A method includes receiving a request for access to a network service from an end user client system associated with an account. Upon determining an issue is associated with the account, the method includes flagging a user profile for the account to reflect the issue. Flagging accounts includes assigning a unique flag for each type of issue for determining a location for routing the request associated with flagged user profiles. The method also includes redirecting the request for access to a web server of the service provider network. Upon successful resolution of the issue, the method includes providing access to the network service for the end user client system. | 12-10-2009 |
| 20090313679 | PERSONAL TRAVEL ORGANIZER AND ONLINE TRAVELOGUE - A website may allow a user to create an online travelogue to reminisce about his trips, and then serve as a database for future travelers. The website may provide a variety of different templates to help users to organize and document elements of their trips. A user may select a template he prefers to start to create a record of his trip. A template may provide a layout for pictures and information about the flights he took, hotels he stayed at, places he visited, restaurants he went to, people he met, and other activities. The website may automatically abstract the user's flight information from a travel website and fill in the information at places for such information on the template. A user may drag pictures from an online photo management website and drop them on the template. The website may search the Internet according to the information from the user and provide pictures, videos and text for the user to put on the template. The website may allow a user to set his travelogue as public or private/password protected, and may pool the public travelogues together to provide references to later travelers. | 12-17-2009 |
| 20090313680 | MOBILE NETWORK MANAGING APPARATUS AND MOBILE INFORMATION MANAGING APPARATUS FOR CONTROLLING ACCESS REQUESTS - Disclosed is a technique capable of proper execution of access control based on various security policies set by a home user with regards to a packet sent from a visitor node. According to the technique, a MR (Mobile Router) | 12-17-2009 |
| 20090320097 | METHOD FOR CARRYING OUT A DISTRIBUTED SEARCH - An operator provides services to a population of client device, such as mobile communication devices, including search services accessed via an operator portal. A search gateway places a search object, in which user privacy is protected, into a distributed, transactional object (tuple) space. Resolvers monitoring the space read the search descriptors and coordinate an external search to be performed with result objects placed back in the space. The gateway removes the search result objects from the space, matching them with the user search for reporting to a user of the client device. Thereby, an increased amount of content is accessible across a distributed system. | 12-24-2009 |
| 20090320098 | HOSTED NETWORK DEVICE USER INTERFACE - A system and method of hosting a user interface of a network device are provided. A particular method includes receiving a request at a server to display a user interface of the network device, authenticating an end user device to validate an identity of a user, and communicating display information of the user interface of the network device to the end user device for display. The server hosted user interface permits monitoring and interactions with the network device by a user of the end user device. | 12-24-2009 |
| 20090320099 | Content Retrieval - Content retrieval techniques are described. In an implementation, a determination is made as to whether a client is permitted to receive content requested by the client. When the client is permitted to receive the content, a communication is formed to be communicated via a wide area network that includes a hash list having a hash of each of a plurality of blocks of the content, each hash being configured to enable the client to locate a corresponding one of the blocks of the content via a local area network. | 12-24-2009 |
| 20090320100 | HANDLING OF INTEGRITY CHECK FAILURE IN A WIRELESS COMMUNICATION SYSTEM - Handling of integrity check failure in a wireless communication system can safely send the mobile station to the idle mode upon detection of security failure. Alternatively or in addition, attempts to recover from the security failure situation can be enabled without forcing the mobile station to enter idle mode. The mobile station autonomously transitions to idle mode when the integrity check failure is detected a certain threshold number ‘X’ times during a specified period ‘Y’. Whereupon, the mobile station initiates the Radio Resource Control (RRC) connection re-establishment procedure after integrity check failure is detected. In the RRC connection re-establishment procedure, the security parameters are re-initialized to provide a possibility to recover from the failure situation. | 12-24-2009 |
| 20090328145 | METHOD AND APPARATUS FOR MIGRATING A VIRTUAL TPM INSTANCE AND PRESERVING UNIQUENESS AND COMPLETENESS OF THE INSTANCE - A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt. | 12-31-2009 |
| 20090328146 | Method of generating authentication code in digital device - A method of generating an authentication code in a digital device is provided. An ID set in a digital device is read when it is requested to generate an authentication code. It is determined whether the authentication code previously generated based on the ID is stored in the digital device. A new authentication code is generated based on the ID and stored when the authentication code is not stored. A part of the authentication code is displayed. Only the serial number can be displayed in the authentication code. The ID is a unique and fixed value set when the digital device is produced. And, the ID is extracted from an authentication code stored in the digital device and the extracted ID is compared with the read ID so that it is determined whether the authentication code is previously generated or is not generated yet. | 12-31-2009 |
| 20090328147 | EAP BASED CAPABILITY NEGOTIATION AND FACILITATION FOR TUNNELING EAP METHODS - Capability negotiation during a PEAP transaction between two end points in a network is performed by initiating EAP capability negotiation methods. A first end point that desires to use a specific capability during a PEAP transaction initiates capability negotiation method requesting the specific capability. Upon receiving the request for the specific capability, a second end point performs the desired capability if an outer method employed in the PEAP transaction supports the specific capability. If the outer method does not support the desired capability, the receiver responds to the first end point with a negative acknowledgment. In other embodiments, if the outer method does not support the desired capability, the desired capability may still be performed if it is supported by an inner method. In such instances, an inner wrapper method is employed in the PEAP transaction to maintain and perform the capability. | 12-31-2009 |
| 20090328148 | METHOD OF TRUST MANAGEMENT IN WIRELESS SENSOR NETWORKS - The present invention relates to Group-based trust management scheme (GTMS) of wireless sensor networks. GTMS evaluates the trust of a group of sensor nodes in contrast to traditional trust management schemes that always focused on trust values of individual nodes. This approach gives us the benefit of requiring less memory to store trust records at each sensor node in the network. It uses the clustering attributes of wireless sensor networks that drastically reduce the cost associated with trust evaluation of distant nodes. Uniquely it provides not only a mechanism to detect malicious or faulty nodes, but also provides some degree of a prevention mechanism. | 12-31-2009 |
| 20090328149 | METHOD AND SYSTEM FOR MANAGING THE ACCESS AND USE OF ELECTRONIC FORMS - A method and system is provided for authenticating electronic forms prior to download. A Form Administrator may enable authentication requirement for an End User and also select an authentication scheme. The End User will not be allowed access to an electronic form unless authenticated. The invention also includes a method and system for delivering and presenting electronic forms to an End User through a purely browser based application, without requiring the installation of additional software or browser plug-ins. | 12-31-2009 |
| 20090328150 | Progressive Pictorial & Motion Based CAPTCHAs - A CAPTCHA system uses images/pictures and/or motion for granting access to a computing system. The images can be culled from examples used in pictorial games, and can progressively presented to increase the strength of the CAPTCHA challenges. Speech recognition, motion and touch sensing can also be employed as parts of the challenge. | 12-31-2009 |
| 20090328151 | Program, apparatus, and method for access control - In a computer which executes an access control program, an authentication information storage unit stores authentication information. A logical volume acquiring unit acquires a logical volume associating data with storage nodes storing the data, from a predetermined database. In response to an access request to access data, a data access unit identifies a storage node to be accessed, based on the logical volume, and sends the authentication information and a command corresponding to the access request to the identified storage node. | 12-31-2009 |
| 20100005509 | SYSTEM, METHOD AND APPARATUS FOR ELECTRONICALLY PROTECTING DATA AND DIGITAL CONTENT - The present invention provides a system, apparatus and method for protecting sensitive data can be provided using a pre-content manager and a post-content manager. The pre-content manager extracts sensitive or non-sensitive data from a data storage on a client, sends the extracted sensitive data to a server for storage, receives a pointer indicating where the extracted sensitive data has been stored and replaces the sensitive data on the data storage on the client with the pointer. The post content manager receives the sensitive data from the pre-content manager and transmits the sensitive data to one or more media devices. The foregoing can be implemented as a computer program embodied on a computer readable medium wherein the steps are executed by one or more code segments. | 01-07-2010 |
| 20100011414 | MANAGING LOGICAL SOCKETS - Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations. | 01-14-2010 |
| 20100017853 | SYSTEM AND METHOD FOR SELECTING A WEB SERVICE FROM A SERVICE REGISTRY BASED ON AUDIT AND COMPLIANCE QUALITIES - A particular web service is selected based on conformation to a particular degree-of-trust. Information about available web services is requested. Responsive to requesting that information on the particular web service, a list of possible services is presented. The list of possible services includes a plurality of services, each of the plurality having a levels-of-trust assigned thereto. An acceptable web service having an acceptable degree-of-trust can then be selected from the list of possible services. Responsive to selecting the acceptable service from the list of possible services, the acceptable service can be invoked. | 01-21-2010 |
| 20100017854 | IMAGE FORMING APPARATUS, METHOD AND MEDIUM STORING PROGRAM - The image forming apparatus acquires authentication information for authentication of document data and an authentication result. When the result indicates success, the document data is converted and is added with the specific information to specify the authentication apparatus and is stored. The image forming apparatus acquires the specific information from the converted data, transmits the specific information to a destination of the converted data, requests the destination to confirm establishment of a communication path from the destination to the authentication apparatus and transmits the converted data to the destination when receiving information representing establishment. | 01-21-2010 |
| 20100024003 | Method for controlling connection of a peripheral to an access point, corresponding access point and peripheral - The invention concerns a method for controlling connection of a peripheral (T) to an access point (AP) in shared network. It consists in pre-initializing (A) the access point through a local command of that access point, the pre-initializing step enabling at least the access point to be configured to provisionally match the peripheral, simultaneously initializing (B) the access point (AP) and the peripheral (T) through a substantially concurrent local command of the access point respectively of the peripheral, locally measuring and storing the initializing duration (T | 01-28-2010 |
| 20100024004 | METHOD AND SYSTEM FOR SECURING ACCESS TO AN UNSECURE NETWORK UTILIZING A TRANSPARENT IDENTIFICATION MEMBER - A method, system and computer-usable medium for providing secure access to an application over an unsecure network. A transparent identification member can be physically placed by a user against a login interface, the transparent identification member possessing a filter for filtering and displaying a pattern unique to the login interface. Thereafter, the user can be automatically permitted to authenticate an unsecure network and securely access an application over the unsecure network, in response to placing the transparent identification member against the login interface and providing a user input at a physical location on the login interface corresponding to the pattern unique to the login interface, thereby providing a secure authentication for the user to perform secure transactions over the unsecure network and preventing phishing by others with respect to the user and the unsecure network. | 01-28-2010 |
| 20100024005 | METHOD AND APPARATUS FOR PROVIDING IDENTITY MANAGEMENT FOR USERS IN A WEB ENVIRONMENT - An identity management method, apparatus, and computer readable article of manufacture tangibly embodying computer readable instructions for executing the identity management method. The method includes: creating an association table to record a first session ID between the user and the first Web application, a second session ID between the user and the second Web application, and an association of the IDs; sending a session ID request containing the first session ID by the first Web application to a return module; receiving the session ID request and searching by the return module for the associated second session ID in the association table according to the first session ID; and returning the second session ID to the first Web application, thereby providing identity management for a user in a Web environment in which a first Web application accesses a second Web application on behalf of the user. | 01-28-2010 |
| 20100031314 | DISTRIBUTED PICO-CELL MOBILITY - System (PAA-BSS) comprising a plurality of access points (AP), defining a pre authentication area (PAA), the system communicating a list of frequencies relating to the access points of the pre-authentication area (PAA) and information as to the relative position of the access points to the a mobile station seeking pre-authentication before the system. Method of preparing a mobile station for handover between access points, wherein the mobile station associating ( | 02-04-2010 |
| 20100031315 | Systems and methods for protecting against denial of service attacks - Systems and methods utilizing the network layer and/or application layer to provide security in distributed computing systems in order to thwart denial of service attacks. The systems and methods of the present invention utilize puzzles placed at the network layer level and/or application layer level to protect against denial of service attacks. Further, the systems and methods of the present invention advantageously provide a robust and flexible solution to support puzzle issuance at arbitrary points in the network, including end hosts, firewalls, and routers and thereby a defense against denial of service attacks. | 02-04-2010 |
| 20100031316 | SYSTEM ACCESS LOG MONITORING AND REPORTING SYSTEM - A user requests approval from an application server for accessing a program in a managed server. If the access is approved, the application server issues authentication information which includes at least a public key and a private key. The managed server receives command from the user to execute by the program. An original authentication value is computed from the command. The original authentication value is encrypted with the public key. The encrypted original authentication value is stored in association with the command in a log storage. Alteration of the command can be detected by computing a new authentication value from the stored command. The stored encrypted original authentication value is decrypted with the private key to obtain the original authentication value, which is compared with the new authentication value. An alarm is set if the comparison is not satisfied. | 02-04-2010 |
| 20100031317 | SECURE ACCESS - Secure access is provided to a resource hosted in a first domain. A first web server provides access to the resource. A second web server is provided in a second domain for receiving requests from a user for access to the resource. A browser is arranged for authentication and authorization for access to resources in the second domain and for forwarding requests from the user to the second web server. A reverse proxy is provided for publishing, with a resource identifier identifying the second domain, the resource to the second web server. The reverse proxy is arranged to forward to the first web server for access to the resource requests received from the second browser. | 02-04-2010 |
| 20100031318 | DISTRIBUTED DEVICE REVOCATION - In a distributed revocation method, it is individually decided at each of a plurality of autonomous device nodes of a distributed network whether a suspect autonomous device node or suspect distributed key of the distributed network should be removed from the distributed network. A voting session is conducted at which the individual decisions of the plurality of autonomous device nodes are combined to decide whether the suspect autonomous device node or suspect distributed key should be removed from the distributed network. The suspect autonomous device node or suspect distributed key is removed from the distributed network responsive to the voting session deciding in favor of removal. | 02-04-2010 |
| 20100031319 | Secure messaging using caller identification - A method of securing an electronic message from a sender to a recipient comprising the step of restricting access to content of message at a recipient terminal unless an session is opened by transmission of a signal from equipment of the recipient via a second communication channel. | 02-04-2010 |
| 20100037295 | METHOD AND SYSTEM FOR EXCHANGING SECURITY SITUATION INFORMATION BETWEEN MOBILE TERMINALS - In a method for exchanging security situation information between mobile terminals, each of which is connected to a wired/wireless network, security profiles are exchanged between two mobile terminals between which a connection is to be established. The security profiles include security situation information of the mobile terminals, and, each mobile terminal performs a validity check on the received security profile to determine whether security situation of the opponent mobile terminal is trustworthy or not. The connection is established only when the security situations of both mobile terminals are trustworthy. | 02-11-2010 |
| 20100037296 | Client Authentication And Data Management System - Methods and systems for performing an authenticated boot ( | 02-11-2010 |
| 20100037297 | Method and System for Deterring Product Counterfeiting, Diversion and Piracy - A method and system for authenticating goods and thereby detecting and deterring counterfeits are disclosed. According to one aspect of the invention, a client utilizes data received from a host to generate a plurality of security codes and to direct a printing device to print the plurality of security codes on a plurality of products, without retaining the plurality of security codes after the printing device has printed the plurality of security codes on the plurality of products. After the security codes have been printed, a person can communicate the security code to the host, which can verify its authenticity. | 02-11-2010 |
| 20100043058 | SYSTEM AND METHOD FOR FACILITATING USER AUTHENTICATION OF WEB PAGE CONTENT - System and method for facilitating user authentication of web page content are described. In one embodiment, the method comprises receiving a request from a web browser for web page content; and responsive to receipt of the request, providing to the web browser the requested web page content and associated digitally signed content; wherein prior to display of the web page content by the web browser, the digitally signed content is evaluated by a plug-in portion of the web browser to determine whether the digitally signed content is verified, indicating that a provider of the web page content is trustworthy. | 02-18-2010 |
| 20100043059 | Trusted Electronic Communication Through Shared Vulnerability - A method for using shared vulnerability to provide trusted communication services between systems is disclosed. For example, a server may deny access to a service which renders it vulnerable to an untrusted client unless access to a useful vulnerability is received from the client. That is, the server may trust the client because any misuse by the client may result in the server exploiting the shared vulnerability. A system may request access to a service on another system to perform some transaction. Upon receiving this request, the server may determine a vulnerability of the client useful in deterring or stopping unwanted actions. The server may request access to this vulnerability. Once this vulnerability has been granted to the server, the server may then grant access to the requested service to the client. | 02-18-2010 |
| 20100050234 | Provision of Access Information in a Communication Network - A method and apparatus for providing user access information to a Home Subscriber Server (HSS) in an IP Multimedia Subsystem (IMS) network. A User Equipment transmits to a Call Session Control Function (CSCF), a message containing a P-Access-Network-Info (PANI) header. The CSCF or an Application Server then sends user access information retrieved from the PANI header to the HSS, which stores the information. The stored information can be used to control access to the IMS network based on the access network being utilized or the user location. | 02-25-2010 |
| 20100050235 | METHODS AND APPARATUS FOR REDUCING THE EFFECTIVENESS OF CHOSEN LOCATION ATTACKS IN A PEER-TO-PEER OVERLAY NETWORK - Methods and apparatus for reducing the effectiveness of chosen location attacks in a peer-to-peer overlay network. A method includes determining that new node identifiers are to be generated for a plurality of nodes in the network, inputting parameters to a hash function to generate a selected node identifier, and adopting a location in the network associated with the selected node identifier. Another method includes receiving a node identifier associated with a selected node, inputting parameters associated with the selected node to a hash function to generate a corresponding node identifier, comparing the node identifier with the corresponding node identifier, and determining that the selected node is a potential attacker if the node identifiers do not match. Another method includes detecting responsibility for initiating an update to one or more node identifiers, generating parameters to generate the node identifiers, and transmitting the parameters on the network. | 02-25-2010 |
| 20100050236 | QUALITY ASSURED ANALYTICAL TESTING SYSTEM AND METHOD THEREOF - A system and method for quality assured analytical testing is disclosed. A user is prompted by the system questions which relate to an analytical test to be conducted or an analytical instrument to be employed. Input received by the system from the user is evaluated to determine to which degree the inputs are correct. The user is certified if the determined degree is above a preset threshold. Next, the user is prompted by the system for a user identification and if the user is a certified user, access is provided to a testing routine of the analytical instrument. | 02-25-2010 |
| 20100058440 | INTERACTION WITH DESKTOP AND ONLINE CORPUS - A method is disclosed that includes gaining authenticated access to at least one of a restricted network device and a restricted online webpage with an authenticator integrated with a content crawler, wherein the authenticator is configured to obtain authentication data from a user for access to the at least one of the restricted network device and the restricted online webpage; indexing personal content of the at least one of the restricted network device and the restricted online webpage in a database; and enabling the user to search the indexed database based on a search query. | 03-04-2010 |
| 20100058441 | Information processing limitation system and information processing limitation device - This information processing limitation system includes an information processing server computer | 03-04-2010 |
| 20100058442 | METHOD AND SYSTEM FOR ENFORCING SECURITY POLICES IN MANETS - A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusting at least one second network node, distinct from said first network node, with the control of the enforcement of the security policies by the first network node. | 03-04-2010 |
| 20100064344 | Method and device for updating a key - A method for updating a key includes: assigning, by a network, a stipulated specific value to an authentication management field AMF and generating a corresponding authentication tuple, and sending corresponding parameters in the authentication tuple to the terminal when an authentication request is initiated to the terminal, and generating a new authentication key for use in the next authentication; generating, by the terminal, a new authentication key corresponding to the network for use in the next authentication, when the corresponding parameters are received and it is determined that the authentication for the network is passed and the authentication management field in the corresponding parameters is with the predetermined value. According to the method for updating the key according to the invention, the key may be updated conveniently without adding to or modifying the existing signaling resources or the authentication parameters, so that network security may be improved. | 03-11-2010 |
| 20100064345 | Continual Peer Authentication - A method for orchestrating peer authentication during a call (e.g., a telephone call, a conference call between three or more parties, an instant messaging [IM] chat session, etc.) is disclosed. In particular, a user is first authenticated in order to participate in a call (e.g., via entering a password, etc.), and subsequently during the call the user may be peer authenticated. In accordance with the illustrative embodiment, a user who participates in a call might be prompted to authenticate another user on the call based on particular events or user behavior during the call. | 03-11-2010 |
| 20100064346 | Method and Arrangement for Providing a Wireless Mesh Network - The invention relates to a method for providing a wireless local network, wherein stationary communication devices and mobile communication devices are connected in the manner of a mesh as the sub-network, which is particularly connected to an infrastructure network and configured such that it can exchange authentication messages with at least one communication device, which is particularly disposed in the infrastructure network and provides an authentication function. During an attempt to establish a first link by a first communication device connected to a communication device providing the authentication function to a second communication device connected to the communication device providing the authentication function, an authenticator role to be assigned as part of an authentication process is associated with the first and second communication devices, wherein at least one property correlating with the connection is analyzed for meeting a criterion. The invention further relates to an arrangement comprising means for carrying out the method. | 03-11-2010 |
| 20100071033 | AUTHENTICATION COORDINATION SYSTEM, TERMINAL APPARATUS, STORAGE MEDIUM, AUTHENTICATION COORDINATION METHOD, AND AUTHENTICATION COORDINATION PROGRAM - In remotely coupling one terminal apparatus to a server apparatus, if an authentication processing of a user of one terminal apparatus has been already completed, the user can switch one terminal apparatus to another without an additional authentication processing. Authenticated information indicating that the authentication of the user has already been successfully completed is transferred to another terminal apparatus by coordinating the authenticated information between more than one terminal apparatuses. Another terminal apparatus receives a service from the server apparatus using the authenticated information. Upon coordinating the authenticated information among more than one terminal apparatuses, another terminal apparatus to receive the authenticated information may be authenticated. A storage medium which conducts the authentication may be coupled to a terminal apparatus to be authenticated. | 03-18-2010 |
| 20100077447 | Authentication techniques - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner. | 03-25-2010 |
| 20100077448 | USER LEVEL SECURITY FOR AN EMULATED REMOVABLE MASS STORAGE DEVICE - A communication session is established, via a wireless communication link, with a mobile communication device that is connected to a computer system. The mobile communication device is enumerated by the computer system as a locally attached mass storage device. An authentication executable file is sent to the mobile communication device. A response generated by the computer system executing the authentication executable file is received from the mobile communication device. Based on the response generated by the computer system executing the authentication executable file, access to a data file that is stored by a mass storage system via a network is granted. | 03-25-2010 |
| 20100077449 | Calculating multi-tenancy resource requirements and automated tenant dynamic placement in a multi-tenant shared environment - A method for assigning tenants of users to offering instances of an application or middleware includes representing a set of offerings as respective offering instances of the application or middleware available from a server, determining server resource capacity of the server, representing constraints associated with the tenants and the offering instances, generating a mapping of the tenants to the offering instances based on the server resource capacity and constraints, and assigning a tenant to an offering instance according to the mapping, wherein the offering instance is made accessible to the users of the assigned tenant. | 03-25-2010 |
| 20100077450 | PROVIDING SIMPLIFIED INTERNET ACCESS - Aspects of the subject matter described herein relate to providing simplified network access. In aspects, a network access device that controls access to a network is configured to allow communications with a set of specified hosts regardless of whether the requesting user has paid for or authorized payment for the network usage. The user may communicate with such hosts without further configuration, providing payment or other information to the network access device, or the like. If the user attempts to access other hosts, the network access device ensures that the user is authorized (e.g., has paid for, belongs to a partner organization, etc.) before granting the access. | 03-25-2010 |
| 20100077451 | MOBILE TERMINAL, WORKING DEVICE, DATA MANAGEMENT SYSTEM, AND RECORDING MEDIUM - A mobile terminal which communicates with a working-device includes a local connection receiver that locally communicates with the working-device through network, a holder that holds management-object-data and disclosure condition information of the management-object-data, a security specification acquirer that acquires security specification information of the working-device, and a data management contract creator that creates data management contract information of the management-object-data of the working-device. If it is determined that the working-device satisfies the disclosure condition of the management-object-data, based on the security specification information of the working-device receiving the management-object-data and the disclosure condition information of the management-object-data, a management-object-data transmitter transmits the management-object-data with the created data management contract information to the working-device, and a data management record receiver receives the management record of the management-object-data from the working-device, when the working-device is locally re-connected through the local connection receiver. | 03-25-2010 |
| 20100077452 | Wireless System and Method for Managing Logical Documents - A system and method is provided for managing logical documents using a wireless mobile device. The wireless mobile device, which may be a wireless handset, connects to the management system through a wireless communication network such as a public telecommunications provider network. The network has other devices, such as computers, servers, data appliances, or other wireless devices. Selected logical documents from the network devices are associated with the wireless mobile device, and the selected logical documents are targeted to be stored, copied, distributed, or backed up to the wireless mobile device. In a similar manner, logical documents originating on the wireless mobile device may be targeted to be stored, copied, distributed, or backed up on selected network devices. A logical document may be, for example, an XML document, a file, a set of files, a disk drive, or the files on a device. | 03-25-2010 |
| 20100077453 | Wireless System and Method for Managing Logical Documents - A system and method is provided for managing logical documents using a wireless mobile device. The wireless mobile device, which may be a wireless handset, connects to the management system through a wireless communication network such as a public telecommunications provider network. The network has other devices, such as computers, servers, data appliances, or other wireless devices. Selected logical documents from the network devices are associated with the wireless mobile device, and the selected logical documents are targeted to be stored, copied, distributed, or backed up to the wireless mobile device. In a similar manner, logical documents originating on the wireless mobile device may be targeted to be stored, copied, distributed, or backed up on selected network devices. A logical document may be, for example, an XML document, a file, a set of files, a disk drive, or the files on a device. | 03-25-2010 |
| 20100077454 | TRUSTED NETWORK CONNECT METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) method based on tri-element peer authentication is provided, which includes the following steps. Platform integrity information is prepared in advance. An integrity verification requirement is predefined. A network access requestor initiates an access request to a network access controller. The network access controller starts a mutual user authentication process, and performs a tri-element peer authentication protocol with a user authentication serving unit. After the mutual user authentication is successful, a TNC client, a TNC server, and a platform evaluation serving unit implement platform integrity evaluation by using a tri-element peer authentication method. The network access requestor and the network access controller control ports according to recommendations received respectively, so as to implement mutual access control between the access requestor and the access controller. Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, low security, and that platform integrity evaluation is not peer-to-peer are solved by the present invention. Through the method of the present invention, key management and integrity verification mechanisms of the TNC are simplified, and the range of applicability of the TNC is expanded. | 03-25-2010 |
| 20100077455 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM - This invention has as its object to attain strong security and to implement network solutions with high convenience and simplicity with low cost upon providing Web services. To this end, an information processing apparatus according to this invention has the following arrangement. That is, an information processing apparatus ( | 03-25-2010 |
| 20100083350 | METHOD AND SYSTEM FOR ADVERTISING REAL ESTATE OVER THE INTERNET - An Internet-based method and system permits users to list their real estate properties on respective web site pages, edit their pages, and create new pages for additional listings. A feature of the invention provides for opening a domain name file for each new page and for E-mailing a request to register the new domain names. Such web site creation and editing may be made whenever the user wishes by simply accessing a home page, entering a corresponding service function such as editing an existing page or creating a new page. The user can then carry out the selected function from a personal computer over the Internet. The domain name may correspond to a parameter of the property such as its street address. | 04-01-2010 |
| 20100088746 | SECURE EBOOK TECHNIQUES - A computing system for delivering content includes one or more servers communicatively coupled to one or more ebooks. A given ebook may send a request for content at a specified location to a server. The request is received at the server with an identifier of the given ebook and/or user. The server determines if the ebook can access the content at the specified location based on the identifier of the ebook and/or user. If the ebook and/or user are allowed to access the content, the server streams a predetermined portion of the content to the ebook for display to a user. | 04-08-2010 |
| 20100088747 | Identification and Verification of Peripheral Devices Accessing a Secure Network - A system and method for identifying and verifying a client to access a secure network. Timing characteristics are acquired from the client, such as a peripheral device, and further verified and identified via a policy enforcement points and a policy decision points, or a measurer device in the secure network. | 04-08-2010 |
| 20100088748 | Secure peer group network and method thereof by locking a mac address to an entity at physical layer - A system and method of locking media access control (MAC) address of each entity to the entity's identity for formation of a secure peer group is disclosed. The identity of each entity includes at least the public key from the public-private key pair from public key infrastructure (PKI) and the entities' MAC address. Using the unique identifying features a security server links and locks the MAC address of the entity to its identity so that no other entity can identify itself as the owner of that MAC address to the secure server. A group of such entities and secure server with locked MAC addresses form a qualified and verifiable secure peer group enabled to establish a secure LAN. | 04-08-2010 |
| 20100095350 | UNIVERSALLY USABLE HUMAN-INTERACTION PROOF - Disclosed is a system and method for generating a universally usable, completely automated public turing test to tell a computer and a human apart (CAPTCHA). The universally usable CAPTCHA uses contextually related pictures and sounds to present concepts to a user. The pictures allow the CAPTCHA to be used by someone who could see, and the audio would allow the CAPTCHA to be used by someone who could not see. This combination of sound and images should make the CAPTCHA more universally usable for a larger population of users than previously known CAPTCHAs. | 04-15-2010 |
| 20100095351 | METHOD, DEVICE FOR IDENTIFYING SERVICE FLOWS AND METHOD, SYSTEM FOR PROTECTING AGAINST DENY OF SERVICE ATTACK - A method, device for identifying service flows and a method, system for protecting against a denial of service attack are provided. The method for identifying service flows includes: detecting a user access to a target system; dynamically generating a set of user identifier information according to the detected user access to the target system and a preset user access statistical model; when the service flow needs to be identified, extracting the user identifier information from the service flow; comparing the extracted user identifier information with the user identifier information in the set of user identifier information to determine whether they are matched; determining whether the service flow is legal service flow according to the comparison result. | 04-15-2010 |
| 20100095352 | Message Service Indication System and Method - Systems and methods for displaying messages to a user, the messages having different levels of security, are provided herein. One method of displaying to a user messages having different levels of security includes receiving a message over a network includes examining an attribute of the message to determine a security-related level associated with the message. A visual indication for display to a device user is generated by the device. Such visual indication is indicative of the determined security-related level, and is configured to be visible during scrolling through a majority of the message text. | 04-15-2010 |
| 20100100933 | APPARATUS AND METHOD FOR TRANSITIONING ACCESS RIGHTS FOR ROLE-BASED ACCESS CONTROL COMPATIBILIITY - Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table. | 04-22-2010 |
| 20100100934 | SECURITY METHODOLOGY TO PREVENT USER FROM COMPROMISING THROUGHPUT IN A HIGHLY THREADED NETWORK ON A CHIP PROCESSOR - A computer-implemented method, system and computer program product for preventing an untrusted work unit message from compromising throughput in a highly threaded Network On a Chip (NOC) processor are presented. A security message, which is associated with the untrusted work unit message, directs other resources within the NOC to operate in a secure mode while a specified node, within the NOC, executes instructions from the work unit message in a less privileged non-secure mode. Thus, throughput within the NOC is uncompromised due to resources, other than the first node, being protected from the untrusted work unit message. | 04-22-2010 |
| 20100100935 | CONTENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION METHOD AND PROGRAM - A content distribution system. A distribution management and unauthorized operation management device generates a one-time URL by using URL of content information specified by a user terminal and transmits the one-time URL and bandwidth information concerning the content information to the user terminal. A session control server extracts the one-time URL from a session control message transmitted from the user terminal, transmits it to the distribution management and unauthorized operation management device, and establishes a session between the content distribution server and the user terminal according to an authentication result performed by using the one-time URL transmitted from the distribution management and unauthorized operation management device and a correlation result obtained by correlating the bandwidth information contained in the session control message transmitted from the user terminal with the bandwidth information transmitted together with the authentication result from the distribution management and unauthorized operation management device. | 04-22-2010 |
| 20100100936 | Secure Wireless Network Using Radiometric Signatures - A network security system for wireless devices derives a fingerprint from the modulation imperfections of the analog circuitry of the wireless transceivers. These fingerprints may be compared to templates obtained when the wireless devices are initially commissioned in a secure setting and used to augment passwords or other security tools in detecting intruders on the network. | 04-22-2010 |
| 20100100937 | METHOD AND SYSTEM FOR LOCAL SEARCH AND SOCIAL NETWORKING WITH CONTENT VALIDATION - A social networking and local search service validates content including personal information, business information, text, photographs, music, video and/or other media or content. The service provides each member of with the ability to author and share content with the fellow members and visitors. In an embodiment of the invention, if a member claims to be a business owner and provides content for a local business, then the website performs validation functions to authenticate the business information. This allows the website to host only accurate information and allows small businesses to effectively advertise their merchandise. | 04-22-2010 |
| 20100107220 | SECURE CONSULTATION SYSTEM - A secure consultation system is disclosed that enables an owner entity to securely store its most secure and private data such that designated entities of the owner entity and a consultant entity can execute application programs on that data and thus, to consult on the operation and correctness of the application programs and the data. | 04-29-2010 |
| 20100107221 | Network Service Provision Method, Network Device, Network Server and Network - Disclosed is a method of providing a service to a network device from a group of network devices, some but not all of the network devices being subscribed to said service, the method comprising determining which network devices of the group are not subscribed to said service in response to a service request from one of the network devices of said group; querying at least the network devices of the group that are subscribed to said service for permission to at least temporarily share the service with an unsubscribed network device; and at least temporarily providing the service to at least some of the unsubscribed network devices in response to a positive response to said query from at least one of the subscribed network devices. A network, network device and network server that can implement various aspects of this method are also disclosed. | 04-29-2010 |
| 20100107222 | METHOD AND APPARATUS FOR IMPLEMENTING SECURE AND ADAPTIVE PROXIES - Methods and apparatus for implementing common authentication and security policies across applications served over a data transmission network, such as the internet, http or https, are disclosed. The common authentication and security policies are implemented without mandating specific changes to be applied to the applications themselves. An authentication process can be dynamically performed based on different needed security levels. Applications can be graphical (e.g., web) or voice in nature and can use any applicable and available security method. | 04-29-2010 |
| 20100107223 | Network Access Method, System, and Apparatus - A network access method is disclosed. The method includes: by an access authenticator, receiving a Discover message sent by a client, returning a response message, and obtaining first configuration information used by the client during authentication, where the Discover message is used to discover the access authenticator; authenticating the client or interacting with an authentication server (AS) to authenticate the client remotely as an agent of the client; and sending a configuration request message to a configuration server to request second configuration information used by the client during a session after the authentication succeeds. A network access system, an access authentication apparatus and a broadband access device are also disclosed. The present invention can assure the stability of authentication. | 04-29-2010 |
| 20100107224 | Techniques for authenticated posture reporting and associated enforcement of network access - Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional. | 04-29-2010 |
| 20100115584 | INFORMATION PROCESSING SYSTEM - An information processing system includes a client device and a server system. The client device executes an application program as a confidential process for performing processing based on confidential information. When a transmission request asking for transmission of confidential information is generated by the application program being executed, the client device transmits, to the server system, the transmission request and confidential process information indicating that the process in which the transmission request was generated is a confidential process. When the server system receives the transmission request and the confidential process information from the client device, the server system transmits stored confidential information in accordance with the received transmission request. | 05-06-2010 |
| 20100115585 | METHOD AND SYSTEM FOR SECURING A THIRD PARTY COMMUNICATION WITH A HOSTING WEB PAGE - A method and system for securing hosting web pages from malicious third party modules. The method includes uploading a third party module to a hosting web page; validating a proxy API call received from the third party module, wherein the proxy API call includes at least a payload parameter provided by the third party module; generating an engine API call including at least the payload parameter; validating the engine API call; and executing the payload parameter if the engine API call is validated. | 05-06-2010 |
| 20100115586 | MANAGING STORED DATA ON A COMPUTER NETWORK - A method and system for managing stored data on a computer network organizes data into logical volumes, and each logical volume has a friendly name associated with it. A domain controller keeps track of the friendly names of the logical volumes and associates those friendly names with the actual physical paths of the logical volumes. When a client computer on the network wishes to access a logical volume, it sends a look-up request having the friendly name to the domain controller. The domain controller may fulfill the request by sending the path of the logical volume to the client computer. | 05-06-2010 |
| 20100115587 | Authentication system and terminal authentication apparatus - After checking a receiving message appearing on an output device, a network administrator inputs an authentication result to a setting terminal using an input device, such as a keyboard. Upon receiving the authentication result from the network administrator, the setting terminal registers, if the received authentication result is permission to access a network device, a MAC address of a traveling employee's terminal that is the sender of the authentication request in the network device as an access permitted terminal. After the registering in the network device is completed, the setting terminal sends the authentication result indicative of permission to access the network device to the employee's terminal, i.e., the sender of the authentication request. | 05-06-2010 |
| 20100122320 | Secure and Self Monitoring Slot Gaming Network - Among other things, systems and techniques are described for authenticating one or more client devices. A system includes one or more client devices and a server to communicate with the one or more client devices over a network. The server receives a request for network connection from at least one of the client devices. In response to the received request, the server performs authentication of the requesting client device based on at least two factors. The at least two factors includes a transmission control protocol (TCP) header verification to identify a media access control (MAC) address of the requesting client device as an authorized or unauthorized MAC address; and a challenge-reply verification performed based on the TCP header verification. The challenge-reply verification includes sending a challenge message sent to the requesting client device; receiving a reply message from the requesting client device; and identifying the received reply message as a correct or incorrect reply. | 05-13-2010 |
| 20100122321 | SYSTEM AND METHOD FOR AUTHENTICATION FOR WIRELESS EMERGENCY SERVICES - A method of authenticating a user device includes transmitting a request, the request including a query for information, and receiving an identifier, the identifier being associated with one or more authentication mechanisms for obtaining access to emergency services. | 05-13-2010 |
| 20100132015 | APPARATUS AND METHOD FOR PROVIDING SECURITY INFORMATION IN VIRTUAL ENVIRONMENT - An apparatus and method of providing security information in a virtual environment that supports a plurality of operating systems. The plurality of operating systems include at least one secure operating system in which applications whose safety has been verified are installed, and at least one normal operating system in which applications whose safety has been not verified are freely installed. The server operating system may provide security information corresponding to an operating system in which an application executed as foreground is installed, to provide information indicating whether an application is operated in a secure operating system, to a user. | 05-27-2010 |
| 20100138898 | METHOD FOR ACTIVATING VIRTUAL MACHINE, APPARATUS FOR SIMULATING COMPUTING DEVICE AND SUPERVISING DEVICE - A method for activating a virtual machine, an apparatus for simulating a computing device and a device for supervising activation of the apparatus. The method includes: activating a network interface of the virtual machine, and activating other components of the virtual machine, where the network interface of the virtual machine is capable of communicating with the outside world so activation of the other components of the virtual machine can be supervised. The simulation apparatus includes a network interface and an operating system having a security sub-system, where the network interface is configured to be first activated during activation of the simulation apparatus so the network interface can communicate with the outside world, and activation of the other components of the apparatus can be supervised during the activation of the other components of the apparatus. | 06-03-2010 |
| 20100138899 | AUTHENTICATION INTERMEDIARY SERVER, PROGRAM, AUTHENTICATION SYSTEM AND SELECTION METHOD - An authentication server is dynamically changed in consideration of a user's situation, a kind of service used by the user and user's convenience. When a terminal device | 06-03-2010 |
| 20100146588 | MAPPING PROPRIETARY SSL APIS ONTO OPENSSL APIS - Techniques are described for mapping an emulated SSL implementation to, for example, OpenSSL. An exemplary method includes receiving a request to initiate a communication session from an application, running in an emulation environment, with a first SSL API of an emulated SSL implementation running in the emulation environment, sending the request to a communication interface process that is running in a base computing environment, wherein the emulation environment is a process running on the base computing environment, extracting, with the communication interface process, communication session information from the request, calling, with the communication interface process, procedures provided by a second SSL API of an SSL implementation, in accordance with the request, to initiate a communication session with a computing device, wherein the SSL implementation is a program running in the base computing environment, initiating the communication session with the computing device, and transferring data to the computing device. | 06-10-2010 |
| 20100146589 | SYSTEM AND METHOD TO SECURE A COMPUTER SYSTEM BY SELECTIVE CONTROL OF WRITE ACCESS TO A DATA STORAGE MEDIUM - A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation, where the interrogation requests are queued in order manage multiple applications running on the same system. The system can further monitor the activity of unknown processes and continually match the sequence of activity against known malware activity sequences. In the case of a match, the user is warned or the process is blocked. | 06-10-2010 |
| 20100146590 | SYSTEM AND METHOD FOR SECURITY USING ONE-TIME EXECUTION CODE - The present invention relates to a security system, and more particularly, to a security system and method using a one-time execution code in an environment in which a client and a server are connected through a network. The server irregularly generates and transmits the one-time execution code to the client, and the client directly executes the one-time execution code on a memory area and transmits the execution result and deletes the one-time execution code on the memory area. Therefore, the server determines whether or not an error exists in the execution result and can prevent forgery and appropriation of the client by blocking the connection with the client. | 06-10-2010 |
| 20100146591 | CONVERGED ACCESS CONTROL METHOD USING NETWORK ACCESS DEVICE AT PENETRATION NODE OF IP NETWORK OF CONVERGENCE ALL-IP NETWORK - There is provided a converged access control method using a network access device at an edge node of an IP network of a convergence ALL-IP network that performs authentication control, QoS control, traffic control and mobility control in a consistent manner using a network access device located at penetration nodes of an IP network of a convergence ALL-IP network to effectively accommodate a subscriber network in various access environments, thereby ensuring network flexibility and scalability. | 06-10-2010 |
| 20100154032 | System and Method for Classification of Unwanted or Malicious Software Through the Identification of Encrypted Data Communication - A method for identifying malware or unauthorized software communications implemented within a computer infrastructure, the method including detecting an encrypted communication and determining identification data for the encrypted communication. Additionally, the method includes comparing the detected encrypted communication to at least one of a list of applications authorized for encrypted communications using the identification data and a list of authorized destinations of encrypted communications using the identification data. Furthermore, the method includes identifying the detected encrypted communication as an unauthorized encrypted communication in response to a determination that at least one of the detected encrypted communication is from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing and the detected encrypted communication is to an unauthorized destination, which is not on the list of authorized destinations. | 06-17-2010 |
| 20100154033 | METHOD AND NODES FOR SECURING A COMMUNICATION NETWORK - Methods for securing a communication network comprise the steps of: (in a first node) applying at least one security mechanism to a data packet; and setting a security indicator in the data packet upon application of the at least one security mechanism to the data packet; (in a second node) receiving the data packet; determining if a security indicator is present in the received data packet; applying at least one security mechanism to the received data packet upon determining that the security indicator is not present; and refraining from applying security to the received data packet upon determining that the security indicator is present. A mobile node and access node for securing the communication network, comprise respectively a security application module and a security module, and, an input for receiving a data packet; a security detector and a security application module responsive to the security detector. | 06-17-2010 |
| 20100162357 | IMAGE-BASED HUMAN INTERACTIVE PROOFS - This document describes image-based human interactive proofs (HIPs). In some cases these proofs may be used when a browser at a client is used to access resources from a web server. Before access to the resources is enabled, the client can be challenged by the web server with an image-based puzzle. The image-based puzzle is configured to enable distinctions to be made between human input and non-human input. Input to answer the image-based puzzle can be formed via the client and communicated to the web server. The web server receives the input from the client and selectively enables client access to the resources based upon the input. In at least some embodiments, the web server can make use of a community database that stores client answers to image-based puzzles to assist in distinguishing between human input and non-human input. | 06-24-2010 |
| 20100162358 | Media Processing Device For Providing Access To Images In Remote Databases And Method Thereof - Disclosed are a media processing device for providing access to images in a remote database and a method thereof. The media processing device includes an input module, a transceiver module and a user interface module. The input module is configured to receive an input from a user. The transceiver module is communicably coupled to a remote database for transmitting the input to the remote database and receiving one or more images from the remote database based on the input. The user interface module is configured to display at least one image of the one or more images to the user. | 06-24-2010 |
| 20100162359 | NETWORK USER USAGE PROFILING - Methods, systems, devices, and software are disclosed for generating a network usage profile. Certain embodiments of the network usage profile include a devices-by-node profile, indicating the set of customer devices available for use in communicating with a customer-side network node located at a customer side of an access network over a period of time, where some of the customer devices are not in operative communication with the customer-side network node during a portion of that time. Other embodiments associate the network usage profile with customer information to generate device-by-customer profiles. Still other embodiments associate the network usage profile with network traffic information to generate traffic-by-device profiles. Even other embodiments associate the multiple sources and types of information to generate traffic-by-customer profiles and/or traffic-by-device-by-customer profiles. Any of the profiles may then be accessed by one or more parties for use in affecting various network services, including targeting content delivery. | 06-24-2010 |
| 20100162360 | USER AUTHENTICATION APPARATUS AND METHOD FOR SUPPORTING PMIPv6 IN NEXT GENERATION NETWORKS - Provided are a user authentication apparatus and method for supporting PMIPv6 (Proxy Mobile Internet Protocol version 6) in next generation networks. Authentication and mobility signaling protocol can be performed without having an additional signaling process when a mobile terminal moves by extending user profiles of the next generations to support the PMIPv6. | 06-24-2010 |
| 20100162361 | REPLICATING SELECTED SECRETS TO LOCAL DOMAIN CONTROLLERS - A domain controller hierarchy includes one or more hub domain controllers in communication with one or more local domain controllers, such as local domain controllers at a branch office. The hub domain controller(s) is writable, while the local domain controller(s) is typically read-only. Non-secure and secure information is partitioned to specific local domain controllers at the one or more hub domain controllers. The non-secure and secure information is then passed from the hub domain controller only to the local domain controller associated with the given partition at the hub domain controller on request. For example, a user requests a logon at a client computer system at a local branch office, and the logon is passed from the local domain controller to the hub domain controller. If authenticated, the user logon account is passed to the local domain controller, where it can be cached to authenticate subsequent requests. | 06-24-2010 |
| 20100162362 | Enterprise Management of Public Instant Message Communications - Techniques are described that enable enterprise management of public instant message (IM) communications. When a user requests a connection with a public IM service, the connection request is redirected to a gateway server that is associated with a domain specified in the user's user ID. The gateway server acts as a pass through server between the user's IM client application and the public IM service. The gateway server may be configured to log IM communications in which the user participates. The gateway server may also be configured to control whether or not the user is able to participate in point-to-point communications through the user's IM client application. An enterprise routing server may also be implemented in a geo-distributed enterprise to route a redirected public IM connection request to an enterprise IM gateway server based on a geographic location associated with the user. | 06-24-2010 |
| 20100169951 | REMOTE SLIDE PRESENTATION - Techniques for remotely viewing a presentation are disclosed. In accordance with these techniques, a host device executing a presentation application makes a presentation available over a network. In one embodiment, a remote device receives presentation data corresponding to a currently displayed slide of the presentation. The remote device may then display a representation of the currently displayed slide at the remote location. | 07-01-2010 |
| 20100169952 | METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING AN ADAPTIVE AUTHENTICATION SESSION VALIDITY TIME - An apparatus for providing an adaptive authentication session validity time period may include a processor. The processor may be configured to receive an indication of load parameters indicative of authentication rate information, determine, at the service platform, a value defining a validity period for indicating a period of time during which an authentication session validity object is valid based on the received indication of load parameters, and provide the authentication session validity object to a client device. A corresponding method and computer program product are also provided. | 07-01-2010 |
| 20100169953 | CLIENT/SERVER AUTHENTICATION OVER FIBRE CHANNEL - An authentication service to authenticate access requests over a Fibre Channel (FC) network is provided. An authentication request is generated by a client and is sent over the FC network to a server. The request can be a native FC message, such as a CT message. For example, authentication software can generate the native FC message. In another example, authentication software can send a UDP or TCP authentication request, and an application program interface (API) can translate the request into a native FC message, such as a CT message, and send the message over the FC network. In another example, the authentication request can be sent as an encapsulated IP over FC message. For example, an authentication client can communicate using UDP or TCP messages, and an HBA can encapsulate the messages as IP over FC and send the encapsulated messages over the FC network. | 07-01-2010 |
| 20100175107 | SECURE WORKLOAD PARTITIONING IN A SERVER ENVIRONMENT - Generally speaking, systems, methods and computer program products for creating a secure workload partition in a server environment are disclosed. Embodiments of the method may include creating, for a process associated with a client network service, a secure workload partition within a logical partition executing in a server environment having a root partition where the secure workload partition has no network interfaces and no communication with any other workload partitions within the logical partition. Embodiments of the method may also include establishing an alternative network connection for the process within the created secure workload partition without establishing a network interface for the secure workload partition and without establishing communication with any other workload partitions within the logical partition. Embodiments of the method may also include executing the process within the secure workload partition to provide the client network service. | 07-08-2010 |
| 20100175108 | METHOD AND SYSTEM FOR SECURING VIRTUAL MACHINES BY RESTRICTING ACCESS IN CONNECTION WITH A VULNERABILITY AUDIT - A method and system for securing a virtual machine is disclosed. An initiation signal from the host system that is generated upon startup of the virtual machine is intercepted, and a network connection on the host system accessible by the virtual machine is restricted in response. Then, the virtual machine is queried for preexisting vulnerabilities, and such data is received. Access by the virtual machine to the network connection is controlled based upon a comparison of a security policy, which is associated with the virtual machine, to the received preexisting vulnerabilities. | 07-08-2010 |
| 20100175109 | ROUTE OPTIMISATION FOR PROXY MOBILE IP - A method of establishing a route optimisation mode between a mobile node and a correspondent node across a mobile IP network. The method comprises establishing a bi-directional security association between a proxy mobile agent to which the mobile node is attached or to which the mobile node will attach, and the correspondent node. On behalf of the mobile node, the proxy mobile agent performs a reachability test with the correspondent node via a home agent of the mobile node, and sends a binding update to the correspondent node. | 07-08-2010 |
| 20100175110 | PROTECTING A NETWORK FROM UNAUTHORIZED ACCESS - A system to dynamically protect access to a first network receives a data unit containing a source address indicating a source of the data unit. The source address is matched with information stored in the system, and entry of the data unit to the first network is enabled or denied based on the matching. It is determined whether the data unit contains an identifier of a codec type that matches a stored codec type, and occurrence of an attack of the first network is indicated in response to determining that the identifier is of a codec type that does not match the stored codec type. | 07-08-2010 |
| 20100186066 | METHODS AND SYSTEMS FOR FACILITATING PERSONAL DATA PROPAGATION - Methods and systems for facilitating the propagation of personal data are provided. Example embodiments provide a Personal Data Propagation Environment (“PDP environment”), which facilitates the propagation of personal data items between secure personal data stores and various consumers of the personal data items. In one embodiment, the PDP environment includes a personal data manager and a personal data subscriber. The personal data manager manages personal data items on a secure data store associated with a user computing device. The personal data manager provides access to personal data items stored on the secure data store in accordance with a personal data subscription associated with the personal data subscriber. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims. | 07-22-2010 |
| 20100192199 | CREATING AND USING A SPECIFIC USER UNIQUE ID FOR SECURITY LOGIN AUTHENTICATION - A method of monitoring all network login activity, which includes a real-time analysis of intercepting all network login activity, analyzing network login activity, authenticating network login activity and closing (i.e., terminating) those network login connections that are not authenticated to proceed and access the network. | 07-29-2010 |
| 20100192200 | Control program providing method using communication system, center apparatus in communication system, user apparatus in communication system, and program recorded on recording medium in user apparatus - A method includes creating process data which constitutes at least a portion of the control program and describes the execution contents of the communication functions, and parameter data which constitutes a different portion of the control program from the process data portion and is used to describe individual setting information of user in accordance with the process data, in the center apparatus, sending the process data, and the parameter data from the center apparatus to the user apparatus via the communication network, receiving the process data and the parameter data from the center apparatus, then describing input individual setting information in the parameter data to create the control program, in the user apparatus, recording the resulting control program onto a recording medium, and reading the control program from the recording medium and setting the read control program in the communication equipment as requested by the user, in the user apparatus. | 07-29-2010 |
| 20100192201 | Method and Apparatus for Excessive Access Rate Detection - A system and method for protection of Web based applications are described. Anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. Excessive access rates are one type of anomalous traffic that is detected by monitoring a source and determining whether the number of requests that the source generates within a specific time frame is above a threshold. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat. Various responsive actions may be taken in response to detection of an excessive access rate. | 07-29-2010 |
| 20100199325 | SECURITY TECHNIQUES FOR DEVICE ASSISTED SERVICES - Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service. | 08-05-2010 |
| 20100199326 | CONTROLLING WHETHER A NETWORK ENTITY PERFORMS ACCESS CONTROL BASED ON AN INDICATION FROM AN ACCESS POINT - An access point sends an indication or message to a network entity to indicate whether the network entity is to perform access control for an access terminal. In some implementations the indication/message may comprise an explicit indication of whether or not that network entity is to perform the access control. In some implementations, the inclusion of information (e.g., a CSG identifier) in the message or the exclusion of information from the message indicates whether the network entity is to perform the access control. | 08-05-2010 |
| 20100199327 | METHOD AND APPARATUS FOR SHARING CONTENT IN AN INTERNET BROADCASTING SYSTEM - An apparatus and method for sharing content in an Internet broadcasting system that supports broadcasting services using an Internet protocol. The method includes creating, by a bookmark creator, a bookmark for contents, transmitting, by the bookmark creator, the bookmark to a service provider, receiving the bookmark by the service provider, notifying, by the service provider, that the bookmark is updated to a content-sharing party, receiving, by the service provider, a transmission request for the bookmark from the content-sharing party, sending, by the service provider, the bookmark to the content-sharing party, and accessing, by the content-sharing party, the contents by executing the bookmark. | 08-05-2010 |
| 20100199328 | METHOD AND APPARATUS FOR UTILITY COMPUTING IN AD-HOC AND CONFIGURED PEER-TO-PEER NETWORKS - Executing a program structure by leveraging a peer-to-peer network comprises generating a program structure comprising a plurality of program instructions. A first of a plurality of network peers then executes a portion of the program instructions which initiates the execution of code hosted by said first network peer, where said portion comprising fewer than all program instructions. The first network peer then migrates one or more of the program instructions, together with any requisite data, to at least one other of the plurality of network peer. The at least one other network peer then continues execution of the program structure until one or more of the objections of the program structure are achieved. | 08-05-2010 |
| 20100205652 | Methods and Systems for Handling Online Request Based on Information Known to a Service Provider - Methods and systems for handling online requests based on information known to a service provider. One method may comprise: obtaining first information, the first information relating to an online request made using a communication apparatus; using a logical identifier assigned to the communication apparatus to obtain second information, the second information pertaining to a profile associated with the logical identifier; comparing the first information to the second information; and performing an action related to handling of the online request based on a result of the comparing. | 08-12-2010 |
| 20100205653 | PERFORMING INTERACTIVE CONNECTIVITY CHECKS IN A MOBILITY ENVIRONMENT - A network element, method and computer program product is enabled to perform interactive connectivity checks in a mobility environment. Specifically, a network element comprises a discovery unit configured to identify a candidate defined as a combination of an internet protocol address and a port which the network element can use to communicate with a particular other network element. The network further comprises a mobile internet protocol signaling unit configured to submit a candidate identified by the discovery unit and to receive a candidate related to the other network element, and a simple traversal underneath network address translators protocol enabled unit configured to perform a connectivity check for a pair constituted by the submitted candidate and the received candidate by using the simple traversal underneath network address translators protocol. | 08-12-2010 |
| 20100211991 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device including a flow definition memory unit configured to store flow definition information in which a process flow of image data read by an image reading unit is defined, and an authentication screen generating unit configured to determine plural processing units that execute a part of the process flow based on the flow definition information, acquire item information indicative of items of authentication information corresponding to a part or all of the plural processing units which require authentication from the part or all of the plural processing units which require the authentication, and generate authentication screen definition information used for displaying an authentication screen integrating and showing the item information. | 08-19-2010 |
| 20100211992 | DATA SECURITY APPARATUS - A data security apparatus fragments original data into a plurality of data, blocks the fragmented data, and distributes and stores the blocked data over and in respective storage medium. The data security apparatus includes a storage having a first block, into which original data of a file is fragmented and blocked, distributed and stored, a security storage medium having a second block, into which the original data is fragmented and blocked, distributed and stored, and a distributed storage management module performing data interface among the storage, the security medium, and an operating system (OS) system, fragmenting and blocking the original data, and distributing and storing the blocked data over and in the storage and the security storage medium. | 08-19-2010 |
| 20100211993 | METHOD AND APPARATUS FOR PACKET DATA SERVICE DISCOVERY - A method and device for packet data service discovery are described. A mobile device memory stores a packet data services blacklist and a historical blacklist. The packet data services blacklist identifies wireless networks that do not provide packet data services to the mobile device. The packet data services blacklist is based on previous packet data service authentication rejections, is distinct from a voice services blacklist, and is updated in response to newly received packet data service authentication information. The historical blacklist is distinct from the packet data services blacklist and the voice services blacklist. The historical blacklist identifies wireless networks that are no longer in the packet data services blacklist and were once in the packet data services blacklist within a particular time period. No advance knowledge of data services roaming agreements is required, and unnecessary network access can be avoided, which in turn saves network resources and capacity. | 08-19-2010 |
| 20100211994 | User Management System, User Management Method, Information Recording Medium and User Management Program - In order to properly transmit a notification of prompting a user who has not logged in a network communication game or an SNS for a long time to that user, a terminal device ( | 08-19-2010 |
| 20100218236 | METHOD AND APPARATUS TO ESTABLISH ROUTES BASED ON THE TRUST SCORES OF ROUTERS WITHIN AN IP ROUTING DOMAIN - A router includes a management module and a routing module. The routing module can be used to route data around a network. The management module can be used to manage the operation of the routing module, including generating an integrity report for the router, which can be used to generate a trust report for the router. The trust report can include an integrity/trust score for the router. The management module can control the routing module via a secure control interface. | 08-26-2010 |
| 20100223656 | TRUSTED ENTITY BASED ANTI-CHEATING MECHANISM - An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software intended to allow cheating or undesirable user behavior. | 09-02-2010 |
| 20100223657 | METHOD AND SYSTEM FOR INCLUDING NETWORK SECURITY INFORMATION IN A FRAME - A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security. | 09-02-2010 |
| 20100229214 | METHOD AND NODE FOR COMMUNICATIONS ENHANCED WITH TEMPORARY SHARING OF PERSONAL INFORMATION IN A COMMUNICATION NETWORK - A node and method for temporarily sharing personal information, in a communication network, between at least first and second nodes comprise establishing a communication session, through a session module, between the at least first and second nodes; receiving a permission to access the personal information, through a permission module; and retrieving the personal information upon receiving the access permission, through an information module. Also, prior to establishment of the communication session, the at least first and second nodes have no authorization relationship established therebetween and when the established communication session is terminated, the access permission to the personal information is also terminated. | 09-09-2010 |
| 20100229215 | RECEPTION APPARATUS - A reception apparatus in accordance with the present invention is provided with a reception unit ( | 09-09-2010 |
| 20100229216 | WIRELESS CONNECTION DEVICE - A wireless connection device includes a unit to perform communications with another wireless connection device; a unit to transmit a wireless device guide packet to a wireless device and to accept an access request from said wireless device; and a control unit that includes a unit to receive a proxy request containing identifying information for identifying another wireless connection device when in wireless communications from said another wireless connection device; a packet generating unit to generate a proxy packet as a substitute for the wireless device guide packet sent from said another wireless connection device serving as a sender of this wireless device guide packet by use of the received identifying information; a unit to transmit the proxy packet via said wireless communication unit; a unit to accept a request for the connection to said wireless network system from said wireless device; and a forwarding unit to forward the connection request to said another wireless connect ion device when the accepted connection request is a connection request addressed to said another wireless connection device. | 09-09-2010 |
| 20100235881 | Enabling Sharing of Mobile Communication Device - Various exemplary user interfaces, methods and computer program products describe enabling sharing of mobile communication devices. This process utilizes a shared mode for an owner of the mobile communication device to create a virtual environment for a borrower of the mobile communication device, which allows content information (e.g., certain applications and files) to be accessible and visual to the borrower. The process allows an owner of the mobile communication device to track and to manage data created or changed by the borrower. The owner may accept or reject the changes made in the content information. Furthermore, the process conceals non-shared resources to the borrower. | 09-16-2010 |
| 20100235882 | METHOD AND SYSTEM FOR USING TOKENS IN A TRANSACTION HANDLING SYSTEM - A method and system for using tokens in a transaction handling system comprising receiving at least one token transmitted from a sending device, the at least one token having a user-defined value and a plurality of data fields, locking the at least one transmitted token from a receiving device and redeeming from the receiving device the user-defined value of the locked at least one transmitted token. | 09-16-2010 |
| 20100235883 | INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - A mechanism for ensuring security even when there is a possibility that an information processing apparatus capable of being operated from an external device via a network is connected to a global network. An information processing apparatus has a NIC section for connection a network, and can be remotely operated from an external device connected to the network. A CPU determines whether the network to which the NIC section is connected is a local network. If it is determined that the network to which the NIC is connected is not a local network, the CPU restrict remote operation from the external device. | 09-16-2010 |
| 20100235884 | Communication system and method, information processing terminal and method, and information processing device and method - The present invention relates to a communication system and method, an information processing terminal and method, and an information processing device and method which enable simple and secure restricted access. When a PDA | 09-16-2010 |
| 20100242087 | DISPLAY DATA TRANSMISSION DEVICE AND METHOD THEREOF - A display data transmission device includes a security level data acquisition unit configured to acquire security level data about a security level of a display device connected through a network, and a display data transmission unit configured to transmit display data created in a format corresponding to the security level data acquired by the security level data acquisition unit. | 09-23-2010 |
| 20100242088 | COMPUTER SECURITY LOCK DOWN METHODS - Embodiments of the present invention extend the enforcement of computer security policies by blocking device access as well as network access. In some embodiments, communications with external devices are blocked upon discovery that some aspect of the client computing facility is out of compliance vis-à-vis a security policy. | 09-23-2010 |
| 20100242089 | PRIVACY CONTROL BETWEEN MOBILE AND HOME NETWORK BASE STATION - A method, a mobile system, and a home network base station are disclosed. A network operator server | 09-23-2010 |
| 20100242090 | USER AUTHENTICATION METHOD AND SYSTEM - A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results. | 09-23-2010 |
| 20100242091 | NETWORK VIDEO MESSAGING - Embodiments related to network video messaging are disclosed. One disclosed embodiment provides a method that comprises receiving a video message from a client application of a source client; associating a navigation link with the video message; transmitting a notification message to the recipient client including the navigation link; receiving a retrieval request from the recipient client to access the video content via the navigation link; and transmitting the video content to the recipient client responsive to receiving the retrieval request by providing a persistent download of the video content from the storage server if the download condition indicates that a persistent download of the video content is permissible; and providing a transient download of the video content to the recipient client while prohibiting a persistent download of the video content if the download condition indicates that a persistent download of the video content is not permissible. | 09-23-2010 |
| 20100242092 | SYSTEMS AND METHODS FOR SELECTING AN AUTHENTICATION VIRTUAL SERVER FROM A PLURALITY OF VIRTUAL SERVERS - The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server. | 09-23-2010 |
| 20100242093 | INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE FOR HIGH-AVAILABILITY APPLICATIONS - Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system. | 09-23-2010 |
| 20100251330 | Optimized relaying of secure network entry of small base stations and access points - A method, apparatus, and computer program product, are provided to receive an authentication message initiated by a network access request to access a connectivity network. The authentication message may include a first communication protocol that is converted into at least one additional different protocol, and forwarded to an authentication function of a gateway of an access network prior to the authentication message being forwarded to the connectivity network. | 09-30-2010 |
| 20100251331 | Method and Apparatus for Accessing Heterogeneous Networks via Wireless Local Area Network - A method and an apparatus for accessing heterogeneous networks via a Wireless Local Area Network (WLAN) are disclosed. The method includes receiving an access request from a WLAN terminal or a portal/policy server; determining a target network that the terminal needs to access according to the access request; converting the access request according to the format of a target network transmission protocol; sending the converted access request to the target network; and receiving an authentication result from the target network, and sending the authentication result to the terminal. | 09-30-2010 |
| 20100251332 | METHOD AND APPARATUS FOR ESTABLISHING SESSION CONNECTION FOR PREPAYMENT USER - Methods and Apparatus for implementing a prepayment service in a NGN environment are provided. At a terminal, authentication information of a user is collected at one time and stored locally, such that all the required authentication information can be extracted from a local storage device. Accordingly, at an application server, all the authentication information can be received in a single message, without need for several interactions. As such, the authentication process required for the prepayment service can be perform in one interaction, which greatly facilitates user operation, and provides improved system efficiency and reduced cost. | 09-30-2010 |
| 20100251333 | SERVER, AUTHENTICATION SERVER, CONTENT DELIVERY SYSTEM, AND PROGRAM - A service provider server has management means which manages a user ID corresponding to a service user and a device IDs corresponding to an information processing terminals of the service user in association with each other. | 09-30-2010 |
| 20100251334 | TRUSTED NETWORK ACCESS CONTROL SYSTEM BASED TERNARY EQUAL IDENTIFICATION - A trusted network access control system based on ternary equal identification is provided. The system includes access requestor AR, access controller AC and policy manager PM as well as the protocol interface among them. The protocol interface between the AR and AC includes a trusted network transmission interface (IF-TNT) and IF-TNACCS interface between TNAC client and TNAC server. The protocol interface between the AC and PM includes an identification policy service interface IF-APS, evaluation policy service interface IF-EPS and a trust measurement interface IF-TM. The protocol interface between the AR and PM includes a trust measurement interface IF-TM. | 09-30-2010 |
| 20100251335 | POLICY BASED NETWORK ADDRESS TRANSLATION - A system and method is described for providing policy-based Network Address Translation (NAT) configurations wherein each user/resource policy within a network protection device may use a different set of address translation mappings. | 09-30-2010 |
| 20100263022 | Systems and Methods for Enhanced Smartclient Support - Exemplary systems and methods for enhanced smartclient support are provided. In various embodiments, a method comprises receiving, by a digital device, an authentication reply message associated with a wireless network, the authentication reply message indicating whether authentication is successful and indicating whether the digital device has been granted access to the wireless network, identifying, with the digital device, a URL message within the authentication reply message, and displaying content from a URL of the URL message on the digital device. | 10-14-2010 |
| 20100263023 | TRUSTED NETWORK ACCESS CONTROLLING METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network access controlling method based upon tri-element peer authentication comprises: Firstly initializing creditability collectors and a creditability verifier; then carrying out a tri-element peer authentication protocol among a network access requester, a network access controller and an authentication strategy server in a network access control layer to realize bi-directional user authentication between the access requester and the access controller; When authentication is successful or the locale strategy requires to carry out a when a platform creditability evaluation process, the TNC terminal, TNC server and evaluation strategy server in a trusted platform evaluation layer performing the tri-element peer authentication protocol to realize bi-directional platform creditability authentication between the access requester and the access controller; Finally the access requester and the access controller controlling ports according to the recommendation generated by the TNAC client terminal and the TNAC service terminal. The invention solves the technical problem about poor expandability in background, and further solves the problem about complex key negotiation and relatively low safety. | 10-14-2010 |
| 20100269152 | METHOD AND SYSTEM FOR RENDERING COMPOSITE VIEW OF AN APPLICATION - Examples of systems and methods are provided for rendering a composite view of an application. A system may display a local graphical user interface (GUI) and a remote application view associated with a remote application running at a remote server. The system may provide a message directed to a remote server to launch a remote application at the remote server. The system may receive a configuration file from the remote server. The system may register a GUI event listed in the configuration file. The system may display a local GUI based on the configuration file. The system may receive display output data of the remote application running on the remote server. The system may render a composite view including the local GUI based on the configuration file and a remote application view based on the display output data. | 10-21-2010 |
| 20100269153 | TERMINAL SYSTEM FOR GUARANTEEING AUTHENTICITY, TERMINAL, AND TERMINAL MANAGEMENT SERVER - In a terminal system for managing terminals coupled to a network, a terminal management server includes: a terminal information registration module for registering, in advance, information unique to each user of the terminal; an authentication module for executing authentication by comparing an ID and authentication information which are contained in an authentication request received from the terminal to user information set in advance; an authenticity determination module for determining, based on a predetermined investigation result received from the terminal, whether or not the terminal suffers falsification; and a unique information transmission module for transmitting, when the authentication is successful, and when the authenticity determination module has determined that the terminal does not suffer the falsification, the information unique to the each user to the terminal. The terminal outputs the information unique to the each user received from the terminal management server to a display unit. | 10-21-2010 |
| 20100269154 | METHOD OF COMMUNCIATING STATE INFORMATION BETWEEN A SERVER AND A MOBILE DEVICE BROWSER WITH VERSION HANDLING - A method for communicating state information between a server and a mobile device browser with version handling includes: providing a control channel between the server and mobile device browser; transmitting at least one message from the mobile device browser to the server over the control channel indicative of browsing-related state data, wherein the at least one message includes an XML-encoded document and a protocol version value identifying a version of Document Type Definition (DTD) against which to validate the XML-encoded document; and regulating subsequent transmission of data from the server to the mobile device browser based on the at least one message. | 10-21-2010 |
| 20100269155 | Method and Apparatus for Registering Auto-Configured Network Addresses Based On Connection Authentication - A method and apparatus for registering auto-configured network addresses includes receiving first data at a networking device connected to a host at a physical connection. The first data is received from a first server and indicates authentication information associated with the host. A first message is received at the networking device from the host. The first message requests configuration information and includes a logical network address for the host determined at least in part by the host. A second message is generated based on the first message and the first data. The second message is sent to a second server that registers the host by associating the logical network address with the first data. | 10-21-2010 |
| 20100275244 | ENTERPRISE WIRELESS LOCAL AREA NETWORK SWITCHING SYSTEM - A process of controlling a flow of data in a wireless network providing wireless access to the wireless network by wireless devices is disclosed. Data is received from a wireless device by a network device, through one access point of a plurality of access points in communication with the network device, indicating a client identifier for the wireless device. The client identifier is forwarded to an authentication server and the network device mediated authentication of the wireless device with the authentication server. Thereafter, data packets received from portions of the wireless network and from the plurality of access points are evaluated and the received data packets are passed to portions of the wireless network and to the plurality of access points, based on the evaluation of the received data packets. In addition, the network device periodically polls for a status of the wireless device from the access point. | 10-28-2010 |
| 20100281518 | SYSTEM AND METHOD FOR SEPARATING CONTROL OF A NETWORK INTERFACE DEVICE - A system and method for separating control of a network interface device. A portion of a network interface device (NID) is partitioned for utilization by a user. Permissions are established for management of the partitioned portion of the NID. The permissions including permissions that deny a service provider access to the partitioned portion. Access is granted for the service provider to manage the partitioned portion of the NID. Activities performed by the service provider in the partitioned portion of the NID are logged in response to granting access to the service provider and the permissions denying the service provider access. | 11-04-2010 |
| 20100281519 | PROACTIVE AUTHENTICATION - A system for proactively authenticating includes a server having media independent access functions including media independent authentication functions that authenticates other entities attached via an interface to an end of a link specific to a media. A plurality of heterogeneous networks each having media specific access functions including authentication functions corresponding to the other entities attached via the interface to the end of the link specific to the media and mobile devices connected to the plurality of heterogeneous networks, and the server having predefined media independent handover protocols and media independent handover identities based on the media independent functions related to handover, in which the server authenticates candidate access networks prior to the handover of the mobile devices from serving access networks to the candidate access networks each of which belonging to the plurality of heterogeneous access networks having the link specific to the media. | 11-04-2010 |
| 20100281520 | ATTRIBUTE INFORMATION AUTHENTICATION APPARATUS, ATTRIBUTE INFORMATION AUTHENTICATION METHOD, AND STORAGE MEDIUM FOR STORING COMPUTER PROGRAM - A present server transmits to a second user terminal attribute information authentication request information for requesting authentication of attribute information registered by a first user when a predetermined request is received from a first user terminal. Also, the server registers authenticated information in association with the attribute information of the first user when the authentication information, which indicates that the attribute information registered by the first user has been authenticated, has been received. When a request is made to view the attribute information of the first user, the existence of the authenticated information is determined, and if the authenticated information is registered, attribute authentication display information is generated and transmitted so as to be visually and identifiably displayed on the user terminal to indicate that authenticated information exists. | 11-04-2010 |
| 20100281521 | AUTHENTICATION SYSTEM, AUTHENTICATION DEVICE AND RECORDING MEDIUM - An authentication system includes node devices, wherein a first node device transmits the authentication information thereof to a second node device, the second node device selects third node devices that are requested to verify the validity of the received authentication information, and transmits the authentication information to each of the selected third node devices, the third node device records verification information that is used to verify the validity of the authentication information of the first node device, verifies the validity of the authentication information on the basis of the authentication information and verification information, and transmits the result information to the second node device, and the second node device further derives weighted values indicating the reliability of the each verification of the third node devices and authenticates the first node device on the basis of the each result information and the each weighted value received from the third node devices. | 11-04-2010 |
| 20100293596 | METHOD OF AUTOMATICALLY DEFINING AND MONITORING INTERNAL NETWORK CONNECTIONS - A method of defining network connection policies, deploying the network connection policies and monitoring all network connections, including an automated real-time analysis and intercepting all connections, and determining whether those network connections are private access connections, or public access connections. If the public access connections are unauthorized, terminating the public access connections in communications port for authorized connections. | 11-18-2010 |
| 20100293597 | CONTENT TRANSMISSION DEVICE, PROGRAM, TRANSMISSION CONTROL METHOD, AND CONTENT TRANSMISSION SYSTEM - Provided is a content transmission device, including an input section in which a boundary between a parental level on content data restricted to be viewed and a parental level on content data allowed to be viewed for each of the reproducing devices, and a restriction time slot are input, a storage section in which the content data, the boundary and the restriction time slot are recorded, a transmitting section that transmits the content data to the reproduction device, a judgment section that determines whether the parental level on the content data is higher than the boundary of the reproduction device and the current time is within a restriction time slot of the reproduction device, and a control section that controls so that the content data being a determination object is not to be transmitted from the transmitting section to the reproduction device depending on the determination result. | 11-18-2010 |
| 20100293598 | METHOD AND SYSTEM FOR USE IN COORDINATING MULTIMEDIA DEVICES - Some embodiments of the present invention provide methods for use in playing back content. Some of these methods access a content package comprising media content to be locally played back; detect, as defined by the content package, whether a remote secondary device is available with which a connection can be established; determine whether an authorization to establish the connection has been confirmed; establish, when the authorization is confirmed, a communication connection; determine, as instructed by the content package and when the communication with the secondary device is established, whether one or more commands are received from the secondary device; and implement, as instructed by the content package and when it is determined that the one or more commands are received from the secondary device, the one or more commands in controlling playback experience of the media content. | 11-18-2010 |
| 20100293599 | Systems and Methods for Controlled Transmittance in a Telecommunication System - Systems and methods for authenticating digital assets in relation to a telecommunications network. In various cases, the systems include a network interface device associated with a customer premises. The network interface device includes a local authentication authority operable to authenticate one or more digital assets maintained in relation to the customer premises. In some cases, a global authentication authority can authenticate the network interface device, and implicitly authenticate the one or more digital assets. Many other cases and/or embodiments are disclosed herein. | 11-18-2010 |
| 20100299719 | Remote Verification for Configuration Updates - In various embodiments, a control client is configured to determine whether or not the most current configuration profile has been installed within a corresponding mobile device. In particular embodiments, the client is configured to store its own copy of a configuration profile and to compare its copy with the most current configuration profile generated by a device management system as well as to the configuration profile currently installed and applied by a configuration manager within the mobile device. Each configuration profile includes an embedded verification token that facilitates this process. Furthermore, the client may be configured to inform the device management system as to whether or not the current configuration profile has been installed. The device management system may govern enterprise access by the mobile device based on whether or not the current configuration profile has been installed. | 11-25-2010 |
| 20100299720 | METHOD AND APPARATUS FOR CONVENIENT CONNECTING AND DISCONNECTING OF INTERNET FROM A COMPUTER - The present invention discloses a convenient method for easily disconnecting and connecting internet to/from a computer. Instead of plugging and unplugging the physical cable that connects to the internet, a facility is invented to conveniently connect and disconnect internet using a switch on an internet cable or a convenient switch on the keyboard or monitor/display or the computer housing/box itself. Instead of pressing a switch, a key or swipe card can be used to activate the switch. Alternately the internet connection can be activated by opening a browser. The invention can be integrated into the browser to disable the internet connection during periods of inactivity. The key or swipe card can additionally be used to implement access restrictions, for instance controlling hours of access or disallowed sites for a child. | 11-25-2010 |
| 20100299721 | Security management program, security management method, and portable terminal device - A security management program stored in a computer-readable recording medium causes a computer to perform the following steps (1) to (4). (1) A security manager authenticates an authentication target with a prepared authentication method in response to a login request from the authentication target. (2) An application execution unit outputs an authentication request in response to an application execution request which is output from the security manager after the authentication succeeds. (3) A database access unit authenticates the authentication target with the authentication method in response to the authentication request. (4) In response to a database access request from the application execution unit, the database access unit accesses a database in a portable terminal device depending on the authentication performed by the database access unit. | 11-25-2010 |
| 20100299722 | Secure Content Delivery System - A secure streaming content delivery system provides a plurality of content servers connected to a network that host customer content that can be cached and/or stored, e.g., images, video, text, and/or software. The content servers respond to requests for customer content from users. The invention load balances user requests for cached customer content to the appropriate content server. A user makes a request to a customer's server/authorization server for delivery of the customer's content. The authorization server checks if the user is authorized to view the requested content. If the user is authorized, then the authorization server generates a hash value using the authorization server's secret key, the current time, a time-to-live value, and any other information that the customer has configured, and embeds it into the URL which is passed to the user. A content server receives a URL request from the user for customer content cached on the content server. The request is verified by the content server creating its own hash value using the customer server's secret key, the current time, a time-to-live value, and any other related information configured for the customer. If the hash value from the URL matches the content server's generated hash value, then the user's request is valid and within the expiration time period and the content server delivers the requested content to the user. | 11-25-2010 |
| 20100306820 | CONTROL OF MESSAGE TO BE TRANSMITTED FROM AN EMITTER DOMAIN TO A RECIPIENT DOMAIN - For controlling a message to be transmitted by a sender linked to a sender domain, from a terminal connected to an emitter domain to at least one recipient linked to a recipient domain, the emitter domain requests an authentication of the sender of the message by the sender domain. In response to a first request transmitted from the emitter domain, the recipient domain transmits a second request to the sender domain that transmits it to the emitter domain if data previously transmitted from the sender domain to the emitter domain are identical to data contained in the second request. The emitter domain transmits a response to the recipient domain so that the recipient domain receives the message from the emitter domain and transmits it to a recipient having accepted the message. | 12-02-2010 |
| 20100306821 | ACCOUNT-RECOVERY TECHNIQUE - Embodiments of a computer system, a method, and a computer-program product (e.g., software) for use with the computer system are described. These embodiments may be used to evaluate a user request to regain control of an online account. For example, the user request may be submitted online using a web page, and may include information that establishes the user's identity or that substantiates that the user is the owner of the online account, such as a history of recent activities associated with the online account. This information may be evaluated by comparing it to stored information associated with the online account, such as a stored history of recent activities or one or more locations of a registered user when the registered user previously accessed the online account. After evaluating the user request, remedial action may be performed. | 12-02-2010 |
| 20100306822 | Communication System, Line Providing Apparatus And Communication Method - A line providing apparatus has an acceptance processor accepting a line use request from the terminal apparatus, a contract determiner determines a state of conclusion of a first contract, a second contract or a combined contract obtained by substantially combining the first contract and the second contract at the terminal apparatus which is a source of the line use request accepted by the acceptance processor, and an assistance processor performing an assisting process for conclusion of a contract found not to be concluded according to a result of determination on the state of conclusion of the first contract, the second contract or the combined contract by the contract determiner, whereby the user of the terminal apparatus which does not yet conclude can sign the contract for the communication service or the information providing service through the terminal apparatus. | 12-02-2010 |
| 20100313243 | DIGITAL SOCIAL NETWORK TRUST PROPAGATION - A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications. | 12-09-2010 |
| 20100319052 | DYNAMIC CONTENT PREFERENCE AND BEHAVIOR SHARING BETWEEN COMPUTING DEVICES - A remote user persona is received at a computing device. The computing device includes a local user persona having a plurality of subsets relating to preferences of a user of the computing device. The remote user persona is synchronized with the local user persona at the computing device and, accordingly, the behavior of the computing device is adjusted. | 12-16-2010 |
| 20100325695 | CONTENT DELIVERY SERVER, CONTENT PROVIDING SERVER, CONTENT DELIVERY SYSTEM, CONTENT DELIVERY METHOD, CONTENT PROVIDING METHOD, TERMINAL DEVICE, CONTROL PROGRAM, AND COMPUTER-READABLE STORAGE MEDIUM - A foreign gateway (FGW) ( | 12-23-2010 |
| 20100325696 | SYSTEM FOR AUTHENTICATION OF CONFIDENCE LINK AND METHOD FOR AUTHENTICATION AND INDICATING AUTHENTICATION THEREOF - In a certified link authentication system, a terminal parses a web page and extracts markup information for a certified link. In addition, the terminal transmits the extracted markup information to a certified link authentication server. The certified link authentication server authenticates the certified link from the markup information of the certified link transmitted from the terminal, and transmits an authentication result to the terminal. The terminal marks the authenticated certified link with a certified mark, renders the web page, and displays it to the user. | 12-23-2010 |
| 20100325697 | MULTILAYER ACCESS CONTROL SECURITY SYSTEM - A computer-based system provides secure, configurable access to computer network resources. A human-readable language is provided for defining access policy rules. Rules in this language are converted in an automated fashion into filters applied within the various subsystems and components in a multi-layer security system. Network users are authenticated by an access control security system that obtains basic information about that user. Based on the user ID, a set of abstract policies can be retrieved. The retrieved policies are associated with the user and the groups associated with that user. Based on the retrieved rules, a set of rules for multiple layers of the network are generated and applied to those subsystems. Two or more of the subsystems may be placed in series with different types of processing occurring in each of the subsystems, reducing the workload of subsequent subsystems. | 12-23-2010 |
| 20100333174 | METHOD AND APPARATUS FOR SOFTWARE DOWNLOADS IN A NETWORK - Files associated with the operation of gateway and client devices in a network may be downloaded with minimal operator intervention. Accordingly, a method includes receiving data including a first file, a first authentication element, and a second authentication element, the first authentication element being unique to a client device associated with the gateway device. The method also includes determining if the second authentication element is valid for the gateway device and storing the first authentication element and the second file for the client device if the second authentication element is valid for the gateway device. An apparatus includes a receiver that receives data, a processor that determines if the second authentication element is valid for the gateway device, and a memory that stores the first authentication element and a portion of the data for the client device if the second authentication element is valid for the gateway device. | 12-30-2010 |
| 20100333175 | Smart Net System and Method of Use - The smart net system has a smart net controller and one or more computers each with a smart net key. The smart net keys spawn a smart window on each computer and communicate wirelessly with the smart net controller. Via the smart net key, computer users can transmit presentations to a video display or projector attached to the smart net controller and/or communicates with other electronic devices connected to the smart net system. Data such as files, presentations, or instant messages can be shared among users by way of the smart window. The need for sharing a video cable or a computer or printing up handouts for distribution is reduced or eliminated. The efficiency of conferences, lectures, classes and workgroups is increased. Smart net for the small office provides network like communications without the traditional networking hardware allowing communications between computers without allowing computers access to each other's information. | 12-30-2010 |
| 20100333176 | Enabling Dynamic Authentication With Different Protocols on the Same Port for a Switch - The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like. | 12-30-2010 |
| 20110004918 | Facilitating heterogeneous authentication for allowing network access - A method comprises an operation for facilitating authentication of a client device attempting to connect to a port of a network element. Facilitating authentication includes determining whether the client device is configured for being authenticated using a first authentication mechanism and, in response to determining that the client device is not configured for being authenticated using the first authentication mechanism, determining whether the client device is configured for being authenticated using at least one other authentication mechanism. For each one of the authentication mechanisms, an operation is provided for providing the client device with network connectivity dependent upon a respective first classification policy structure in response to the client device being successfully authenticated and an operation is provided for providing the client device with network connectivity dependent upon a respective second classification policy structure different that the first classification policy structure in response to the client device failing to be successfully authenticated. | 01-06-2011 |
| 20110004919 | Method for Processing Emails in a Private Email Network - A postal inspector gatekeeper function is implemented in an electronic email communication system to process email. Various methods of processing email in a private email network approve or reject specific emails for delivery after determining whether the email sender and/or the intended email recipient are included in directories such as a member directory, enterprise member client directory, and a non-member whitelist. | 01-06-2011 |
| 20110004920 | WIRELESS COMMUNICATION SYSTEM, WIRELESS HOST, AND WIRELESS DEVICE - A wireless communication system includes a wireless host and a wireless device. The wireless device includes a user authentication unit that authenticates a requesting user that is using the wireless host based on a result of comparison between a requesting-user ID of the requesting user received from the host and a user ID of a user that is permitted to establish communication with the wireless device. When the requesting user is authenticated by the user authentication unit, information required prior to connection is stored in the wireless device and the wireless host. The wireless device permits to continue the association process with the wireless host, when the information required prior to connection received from the wireless host and the information required prior to connection stored in the wireless device match. | 01-06-2011 |
| 20110004921 | PERSONALIZED SECURITY MANAGEMENT - Systems and methods for personalized security management of online applications are provided. A determination may be made that a condition for constructing an increased authentication proposal for access to an online financial service is satisfied. The increased authentication proposal may be associated with (i) a user of the online financial service and (ii) a user request option associated with the online financial service. Based upon the determination that the condition is satisfied, the increased authentication proposal may be generated and transmitted for presentation to the user. An increased authentication proposal response may then be received, and the increased authentication proposal response may be processed in order to store, in association with the user and the user request option, (i) an indication of an increased authentication condition and (ii) an indication of an increased authentication mechanism. | 01-06-2011 |
| 20110010757 | ELECTRONICALLY IMPLEMENTED METHOD AND SYSTEM FOR AUTHENTICATION AND SHARING OF DOCUMENTS VIA A COMMUNICATION NETWORK - The invention provides a method and system of authentication and online sharing of documents by electronic means, through a third party, conducted via a communication network. The method involves, creation of a website, subject to the control of an administration entity; uploading the scanned version of the original document by the user at the allotted location in the website, using the obtained user name and created password; assigning a uniquely identifiable indicia to the scanned document; sending the scanned document to the authenticating entity; accessing and verifying the authenticity of scanned document by the authenticating entity, by comparison with the original document available in the database of the authenticating entity. The authentication is performed through an electronically simple mechanism only once, in which, irrespective of the date of issue of the document, the document may be attested and the record may be maintained permanently. | 01-13-2011 |
| 20110023086 | Suppression of malicious SIP messages using the resource priority header - An Internet Service Provider (ISP) node is configured to suppress malicious session initiation protocol (SIP) messages. The ISP node is coupled to receive a new session initiation protocol (SIP) message from a user agent client associated with the ISP. If the SIP message includes a resource priority header (RPH) indicating the new SIP message should be given priority within the network, the ISP node determines whether the user agent client previously sent an initial SIP message with an RPH that has not yet been authorized, and if so, places the new SIP message in a buffer. | 01-27-2011 |
| 20110023087 | METHOD AND APPARATUS FOR DYNAMIC DESTINATION ADDRESS CONTROL IN A COMPUTER NETWORK - An arrangement to direct a packet sent out from an arbitrary apparatus connected to a network to a predetermined authentication server without changing the configuration of a computer network. A packet transmitted from apparatus, such as a personal computer, newly connected to the network, is guided to an authentication server via communication control apparatus. The communication control apparatus replaces a MAC address of the destination addresses of another server, which is included in the ARP cache of the personal computer, with the MAC address of the communication control apparatus to guide the packet from the personal computer to the communication control apparatus. The communication control apparatus further transmits the received packet to a predetermined authentication server. | 01-27-2011 |
| 20110023088 | FLOW-BASED DYNAMIC ACCESS CONTROL SYSTEM AND METHOD - A traffic analysis and flow-based dynamic access control system and method. The flow-based dynamic access control system for controlling a user's access to an internal communication network through an external communication network includes an access control unit operating in an access control mode in which traffic received from a user is basically blocked, generating state management information of a flow, which is received from the user, based on a specified packet of the flow, and verifying whether access of the flow to the internal communication network is a normal access. As a proactive defense concept of allowing only normal users to access an internal network, a method of blocking attacks from a system contaminated by a worm virus, detecting a cyber attack on a certain system in advance and automatically avoiding the cyber attack, and guaranteeing the quality of normal traffic even under cyber attacks without performance degradation of the internal network is provided. | 01-27-2011 |
| 20110023089 | PROFITS GIVE-BACK DEVICE, PROFITS GIVE-BACK METHOD, PROGRAM STORAGE MEDIA, PROFITS GIVE-BACK SYSTEM, CONTENT PROVIDING DEVICE, CONTENT PROVIDING METHOD, PROGRAM STORAGE MEDIA, AND CONTENT PROVIDING SYSTEM - A profit give-back device, profit give-back method, program storage medium, profit give-back system, content providing device, content providing method, program storage media, and content providing system are disclosed. Profits give-back processing is performed according to the accumulated points proportionate to the number of times the content with a commercial video is provided to a client PC 4 and thus the fare profits giveback can be easily performed. A preset content with a commercial video is provided to a user when requested from the client PC 4, and it is possible to surely provide advertisement information without the user being aware of the commercial. | 01-27-2011 |
| 20110030032 | SECURE DHCP PROCESSING FOR LAYER TWO ACCESS NETWORKS - In general, this disclosure describes network security techniques that may accommodate legitimate movement of a subscriber device while preventing MAC collisions that may result from configuration errors or MAC spoofing attempts. MAC spoofing may result in packets directed to one subscriber device being sent instead to another subscriber device. By modifying an access node or a Dynamic Host Configuration Protocol (DHCP) server to allow only authorized subscriber devices on the access network, layer two collisions (“MAC collisions”) may be prevented. | 02-03-2011 |
| 20110030033 | MANAGING SECURE USE OF A TERMINAL - A terminal exhibits at least one functionality made secure on the basis of a security item. A security entity stores said security item as well as first authentication parameters. The terminal stores second authentication parameters. At the level of the terminal, an authentication of the security entity is performed on the basis of the first and second authentication parameters. Next, a secure contactless link is established with the security entity. Finally, the security item stored on said security entity is received in the course of said secure link. | 02-03-2011 |
| 20110035786 | Preventing A Non-Head End Based Service Provider from Sending Media to a Media Processing System - Systems and methods that prevent unauthorized access in a communications network are provided. In one embodiment, a system that prevents unauthorized access to a network device may include, for example, a network device and a headend. The headend may be coupled to a communications network. The network device may be deployed in a home environment and may be communicatively coupled to the communications network via the headend. The headend may be adapted, for example, to determine whether a request to access the network device is authorized. | 02-10-2011 |
| 20110035787 | Access Through Non-3GPP Access Networks - When setting up communication from a user equipment UE ( | 02-10-2011 |
| 20110041159 | EXECUTING COMMANDS ON DEVICES THROUGH PRESENCE APPLICATIONS - Presence applications running on different devices are used to access and command devices through a communications server. A communication channel is established between at least two instances of a presence application that are running on different devices. A device that is associated with an instance of a presence application is remotely commanded by a received message from the communications server from another instance of the presence application on a different device. | 02-17-2011 |
| 20110047595 | DISTRIBUTED SYSTEM AND COMPUTER PROGRAM PRODUCT FOR ESTABLISHING SECURITY IN A PUBLISH/SUBSCRIBE DATA PROCESSING BROKER NETWORK - A technique for establishing security in a publish/subscribe data processing broker network is presented. The technique includes providing a security extension module from a publisher to a broker of the network, wherein the security extension module is for a topic asset of the publisher. The broker employs the security extension module, responsive to receipt of a request from a subscriber for the topic asset, to authenticate the request at the broker before pushing the topic asset of the publisher to the subscriber. In addition to authenticating the request, the security mode extension can be employed to authorize the request, and to automatically forward messages to the publisher providing information on when topic asset access by a subscriber begins and ends. | 02-24-2011 |
| 20110047596 | KEYSTROKE LOGGER FOR UNIX-BASED SYSTEMS - A device receives, from an Internet program manager (IPM) server, an identification (ID) of a user associated with a user device and an Internet protocol (IP) address of the user device, and connects to the user device based on the user ID and the IP address of the user device. The device also receives, from the IPM server, a request to execute a logging application for the user device, and executes the logging application based on the request. The device further receives, via the logging application, one or more inputs or outputs associated with the user device, and records the one or more inputs or outputs associated with the user device. | 02-24-2011 |
| 20110047597 | SYSTEM AND METHOD FOR SECURITY DATA COLLECTION AND ANALYSIS - Disclosed herein is a system and method for efficiently gathering information about applications for mobile communication devices (e.g., smartphones, netbooks, and tablets). This disclosure is also directed to a server producing assessments for applications by analyzing data from multiple sources. To gather information, a device sends information about an application to a server, which stores some or all of the information and may request additional information, if necessary. The server collects information from many devices, including devices that have varied configurations and different operating systems, by only collecting the appropriate information from each device. The server gathers the appropriate data to perform in-depth, granular mobile application analysis while minimizing overhead on devices, wireless networks, and the server. The server may collect portions of data from multiple devices, combining them on the server to produce an assessment for an application. | 02-24-2011 |
| 20110055892 | ACCESS CONTROL IN A MULTI-PRINCIPAL BROWSER - A principal operating system based-browser controls access to resources. The resources are represented semantically in a resource object model. A browser kernel of the browser mediates resources access calls from principals. In some implementations the principals are web entities and the resources are peripheral devices. The resource object model separates device semantics from physical device access. Resource access control policies are maintained by the browser kernel and separated from device access mechanisms. | 03-03-2011 |
| 20110055893 | COMMUNICATION APPLICATION - In at least some embodiments, a computer system includes a processor and a system memory coupled to the processor. The system memory stores a communication application that, when executed, provides first stage operations and second stage operations. The computer system also includes a network interface coupled to the processor. The first stage operations comprise a selective exchange of primary connection information with a communication endpoint via the network interface. The second stage operations comprise initiating a peer-to-peer communication session with the communication endpoint based on the primary connection information. | 03-03-2011 |
| 20110055894 | Firewall and NAT Traversal for Social Networking and/or Content Sharing On Mobile Devices - A method for facilitating firewall and NAT traversal during social networking and/or content sharing via a mobile device uses an instant message protocol to establish a near real-time communications session between two user devices on opposite sides of the firewall or NAT enabled router. A first application on a mobile device provides social networking and/or content sharing. A second application on the mobile device establishes a communication session for exchanging near real-time messages between the mobile device and a second device over the firewall or NAT protected network. The second application is associated with the first application and allows the mobile device to access a file associated with the first application that is stored in the second device via the communication session. | 03-03-2011 |
| 20110055895 | Shared scalable server to control confidential sensory event traffic among recordation terminals, analysis engines, and a storage farm coupled via a non-proprietary communication channel - A highly secure sensory stream event server receiving and storing encrypted assets and references to those assets over a non-proprietary communications channel. A system for selectively decrypting and transmitting references to analysis clients such as authenticated mutually unconscious users, and retrieving, decrypting and transmitting certain assets from high-volume storage, distributed storage, or in transit. A method for controlling a plurality of sensory stream event recordation clients and a plurality of analysis clients transmitting policies and commands requesting upload of assets and obtaining status solely by receiving client initiated sessions. | 03-03-2011 |
| 20110055896 | AUTHENTICATION SERVER AND LINE SERVER - When a reader/writer | 03-03-2011 |
| 20110055897 | TRUST ASSERTION USING HIERARCHICAL WEIGHTS - An illustrative embodiment provides a computer-implemented method for access control by trust assertion using hierarchical weights. The computer-implemented method comprises obtaining an access request for an asset, identifying a trust value associated with a set of paths associated with the access request to form an identified trust value. The identified trust value is compared with a required trust value and a determination as to whether the identified trust value is greater than or equal to the required trust value is made. Responsive to a determination that the identified trust value is greater than or equal to the required trust value, access to the asset is permitted. | 03-03-2011 |
| 20110055898 | Dynamic Authentication in Secured Wireless Networks - Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required. | 03-03-2011 |
| 20110055899 | SECURE REMOTE MANAGEMENT OF NETWORK DEVICES WITH LOCAL PROCESSING AND SECURE SHELL FOR REMOTE DISTRIBUTION OF INFORMATION - A system and method for the management of one or more wide area or local area network connected devices by a collocated managing device. The managing device forwards information in graphical form using a secure connection to a remotely located administrative user workstation. | 03-03-2011 |
| 20110061090 | METHODS AND APPARATUS FOR NETWORK ADDRESS CHANGE FOR MOBILE DEVICES - In one aspect, a system capable of performing network address changes is provided. The system comprises a network interconnecting a plurality of hosts, a mobile device connected to the network, the mobile device associated with a first network address corresponding to a first network location of the mobile device on the network, a first host connected to the network, and a mobile handler capable of communicating with the mobile device and the host over the network. Wherein the mobile handler is configured to receive a change of address request from the mobile device, the change of address request including a second network address corresponding to a second network location of the mobile device on the network, the mobile handler configured to notify the first host of the change of address request, the notification including the second network address, and wherein the first host is adapted to receive the notification and to initiate a connection with the mobile device at the second network address, wherein a communication path of the connection does not include the mobile handler. | 03-10-2011 |
| 20110061091 | Method and System for Intermediating Content Provider Website and Mobile Device - In one embodiment, a method of facilitating communication between a first content provider website and a mobile device includes obtaining first information from the content provider website via a first network at a web server, the first information not including any email message, where the obtaining includes pulling by way of a back end portion of the web server the first information from the content provider website. The method also includes processing in at least one of the back end portion and a front end portion of the web server the first information so as to provide processed first information, and transmitting a notice of new content in the first information from the front end portion of the web server onto a push channel established on either the first network or a second network for receipt by the mobile device. | 03-10-2011 |
| 20110067087 | ORGANIZING DOCUMENTS THROUGH UTILIZATION OF PEOPLE TAGS - A method disclosed herein includes the acts of receiving a document that has a people tag assigned thereto, wherein the people tag comprises first data that is indicative of an identity of a first individual that corresponds to the document, and wherein the people tag is assigned to the document by an assignor, and accessing contact data pertaining to a second individual, wherein the contact data comprises second data that is indicative of identities of contacts of the second individual, wherein the second data comprises data that is indicative of the identity of the first individual. The method also includes comparing the contact data with the first data, and displaying the document on a computer screen in conjunction with text that identifies the first individual to the third individual, wherein the text indicates a name of the first individual as assigned to the first individual by the second individual. | 03-17-2011 |
| 20110067088 | IMAGE PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND RECORDING MEDIUM - In an image processing device which is configured to use plug-ins to provide services, a service managing part manages services, plug-ins of which are implemented. A common control part controls common processes of a requested service in response to a service execution request with respect to one of the services. A common process part performs common processes for the respective services. An individual process part performs an individual process in the common processes, the individual process being implemented as a plug-in. The common process part includes an individual-process managing part which manages the individual process associated with one of the services. | 03-17-2011 |
| 20110067089 | METHOD FOR SWITCHING A MOBILE TERMINAL FROM A FIRST ACCESS ROUTER TO A SECOND ACCESS ROUTER - A method of switching a mobile terminal from a first access router to a second access router, the terminal having previously set up a secure connection with the first access router with which is associated a communication context between the terminal and the first router, said context comprising at least one identifier relating to a set of security parameters of the connection. The invention relates to a method wherein said context is transferred to the second router while the terminal is switching, the method comprising, if the at least one identifier in the transferred context is already being used by said second router, a step of the second router sending the terminal a new identifier for said set of security parameters. | 03-17-2011 |
| 20110072492 | SCREEN ICON MANIPULATION BY CONTEXT AND FREQUENCY OF USE - Dynamic device management is provided based on a change in context. The management can be for one or more of icons, application, operating system(s), preferences, display characteristics, and the like. Detection and/or monitoring of one or more of presence information, environmental information, user information, recent activity information, inbound/outbound communication information, external stimuli information, geopositional information, temporal information, calendar information, user information, biometric information, and security information can be used as inputs to determining a change in this context. | 03-24-2011 |
| 20110072493 | DATA PROVIDING DEVICE, OPERATION DEVICE, DATA PROCESSING DEVICE, OPERATION SYSTEM, CONTROL PROGRAM, AND COMPUTER-READABLE RECORDING MEDIUM STORING CONTROL PROGRAM - A service providing device ( | 03-24-2011 |
| 20110078761 | METHOD AND APPARATUS FOR EMBEDDING REQUESTS FOR CONTENT IN FEEDS - An approach is provided for embedding requests for news inputs in web feeds to news input sources. A request for news input is received in conjunction with a web feed. The request includes filtering information for targeting news input sources. And, the web feed with the request for news input embedded in the web feed is caused at least in part to be transmitted to a news input source that satisfies the filtering information. | 03-31-2011 |
| 20110078762 | MOBILE OR USER DEVICE AUTHENTICATION AND TRACKING - A system and method, according to one or more embodiments, includes a server computing device configured to communicate with a network-based device via a network; a visitor identification, in which the system generates the visitor identification and the visitor identification corresponds to a piece of information that is unique to the network-based device; a mapping for which the system adds the generated visitor identification to the mapping so that the visitor identification uniquely identifies the network-based device from all other network-based devices in communication with the server computing device; and a database in which the system tracks the visitor identification among a plurality of visitor identifications in the database. | 03-31-2011 |
| 20110078763 | Immobilization module for security on a communication system - Example embodiments are directed to a method of controlling a self-sufficient network system to prevent unauthorized use of the self-sufficient network. The method includes receiving an activation request from the self-sufficient network system and authenticating the self-sufficient network system based on the activation request. The self-sufficient network system is functional if the activation request is valid and the self-sufficient network system has reduced functionality if the activation request is not valid. | 03-31-2011 |
| 20110078764 | TIGHT COUPLING SIGNALING CONNECTION MANAGEMENT FOR COUPLING A WIRELESS NETWORK WITH A CELLULAR NETWORK - A method for communicating between a cellular system and a client terminal such as a mobile terminal by way of a standard wireless LAN and the Internet allows data communications to traverse the core of the cellular network, thereby allowing monitoring of the time and volume usage by the subscriber for billing purposes. The mobile terminal has a communication protocol for communicating with the wireless LAN, over which is a EAP/EAPOL protocol. A Radio Adaptation Layer protocol overlies the EAP/EAPOL protocol. At the cellular system, a Serving GPRS Support Node establishes initial control contact with the mobile terminal by way of EAP/EAPOL. During authentication, the Support Node gives the mobile terminal parameters for an alternative tunnel connection. Once authorization is complete, the mobile terminal closes the EAP/EAPOL connection and opens a new connection tunnel to the Support Node using the parameters. | 03-31-2011 |
| 20110078765 | SYSTEM AND METHOD FOR ESTABLISHING HISTORICAL USAGE-BASED HARDWARE TRUST - Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords. | 03-31-2011 |
| 20110078766 | SYSTEM AND METHOD FOR BOOKMARKING AND TAGGING A CONTENT ITEM - The present invention is directed towards systems and methods for saving and tagging a content item available on a computer network, including saving and bookmarking a reference to a content item. According to one embodiment of a method according to the present invention, a user navigates to a content item and selects a control to save a bookmark to the content item. A bookmarking and tagging server receives one or more items of tag information that are related to the bookmarked content item, which are saved in conjunction with the one or more items of tag information. | 03-31-2011 |
| 20110083162 | METHOD AND APPARATUS FOR PROVIDING CONTEXT ACCESS WITH PROPERTY AND INTERFACE OBFUSCATION - An apparatus for enabling provision of context access with property or interface obfuscation may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured, with the processor, to cause the apparatus to perform at least receiving, from an application, a request for access to property information corresponding to a provider node in which the access is provided via a delivery context client interface based context model, determining access rights associated with the application based on a classification of the application, enabling masking of a portion of information associated with the access rights in response to the classification of the application defining a corresponding subclass restriction, and enabling access to the property via the context model based on the access rights associated with the application and subject to the masking. A corresponding method and computer program product are also provided. | 04-07-2011 |
| 20110088078 | Authentication Failure in a Wireless Local Area Network - In the event of an authentication process failure, a mobile station bans a connection profile storing the credentials provided by the mobile station when initiating the failed authentication process, thus affecting how subsequent scans—other than discovery scans—and connection attempts are handled. In the event of an authentication process failure, a mobile station bans or suppresses an access point with which the mobile station initiated the failed authentication process. The mobile station refrains from transmitting any communications addressed to the unique identifier of any banned access point. The mobile station may ignore any communications received from a banned access point. Suppressed access points are occasionally not made available to the mobile station for selection as a target for a connection attempt. | 04-14-2011 |
| 20110093919 | Method and Apparatus for Determining an Authentication Procedure - A server for managing the authentication of clients that are subscribers of a home domain within which the server is located, the server comprising means for determining whether a client that is attached to a visited domain is to be authenticated by the home domain or by said visited domain, and for signalling the result to said visited domain. | 04-21-2011 |
| 20110093920 | System and Method for Device Authentication with Built-In Tolerance - A system for building tolerance into authentication of a computing device includes a means for executing, from a computer-readable medium, computer-implementable steps of: (a) receiving and storing a first digital fingerprint of the device during a first boot of an authenticating software on the device, the first digital fingerprint based on a first set of device components, (b) receiving a second digital fingerprint from the device at a subsequent time, (c) comparing the second digital fingerprint with a plurality of stored digital fingerprints of known devices, (d) in response to the comparison indicating a mismatch between the second digital fingerprint and the plurality of stored digital fingerprints, generating a request code comprising instructions for the device to generate a third digital fingerprint using the first set of device components, (e) sending the request code to the remote device, (f) receiving the third digital fingerprint from the remote device in response to the request code, and (g) authenticating the device based on a comparison of the first and third digital fingerprints. | 04-21-2011 |
| 20110093921 | MULTI-FUNCTIONAL PERIPHERAL AND MULTI-FUNCTIONAL PERIPHERAL CONTROL SYSTEM - This invention provides a multi-functional peripheral and a multi-functional peripheral control system that manage a total number of output sheets of a user strictly and accurately even when an authentication server of a multi-functional peripheral is not able to perform authentication due to network failure or the like and authentication and output limitation are performed in the multi-functional peripheral. When the number of outputtable sheets registered in a user information management table is not 0, the multi-functional peripheral executes a copy job. When the number of copy outputtable sheets becomes 0, or when copy output of all pages is completed, the number of output sheets is deducted from the number of copy outputtable sheets registered in the user information management table, and thereby the user information management table is updated. Then, when connection to the authentication server is restored, the authentication server updates a user information management DB. | 04-21-2011 |
| 20110093922 | Portable Computing Device For Wireless Communications And Method Of Operation - In one embodiment of the present invention, a portable computing device for wireless communications comprises a first network interface for communicating with a public wireless wide area network (WWAN), a second network interface for communicating with a private wireless local area network (WLAN), and a processor executing under control of software instructions, the software instructions defining a gateway protocol, the gateway protocol establishing the portable computing device as an access point within the private WLAN after the wireless presence on the public WWAN is established. | 04-21-2011 |
| 20110099605 | SYSTEM OF MULTIPLE DOMAINS AND DOMAIN OWNERSHIP - Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. | 04-28-2011 |
| 20110099606 | APPARATUS AND METHOD FOR CONNECTING WITH ACCESS POINT IN MOBILE TERMINAL - An apparatus and a method for simplifying a connection process with an Access Point (AP) in a mobile terminal are provided. More particularly, an apparatus and a method for simplifying a connection process with a peripheral apparatus by registering in advance information regarding the peripheral apparatus that performs an AP function to search for only the registered peripheral apparatus, and for performing a security access to the peripheral apparatus without a separate operation in a mobile terminal are provided. The mobile terminal includes an AP searching unit. The AP searching unit stores and registers information regarding APs to be connected, and searches for only the registered APs to perform a security access. | 04-28-2011 |
| 20110099607 | METHOD OF AUTHENTICATING AND BRANDING EMAILS AND OTHER MESSAGES USING INFORMATION AVAILABLE IN A MESSAGE LIST - Disclosed are systems, methods, networks, and computer programs for messaging. In some cases a receiving system receives certain message data which was slated to be presented in a message list to a receiving user, including a sending system contact indicator. In some cases, the receiving system uses the sending system contact indicator in determining where to send a message authentication request in order to reach the system which presumably sent the message. In some cases, the request preferably includes sufficient message identifying information from the received message data for the system which receives the request to find a match among sent messages, provided that the system which received the request had in fact sent the message. In some cases, the system which received the request provides a response to the request which reflects the matching outcome. | 04-28-2011 |
| 20110107397 | System, Method and Computer Program Product for Securing Legal Documents - A system, method and computer program product for securing legal documents includes connecting to a server for exchanging at least one document with a contracting party. Identities of contracting parties and ownership of the at least one document are authenticated by the server. The at least one document is exchanged with the contracting party for conducting a business transaction. The at least one document is communicated through the server and content of the at least one document is stored as read-only in a secured data bank along with at least a date and time of the exchange and locations and identities of contracting parties engaged in the business transaction. | 05-05-2011 |
| 20110107398 | SYSTEM AND METHOD FOR TRANSPARENT ACCESS AND MANAGEMENT OF USER ACCESSIBLE CLOUD ASSETS - System and method for enabling user access of cloud assets are described. In one embodiment, a method comprises authenticating a user to a system comprising a cloud computing environment in which a plurality of cloud assets are hosted; assembling a deployment associated with the authenticated user in accordance with a policy, the deployment comprising designated ones of the cloud assets; and providing a secure mechanism by which the designated ones of the cloud assets comprising the deployment are accessible by the authenticated user. | 05-05-2011 |
| 20110107399 | AUTHENTICATION TECHNIQUES - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner. | 05-05-2011 |
| 20110113472 | Integrated Virtual Desktop and Security Management System - An integrated virtual desktop and security management system provides the virtual desktop server functionality and, more importantly, security management for computing devices and servers in the corporate data network. The computing devices include computers running virtual desktop client software and computers running a complete operating system and applications. The system in this invention can intercept data packets exchanged among the computing devices and servers and also can scrutinize virtual machine computing and networking activities, and therefore, possess the capability of analyzing, logging, reporting, and permitting or denying computing and networking activities of devices in the corporate data network. | 05-12-2011 |
| 20110113473 | METHOD OF ACCESSING APPLICATIONS IN A SECURE MOBILE ENVIRONMENT - A method of accessing in a mobile communication device ( | 05-12-2011 |
| 20110119734 | ACCESS CONTROL IN A SECURED FACILITY - In one embodiment, a system processes access decisions for individuals where the system includes a portable handheld housing for the processor, display, internal memory, and card reader of the system. The system further includes software comprising: code for downloading, in a first mode of operation through the wireless communication circuitry, to the internal memory, access rights information from a distribution server, the access rights information, for multiple users, independently originating and being cryptographically authenticated from multiple sources, the access rights information revocation data that is specific to respective identified individual users; code for reading and processing identity information and access rights information from a portable memory card via the reader in a second mode of operation, the identify information comprising first and last name information pertaining to a specific user and employer organization information of the specific user, the code for reading and processing cryptographically authenticating information. | 05-19-2011 |
| 20110119735 | APPARATUS AND SYSTEM EFFECTIVELY USING A PLURALITY OF AUTHENTICATION SERVERS - An authentication system and apparatus having an authentication process distributing function for individually setting an authenticating method and an authentication server on a port unit basis of a network apparatus and selecting an authentication processing unit which authenticates every port are provided. More specifically speaking, there is provided a packet transfer apparatus or system having: a plurality of connecting ports; a plurality of authentication processing units for authenticating apparatuses connected through the connecting ports; and an authentication process distributing unit for selecting the authentication processing unit to be authenticated every connecting port, wherein any one of the plurality of authentication processing units is made to correspond to each of the plurality of connecting ports, and when a packet is received from the apparatus connected to one of the connecting ports, the authentication process distributing unit selects the authentication processing unit which was made to correspond to the connecting port to which the apparatus to which the packet was transmitted has been connected and allows an authenticating process of the packet-transmitted apparatus to be executed. | 05-19-2011 |
| 20110119736 | APPARATUS AND METHOD FOR PREVENTING CHARGE CAUSED BY UTILIZING APPLICATION IN PORTABLE TERMINAL - An apparatus and method for determining a function that causes a charging problem and a personal information leakage problem when executing an application are provided. The apparatus includes an application configuration unit for determining and storing function information of the application that performs a network connection, and for providing a network connection function item of the application selected by a user based on the pre-stored function information. | 05-19-2011 |
| 20110119737 | METHOD AND DEVICE FOR DISTRIBUTED SECURITY CONTROL IN COMMUNICATION NETWORK SYSTEM - With migration of network technology and more and more requirements of user equipment for accessing to Internet, the network security faces more and more severe situation. There is provided a method for distributed security control in communication network system and the device thereof in order to improve security and operatability of network operator. In the method, firstly the network controller establishes a network security control mechanism, which is used for a second network device to check the validity of the data package from the user equipment; secondly, the network controller sends the network security control mechanism to the second network devices; lastly, the second network device checks the validity of the data package from the user equipment according to the network security control mechanism, and discards the data package if the data package is invalid. With the present invention, security and operatability of the communication network maybe improved greatly, particularly, the functionality of address anti-spoofing can be implemented in the network with a WLAN architecture in centralized control. (FIG. | 05-19-2011 |
| 20110126263 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, PROGRAM FOR IMPLEMENTING THE METHOD, AND STORAGE MEDIUM STORING THE PROGRAM - An image processing apparatus which can be readily used by an authenticated user without laborsome setting even if the user uses the image processing apparatus for the first time through an authentication server. A user is authenticated with an authentication server connected to an image processing apparatus via a network. User unique setting information for the authenticated user is set, and the user unique setting information for each user is stored in user information storing areas. Initial setting information of initial setting of the image processing apparatus is stored in an initial setting information storing area. When the authenticated user uses the image processing apparatus for the first time, duplicate copy of the initial setting information stored in the initial setting information storing area is stored as the user unique setting information in the user information storing areas. | 05-26-2011 |
| 20110126264 | SYSTEM AND METHOD FOR PROVIDING A SECURE NETWORK ON ANOTHER SECURE NETWORK - The present invention provides a system and method for providing a closed or secure network” on another closed or secure network. The system enables linking at least one acquirer network operating a closed network to at least one operator by a central server. The acquirer network includes one or more terminals and optionally an acquirer server. The central server is linked to the acquirer network and to the operator. The central server is configurable to communicate with at least a subset of the one or more terminals, and also with the operator, and to establish one or more serve; communication links between the operator and the one or more terminals. The central server acts as a trusted intermediary between the acquirer network and the operator for enabling the operator to communicate with the one or more terminals via the closed acquirer network. | 05-26-2011 |
| 20110131630 | SERVICE ACCESS METHOD AND DEVICE, SERVICE AUTHENTICATION DEVICE AND TERMINAL BASED ON TEMPORARY AUTHENTICATION - A service access method and device, a user authentication device, and a terminal are provided. A service access method includes requesting a terminal to transmit authentication information in response to a service access request that is received from the terminal, receiving the authentication information from the terminal, permitting a temporary access to the terminal based on a result of a temporary authentication performed based on the authentication information, and processing a main authentication based on the authentication information. | 06-02-2011 |
| 20110131631 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM - There is provided a communication device, which includes a physical layer which performs close-range one-to-one communication with a device B through electric field coupling or magnetic field coupling, an authentication information changing unit which dynamically changes device information for mutual authentication according to a type of data selected on an application, a protocol selection unit which selects one protocol that can be utilized by the communication device and the device B, a start information transmission unit which transmits the device information and information showing the selected protocol to the device B in order to make the device B start an application corresponding to the type of data and the selected protocol, and a protocol conversion unit which converts a protocol utilized by the application into a protocol utilized by the physical layer in order to transfer data between the applications of the communication device and the device B. | 06-02-2011 |
| 20110138444 | AUGMENTED REMOTE CONTROLLER AND METHOD FOR OPERATING THE SAME - An image display may be displayed by augmented reality on a remote controller. This may include identifying an electronic device having playable content, receiving information regarding a locked status of the playable content of the identified electronic device, and displaying, on a screen, an object indicating a locked status when the playable content of the identified electronic device requires a user authentication for playing the content. A user authentication input may be received and a determination may be made whether the received user authentication input matches a previously stored user authentication information. The playable content may be released from the locked status when it is determined that the received user authentication input matches the previously stored user authentication information, and information relating to the released playable content may be displayed. | 06-09-2011 |
| 20110138445 | SYSTEMS AND METHODS FOR DYNAMIC ACCESS TO PROGRAM FEATURES - The multimedia client-server system provides a multimedia client program with a set of features and a server system that creates feature access information that determines which features are to be made available to a particular user. The server system may send the feature access information to the user such that the information is accessible to the multimedia client program. The multimedia client program may dynamically control the user's access to the program's feature set by using the feature access information to validate and verify the user. In addition, the feature access information may be accessible to the server system, such that the server system may periodically update the feature access information, such as, for example, when the user accesses the server system to download multimedia content. | 06-09-2011 |
| 20110138446 | SYSTEM AND METHOD FOR PROVIDING USER AUTHENTICATION AND IDENTITY MANAGEMENT - A distributed client/server system comprises a network of servers and clients, such as the Internet, in which user access to certain restricted resources is controlled by a logon procedure that identifies an authorized user to the respective administering server. The disclosed system and method includes a logon server that comprises a user authentication procedure by which a user can logon to the logon server from any client in the network and uniquely identify itself to the logon server. The logon server also includes a library of usernames and passwords for the restricted resources chosen by each user and the ability to automatically log the users on to any of the restricted resources when selected by the user through a personal catalog maintained by the logon server. The disclosure system and method also includes various other features for providing user authentication and identity management in a network environment, such as the Internet. | 06-09-2011 |
| 20110145887 | System and Method of Selectively Applying Security Measures to Data Services - Systems and methods of applying security measures to data services are disclosed. In one embodiment, a processor determines when more than one data service is used by or is accessible to a subscriber device and applies a security measure to at least one data service. | 06-16-2011 |
| 20110145888 | ELECTRONIC MONITORING SYSTEM AND METHOD - An electronic monitoring system located in a second service area when an electronic monitoring target has moved from a first service area having a first authority to the second service area having a second authority starts electronic monitoring for the electronic monitoring target that has moved into the second service area, configures a temporary electronic monitoring authority based on the first authority and the second authority, and executes the electronic monitoring on the electronic monitoring target in the second service area according to the configured temporary electronic monitoring authority. | 06-16-2011 |
| 20110145889 | SYSTEM AND METHOD FOR VERIFYING DELIVERY AND INTEGRITY OF ELECTRONIC MESSAGES - In order to provide third party verification of the content and delivery of an electronic message such as an e-snail, a server receives the e-mail intended to be sent or forwarded to a specified addressee, and “tags” the message to indicate that it is “registered” with the provider of the service. The server then establishes a direct telnet connection with the addressee's Mail User Agent (MUA), and transmits the tagged email to the addressee's MUA, as well as to the MUA's of any other addressees. After receiving responses from the receiving MUA's that the message was successfully received, the server then creates and forwards to the message originator an electronic receipt. The receipt includes one or more, and preferably all of, the following: the original message including any original attachments; a delivery success/failure table listing which addressee's MUA's successfully received the message and at what time, and for which MUA's there was a delivery failure; and a digital signature corresponding to the message and attachments. By receiving the receipt at a later date and verifying that the digital signature matches the message and related information, the operators of the system can provide independent third party verification that the receipt is a genuine product of their system and that the information pertaining to content and delivery of the message is accurate, without the need to archive either the original message or the receipt. | 06-16-2011 |
| 20110145890 | ACCESS METHOD SUITABLE FOR WIRELESS PERSONAL AREA NETWORK - The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods. | 06-16-2011 |
| 20110154437 | NETWORK COMPONENT SECURITY SYSTEM - A method and system for controlling access to a network is disclosed. This is done by identifying a component attached to the network, determining whether the identified component requires special access to the network and providing an indication when the identified component is identified as requiring special access to the network and fails to satisfy a criterion for such special access. | 06-23-2011 |
| 20110154438 | Multi-Level Security Controls System - A method and apparatus for processing information. First information is received from a first number of devices at a first number of interfaces configured to receive the first information in a first section of a programmable integrated circuit. The first information is sent to a second section in the programmable integrated circuit. Second information is received at a second number of interfaces in the second section from a second number of devices that generates the second information with a plurality of security levels. The first and second sections are partitioned from each other such that communication between the first and second sections is controlled by the second section. The first and second information are processed to form processed information that is sent to a number of network interfaces in which an identification of a security level within a plurality of security levels is associated with the processed information. | 06-23-2011 |
| 20110154439 | SECURE APPLICATION NETWORK - Systems and methods are provided for a secure application network according to one or more embodiments. In one embodiment, a system for a secure application network comprises a service provider server adapted to interact with an application development server and a client device over a network, wherein the service provider server is adapted to implement the secure application network system. The system also comprises one or more processors and one or more memories adapted to store a plurality of machine-readable instructions which when executed by the one or more processors are adapted to cause the secure application network system to: maintain a plurality of records associated with at least one application developer using the application development server; authenticate the at least one application developer based on the plurality of records; and enable the at least one authenticated application developer to create and/or deploy one or more applications operable on the client device to be downloaded by a user of the client device from the secure application network system. | 06-23-2011 |
| 20110154440 | DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) AUTHENTICATION USING CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP) CHALLENGE - A method performed by a Dynamic Host Configuration Protocol (DHCP) server comprising receiving a DHCP DISCOVER message from a DHCP client; generating a challenge in response to the DHCP DISCOVER message; sending the challenge to an authentication device; receiving a first challenge response from the authentication device; generating a DHCP OFFER message; sending the challenge to the DHCP client in the DHCP OFFER message; receiving a DHCP REQUEST message that includes a second challenge response from the DHCP client; comparing the first challenge response with the second challenge response; and authenticating the DHCP client when the first challenge response and the second challenge response match. | 06-23-2011 |
| 20110154441 | ONLINE DEVELOPMENT ENVIRONMENT SERVER, ONLINE MARKETPLACE SERVER, ONLINE DEVELOPMENT ENVIRONMENT CONSTITUTING METHOD, AND DEVELOPED APPLICATION PROVIDING METHOD - An online development environment server, online marketplace server, an online development environment configuring method, and a developed application providing method are provided. The online development environment server includes: a virtual resource pool providing virtual resources including a design tool pool, an IDE/SDK pool, a service component, and a virtual server and repository pool; a virtual resource pool manager supporting to allow a developer to select a virtual resource according to a selected development environment; a virtual development environment manager establishing a virtual development environment with reference to virtual resource information through the virtual resource pool manager; a virtual operation space and view manager binding a user and a view of a virtual development environment of each group through the virtual development environment manager and the virtual resource pool manager; a presenter presenting a virtual view model constituted by being bound by the virtual operation space and view manager; and a metadata manager storing metadata configured for virtualizing an operation space and managing the same. | 06-23-2011 |
| 20110154442 | SECURITY CONTROL SYSTEM AND METHOD FOR PERSONAL COMMUNICATION TERMINALS - A security control system for personal communication terminals includes: a terminal registration agent for registering information on a personal communication terminal of a worker or visitor present within a security area into a terminal security control server and a zone notification node for providing the information of the personal communication terminal that has entered a control zone covered by the zone notification node in the security area when the personal communication terminal moves to the control zone. The system further includes the terminal security control server for installing a security control software module in the personal communication terminal, configuring computing resources and components permitted within the control zone based on a security control policy and zone information, and providing the configured computing resources and components to the personal communication terminal. | 06-23-2011 |
| 20110154443 | SYSTEMS AND METHODS FOR AAA-TRAFFIC MANAGEMENT INFORMATION SHARING ACROSS CORES IN A MULTI-CORE SYSTEM - A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid. | 06-23-2011 |
| 20110162042 | TRUSTED METWORK MANAGEMENT METHOD OF TRUSTED NETWORK CONNECTIONS BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management. | 06-30-2011 |
| 20110162043 | ELECTRONIC APPARATUS INCLUDING SELECTOR FOR CONNECTING FURTHER APPARATUS TO CONTROLLER OR COMMUNICATION CIRCUIT OF ELECTRONIC APPARATUS - A controller controls a selector to connect a portable apparatus to the controller, to authenticate the portable apparatus. When the authentication of the portable apparatus is successful, the controller controls the selector to connect the portable apparatus to an audio and visual processing device circuit. | 06-30-2011 |
| 20110162044 | SECURE COMMUNICATION DEVICE, SECURE COMMUNICATION METHOD, AND PROGRAM - A secure communication device for high-speed encryption/decryption authentication including network stack processing. An encryption/decryption authentication control unit ( | 06-30-2011 |
| 20110162045 | ACCESS CONTROL SYSTEM, ACCESS CONTROL METHOD, AND COMMUNICATION TERMINAL - Collation information ( | 06-30-2011 |
| 20110167475 | Secure Access to Remote Resources Over a Network - A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network. When the client computer requests access to a specific resource in the remote network, the virtual private network tool will only provide the routing table with the routing information for that specific remote resource. | 07-07-2011 |
| 20110167476 | MESSAGE DELIVERY SYSTEM AND DELIVERY METHOD - A message delivery system for delivering a message to a user includes: a plurality of delivery systems ( | 07-07-2011 |
| 20110173676 | System, Method and Apparatus for Electronically Protecting Data and Digital Content - The present invention provides a system, method and apparatus for protecting sensitive data by extracting the sensitive data from a data storage on a client, sending the extracted data to a server for storage, receiving a pointer indicating where the extracted data has been stored and replacing the sensitive data on the data storage on the client with the pointer. The pointer may include random data that is of a same data type as the sensitive data. Furthermore, the pointer is subsequently used to access the sensitive data after proper authentication. | 07-14-2011 |
| 20110173677 | DETECTING MALWARE CARRIED BY AN E-MAIL MESSAGE - An anti-virus system provider distributes an e-mail identifying content filtering rule seeking to identify e-mail messages suspected of containing an item of malware from a central source ( | 07-14-2011 |
| 20110179466 | INFORMATION PROCESSING SYSTEM, CONTROL METHOD FOR THE SAME, AND PROGRAM - An information processing system is provided that simplifies a logout procedure in an information processing apparatus that has a Web browser that operates together with a Web server that serves as an external apparatus, while maintaining the operational feel of the Web browser. To accomplish this, in the present information processing system, the Web server is notified of a user instruction input via an operation screen of the Web browser provided from the Web server as an event. Here, the Web server analyzes the notified event, and if this event is a logout request, the Web server executes processing for logging out of the Web server, and also notifies the Web browser of the logout request. The Web browser executes processing for logging out of the Web browser upon receipt of the logout request from the Web server. | 07-21-2011 |
| 20110179467 | Intercepting malicious access - Analyzing network access requests includes: receiving an access request for service from a user; updating a frequency of access requests associated with the user; receiving an analysis result based at least in part on the access request; determining whether the frequency of access exceeds a predetermined frequency; in the event that the frequency of access does not exceed the predetermined frequency, allowing the access request; and in the event that the frequency of access is greater than the predetermined frequency, determining whether to intercept the access request from the user based at least in part on the analysis result. | 07-21-2011 |
| 20110185397 | Method And Apparatus For Securing Wireless Relay Nodes - In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process. | 07-28-2011 |
| 20110185398 | ACCESS CONTROL SYSTEM AND ACCESS CONTROL METHOD - A system including a providing unit that provides a virtual-desktop-service selected on the basis of an identification information acquired from the terminal apparatus, and sends a message that includes an address of the providing unit and an address of an application program booted by a process of the virtual-desktop-service, a storage unit that stores the identification information associated with the address of the providing unit and an access control information associated with a set of a identification information and an address of an application program, and a relay unit that receives a message sent by the providing unit, acquires an identification information associated with a source address included in the received message, acquires an access control information associated with a set of the acquired identification information and a destination address included in the received message, and controls relaying the message depending on the acquired access control information. | 07-28-2011 |
| 20110191819 | Diameter Signaling for Mobile IPv4 - The invention consists of a new registration and authentication protocol for between a Mobile Node and a Home Agent. The new protocol uses a novel messaging sequence to request registration, authentication and authorization of the Mobile Node when it is located on a foreign network, and the novel protocol will avoid some of the standard registration and authentication protocol messages in order to eliminate the problems associated with re-transmission errors. | 08-04-2011 |
| 20110191820 | System and Method for Restricting Access to a Computer System to Live Persons by Means of Semantic Association of Images - A system and method for restricting access to a computer system, resource, or network to live persons, and for preventing the execution of automated scripts via an interface intended for human interaction. | 08-04-2011 |
| 20110191821 | CONTROLLED USE MEDICAL APPLICATION - In an example, a client application can be implemented, including controlling access of a medical application to a client operating system resource; receiving medical data according to a first medical standard, and providing information to the medical application using the received medical data. | 08-04-2011 |
| 20110191822 | CONTROLLED USE MEDICAL APPLICATION - In an example, a plurality of virtualized medical application containers can be stored on one or more servers, wherein each server includes a memory, and wherein each virtualized medical application container includes a virtualized operating system, separate from a client operating system and a medical application executable installed on the virtualized operating system. | 08-04-2011 |
| 20110191823 | Bump validation - A “bump” occurs when two devices at the same place at the same time indicate their intention to establish a connection for transferring information. A process for validating bumps is described. | 08-04-2011 |
| 20110191824 | METHOD FOR PROVIDING CONTENTS DATA USING WIRELESS COMMUNICATION DEVICE AND NAVIGATION DEVICE PERFORMING THE SAME - A method of providing content information using a wireless communication device and a navigation device of performing the method are disclosed. The navigation device may comprise a terminal searching unit that searches a wireless communication terminal that may perform near field wireless communication in response to a content information providing request, a terminal authenticating unit that performs terminal authentication on whether the searched wireless communication terminal has been subscribing for a content providing service, and a content information displaying unit that, if it is identified that the wireless communication terminal is a terminal subscribing for the content providing service, receives content information from the wireless communication terminal and displays the content information on a display. | 08-04-2011 |
| 20110191825 | WIRELESS COMMUNICATION DEVICE, WIRELESS COMMUNICATION METHOD, AND PROGRAM - There is provided a wireless communication device including a storage unit for storing authentication information distributed to a plurality of users including a user of the wireless communication device belonging to a community on a network; an authentication unit for authenticating a peripheral wireless communication device based on the authentication information stored in the storage unit; and a control unit for forming a communication group with the peripheral wireless communication device when the authentication of the peripheral wireless communication device by the authentication unit is successful. | 08-04-2011 |
| 20110197260 | SYSTEM SELF INTEGRITY AND HEALTH VALIDATION FOR POLICY ENFORCEMENT - Embodiments of the invention provide methods and systems for enforcing system self integrity validation policies. The method includes accessing, by a policy enforcer, a plurality of policies configured to enforce system integrity, monitoring system performance to determine actions executed by the system, and based on at least one of the plurality of policies, comparing the system performance with system performance required by the at least one or the plurality of policies. The method further includes, based on the comparison, determining that the system has performed in a manner contrary to the requirements of the at least one policy, and in response, prohibiting access of the system to services provided by a service provider. | 08-11-2011 |
| 20110197261 | SERVICE ACTIVATION METHOD, SERVICE PROVIDING METHOD, TERMINAL DEVICE, AND SERVER - A method for providing a mobile advertising (MobAd) service includes: receiving a MobAd service activation request sent by a terminal, where the MobAd service activation request includes collected terminal capability information; and providing a MobAd service to the terminal according to the terminal capability information. | 08-11-2011 |
| 20110197262 | NETWORK APPARATUS, ASSESSMENT METHOD, PROGRAM, AND INTEGRATED CIRCUIT - A network device restricts functions thereof in a special case such as theft, and comprises: an acquisition unit for acquiring one or more identification information pieces corresponding to one or more local devices in a communicable state; a calculation unit for calculating an index value for each local device; a holding unit for holding, for each local device whose identification information piece was acquired in the past, the identification information piece of the local device and the index value thereof; a difference specifying unit for specifying a difference between (i) one or more identification information pieces currently acquired and (ii) the one or more identification information pieces acquired in the past, thereby specifying a local device as the difference; and a judgment unit for judging whether to restrict the access based on the index value of the local device specified as the difference. | 08-11-2011 |
| 20110202971 | Server-Based Data Sharing in Computer Applications - A computer-implemented method of sharing data between computer applications is discussed. The method includes receiving, at an application server sub-system of a hosted computer server system and from a first computing device that is remote from the hosted computer server system, commands interacting with an electronic document served by the application server sub-system, and receiving at the hosted computer server system a command to copy content from the electronic document to an electronic clipboard. The method also includes storing, at a clipboard server sub-system of the hosted computer server system, that is separate from the application server sub-system, data that represents the content, receiving a request for the stored data that represents the content, and delivering, from the clipboard server sub-system to a second computing device, the data that represents the content. | 08-18-2011 |
| 20110202972 | NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE - A network authentication method, a method for a client to request authentication, a client, and a device are provided. The method includes: receiving synchronize (SYN) data sent by a client, where the SYN data includes a sequence number SEQ | 08-18-2011 |
| 20110202973 | AUTHENTICATION SERVERS - An authentication server manages traffic data with respect to each connection device, the traffic data representing a traffic amount, with respect to the connection device, that is contained in a charging information notification signal that provides notification of charging information transmitted from the connection device, compares the traffic data with respect to each connection device with a preset threshold, and assigns one of a plurality of connection devices as a connection device that connects a communication terminal and a network based on the compared result. | 08-18-2011 |
| 20110209198 | APPLYING ACCESS CONTROLS TO COMMUNICATIONS WITH AVATARS - Senders of instant messages may inspire perception by a recipient of avatars capable of being animated in order to customize or personalize communication exchanges from the sender. The avatar, an animation of or associated with the avatar, an object associated with the avatar, or another component of the avatar or communication may be inappropriate, or otherwise objectionable, to the recipient, the recipient class or category, or an identity associated with the recipient. In one example, a parent of a minor who is the intended recipient of an avatar (or a component of the avatar or communication) may object to the minor being exposed to the avatar (or the component of the avatar or communication). In such a case, the communication may be discarded or the perception of the objectionable avatar (or component associated with the avatar or the communication) by the intended recipient may be disabled, replaced or modified. | 08-25-2011 |
| 20110209199 | METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method and system for secure communication is presented. A virtual private proxy is generated based on an agreement between a first entity and a second entity. A first virtual private proxy is associated with the first entity and a second virtual private proxy is associated with the second entity. Data associated with the first entity is monitored at the virtual private proxy. Whether the data violates the agreement is determined and communication of the data from the first virtual private proxy to the second virtual private proxy is disallowed when the data violates the agreement. | 08-25-2011 |
| 20110214159 | COMPUTER SYSTEM - Provided is a computer system capable of ensuring sufficient security even when a computer resource of a server is dynamically allocated to a thin client. This computer system includes a plurality of computer resources for providing an arithmetic processing result to a thin client, a management device for deciding a prescribed computer resource from the plurality of computer resources according to a request from the thin client and allocating the decided computer resource to the thin client, and a coupling controller for restricting the thin client from coupling to a computer resource other than the decided prescribed computer resource. | 09-01-2011 |
| 20110214160 | Method for Increasing Security in a Passive Optical Network - A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code. The method may further include, at the OLT: receiving the second authentication message; calculating a second authentication code by using the first random number and a secret code stored at the OLT; and authenticating the optical termination device if the first authentication code matches the second authentication code. | 09-01-2011 |
| 20110219427 | Smart Device User Authentication - Techniques for simplifying an authentication process from the viewpoint of a user while providing improved security to the many users currently employing no or weak security techniques. In logging into a web site hosted by a web server, a session begins by a user connecting and logging in with a device, such as a personal computer. Rather than a user name and password approach which is presently typical, the personal computer communicates with another user device, such as a smart phone. In one approach, an encoded acoustic signal is employed for this communication. The smart phone securely communicates with an authentication server which informs the web server whether the user has been authenticated or not. | 09-08-2011 |
| 20110219428 | ELECTRONIC APPARATUS AND TERMINAL - According to one embodiment, an electronic device connected to an authentication device through a first communication network, and further connected to another electronic device through a second communication network, wherein the electronic device executes authentication of the electronic device and another electronic device by data delivery/receipt conforming to a predetermined procedure between the electronic device and the authentication device through the first communication network, and data delivery/receipt between the electronic device and another electronic device through the second communication network. | 09-08-2011 |
| 20110219429 | ONLINE SERVICE PROVIDING SYSTEM, METHOD, SERVER AND MOBILE DEVICE THEREOF, AND COMPUTER PROGRAM PRODUCT - An online service providing system, a method, a server, and a mobile device thereof, and a computer program product are provided. The method includes sending a verification link corresponding to a user account that is not verified; after receiving a verification request corresponding to the verification link, determining whether a device identification sent by the mobile device that has logged in the user account is received; when receiving the device identification, confirming whether the user account is verified according to the device identification; after confirming that the user account is verified, when receiving a service request sent by a terminal device logging the user account into a service website, determining a homepage of the service website according to the device identification, and providing the online service corresponding to the mobile device to the terminal device through the service web site. | 09-08-2011 |
| 20110219430 | SECURE NETWORKED SYSTEM FOR CONTROLLING MOBILE ACCESS TO ENCRYPTED DATA SERVICES - A networked system for controlling the mobile access to a data service, which may provide encrypted data, is presented. The system may include a mobile device and a mobile access control server, which controls the mobile device's access to the data service by controlling the access information required to access the data service. The system may also include a content server that provides the data service, a certification authority, and a network for enabling communication among the components of the system. To access encrypted data services, the mobile device communicates an access request to the mobile access control server, which determines whether access should be granted, and provides access information to the mobile device, enabling the mobile device to establish encrypted communication with the content server and/or to decrypt the encrypted data provided by the data service via the content server. | 09-08-2011 |
| 20110225627 | Access Limited Search Results - Apparatuses, systems and methods are provided for accessing a document management application through a network, wherein search results provided to an application user, via a user interface, do not include documents or document data that are not within the extent of the data accessible by the specific user. | 09-15-2011 |
| 20110225628 | INFORMATION INPUT ASSISTANCE DEVICE, COMPUTER-READABLE MEDIUM, AND INFORMATION INPUT ASSISTANCE METHOD - An information input assistance device includes an identification unit, a generation unit, and a processing unit. The generation unit acquires attribute information corresponding to a user identified by the identification unit from a first memory, acquires rule information corresponding to a transmission destination of input information and a class of input information from a second memory, and generates the input information corresponding to the identified user on the basis of the acquired attribute information and the acquired rule information. The processing unit performs processing that transmits the input information generated by the generation unit to the transmission destination. | 09-15-2011 |
| 20110225629 | CAPTCHA (Completely Automated Public Test to Tell Computers and Humans Apart) Management Methods and Systems - CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) management methods and systems are provided. First, information trusted by a server and a client is determined. The server generates CAPTCHA data, and combines the information trusted by the server and the client with the CAPTCHA data. The server transmits the CAPTCHA data to the client. The client determines whether to perform subsequent operations based on the CAPTCHA data according to the information trusted by the server and the client. | 09-15-2011 |
| 20110231901 | MANAGEMENT SYSTEM, PROGRAM RECORDING MEDIUM, AND PROGRAM DISTRIBUTION APPARATUS - The management system of the present invention is capable of efficiently discovering each apparatus coupled to a communication network. The management server | 09-22-2011 |
| 20110231902 | Controlling Device - A controlling device may acquire setting information regarding a wireless setting for a wireless communication currently being set in a wireless communication device. The controlling device may determine, using the setting information, whether the wireless setting indicates a first type of authentication method in which an authentication is performed by an authentication server or a second type of authentication method in which an authentication is performed by a device with which the wireless communication performing unit performs a wireless communication directly. The controlling device may provide a first screen to a displaying unit in a first case where a determination is made that the wireless setting indicates the first type of authentication method. The controlling device may provide a second screen which is different from the first screen to the displaying unit in a second case where a determination is made that the wireless setting indicates the second type of authentication method. | 09-22-2011 |
| 20110231903 | STREAMING MEDIA FOR PORTABLE DEVICES - A system and method for allowing hand-held/wireless device devices to (1) provide audio/video conferencing; (2) access AV content through streaming and cloud transfer; and (3) offer hand-held and computer access to cameras and sensors for surveillance using ordinary personal computers as proxy servers is described. In a first aspect, a remote view streaming system which comprises a webcam server which enables streaming video over a network is disclosed. The system includes a portable device. The portable device includes a client application. The portable device is configured to receive the streaming video from the network and display it on a screen. The system includes a proxy server for authenticating a connection between the webcam server and the portable device. In a second aspect, a portable device is disclosed. The portable device comprises a client application; wherein the client application includes authentication information to allow connection to the proxy server and in turn can be connected directly to a webcam server if the webcam server has proper authentication. | 09-22-2011 |
| 20110231904 | Automatic Notification System and Process - Receiving a notification message by a mobile subscriber can include establishing a session with a notification service; maintaining a persistent communication connection with the notification service after the session is established; subscribing to a node hosted by the notification service, wherein the node is pre-provisioned for use by a mobile subscriber; and receiving from the notification service a notification message corresponding to the subscribed node. Further, a message can be transmitted over the communication connection to the notification service at a predetermined interval and it can be determined whether the communication connection is viable. Additionally, it can be determined that the communication connection is no longer viable if no response is received from the notification service, the period of the predetermined interval can be decreased, and another session with the notification service can be established. | 09-22-2011 |
| 20110231905 | METHOD AND COMMUNICATION SYSTEM FOR THE AUTHORIZATION-DEPENDENT CONTROL OF A CONTACTLESS INTERFACE DEVICE - A method for the authorization-dependent control of a contactless interface device of a communication device includes authenticating a user to the communication device. The contactless interface device is then deactivated so as to prevent a data transmission via the contactless interface device. | 09-22-2011 |
| 20110239273 | NETWORK UTILIZATION AND RESOURCE CONTROL BASED ON TRAFFIC PATTERNS - A device receives, from a user device, a request to access a network, determines whether to accept or deny the request to access the network, and monitors traffic provided to or from the user device via the network. The device also determines a traffic pattern for the user device based on the traffic, classifies the traffic as one of high throughput traffic, low packet data size traffic, or high frequency packet interval traffic, and applies different network resource control mechanisms to different classifications of the traffic. | 09-29-2011 |
| 20110239274 | Methods for acouiring an internet user's consent to be located and for authenticating the identity of the user using location information - A method and system for acquiring an Internet user's consent to be geographically located via at least two independent sources of geographical information while at least one independent source of geographical information is the wireless location of said Internet user's communication voice device. The method does not require any user intervention other than the user's interaction with an Internet site via the Internet user's Internet browser. | 09-29-2011 |
| 20110247049 | ELECTRONIC DOCUMENT SECURITY SYSTEM AND METHOD - An electronic document security method receives a user request for viewing an electronic document from a client device. If the user request is approved, the electronic document is retrieved from a storage system. The electronic document is converted into an image format, and is output to the client computer. | 10-06-2011 |
| 20110247050 | METHOD OF PAIRING TERMINALS WITH EACH OTHER AND TERMINAL FOR THE SAME - Provided is a method of pairing terminals with each other, and a terminal for the method. The method includes sensing a physical motion of a terminal caused by a user and outputting a sensing value, comparing a reception value received from an external terminal with the sensing value, and establishing a communication path with the external terminal according to the comparison result. | 10-06-2011 |
| 20110252457 | SYSTEM AND METHOD FOR INTERMEDIATING BETWEEN SUBSCRIBER DEVICES AND COMMUNICATION SERVICE PROVIDERS - A system and method are disclosed which may include receiving an activation request from a first subscriber device at a communication convergence platform; identifying a service provider associated the first subscriber device; composing a service activation request compatible with a communication protocol for the identified service provider; and transmitting the service activation request from the platform to the identified service provider. | 10-13-2011 |
| 20110258680 | REMOTE SUBSCRIBER IDENTIFICATION (RSID) SYSTEM AND METHOD - The present invention discloses a Remote Subscriber Identification (RSID) system with a communication device in communication with a remote database capable of seamlessly storing, linking, and transferring mobile data to a user's communication device. The communication device receives a biometric information of a subscriber and accesses a subset of the mobile information by authenticating the user in the remote database and uses the subset of mobile information for communication with a third-party associated with at least one item of the subset of the mobile information. The user's data can be used on any communication device that capable of recognizing personal identifying information, transmitting this information to the remote database, accessing the user's subscriber specification information and any subscriber personalized information, and transmitting it to the user's communication device, enabling the user to use this information with the communication device. | 10-20-2011 |
| 20110258681 | SYSTEM AND METHOD FOR MONITORING AND ENFORCING POLICY WITHIN A WIRELESS NETWORK - In general, one embodiment of the invention is a air monitor adapted to a wireless network. The air monitor enforces policies followed by the wireless network even though it is not involved in the exchange of data between wireless devices of the wireless network such as access points and wireless stations. | 10-20-2011 |
| 20110258682 | METHOD, APPARATUS, AND SYSTEM FOR PROCESSING SESSION CONTEXT - A method, an apparatus, and a system for processing session context are disclosed. The method for processing session context includes: receiving a reset notification message that carries a device identifier; confirming that a reset event corresponding to the reset notification message occurs on a peer device identified by the device identifier; and deleting an associated context related to the reset event. According to the present invention, after a local device receives a reset notification message from a peer device and before deleting an associated context related to the reset event of the peer device, the local device needs to confirm the authenticity of the reset notification message with the peer device. In this way, the associated context on the device will not be wrongly deleted due to the attack from a fake source address, and it is ensured that the associated context are correctly processed after a reset notification message is received, thus ensuring that the local device can perform normal communication and improving the system security. | 10-20-2011 |
| 20110265144 | IMAGE SENDING APPARATUS AND AUTHENTICATION METHOD IN IMAGE SENDING APPARATUS - An image sending apparatus includes a first authentication unit configured to perform processing for first authentication to authenticate a user, a storage unit configured to store authentication information used when the first authentication unit authenticates the user, a sending unit capable of sending image data by a plurality of kinds of sending methods, a destination setting unit configured to set a destination to which the sending unit sends the image data, a second authentication unit configured to perform processing for second authentication required for the sending unit to send the image data to the destination set by the destination setting unit, and a determination unit configured to determine whether to use the authentication information stored in the storage unit when the second authentication unit performs the processing for the second authentication, based on the sending method by which the sending unit sends the image data to the destination. | 10-27-2011 |
| 20110265145 | PROTECTION AGAINST UNSOLICITED COMMUNICATION FOR INTERNET PROTOCOL MULTIMEDIA SUBSYSTEM - A PUCI system includes a user equipment (UE) and a PUCI application server holding user policies in connection to a home subscriber server (HSS) holding operator policies. A policy manager establishes the correlation between the user policies and the operator policies, thus determining whether to reject or forward an incoming call originated from a trusted/distrusted source network in accordance with prescribed rules/logics. | 10-27-2011 |
| 20110265146 | METHOD AND SYSTEM FOR AUTHENTICATION PROCESSING, 3GPP AAA SERVER AND USER EQUIPMENT - The present invention relates to a method and a system for authentication processing, a 3 | 10-27-2011 |
| 20110271323 | Image forming apparatus, authentication method, and recording medium - An image forming apparatus is configured to receive user authentication information and perform image formation based on an image formation request and is connected to an external authentication server which performs authentication based on the user authentication information. The image forming apparatus comprises an authentication querying unit that queries the external authentication server for the authentication based on the user authentication information; an authentication result receiving unit that receives a result of the authentication performed by the external authentication server; an authentication result storage unit that stores the result of the authentication received by the authentication result receiving unit; and a control unit that controls the authentication querying unit, the authentication result receiving unit, and the authentication result storage unit. When the image forming apparatus receives the user authentication information, the control unit performs the authentication based on the result of the authentication stored in the authentication result storage unit. | 11-03-2011 |
| 20110271324 | COMMUNICATION APPARATUS CAPABLE OF RESTRICTING DESTINATION OF TRANSMISSION BY AUTHENTICATED USER, METHOD OF CONTROLLING THE COMMUNICATION APPARATUS, AND STORAGE MEDIUM - A communication apparatus having a transmission function for transmitting data to another apparatus using a transmission protocol selected from a plurality of transmission protocols. A multifunction printer (MFP) implementing the communication apparatus authenticates a user, and acquires destination information associated with the authenticated user. The MFP permits the use of a specific transmission protocol for transmission using the acquired destination information, and restricts the use of the specific transmission protocol for transmission using other destination information. Further, the MFP permits display of destination information matching the acquired destination information, but restricts display of other destination information, among destination information stored in a hard disk in association with the specific transmission protocol. | 11-03-2011 |
| 20110271325 | User Configuration File for Access Control for Embedded Resources - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages. | 11-03-2011 |
| 20110271326 | NETWORK SECURITY HTTP NEGOTIATION METHOD AND RELATED DEVICES - The present invention discloses a network security HTTP negotiation method and related devices. the method comprises: a server receiving an HTTP request message with a header field sent by a terminal, wherein the header field indicates security mechanism(s) supported by the terminal, or the security mechanism(s) supported by the terminal and indication parameter(s) which show that the terminal has been in an accessing safety state; the server parsing the HTTP request message, and sending a response message with negotiated security mechanism(s) supported by the server and priority parameter(s) thereof to the terminal according to the result of the parsing if the header field of the request message indicates the security mechanism(s) supported by the terminal; and the server receiving another HTTP request message sent by the terminal again to authenticate security mechanism(s) selected by the terminal, wherein the header field of the request message indicates the security mechanism(s) selected by the terminal according to the response message and the priority parameter(s) of the security mechanism(s). The invention expands the HTTP protocol, solves the problem that the terminal security mechanisms are difficult to be deployed, and improves the network service quality. | 11-03-2011 |
| 20110277014 | NODE AUTHENTICATION - A requester node requesting a service in a peer-to-peer network transmits a request to a service provider node. The request may include a communication history of the requester node identifying other nodes with which the requester node has previously communicated. The service provider node authenticates the requester node based on the communication history. The service provider node may ask other nodes with which the requester node has communicated for evaluation of the requester node. The other nodes may calculate a trust metric of the requester node and provide this metric to the service provider node. The service provider node may use this trust metric in combination with a similarity calculation of the requester node and the service provider node to make a determination whether the requester node is to be authenticated. The service provider node may evaluate the requester node and store the evaluation in its communication history. | 11-10-2011 |
| 20110277015 | Proxy Server, Control Method Thereof, Content Server, and Control Method Thereof - The present invention particularly relates, but is not limited to, a technology that facilitates the identification of a consumed content item and a user who consumed that item, and there is provided a proxy server that is capable of communicating with a client and a content server storing content for which permission data is required for reproduction. The proxy server comprises, in particular, a content information retrieving unit that retrieves, from the content server, content information that identifies the content server and the content, and a generating unit that generates modified content information that identifies the proxy server and the content identified by the content information. | 11-10-2011 |
| 20110283337 | METHOD AND SYSTEM FOR AUTHENTICATING NETWORK NODES OF A PEER-TO-PEER NETWORK - This invention relates to system and a method for authentication of a network node ( | 11-17-2011 |
| 20110289555 | Mechanism for Utilization of Virtual Machines by a Community Cloud - A mechanism for utilization of virtual machines by a community cloud is disclosed. A method of the invention includes authenticating a virtual machine (VM) to be joined to a cloud environment managed by a central administrative computing device as a cloud computing resource, wherein the VM is operating on a workstation that is not a dedicated cloud computing resource, updating a database of VMs utilized as cloud computing resources with information of the VM related to its operational status, and providing instructions for the VM to operate as a cloud computing resource, the instructions based on current demand for cloud services of the cloud environment and an overall current supply of cloud computing resources presently available in the cloud environment. | 11-24-2011 |
| 20110289556 | Method and Apparatus for Serving Content Elements of a Markup Language Document Protected Against Cross-Site Scripting Attack - A web application decomposed into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain using a content handler. | 11-24-2011 |
| 20110289557 | MANAGING SECURITY IN A NETWORK - A method of managing security in a network is described. A data anomaly at a first location on a network is detected. A source of this data anomaly is identified. The source is compared with a plurality of access control policies, wherein each of the plurality of access control policies comprises at least one access restriction instruction associated with one or more sources. Based on the comparing, the source is associated with a corresponding one of the plurality of access control policies. | 11-24-2011 |
| 20110289558 | NETWORK APPLICATION LAYER ROUTING - Techniques for network application layer routing are provided. Requests for services are inspected at an application layer of a network. A priority for a requestor is obtained and in response to the priority the requests are routed to particular processing environments. Depending on the priority the processing environments may be high performing or low performing. | 11-24-2011 |
| 20110289559 | Deep Packet Scan Hacker Identification - Securing an accessible computer system typically includes receiving a data packet that includes a payload portion and an attribute portion, where the data packet is communicated between at least one access requestor and at least one access provider. At least the payload portion of the received data packet typically is monitored, where monitoring includes scanning the payload portion for at least one predetermined pattern. When the payload portion is determined to include at least one predetermined pattern, access by the access requestor to the access provider may be controlled. Monitoring the data packet may include scanning the payload portion while handling the data packet with a switch. Controlling access may include denying access by the access requestor to the access provider. | 11-24-2011 |
| 20110296491 | ACCOUNT SERVER AND NETWORK ACCESS METHOD USING THE SAME - According to one embodiment, an account server includes a first communication module, a second communication module, a database, and a controller. The first communication module receives a logon request from an electronic device, and establishes a session with the device. The second communication module obtains data from a service site connected to a network. The database associatively stores data for identifying electronic devices, data for identifying and accessing service sites, and names of services. The controller receives a service name from an electronic device which is established a session, obtains data from a service site by using data for identifying and accessing the site, and sends the data to the electronic device which is established a session. | 12-01-2011 |
| 20110296492 | Method of world-wide website registration - The present document describes a method of registering a world wide website by a registration authority comprising: providing to a website owner a pre-registration logo to be posted on a website while verifying data received from said website owner, announcing the website in WWWSR data base as pre-registered, during an opposition period, if there is an opposition, the mediation process is initiated to determine the validity of registering of the recently filed website or if there are no oppositions, the website will be registered after the specified delay period. | 12-01-2011 |
| 20110296493 | MOBILE TERMINAL AND CONTROL METHOD THEREOF - A mobile terminal and a control method thereof are provided. The mobile terminal selects a method of interfacing an identification device with the mobile terminal according to whether the mobile terminal enters a sleep mode. | 12-01-2011 |
| 20110296494 | Service-Based Authentication to a Network - A method and a system for service-based authentication of a terminal to a network is described, wherein the terminal comprises a number of communications interfaces, each communications interface allowing the terminal to set-up a predetermined communication channel with the network. The method comprises the steps of: sending a service request for access to a network service; receiving in response to the service request an authentication request from the network; identifying the communication channel through which the authentication request was received; and, sending an authentication response RES to the network, wherein the authentication response depends on the identified communication channel. | 12-01-2011 |
| 20110302628 | METHOD AND APPARATUS FOR PREVENTING AND ANALYZING NETWORK INTRUSION - Aspects of the disclosure provide a method for preventing and analyzing network intrusion. The method includes receiving by a network device an initial communication from an entity, determining the entity is not trusted based on the initial communication, and transmitting signals to the entity that are indicative of first disinformation of the network device to hide real information of the network device. | 12-08-2011 |
| 20110302629 | Systems And Methods For Secure Network Interoperability and Management - The invention relates to an interoperability system that provides increased security and data tracking to security intensive applications, such as transportation systems that currently utilize a large number of independent devices and related systems. | 12-08-2011 |
| 20110307938 | Integrating Account Selectors with Passive Authentication Protocols - Described is using a client-side account selector in a passive authentication protocol environment (such as OpenID) in which a relying party website trusts the authentication response from an identity provider website. The account selector may access and maintain historical information so as to provide user-specific identity provider selection options (rather than only general identity provider selection options). The account selector is invoked based upon an object tag in the page, e.g., as invoked by a browser extension associated with that particular object tag. The account selector may communicate with a reputation service to obtain reputation information corresponding to the identity providers, and vary its operation based upon the reputation information. | 12-15-2011 |
| 20110307939 | ACCOUNT ISSUANCE SYSTEM, ACCOUNT SERVER, SERVICE SERVER, AND ACCOUNT ISSUANCE METHOD - Provided is an account issuance system that can open an account owner in a service server to the outside without revealing personal information. Terminal | 12-15-2011 |
| 20110314516 | TECHNIQUES TO SHARE BINARY CONTENT - Techniques to share binary content are described. An apparatus may comprise a first related client having a message platform with a file share feature and an object store, the file share feature operative to retrieve a data object for a publishing client having a defined relationship with the first related client and a second related client, the first related client to send the data object to the second related client on behalf of the publishing client, and the object store operative to store and manage the data object using a unique name identifier received with the data object. Other embodiments are described and claimed. | 12-22-2011 |
| 20110314517 | Communication system, authentication device, control server, communication method, and program - A configuration that can perform access control for each user/client, without arranging an Authenticator or an EAPoL pass switch at each location. A forwarding node processes a packet between a supplicant and a prescribed authentication device, in accordance with a processing rule that has been set. The authentication device performs a prescribed authentication procedure with the supplicant and notifies a result thereof to a control server. In a case where an authentication procedure with the authentication device succeeds, the control server creates a first forwarding path between the supplicant and a destination node, and transmits a processing rule for a packet received or transmitted between the supplicant and a destination node, following the first forwarding path, in at least one forwarding node in the first forwarding path. | 12-22-2011 |
| 20110321126 | METHOD FOR WIRELESS COMMUNICATION AND WIRELESS TRANSMIT/RECEIVE UNIT - A method for wireless communications and a wireless transmit/receive unit are disclosed. At least one first wireless communication link with a base station for transmitting/receiving data packets is established, which at least one first wireless communication link complies with at least a first authentication mechanism. At least one second wireless communication link with at least one user device for transmitting/receiving data packets is established, which at least one second wireless communication link complies with at least a second authentication mechanism, wherein the at least one second wireless communication link comprises a peer-to-peer wireless communication link. The at least one first wireless communication link and the at least one second wireless communication link are concurrently maintained. | 12-29-2011 |
| 20110321127 | TRANSACTIONAL SERVICES - Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers. | 12-29-2011 |
| 20110321128 | PUBLIC ACCESS POINT - The invention instantiates a Personal VLAN bridge, using IEEE Std. 802.11 elements. The result is a bridge, referred to as a public access point, that is better suited for implementing public wireless data networks than the IEEE Std. 802.11 architecture. The invention also provides a location-update protocol for updating the forwarding tables of bridges that connect public access points together. The invention further provides a method for more controlled bridging, which is referred to as fine bridging. | 12-29-2011 |
| 20120005725 | TRANSACTIONAL SERVICES - Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers. | 01-05-2012 |
| 20120005726 | TRANSACTIONAL SERVICES - Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers. | 01-05-2012 |
| 20120005727 | METHOD FOR USER TERMINAL AUTHENTICATION AND AUTHENTICATION SERVER AND USER TERMINAL THEREOF - Provided are a method for user terminal authentication and authentication server and user terminal thereof. The method includes receiving authentication request information for accessing a network from the user terminal, processing a EAP authentication procedure according to the authentication request information, transmitting a message related to the EAP authentication procedure to the user terminal, wherein the message includes network rejection information when network rejection is triggered, and the network rejection information includes network rejection reason information and control information for the user terminal to cope with the network rejection. | 01-05-2012 |
| 20120011566 | SYSTEM AND METHOD FOR SENSOR NETWORK AUTHENTICATION BASED ON XOR CHAIN - Disclosed is a method for sensor network authentication based on an XOR chain, which authenticates a transmitting node and a message in a sensor network including a central server, a plurality of transmitting nodes, and a plurality of receiving nodes, the method comprising the steps of: (a) receiving an initial key from the central server, generating a key chain from the initial key, generating a first key chain parameter sequence from the key chain, generating authentication information by XORing all the first key chain parameter sequence, and generating a second key chain parameter sequence by XORing each parameter of the first key chain parameter sequence with the authentication information, by each of the transmitting nodes; (b) transmitting first and second parameters of the same position in the first and second key chain parameter sequences of the transmitting node together with a message by the transmitting node; and (c) XORing the first and second parameters and comparing a result of the XOR operation with the authentication information, thereby authenticating the message, by the receiving node. By the method, a receiving node can authenticate a transmitting node and a message by only a small quantity of fixed operation regardless of the number of key chains. | 01-12-2012 |
| 20120017264 | LOCATION-AWARE SECURITY AND ACCESS SYSTEM - An invention is afforded for providing security for a protected network resource. The system includes a network access apparatus in communication with a receiver that receives signals from a remote source. The network access apparatus is capable of collecting current microprint data for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, forty-five seconds. The system also includes an authentication computer in communication with the network access apparatus. The authentication computer has access to an LSDF for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, a twenty-four hour period of time. In operation the network access apparatus provides current microprint data for the receiver to the authentication computer, and the authentication computer compares the current microprint data to the LSDF for the receiver to authenticate an access request. | 01-19-2012 |
| 20120017265 | VALIDATING PACKETS IN NETWORK COMMUNICATIONS - A method for validating packets in network communications includes receiving, at networking hardware of a device, a packet communicated from another device over a network; intercepting, by virtual dispersive routing (VDR) software loaded on the device, the packet as it is passed from the networking hardware; determining, by the VDR software, that a destination address of the packet corresponds to an address associated with the device; and determining, by the VDR software, using a virtual machine for a network connection that virtualizes network capabilities of the device, that the packet belongs to a valid application running on the device. | 01-19-2012 |
| 20120023550 | Method and System for Policy Enforcement in Trusted Ad Hoc Networks - A non-transitory computer-readable storage medium storing a set of instructions executable by a processor. The set of instructions is operable to receive a request from a node to join a trusted ad hoc network. The set of instructions is further operable to authenticate the node to join the trusted ad hoc network. The authentication is performed based on a verification that the node will comply with a security policy of the trusted ad hoc network. The set of instructions is further operable to send, to the node, a verification that the trusted ad hoc network complies with the security policy. The set of instructions is further operable to add the node to the trusted ad hoc network. | 01-26-2012 |
| 20120023551 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM - An information processing system includes an external system having an external server managing public information, and an internal system having an internal server managing secure information and a terminal outputting information. The external server sends an information generating module to the terminal at an acquisition request source, and the terminal executes the received information generating module, in order to generate information to be provided, using the public information acquired from the external server and the secure information acquired from the internal sever. | 01-26-2012 |
| 20120023552 | METHOD FOR DETECTION OF A ROGUE WIRELESS ACCESS POINT - A method for processing a packet is described herein. The packet is received by a network device of a wired network. The packet is filtered if a field in the packet matches a marker designated for indicating a path of the packet includes a rogue access point (AP). Upon filtering, a location on the wired network is determined. The location connects the wired network to a rogue AP from which the packet was received. | 01-26-2012 |
| 20120030731 | System and Method for Local Protection Against Malicious Software - A method in one example implementation includes intercepting a network access attempt on a computing device and determining a software program file associated with the network access attempt. The method also includes evaluating a first criterion to determine whether the network access attempt is permitted and blocking the network access attempt if it is not permitted. The first criterion includes a trust status of the software program file. In specific embodiments, the trust status is defined as trusted if the software program file is included in a whitelist of trustworthy program files and untrusted if the software program file is not included in a whitelist. In more specific embodiments, the method includes blocking the network access attempt if the software program file has an untrusted status. In further embodiments, an event is logged if the software program file associated with the network access attempt has an untrusted status. | 02-02-2012 |
| 20120030732 | THIRD-PARTY-SECURED ZONES ON WEB PAGES - There is provided a method that includes storing a plurality of image elements of a seal media object in respective files in an authentication server system, each of the image elements is selected from the group consisting of: a layer of the seal media object, a still image portion of the seal media object, and a moving image portion of the seal media object. Authenticating at least a portion of a web page, upon opening of the web page in a browser, by the authentication server system. Delivering to the browser, by the authentication server system, files for assembly and display of the image elements on the web page as the seal media object upon authenticating. | 02-02-2012 |
| 20120036556 | Input to Locked Computing Device - The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state. | 02-09-2012 |
| 20120036557 | WI-FI ACCESS METHOD, ACCESS POINT AND WI-FI ACCESS SYSTEM - The present invention discloses a Wi-Fi access method, access point and a Wi-Fi access system. It is related to the field of communication technology and is devised for realizing the security access of a Wi-Fi device with relatively low costs. The Wi-Fi access method comprises: receiving an access request initiated by a wireless client terminal; sending an access prompt to an access point user based on the access request; receiving an access control instruction returned by the access point user; when the received access control instruction is a permitting access instruction sent by the access point user, performing access processing and establishing a Wi-Fi connection between the wireless connection terminal and the access point based on the permitting access instruction; or denying the access of the wireless client terminal based on a denying access control when the received access control instruction is the denying access instruction sent by the access point user. The present invention may cause a Wi-Fi device to access an access point (AP). | 02-09-2012 |
| 20120042358 | Proctoring System - A computer implemented method and system is provided for authenticating and monitoring an examination environment of a user. A proctoring software provided on a user's computing device communicates with a remote monitoring station via a server over a network. A data capture device provided on the computing device is configured to rotate and tilt to multiple angles to view and capture audiovisual data from the examination environment. A proctor administering the remote monitoring station authenticates the user based on an examination selected by the user. The proctor defines criteria comprising actions allowed for the user while taking the examination. The proctoring software monitors the examination environment for conformance to the defined criteria. The proctoring software transmits the monitoring information to the remote monitoring station based on transmission parameters determined by the server. The proctor controls actions of the user when the user is not in conformance with the defined criteria. | 02-16-2012 |
| 20120042359 | INFORMATION PROCESSING SYSTEM, WEB SERVER, INFORMATION PROCESSING APPARATUS, CONTROL METHODS THEREFOR, AND PROGRAM - This invention provides an information processing system which sets a validity period of authentication in an Web application provided by a Web server activated from an information processing apparatus in accordance with the logout transition time in the information processing apparatus, a Web server, an information processing apparatus, and control methods therefor. To accomplish this, a Web application activated on a Web server acquires the information of the logout transition time set in an information processing apparatus, and updates the validity period of authentication in the Web application in accordance with the acquired logout transition time. The Web application receives the notification of an operation event occurring in an MFP in addition to an operation event on the Web application, and properly resets a timer for the validity period of authentication in the Web application. | 02-16-2012 |
| 20120047558 | Method And Apparatus Of Automated Discovery In A Communication Network - An automated method is provided for mutual discovery between a network entity and a client entity that cooperate for providing a service in a machine-to-machine environment. In an embodiment, the network entity receives an identifier in a communication from a server on behalf of the client entity. At some point in time, the network entity receives a communication containing the identifier from the client entity. Before or after receiving the client entity communication, the network entity discovers itself to the client entity. Some time after receiving the client entity communication, the network entity authenticates the client entity, establishes a permanent security association with the client entity, and initiates the service. | 02-23-2012 |
| 20120047559 | LICENSE INFORMATION EXCHANGE SYSTEM - When license information is transferred between a server machine and a client machine, an identifier which is unique to a series of communication sequences is provided. The identifier is sent when a communication is performed between the two machines, as well as when the license information is updated. Therefore, when a message for transferring the license information is received by the use of the same identifier, a response message is returned without updating the license information. | 02-23-2012 |
| 20120060202 | CONTENT SERVICE SYSTEM, CONTENT SERVER, CONTENT TERMINAL AND CONTENT SERVICE METHOD - The present invention discloses a content service system, which comprises a content server and a content terminal that are connected via the internet, the content server is further connected with a client via the internet and comprises: a content database, for storing content data to be downloaded by the content terminal via the internet; and a message queue module, for receiving command messages from the client via the internet which specifies the content data to be downloaded by the content terminal; the content terminal comprises: a message acquiring module, for communicating with the content server to acquire the command message; a content downloading module, for downloading the specified content data from the content server via the internet according to the command messages and storing the specified content data locally; and a content playing module, for playing the content data which is stored locally. The present invention also relates to a corresponding content service method, a content server, and a content terminal. With the solutions of the present invention, the client can select freely the content data on the content server and control the content terminal in the home for downloading, storing locally, and playing. | 03-08-2012 |
| 20120060203 | LOGICAL UNIT NUMBER MANAGEMENT DEVICE, LOGICAL UNIT NUMBER MANAGEMENT METHOD, AND PROGRAM THEREFOR - A logical unit number management device includes: an access processing unit that performs information processing with access objects by using logical unit numbers for identifying logical identification information; a logical unit number management table storage unit that stores a logical unit number management table storing a corresponding relationship between the logical identification information and the logical unit numbers; a logical unit number management table changing unit that changes the corresponding relationship based on an external change request; a change completion reporting unit that reports change completion to the access processing unit when the logical unit number management table has been changed in accordance with the change request; and an access control unit that controls an access to the access object indicated by the logical identification information corresponding to one of the logical unit numbers after a report of the change completion. | 03-08-2012 |
| 20120060204 | Methods and Apparatus for Scalable Secure Remote Desktop Access - The invention provides scalable, secure, and easily administerable methods and systems for providing remote access to networked resources by combing aspects of physical access limitation measures with traditional computer access limitation measures. The methods and systems utilize an enrollment administration system for specifying enrollment rules, an enrollment system configured to communicate with the enrollment administration system to permit enrolling a first networked resource if permitted by specified enrollment rules, and a remote access system for granting a user remote access to the first networked resource if the user successfully enrolled the first networked resource. | 03-08-2012 |
| 20120060205 | METHOD AND SYSTEM FOR STATION SWITCHING WHEN WIRELESS TERMINAL POINT COMPLETES WPI IN CONVERGENT WLAN - The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol. | 03-08-2012 |
| 20120066742 | COPY CONTROL METHOD - The usability while performing copy control can be enhanced in the case of recording a digital broadcast program for which recording of one generation is permitted (“Copy One Generation”). When an output route in the case of copying digital contents from a first recording apparatus to a second recording apparatus is via LAN, authentication is executed between the first recording apparatus and the second recording apparatus. The capability of a move process with a predetermined copy number of multiple copies being kept is confirmed, and dedicated key information is shared to be used for encryption and decryption of the digital contents moved with the predetermined copy number of multiple copies being kept. Then, the digital contents recorded and managed in the first recording apparatus is added with the information about the predetermined copy number of multiple copies, and transmitted. | 03-15-2012 |
| 20120066743 | INFORMATION PROCESSING APPARATUS, SCREEN TRANSMITTING METHOD, AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM ENCODED WITH SCREEN TRANSMITTING PROGRAM - An information processing apparatus includes a storing portion, an authentication portion to authenticate a user using one of the one or more user apparatuses on the basis of identification information received from the user apparatus; a selecting portion to select, as main data, a piece of data from among one or more pieces of data stored in a presentation area which is a predetermined one of the plurality of storage areas; a screen generating portion to generate an access screen including an image of the selected main data; an access detecting portion to detect an access to the presentation area; and a screen transmitting portion, when the access detecting portion detects an access to the presentation area by the authenticated user, to transmit the generated access screen to the one of the one or more user apparatuses that is used by the authenticated user. | 03-15-2012 |
| 20120079562 | METHOD AND APPARATUS FOR VALIDATING RESOURCE IDENTIFIER - An approach is provided for requesting access to content associated with a resource identifier. A system receives a first request to access content associated with a resource identifier. The system then determines to generate a second request for validating the content based, at least in part, on the resource identifier and to transmit the second request to a validation service. The system receives validation information based, at least in part, on the second request. In one embodiment, the validation information includes a preview of the content. | 03-29-2012 |
| 20120079563 | METHOD AND APPARATUS FOR MINIMIZING NETWORK VULNERABILITY VIA USB DEVICES - A device for preventing the rewriting and revision of the firmware installed on one or more USB devices, the device including a male Universal Serial Bus (USB) connector for connecting the device to a host, a female USB connector for receiving the USB device, an integrated circuit, and a detector blocking the transmission of a device firmware update (DFU) from the host to USB device. | 03-29-2012 |
| 20120079564 | METHOD AND APPARATUS FOR PERFORMING AN AUTHENTICATION AFTER CIPHER OPERATION IN A NETWORK PROCESSOR - A method and apparatus is described for processing of network data packets by a network processor having cipher processing cores and authentication processing cores which operate on data within the network data packets, in order to provide a one-pass ciphering and authentication processing of the network data packets. | 03-29-2012 |
| 20120079565 | METHODS AND SYSTEMS FOR PROVIDING WEB APPLICATIONS - Methods and systems consistent with certain disclosed embodiments provide applications. In one embodiment, a system is disclosed that provides applications. The system may include a computer system that receives a request related to an application and a database system. The database system may include a database and an application server module and a framework of software modules logically arranged to provide controlled access to data in the database. The application server module may use the data to generate content to generate a Web page related to the application. Further, the software modules may be logically arranged in layers such that access to data or software in a software module of one layer is performed by executing software in another software module of another layer. | 03-29-2012 |
| 20120084833 | Launching a Cached Web Application Based on Authentication Status - In general, the subject matter described in this specification can be embodied in methods, systems, and program products for receiving a request to retrieve electronic resources that correspond to a first network address. The resources are retrieved from a cache. The retrieved resources are responsive to the received request, correspond to the first network address, and are configured to activate a first web application. Activation of the first web application requires that the computing device be authenticated. Instructions that are in the retrieved resources and are for activating the first web application are executed. The execution includes determining that the computing device is not authenticated to activate the first web application, and requesting to retrieve electronic resources that correspond to a second network address and that are configured to activate a second web application. Activation of the second web application does not require that the computing device be currently authenticated. | 04-05-2012 |
| 20120084834 | SYSTEM FOR COMMUNICATING WITH A MOBILE DEVICE SERVER - A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium operating in a mobile device server that has computer instructions to execute a web server application at the mobile device server. The web server application can be operable to detect a media resource center while roaming in a communication zone of the media resource center and to transmit a pairing key to the media resource center responsive to acquiring communication access to the communication zone. The web server application can be further operable to receive from the media resource center an indication that a roaming charge will be applied to a subscriber account associated with the mobile device responsive to the media resource center identifying from the pairing key that the mobile device server is a guest device. Other embodiments are disclosed. | 04-05-2012 |
| 20120084835 | Launching a Cached Web Application Based on Authentication Status - In general, the subject matter described in this specification can be embodied in methods, systems, and program products for receiving a request to retrieve electronic resources that correspond to a first network address. The resources are retrieved from a cache. The retrieved resources are responsive to the request, correspond to the first network address, and are configured to activate a first web application. Activation of the first web application requires that the computing device be authenticated. Instructions that are in the retrieved resources and are for activating the first web application are executed. The execution includes determining that the computing device is not authenticated to activate the first web application, and requesting to retrieve electronic resources that correspond to a second network address and that are configured to activate a second web application. Activation of the second web application does not require that the computing device be currently authenticated. | 04-05-2012 |
| 20120084836 | Providing access levels to services based on mobile device security state - A mobile device's level of access to services provided by a service provider is based on a current security state assessment of the mobile device. Mobile devices are granted different access levels to services based on the security state of the device. A security component can assess the current security state of the mobile device by processing security data generated by the mobile device. In a specific embodiment, the security component is at the mobile device. In another specific embodiment, the security component is at a server. | 04-05-2012 |
| 20120096517 | SYSTEM AND METHOD FOR PROVIDING A SECURE CONNECTION BETWEEN NETWORKED COMPUTERS - Embodiments disclosed herein provide a system, method, and computer program product for obtaining secure connectivity between networked computing devices. The invention comprises utilizing a network protocol inherent to an operating system on a client device to automatically set up and establish a transient secure network connection endpoint on the client device. The act of utilizing can be a result of a server device responding to a connection request from the client device. The act of establishing the transient secure network connection endpoint on the client device creates a transient secure network connection between the server device and the transient secure network connection endpoint on the client device without manual intervention or configuration by a user at the client device. Secured access by the client device to one or more network devices is permitted until the transient secure network connection between the server device and the client device is severed. | 04-19-2012 |
| 20120096518 | Secure Provisioning Methods And Apparatus For Mobile Communication Devices Operating In Wireless Local Area Networks (WLANs) - A method for use in enabling a mobile communication device for communication involves establishing communication with an IEEE 801.11 device which is configured to operate as an access point; while communicating with the IEEE 801.11 device: participating in an authentication procedure with the IEEE 802.11 device; after positive authentication from the authentication procedure, participating in a provisioning procedure with the IEEE 802.11 device for receiving information for programming in the mobile communication device; and communicating with use of the programmed information in the mobile communication device. | 04-19-2012 |
| 20120096519 | Methods and Apparatuses for Avoiding Denial of Service Attacks By Rogue Access Points - Methods and apparatuses are provided for avoiding denial of service attacks by rogue access points. A method may include attempting to verify activation of access stratum security by an access point based at least in part upon integrity protection information included in a received security mode command message sent by the access point, wherein a radio connection has been established with the access point. The method may further include detecting an occurrence of a security activation deadlock. The method may additionally include determining that a predefined number of security activation deadlocks with the access point have occurred. The method may also include identifying the access point as a rogue access point based at least in part upon the determination that a predefined number of security activation deadlocks with the access point have occurred. Corresponding apparatuses are also provided. | 04-19-2012 |
| 20120102545 | METHOD AND SYSTEM FOR PROTECTING AGAINST UNKNOWN MALICIOUS ACTIVITIES BY DETERMINING A REPUTATION OF A LINK - A method and system for protecting against unknown malicious activities by determining a reputation of a link are disclosed. A reputation server queries a database including reputation information associated with a plurality of links to retrieve a reputation of a redirected link. The reputation information may indicate whether the links are associated with a malicious activity. The reputation of the redirected link may be associated with the original link to create a reputation of the original link. | 04-26-2012 |
| 20120102546 | Method And System For Authenticating Network Device - The present invention provides a method and system for authenticating a network equipment (NE). When the NE is authenticated, the integrity checking result recorded in the trust environment (TE) of the network equipment is added for joint judgment to determine finally whether to initiate the authentication request or to respond with the authentication access. Only when both of the received access authentication request and the integrity checking result recorded in the TE of the network equipment are correct, the NE responds with the authentication success. And only when the integrity checking result recorded in the TE of the NE is correct, the NE actively initiates a valid access authentication request. Thus only when the integrity of the NE is correct, authentication for the NE is passed, therefore the secure authentication for the NE is ensured, and the possibility that the illegal device or tampered device passes the authentication is eliminated. | 04-26-2012 |
| 20120110640 | METHOD, APPARATUS AND SYSTEM FOR WIRELESS NETWORK AUTHENTICATION THROUGH SOCIAL NETWORKING - One exemplary embodiment includes a method for authenticating a terminal to an access point including: (i) receiving, at a server, network configuration information for an access point associated with a first user from a first terminal; (ii) receiving, at the server, a request for the network configuration information for the access point from a second terminal associated with a second user; (iii) sending a query from the server to a social network requesting information regarding whether the first user and the second user have a virtual trust relationship on the social network; (iv) receiving, from the social network, an indication that the first user and the second user have the virtual trust relationship; and (v) sending the network configuration information from the server to the second terminal. | 05-03-2012 |
| 20120117620 | UNLIMITED ACCESS TO MEDIA AND APPLICATIONS OVER WIRELESS INFRASTRUCTURE - Methods, systems, and apparatus are presented for providing unlimited access to either or both of media content, such as music, and applications. A media server environment can be provided, which maintains an instance of each subscriber account, a central archive of media content, and an application catalog. Selected media content can be downloaded to, and stored locally at, a subscriber device, such as on a secure storage device. Also, selected applications can be locally installed on the subscriber device. Access to the local media content and locally installed applications can be controlled through the media server environment based on the status of the subscriber's account. If the subscriber's account becomes inactive, access to the downloaded media content and installed applications can be disabled. Once the subscriber's account is reactivated, access to the downloaded media content and applications can be restored. | 05-10-2012 |
| 20120117621 | SYSTEMS AND METHODS FOR MANAGING DOMAIN NAME SYSTEM SECURITY (DNSSEC) - The present invention is directed towards systems and methods for providing multiple modes of a zone for DNSSEC by an intermediary device. The method includes providing, by a device intermediary to a plurality of clients and a plurality of servers, a plurality of modes of a zone for Domain Name Service. The device receives a selection of a first mode of the zone of the plurality of modes of the zone. The device receives information identifying to enable DNS Security for the selected first mode. The device establishes the zone for DNS in accordance with the selected first mode and with DNS Security enabled. | 05-10-2012 |
| 20120117622 | DYNAMIC NETWORK ACCESS CONTROL METHOD AND APPARATUS - A method of network access control identifies, in response to a request by an end node to access a network, attributes of the end node and of a device receiving the request. Based on the attributes, a network access control implementation is selected from a plurality of network access control implementations to apply to the request. | 05-10-2012 |
| 20120117623 | SECURE NETWORK CONNECTION - The invention provides for a method for use in a mobile radio communications network connection procedure and including the step of rejecting at a mobile radio communications device a handover request from a network responsive to determination of support of the security algorithm associated with the handover, and for a mobile radio communications device arranged to determine support of security algorithms as proposed by the network, preferably at AS level, within a handover command, and to provide notification to the network of rejection of the connection due to non-support of the algorithm. | 05-10-2012 |
| 20120117624 | Method and Apparatus for use in an IP Multimedia Subsystem - A method is provided for use in an IP Multimedia Subsystem, IMS, in which a Serving 5 Call Session Control Function, S-CSCF, of the IMS cooperates with a Home Subscriber Server, HSS, of the IMS, to lock a user following a predetermined number of failed authentications of the user at the S-CSCF and/or to unlock that user thereafter, with any request received from the user at a node of the IMS where the lock is in effect and requiring an authentication challenge being caused by the node to be rejected. In one example, a locking signal is sent from the S-CSCF to the HSS, following the predetermined number of failed authentications, to indicate to the HSS that the user should be locked at the HSS. The locking signal could be carried by a Server Assignment Request, SAR, message. In another example, the user is unlocked at the S-CSCF in response to receipt of an unlock signal sent from the HSS to the S-CSCF. The unlock signal could be carried by a Registration Termination Request, RTR, message. | 05-10-2012 |
| 20120124644 | Input to Locked Computing Device - The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state. | 05-17-2012 |
| 20120124645 | SYSTEM ARCHITECTURE FOR DMZ EXTERNAL IP ADDRESSES - A system of a first network, which is intermediate a second network and a third network, connects a host of the second network to a host of the third network. The system includes at least one processor programmed to receive a domain name system (DNS) request for a hostname corresponding to the host of the third network from the host of the second network. An internet protocol (IP) address of the first network allocated and an IP address of the host of the third network is determined from the hostname. The allocated IP address is mapped to the determined IP address and the allocated IP address is returned to the host of the second network in response to the DNS request. | 05-17-2012 |
| 20120124646 | Method and Apparatus for Authenticating Online Transactions Using a Browser - A computer-implemented method for authenticating a user using a service provider server and an authentication server, the user communicating with at least one of the service provider server and the authentication server using a user browser. The method includes requesting, using the user browser, the authenticating with the service provider server. The method also includes authenticating, using the user browser, a secure communication channel with the authentication server. The method also includes receiving, using the user browser, a Next Pre-Authentication Anchor (NPAA) value from the authentication server. The method additionally includes temporarily storing the Next Pre-Authentication Anchor (NPAA) value in a user browser cookie associated with the user browser, wherein the Next Pre-Authentication Anchor (NPAA) value is protected by employing Same Origin Policy (SOP). | 05-17-2012 |
| 20120131638 | PROCESSING PERFORMANCE OF REPEATED DEVICE COMPLIANCE UPDATE MESSAGES - A message comprising an indication of a management key block and an indication of an authorization table is received at a first network device from a second network device. The indication of the management key block, the indication of the authorization table, and a response message generated based on validating the indication of the management key block and the indication of the authorization table are stored. A second message comprising a second indication of the management key block and a second indication of the authorization table is received at the first network device from the second network device. The first network device communicates with the second network device in accordance with the stored response associated with the first message on determining that the second indication management key block and the second indication of the authorization table match corresponding stored indications of the management key block and the authorization table. | 05-24-2012 |
| 20120131639 | SESSION REDUNDANCY AMONG A SERVER CLUSTER - Systems and methods are provided for providing redundancy and failover for servers communicating via an authentication protocol. Mirroring is initiated at the beginning of a Diameter application session by an enhanced Diameter server, which continuously provides updates of the Diameter session to one or more peer Diameter mirror servers and thereby maintains an active mirror of the session. | 05-24-2012 |
| 20120131640 | ENABLING PRESENCE INFORMATION ACCESS AND AUTHORIZATION FOR HOME NETWORK TELEPHONY - In a first embodiment of the present invention, a method for operating a presence server in a home network is provided, the method comprising: receiving a request for presence information; sending an event notification to all subscribed control points informing them of the request for presence information; receiving an action from one of the subscribed control points accepting or rejecting the request for presence information; and if the action received from the one of the subscribed control points accepts the request for presence information, causing presence information regarding the one of the subscribed control points to be sent to the entity that sent the request for presence information. | 05-24-2012 |
| 20120131641 | OPTIMIZING INTERACTIONS BETWEEN CO-LOCATED PROCESSES - In one set of embodiments, methods, systems, and apparatus are provided to enable secure local invocation of a web service in response to receiving a request from a first composite application to invoke a web service operation of a second composite application, where the first application is associated with a reference policy, and the second application is associated with a service policy, then determining, based upon the service policy and the reference policy, whether local invocation is secure, and invoking the operation using the local invocation in response to determining that the local invocation is secure. Attributes associated with the reference and service policies can indicate whether those policies can be used in a local invocation, or if user authentication is needed before performing the invocation with those policies. The local invocation may comprise a procedure call in an application server from the first application to the second application. | 05-24-2012 |
| 20120131642 | Identity management trust establishment method, identity provider and service provider - A method for establishing an identity management trust, and an IDentification Provider (IDP) and a Service Provider (SP) are provided in the present disclosure. The method comprises: after receiving an access from a user, an SP determines whether an IDP to which the user attaches is located in a trust domain of the SP (S | 05-24-2012 |
| 20120131643 | Tunneled Security Groups - A method for providing security groups based on the use of tunneling is disclosed. The method includes assigning a security group identifier (SGI) to a packet and classifying the packet based on the packet's SGI. | 05-24-2012 |
| 20120131644 | Mobile IPv6 authentication and authorization baseline - The invention consists of an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated.
| 05-24-2012 |
| 20120137344 | SYSTEMS AND METHODS FOR RESETTING A NETWORK DEVICE - A network device includes a data store with first and second parameters, the first parameter affecting a communication operation of the network device and the second parameter affecting a security operation of the network device. A device reset function enables a user to selectively and independently refresh the first and second parameters. For example, a Session Initiation Protocol (SIP) device user can restore a default communications configuration of the SIP device while preserving the device decryption key. | 05-31-2012 |
| 20120137345 | SYSTEM AND METHOD FOR CYBER OBJECT PROTECTION USING VARIABLE CYBER COORDINATES (VCC) - A method, system, and computer program product for cyber protection using variable cyber coordinates (VCC), including a variable cyber coordinates (VCC) controller unit configured to generate cyber coordinates based on a VCC protocol for respective control circuits (CC) of one or more protected routers; and the VCC controller unit configured to communicate the generated cyber coordinates to the protected routers with or without encryption and/or authentication. At a predetermined time interval or based on a command from the VCC controller unit, the routers and their respective control units (CU) are configured to change their cyber coordinates together or separately, to cyber coordinates newly generated by the VCC controller unit according to the VCC protocol. | 05-31-2012 |
| 20120144450 | Authentication Method in Electronic Commerce - An authentication method in electronic commerce is disclosed. The authentication method includes steps of a first side utilizing a first device to access an interactive interface, and the first side transferring a first device characteristics of the first device and a verification information to a second side for authentication. | 06-07-2012 |
| 20120144451 | GEOLOCATING NETWORK NODES IN ATTENUATED ENVIRONMENTS FOR CYBER AND NETWORK SECURITY APPLICATIONS - A system and method for verifying and/or geolocating network nodes in attenuated environments for cyber and network security applications are disclosed. The system involves an origination network node, a destination network node, and at least one router network node. The origination network node is configured for transmitting a data packet to the destination network node through at least one router network node. The data packet contains a security signature portion, a routing data portion, and a payload data portion. The security signature portion comprises a listing of at least one network node that the data packet travelled through from the origination network node to the destination network node. In addition, the security signature portion comprises geolocation information, identifier information, and timing information for at least one network node in the listing. | 06-07-2012 |
| 20120151558 | NETWORK SECURITY APPLIANCE - A network security appliance that provides security to devices in industrial environments by transparently bridging traffic to the endpoint device. The security 5 appliance securely communicates with a management server for receiving configuration data for operation of security modules in the appliance by encrypted communications. The security appliance utilizes the network address of the industrial device when communicating with a management server and is addressed by the management server using the address of one of the protected devices associated with the appliance. Learned device characteristics are provided by the appliance to the management server which tailors software and security rules to specific network vulnerabilities of the device and control protocol. The security appliance sends periodic heartbeat messages to the management server using the network address of the device. The heartbeat message can also report anomalous events which may required additional software being provided from the management server to the node. | 06-14-2012 |
| 20120151559 | Threat Detection in a Data Processing System - A mechanism is provided for resolving a detected threat. A request is received from a requester to form a received request, statistics associated with the received request are extracted to form extracted statistics, rules validation is performed for the received request using the extracted statistics, and a determination is made as to whether the request is a threat. Responsive to a determination that the request is a threat, the requester is escalated using escalation increments, where the using escalation increments further comprises increasing user identity and validation requirements through one of percolate to a next user level or direct entry to a user level. | 06-14-2012 |
| 20120159571 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATING AN ENTITY THROUGH USE OF A GLOBAL IDENTITY OF THE ENTITY THAT SERVES AS A PROXY FOR ONE OR MORE LOCAL IDENTITIES OF THE ENTITY - A method of authenticating an entity includes associating a local identity of the entity with a global identity of the entity, the local identity being associated with a first one of a plurality of restricted access zones, associating the global identity of the entity with particular ones of the plurality of restricted access zones for granting access to the particular ones of the plurality of restricted access zones, receiving an authentication request from the entity to access a second one of the plurality of access zones where the authentication request includes the local identity of the entity, and authenticating the entity for access to the second one of the plurality of access zones responsive to receiving the authentication request when the second one of the plurality of restricted access zones is one of the particular ones of the plurality of restricted access zones that are associated with the global identity of the entity, | 06-21-2012 |
| 20120159572 | COLLABORATIVE RULES BASED SECURITY - A cloud computing security system. An access manager module includes first and second client profiles. The first client profile has a first set of rules enabling access to a first set of cloud computing system resources, and the second client profile has a second set of rules enabling access to a second set of cloud computing system resources. A security logic module is in communication with the access manager module. The security logic module is configured to receive an access request for access to one of the first and second sets of cloud computing system resources. Responsive to determining that the access request complies with at least one of the first set of rules and the second set of rules, the security logic module is configured to provide an access grant that grants access to at least one of the first and second sets of cloud computing system resources. | 06-21-2012 |
| 20120159573 | SYSTEM, METHOD AND COMPUTER USABLE MEDIUM FOR RESTRICTING INTERNET ACCESS - A method of restricting internet access includes receiving an alteration of a master internet setting within an access device's registry file and monitoring an occurrence of the alteration. Then, in response to the occurrence of the alteration, the method includes restoring the master internet setting where the master internet setting does not include the alteration. An additional exemplary method further includes storing the occurrence of the alteration in an event tracking database. In another exemplary method, the master internet setting includes a ProxyEnable setting and an AutoConfigURL setting. In another exemplary method, the ProxyEnable setting value is zero and the AutoConfigURL setting value is null. Yet another exemplary method, the access device is coupled to a computer network. | 06-21-2012 |
| 20120159574 | METHOD AND SYSTEM FOR PROVIDING INFORMATION SHARING SERVICE FOR NETWORK ATTACKS - A system is provided to provide an information sharing service for network attacks. The system includes a service provider configured to collect and analyse information on detection and response policies to network attacks, a service registry that stores the collected information on the detection and response policies, and client terminals, each client terminal configured to request the information sharing service and search the service registry for the information on the detection and response policies. | 06-21-2012 |
| 20120159575 | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMPUTER PROGRAM - To securely transmit content through remote access via an external network, such as a WAN, while exceeding restrictions of an RTT and a TTL. | 06-21-2012 |
| 20120159576 | METHOD, APPARATUS AND SYSTEM FOR UPDATING AUTHENTICATION, AUTHORIZATION AND ACCOUNTING SESSION - The present disclosure relates to a method, an apparatus and a system for updating an Authentication, Authorization and Accounting AAA session. The method includes: receiving an AAA session request sent by a second network access server, where the AAA session request includes a second session identifier and an ERP message; and updating a session according to the second session identifier and a stored first session identifier after successful user authentication that is performed according to the ERP message, where the first session identifier and the second session identifier correspond to the same user. As the session is updated according to the second session identifier and the stored first session identifier, synchronization of session information is ensured, thereby resolving an abnormal session problem that occurs when a home AAA server initiates a session or the network access server uses a session after re-authentication. | 06-21-2012 |
| 20120167174 | TRUSTED EMAIL SENDER INDICATORS - In embodiments of trusted email sender indicators, email messages are received for distribution, and validation techniques can be applied to determine whether a sender of an email message is trusted. If the sender of the email message is determined to be trusted, a trusted sender indicator can be associated with the email message for display with the email message. The trusted sender indicator indicates that the email message is from a trusted sender, such as when the trusted sender indicator is displayed along with the email message at a recipient client device. | 06-28-2012 |
| 20120167175 | MOBILE TERMINAL, SERVER, AND METHOD FOR PROVIDING CONTENT INFORMATION - A mobile terminal includes a communication unit to perform Wi-Fi communication in a Wi-Fi zone of an access point, an authentication unit to perform or request authentication using Media Access Control (MAC) address information of the mobile terminal if the mobile terminal enters the Wi-Fi zone, and a control unit to receive content information allowed according to the authentication result through the communication unit when the mobile terminal is authenticated by the authentication unit. | 06-28-2012 |
| 20120167176 | METHOD AND APPARATUS FOR PAIRING BETWEEN BLUETOOTH DEVICES - A method and apparatus for pairing between Bluetooth devices, If a pairing between Bluetooth devices is requested, a six-digit passkey is generated in an authentication process based on secure simple pairing (SSP). If a Bluetooth device (BD) address of a correspondent device is pre-registered and there are characters designated to the BD address, the designated characters instead of the passkey are outputted. | 06-28-2012 |
| 20120167177 | METHOD CLIENT AND SYSTEM FOR AUTHENTICATION OF A LOW-SECURITY CLIENT AND A HIGH-SECURITY CLIENT IN A MOBILE RADIO NETWORK - A method for authentication of a high-security client and a low-security client in a high-security mobile radio network includes: transmitting a request for authentication from a base station to the high-security client, wherein the request for authentication comprises a random number as a challenge; receiving a response from the high-security client at the base station, wherein the response from the high-security client comprises a generated number generated by performing a keyed cryptographic function on the challenge; providing a fixed number to the low-security client; and receiving a response from the low-security client at the base station, wherein the response from the low-security client comprises the fixed number. Limited access to the mobile radio network is granted for the low-security client relative to an access of the high-security client. | 06-28-2012 |
| 20120174189 | SYSTEM AND METHOD FOR MANAGING OTA PROVISIONING APPLICATIONS THROUGH USE OF PROFILES AND DATA PREPARATION - A method using a non-transitory processor for providing an application product including receiving an application profile, a key profile, a secure element (SE) profile, and a mobile terminal profile; establishing a link between the received profiles, in which the link is established for assembling the application product; and applying a limitation to the application product, in which the applied limitation determines whether the application product is accessible to a user. A method using a non-transitory processor for data preparation in a Trusted Service Manager (TSM) including receiving data from a service provider, in which the received data is in a Data Grouping Identifier (DGI) format or a raw data format; and processing the data using at least one of a logical data preparation and a physical data preparation. | 07-05-2012 |
| 20120174190 | System and Methods for Network Authentication - Exemplary systems and methods for network authentication are provided. Exemplary systems include an application program interface configured for receiving a request for an authentication code, a code generator in communication with the application program interface, the code generator configured to generate the authentication code, and the application program interface further configured to receive the generated authentication code and allow an application to communicate digital data with a web-based social network. Further systems include the generated authentication code being received from a network device without an Internet browser and the received generated authentication code allowing an application to communicate digital data with a web-based social network for an extended period of time. Exemplary methods include receiving a request for an authentication code, generating the authentication code, receiving the generated authentication code, and allowing an application to communicate digital data with a web-based social network. | 07-05-2012 |
| 20120180107 | GROUP-ASSOCIATED CONTENT RECOMMENDATION - A method of generating content recommendations to groups of users is provided. The method includes establishing a group, determining group-associated characteristics, where such characteristics include preferences independent of any merging, intersection or other combination of individual preferences of the group members, and providing content recommendations to the group based on the group-associated characteristics. | 07-12-2012 |
| 20120180108 | METHODS AND SYSTEMS FOR PROVIDING A DISCUSSION THREAD TO KEY PERFORMANCE INDICATOR INFORMATION - Systems and methods for providing a discussion thread to key performance indicator information displayed on a dashboard are disclosed. The system may include a renderer for rendering a dashboard displaying a key performance indicator value corresponding to at least one business value. The system may also include a comment module that is configured to: receive a comment corresponding to the displayed key performance indicator value, and generate a discussion thread including the received comment. The generated dashboard can then be rendered by the renderer in association with the displayed key performance indicator value. In some cases, the discussion thread can include a plurality of related comments. | 07-12-2012 |
| 20120180109 | Object Model for Domain-Based Content Mobility - In embodiments of an object model for domain-based content mobility, a client object model architecture ( | 07-12-2012 |
| 20120180110 | Data Communication Authentication System and Method - A data communication authentication system ( | 07-12-2012 |
| 20120185917 | SECURITY EXTENSIONS USING AT LEAST A PORTION OF LAYER 2 INFORMATION OR BITS IN THE PLACE OF LAYER 2 INFORMATION - Information applied to a packet at an ingress port of a network may be used for enhancing security. The information applied to a packet may be “context information” which replaces at least some bits of layer | 07-19-2012 |
| 20120185918 | PROVISIONING OF E-MAIL SETTINGS FOR A MOBILE TERMINAL - Method and apparatus for provisioning an e-mail service to a mobile terminal in an e-mail system that uses e-mail addresses comprising a domain part. The apparatus maintains a list of good setting parameter sets versus e-mail domain parts. It receives an e-mail address and user authentication information from a user and compares the domain part of the received address with domain parts in the list of good parameter sets. If a match is found, e-mail service is provisioned with the matching parameter set. If no match is found, the apparatus requests and receives further parameters from the user, including an e-mail server address, and provisions the e-mail service with the further parameters. If the provisioning with the further parameters is successful, the domain part and the further parameters are used to generate a new setting parameter set in the list of good setting parameter sets. | 07-19-2012 |
| 20120185919 | METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR OPERATING A COMMUNICATIONS NETWORK WITH ENHANCED SECURITY - A communications system includes a plurality of patch panels having a plurality of connector ports connected to individual communication channels, a switch that provides access to multiple networks via one or more switch ports, a system manager that controls interconnections between the patch panels and the switch, and a plurality of patch cords configured to selectively interconnect patch panel connector ports. The system manager is configured to receive a request to connect an individual communication channel to a specific network, to identify which patch panel connector ports are required to be patched together via one or more patch cords in order to establish a circuit to the requested network, and to enable a switch port to activate the circuit. The system manager is configured to monitor connectivity of a circuit and to park a switch port associated with the circuit in response to detecting a change in circuit connectivity. | 07-19-2012 |
| 20120192251 | DETERMINING TRUST DATA FOR DEVICES IN A NETWORK - In an embodiment, a first device detects a first interaction between the first device and a second device. The first device assigns a first rating of the first interaction. The first device calculates an internal trust for the second device based on the first rating and a first time since the occurrence of the first interaction. The first device receives trust data from a third device. The first device calculates a community trust for the second device based on the trust data and an internal trust that the first device has for the third device. The first device calculates a total trust that the first device has for the second device based on the community trust and the internal trust that the first device has for the second device. If the total trust is less than a minimum threshold, the first device disallows a second interaction. | 07-26-2012 |
| 20120198519 | Restricting Network Access While Connected to an Untrusted Network - In an example embodiment, disclosed herein is an apparatus comprising an interface configured to communicate with at least one external device, and processing logic coupled with the interface. The processing logic determines whether the interface is connected directly to a predefined network. The processing logic restricts access to the interface responsive to determining the interface is connected to a network other than the predefined network. The processing logic does not restrict access to the interface while the interface is directly connected with the predefined network. | 08-02-2012 |
| 20120198520 | Machine-To-Machine (M2M) Call Flow Security - Systems, methods, and instrumentalities are disclosed to provide secure operations in an M2M device. An M2M device may receive an indication that an operation to be performed is security sensitive. The M2M device may determine that the operation is to be performed in a secure environment on the M2M device. The secure environment may be a logically distinct portion of the M2M device. The determination may be made in in accordance with a policy. For example, the M2M device may determine that the operation meets a requirement specified in the policy indicating that the operation is to be performed in the secure environment. The M2M device may perform the operation in the secure environment on the M2M device. The M2M device may store a result relating to the operation in the secure environment. | 08-02-2012 |
| 20120204224 | Method and Apparatus for a Control Plane to Manage Domain-Based Security and Mobility in an Information Centric Network - A networking system comprising a virtual group controller in an information centric network configured to enable mobility and security for a plurality of users groups of the information centric network, a plurality of user groups coupled to the virtual group controller and associated with the users, a plurality of agents that are each associated with one of the user groups, and a database for trusted service profile coupled to the virtual group controller, wherein the virtual group controller is configured to interact with the agents to enable mobility for the user groups using a server-less domain-based naming scheme. | 08-09-2012 |
| 20120204225 | ONLINE AUTHENTICATION USING AUDIO, IMAGE AND/OR VIDEO - Systems, methods, and computer program products for online authentication using audio, video and/or image data. In some examples, audio, video and/or image data of a user may be captured, and recognition may be performed on at least part of the captured data during an attempt to confirm that the user is who he/she is supposed to be. If the attempt is successful, a validation confirmation may be generated. In some cases of these examples, the validation confirmation or a part thereof may optionally be provided to a server during user authentication relating to a resource provided by the server. Additionally or alternatively, in some cases of these examples, at least part of the captured data may optionally be provided to the server during user authentication. Depending on the example, the server may or may not be a web server. | 08-09-2012 |
| 20120204226 | Method, Super Node-Core (SN-C) Node and System for Requesting and Storing Distributed Service Network (DSN) Authentication Information - A method, Super Node-Core (SN-C) node and Distributed Service Network (DSN) authentication system for requesting and storing DSN authentication information are provided, wherein the method for requesting the DSN authentication information includes: according to a user access request, judging whether a local SN-C node stores the authentication information of the user; when the local SN-C node stores the authentication information, initiating an authentication process directly; when the local SN-C node does not store the authentication information, requesting the authentication information from other SN-C nodes which store the authentication information of the user. The method, SN-C node and DSN authentication system for requesting and storing the DSN authentication information, by means of the distributed storage and authentication of the authentication information of the user, can acquire the authentication information from other SN-C nodes when a failure occurs in one of the SN-C nodes, and reduce the risk that a single authentication server is unable to perform the authentication and operation caused by the failure. | 08-09-2012 |
| 20120204227 | DATA BACKUP AND TRANSFER SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT - A backup system having a plurality of accounts for copying selected data between one or more account user computers and a system computer where an account user's computer connects to the system computer via the Internet. Selected data is copied between the account user's computer and the system computer including, documents, media files, and email in any file type or format. Additionally, the system is compatible with all types of computers, including personal data assistants and mobile telephones, and all types of operating systems. All of the software to operate the system is resident on the system computer with no hardware or software required on the account user computer beyond a conventional web browser. The system also includes a scheduler, a contacts manager, a reminder generator and file transfer system for third-party users. | 08-09-2012 |
| 20120204228 | METHODS FOR HOSTING DATA ON A GROUP OF NETWORKED HOSTS - A method for hosting data on an interoperable, related group of networked hosts organized in a tree structure including descendants associated with ancestors, each host independently accessible by network connected client computers, the method including hosting ancestor data on an ancestor host, including genus content related to a genus subject matter, hosting descendant data on a descendant host including species content related to subject matter defining a species within the genus subject matter. Some examples further include incorporating at least a portion of the species content into the ancestor data, connecting the ancestor host in data communication to a client computer via the computer network, and displaying an ancestor output incorporating a portion of the ancestor data Some examples may additionally or alternatively include allowing the user to access the ancestor user features on the ancestor host in response to entering user authentication data consistent with a descendant user records. | 08-09-2012 |
| 20120204229 | METHOD AND SYSTEM FOR AUTHENTICATING AN END USER - A method and associated system for authenticating an end user. A selected subset of root nodes of a set of root nodes in a server mask is received, the selected subset of root nodes having been selected by the end user. In response to the receiving of the selected subset of root nodes, the end user is authenticated by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask. | 08-09-2012 |
| 20120204230 | AUTHENTICATION OF AN END USER - A method and System for authenticating an end user. A first pattern of colored quadrilaterals is generated. A second pattern of multiple colored nodes that include a first subset of nodes is generated. The first and second patterns are sent to the end user. If a transparent credit card is overlaid by the end user on top of the second pattern, then a second subset of nodes in the credit card would match in color and location the first subset of nodes. The authenticity status of the end user is determined by determining whether each node of a third subset of nodes within the second subset of nodes (i) corresponds to a unique node of the multiple colored nodes and (ii) has a color that matches a specific color in one quadrilateral of the colored quadrilaterals. The determined authenticity status is sent to the end user via an output device. | 08-09-2012 |
| 20120204231 | USER IDENTITY MANAGEMENT FOR PERMITTING INTERWORKING OF A BOOTSTRAPPING ARCHITECTURE AND A SHARED IDENTITY SERVICE - A method, apparatus and computer program product are provided to facilitate authentication of a request, such as by a mobile terminal, while also supplying information about the user to a service, website, application or the like A method, apparatus and computer program product may provide for interworking a bootstrapping architecture, such as Generic Bootstrapping Architecture, and a shared identity service, such as OpenID architecture In this regard, a method, apparatus and computer program product may provide for a secure session with a service provider through Generic Bootstrapping Architecture while being able to supply the service provider with the user information and/or accessing a user account using OpenID architecture. | 08-09-2012 |
| 20120210394 | CIRCUIT DEVICE AND A COMMUNICATION APPARATUS - An application program relating to a process of an integrated circuit is stored in a virtual integrated circuit storage area server apparatus. Following a mutual authentication between the IC and the virtual storage area server apparatus through a portable communication function unit, the server apparatus executes the application program. Additionally, through the IC, the portable communication function unit, a wireless communication line, and a network, communicate with an IC_R/W apparatus and perform a process relating to a service in collaboration with each other. | 08-16-2012 |
| 20120210395 | NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key. | 08-16-2012 |
| 20120210396 | PROCESSING EXTENSIBLE MARKUP LANGUAGE SECURITY MESSAGES USING DELTA PARSING TECHNOLOGY - Markup language security messages are processed. A template corresponding to a markup language security message is identified. The markup language security message is parsed for variable values using the template. A transition sequence is generated that represents the entire markup language security message. Each transition in the transition sequence is associated with a portion of the markup language security message. A lightweight data model of the markup language security message is populated using the transition sequence. The lightweight data model includes nodes for the variable values and a set of selected constant values. | 08-16-2012 |
| 20120210397 | METHOD AND SYSTEM FOR MANAGING SECURITY IN MOBILE COMMUNICATION SYSTEM - A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs). | 08-16-2012 |
| 20120216251 | SECURITY RESTRUCTURING FOR WEB MEDIA - User input to a web service including content from one or more media providers is subjected to a security analysis based on extracting whitelisted attributes and/or properties, the extracted attributes/properties validated, a template selected based on a source of the content, and a secure embedded code generated based on the whitelisted attributes/properties if the source is also a whitelisted source. The generated secure embedded code may then be provided as content by the web service. | 08-23-2012 |
| 20120216252 | SYSTEMS AND METHODS FOR AUTHENTICATING DEVICES IN A SENSOR-WEB NETWORK - There is provided a method for distributing sensor data. The method includes receiving, from a requesting device, a request to access first sensor-collectable data associated with at least one package. The requesting device is authenticated to access the first sensor-collectable data. And when second sensor-collectable data is associated with a predetermined value, the method also includes denying the request for access. | 08-23-2012 |
| 20120216253 | On-Line Membership Verification Utilizing An Associated Organization Certificate - A system and method is presented for providing verification of specified credentials to an independent person (a third party, that is, a user of a purported member's website) through the utilization of an “organization certificate” (OC) in combination with a “membership certificate” (MC), with the field structure of the OC limiting the type of information that can be certified by the issuing organization. The set of fields in the OC is defined as associated with a particular type of organization, where any extraneous information will not be permitted to form part of a legitimate membership certificate (hereinafter “MC”). The use of specific field descriptions thus assumes that any field appearing in an MC that does not have a corresponding tag in the OC will cause the MC to be flagged as invalid by the user's browser extension during the verification process. | 08-23-2012 |
| 20120216254 | Scalable Distributed Web-Based Authentication - Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol. | 08-23-2012 |
| 20120216255 | Attesting a Plurality of Data Processing Systems - A technique for attesting a plurality of data processing systems. The method includes: configuring a chain of data processing systems wherein a first data processing system is responsible for retrieving attestation data associated with a second data processing system; sending a request for attestation of the first data processing system; in response to receiving the request, retrieving a list of associated one or more children, wherein the one or more children comprise the second data processing system; retrieving and storing attestation data associated with each child; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first and second data processing systems, such that the attestation data associated with the first and second data processing systems can be used to attest the first and second data processing systems, respectively. | 08-23-2012 |
| 20120216256 | System, Method And Apparatus For Providing Multiple Access Modes In A Data Communications Network - A system, method and apparatus for providing multiple access modes in a data communications network includes a network access device having a plurality of input ports, a plurality of output ports, and a switching fabric for routing data received on the plurality of input ports to at least one of the plurality of output ports. Control logic within the network access device is adapted to determine whether a user device coupled to one of the plurality of input ports supports a user authentication protocol used by a host network. If the user authentication protocol is not supported, then the input port to which the network access device is coupled is placed in a semi-authorized access state that limits access to a pre-configured network accessible via the host network. | 08-23-2012 |
| 20120222088 | Method and Apparatus for Implementing Communication of Stand-Alone Software - The present disclosure discloses a method and apparatus for implementing communication of stand-alone software applications. In one aspect, a method for implementing communication of stand-along software applications comprises: establishing an instant communication connection between a first user device and a second user device by a first instant communication client on the first user device and a second instant communication client on the second user device, the first user device and the second user device being remote from each other; and communicating, by a first stand-alone software application on the first user device, with a second stand-alone software application on the second user device via the instant communication connection. | 08-30-2012 |
| 20120222089 | NETWORK TOPOLOGY AIDED BY SMART AGENT DOWNLOAD - A system, method, and apparatus for a network topology aided by a smart agent download are disclosed. The method involves authenticating, with at least one authenticator device, at least one claimant. The method further involves transmitting, by at least one transmission source, the smart agent download to at least one receiving source associated with at least one claimant. In one or more embodiments, at least one transmission source is employed in a Lower Earth Orbiting (LEO) Iridium satellite. Also, the method involves receiving, by at least one receiving source, the smart agent download. In addition, the method involves executing, by at least one processor, the smart agent download. Further, the method involves monitoring, by the smart agent download, network behavior. The monitoring of network behavior includes monitoring the users on the network, monitoring data passing through the network, and monitoring the quantity of data passing through the network. | 08-30-2012 |
| 20120222090 | METHOD OF COMMUNICATIONS AND COMMUNICATION NETWORK INTRUSION PROTECTION METHODS AND INTRUSION ATTEMPT DETECTION SYSTEM - A method, system and computer readable medium for protecting a communications device connected to a communications system against an unauthorized intrusion, including providing a variable identifier to the communications device and entities authorized access thereto. The variable identifier is provided to a user address book and assigned with a permanent identifier and the permanent identifier, but not the variable identifier, is available to a user. The presence or absence of the correct variable identifier is sensed during an attempt to access the communications device for granting or denying access to the communications device. A new variable identifier is periodically provided to the communications device and to the authorized entities and to the user address book and assigned with the permanent identifier, wherein the permanent identifier, but not the new variable identifier, is available to the user. | 08-30-2012 |
| 20120222091 | METHODS AND APPARATUS FOR USE IN A GENERIC BOOTSTRAPPING ARCHITECTURE - According to an aspect of the present invention there is provided a method of obtaining authentication information for use in a Generic Bootstrapping Architecture, GBA, employed in a network with one or more GBA-capable subscriber registers and one or more GBA-incapable subscriber registers. The method involves a selection function for determining whether the authentication information of a subscriber is stored at a GBA-capable subscriber register or at a GBA-incapable subscriber register, and an inter working function for translating between the Diameter messages of the Zh interface and the MAP messages of the Zh′ interface. | 08-30-2012 |
| 20120227085 | VIRTUAL COMPUTING SERVICES DEPLOYMENT NETWORK - A virtual computing services deployment network provides a consistent user experience from a variety of locations via a connection fabric for accessing a virtual desktop. The connection fabric identifies a user profile defining the virtualized desktop resources required for a particular user. The connection fabric includes distributed data and processing in nodes distributed throughout a public access network accessible from a user access device. Each of the fabric nodes is operable to provide an identifier (such as an IP address) of a computing resource adapted to provide the user specific desktop. A user access device accesses a local fabric node in the connection fabric, and the fabric node determines a computing resource matching a user profile of expected computing resources. The fabric node associates the user access device with the computing resource and sends the user access device an identifier for directly accessing the computing resource. The determined computing resource may be determined by a centralized virtual computing approach, thus providing appropriate scaling without significantly impacting the existing fabric. | 09-06-2012 |
| 20120227086 | CROSS SOCIAL NETWORK DATA AGGREGATION - Disclosed in some examples is a method of aggregating social networking data by receiving first authentication information for a first social networking service, the first authentication information being associated with a user and being received from a first social networking application, receiving second authentication information for a second social networking service, the second authentication information being associated with the user and being received from a second social networking application, requesting first information regarding the user from the first social networking service using the first authentication information, receiving the first information regarding the user from the first social networking service and storing the received first information, requesting second information regarding the user from the second social networking service using the second authentication information; and receiving the second information regarding the user from the second social networking service and storing the received second information. | 09-06-2012 |
| 20120227087 | CROSS PLATFORM SOCIAL NETWORKING AUTHENTICATION SYSTEM - Disclosed in one example is a method of authenticating with multiple social network services. The method may include storing first authentication information associated with a user for a first social networking service using at least one computer processor, receiving second authentication information associated with the user for a second social networking service from a social networking application, and sending to the social networking application the first authentication information. The first authentication information may enable the social networking application to utilize a protected application programming interface call for the first social networking service and the second authentication information may enable the social networking application to utilize a protected application programming interface call for the second social networking service. | 09-06-2012 |
| 20120227088 | METHOD FOR AUTHENTICATING COMMUNICATION TRAFFIC, COMMUNICATION SYSTEM AND PROTECTIVE APPARATUS - Embodiments of the present disclosure provide a method for authenticating communication traffic, a protective apparatus and a communication system, and relate to the fields of communications and computer. The method includes: a TCP packet is authenticated before it arrives at the server, to verify the true source address of the TCP packet, further verify whether the TCP packet is an attack packet, and determine whether the sender of the TCP packet is allowed to set up a TCP connection with the server, thereby effectively preventing DoS attacks that are launched through TCP packets and improving communication security. | 09-06-2012 |
| 20120233659 | NETWORK IDENTITY MANAGEMENT SYSTEM AND METHOD - Users of Internet services (e.g., SKYPE messaging service, GOOGLETALK messaging service, AOL INSTANT MESSENGER messaging service, and MICROSOFT MESSENGER messaging service) that are initially identified using separate identifiers that may be associated with respective service providers (e.g., email addresses) can manage network identities using a single unified set of account information managed by a registry service. The registry authenticates the user's request(s) to bind a service provider identity to his or her personal registry user record by presenting a random challenge to the user which the registry must then receive back from the service provider corresponding to the identity being added. Later, the registry may authenticate itself to service providers using information received from a service provider application as the service provider application authenticates itself to the service provider. | 09-13-2012 |
| 20120233660 | METHOD AND APPARATUS FOR PROVIDING SECURITY FOR AN INTERNET PROTOCOL SERVICE - A method and apparatus for providing security to an endpoint device are disclosed. For example, the method receives a signaling message by the endpoint device. The method processes the signaling message, if the signaling message is received from a device associated with one of one or more Internet Protocol (IP) addresses in an Access Control List (ACL), and discards the signaling message, if the signaling message is received from a device not associated with one of the one or more IP addresses in the ACL. | 09-13-2012 |
| 20120240191 | WIRELESS DEVICE NEARFIELD SECURITY CONFIGURATION - A joining device is operable to join a wireless network by establishing a nearfield wireless connection between the joining device and an intermediary device, and exchanging identifying information with the intermediary device that enables the joining device to securely join the wireless network. | 09-20-2012 |
| 20120246700 | QoS CHANNELS FOR MULTIMEDIA SERVICES ON A GENERAL PURPOSE OPERATING SYSTEM PLATFORM USING DATA CARDS - A SIP (session initiation protocol) service activation abstraction layer that provides a unified interface to upper layer applications for discovering, establishing, and managing the QoS connectivity. In one implementation, this is IP Multimedia Subsystem-centric, further supporting applications that utilize SIP for session control. This capability extends to the data card universe allowing UMTS data card vendors to establish concurrent QoS-based sessions using multiple primary PDP (packet data protocol) contexts based on a set of SIP triggers, further allowing applications running on a computing system to transparently utilize the established pipes based on the individual QoS requirements. | 09-27-2012 |
| 20120254940 | AUTHENTICATING ONLINE USERS WITH DISTORTED CHALLENGES BASED ON TRANSACTION HISTORIES - A method for authenticating a user by a service provider includes providing at least one network, providing at least one processor, and using the at least one network and processor to receive user identification data from the user, generate and display to the user a Captcha-like challenge based on at least one previous transaction involving and known by the user and the service provider, receive a response to the challenge from the user, and determine whether the user is authentic based on the response. | 10-04-2012 |
| 20120254941 | Providing particular level of access to one or more items in response to determining primary control of a computing device - A computationally implemented system and method that is designed to, but is not limited to: determining which of a plurality of users detected in proximate vicinity of a computing device has primary control of the computing device; and providing a particular level of access, via the computing device, to one or more items, the particular level of access to be provided to the one or more items being in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 10-04-2012 |
| 20120254942 | CONNECTION DESTINATION DETERMINATION DEVICE, CONNECTION DESTINATION DETERMINATION METHOD, AND SERVICE COLLABORATION SYSTEM - A connection destination determination device includes a control unit for performing an approval determination process to determine that a user authentication state in a connection destination request is approved if the user authentication state satisfies the user authentication state corresponding to a collaboration service. If the user authentication state is determined to be approved in the approval determination process, the control unit responds to a source of the connection destination determination request with the connection destination of service corresponding to the collaboration service which is the search key. If the user authentication state is not determined to be approved in the approval determination process, the control unit responds to the source of the connection destination determination request with the connection destination of authentication service, in order to obtain the user authentication state that does not satisfy the user authentication state corresponding to the collaboration service which is the search key. | 10-04-2012 |
| 20120254943 | METHODS FOR CONTROLLING A TRAFFIC OF AN AUTHENTICATION SERVER - A method for controlling the traffic of an authentication server and an authentication access apparatus, wherein a local area network token bucket including a high priority token bucket and a low priority token bucket is set according to the capability of the authentication server in processing the request message, and the request message sent by the authentication client is redirected to the authentication server after allocating a token to the authentication client, thus the traffic of the authentication server is controlled, so that the authentication server will not receive more request messages than it can handle. Meanwhile, the tokens in the high priority token bucket are reserved specially for authentication clients of a high priority, and they cannot be used by authentication clients that are not of a high priority, so the quality of service for authentication clients of a high priority is improved. | 10-04-2012 |
| 20120254944 | METHOD AND APPARATUS FOR PROVIDING SECURE REMOTE ACCESS TO ENTERPRISE NETWORKS - The invention includes a method and apparatus for providing secure remote access to enterprise networks. An apparatus includes a network interface module adapted for maintaining a secure network connection with a network device independent of a power state of a host computer associated with the apparatus a storage module for storing information associated with the secure connection, and a processor coupled to the network interface and the memory where the processor is adapted for automatically initiating the secure connection without user interaction. | 10-04-2012 |
| 20120260309 | System for Managing Real Time Ad-Hoc Service Relationships Between Services and Network Attached Client Devices - A system comprising network based servers and a data management system providing a unified method for managing real time ad-hoc service relationships between service providers and network attached devices connected directly to the network or attached to a network attached premises gateway. Functions of a system include device/gateway network address discovery, transaction and access security, access permissions between elements in a service network and tracking of transactions between network elements. | 10-11-2012 |
| 20120260310 | SYSTEM AND METHOD FOR APPLYING AUTHENTICATION AND SECURITY POLICIES IN A SIP ENVIRONMENT - The present disclosure provides a system and method for applying authentication and security policies in a SIP environment. In accordance with one embodiment, there is provided a method for use on a SIP server, comprising: establishing a persistent connection with a user agent (UA); initiating an idle connection timeout countdown timer; performing authentication of an initial REGISTER request using a first level of authentication; and terminating the persistent connection when the initial REGISTER request is not validated before expiry of the idle connection timeout countdown timer. | 10-11-2012 |
| 20120260311 | METHOD, MOBILE TERMINAL AND SYSTEM FOR PROVIDING DIFFERENT AUTHENTICATION VALUES ACCORDING TO CONTACT METHOD OF MOBILE TERMINAL - System and method of authenticating a terminal. An authentication system which provides an authentication value specified by a tilt angle of a terminal, includes a terminal which measures the tilt angle, and a short-range communication reader which receives the tilt angle and terminal identification data from the terminal by using short-range communication and which generates the authentication value based on the tilt angle. The short-range communication reader authenticates the terminal based on the authentication value. | 10-11-2012 |
| 20120260312 | DYNAMIC APPLICATION CHARGING IDENTIFICATION - The present invention relates to a solution for handling charging and statistics of use of applications in a wireless communication network ( | 10-11-2012 |
| 20120260313 | DIGITAL SYSTEM AND METHOD FOR BUILDING EMERGENCY AND DISASTER PLAN IMPLEMENTATION - An emergency and disaster preparedness system is hosted on a computer system with a secure network interface using a terminal for user interface to the system communicates through the network interface. A security management module for user authentication connects an authenticated user into the system. A communications module provides and sets active alerts for all users. An administrative console provides management of system functions. A learning management system operable from the system incorporates a plurality of function specific databases for user information on the building structure, content and environs. A portable emergency response tool (ERT) operable independently or through the network interface is an integral portion of the system. The ERT has a portion of the plurality of function specific databases integrally stored thereon and functions specifically for use by first responders separate from or communicating with the overall system. | 10-11-2012 |
| 20120260314 | UNINTERRUPTED VIRTUAL PRIVATE NETWORK (VPN) CONNECTION SERVICE WITH DYNAMIC POLICY ENFORCEMENT - Techniques for uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement are provided. An existing VPN session between a VPN client and a VPN server detects a change in a VPN network being used for the existing VPN session. New credentials and new policies are received by the VPN client. The new credentials are automatically used to re-authenticate the VPN client to the change during the existing VPN session, and the new policies are dynamically used to enforce the new policies during the existing VPN session on the VPN client. | 10-11-2012 |
| 20120266211 | TRANSPARENT DATABASE CONNECTION RECONNECT - A first computer establishes a logical connection to a second computer for requesting and/or receiving data from a database. A logical connection is independent of the underlying physical network connection used to connect to the database. A context identifier is stored by both computers to enable the context of a logical connection to be persisted between switches from one physical network connection to another within the logical connection thus enabling database transfers to be continued on a second physical network connection when a failure in a first physical network connection occurs. | 10-18-2012 |
| 20120266212 | APPARATUS AND METHOD FOR AUTHENTICATING SMART CARD - The disclosure discloses an apparatus and a method for authenticating a smart card. The apparatus for authenticating a smart card comprises a smart card authentication service module, a Smart Card Reader (SCReader) drive module, a Personnel Computer Smart Card Drive (pcscd) service module and a virtual serial port drive module, wherein the smart card authentication service module is configured to send an initialization command to the SCReader drive module, to send an authentication request to the terminal device and the network server, and to compare smart card authentication operation results received from the network server and the terminal device; when the results are identical to each other, the authentication of the smart card is passed; the SCReader drive module is configured to receive the initialization command from the smart card authentication service module and to send the authentication operation result from the terminal device to the smart card authentication service module; the pcscd service module is configured to provide a data transmission interface for the smart card authentication service module and to send data to the virtual serial port drive module through the SCReader drive module; and the virtual serial port drive module is configured to transmit data between the terminal device and the SCReader drive module. By the device and method, the existing module of a computer can be well used; and the authentication of multiple kinds of smart cards can be implemented, so that the device and method have high compatibility, and are easy to expand and widely applied. | 10-18-2012 |
| 20120266213 | TRUSTED HARDWARE FOR ATTESTING TO AUTHENTICITY IN A CLOUD ENVIRONMENT - Apparatuses, computer readable media, methods, and systems are described for storing a first measurement of a virtualization platform, storing a second measurement of a measured virtual machine, generating a quote using a key, wherein the quote is based on the first measurement and the second measurement, and providing the quote for attesting to authenticity of the virtualization platform and of the measured virtual machine. In a further example, the quote may be generated based on a third measurement of a secure tunnel. | 10-18-2012 |
| 20120266214 | CREATING SECURE INTERACTIVE CONNECTIONS WITH REMOTE RESOURCES - Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead. | 10-18-2012 |
| 20120266215 | Captcha Image Scramble - Particular embodiments determine a modified image for a CAPTCHA. The CAPTCHA may include an original image, a challenge based on the original image, and/or a correct response based on the original image. The modified image may be a scrambled version of the original image. Web-browser-executable code is determined for unscrambling the modified image back to the original image. The modified image and the web-browser-executable code are then provided to a computing device. Upon receiving the modified image and the web-browser-executable code, the computing device then displays the original image based on the modified image and the web-browser-executable code. | 10-18-2012 |
| 20120266216 | Registration of Applications and Complimentary Features for Interactive User Interfaces - An exemplary computer-implementable method includes receiving a call from an application executing on a host computer, the host computer having a collection of graphical user interfaces, and, in response to the call, registering the application whereby the registering comprises providing one or more entry points for the application wherein each entry point corresponds to at least one of the graphical user interfaces of the collection of graphical user interfaces. Various other exemplary methods, devices, systems, etc., are also disclosed. | 10-18-2012 |
| 20120278854 | SYSTEM AND METHOD FOR DEVICE ADDRESSING - A system and method for enabling communication with one or more mobile communication devices. In one aspect, one or more mobile communication devices use an authenticated web identification to obtain a Uniform Resource Locator (URL) which is associated with the mobile communication device(s). The URL may be used to enable communication between the mobile communication device(s) and an application service via the Internet. | 11-01-2012 |
| 20120278855 | COMMUNICATION APPARATUS, AUTHENTICATION APPARATUS, COMMUNICATION METHOD AND AUTHENTICATION METHOD - A communication apparatus transmits an authentication frame to an authentication apparatus and receives a response frame for response to the authentication frame from the authentication apparatus so that an authentication process is performed for the communication apparatus by the authentication apparatus. In the communication apparatus, a transmitting section transmits an authentication frame to the authentication apparatus using a multicast address as a transmission destination address, and if a reception determining section determines that the response frame is not received from the authentication apparatus, a transmission destination address changing section changes the transmission destination address from the multicast address to a broadcast address, and the transmitting section transmits the authentication frame that has the transmission destination address changed to the broadcast address to the authentication apparatus. | 11-01-2012 |
| 20120278856 | METHOD, DEVICE, AND SYSTEM FOR SERVICE PRESENTATION - A method, device and system for service presentation, which includes: receiving a presentation request message; acquiring presentation information from the presentation request message; storing the presentation information; when the presentee accesses the presented content, receiving an authentication and rating request message transmitted from the service enabling component; performing authenticating and rating according to the authentication and rating request message and the stored presentation information. The present invention is applicable to presenting content type services and so on. | 11-01-2012 |
| 20120278857 | METHOD FOR UNLOCKING A SECURE DEVICE - The present invention provides a method for unlocking a secure device ( | 11-01-2012 |
| 20120278858 | SYSTEM AND METHOD OF PROVIDING INFORMATION ACCESS ON A PORTABLE DEVICE - A system and method of providing information stored in a memory is provided. The system comprises an information repository for storing information and an access module for providing access to the information in response to a predetermined operation performed on a man-machine interface. The method includes the steps of storing information in a memory and providing access to the information in dependence upon at least one predetermined operation. | 11-01-2012 |
| 20120278859 | DIGITAL SOCIAL NETWORK TRUST PROPAGATION - A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications. | 11-01-2012 |
| 20120278860 | PERSONAL LIFESTYLE DEVICE - A method and apparatus for advertising a service on a wireless device. The method includes: storing authentication information in the wireless device; using the authentication information to establish communication between the wireless device and a service provider; and subsequent to the communication being established between the wireless device and the service provider, advertising, on the wireless device, context-specific information about a service associated with the service provider based on at least one of (i) an ambient temperature, (ii) a body temperature of a user of the wireless device, and (iii) a heart rate of the user. | 11-01-2012 |
| 20120284773 | Network Access Points in Key Distribution Function - Network access node for a terminal integrated wirelessly into the network, including:
| 11-08-2012 |
| 20120284774 | REMOTE SLIDE PRESENTATION - Techniques for remotely viewing a presentation are disclosed. In accordance with these techniques, a host device executing a presentation application makes a presentation available over a network. In one embodiment, a remote device receives presentation data corresponding to a currently displayed slide of the presentation. The remote device may then display a representation of the currently displayed slide at the remote location. | 11-08-2012 |
| 20120284775 | METHOD FOR PROVIDING IP SERVICES TO A USER OF A PUBLIC NETWORK - A method for providing IP services to a user of a public network is disclosed. The user accesses the public network using a user equipment which supports a first set of IP services. The network provides a second set of IP services. A third set of IP services, included in a first set and second set of IP services, is identified and the user is allowed to access a plurality of IP services of a third set. A public network suitable to implement the method is also disclosed. | 11-08-2012 |
| 20120291094 | METHOD AND APPARATUS FOR LIFECYCLE INTEGRITY VERIFICATION OF VIRTUAL MACHINES - A method and system for verifying the integrity of virtual machines and for verifying the integrity of discrete elements of the virtual machines throughout the lifecycle of the virtual machines. A virtual machine manager capable of managing one or more virtual machine images is installed on a physical hardware platform. An integrity verification component can be communicatively coupled to the virtual machine manager and an integrity reference component so that the integrity verification component can compare digests of the virtual machine image or discrete virtual machine image elements to virtual machine integrity records accessible from the integrity reference component. | 11-15-2012 |
| 20120291095 | INDEPENDENT SECURE ELEMENT MANAGEMENT - An independent secure element manager (ISEM) routes secure payloads without modifying the secure payloads and without knowledge of the encryption keys used to encrypt the secure payloads. Secure payloads from multiple issuers and multiple TSMs can coexist in one or more secure elements because of control by the ISEM. | 11-15-2012 |
| 20120291096 | METHOD AND APPARATUS FOR SECURE SIGNING AND UTILIZATION OF DISTRIBUTED COMPUTATIONS - An approach is provided for providing secure signing and utilization of distributed computations. A distributed computation authentication platform causes, at least in part, a signing of one or more computation closures of at least one functional flow. The distributed computation authentication platform also processes and/or facilitates a processing of the one or more signed computation closures to cause, at least in part, a transfer of the one or more signed computation closures among one or more levels, one or more nodes, or a combination thereof, wherein an execution of the one or more signed computation closures at the one or more levels, the one or more nodes, or a combination thereof is based, at least in part, on an authentication of the signed one or more computation closure. | 11-15-2012 |
| 20120291097 | SYSTEM AND METHOD FOR MULTI-TASKING OF A MEDICAL IMAGING SYSTEM - A medical imaging system capable of acquiring medical imaging data of a patient includes a console coupled to the system, the console comprising a computer programmed to enable a first user to perform a first task on the system via the console, and enable a second user to perform a second task simultaneously with the first task via a remote device. | 11-15-2012 |
| 20120291098 | Multimode Authentication - Assigning clients to VLANs on a digital network. A client attaching to a digital network through a network device is initially assigned to a first VLAN. This VLAN may have restricted access and is used for authentication. The device snoops DHCP traffic on this first VLAN rewriting DHCP traffic from the client to request a short lease time for the client. A short lease time may be on the order of 30 seconds. The device optionally rewrites DHCP traffic to the client on the first VLAN to assure a short lease time is returned; this rewriting supports DHCP servers which do not issue short leases. Traffic on this first VLAN may be limited to authentication such as captive portals, 802.1x, Kerberos, and the like. If client authentication on the first VLAN does not succeed, when the short lease expires, the client will receive another short lease on the first VLAN. The network device snoops authentication traffic. When authentication succeeds, the device snoops this traffic and derives information such as roles and the target VLAN for the client, saving this information. When the short DHCP lease expires for the client, and the client restarts the DHCP process, the device assigns the client to the target VLAN and all further processing occurs on this target VLAN. | 11-15-2012 |
| 20120291099 | PROVIDING DISPERSED STORAGE NETWORK LOCATION INFORMATION OF A HYPERTEXT MARKUP LANGUAGE FILE - A method begins by a dispersed storage (DS) processing module of a domain name system (DNS) server receiving, from a client, a request regarding dispersed storage network (DSN) location information of a hypertext markup language (HTML) file. The method continues with the DS processing module searching a DNS table for an entry regarding the HTML file based on information of the request. When the entry is found, the method continues with the DS processing module ascertaining the DSN location information regarding a plurality of sets of encoded data slices, wherein the HTML file is encoded using a DS error coding function to produce the plurality of sets of encoded data slices and wherein the plurality of sets of encoded data slices is stored in a DSN. The method continues with the DS processing module outputting the DSN location information to the client. | 11-15-2012 |
| 20120297447 | AUTHENTICATION TECHNIQUES - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner. | 11-22-2012 |
| 20120297448 | AUTHENTICATION METHOD FOR NETWORK CONNECTION AND NETWORK DEVICE AND NETWORK AUTHENTICATION SYSTEM USING THE SAME METHOD - An authentication method for a network connection for a network device is provided. An embedded system is installed in the network connection, and the network device is free from a web browser. First, the network device connects to an authentication server, and an internet access request is sent to the authentication server. An authentication page is retrieved from the authentication server. User authentication data is obtained by an input unit of the network device, and then the user authentication data is filled in corresponding fields of the authentication page. The authentication page is transferred to the authentication server. After, when authentication of the authentication page is successful, the network device connects to the Internet via the authentication server. | 11-22-2012 |
| 20120297449 | AUTHENTICATION METHOD - There is provided a method ( | 11-22-2012 |
| 20120297450 | Resource Upload - A method, system and program for uploading a resource from remote storage to a remote service. The method comprises the steps of connecting to the remote service, initiating an upload of the resource to the remote service, selecting the remote storage as a source of the resource, acquiring the resource from the remote storage, and uploading the resource to the remote service. In one embodiment, at least part of the method is executed by a proxy server and the step of acquiring the resource from the remote storage comprises downloading the resource to the proxy server. In another embodiment, the remote service communicates directly with the remote storage. In this further embodiment, a client device acquires authentication data for the resource from the remote storage and the step of acquiring the resource from the remote storage includes providing the authentication data to the remote storage. | 11-22-2012 |
| 20120297451 | COMMUNICATIONS SYSTEM - Methods and systems for integrated communications are provided. In one embodiment, a request to initiate a call via a channel is received. A call participant set associated with the channel is identified. A sequence of communications associated with the call is received. The sequence of communications includes at least a real-time media data type and a posted data type. The sequence of communications is transmitted to the call. Other methods and systems are described. | 11-22-2012 |
| 20120297452 | PROVIDING PROTECTION AGAINST UNAUTHORIZED NETWORK ACCESS - A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation. | 11-22-2012 |
| 20120297453 | SYSTEM AND METHOD FOR ABSTRACTION OF OBJECTS FOR CROSS VIRTUAL UNIVERSE DEPLOYMENT - A system and method for abstracting objects in a virtual universe (VU) deployment is provided. The system and method abstracts VU objects for editing in a common abstraction utility and for deploying to one or more VU grids containing one or more VU architectures and/or platforms (servers). The method can be implemented in a computer infrastructure having programming instructions operable to: obtain an object associated with a first virtual universe server; translate the object with syntax specific to at least a second virtual universe server, the syntax being different than that used with the first virtual universe server; and deploy the translated object to the second virtual universe server. | 11-22-2012 |
| 20120304255 | Systems and Methods for Authenticating Mobile Device Communications - Embodiments of the invention provide systems and methods for authenticating mobile device communications. A mobile device to which a message will be communicated may be identified. Based upon a shared secret between a service provider and the mobile device, a payload authentication code (“PAC”) may be generated, and the generated PAC may be associated with a payload for the message. The message and the generated PAC may then be communicated to the mobile device, and the mobile device may be configured to utilize the shared secret to verify the PAC and authenticate the message. In certain embodiments, the operations of the method may be performed by one or more computers associated with the service provider. | 11-29-2012 |
| 20120311669 | ACCESS MONITORING METHOD, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE MEDIUM STORING ACCESS MONITORING PROGRAM - In an access monitoring method executed by a computer: information on a first link is recorded when a request for access through the first link is detected and authentication information is transmitted through the first link; and when an email containing information on a second link is received and a request for access through the second link is detected, a determination whether or not the information on the second link is identical, in a predetermined part, to the recorded information on the first link is made. In the case where yes is determined, access through a link is forbidden when the information on the link is identical, in the predetermined part, to the recorded information on the first link, and the recorded information on the first link is transmitted to a server which collects information on links. | 12-06-2012 |
| 20120311670 | SYSTEM AND METHOD FOR PROVIDING SOURCE ID SPOOF PROTECTION IN AN INFINIBAND (IB) NETWORK - A system and method can provide source ID spoof protection in an InfiniBand (IB) fabric. The IB fabric can support a plurality of tenants in a subnet that connects a plurality of physical servers, wherein the plurality of tenants are associated with different partitions in the subnet. Then, the plurality of tenants can use at least one shared service, and the IB fabric can be configured to determine what ID values are legal for different physical servers and different partitions. | 12-06-2012 |
| 20120317615 | USE OF USER LOCATION INFORMATION FOR REMOTE ACTIONS - Architecture that provides location broker services which share the user location with other parties (e.g., based on user consent). Stationary computing devices can also determine the location of the user operator and interact accordingly. In one embodiment, the user location is retrieved from the user mobile device (e.g., smart phone) and is transmitted to other mobile or non-mobile devices with which the user interacts. Moreover, existing infrastructure and systems can be employed using a device driver that emulates the user location so that any software that uses the location services does not need modification. | 12-13-2012 |
| 20120317616 | NODE DEVICE AND METHOD TO PREVENT OVERFLOW OF PENDING INTEREST TABLE IN NAME BASED NETWORK SYSTEM - A node device and method are described to prevent overflow of a pending interest table (PIT). When excessive request messages are received through a particular interface, the node device and method transmits a traffic control message to control a transmission interval of the request messages, which are transmitted to a corresponding interface. | 12-13-2012 |
| 20120317617 | CROSS DOMAIN NOTIFICATION - A method for a mobile communication device to indicate activity associated with an operating domain includes establishing a plurality of operating domains for the mobile communication device each operating as an independent virtual machine. The method also includes providing a trusted indicator at the mobile communication device for indicating activity associated with a high-side domain. The method also includes providing an input on the mobile communication device for switching from a low-side domain to the high-side domain. The method also includes providing a trusted element for the mobile communication device that is independent of either the high-side domain or the low-side domain. The trusted element may be configured to receive a signal from the input for switching from the low-side domain to the high-side domain and to perform user authentication for switching from the low-side domain to the high-side domain. | 12-13-2012 |
| 20120317618 | METHOD AND SYSTEM FOR MANAGING DELAYED USER AUTHENTICATION - A system and methods for coordinating the operation of a client security module and a host security module on a mobile electronic device. The modules communicate with each other through a platform abstraction layer using application programming interfaces to coordinate their activities. In particular, on start-up of the device, the host security module obtains user authorization input from a user and passes the input to a client operating system for validation. Once validated, the host security module unlocks the host-side of the device. At the same time, the client operating system sends a notice or request to the client-side virtual machine requesting that the client-side be unlocked. Once the virtual machine is initialized and available it launches the client security module and unlocks the client-side. During the delay while the virtual machine loads, the user is given access only to the host applications. | 12-13-2012 |
| 20120324536 | VIRTUAL EXTENDED NETWORK - A network device may receive a data structure, intended for a second computing device, from a first computing device. The network device may determine, based on the first data structure, whether the first computing device and the second computing device correspond to the same virtual network. When then the first computing device and the second computing device correspond to the same virtual network, the network device may communicate the data structure to the second computing device. However, when the first computing device and the second computing device do not correspond to the same virtual network, the network device may disregard the data structure. | 12-20-2012 |
| 20120324537 | MULTIPLE USER LOGIN DETECTION AND RESPONSE SYSTEM - A method is provided for controlling multiple access to a network service to prevent fraudulent use of the network service. The method includes identifying an account access counter for an account using identification information received from a user at a first device using a network, wherein the user is requesting access to a service provided at a second device, and further wherein the account access counter is the number of service access sessions active for the account; comparing the account access counter to a maximum account access number, whrerein the maximum account access number defines a maximum number of service access sessions allowed for the account; and providing the user at the first device access to the service at the second device if the account access counter is less than the maximum account access number. | 12-20-2012 |
| 20120331520 | Method and System for the Transmission of Wireless Data Stream - The disclosure provides a method and a system for transmitting wireless data stream. After a user equipment (UE) sends a packet data protocol (PDP) context activation request signaling to a base station, the base station checks whether the user equipment is allowed to activate a local Internet protocol access (LIPA) function. If the base station decides that the user equipment is allowed to activate the LIPA function, the base station informs a core network which executes authentication accordingly. The base station disconnects from the core network. The base station assigns a private IP address to the user equipment for implementing the LIPA function, so that the user equipment having the private IP address is directly connected to an external network through the base station without going through the core network. | 12-27-2012 |
| 20120331521 | SYSTEM AND METHOD FOR APPLICATION CENTRIC CLOUD MANAGEMENT - An application-based cloud management system and method are provided. The cloud management method comprises authenticating a user to access a cloud network, determining a user behavior of the authenticated user using one or more metadata stored in a cache memory, loading resources related to the user behavior to a virtual machine, and allocating the virtual machine to the authenticated user. | 12-27-2012 |
| 20120331522 | SYSTEM AND METHOD FOR LOGICAL SEPARATION OF A SERVER BY USING CLIENT VIRTUALIZATION - A system for logically separating a server using client virtualization includes a client terminal including a virtual environment generation unit for generating a virtual environment, and a virtualized server including a local storage unit, an authentication server for performing authentication on the client terminal when a request for access to the local storage unit is received from a process executed in the virtual environment, and a virtualization filter drier for allowing or blocking the access request to the local storage unit based on the authentication result of the client terminal. The client terminal further includes a virtualization filter drives for transmitting the access request from the process executed in the virtual environment to the local storage unit, and blocking the access request from the process without being made through the virtual environment to the local storage unit. | 12-27-2012 |
| 20120331523 | Wireless access device and method - The disclosure discloses a wireless access device ( | 12-27-2012 |
| 20120331524 | NETWORKING AS A SERVICE - Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates. | 12-27-2012 |
| 20130007840 | TECHNIQUES FOR PREVENT INFORMATION DISCLOSURE VIA DYNAMIC SECURE CLOUD RESOURCES - Techniques for preventing information disclosure via dynamic secure cloud resources are provided. Data (information) remotely housed on a particular cloud resource of a particular cloud is periodically, randomly, and dynamically changed to a different cloud resource within the same cloud or to a different cloud resource within an entirely different cloud. A requesting principal for the data is dynamically authenticated and a current location for the data is dynamically resolved and the principal is securely and dynamically connected to the current cloud resource and current cloud hosting the data for access. | 01-03-2013 |
| 20130007841 | CLIENT SERVER COMMUNICATION SYSTEM - A method for communicating with a server application. A first request is received by a first agent application on a first client computer system from the server application to request that a second agent application on a second client computer system communicate with the server application. Responsive to receiving the first request, a second request is sent by the first agent application to the second agent application on the second client computer system to communicate with the server application. | 01-03-2013 |
| 20130007842 | MOBILE TERMINAL AND DISPLAY CONTROLLING METHOD THEREIN - A mobile terminal including a communication unit configured to communicate with at least one external terminal; a memory configured to store at least first and second operating systems including at least first and second modes, respectively; and a controller configured to execute the first operating system and activate the first mode corresponding to the first operating system, display a first information screen on a display unit of the mobile terminal corresponding to the activated first mode, display an application execution history for the first mode and the second mode on a prescribed region of the first information screen of the first mode, and identifiably display whether applications included in the application execution history were executed in the first mode or the second mode. | 01-03-2013 |
| 20130007843 | Method, Program Product, and System of Network Connection in a Wireless Local Area Network - Disclosed is a method of network connection in a wireless local area network. The wireless local area network comprises a client, an access point, and an authentication database coupled to the access point. The authentication database comprises a plurality of collections of data entries, wherein each of the collections of data entries comprises a plurality of data entries. The network connection method comprises: passing messages containing queries relating to data entries in the authentication database and receiving responsive answer tags. | 01-03-2013 |
| 20130007844 | NODE AUTHENTICATION - A system and method of accessing a service on a terminal node. The system includes a chain of nodes, the chain comprising a first node, one or more intermediate nodes, and the terminal node, the terminal node maintaining the service, wherein the first node is arranged to initiate an access request and to transmit the access request to an adjacent node, each intermediate node is arranged to authenticate the transmitting node and to transmit the access request to an adjacent node, and the terminal node is arranged to authenticate the transmitting node and to execute the access request. | 01-03-2013 |
| 20130014216 | GUARD SPOT BEAMS TO DETER SATELLITE-BASED AUTHENTICATION SYSTEM SPOOFING - A transmission-based authentication system and method to prevent an unauthorized claimant from tracking a signal are disclosed herein. In one or more embodiments, the method involves transmitting, from at least one transmission source, a plurality of authentication signals. The method further involves receiving, from at least one receiving source, a resultant signal that includes at least two of the authentication signals. Further, the method involves authenticating, with at least one authenticator device, at least one claimant by comparing properties of the resultant signal the claimant receives from the receiving source location(s) to expected properties of the resultant signal that the claimant should receive from the receiving source location(s). The properties that are compared are signal power, doppler shift, time of reception, and/or signal modulation. The transmission source(s) is employed in at least one satellite and/or at least one pseudo-satellite. | 01-10-2013 |
| 20130014217 | Adapting Extensible Authentication Protocol for Layer 3 Mesh Networks - Techniques are provided for adaptive routing of authentication packets in a network, such as a wireless mesh network. At an authenticated device in the network, an authentication packet is received over the network from a device that is seeking authentication. The authentication packet is encapsulated for transmission in Layer 3 packets over an Internet Protocol (IP) tunnel to an authenticator device associated in the network. Similarly, for an authentication packet encapsulated in Layer 3 packets from the authenticator device over the IP tunnel, the authentication packet is decapsulated from the Layer 3 packets and transmitted over the network to the device seeking authentication. | 01-10-2013 |
| 20130014218 | SYSTEM INCLUDING IMAGE FORMING APPARATUS AND INFORMATION PROCESSING APPARATUS, METHOD PERFORMED UNDER THE SYSTEM, IMAGE FORMING APPARATUS AND INFORMATION PROCESSING APPARATUS DIRECTED TO THE SYSTEM, AND NON-TRANSITORY STORAGE MEDIUM ENCODED WITH PROGRAM DIRECTED TO THE APPARATUSES - Provided is a system including a first image forming apparatus and an information processing apparatus connected via a network. When a second image forming apparatus is added to the network, the second image forming apparatus generates parent setting information indicating that the first image forming apparatus previously connected to the network is its parent, and transmits the parent setting information to the first image forming apparatus. The first image forming apparatus generates parent-child relationship setting information indicating a parent-child relationship between the first image forming apparatus and the second image forming apparatus, based on the parent setting information from the second image foaming apparatus. The information processing apparatus registers the second image forming apparatus as a new output destination, based on information of the second image forming apparatus. | 01-10-2013 |
| 20130014219 | MESH NETWORK SECURITY SYSTEM GATEWAY AND METHOD - A gateway for transmitting signals between a computer network and a radio-frequency mesh network. The gateway includes a housing, a radio-frequency transceiver for communicating with the radio-frequency mesh network, an Internet Protocol transceiver, operatively coupled to the radio-frequency transceiver, for communicating with the computer network, a power supply, and a logic and memory unit configured to communicate with the computer network using a secure data connection. | 01-10-2013 |
| 20130014220 | Method and system for processing authenticator relocation request - The disclosure provides a method and a system for processing an authenticator relocation request. When detecting that initial authentication, re-authentication or authenticator relocation is being performed for a terminal, a network side refuses a new authenticator relocation request from the terminal. When detecting that no initial authentication, re-authentication or authenticator relocation is being performed for the terminal, the network side accepts the new authenticator relocation request from the terminal. Further, when detecting that the initial authentication, the re-authentication or the authenticator relocation is being performed for the terminal, the network side refuses a new re-authentication request from the terminal. According to the technical solution of the disclosure, the complexity of network element processing is reduced and potential safety hazard is avoided. | 01-10-2013 |
| 20130014221 | SECURITY ARRANGEMENTS FOR EXTENDED USB PROTOCOL STACK OF A USB HOST SYSTEM - Security arrangements for a universal serial bus (USB) protocol stack of a USB host system are provided. The security arrangements prevent an unauthorized or suspicious USB device from communicating with the host system, detect suspicious activity originating from a device which is already communicating with the host system and may provide notification to a user. | 01-10-2013 |
| 20130019279 | VEHICULAR COMMUNICATION SYSTEM, MOBILE COMMUNICATION TERMINAL, AND VEHICULAR APPARATUSAANM Aida; ToshiyukiAACI Anjo-cityAACO JPAAGP Aida; Toshiyuki Anjo-city JP - A vehicular communication system includes a mobile communication terminal, an in-vehicle apparatus, and a distribution center to distribute a content. The mobile communication terminal includes a terminal-side application to execute a content. The in-vehicle apparatus includes a vehicle-side application to execute a content. If the mobile communication terminal and the in-vehicle apparatus are not communicably connected, the terminal-side application of the mobile communication terminal executes a content acquired from the distribution center. If the mobile communication terminal and the in-vehicle apparatus are communicably connected, the terminal-side application and the vehicle-side application are caused to be cooperative and the vehicle-side application of the in-vehicle apparatus is enabled to execute a content acquired by the mobile communication terminal. | 01-17-2013 |
| 20130019280 | ESTABLISHING SECURE COMMUNICATION LINK BETWEEN COMPUTERS OF VIRTUAL PRIVATE NETWORK - A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet. | 01-17-2013 |
| 20130024910 | COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR INTEGRATING A SOCIAL NETWORK INFORMATION FEED WITH A NETWORK COMMUNICATIONS APPLICATION - Disclosed are systems, apparatus, and methods for integrating an information feed. In various implementations, an identity of a user may be determined based on authentication information, where the authentication information identifies a user profile. In some implementations, profile information is identified based on the determined identity, where the profile information identifies one or more entities tracked using one or more information feeds associated with the user profile, and where the one or more information feeds comprises one or more feed items stored in a database system. In various implementations, the identified profile information is associated with a user account provided by a network communications application. | 01-24-2013 |
| 20130024911 | EXTENSIBLE ACCESS CONTROL ARCHITECTURE - Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication. | 01-24-2013 |
| 20130031604 | Method and Apparatus for Remote Authentication - A computer-implemented authentication method includes receiving a request to access one or more features of a vehicle computing system (VCS) from an application running on a wireless device in communication with the VCS. The method further includes preparing a secure access rights request to a remote server including one or more characteristics associated with the application and sending the secure request from the VCS, through the wireless device to the remote server. The method additionally includes receiving a response to the request having been sent from the remote server through the wireless device. The method includes verifying the authenticity of the received response and updating a policy table including information from the received response, the information including at least an expiration trigger and access rights for the application. Also, the method includes validating the application for usage based at least on the information included in the updated policy table. | 01-31-2013 |
| 20130031605 | Method and Apparatus for Probabilistic Matching to Authenticate Hosts During Distributed Denial of Service Attack - A system and method to track external devices attempting to connect to a protected network using probabilistic filters. When a connection from a new external device attempts to access the protected network, the memory of a protection system, which is organized as a probabilistic filter, is searched to determine if the IP address already exists in the memory of protection system. If the search locates the IP address, the protection system terminates the connection to the external device. If the search is negative, then protection device begins the authentication process for the external device. | 01-31-2013 |
| 20130031606 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND PROGRAM - There is provided an information processing device, including: an acquisition unit for acquiring information transmitted from terminals; and a generation unit for generating a community according to a similarity degree between the information transmitted from a plurality of terminals, wherein, when a plurality of different types of information are transmitted from one terminal, the community generation unit counts, for each of the plurality of types of information, the number of terminals transmitting information similar to the information, and generates a community in which a user of a terminal is permitted to participate, the terminal transmitting information similar to information which the greatest number of terminals transmit information similar to. | 01-31-2013 |
| 20130031607 | SOFTWARE DELIVERY MODELS - Generally, this disclosure describes software delivery systems (and methods). A server is provided that operates to provision software on a customer's local machine. The server system, in response to a software purchase from an end user (customer), is configured to install the software on the customer's machine, encrypt the software, and provision encryption keys to grant the customer access to the software. In addition, a software agent is installed on the customer's machine that enables monitoring, by the server, of the customer's installed software. The server system is configured to control customer access to the installed software, via the software agent, and to terminate customer access to the software (for example, for nonpayment of fees). Thus, the software provider can retain control over software that is remotely deployed at an end user location. | 01-31-2013 |
| 20130031608 | METHODS AND APPARATUS TO TRANSFER MANAGEMENT CONTROL OF A CLIENT BETWEEN SERVERS - An example network device includes a processor configured to execute an Open Mobile Alliance (OMA) Device Management (DM) server, the OMA DM server to perform operations of: participating in mutual authentication with a second OMA DM server; sending a notification to the second OMA DM server for notifying the second OMA DM server to proceed with a delegation process; and sending, to a DM client, information for modifying an access control list (ACL). | 01-31-2013 |
| 20130031609 | Device Ownership Security On A Network - A method for device ownership security is disclosed. The method includes storing an ownership record on a mobile device identifying a home network for the mobile device. The method further includes connecting, by the mobile device, to a foreign network. The method also includes receiving, from the home network, a negative communication based on an indication that the mobile device is at least one of stolen and lost as a second portion of the transaction. The method still further includes ceasing a function of the mobile device in response to the negative acknowledgment. | 01-31-2013 |
| 20130036450 | AUTOMATIC DISABLING OF ENABLED CONNECTION PROFILE FOR WIRELESS NETWORK - To reduce automatically a number of enabled connection profiles in a mobile station, for example, while the number of enabled connection profiles is at its maximum, a mobile station automatically selects one of the existing enabled connection profiles to disable and automatically disables the auto-selected connection profile. | 02-07-2013 |
| 20130036451 | SYSTEM AND METHOD FOR CLIENT-SERVER COMMUNICATION FACILITATING UTILIZATION OF AUTHENTICATION AND NETWORK-BASED PROCEDURE CALL - System and method for setting up a data communication are disclosed. Method includes facilitating authenticating a module of a client computing device for the data communication. Method includes facilitating authenticating a module of a server for the data communication. Method includes authenticating an encoding for a network-based procedure call interface for the server. Method includes binding the network-based procedure call interface to a protocol for a gateway interface of the server. Method includes facilitating verifying that a message size of a message transmitted to a module of the client computing device or to a module of the server is within a message size range. Method includes facilitating creating a tunnel to a module of the server, wherein the tunnel is for the data communication. Method includes facilitating creating a channel within the tunnel, wherein the channel is for the data communication. | 02-07-2013 |
| 20130036452 | USER AUTHENTICATION METHOD, USER AUTHENTICATION DEVICE, AND PROGRAM - Provided is a user authentication method including reproducing sound data of which a sound source in a first position of a space around a user is virtually localized using a Head-Related Transfer Function (HRTF) of the user toward the user, acquiring a second position of the space around the user, the second position being estimated by the user who has listened to the reproduced sound data as a position of the sound source; and authenticating the user according to a coincidence between the first position and the second position. | 02-07-2013 |
| 20130036453 | SYSTEM, METHOD AND USER INTERFACE FOR NETWORK STATUS REPORTING - A method and user interface for informing a user of the status of a network connection are provided. Conventionally, the “connected” icon in the system tray only informs the user that the computer is linked to a network medium, such as an Ethernet or wireless access point. This icon does not indicate whether a routable IP address has been obtained. In this invention, an icon is used to inform the user that the network connection is disabled, connecting, connected (routable IP address obtained), or in a warning state. The warning state indicates that a non-routable IP address (e.g. auto net address) has been obtained, which will likely be unsatisfactory to the user. However, when connected to an 802.11 ad-hoc network, or when IP status checking is disabled, a non-routable IP address is deemed acceptable, and thus the “connected” icon is displayed. | 02-07-2013 |
| 20130042301 | Authentication Control In Low-Power Lossy Networks - Techniques are provided for the controlled scheduling of the authentication of devices in a lossy network, such as a mesh network. An authenticator device that is configured to authenticate devices in a lossy network receives an authentication start message from a particular device to be authenticated. The authenticator device determines a schedule for engaging in an authentication procedure for the particular device based on an indication of current network utilization. | 02-14-2013 |
| 20130042302 | COGNITIVE PATTERN RECOGNITION FOR COMPUTER-BASED SECURITY ACCESS - Implementing security access includes receiving a request to perform an activity over a network and administering a cognitive test responsive to the request that includes a set of images and an instruction to identify a cognitive pattern in the set of images. Implementing the security access also includes processing results of the cognitive test, and executing the activity when it is determined from the processing that the cognitive test has been successfully completed. | 02-14-2013 |
| 20130042303 | COGNITIVE PATTERN RECOGNITION FOR SECURITY ACCESS IN A FLOW OF TASKS - Implementing security access includes receiving a request to perform an activity over a network and administering a cognitive test responsive to the request. The administering includes randomly selecting a set of related images from a database of images, randomly selecting one image that is unrelated to the set of related images, displaying the set of related images along with the image that is unrelated to the set of related images, and prompting a user to identify the image that is unrelated to the set of related images. Implementing the security access also includes processing results of the cognitive test, and executing the activity when it is determined from the processing that the cognitive test has been successfully completed. | 02-14-2013 |
| 20130042304 | SYSTEM AND METHOD FOR HANDOVER BETWEEN INTERWORKING WLAN AND EUTRAN ACCESS SYSTEMS - This invention relates to the area of Mobility and Handover between heterogeneous wireless networks. The scope of the invention also covers the case when the UE is capable of accessing both the WLAN and EUTRAN access systems simultaneously and also the case where the UE is not capable of accessing both the WLAN and EUTRAN access systems simultaneously. This invention provides a system and method to perform Mobility between the access systems with optimized authentication procedure using security context transfer between the access systems and also minimize the data loss by buffering the data during the handover. More specifically, this invention provides a system and method to support handover between the I-WLAN and the EUTRAN access systems. | 02-14-2013 |
| 20130042305 | FACEMAIL - Systems and methods are disclosed for generating, sending, and delivering a message addressed using an image of an intended message recipient of the message. In one embodiment, a central server receives a message including an image of an intended message recipient from a first user device of a first user. The central server then identifies a second user as the intended message recipient based on the image of the intended message recipient. Then, before delivering the message, the central server obtains an image of a user at a second user device associated with the second user and sends the image to the first user device where the image is presented to the first user. Upon receiving authentication from the first user device that the user at the second user device is the intended message recipient, the central server delivers the message to the second user device of the second user. | 02-14-2013 |
| 20130047210 | Systems and Methods for Providing Security When Accessing a User Account of a Browser-Based Communications Application - The embodiments described herein provide in one aspect, a method of providing security when accessing a user account of a browser-based communications application, the method comprising: providing a communications server, the communications server configured to access personal information management (PIM) data for the user account, the PIM data comprising a plurality of non-security data items; receiving, at the communications server, a connection request from a remote system, the connection request comprising at least one connection parameter of the remote system; determining if the at least one connection parameter of the remote system is acceptable based on at least one non-security data item of the plurality of non-security data items; allowing access to the user account based on said determining; and sending security awareness data for the user account from the communications server, the security awareness data comprising at least one second non-security data item of the plurality of non-security data items. | 02-21-2013 |
| 20130047211 | METHOD AND APPARATUS FOR NETWORK SESSION VALIDATION - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that access to the resource has been requested and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may indicate that the resource is associated with a virtual private network of the link layer of the open systems interconnection model. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token. | 02-21-2013 |
| 20130047212 | Wireless Internet-Accessing Module, Host, Communication Method Thereof, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format, and sending the encapsulated uplink interaction information to the host side. | 02-21-2013 |
| 20130055345 | Mobile Application Access Control - Systems and methods of controlling access to one or more mobile applications are provided. In some examples, a plurality of business groups may be identified. One or more mobile applications may be associated with each business group. An individual determined to be associated with the business group may then receive, on a mobile device, access to the one or more mobile applications associated with the business group with which he/she is associated. In some examples, the one or more mobile applications may include native applications, web or Internet based applications and/or third party applications provided in a portal. In some examples, the portal may “take over” or mimic the desktop of the mobile device. The systems, methods, and the like may also prevent access to one or more applications not associated with the business group of the individual. | 02-28-2013 |
| 20130055346 | Event Driven Multi-Factor Authentications For Internet Transactions - An event-driven multi-factor authentication system for internet transactions is implemented in a communication system including a user platform operably connected to an application platform. In embodiments described herein, the application platform receives and evaluates event data associated with one or more online transactions of the user to identify occurrences of any triggering events; and upon occurrences of triggering events, identifies and issues one or more predefined authentication challenges corresponding to the triggering events. The triggering events may comprise, without limitation, amount-based events, time-based events or geography-based events. In such manner, for example, multi-factor authentications may be triggered for transactions having specified monetary amounts, amounts within a specified time period, or initiated from certain geographic locations. The authentication challenges may characterize different numbers of authentication challenges (including, without limitation, a combination of single- and multi-factor authentication) for different events. | 02-28-2013 |
| 20130055347 | HARDWARE INTERFACE ACCESS CONTROL FOR MOBILE APPLICATIONS - Methods, articles of manufacture, and apparatus for hardware interface access control for mobile applications are disclosed. A disclosed example method includes restricting an application from accessing a set of hardware interfaces of a mobile device, and providing a virtual interface to the application via which the application is to access a first hardware interface in the set of hardware interfaces, the virtual interface provided by a program in a kernel layer of an operating system of the mobile device to control at least one of access or a method of access to the first hardware interface in the set of hardware interfaces, the first hardware interface that is accessible via the virtual interface being unknown to the application. | 02-28-2013 |
| 20130055348 | PROGRESSIVE AUTHENTICATION - Progressive authentication is generally employed to establish the authenticity of a user, such as a user of a computing device, or a user that wants to access a proprietary data item, software application or on-line service. This can entail inputting authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and a confidence level that estimates a reliability of the factor. Sensor readings captured by one or more sensors are also input. Each sensor senses a user attribute and are used to quantify each authentication factor confidence level. An overall confidence level is established based at least in part on a combination of the individual confidence levels. A user is then designated as being authentic whenever the established overall confidence level exceeds a prescribed authentication level. This process can be continuous with the overall confidence level being continually updated. | 02-28-2013 |
| 20130055349 | METHOD AND APPARATUS FOR RELEASING TCP CONNECTIONS IN DEFENSE AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS - Disclosed are an apparatus and method for releasing a TCP connection against a denial-of-service attack. The TCP connection releasing method, which is a method for releasing a connection of a communication session between a server and a remote host, includes obtaining information included in a last ACK packet transmitted from the server to the remote host from a session table in which information on the communication session is recorded, generating an RST packet for requesting release of the communication session connection using the information on the obtained last ACK packet, and transmitting the generated RST packet to the server. | 02-28-2013 |
| 20130055350 | Creating Incentives By Controlling Device Functions - Disclosed are various embodiments for systems, methods, and apparatus for controlling functions in a client device to thereby create incentives for the user of the client device. In one embodiment, a function of the device is controlled and a prompt is displayed on a user interface. A user then provides an answer to the prompt. If the answer is correct, for example, normal function of the device is returned. | 02-28-2013 |
| 20130055351 | Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, and encapsulating the received uplink interaction information in the secure digital card interface format. | 02-28-2013 |
| 20130055352 | Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format. | 02-28-2013 |
| 20130055353 | Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format. | 02-28-2013 |
| 20130061285 | METHOD AND SYSTEM FOR PROVIDING BEHAVIORAL BI-DIRECTIONAL AUTHENTICATION - An approach for authenticating parties engaged in a web-based transaction without compromising the integrity or anonymity of the parties is described. An authentication platform receives, from a first application associated with a first party, an authentication request that has been redirected in response to a transaction initiated with a second application associated with a second party. The authentication platform forwards knowledge based assessment information to the first application that is based on determined behavioral information for authenticating the second party to the first party. A valid response to the knowledge based assessment information by the first application provides authentication of the first party to the second party. | 03-07-2013 |
| 20130061286 | Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format. | 03-07-2013 |
| 20130061287 | METHOD FOR AUTHENTICATING A STORAGE DEVICE, MACHINE-READABLE STORAGE MEDIUM, AND HOST DEVICE - A method for authentication, by a host device, of a storage device having a plurality of unit storage areas comprises acquiring information on the distribution of locations of defect referenceive areas to be used for uniquely identifying the storage device, sampling the unit storage areas of the storage device, identifying the distribution of locations of physically defective areas among the sampled areas, determining the similarity between the acquired distribution of locations and the identified distribution of location, and authenticating the storage device according to the result of the determination. | 03-07-2013 |
| 20130067535 | APPARATUS AND METHOD FOR CONTROLLING A NETWORK CONNECTION - An apparatus and method for controlling access to a network in portable terminal based on a characteristic of an application may determine the characteristic of the application based on at least one of a reference security level of the application, a reference data amount of the application, and a reference speed of the application, and may select a network to be connected to from among available networks based on the characteristic of the application when executing the application. | 03-14-2013 |
| 20130067536 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING PROGRAM - An information processing apparatus includes an generating section that generates authentication operation data from an input type associated with the type of the appliance in appliance data and stores the authentication operation data in a storage device, an transmitting section that transmits the authentication operation data to a gateway apparatus, an acquiring section that receives, from the gateway apparatus, input operation data input from an input device of an appliance and stores the input operation data in the storage device, and an collating section that compares the authentication operation data and the input operation data, determines whether the authentication operation data and the input operation data coincide with each other, and outputs collation result data. If the coincidence is determined, the information processing apparatus causes the gateway apparatus to authenticate communication for controlling the appliance between the appliance and the gateway apparatus. | 03-14-2013 |
| 20130067537 | APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING PORTABLE COMMUNICATION IDENTITY SERVICES - Apparatus, methods, and computer program products for providing portable communication identity services are provided. A request is received to access a portable communication identity from a communications device. User information is received that is input by a user of the communications device, and the user information is authenticated. Capabilities of the communications device are accessed, and the portable communication identity is transmitted in accordance with the capabilities of the communications device. | 03-14-2013 |
| 20130074149 | RE-AUTHENTICATION TIMER FOR USER EQUIPMENT - A device receives, from a user equipment (UE), a first request to access a first packet data network (PDN), and receives authentication information from the UE. The device also grants, based on the first request, the UE access to the first PDN when the authentication information authenticates the UE. The device further receives, from the UE, a second request to access a second PDN, and determines whether a re-authentication timer associated with the second PDN has expired before granting the UE access to the second PDN. | 03-21-2013 |
| 20130074150 | Presenting Visual Challenges for Verifying Human Interaction - A computing device-implemented method includes providing a presentable visual challenge for determining if access should be granted. The visual challenge includes presenting obscured text wherein the manner in which the text is obscured changes over a period of time. The method also includes determining if a received response substantially matches the text to determine if access should be granted. | 03-21-2013 |
| 20130074151 | Online Business Method, System and Apparatus Based on Open Application Programming Interface - The present disclosure introduces a method, a system and an apparatus of implementing online transaction according to Open API. In one aspect, a method includes: receiving a first invocation request to invoke an Open API from a third party development server according to a user's transaction request; determining an ISP server corresponding to the Open API as requested to be invoked in the invocation request; sending the first invocation request to the determined ISP server; receiving a service page returned by the ISP server according to the first invocation request; and sending the service page to the third party development server for processing the service page and sending the processed service page to the user, the processing comprising embedding the service page into a page corresponding to the transaction request. | 03-21-2013 |
| 20130074152 | METHOD AND DEVICES FOR SECURITY ASSOCIATION (SA) BETWEEN DEVICES - In one aspect, there is provided a method and apparatus for security association (SA) upon communication between devices. When a mobile device is connected to another mobile device without subscribing to a specific service or a private network, SA may be established. For example, the SA may be used for resource saving and secure connections of resource poor devices (for example, a medical patch) having a relatively poor resource, such as insufficient battery power or computing power. | 03-21-2013 |
| 20130074153 | PUBLIC NETWORK ACCESS SERVER HAVING A USER-CONFIGURABLE FIREWALL - A user-configurable firewall and method in which a user-changeable security setting for a client computer is maintained by an access server through which a user accesses the public network. The user-changeable security setting can be used to specify which outside computers or network devices may access the client computer and what type of access to the client computer is allowed. If an attempt to access the client computer is made, the user-configurable security setting is checked to determine if the attempted access is allowed by the current security setting. If the attempted access is allowed by the current security setting, access is allowed to the client computer; otherwise, access is not allowed. If the user changes the user-configurable security setting, the changes to the user-configurable security setting are provided to the access server. | 03-21-2013 |
| 20130074154 | PUBLIC NETWORK ACCESS SERVER HAVING A USER-CONFIGURABLE FIREWALL - A user-configurable firewall and method in which a user-changeable security setting for a client computer is maintained by an access server through which a user accesses the public network. The user-changeable security setting can be used to specify which outside computers or network devices may access the client computer and what type of access to the client computer is allowed. If an attempt to access the client computer is made, the user-configurable security setting is checked to determine if the attempted access is allowed by the current security setting. If the attempted access is allowed by the current security setting, access is allowed to the client computer; otherwise, access is not allowed. If the user changes the user-configurable security setting, the changes to the user-configurable security setting are provided to the access server. | 03-21-2013 |
| 20130074155 | NETWORK APPARATUS BASED ON CONTENT NAME, METHOD OF GENERATING AND AUTHENTICATING CONTENT NAME - A method of generating and authenticating a content name in content-centric networking (CCN) and a network apparatus are provided. A content name generation method includes generating authentication information using a secret key shared by network apparatuses that belong to a domain in content-centric networking (CCN); and generating a content name that includes the authentication information. | 03-21-2013 |
| 20130074156 | METHOD AND SYSTEM FOR EXECUTION MONITOR-BASED TRUSTED COMPUTING - A system and method to ensure trustworthiness of a remote service provided by a service provider. The method includes monitoring runtime dependencies invoked during execution of a service transaction associated with the remote service, the service transaction being requested by a service requester. The method further includes determining whether a deviation exists between the runtime dependencies and a trusted list of dependencies associated with the remote service. The method also includes blocking execution of the service transaction based on determining that the deviation between the runtime dependencies and the trusted list of dependencies exists. | 03-21-2013 |
| 20130074157 | IMAGE PROCESSING APPARATUS IN WHICH PROCESS TO BE EXECUTED TO IMAGE IS LIMITED, IMAGE PROCESSING PROGRAM PRODUCT EXECUTED THEREBY, MANAGEMENT SERVER EXECUTING PRESCRIBED PROCESS TO IMAGE TRANSMITTED FROM THE IMAGE PROCESSING APPARATUS, AND INFORMATION PROCESSING PROGRAM PRODUCT EXECUTED THEREBY - In order to cause a management server to execute a process desired by a user and to be shared by a plurality of users, an image processing apparatus capable of communicating with the management server includes a scanner inputting image data, an authentication information input unit inputting information necessary for authenticating a user, an authentication information send unit for transmitting the input authentication information to the management server, an additional function list receiver receiving from the management server, in response to the transmission of the authentication information, an additional function list for specifying an additional function registered in association with the user among the additional functions executed by the management server, an additional function selector accepting designation of the additional function, and an additional function select information transmitter transmitting the specified additional function and the input image data to the management server. | 03-21-2013 |
| 20130081107 | APPARATUS, METHOD, AND PROGRAM FOR VALIDATING USER - User validation accuracy is improved without inconveniencing a user. When an authentication request packet is received from a terminal and the authentication is successful based on a user ID and a password, an HTTP header, user-agent information, and access source IP address are extracted from the packet, and user authentication is performed by verifying the IP address and the user-agent information against usage history information where at most two sets of the IP address and the user-agent information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information. | 03-28-2013 |
| 20130081108 | Providing Operation Services for Networks via Operations Service Servers - Systems and methods of provide operations services for networks through an operations service switch. Multiple customers of the operations service may obtain operations service through the operations switch, as opposed to implementing operations services themselves. Operations service servers are in communication with the operations switch so as to be available for providing operations services to the customer accessing the operations switch. The operations switch may then establish communication links between the customer networks and the operations service servers to facilitate a centralized manner of providing operations services to the customer networks. | 03-28-2013 |
| 20130086634 | Grouping Multiple Network Addresses of a Subscriber into a Single Communication Session - An apparatus includes a processor, an interface, and a memory. The interface is operable to receive a request from a subscriber to access network services, wherein the request includes a subscriber address from the set comprising: an IP address and a media access control (MAC) address. The processor is operable to generate a query requesting an address associated with the subscriber address. The interface is further operable to communicate the query to the subscriber address, and receive a response to the query, wherein the response includes an address associated with the subscriber address, wherein the associated address is from the set comprising: an IP address and a MAC address. The memory is operable to store the subscriber address and the received associated address. | 04-04-2013 |
| 20130086635 | SYSTEM AND METHOD FOR COMMUNICATION IN A NETWORK - A method for providing secure communication in an electrical power distribution network includes detecting an enhanced threat level in the electrical power distribution network. A plurality of configuration command messages including information related to a common configuration command are received. The common configuration commands are certified if the plurality of configuration command messages have originated from a threshold number of command sites. The method further includes executing the certified configuration command. | 04-04-2013 |
| 20130086636 | SYSTEM AND METHOD FOR RESTRICTING PATHWAYS TO HARMFUL HOSTS IN COMPUTER NETWORKS - System and methods for restricting accessibility to harmful content on a computer network. Network pathways are explored to study a plurality of investigated hosts from a plurality of diverse entry points into the computer network. The investigated hosts are checked whether they are malicious hosts believed to contain harmful content. For any of the investigated hosts that are malicious hosts, intermediary hosts having connectors to those malicious hosts are identified based on the exploring of the network pathways. An access restriction is associated with each of the intermediary hosts, which can be used to block or otherwise restrict access to the intermediary hosts, which may or may not themselves contain malicious content. | 04-04-2013 |
| 20130091546 | Transmitting Authentication Information - The invention relates to a session control entity, a subscriber data entity, method and a computer program product for registering a user to a network, obtaining authentication information for the user and transmitting the authentication information to a subscription entity of the network during a registration of the user. | 04-11-2013 |
| 20130097669 | Behavioral fingerprint controlled theft detection and recovery - A computationally implemented method includes, but is not limited to: determining a behavioral fingerprint associated with a network accessible user of one or more devices, the behavioral fingerprint providing a current status of the network accessible user; and disabling the one or more devices automatically as a function of the determined behavioral fingerprint. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 04-18-2013 |
| 20130097670 | SYSTEM AND METHOD FOR SERVER-BASED IMAGE CONTROL - In one embodiment, a server-implemented method for providing an image file. The server receives a uniform resource locator (URL) containing identification of a requested image file for display within the browser of a user, the URL including criteria specified by one or more parameters relating to the size and/or format of the image file to provide. The server determines whether a cached version of the requested image file satisfying the one or more criteria exists. If so, then the server provides the cached version of the requested image file for display within the browser of the user. If not, then the server (i) generates a processed image file by modifying a stored version of the requested image file based on the one or more criteria; (ii) stores a cached version of the processed image file; and (iii) provides the processed image file for display within the browser of the user. | 04-18-2013 |
| 20130097671 | DEVICE AND METHOD FOR INTERFACING AT LEAST ONE DATA STORAGE AND TRANSMISSION TERMINAL WITH AT LEAST ONE DATA TRANSMISSION MEDIUM - The invention relates to a secure interfacing device ( | 04-18-2013 |
| 20130097672 | Security Interface for a Mobile Device - A method and device are described which provide a security interface, preferably for a mobile device. The security interface provides user-selectable non-secure data that is displayed without the need for a password. The non-secure data is preferably updated on a regular basis, and can be obtained from different sources, as selected by a user. The secure data can be accessed after successful authentication, such as a positive password verification. Additional non-secure data, related to the displayed non-secure data, can preferably be accessed, with or without a need for a password. An indication can be provided to inform a user that secure data has been updated, without the need to access such secure data. The security interface is preferably enabled after a predetermined timeout period. The interface allows the device to operate in three data access states: a controlled access state; a verification state; and a full access state. | 04-18-2013 |
| 20130104194 | METHOD AND SYSTEM FOR GRANT MANAGEMENT AND DEVELOPMENT CYCLE OPTIMIZATION - An apparatus, method, and system for federating grant management, project management, and funding in a web-based environment are disclosed. The apparatus, method, and system may include a module for receiving an electronic submissions of at least one grant proposal, a module for pestablishing a permission structure governing access to the at least one grant proposal, a module for providing a virtual collaboration space for the review process of the at least one grant proposal, a module for tracking a funding amount for the at least one grant proposal, a module for measuring statistical information based on parameters associated with the at least one grant proposal, and a module for generating reports based on the measured statistical information. | 04-25-2013 |
| 20130104195 | Method and System to Optimize Efficiency when Managing Lists of Untrusted Network Sites - A computer readable storage medium including a set of instructions executable by a processor, the set of instructions operable to determine if a network location included in a request to connect to the network location, is included in a first list of untrusted network locations stored on the client computer and send a request to determine if the network location is included in a second list of untrusted network locations stored remotely from the client computer when it is determined that the network location is not included in the first list. | 04-25-2013 |
| 20130104196 | RESTRICTING ACCESS TO HARDWARE FOR WHICH A DRIVER IS INSTALLED ON A COMPUTER - Users of a computer are prevented from directly accessing certain hardware for which a driver is installed on the computer. The users are provided a limited, indirect manner to access the hardware for a specific purpose or to do a specific job. One example of such hardware is a wireless hardware communication interface. The wireless activity of the computer may be restricted so that the wireless hardware communication interface is prevented from communicating with any devices compatible with the wireless hardware communication interface other than one or more specific devices. | 04-25-2013 |
| 20130111549 | Mechanisms to Use Network Session Identifiers for Software-As-A-Service Authentication | 05-02-2013 |
| 20130111550 | SERVICE BROKER SYSTEMS, METHODS, AND APPARATUS | 05-02-2013 |
| 20130111551 | Method for Securing Computers from Malicious Code Attacks | 05-02-2013 |
| 20130111552 | Acquiring a Trusted Set of Encoded Data Slices | 05-02-2013 |
| 20130111553 | SYSTEM TO ESTABLISH TRUSTWORTHINESS OF AUTONOMOUS AGENT | 05-02-2013 |
| 20130117814 | SECURE WIEGAND COMMUNICATIONS - The present invention is directed toward secure access systems. Specifically, a method and system is provided that enhances the security of unidirectional communication protocols used in access control systems, such as the Wiegand protocol. The enhancements may include obfuscation of data, a two-way packet-mode communications, and blind synchronization of pseudo-random number generators. | 05-09-2013 |
| 20130117815 | Method of Authorizing a Person, an Authorizing Architecture and a Computer Program Product - The invention relates to a method for authorizing a person. The method comprises the step of receiving authentication data from a personal authentication device transmitting said data to a reader associated with a central authorization system. Further, the method comprises the steps of including the received authentication data in a request message and transmitting the request message to the central authorization system, receiving the request message at the central authorization system and retrieving the authentication data from the request message. The method also comprises the steps of performing an authentication process at a central authentication system using said reader authentication data and executing an authorization process at the central authorization system based on the authentication process result. | 05-09-2013 |
| 20130125205 | METHOD AND SYSTEM FOR REDIRECTING A REQUEST FOR IP SESSION FROM A MOBILE DEVICE - A request for establishing an IP session from a mobile device to be activated and connected to a cellular network is redirected to a web portal or platform of the cellular network. When the mobile device sends an authentication request for requesting establishment of an IP session to the cellular network, the mobile device receives a restricted IP address from the cellular network if the mobile device is not currently authorized for communication via the cellular network. A reverse domain name system lookup is performed on the restricted IP address to find a host name of a web portal or platform of the cellular network corresponding to the restricted IP address. The mobile device determines whether or not redirection of an IP communication request to the web portal or platform of the cellular network is to occur based on the host name. | 05-16-2013 |
| 20130125206 | METHOD AND APPARATUS FOR BROKERING SERVER AND DEVICE AND COMPUTER-READABLE STORAGE MEDIUM FOR EXECUTING THE METHOD - A method and apparatus for brokering a communication connection between a device and a push server for providing a push service irrespective of a protocol difference between the device and the push server, and a computer readable storage medium for executing the method. The method includes: authenticating a connection between at least one device and a brokering apparatus based on protocol information relating to the at least one device; and if data is received from the server when the at least one device is connected to the brokering apparatus, modifying the data received from the server based on a protocol relating to the at least one device, and transmitting the modified data to the at least one device, wherein the brokering apparatus performs the modifying. | 05-16-2013 |
| 20130125207 | NETWORK SECURITY DEVICE AND METHOD - The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user. | 05-16-2013 |
| 20130125208 | PORTABLE SECURITY DEVICE AND METHODS OF USER AUTHENTICATION - Disclosed a portable security device and methods for secure user authentication. The security device stores operating system agents that enable communication with user devices that have different operating systems. The security device also stores user authentication data for accessing different Internet resources by the user devices. The security devices connects to the user device using an operating system agent corresponding to the operating system of the user device, and receives from the user device a request to access an Internet resource. The security device select user authentication data associated with the requested Internet resource, and obtains the requested Internet resource using the selected user authentication data. | 05-16-2013 |
| 20130133032 | System and Method for Capturing Network Traffic - In certain embodiments, a method includes receiving, by a capture device, traffic flows transmitted by a plurality of client devices, each of the traffic flows being associated with one of the plurality of client devices and comprising encrypted data. The method further includes receiving, by the capture device, flow information communicated from a proxy server communicatively coupled to the capture device, the flow information comprising an identification of a particular traffic flow and a session key associated with the particular traffic flow. The method further includes storing, by the capture device, encrypted data of the particular traffic flow identified by the flow information supplied by the proxy server; storing, by the capture device, the session key associated with the particular traffic flow; and discarding, by the capture device, any of the plurality of received traffic flows not identified in the flow information received from the proxy server. | 05-23-2013 |
| 20130133033 | Behavioral fingerprint controlled automatic task determination - A computationally implemented method includes, but is not limited to: determining a behavioral fingerprint associated with a network-accessible user, the behavioral fingerprint providing a current status of the network-accessible user; and controlling one or more devices automatically as a function of the determined behavioral fingerprint and a direction received from the network-accessible user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 05-23-2013 |
| 20130133034 | SYSTEMS AND METHODS FOR CREATING A TRUST INDEX WITH RESPECT TO ONLINE IDENTITIES - A user verification engine that will verify trust worthiness (trust-level) of individuals and through that trust-level of content they produce online is disclosed herein. | 05-23-2013 |
| 20130133035 | SYSTEM AND METHOD FOR MUTUAL AUTHENTICATION - A control unit for controlling a card reader. The control unit includes an authentication management unit for transmitting/receiving information to/from a host and each of a first encryption magnetic head device and a second encryption magnetic head device to mutually authenticate each other. The authentication management unit includes (1) a commanding means for commanding one of the first encryption magnetic head device and the second encryption magnetic head device to create lower-level information for authentication, according to a request on authentication from the host, (2) a sharing means for transmitting the lower-level information for authentication received from the above-mentioned one device to the other device for the purpose of sharing it and (3) a transmission means for transmitting the lower-level information for authentication, having been shared in all of the first encryption magnetic head device and the second encryption magnetic head device, to the host. | 05-23-2013 |
| 20130139218 | SOFT METHOD FOR LOCAL SECURE CONNECTION TO A DEVICE - A system for pairing two devices includes a monitoring system and a server. The monitoring system receives a request made by a local submitter, such as servicing device or a technician operating the servicing device, for accessing diagnostic data of the monitoring system. The monitoring system initiates a request made to the server for connecting the monitoring system with the servicing device. The server generates pairing information and transmits the pairing information to the monitoring system. The server determines that a pairing key is received as input at the servicing device and/or monitored device and determines if the pairing key matches the pairing identification. If the server determines that there is a match, the server relays diagnostic data received from the monitoring system to the servicing device. | 05-30-2013 |
| 20130139219 | METHOD OF FENCING IN A CLUSTER SYSTEM - A method of fencing in a cluster system including network devices and a management network device is disclosed. Each network device may run an application program and comprises a fence device. A first network device receives a fence operation command from the management network device. The fence operation command contains information of a target network device and information of a target application. The first network device may determine a fence device on the first network device that corresponds to the fence operation command and activates the determined fence device such that the fence device performs a fence operation on the target application program according to the fence operation command. | 05-30-2013 |
| 20130139220 | Systems and Methods for Using A Domain-Specific Security Sandbox to Facilitate Secure Transactions - Computer systems, methods, and computer readable media for facilitating a secure transaction are provided in which a client application is executed on a client computer. The client application initiates a request to a first domain comprising (i) a credential for the client application, (ii) a transaction identifier that uniquely identifies the request, and (iii) optionally, an identification of a user of the client application. Responsive to this request, the client receives a validated transaction module from the first domain. The client application loads the validated transaction module into a separate domain security sandbox that is segregated from memory space in which the client application is run. The validated transaction module conducts a validated transaction between the second domain and the validated transaction module. Separately, through the client application, a determination is made as to whether the transaction is complete by querying the first domain. | 05-30-2013 |
| 20130145425 | VERIFICATION SERVICE - Concepts and technologies are disclosed herein for verifying sender information. According to various embodiments of the concepts and technologies disclosed herein, a verification service can determine, receive a request, or receive a call to verify sender information associated with data. The server computer generates and delivers a verification message to a sender device in response to determining that sender information verification is to be provided. The server computer receives a response indicating if the data was sent by the sender device. If the response indicates that the sender device did not send the data, the server computer can block delivery of the data, generate alarms or alerts, take other actions, and/or take no action. If the response indicates that the sender device sent the data, the server computer can deliver the data, provide a verification response to the recipient device, take no action, and/or take other actions. | 06-06-2013 |
| 20130145426 | Web-Hosted Self-Managed Virtual Systems With Complex Rule-Based Content Access - A computer-based service provides methods and apparatus for a user to manage a collection of information that the user wishes to share with, or distribute to, one or more designated recipients, typically at a future time, where the user controls the contents of the collection, and the times and rules under which the collection, or portions of the collection, may be accessed by, or delivered to, the one or more designated recipients; and where the resources for storing, retrieving, processing and communicating the collection of information is logically centralized and remote from the user. | 06-06-2013 |
| 20130152166 | System And Method For Trusted Pair Security - A system for and method of protecting a resource is presented. The system and method include a trusted pair consisting of an initiator and a receiver. The receiver faces outward and is connected to a network, such as the Internet. The initiator is connected to the protected resource. In establishing a connection between the initiator and the receiver, the initiator initiates all communications. This configuration simplifies environment management, improves security including access controls, and facilitates deployment of internet-facing resources by changing the traditional model of component-to-component connection. | 06-13-2013 |
| 20130152167 | APPARATUS AND METHOD FOR IDENTIFYING WIRELESS NETWORK PROVIDER IN WIRELESS COMMUNICATION SYSTEM - To check security of an Access Point (AP) in a wireless communication system, an operating method of a terminal includes, before completing connection to the AP, receiving a frame that informs the terminal of existence of the AP; extracting security test information from the frame; and testing the security of the AP using the security test information. | 06-13-2013 |
| 20130160079 | DECEPTION-BASED NETWORK SECURITY USING FALSE POSITIVE RESPONSES TO UNAUTHORIZED ACCESS REQUESTS - A request handler may receive an access request for access to application server resources of an application server and determine that the access request is unauthorized. A response manager may provide a false positive response including apparent access to the application server resources. | 06-20-2013 |
| 20130160080 | APPARATUS AND METHOD FOR VERIFYING APPLICATION USER - Apparatus and a method for verifying application users includes an application installed in user equipment, a communication unit configured to communicate to verify a user of the application, and a control unit configured to select a user verification type for the application from a plurality of user verification types, based on a predetermined condition, and control the communication unit based on the selected user verification type to perform user verification. The apparatus and method provide a number of types of verification against various cases which wound otherwise allow no verification, depending on whether SMS messages can be transmitted, application provider policies, etc., so that users of applications can be verified in a fast and convenient manner. | 06-20-2013 |
| 20130160081 | System and Method for Concurrent Address Allocation and Authentication - A method for coordinating network entry of a device includes authenticating the device coupled to the controller, and allocating an address for the device, wherein allocating the address for the device occur concurrently with but independently of authenticating the device. The method also includes completing the network entry of the device upon successful completion of authenticating the device and allocating the address for the device. | 06-20-2013 |
| 20130160082 | Medical Device Connectivity to Hospital Information Systems Using Device Server - The present invention employs a system and method to allow for connectivity of a plurality of medical devices in a health care setting. The present invention utilizes a device server which may connect the plurality of medical devices to a hospital information system. The system may identify and authenticate a medical device and provide an administrator or privileged user accessing the information received from the medical device at a remote location. It is contemplated that the system utilizes a device server to connect the plurality of medical devices to the hospital information systems. | 06-20-2013 |
| 20130160083 | METHOD AND DEVICE FOR CHALLENGE-RESPONSE AUTHENTICATION - Method of performing a challenge-response process, comprising, in this sequence, the steps of a) providing a first challenge-response pair ( | 06-20-2013 |
| 20130167195 | HARDWARE IDENTIFICATION THROUGH COOKIES - Multiple cookies of a client device are used to form an identifier of the client device such that a change in one or even several browser cookies does not defeat proper device recognition. The cookies are included in the identifier such that individual cookies can be parsed for separate comparison with corresponding cookies of known devices. However, to protect privacy of all devices, individual parameters of the constituent cookies are represented with irreversible hashes of the respective parameters. Recognition involves quantification of a degree of correlation between the cookies and corresponding cookies of each of the known devices. To quantify the degree of correlation, the observed stability and uniqueness of each cookie, and each cookie attribute, is considered. | 06-27-2013 |
| 20130167196 | SYSTEM AND METHOD FOR REMOTE DEVICE RECOGNITION AT PUBLIC HOTSPOTS - Described are various embodiments of a system and method in which device-identifying data can be used to uniquely recognize and optionally track and report on device activity at one or more hotspot locations by way of the creation and management of a device profile uniquely associated with such devices and stored in a network accessible knowledge base. | 06-27-2013 |
| 20130167197 | Methods, Systems, and Computer Program Products for Invoking Trust-Controlled Services Via Application Programming Interfaces (APIs) Respectively Associated Therewith - A trust evaluation may be obtained for a network element in a communication network. Based on this trust evaluation, one or more services may be invoked to address the risk that a potentially untrustworthy network element poses in the communication network. Application programming interfaces (APIs) may automate the invocation of trust-controlled services. An API for a trust-controlled service may be used to directly perform a function on one or more resources in the communication network or may be used to set up an ongoing function on one or more resources in the communication network that may continue until the API is used to terminate the function. | 06-27-2013 |
| 20130174219 | Dynamically Updating Current Communication Information - A method, system and computer readable media for dynamically updating current communication information, for enabling access to current communication based upon biometric information and/or for allowing communication information to be associated with biometric information and then allowing this communication information to be provided to desired recipients. | 07-04-2013 |
| 20130174220 | SECURE BOOT OF A DATA BREAKOUT APPLIANCE WITH MULTIPLE SUBSYSTEMS AT THE EDGE OF A MOBILE DATA NETWORK - A secure boot is provided for a breakout system having multiple subsystems at the edge of a mobile data network. The secure boot utilizes two trusted platform modules (TPM) to secure multiple subsystems. Further described is utilizing a first TPM to boot a service processor and then utilizing a second TPM to secure boot two additional subsystems. Booting of the final subsystem is accomplished in a two step process which first loads a boot loader and verifies the boot loader, and then second loads an operating system load image and verifies the operating system code. | 07-04-2013 |
| 20130174221 | AUTHENTICATION SERVER, AUTHENTICATION METHOD AND COMPUTER PROGRAM - There is provided an authentication server including: a network access authenticating unit and an address notifying unit wherein the network access authenticating unit receives, from an authentication relay connected to a network, a first authentication message for a communication device existing under the authentication relay, and execute network access authentication process with the communication device, and the address notifying unit notifies the communication device of the server's address information in accordance with a result of the network access authentication process. | 07-04-2013 |
| 20130174222 | METHOD AND APPARATUS FOR AN EPHEMERAL TRUSTED DEVICE - A method and system is performed by a requesting apparatus for accessing protected content from a content provider. The method includes receiving an indication of a level of trust needed to access specific protected content from a content provider, and supplying an identity attestation and an attribute attestation and the received level of trust to a third party evaluator. The evaluator determines if the requesting apparatus meets the level of trust needed to access the protected content. A trust attestation is generated indicating a level of trust of the requesting apparatus and is sent to the requesting device. The trust attestation is evaluated by the requesting device to determine what version of the protected content can be downloaded from a content provider. The requesting apparatus then asks for the protected content if the trust level attestation meets the level of trust needed to access the specific content from the content provider. | 07-04-2013 |
| 20130179941 | Identifying guests in web meetings - A technique that identifies registered or guest users in web meetings of the type wherein users must follow a supplied URL to attend the meeting. Registered and guest users are provided different forms of the meeting invite URL. Each registered user receives a common web meeting link (a URL) that he must follow to join the meeting. This link forces the registered user to authenticate to the service when used. A guest user invitee receives a unique URL for the meeting that is generated with a nonce value associated with the guess user's contact information. The nonce value does not expose the contact information. To join the meeting, each registered user must follow the common web meeting link and authenticate to the service. True identities of the web meeting participants are displayed. | 07-11-2013 |
| 20130179942 | CONSOLIDATED DATA SERVICES APPARATUS AND METHOD - An apparatus for consolidated data services comprising a plurality of devices, a plurality of data services and a content application programming interface (API). A user API provides user identification for each of the plurality of devices using one or more of a plurality of user API methods. A feedback API configured to receive data from each of the plurality of devices that identifies media content that was delivered to the plurality of devices using one or more of a plurality of feedback API methods. A device API configured to provide a client system to one or more of the plurality of devices using one or more of a plurality of device API methods. A web service consolidator coupled to the content API, the user API, the feedback API, the device API, the update API, a plurality of data services and the plurality of devices through the communications media. | 07-11-2013 |
| 20130179943 | Systems and Methods for Authentication - A method of performing authentication involves receiving, by a station, an initiation frame and transmitting, by the station, an authentication request. The authentication request includes an extensible authentication protocol (EAP) over local area network (LAN) (EAPOL) Start and security parameters for a fast initial link setup (FILS) handshake. | 07-11-2013 |
| 20130185765 | METHODS AND SYSTEMS FOR RESTRICTING ELECTRONIC CONTENT ACCESS BASED ON GUARDIAN CONTROL DECISIONS - Methods, computer-readable media, and systems are provided to facilitate a second user to allow or deny a first user, such as a child, from accessing content by proving the second user with a content profile based on decisions made by other users with respect to the content. In one implementation, a system allows the second user to set a threshold to automatically allow or deny access based on the other users' decisions. The decisions made by other users are aggregated into information that may be based on similarities between the child and other children from whom other users have previously made decisions regarding the particular content. In addition, the aggregation may more heavily weight decisions by users that have a history of making similar decisions to the second user. | 07-18-2013 |
| 20130185766 | COMMUNICATIONS RELAY APPARATUS - A communications relay apparatus for relaying communications between an electronic control unit (ECU) connected to the apparatus via an in-vehicle local area network (LAN) and an external device connected to the apparatus via a communication path different from the in-vehicle LAN. In the apparatus, a data transfer unit forwards relay data received from the ECU to the communication path and forwards relay data received from the external device to the in-vehicle LAN. But the data transfer unit is inhibited from forwarding reprogramming data for reprogramming the ECU received from the external device to the in-vehicle LAN. An authentication unit authenticates a vehicle user, and when the vehicle user is successfully authenticated, then permits the data transfer unit to forward the reprogramming data to the in-vehicle LAN. | 07-18-2013 |
| 20130191881 | CLUSTER ARCHITECTURE FOR NETWORK SECURITY PROCESSING - A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed. | 07-25-2013 |
| 20130198804 | Peer-to-Peer Service Designer - A peer-to-peer communication system, including a service manager for managing peer-to-peer services, a zone manager for managing zones, each zone including at least one peer-to-peer service and a window display layout therefor, and a privacy manager for restricting access to a zone, to a select group of users. A method is also described and claimed. | 08-01-2013 |
| 20130198805 | METHODS AND APPARATUS FOR MANAGING NETWORK TRAFFIC - Methods, apparatus, and computer readable storage medium for authenticating assertions of a source are disclosed. In one aspect, a method for authenticating an assertion of a source in an environment of distributed control include receiving a notification of the assertion; determining an entity responsible for maintaining an authenticated list of assertions by the source based on a first trusted public record, determining an assertion authenticator for the entity based on a second trusted public record, determining one or more assertions of the source from the assertion authenticator, and authenticating the assertion based on the determined one or more assertions. | 08-01-2013 |
| 20130198806 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND AUTHENTICATION METHOD - An information processing system, which is implemented by one or more information processing apparatuses, includes a first receiving unit configured to receive a first user identifier and a first organization identifier via a network from an external apparatus and a first authentication unit configured to perform authentication based on the first user identifier and the first organization identifier by referring to a storage unit storing one or more second user identifiers in association with second organization identifiers. The first authentication unit performs authentication by identifying an organization identifier matching the first organization identifier within the second organization identifiers and identifying a user identifier matching the first user identifier within the second user identifiers associated with the matching organization identifier. | 08-01-2013 |
| 20130205369 | DIRECT MODE COMMUNICATION SYSTEM AND DISCOVERY INTERACTIVE METHOD THEREOF - A direct-mode communication system having a user direct-mode communication apparatus and a serving direct-mode communication apparatus is provided. The user direct-mode communication apparatus connects to an operating server, and authenticates with the operating server to obtain a user authenticated identification. The serving direct-mode communication apparatus connects to the operating server, and authenticates with the operating server to obtain a serving authenticated identification. The user direct-mode communication apparatus broadcasts a discovery signal based on the user authenticated identification. The serving direct-mode communication apparatus receives the discovery signal after the user direct-mode communication apparatus enters a default serving range, and provides interactive information to the user direct-mode communication apparatus according to the discovery signal and based on the serving authenticated identification. | 08-08-2013 |
| 20130205370 | MOBILE HUMAN CHALLENGE-RESPONSE TEST - Methods and systems for verifying whether a user requesting an online account is likely a human or an automated program are described. A request for an online account may be received from a mobile device. A human challenge-response test adapted for displaying on a mobile device is displayed on the mobile device. Upon viewing the human challenge-response test, the user enters the user's solution to the human challenge-response test on the mobile device. A response hash value is created based on the user's solution. The response hash value is sent to an account request server for verification. | 08-08-2013 |
| 20130212644 | NETWORK STIMULATION ENGINE - Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate. | 08-15-2013 |
| 20130212645 | INFORMATION AUTHENTICATION METHOD AND INFORMATION AUTHENTICATION SYSTEM - At a time of enrollment, a client terminal: generates a feature polynomial from biometric information for enrollment; multiplies the feature polynomial by a prescribed integer; stores a helper polynomial obtained by multiplying an inverse polynomial of a template polynomial, a polynomial having a small norm; and transmits the template polynomial to an authentication server. The authentication server stores the template polynomial in a storage unit. At a time of authentication, the client terminal: generates a feature polynomial from biometric information for authentication; multiplies the helper polynomial by the feature polynomial; adds a random polynomial having a small norm to the authentication polynomial; and transmits the authentication polynomial to the authentication server. The authentication server determines whether or not the biometric information for enrollment and for authentication can be authenticated, based on the result obtained by multiplying the authentication polynomial by the template polynomial. | 08-15-2013 |
| 20130219465 | METHOD AND APPARATUS FOR SEPARATION OF CONNECTION DATA BY PERIMETER TYPE - A method and a mobile device having a plurality of modes of operation, the method associating each connection interface on the mobile device with one of a plurality of modes; and restricting access to a profile for each connection interface on the mobile device to only a subset of applications based on the mode associated with the profile. | 08-22-2013 |
| 20130219466 | UNIFIED CLOUD COMPUTING NETWORK INTERFACE - A cloud computing network device is disclosed. The device is configured to receive a request from a joining device for access to the cloud computing network, and in response to the request, authenticate the joining device according to an authentication protocol. The device is also configured to receive from the joining device an indication of one or more items local to the joining device to be made available to other devices on the cloud computing network, and in response to the indication, provide information identifying items to the other devices on the cloud computing network. | 08-22-2013 |
| 20130219467 | NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE - A network authentication method, a client and a device are provided. The method includes: receiving SYN data sent by a client, where the SYN data includes a sequence number SEQ1 and a network parameter comprising an ID in the header of the SYN data; sending SYN_ACK data to the client, where the SYN_ACK data includes an acknowledgment number ACK2 obtained by carrying out a function transformation according to the network parameter; receiving RST data sent by the client, where the RST data includes a sequence number SEQ3 or an acknowledgment number ACK3, and the RST data further includes a network parameter the same as that of the SYN data; carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and passing the authentication of the client if CHK matches SEQ3 or ACK3. | 08-22-2013 |
| 20130227643 | WIRELESS ACCESS TO DEVICE FUNCTIONS - In an embodiment, a method includes permitting a wireless client to wirelessly access an internal network of a Wi-Fi capable device. The method also includes presenting a reduced set of device functions to the client when the device operates in an open mode, and presenting an increased set of device functions to the client when the device operates in a secure mode. | 08-29-2013 |
| 20130227644 | SIPTO decision method and device for H(e)NB system - The disclosure claims a Selected Internet Protocol Traffic Offload (SIPTO) decision method and device for a Home (evolved) Node-B (H(e)NB) system, both the method and device can judge whether a H(e)NB has the SIPTO authority, and can allow the H(e)NB to implement the SIPTO if the H(e)NB has the SIPTO authority. The method and device of the disclosure can support the SIPTO of the H(e)NB. | 08-29-2013 |
| 20130227645 | TERMINAL AND METHOD FOR ACCESS POINT VERIFICATION - A terminal to determine a security status of an AP includes an AP retrieval unit to identify an AP connectable with the terminal, an AP determination unit to connect with the AP and determine whether the AP is vulnerable, and a controller to control the connection with the AP if the AP is determined to be vulnerable. A method for determining a security status of an AP with a terminal includes identifying a connectable AP, connecting the terminal with the AP, determining whether the AP is vulnerable, and controlling the connection with the AP if the AP is determined to be vulnerable. | 08-29-2013 |
| 20130227646 | METHODS AND APPARATUS FOR LARGE SCALE DISTRIBUTION OF ELECTRONIC ACCESS CLIENTS - Methods and apparatus for large scale distribution of electronic access control clients. In one aspect, a tiered security software protocol is disclosed. In one exemplary embodiment, a server electronic Universal Integrated Circuit Card (eUICC) and client eUICC software comprise a so-called “stack” of software layers. Each software layer is responsible for a set of hierarchical functions which are negotiated with its corresponding peer software layer. The tiered security software protocol is configured for large scale distribution of electronic Subscriber Identity Modules (eSIMs) | 08-29-2013 |
| 20130227647 | SHARED NETWORK ACCESS VIA A PEER-TO-PEER LINK - An electronic device receives a request for access to the infrastructure network (and, more generally, a ‘resource’) from the other electronic device via a peer-to-peer link. In response to the request, the electronic device determines that it has access to the infrastructure network, and provides a response to the other electronic device via the peer-to-peer link indicating that the electronic device has access to the infrastructure network. Then, the electronic device establishes secure communication with the other electronic device, and provides access information to the other electronic device via the peer-to-peer link using the secure communication. This access information facilitates access to the infrastructure network. | 08-29-2013 |
| 20130227648 | ON BOARD VEHICLE NETWORK SECURITY - The present disclosure describes a microprocessor executable network controller operable to at least one of (a) isolate at least one other on board computational component in a vehicular wireless network not affected by a security breach event from a computational component affected by the security breach event and (b) isolate an on board computational component in the vehicular wireless network and affected by the security breach event from the at least one other on board computational component not affected by the security breach event. | 08-29-2013 |
| 20130227649 | METHODS AND DEVICES FOR MAINTAINING A DOMAIN - The invention proposes methods and devices for managing domains. The domains comprise a plurality of member devices, and the method comprises the steps of: storing (S | 08-29-2013 |
| 20130227650 | Vehicle-Mounted Network System - Provided is a method capable of enhancing security of a vehicle-mounted network while reducing processing loads in each vehicle-mounted control device. | 08-29-2013 |
| 20130232545 | SYSTEM AND METHOD FOR DETECTING AND PREVENTING ATTACKS AGAINST A SERVER IN A COMPUTER NETWORK - The present invention provides a computer-implemented method, performed by a server system having one or more servers and memory storing one or more programs for execution by the one or more servers, the method comprising at the server system: receiving an access request to a network server from a terminal device; determining whether the access request matches a cached record stored in an substitute server; if the cached record is found, returning the cached record to the terminal device; if no cached record is found, processing the access request for security check; forwarding the processed access request to the network server; receiving a response from the network server; optimizing the response from the network server; and forwarding the optimized response to the terminal device. | 09-05-2013 |
| 20130232546 | SERVICE PROVIDING METHOD, RECORDING MEDIUM, AND INFORMATION PROCESSING APPARATUS - A service providing method executed by an information processing apparatus that provides a first service, the method includes receiving role information from a terminal apparatus in use by a user, the role information indicating that a second service provided by another information processing apparatus and a role assigned to the user in the second service; and determining a role assigned to the user in the first service according to the role information and relationship information that indicates a relationship between the local apparatus and the another information processing apparatus, in correspondence to the second service. | 09-05-2013 |
| 20130232547 | NEW METHOD FOR SECURE SITE AND USER AUTHENTICATION - The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user. | 09-05-2013 |
| 20130232548 | Secure Route Discovery Node and Policing Mechanism - A computer implemented method and computer program product for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level. | 09-05-2013 |
| 20130232549 | METHOD AND APPARATUS FOR SECURING NETWORK COMMUNICATIONS - A method for securing communications in a communications network between a first network component (e.g. user's device) and a second network component (e.g. service apparatus). At the first network component a first data set represents user-perceptible content which is reproduced for perception and selection by a user of the first network component. The method includes forming a network communications link between the first network component and the second network component subject to conditions requiring at least that a user input is received at the first network component indicating selection of the reproduced user-perceptible content by the user. The first data set is then replaced at the first network component with replacement data to represent the user-perceptible content for perception and selection by a user of the first network component in subsequently so forming a said communications link. | 09-05-2013 |
| 20130232550 | AUTHENTICATION SERVER AND AUTHENTICATION METHOD BY AUTHENTICATION SERVER - An authentication server capable of determining securely and accurately whether an access source is a cellular phone or a computer when a content is accessed with being limited to cellular phone users. The authentication server including a transmission delay time measuring unit that measures a transmission delay time between the authentication server and a communication terminal over a plurality of times, a transmission delay time distribution property determining unit that determines whether or not a distribution property of the transmission delay time measured over the plurality of times is discrete, and a content access authentication unit recognizing that the communication terminal is a wireless communication terminal and approving the access to the contents when the distribution property of the transmission delay time is determined as being discrete and recognizing that the communication terminal is a wired communication terminal and denying the access to the contents when the distribution property of the transmission delay time is determined as not being discrete. | 09-05-2013 |
| 20130232551 | METHOD AND DEVICE FOR ANONYMOUS ENTITY IDENTIFICATION - The present invention discloses a method for anonymous entity identification, which comprises the following steps: an entity A transmits an R | 09-05-2013 |
| 20130239175 | CONTROLLING ENTERPRISE ACCESS BY MOBILE DEVICES - A system comprising at least one component running on at least one server and receiving vulnerability data and, for each device of a plurality of devices, device data that includes data of at least one device component. The system includes a trust score corresponding to each device of the plurality of devices and representing a level of security applied to the device. The trust score is generated using a severity of the vulnerability data. The system includes an access control component coupled to the at least one component and controlling access of the plurality of devices to an enterprise using the trust score. | 09-12-2013 |
| 20130247146 | AUTHENTICATION SYSTEM AND METHOD - Various embodiments of authentication and information verification methods and apparatus are disclosed herein. In one embodiment, a server is described, comprising a communication interface for sending and receiving information to/from consumers and third parties, a memory for storing processor-executable instructions and one or more accounts, and a processor for executing the processor-executable instructions that cause the server to, receive electronic instructions, from a consumer, to create an account for a consumer, the account comprising a number of data fields, create an account in response to receiving instructions over the communication interface to create the account, the account comprising a number of data fields, store the account in the memory, assign an overall security level to the account, and increase the overall security level of the account in response to receiving an indication from a third party that the information provided to the third party is true. | 09-19-2013 |
| 20130247147 | CREATING A VIRTUAL PRIVATE NETWORK (VPN) FOR A SINGLE APP ON AN INTERNET-ENABLED DEVICE OR SYSTEM - An Internet-enabled device, such as a smartphone, tablet, PC, wearable sensor, or household appliance, executes an application (or “app”) has its own VPN connection with a VPN gateway device. The app does not use the device-level or system VPN to connect with the gateway. The app, which may be security wrapped, is made more secure by having its own VPN tunnel with the gateway, wherein the VPN tunnel is not used by other apps running on the device. The conventional (or device-level) VPN connection is not used by the app(s). The app has its own IP stack, an HTTP proxy layer, an IPsec module, and a virtual data link layer which it uses to build IP packets, encapsulate them, and transmit them to a transport module in the device operating system, for example, a UDP module. | 09-19-2013 |
| 20130247148 | SYSTEM AND METHOD FOR CORRELATING NETWORK IDENTITIES AND ADDRESSES - The system and method for correlating network identities and addresses described herein may include a log correlation engine distributed on a network that identifies relationships between certain network identities and Internet Protocol (IP) and Ethernet addresses in the network. In particular, the log correlation engine may analyze various event logs that describe activity in a network to learn relationships between network identities and network addresses and generate alerts in response to discovering changes in the learned relationships. For example, the log correlation engine may identify authentication events described in the logs to map network identities to IP addresses, and may further analyze the logs to map the IP addresses to Ethernet addresses. Thus, the log correlation engine may discover new and changed relationships between the network identities, the IP addresses, and the Ethernet addresses. | 09-19-2013 |
| 20130254840 | PROVIDING MULTIPLE AUTHENTICATIONS TO AUTHENTICATE USERS WITH RESPECT TO A SYSTEM AND FILE SYSTEMS OFFERRED THROUGH THE SYSTEM - Provided are a method, system, and computer program product for providing multiple authentications to authenticate users with respect to a system and file systems offered through the system. A request is received from a user to access a system, wherein the system provides access to a plurality of file systems. A first authentication of the user with respect to the system is performed. In response to success of the first authentication with respect to the system, a request by the user is received to access a selected one of the file systems. A second authentication is performed of the user with respect to the selected file system. The user is allowed access to the selected file system in response to success of the second authentication. | 09-26-2013 |
| 20130254841 | SECURE CLOUD COMPUTING PLATFORM - A secure cloud computing platform. The platform has a pool of secure computing devices such that each can be allocated to a customer as with other computing resources. Each secure computing device may be configured by a customer with a key and software for performing operations on sensitive data. The customer may submit data, defining a job for execution on the platform, as cyphertext. The secure computing device may perform operations on that data, which may include decrypting the data with the key and then executing the software to perform an operation on cleartext data. This operation, and the data on which it is performed, though in cleartext, may be inaccessible to the operator of the cloud computing platform. The device may operate according to a secure protocol under which the software is validated before loading and the device is provisioned with a key shared with the customer. | 09-26-2013 |
| 20130254842 | OPERATION OF MOBILE DEVICE AS TRUSTED MOBILE WEB CLIENT OR TRUSTED MOBILE WEB SERVER - A method of operating a mobile device comprises executing a trusted service application in a trusted operating system through secure access, executing a trusted web server module in the trusted operating system, wherein the trusted web server module is configured to transfer information using an internet protocol and the information is generated by execution of the trusted service application, and executing a user application in a rich operating system through normal access, wherein the user application is configured to relay communication between a remote web server and the trusted web server module through a security session. | 09-26-2013 |
| 20130254843 | METHOD FOR CONTROLLING ACCESS TO VISUAL MEDIA IN A SOCIAL NETWORK - A method for controlling access to a visual medium in a social network comprising user units connected to a social network site server associated to a database and a to a distorted visual medium server storing visual media posted by users of the social network. A visual medium is selected by a posting user on a user unit and made available to at least one entitled user of said social network. The posting user defines a list of entitled users to be entitled to access the visual medium, said list of entitled users comprising at least one identifier identifying at least one entitled user, said identifier being associated to a parameter defining an access level to the selected visual medium. The selected visual medium is uploaded to the distorted visual medium server in association with the list of entitled users. The distorted visual medium server stores the visual medium in a memory and applies a distortion effect so as to obtain at least one distorted visual medium degraded according to a predefined degradation level. An entitled user iden tified on the list receives, from the distorted visual medium server, the visual medium distorted according to a degradation level corresponding to the parameter defining the access level associated to the identifier of the entitled user. The distortion effect applied on the original visual medium preferably consists of a scrambling operation performed on the original visual medium to obtain a scrambled visual medium. The access level defines the rights of a user for descrambling the scrambled visual medium into a reconstructed visual medium. Depending on the user access level, the reconstructed visual medium can be a partially descrambled visual medium or a fully descrambled visual medium according to the user access level. | 09-26-2013 |
| 20130254844 | Targeted Muting for Communication Between Electronic Appliances - A method for controlling the flow of data in a near field communication appliance having an interposed element and a plurality of secure elements connected to the interposed element is disclosed. The method includes receiving a first communication at a first one of the secure elements. The first communication is sent by an external appliance and suited to an application located in one of the secure elements. The method further includes testing, by means of the first secure element, whether the first secure element contains the application. The first secure element is muted if the first secure element does not contain the application. A corresponding near field communication appliance and terminals are also disclosed. | 09-26-2013 |
| 20130254845 | DIGITAL DATA AUTHENTICATION - A method for protecting a digital document and user data typed into a digital document is presented. The method comprises computation of an authentication tag when the document is sent from a server. A similar authentication tag is computed when the document is shown on a client. When another document referenced in the document is requested by the client from the server, the authentication tag computed by the client is attached to the request for that other document. The server receiving the request compares the authentication tag it computed with the one it received to verify if the request came from an authentic copy of the document. The method is suitable for protection of online banking, online investment, online shopping, and other electronic applications. | 09-26-2013 |
| 20130254846 | METHOD FOR A CLIENT DEVICE TO ACCESS TO REMOTE SECURE DATA ON A REMOTE SECURE DEVICE - The invention relates to a method for a client device ( | 09-26-2013 |
| 20130263216 | PARTICIPANT AUTHENTICATION AND AUTHORIZATION FOR JOINING A PRIVATE CONFERENCE EVENT VIA A CONFERENCE EVENT ENVIRONMENT SYSTEM - Concepts and technologies are described herein for a mechanism by which participants who have been invited to attend a conference event and who are physically present within a conference event environment, such as a meeting room, can provide authentication credentials to join the conference event via a conference event environment system. When an individual attempts to join a conference event via a conference event environment system, the individual is prompted to provide his or her authentication credentials to join the conference event via the conference event environment system to participate in the conference event. The conference event environment system may inherit the individual's permissions, such as in regards to whether or not the individual has been permitted to present content during the conference event. A conference event roster may be used to indicate that the individual has joined the conference via the conference event environment system. | 10-03-2013 |
| 20130263217 | SYSTEM, METHOD, AND DEVICE FOR CONTROLLED ACCESS TO A NETWORK - A device for controlling network access comprising a first transceiver configured in as open access point device, a second transceiver configured in client mode and configured to connect to a second network, and a human detectable output device. The first transceiver device is configured to request and receive a user access security key. Upon matching the output and received security keys, data access to the network is enabled. Further, the device limits the addresses to which a user client device can transmit data. The user access security key required for the connecting to the first transceiver is time varying. | 10-03-2013 |
| 20130263218 | PRIVACY COMPLIANT CONSENT AND DATA ACCESS MANAGEMENT SYSTEM AND METHODS - An information management system for restricting access to personal data in compliance with law or regulation includes a database having restricted records stored therein, at least one of the records including an identification of a client or group of clients about whom said record concerns. A computer system under the control of a trusted information broker is configured to receive via a communication medium a request initiated by a requestor for access to at least one of the restricted records in the database, the request including an identification of the requestor. The computer system is further configured to transmit a request for consent to the client and receive an indication from the client that the client consents or does not consent to access to the restricted record by the requestor. The computer system grants or denies access to the restricted records based upon the indication from the client. | 10-03-2013 |
| 20130263219 | AUTHENTICATION SYSTEM, ELECTRONIC APPARATUS AND AUTHENTICATION METHOD - Disclosed is an authentication system including: an electronic apparatus; and a remote operating device to remotely operate the electronic apparatus, wherein the electronic apparatus comprises a main controller to control the electronic apparatus and a sub-controller to control the electronic apparatus independently from the main controller; and wherein in case that the remote operating device accesses to the electronic apparatus, after the main controller carries out a first user authentication, the sub-controller carries out a second user authentication. | 10-03-2013 |
| 20130263220 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A network device comprises: a storage device storing an application program for a secure communications service; and at least one processor. The processor is configured to enable the network device to (a) send a request to look up a network address of a second network device based on an identifier associated with the second network device; (b) receive an indication that the second network device is available for the secure communications service, the indication including the requested network address of the second network device and provisioning information for a virtual private network communication link; (c) connect to the second network device, using the received network address of the second network device and the provisioning information for the virtual private network communication link; and (d) communicate with the second network device using the secure communications service via the virtual private network communication link. | 10-03-2013 |
| 20130268998 | MANAGEMENT SERVER AND METHOD FOR CONTROLLING DEVICE, USER TERMINAL APPARATUS AND METHOD FOR CONTROLLING DEVICE, AND USER TERMINAL APPARATUS AND CONTROL METHOD THEREOF - A universal access method performed by a mobile device includes receiving a signal from a security access point that requests authentication information from the mobile device through near field communication (NFC), selecting one of first authentication information and second authentication information corresponding to the security access point, and transferring the selected authentication information to the security access point through NFC. | 10-10-2013 |
| 20130276060 | METHODS AND SYSTEMS FOR FALLBACK MODES OF OPERATION WITHIN WIRELESS COMPUTER NETWORKS - Described herein are systems and methods for fallback operation within WLANs that rely on remote authentication procedures. When a primary network node authentication process fails, fallback access control parameters associated with a secondary network node authentication process are exchanged between a network node and an authentication server, wherein the secondary network node authentication process allows the network node to access other resources of a computer network. | 10-17-2013 |
| 20130276061 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PREVENTING ACCESS TO DATA WITH RESPECT TO A DATA ACCESS ATTEMPT ASSOCIATED WITH A REMOTE DATA SHARING SESSION - A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented. | 10-17-2013 |
| 20130276062 | WATERMARKS FOR ROAMING - A watermarking process is contemplated to facilitate branding and other message communication operations, such as to facilitate notifying a user associated with a home service provider watermark or communicating advertisements and/or personal messages to the user while accessing services through a visited service provider. The contemplated watermarking process may be particularly beneficial with devices having capabilities to roam between multiple service providers. | 10-17-2013 |
| 20130276063 | METHOD AND SYSTEM FOR ESTABLISHING WIRELESS LOCAL AREA NETWORK LINK BETWEEN PORTABLE TERMINALS - A method of establishing a WLAN link between portable terminals using a cellular network and a sound, the method including: transmitting a connection request message including a first partial security key being a portion of a first security key to a second portable terminal through a cellular network by a first portable terminal; outputting a sound including a second partial security key being a remaining portion of the first security key after transmitting the connection request message; receiving a request of a WLAN connection including a second security key from the second portable terminal having received the sound through a WLAN; and establishing the WLAN link with the second portable terminal when the second security key corresponds to the first security key. | 10-17-2013 |
| 20130276064 | SECURE ZONE FOR DIGITAL COMMUNICATIONS - The systems, methods and apparatuses described herein provide a computing environment that includes a secure zone for executing tasks. An apparatus according to the present disclosure may comprise a screen, a secure zone and an indicator operatively controlled by the secure zone. The secure zone may be configured to execute a task and to assume control over an output to the screen while the apparatus is operating in a secure mode and to transfer control over the output to the screen to a non-secure zone while the apparatus is operating in a non-secure mode. | 10-17-2013 |
| 20130276065 | SYSTEM AND METHODS FOR RECEIVING AND CORRECTING CONTENT TRANSMITTED OVER MULTICAST CHANNELS - In one embodiment of the invention, a system and method for receiving and correcting content is provided. A receiver receives a plurality of transmission with embedded content key identifiers. Data packets for which the receiver has a corresponding authentication key are authenticated. Non-successful authentications, or data packets without a corresponding authentication key, are ignored by the receiver. The receiver checks if the content is encrypted. If so, the content may also be decrypted using content decryption keys stored within the receiver. Authentication keys and decryption keys may be updated via secure transmissions. The receiver status is monitored for incomplete and/or corrupted content receipt. The failed content may be retransmitted to the receiver over radio transmitters. Failed content may also be supplied to the receiver via the backchannel. Retransmission of the content may be performed according to a content delivery schedule. | 10-17-2013 |
| 20130283346 | System and Method For Rapid Authentication In Wireless Communications - Various methods and communications devices to improve association and handoff performance of a wireless network are provided. By way of example, a modified state machine that permits reduced security requirements for authentication in order to achieve fast authentication is employed. The modified state machine providing fast authentication remains compatible with the classic state machine implementing the wireless fidelity (WiFi) standard. | 10-24-2013 |
| 20130283347 | SCALABLE REPLAY COUNTERS FOR NETWORK SECURITY - In one embodiment, an authenticator in a communication network maintains a persistent authenticator epoch value that increments each time the authenticator restarts. The authenticator also maintains a persistent per-supplicant value for each supplicant of the authenticator, each per-supplicant value set to a current value of the authenticator epoch value each time the corresponding supplicant establishes a new security association with the authenticator. To communicate messages from the authenticator to a particular supplicant, each message uses a per-supplicant replay counter having a security association epoch counter and a message counter specific to the particular supplicant. In particular, the security association epoch counter for each message is set as a difference between the authenticator epoch value and the per-supplicant value for the particular supplicant when the message is communicated, while the message counter is incremented for each message communicated. | 10-24-2013 |
| 20130283348 | Cooperation Between MoCA Service Provider and Consumer Networks - Embodiments may be disclosed herein that provide systems, devices, and methods of operating a Multimedia over Coax (MoCA) network. One such embodiment is a method comprising: designating a selected MoCA device as a network controller; and logically partitioning, into virtual MoCA networks, a predetermined bandwidth reserved for the MoCA network by sending, from the network controller one or more beacons containing virtual network information. | 10-24-2013 |
| 20130283349 | AUTHENTICATION METHOD AND ELECTRONIC DEVICE - Embodiments of the present disclosure provide an authentication method and an electronic device. The method includes: generating by a first device an authentication request if a predetermined condition exists between the first device and a second device, when the first device is in a locking state, wherein the first device has the locking state and a non-locking state; receiving by the first device authentication information, the authentication information being input in response to the authentication request; and authenticating the second device using the authentication information. Through the present disclosure, others cannot directly damage or copy data in the first device in a connection manner such as using a data line even if they get hold of the device, as long as the first device is in the locking state. Thus, the security of the data in the first device is ensured. Since a complex synchronization authentication protocol does not need to be developed by synchronization software and the first device, and the present disclosure is compatible with various commercially available synchronization software, the implementation method is simple and efficient, and the compatibility is good. | 10-24-2013 |
| 20130291061 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREOF - An application to be installed is acquired. Security policy geographic information, which is geographic information of an application's target distribution area where a user permits installation, is acquired from security policy that defines processing regarding the application. Application geographic information, which is geographic information of an application's target distribution area, is acquired from the acquired application. Based on a comparison result of comparing the security policy geographic information with the application geographic information, whether or not to permit installation of the acquired application is determined. | 10-31-2013 |
| 20130298192 | SYSTEMS AND METHODS FOR USING REPUTATION SCORES IN NETWORK SERVICES AND TRANSACTIONS TO CALCULATE SECURITY RISKS TO COMPUTER SYSTEMS AND PLATFORMS - Instrumented networks, computer systems and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for calculating security risks by determining subject reputation scores. In an embodiment, a system receives a query for a reputation score of a subject, initiates directed queries to external information management systems to interrogate attributes associated with the subject, and analyzes responses. The system receives a hierarchical subject reputation score based on a calculus of risk and returns a reputation token. In another embodiment, a method provides real time attestation of a subject's reputation to a service provider using an endpoint trust agent, and a trust orchestrator comprising a reputation broker and a trust broker. | 11-07-2013 |
| 20130298193 | AUTHENTICATION METHOD OF ACCESSING DATA NETWORK AND ELECTRONIC DEVICE THEREFOR - Disclosed is an electronic device and an authentication method performing therein. The authentication method includes transmitting a first address to a service providing node, receiving a first response to the transmission of the first address from the service providing node, transmitting a second address to the service providing node, receiving a second response to the transmission of the second address from the service providing node, and determining whether it is necessary to perform authentication for accessing a data network as a result of comparing the first response with the second response. | 11-07-2013 |
| 20130298194 | COMMUNICATION APPARATUS AND CONTROL METHOD - A communication apparatus detects network information concerning a network that communicates via a base station and performs acquisition processing for acquiring authentication information used for authentication with an authentication server via the base station from another communication apparatus according to the network information detected by the detection unit. | 11-07-2013 |
| 20130298195 | Image-Based CAPTCHA Exploiting Context in Object Recognition - Techniques for an image-based CAPTCHA for object recognition are described. The disclosure describes adding images to a database by collecting images by querying descriptive keywords to an image search engine or crawling images from the Internet. | 11-07-2013 |
| 20130298196 | Network Access Method, Apparatus and System - The disclosure discloses a network access method, apparatus and system. The method includes: a network side determines that a first User Equipment (UE) requests to use the account of a second UE for access; the network side determines that the account of the second UE is successfully authenticated; the network determines that the user to which the second UE belongs allows the first UE to access the network side by the account of the second UE; and the first UE accesses the network side. The disclosure can ensure the security of the master user. | 11-07-2013 |
| 20130305314 | MANAGING ACCESS TO DATA BASED ON DEVICE ATTRIBUTE INFORMATION - A technique involves receiving a request for certain data to be processed by a device and determining, based on an attribute of the device, whether to allow an operation to be performed on the data; after allowing the operation to be performed on the data: sending, to the device, a request for one or more characteristics of the device; in response to the request, receiving the one or more characteristics from the device; storing, based on the one or more characteristics, a second attribute that is associated with the device; after storing the second attribute: receiving a second request for second data to be processed by the device; determining, based on the second attribute of the device, whether to allow an operation to be performed on the second data; determining to not allow the second operation to be performed, wherein the device is capable of processing the second data. | 11-14-2013 |
| 20130312061 | COMPUTER READABLE STORAGE MEDIA FOR MULTI-FACTOR AUTHENTICATION AND METHODS AND SYSTEMS UTILIZING SAME - Systems and methods for providing multi-factor authentication are discloses herein. A method for multi-factor authentication may include a step for receiving an authentication window request from an electronic device. The authentication window request may be configured to identify a user. The method may further include enabling an authentication window responsive, at least in part, to receipt of the authentication window request. The method may further include receiving a login verification request from an application server. The method may further include providing a response to the application server responsive, at least in part, to receiving the login verification request. The response may indicate whether the user may be selectively authenticated. | 11-21-2013 |
| 20130312062 | COMMUNICATION DEVICE, COMMUNICATION METHOD, COMPUTER PROGRAM, AND COMMUNICATION SYSTEM - There is provided a communication device including a communication unit configured to include different communication modes, and an information exchange unit configured to exchange, before the communication unit transmits information to a transmission destination device, an available communication mode and authentication information in advance with the transmission destination device using a communication mode included in the communication unit, the authentication information being used when communication is performed using the communication mode. | 11-21-2013 |
| 20130312063 | SECURE NETWORK CONNECTION - The invention provides for a method for use in a mobile radio communications network connection procedure and including the step of rejecting at a mobile radio communications device a handover request from a network responsive to determination of support of the security algorithm associated with the handover, and for a mobile radio communications device arranged to determine support of security algorithms as proposed by the network, preferably at AS level, within a handover command, and to provide notification to the network of rejection of the connection due to non-support of the algorithm. | 11-21-2013 |
| 20130312064 | PROGRAM EXECUTION DEVICE - A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program. | 11-21-2013 |
| 20130312065 | METHOD, SYSTEM AND APPARATUS FOR A COMMUNICATIONS CLIENT PROGRAM AND AN ASSOCIATED TRANSFER SERVER FOR ONYMOUS AND SECURE COMMUNICATIONS - The present invention provides a communications client program and an associated transfer server for onymous and secure communications over the interne. The communications client program is used for electronically sending and receiving mail items and for conducting realtime audio and video communications in a secure manner. A mail item is any item of correspondence that bears an addressee's street address (i.e. number, street, suburb, state and post code) or an advertising item that does not necessarily bear an addressee, but includes nominations for preferred destinations. | 11-21-2013 |
| 20130318568 | Assessing a data object based on application data associated with the data object - A server receives from a mobile communication device application data identifying a data object accessible by the mobile communication device. The server uses at least some of the application data to assess the data object. The application data can include, for example, behavioral data, metadata, parts of the data object, information indicating the data object is installed on the mobile communication device, or combinations of these. | 11-28-2013 |
| 20130326583 | MOBILE COMPUTING DEVICE - This is described a method of access control for a mobile computing device having a touch-screen, the method comprising: receiving a signal indicating an input applied to the touch-screen; matching the signal against a library of signal characteristics to identify a user of the mobile computing device from a group of users of the mobile computing device; receiving an additional input to the mobile computing device; using both the signal and the additional input to authenticate the user; and if authenticated, allowing access to the mobile computing device in accordance with configuration data for the authenticated user. | 12-05-2013 |
| 20130326584 | METHOD AND SYSTEM FOR ENTITY AUTHENTICATION IN RESOURCE-LIMITED NETWORK - A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention. | 12-05-2013 |
| 20130326585 | System and Method for Fuse Enablement of a Secure Client Hosted Virtualization in an Information Handling System - A client hosted virtualization system includes a processor to execute code, a non-volatile memory, and a switch. The memory includes code to implement a basic input/output system (BIOS) for the CHVS, and code to implement a virtualization manager. The virtualization manager is operable to initialize the CHVS, authenticate a virtual machine image associated with a virtual machine, and launch the virtual machine on the CHVS. The switch is operable to select one of a first state and a second state. The processor operates to execute the BIOS code when the switch is in the first state and to execute the virtualization manager code when the switch is in the second state. | 12-05-2013 |
| 20130326586 | Connection Processing Method and System - The disclosure provides a connection processing method and system. The method includes: establishing a secure connection between a Mobility Management Entity (MME) and/or Serving Gateway (S-GW) and a Home (Evolved) NodeB (H(e)NB); and protecting a connection between the MME and/or S-GW and the H(e)NB via the secure connection. The disclosure increases the reliability and security of a data transmission mechanism of an H(e)NB system, overcomes the security defects of the H(e)NB system, and improves the security performance of the H(e)NB system. | 12-05-2013 |
| 20130326587 | TECHNIQUES FOR AUTO-AUTHENTICATION - Techniques to automatically authenticate may include determining that a mobile device is on a wireless local area network. An network access identification for the wireless local area network may be determined. The mobile device may be automatically authenticated on the wireless local area network based on information associated with the network access identification. Other embodiments are described and claimed. | 12-05-2013 |
| 20130332993 | Controlling Device - A controlling device may acquire setting information regarding a wireless setting for a wireless communication currently being set in a wireless communication device. The controlling device may determine, using the setting information, whether the wireless setting indicates a first authentication method in which an authentication is performed by an authentication server or a second authentication method in which an authentication is performed by a device with which the wireless communication performing unit performs a wireless communication directly. The controlling device may provide a first screen to a displaying unit in a first case where a determination is made that the wireless setting indicates the first authentication method. The controlling device may provide a second screen which is different from the first screen to the displaying unit in a second case where a determination is made that the wireless setting indicates the second authentication method. | 12-12-2013 |
| 20130332994 | EMPLOYING PHYSICAL LOCATION GEO-SPATIAL CO-ORDINATE OF COMMUNICATION DEVICE AS PART OF INTERNET PROTOCOL - A current physical location value associated is incorporated with a communication device as part of internet protocol (IP). An IP management component obtains current physical location information of a wireless communication device and modifies the IP address to incorporate the current physical location value corresponding to the current physical location of the communication device as part of the IP address of the communication device to prevent undesired intrusions by hackers, as communications associated with the communication device are routed to/from the communication device that is at the current physical location. If the communication device moves to a new location, the IP management component can perform a new IP address modification to modify the IP address to incorporate a new physical location value associated with the communication device. | 12-12-2013 |
| 20130340039 | LOCATION-ENABLED SECURITY SERVICES IN WIRELESS NETWORK - A method, an apparatus, and a computer program product for providing location enabled security services in a wireless network. In the method, a network access request from a node requesting access to the wireless network is received. A probability level for a position for the requesting node is calculated using position information claimed by the requesting node and position information about the requesting node derived from signal measurements for the requesting node received by at least one existing authorized node in the wireless network. Access for the requesting node to the wireless network is denied if the probability level does not satisfy a specified threshold condition for network security. Access for the requesting node to the wireless network is granted if the probability level does satisfy the specified threshold condition. | 12-19-2013 |
| 20130340040 | METHOD AND APPARATUS OF CONSTRUCTING SECURE INFRA-STRUCTURE FOR USING EMBEDDED UNIVERSAL INTEGRATED CIRCUIT CARD - Provided are a method and device for building a security-based environment that uses an eUICC. A method of building a trust relationship in an eUICC environment includes transmitting, by a trust requesting object, a trust relationship requesting message including identification information and signature information of the trust requesting object to a trust verifying object, delivering, by the trust verifying object, the trust relationship requesting message to a trust relationship relay object and receiving trust information of the trust requesting object corresponding to the trust relationship requesting message from the trust relationship relay object, and verifying, by the trust verifying object, the signature information of the trust requesting object using the trust information of the trust requesting object. | 12-19-2013 |
| 20130340041 | Digital Communication Biometric Authentication - A biometric authentication system is disclosed that provides authentication capability using biometric data in connection with a challenge for parties engaging in digital communications such as digital text-oriented, interactive digital communications. End-user systems may be coupled to devices that include biometric data capture devices such as retina scanners, fingerprint recorders, cameras, microphones, ear scanners, DNA profilers, etc., so that biometric data of a communicating party may be captured and used for authentication purposes. | 12-19-2013 |
| 20130340042 | SECURE CONFIGURATION OF AUTHENTICATION SERVERS - Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files. | 12-19-2013 |
| 20130347067 | DYNAMIC HUMAN INTERACTIVE PROOF - In one embodiment, a human interactive proof portal | 12-26-2013 |
| 20130347068 | Detection And Management Of Unauthorized Use Of Cloud Computing Services - Concepts and technologies disclosed herein are for detecting and managing unauthorized use of cloud computing services from within an internal network of a business or other organization. A computer system may be configured to identify a plurality of Web resources that have been accessed by computing devices from within the internal network. The computer system may also be configured to obtain Internet protocol (“IP”) information from a network component of the internal network. The IP information may be used to determine whether each of the plurality of Web resources is a cloud computing service resource. The computer system may also be configured to block access to a cloud computing service resource of the plurality of Web resources upon determining that the IP information identifies the cloud computing service resource as being unauthorized. | 12-26-2013 |
| 20130347069 | REFERER VERIFICATION APPARATUS AND METHOD - A referer verification apparatus and method for controlling web traffic having malicious code are provided. In the referer verification method, whether a referer is present in a Hypertext Transfer Protocol (HTTP) packet is determined. If it is determined that the referer is present in the HTTP packet, Uniform Resource Locators (URLs) are extracted from a referer web page corresponding to the referer. The referer is verified based on a URL corresponding to a referer verification request received from a server and the extracted URLs. A Completely Automated Public Test to tell Computers and Humans Apart (CAPTCHA) verification procedure conducted by a user is performed based on results of the verification of the referer. | 12-26-2013 |
| 20130347070 | SYSTEM AND METHOD FOR EMBEDDING FIRST PARTY WIDGETS IN THIRD-PARTY APPLICATIONS - Methods and systems provide embeddable user interface widgets to third-party applications so that the widgets can be securely embedded in, and securely used from within, the third-party applications. An embeddable widget may be authorized to access a first-party cloud storage system from a third-party application based on the cloud storage system authenticating a request received from the widget. The authentication may be based on an application identifier, an origin identifier, and/or one or more document identifiers received from the third-party application through the embedded widget. The disclosed methods and systems may significantly mitigate security concerns caused by embedding software in third-party sites, such as clickjacking. | 12-26-2013 |
| 20130347071 | METHOD AND SYSTEM FOR GRANTING ACCESS TO A SECURED WEBSITE - A method and system are provided for granting access to a secured website of a content provider. The method includes: detection of a user's request for accessing secured website on a first communication device, the request indicating that at least one access code for accessing secured website is stored on an authentication server; transmission of a request for a validation to a second communication device identified with indication; and after verification of the validation received from the second communication device, forwarding the request for access to the secured website to the content provider using the stored website access code corresponding to the security code. | 12-26-2013 |
| 20140007189 | SECURE ACCESS TO SHARED STORAGE RESOURCES | 01-02-2014 |
| 20140007190 | Social Sharing of Security Information in a Group | 01-02-2014 |
| 20140007191 | Managing Personal Information on a Network | 01-02-2014 |
| 20140007192 | PROVIDING SECURE MOBILE DEVICE ACCESS TO ENTERPRISE RESOURCES USING APPLICATION TUNNELS | 01-02-2014 |
| 20140007193 | RULES BASED DETECTION AND CORRECTION OF PROBLEMS ON MOBILE DEVICES OF ENTERPRISE USERS | 01-02-2014 |
| 20140007194 | SECURE CONTROL FOR DESKTOP SECURE VIDEO TELECONFERENCING | 01-02-2014 |
| 20140013388 | METHODS AND SYSTEMS FOR MANAGING MULTIPLE INFORMATION HANDLING SYSTEMS WITH A VIRTUAL KEYBOARD-VIDEO-MOUSE INTERFACE - According to one embodiment of the disclosure, a system includes a chassis configured to receive a plurality of modular information handling systems. The system also includes one or more chassis management controllers housed in the chassis. The chassis management controllers are configured to establish an authenticated session with available modular information handling systems present in the chassis, direct input/output communications between an information handling system designated as a selected information handling system and a remote management console coupled to the one or more chassis management controllers via a network, and maintain the authenticated sessions with one or more available modular information handling systems not designated as the selected information handling system. | 01-09-2014 |
| 20140013389 | COMMUNICATION BLOCKING CONTROL APPARATUS AND METHOD THEREOF - A communication blocking control method includes receiving a communication blocking request from a terminal in an idle state in which it is difficult to find out whether information is leaked or not; registering a state of the terminal in a communication blocked list according to the communication blocking request; and blocking external communication of the terminal through a network. | 01-09-2014 |
| 20140013390 | SYSTEM AND METHOD FOR OUT-OF-BAND APPLICATION AUTHENTICATION - Application-to-Application authentication features using a second communication channel for out-of-band authentication separate from a communication channel of a request from a client to a server. Authentication information is associated with a component of the system such as the request or the client application, while being collected independent of interaction with the client application initiating the request. Implementations provide improved security over existing solutions using in-band or other means of collecting authentication information. | 01-09-2014 |
| 20140013391 | METHODS AND SYSTEMS FOR INTERNET SECURITY VIA VIRTUAL SOFTWARE - A method for providing internet security via multiple user authorization in virtual software. Each of two users are provided with a non-transitory tangible storage medium. The first user inputs the storage medium into a local computer. If the first user is granted authorization by a second user, the first user can download at least one additional non-browser based application module into virtual memory of his local computer. | 01-09-2014 |
| 20140013392 | UE ACCESS TO CIRCUIT SWITCHED-BASED MOBILE TELEPHONY SERVICES USING A FIXED WIRELESS TERMINAL - A fixed wireless terminal (FWT) ( | 01-09-2014 |
| 20140013393 | SYSTEM AND METHOD OF FACILITATING THE IDENTIFICATION OF A COMPUTER ON A NETWORK - A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack. | 01-09-2014 |
| 20140013394 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR A PRE-DEACTIVATION GRACE PERIOD - A system, method, and computer program product are provided for a pre-deactivation grace period on a processing device (e.g., mobile device). In operation, a deactivation request is detected for a deactivation event. Further, the commencement of the deactivation event is delayed for a predetermined time period, in response to the deactivation request. Additionally, the deactivation event is commenced, after the predetermined time period. To return to full functionality of the processing device while in the deactivation grace period all that may be required is entry of a authentication information (e.g., password) that is weaker than a stronger authentication information initially used to log into the processing device. | 01-09-2014 |
| 20140020060 | QUALITY OF SERVICE APPLICATION - A first network device receives an authentication request, from a second network device, to authenticate a user device and a first over-the-top application, stored on the user device, to determine whether to apply a level of quality of service to the first over-the-top application. The first network device authenticates the user device, based on the authentication requested. The first network device authenticates the first over-the-top application, based on the authentication request. The first network device sends an authentication result, based on the authentication of the user device and the first over-the-top application, to the second network device; and the second network device initiates, based on the authentication result, a process to apply a level of quality of service to information sent between the first over-the-top application and a provider associated with the first over-the-top application. | 01-16-2014 |
| 20140020061 | AUTOMATIC PROVISIONING IN MOBILE TO MOBILE PLATFORMS - Systems and methods for automatically provisioning devices that do not include or cannot provide a unique hardware identifier over a machine-to-machine network. A device or application may provide a server with a non-unique provisioning identifier during restricted communication between the server and the device. In response to receiving a provisioning identifier from a device, a server may generate a globally unique device identifier associated with the provisioning identifier for the individual device, and transmit the unique identifier to the device. The device may retain the unique identifier for future transactions. A request may be provided to a user, at the device, the server or any other interface, requesting that a newly identified device be authenticated. Upon authentication the device may communicate with the server with additional interactions that were not provided after provisioning and before authentication. | 01-16-2014 |
| 20140020062 | TECHNIQUES FOR PROTECTING MOBILE APPLICATIONS - Techniques for protecting mobile applications are presented. A user's mobile device is provisioned and proxied over a cloud environment with enterprise policy enforced in that cloud environment. Enterprise applications run on the mobile device within the cloud environment. Administrative reporting and control occurs within the cloud environment and the enterprise applications establish connections to, authenticate to, and communicate with remote enterprise services via the provisioned cloud environment. | 01-16-2014 |
| 20140020063 | Electronic Messaging Exchange - A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform. | 01-16-2014 |
| 20140026187 | SECURE DATA ACCESS FOR MULTI-PURPOSE MOBILE DEVICES - According to some embodiments, a proxy server comprises one or more processors operable to establish communication with a secure client application of a device. The client is configured with a partition that contains data received from the proxy server within the secure application. If the client passes authentication, the server communicates preview information to the client previewing files that the server received from a business server on behalf of the client. The client requests a selected file. The server renders the selected file into a first portion and a second portion based on the immediate display capabilities of the client. The server communicates the first portion, determines that a trigger point was reached, and then communicates the second portion in response to the trigger point being reached. The client is configured to delete the first portion and the second portion in response to a completion event. | 01-23-2014 |
| 20140026188 | SYSTEMS, METHODS, AND DEVICES FOR RESTRICTING USE OF ELECTRONIC DEVICES BASED ON PROXIMITY TO WIRELESS DEVICES - Systems, kits, methods, and software are disclosed for securing access to an electronic device such as a smartphone, tablet, e-reader, portable media player, and the like. The electronic device includes a security application and a network interface. The network interface is configured to be paired with or otherwise communicatively connect to a separate security device. If the application determines that communication is possible or occurring, access to the electronic device may be enabled. If the application determines that communication is not possible, some, all, or substantially all features of the electronic device may be disabled. The disabled device may be re-enabled manually using an override code, or automatically be re-initiating communication with the security device. | 01-23-2014 |
| 20140026189 | METHOD, CLIENT, SERVER AND SYSTEM OF LOGIN VERIFICATION - The present disclosure introduces a method, a client, a server and a system of login verification. When a user logins, the client obtains a login request from the user for logging into an under-protected account system, where the login request includes at least an account to be logged in, determines property information of a current related account system corresponding to the account to be logged in from property information stored in a current login host, generates login verification information including at least the property information of the current related account system, and sends the login verification information to a server. The server verifies a login activity of the user based on the pre-stored reliable property information corresponding to the account to be logged in. Thus, the login verification process is simplified and the efficiency of login verification using the server is enhanced. | 01-23-2014 |
| 20140026190 | MOBILE APPLICATION FOR ACCESSING A SHAREPOINT.RTM. SERVER - A method of and a mobile processing device for accessing a web application platform. The method includes installing an application configured to access a server hosting the web application platform, configuring the application, wherein configuring comprises generating at least one of a data capture list and a data lookup list available to the application, transferring authentication information to the server, receiving an indication of which application configurations the application is permitted to access based upon the authentication information, and displaying a set of one or more icons related to the application configurations the application is permitted to access. The mobile processing device includes various hardware components for performing the method. | 01-23-2014 |
| 20140033272 | EVALUATING A SECURITY STACK IN REPSONSE TO A REQUEST TO ACCESS A SERVICE - A process to evaluate a request to access a service received from a user's computing device having a software stack and a software stack provider over a computer network is disclosed. Prior to providing access to the service, a determination is made as to whether the software stack meets a set of conditions. If the set of conditions are met, the software stack provides verification information. The software stack provider is asked to validate the verification information. Access to the service if the software stack provider validates that the set of conditions are met. | 01-30-2014 |
| 20140033273 | AUTOMATING CALLS BETWEEN SEPARATE AND DISTINCT APPLICATIONS FOR INVOKING AN IDENTITY VERIFICATION FUNCTION - A method, software and system allows for the novel and seamless integration between disparate hardware and software systems to facilitate strong authentication and identity assertion of an individual as an integral component of transaction processing. The method, software and system can combine quick response (QR) code(s) with more custom mobile device uniform resource locator (URL) scheme(s) to seamlessly invoke mobile application(s) that enable an end user to perform strong, multi-factor authentication as a component of completing a transaction. The use of mobile application(s) can simplify and automate the conveyance of transaction details between computing platforms and devices to allow a user to fully participate in a transaction approval process with a simplified, convenient experience. | 01-30-2014 |
| 20140033274 | COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - A communication system comprising a plurality of terminals, comprising: a start request information obtaining unit that obtains information for requesting start of a session between a first terminal and a second terminal of the plurality of terminals; a session management unit that establishes the session in accordance with the start request information; a participation request information obtaining unit that obtains participation request information with which a third terminal of the plurality of terminals requests participating in the already established session; and a participation determination unit that allows the third terminal to participate or prohibit the third terminal from participating in the already established session, wherein when the participation determination unit allows participation in the already established session, the session management unit lets the third terminal to participate in the already established session. | 01-30-2014 |
| 20140033275 | COMPUTER SYSTEM, CONTROLLER, AND METHOD OF CONTROLLING NETWORK ACCESS POLICY - A computer system according to the present invention includes a controller, and a switch which carries out a relay operation on a received packet which conforms to a flow entry which is set by the controller, the relay operation being regulated with the flow entry. The switch transmits a received packet which does not conform to the flow entry which is set by the switch to the controller. The controller queries authentication information which is included in the received packet and authenticates the received packet. From among the header information of the received packet which is determined to be valid, the controller sets the switch to the flow entry which regulated the relay operation for the packet which includes information which identifies the transmission source of the received packet. Network access policy control in a computer system of an open flow protocol environment is thus made easy. | 01-30-2014 |
| 20140040984 | DYNAMIC TRUST SESSION - A secure session of communication between two entities in a network is disclosed. Using client-server terminology, a client sends a connection-request to a server that authenticates the connection-request and transmits a session-request to the client in response. The client reverse-authenticates the session-request and then passively waits to receive a tunnel-request transmitted by the server. The tunnel-request sets up one or more overlapping tunnels between the client and the server to support the desired communications. Each of the tunnels exists only for a specified time and is replaced by another tunnel that is set up after a selected time delay after the start of a previous tunnel. | 02-06-2014 |
| 20140040985 | METHOD AND APPARATUS FOR WIRELESS SECURITY ENHANCEMENT USING MULTIPLE ATTRIBUTES MONITORING, CONTINUOUS AND INTERLEAVED AUTHENTICATION, AND SYSTEM ADAPTATION - The present invention is an adaptive secure wireless communications system and method. Generally, the present invention may be operable to address challenges and threats to a secure communication session. The secure wireless communication system of the present invention may operate one or more of the following: multiple physical-layer attributes monitoring; multiple parameter confidence testing related to transceiver (Tx-Rx) specific environment and transmitter receiver hardware characteristics; continuous and interleaved authentication; and security enhancement using dynamic adaptation of the transmission system parameters based concurrent and/or conjugated transmission of data-carrying signal and security control information. The real-time physical-layer related monitoring and interaction between transmitter and receiver, using Tx-Rx related physical environment, of the present invention may effectively reduce many wireless security threats including interception and spoofing. | 02-06-2014 |
| 20140040986 | Protocol to Prevent Replay Attacks on Secured Wireless Transactions - A method and system for preventing replay attacks on secure data transactions. A replay attack occurs when an unauthorized user intercepts a secure data transaction between a device and a central system and uses the intercepted data to gain access to the central system. One method for preventing such replay attacks is the use of a unique session identification number that is generated for each secure data transaction request. A replay attack is defeated using intercepted data since the unique session identification number is valid only for a completed session and may not be reused. When a device is connected to a server using either wireless or land-line connection, the device requests a session identification number from the server. The server generates and signals to the device a unique session identification number which the device then transmits back to the server along with a request for a secure data transaction. Upon verification of the correct unique session identification number, the server implements the requested data transaction. Termination of the requested transaction by the device signals the termination of the current secure data transaction. A new unique session identification number must be requested and issued in like fashion for any additional secure data transactions. The method and system offer the advantage of use with multiple available servers, in contrast to present methods which require that a device to communicate with a given server. Further, the present method offers reduced operation time since there is a single coupling/uncoupling for each data transaction. | 02-06-2014 |
| 20140040987 | Network Application Security Utilizing Network-Provided Identities - A network security system that correlates security-related events to individual users, as identified by a user identifier and an identity provider. The user identifier may be associated in one or more implicit or explicit social networks. | 02-06-2014 |
| 20140040988 | Method and System for Data Communication to an Identification Module in a Mobile Radio Terminal - The technique described herein relates to a method for transmitting data to an identification module in a mobile terminal device that can be connected to a mobile telecommunications network, making use of an OTA server that has a database with security information for a plurality of identification modules and that also has a first interface for transmitting secured information, especially OTA messages, to the identification modules. The data is secured in the OTA server by security information stored in the database, and the secured data is transferred via a second interface of the OTA server to a data center that is connected to the OTA server. The data is transmitted to the identification module by the data center. Moreover, the technique described herein also relates to a system for carrying out the method. | 02-06-2014 |
| 20140047506 | LICENCE MANAGEMENT SYSTEM, LICENSE MANAGEMENT METHOD, AND CLIENT DEVICE - At the time of license authentication for a PC software product, an inquiry about the license authentication date of an MFP software product included in a combined product is made to an MFP in which the MFP software is installed, and the license authentication date of the earlier date information is deemed as the start date of a maintenance contract. A license management method is provided in which if the PC software product is released within the term of the maintenance contract, the PC software product is made usable. | 02-13-2014 |
| 20140047507 | METHOD FOR PUBLICLY PROVIDING PROTECTED ELECTRONIC DOCUMENTS - The invention relates to a method for publicly providing protected electronic documents, wherein a first user, after a user authentication process, transmits a private electronic document from a data terminal via a communications network to a private storage medium of a data processing device and stores the document on said medium. Thereafter, an analysis and comparison module is activated, which analyzes and compares the private electronic document to the public electronic documents in a public storage medium, and when a second user accesses the private electronic document of the first user, a public electronic document from the public storage medium is provided by the authentication and access control module instead of the private electronic document. | 02-13-2014 |
| 20140047508 | MULTIPLE USER LOGIN DETECTION AND RESPONSE SYSTEM - A method is provided for controlling multiple access to a network service to prevent fraudulent use of the network service. The method includes identifying an account access counter for an account using identification information received from a user at a first device using a network, wherein the user is requesting access to a service provided at a second device, and further wherein the account access counter is the number of service access sessions active for the account; comparing the account access counter to a maximum account access number, wherein the maximum account access number defines a maximum number of service access sessions allowed for the account; and providing the user at the first device access to the service at the second device if the account access counter is less than the maximum account access number. | 02-13-2014 |
| 20140053240 | SYSTEM, METHOD AND APPARATUS FOR ELECTRONICALLY PROTECTING DATA AND DIGITAL CONTENT - A system, method and apparatus for protecting sensitive data in a file that has been replaced with pointer(s) for each sensitive data. The sensitive data items are protected by restricting subsequent access to and use of the sensitive data items via the pointers by: receiving a first request for data stored in a file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers: sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds. | 02-20-2014 |
| 20140053241 | Authenticating a Device in a Network - There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node. The context regeneration request is sent from the serving network node to the authentication server. The context regeneration request is verified at the authentication server. The second security context is generated at the authentication server based on at least the secret, the random value, and the first and second re-use information. The second security context is communicated from the authentication server to the serving network node. | 02-20-2014 |
| 20140059645 | Query Interface to Policy Server - A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter uses a local copy of an access control data base to determine whether an access request is made by a user. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The first access filter in the path performs the access check, encrypts and authenticates the request; the other access filters in the path do not repeat the access check. The interface used by applications to determine whether a user has access to an entity is now an SQL entity. The policy server assembles the information needed for the response to the query from various information sources, including source external to the policy server. | 02-27-2014 |
| 20140059646 | Query Interface to Policy Server - A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter uses a local copy of an access control data base to determine whether an access request is made by a user. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The first access filter in the path performs the access check, encrypts and authenticates the request; the other access filters in the path do not repeat the access check. The interface used by applications to determine whether a user has access to an entity is now an SQL entity. The policy server assembles the information needed for the response to the query from various information sources, including source external to the policy server. | 02-27-2014 |
| 20140059647 | ARRANGEMENT AND METHOD FOR ANONYMOUS USER PROFILING AND TARGETED CONTENT PROVISION - An electronic arrangement, optionally including at least one network server, including a media profile entity configured to store and maintain at least one user-adjustable personal media profile for a user capable of accessing a network, optionally the web, and related sites, services and/or applications via a number of terminal devices, wherein the personal media profile describes the user's interests preferably excluding identifiable information, optionally at least name and/or e-mail, and wherein the interests are represented on a number of levels including interest categories, such as automotive or travel categories, and further wherein the interests are at least partially determined based on monitoring the user behavior relative to the network, optionally the web, an authentication entity configured to associate a terminal utilized by the user with the media profile of the user based on profile-identifying data provided to/by the terminal, such as a numeric or alphanumeric, optionally encrypted, code. | 02-27-2014 |
| 20140059648 | METHODS FOR SECURE DISTANCE BOUNDING/RANGING BETWEEN TWO DEVICES - A method for communicating between a first device and a second device is shown. The devices are structured and configured for communicating via a communication channel by exchanging messages. The method comprises:
| 02-27-2014 |
| 20140059649 | APPARATUS, SYSTEM AND METHOD FOR ACCESSING INTERNET WEBPAGE - The present invention discloses an apparatus, system and method for accessing internet webpage. The system includes a user terminal and a proxy server. The user terminal is configured to initiate an access request to the proxy server, the access request including URL information of a target webpage which carries an identifier of requiring security authentication, and receive and display target webpage information outputted from the proxy server. The proxy server is configured to receive the access request, perform security authentication on the URL information of the target webpage which carries the identifier of requiring security authentication according to pre-stored webpage security database information; if the security authentication is passed, obtain the target webpage information and output the target webpage information to the user terminal. By applying the present invention, network delay overload for accessing the internet webpage can be reduced, and user experience can be improved. | 02-27-2014 |
| 20140068710 | USER DEVICE SELECTION - A method may include receiving, at an application server, a session initiation protocol (SIP) message including a public user identifier (ID) associated a user. The public user ID corresponds to a plurality of user devices. The method also includes determining an applicable order of alerting at least one of the plurality of user devices. The method further includes identifying at least one available user device associated with the user, based on a terminal identifier (ID) associated with each at least one available user device. The method includes selecting a user device from the at least one available user device based on the applicable order of alerting. A SIP invite message, including a terminal ID for the selected user device, is generated. The method includes sending the SIP invite message to the selected user device based on the applicable order of alerting, and receiving a response to the SIP invite message. | 03-06-2014 |
| 20140068711 | Network Access Management via a Secondary Communication Channel - The present disclosure provides for selectively enabling a primary communication channel upon receipt of enablement instructions received via a secondary communication channel. In some embodiments, a first intelligent electronic device (IED) may be connected to a second IED via a primary communication channel. In various embodiments, the primary communication channel may be selectively and/or temporarily enabled by transmitting an enablement instruction via a secondary communication channel. The secondary communication channel may be relatively more secure than the primary communication channel. In some embodiments, the secondary communication channel may also connect the first and second IEDs. Accordingly, the first IED may transmit an enablement instruction to the second IED in order to temporarily enable communication via the primary communication channel between the first and second IEDs. | 03-06-2014 |
| 20140068712 | REMOTE CONTROL OF SECURE INSTALLATIONS - Communication apparatus includes a one-way, hardware-actuated data relay, which includes a first hardware interface configured to receive a command from a communications network and a second hardware interface configured to convey the received command to a protected destination when the relay is actuated. A decoder includes a third hardware interface configured to receive a digital signature for the command from the communications network and hardware decoding logic coupled to verify the digital signature and to actuate the relay upon verifying the digital signature, whereby the command is conveyed via the second hardware interface to the protected destination. | 03-06-2014 |
| 20140068713 | SYSTEMS, METHODS AND ARTICLES FOR PROVIDING COMMUNICATIONS AND SERVICES INVOLVING AUTOMOBILE HEAD UNITS AND USER PREFERENCES - Network communications, Web-based services and customized services using the Web-based services may be provided to drivers and users via the automobile head unit in the vehicle and via their mobile device. The automobile head unit in the vehicle and the mobile device are communicatively linked via a short range wireless connection. Also, these devices may communicate over a network such as a cellular network to a service provider that provides entertainment and informational services to the mobile device and the head unit of the vehicle. The user's profile and preferences are able to follow the user to various locations and into vehicles because this information is stored at a server accessible by the user's mobile device, and in some embodiments, also the head unit. The mobile device may provide services to the head unit if it does not have wider network connectivity over the short range wireless connection. | 03-06-2014 |
| 20140068714 | NETWORK SYSTEM, DATA PROCESSING APPARATUS, AND METHOD - A method for processing data with a terminal and a system connected to the terminal via a network, which includes the steps of executing a process according to a request transmitted from the terminal via the network, performing a first user authentication with respect to the terminal by using the terminal or an authentication apparatus connected to the terminal via the network, storing first authentication data used for the first user authentication in association with second authentication data used for a second user authentication in a storage unit, and performing the second user authentication with respect to the system. In a case where at least a portion of the first authentication data is authenticated by the first user authentication, the second user authentication is performed by using the first and second authentication data stored in the storage unit and the portion of the first authentication data. | 03-06-2014 |
| 20140068715 | INFORMATION PROCESSOR, SYSTEM AND RECORDING MEDIUM - An information processor is connected via a network to an output apparatus and configured to control a job outputting process of the output apparatus. The information processor includes a job identifier generation part configured to generate a job identifier for uniquely identifying a job input from a terminal apparatus connected via the network to the information processor, an information storage part configured to store information that correlates the job identifier and the input job, a job identifier transmission part configured to transmit the job identifier correlated with the input job to the terminal apparatus, and a job association part configured to associate user information for uniquely identifying an authenticated user received from the output apparatus with the input job based on a job association request including the user information and the job identifier and on the information stored in the information storage part. | 03-06-2014 |
| 20140068716 | METHOD AND SYSTEM FOR A GIGABIT ETHERNET IP TELEPHONE CHIP WITH INTEGRATED SECURITY MODULE - Methods and systems for processing Ethernet data are disclosed and may comprise receiving Ethernet data via a single gigabit Ethernet IP telephone chip. A secure application key may be received from a secure server by an OSM integrated within the gigabit Ethernet IP telephone chip for processing the received Ethernet data. The received Ethernet data may be processed by the gigabit Ethernet IP telephone chip based on the received secure application key. A unique security identifier internal to the single gigabit Ethernet IP telephone chip may be communicated off-chip to the secure server. The unique security identifier may identify the single gigabit Ethernet IP telephone chip. The secure server may authenticate the gigabit Ethernet IP telephone chip based on the unique security identifier internal to the single gigabit Ethernet IP telephone chip, prior to the receiving of the secure application key. | 03-06-2014 |
| 20140068717 | METHOD AND SYSTEM FOR CONTROLLING ACCESS - A method and system for controlling access to a service by increasing security and/or authentication is described. A security controller comprises: a processor that receives event data and is connected to a state data store comprising state data indicating a status of a first device in a computing system. The state data comprises a proximity status of the first device relative to at least one other device in the computing system and a security status of the first device relative to at least one other device in said computing system. A policy data store stores a policy determining the required proximity status and security status of the first device. The processor is configured to read the event data, state data and the policy; determine whether the proximity status of the first device meets the required proximity status defined in the policy; determine whether the security status of the first device meets the required security status defined in the policy and output action data via an action output if both said determining steps are complied with. | 03-06-2014 |
| 20140075505 | SYSTEM AND METHOD FOR ROUTING SELECTED NETWORK TRAFFIC TO A REMOTE NETWORK SECURITY DEVICE IN A NETWORK ENVIRONMENT - A method provided in one example includes receiving a request for configuration information for a host in a first network, determining whether the request was sent over a quarantine virtual local area network (VLAN) in the first network, and providing to the host a network address of a first domain name system (DNS) server if the request was sent over the quarantine VLAN in the first network. In addition, the first DNS server translates a domain name in a query from the host to a network address of a network security device in a second network. In more specific embodiments, the domain name in the query is mapped to a different network address in a second DNS server. The method may also include providing a network address of the second DNS server if the request was sent over a production virtual local area network (VLAN) in the first network. | 03-13-2014 |
| 20140075506 | Extensible and Scalable Distributed Computing and Communication Remote Services Platform for Telemetry Collection Adaptive Data Driven Application Hosting, and Control Services - A global, broadband communications and computing system Platform for commercial aircraft selects a “current best” communication link from multiple available links. Onboard network access components, such as Wi-Fi and GSM pico-cells, enable wired/wireless devices to use the aircraft's broadband communications links. The Platform uses virtualization and distributed systems computing technology to create a system of systems that extends an airline company's ground communications and computing systems server(s) onboard aircraft in the fleet, regardless of model, age, or manufacturer. The Platform can host airline operational applications and services onboard the aircraft. An onboard system collects data from multiple aircraft systems, tags it with trusted time and origin metadata, and securely transmits it to a ground portion of the Platform in real time (or as links are available), and receives data for distribution to appropriate onboard systems. Core components on an aircraft are not affected by operation of the Platform. | 03-13-2014 |
| 20140075507 | METHOD AND DEVICE FOR CONNECTING TO A HIGH SECURITY NETWORK - The present invention relates to the field of access to a high-security network, and more particularly to a device allowing secure access, for example for management and maintenance operations. | 03-13-2014 |
| 20140075508 | DELEGATING OR TRANSFERRING OF ACCESS TO RESOURCES BETWEEN MULTIPLE DEVICES - A gatekeeper device delegates an ability to access a resource to an access device by transmitting metadata, which includes access information for accessing the resource. The access device uses the metadata to retrieve the associated resource from a resource server. By transmitting the metadata in lieu of the resource, flexible use of the resources is implemented while enabling compliance with various restriction schemes. The system may condition the delegation or transfer of resource access on one or more factors, such as proximity between the gatekeeper device and the access devices. Using information about an access device, the resource server may optimize the resources for the receiving access device. | 03-13-2014 |
| 20140075509 | PERFORMING A GROUP AUTHENTICATION AND KEY AGREEMENT PROCEDURE - Provided are a method, a corresponding apparatus and a computer program product for performing a group authentication and key agreement procedure. A method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure. With the claimed invention, the impact of the signaling overhead on a network can be significantly decreased without substantive modification to the existing architecture of the network. | 03-13-2014 |
| 20140075510 | COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM - A communication system includes an information acquisition unit that acquires information for determining an isolation level to which a user terminal belongs, from the user terminal; an isolation level determination unit that determines an isolation level to which the user terminal belongs, based on the acquired information; an isolation level information storage unit that defines whether or not access is possible to respective access destinations for each isolation level; an access control unit that causes a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to the respective access destinations; and a forwarding node(s) that forwards a packet in accordance with control of the access control unit. Stepwise access control is realized using isolation levels. | 03-13-2014 |
| 20140082693 | UPDATING SECURITY BINDINGS IN A NETWORK DEVICE - A network device includes a security binding table. The network device is configured to couple to a network and configured to receive security information from a source device. A processor is included to compare the lookup portion of the received security information from the source device to the lookup portion of each entry of the security binding table and to compare the match portion of the received security information from the source device to the match portion of each entry of the security binding table to determine if there is a match, and to update the security binding table by adding an entry comprising the lookup portion and the match portion of the received security information from the source device when neither the lookup portion nor the match portion of the received security information from the source device matches any entry of the security binding table. | 03-20-2014 |
| 20140082694 | ANTIBOT MECHANISMS OPTIMIZED FOR MOBILE COMPUTING - A method of determining whether a response received from an electronic device is generated by a person or by an automated software. The method receives a set of capabilities of the electronic device for detecting a group of actions that include at least a gesture or a device movement. The method selects a set of actions based on the device capabilities. The method sends a request to the electronic device for performing the set of actions in the plurality of actions. The method, based on a result of the set of actions performed on the electronic device, determining whether the set of actions are performed by a human. | 03-20-2014 |
| 20140082695 | SECURE ACCOUNT CREATION - In one embodiment, non-transitory computer-readable medium stores instructions for establishing a trusted two-way communications session for account creation for an online store, which include instructions for causing a processor to perform operations comprising retrieving and verifying a signed configuration file from a server, requesting a communication session using the configuration file, receiving a payload of account creation forms from a network client, signing the payload according to the server configuration file, and sending the signed payload containing account creation information to the server. In one embodiment, a computer-implemented method comprises analyzing timestamps for requests for data forms for supplying account creation information for evidence of automated account creation activity and rejecting the request for the locator of the second account creation form if evidence of automated account creation activity is detected. Methods for secure account authentication and asset purchase are also disclosed. | 03-20-2014 |
| 20140082696 | DISTANCE BOUNDING PROTOCOL WITH MINIMAL VARIANCE PROCESSING - The method for communicating between a first device and a second device, the first and second devices being structured and configured for communicating via a communication channel by exchanging messages, comprises the steps of
| 03-20-2014 |
| 20140082697 | SYSTEM ENHANCEMENTS FOR ENABLING NON-3GPP OFFLOAD IN 3GPP - Methods and apparatuses for offloading traffic from a third generation partnership project (3GPP) access network to a non-3GPP access point (AP) are disclosed. A 3GPP access network entity may receive subscription information associated with a wireless transmit receive unit (WTRU). The 3GPP access network entity may further receive traffic associated with the WTRU. The 3GPP access network entity may further determine whether to offload the traffic to the non-3GPP AP based on the subscription information. The 3GPP access network entity may also forward the traffic to the non-3GPP AP based on its determination. | 03-20-2014 |
| 20140082698 | METHOD AND SYSTEM FOR CONNECTING MOBILE COMMUNICATION TERMINAL WITH ACCESS POINT - Disclosed is a method for connecting a mobile communication terminal with an access point located in a local area providing a Wireless Local Area Network (WLAN) service in which a server managing the access point compares Media Access Control (MAC) information of the mobile communication terminal or MAC information of the access point transferred from the mobile communication terminal through a mobile communication network with MAC information previously stored in the server and transfers network setting information required for connection to the access point to the mobile communication terminal if the MAC information of the mobile communication terminal or access point is identical to the MAC information previously stored in the server. | 03-20-2014 |
| 20140090016 | SHARED SECRET IDENTIFICATION FOR SECURE COMMUNICATION - Technologies related to shared secret identification for secure communication are generally described. In some examples, devices may exchange hashes, such as file deduplication hashes, to identify a matching hash. The identified matching hash represents a shared data item which may be used as a shared secret to encrypt and/or decrypt subsequent secure communications between the devices. Each device retrieves the shared data item from its respective secure memory and may use the shared data item to encrypt and/or decrypt subsequent secure communications. An eavesdropper may observe the hash exchange, but will not be able to decrypt the secure communications without access to the shared data item, because hashes may be effectively non-invertible. | 03-27-2014 |
| 20140090017 | METHOD AND SYSTEM FOR CONNECTING A CONTROLLER FOR A MACHINE TO A HIGHER-LEVEL IT SYSTEM - In a method for securely connecting a controller for a machine or plant to a higher-level IT system, an integration layer is provided between the controller and the IT system, a controller image of the controller is generated in the integration layer, and the controller image is accessed from the IT system. The IT system thus always accesses the controller image rather than directly the controller. This prevents malware from gaining access to the controller e.g. via a network. | 03-27-2014 |
| 20140090018 | Smart Device Lockout - Methods and systems for operating a Smart Device | 03-27-2014 |
| 20140090019 | INTEGRATED BROADCASTING COMMUNICATIONS RECEIVER, RESOURCE ACCESS CONTROLLING PROGRAM, AND INTEGRATED BROADCASTING COMMUNICATIONS SYSTEM - The receiver ( | 03-27-2014 |
| 20140096189 | USING TRUSTED DEVICES TO AUGMENT LOCATION-BASED ACCOUNT PROTECTION - An authentication process receives information identifying a user, a device used by the user and a location in which the device is being used. That authentication process determines whether the location is among a set of familiar locations stored about the user for a service being accessed. If the location is not among the set of familiar locations, then the user is not authenticated. A desirable user experience can be obtained by using information about any existing relationship, such as a synchronization relationship, between the device and the service established at a prior familiar location. Instead of challenging a user whose device is in an unfamiliar location, the authentication process determines whether the device has a relationship established with the service. If the device has a relationship established with the service, then the set of familiar locations is updated to include the location in which the device is being used. | 04-03-2014 |
| 20140096190 | DYNAMIC FLOW CONTROL FOR ACCESS MANAGERS - A master flow controller can branch to a dynamic flow controller for a specific event in an authentication process. The master flow controller saves the state of the plug-in execution before branching the control into the dynamic flow controller. All the attributes stored in the authentication context by the authentication plug-in is saved and synchronized before the control is branched to the child flow controller. After the dynamic flow controller finishes execution, the state information is synchronized between flow controllers. | 04-03-2014 |
| 20140096191 | AUTHENTICATION APPARATUS, AUTHENTICATION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING PROGRAM - An authentication apparatus includes a detection unit that detects whether or not communication with a portable storage medium storing identification information for identifying a user is able to be performed, a reading unit that reads identification information stored in the storage medium when the detection unit detects that the communication is able to be performed, a time counting unit that counts an elapsed time, a determination unit that determines whether or not the elapsed time counted by the time counting unit matches a predefined time for the identification information read by the reading unit, and an authentication unit that authenticates the storage medium with which the detection unit detects that the communication is able to he performed when the determination unit determines that the elapsed time counted by the time counting unit matches the predefined time. | 04-03-2014 |
| 20140096192 | PUTTING IN PLACE A SECURITY ASSOCIATION OF GBA TYPE FOR A TERMINAL IN A MOBILE TELECOMMUNICATIONS NETWORK - A method is provided for putting in place a security association of GBA type for a terminal. The method includes the following steps, executed in a network access server, following the receipt of a request for attachment to the network from the terminal: dispatching a request to a subscriber server, receipt of a response including an indication that the user profile associated with the terminal supports the security association of GBA type. | 04-03-2014 |
| 20140096193 | ACCESS THROUGH NON-3GPP ACCESS NETWORKS - When setting up communication from a user equipment UE ( | 04-03-2014 |
| 20140096194 | CLIENT-SIDE ACTIVE VALIDATION FOR MITIGATING DDOS ATTACKS - Methods and systems for mitigating denial-of-service attacks include a proxy server that monitors a set of application servers configured to receive and service requests from clients. The proxy server intercepts the requests, and in response, provides the clients with customized client-side scripts embedded in markup language. The client-side scripts may include random strings to generate follow-through random uniform resource identifier redirection requests expected by the proxy server. The client-side scripts, upon execution, may challenge the clients by demanding user interaction within a specified period of time, requesting a delay before responding, and/or attempting to set a challenge cookie multiple times. If a client provides the demanded user interaction within the specified time, honors the delay, and/or sets the challenge cookie with the correct value, then the client-side scripts may generate a redirection request expected by the proxy server for that client and the proxy servers may whitelist that client for a configurable duration and forward that client's subsequent requests to the application servers without challenge. | 04-03-2014 |
| 20140101719 | SYSTEMS AND METHODS FOR PROVIDING A NETWORK STORAGE SYSTEM - Systems and methods are provided for providing a network storage system. One method includes receiving a request from a client coupled to a local communication network to provide access to a network storage system. The request can include a data item identifier, and the network storage system can include a local network storage, coupled to the local communication network, and a remote network storage, coupled to a public communication network. The method can further include identifying, based on the request, one of the local network storage and the remote network storage for serving the request, and providing the request to the identified one of the local network storage and the remote network storage to provide the client with an access to the identified one of the local network storage and the remote network storage. | 04-10-2014 |
| 20140101720 | CONFIGURING INITIAL SETTINGS OF A NETWORK SECURITY DEVICE VIA A HAND-HELD COMPUTING DEVICE - Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are presented to a network administrator via a touch-screen display of the hand-held computing device. Revisions to or acceptance of the default initial settings are received by the mobile application. The mobile application causes the network security device to be configured with the revised or accepted default initial settings by delivering the settings to the network security device via a management interface to which the hand-held computing device is coupled via a connecting cable. | 04-10-2014 |
| 20140101721 | TRANSMISSION TERMINAL, TRANSMISSION SYSTEM AND RECORDING MEDIUM - A transmission terminal includes an authentication unit that determines, when the transmission terminal is not connected to a network, whether authentication of a storage medium is confirmed based on authentication information stored in a storage unit and authentication information read from the storage medium, and transmits, when the transmission terminal is connected to the network, an authentication request containing the authentication information read from the storage medium to an authentication device connected to the network, and a maintenance unit that alters maintenance functions executable on the transmission terminal based on whether authentication of the storage medium is confirmed based on the authentication information stored in the storage unit or a notice indicating that authentication of the storage medium is confirmed is received from the authentication device. | 04-10-2014 |
| 20140109182 | DETECTION AND RESPONSE TO UNAUTHORIZED ACCESS TO A COMMUNICATION DEVICE - A communication gateway consistent with the present disclosure may detect unauthorized physical or electronic access and implement security actions in response thereto. A communication gateway may provide a communication path to an intelligent electronic device (IED) using an IED communications port configured to communicate with the IED. The communication gateway may include a physical intrusion detection port and a network port. The communication gateway may further include control logic configured to evaluate physical intrusion detection signal. The control logic may be configured to determine that the physical intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the communication gateway, the IED, and a device in communication with the gateway; and take a security action based upon the determination that the indication is indicative of the attempt to gain unauthorized access. | 04-17-2014 |
| 20140109183 | IMAGE PROCESSING APPARATUS, METHOD FOR CONTROLLING THE SAME, PROGRAM, AND STORAGE MEDIUM - An image processing apparatus for providing at least a service to a service requestor receives a service execution request and authentication information of a service requestor from the service requestor and issues a request for authenticating the service requestor to an authentication service. Also, the image processing apparatus executes the requested service based on an authentication result transmitted from the authentication service. Further, the image processing apparatus manages an execution state of the executed service and an authentication state of the service requestor by associating the execution state with the authentication state. | 04-17-2014 |
| 20140109184 | METHOD FOR AUTHENTICATING USERS AND DEVICES ON A COMPUTING NETWORK - A method for authenticating users and devices on a computing network is disclosed. The method includes authenticating a user and a user's device with a computing network based upon received authentication data from the user's device. A session-associated security code having an end-of-session expiration and a task-associated security code having an end-of-task expiration are required for executing task-based requests over the network. The task-based request required to be transmitted in a predefined protocol. In operation, the computing network receives a computing task request for a user's device as a string having a predetermined sequence commensurate with the predefined protocol. The computing network executes the computing task. The method further includes terminating the task-associated security code upon concluding the executing, generating a second task-associated security code and a second session-associated security code based upon usage metrics. | 04-17-2014 |
| 20140115663 | METHOD FOR DETECTING UNAUTHORIZED ACCESS AND NETWORK MONITORING APPARATUS - A method for detecting unauthorized access is executed by a network monitoring apparatus connected to a network in which packets are transmitted between a plurality of information processing apparatuses. The method includes obtaining, by the network monitoring apparatus, packets regarding at least one access performed from a first information processing apparatus to a second information processing apparatus. The method includes selecting at least one condition from among predefined at least two conditions. The selection is performed according to a combination between the first information processing apparatus as an access source and the second information processing apparatus as an access destination. The method includes determining whether each of the obtained packets satisfies the selected at least one condition. The method includes determining a possibility that unauthorized access has been performed on the second information processing apparatus, based on a number of conditions determined to be satisfied. | 04-24-2014 |
| 20140115664 | INSTRUCTION-BASED WEB SERVICE ROUTING SYSTEM THAT ENABLES DEVICES TO CONTROL THE FLOW OF CONTENT - A method and apparatus is disclosed herein for directing flow of data collected from a data acquisition device on a network are disclosed. In one embodiment, the method comprises directing the flow of data collected from a data acquisition device in response to a connector, where the connector represents a user selected and parameterized workflow template that specifies one or more web services to perform processing on the data or storage of the data, including receiving the data after the data acquisition device pushes the data to the network in response to the connector, and controlling processing flow of the data with at least one of the one or more web services specified by the connector; and storing the data via one of the one or more web services according to the connector. | 04-24-2014 |
| 20140115665 | MESSAGE-HANDLING SERVER AND METHOD FOR HANDLING SECURE MESSAGE ATTACHMENTS FOR A MOBILE DEVICE - A secure message that includes an attachment is received at a server. The secure message may have a secure layer that indicates that the secure message is at least digitally signed. The secure message may be provided without the attachment to the mobile device over a wireless network. A request may be received from the mobile device to access the attachment. The request may include an attachment identifier (ID) that identifies the attachment in accordance with a message-attachment indexing system. In response to the request to access the attachment, the server may perform an index lookup to find the attachment based upon the attachment ID, may look through the secure layer of the secure message in order to locate the attachment within the secure message, and may render at least an initial portion of the attachment by the server in a format for viewing by the mobile device. | 04-24-2014 |
| 20140115666 | SECURE PROTOCOL EXECUTION IN A NETWORK - For secure configuration of network nodes from a backend with low connectivity requirements and workload at the backend and reduced communication overhead, a system, a control unit for a segment controller and a method for secure protocol execution in a network are provided, wherein protocol information is provided to a segment controller ( | 04-24-2014 |
| 20140115667 | METHOD AND SYSTEM FOR PROVIDING A SERVICE FOR A MOBILE DEVICE AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM - An online service providing system, a method, a server, and a mobile device thereof, and a computer program product are provided. The method includes sending a verification link corresponding to a user account that is not verified; after receiving a verification request corresponding to the verification link, determining whether a device identification sent by the mobile device that has logged in the user account is received; when receiving the device identification, confirming whether the user account is verified according to the device identification; after confirming that the user account is verified, when receiving a service request sent by a terminal device logging the user account into a service website, determining a homepage of the service website according to the device identification, and providing the online service corresponding to the mobile device to the terminal device through the service website. | 04-24-2014 |
| 20140123221 | SECURE CONNECTION FOR A REMOTE DEVICE THROUGH A VIRTUAL RELAY DEVICE - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
| 20140123222 | METHOD AND SYSTEM FOR FACILITATING CONTROLLED ACCESS TO NETWORK SERVICES - An approach for enabling controlled access to a limited set of remote services associated with a device is described. A controlled access platform determines one or more network access descriptors to associate with a calling application of a device configured to access a remote service via a communication network. The controlled access platform initiates a limiting of the calling application to one or more allowed network interaction types with a remote service or a network access component associated with the device based on a profile for defining one or more allowed network interaction types between the calling application and the remote service. | 05-01-2014 |
| 20140123223 | Resilient Device Authentication System - A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data. | 05-01-2014 |
| 20140123224 | METHOD AND APPARATUS FOR A PORTABLE WIRELESS SECURITY DEVICE - A portable wireless security device (WSD) along with methods of use for providing a multi-factor authentication process for authorizing RFID payment transactions, online processes and email correspondences made by a mobile device. | 05-01-2014 |
| 20140123225 | REMOTE ACCESS TO RESOURCES OVER A NETWORK - Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource. | 05-01-2014 |
| 20140123226 | UNIFIED USER IDENTIFICATION WITH AUTOMATIC MAPPING AND DATABASE ABSENCE HANDLING - An identification system that may be used in heterogeneous computing environments provides a fail-free path to providing identifiers from a single canonical namespace. Objects or gateways requiring an identifier for access are accessed using an identifier for the canonical namespace. If an entity requests access using an identifier from another namespace, an external database is consulted to determine if a mapping exists for the identifier to another identifier the canonical namespace. If no mapping exists, or the external database is unavailable, then an identifier is automatically generated in the canonical namespace and is used for the access. An internal database is updated with the automatically generated identifier, providing a mechanism to add mappings without administrative intervention. To access resources requiring an identifier from another particular namespace, a canonical namespace identifier may be mapped to another identifier in the particular namespace, or a generic identifier may be used. | 05-01-2014 |
| 20140123227 | NETWORK WATERMARK - A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes. | 05-01-2014 |
| 20140130125 | METHOD AND APPARATUS FOR ALLOCATING AND OBTAINING IP ADDRESS - A switch sends an authentication request message to a client at intervals of a preset duration. A response message sent by the client is received. The response message carries authentication information of a user carried on the client. An authentication message is sent to a server according to the response message. An authentication reply message sent by the server is received. The authentication reply message carries information about an authentication domain authorized by the server to the user. It is determined, according to the authentication reply message, whether the authentication domain of the user is changed. If the authentication domain of the user is changed, an authentication domain change message is sent to the client according to the authentication reply message, so that the client obtains an IP address again. | 05-08-2014 |
| 20140130126 | SYSTEMS AND METHODS FOR AUTOMATICALLY IDENTIFYING AND REMOVING WEAK STIMULI USED IN STIMULUS-BASED AUTHENTICATION - Systems and methods for identifying a weak stimulus in a stimulus-based authentication system is provided. Counters are associated with each stimulus used in the authentication and a first counter is incremented when the stimulus is used in an authentication session and a second counter is incremented when a successful event occurs with respect to the stimulus during the authentication session, but the authentication session ultimately fails. A ratio of the second counter and the first counter is compared to a threshold and the stimulus is identified as weak when the ratio exceeds the threshold. The stimulus may then be removed and no longer be used in the stimulus-based authentication system. | 05-08-2014 |
| 20140130127 | Risk Adjusted, Multifactor Authentication - A computer-implemented method comprising: receiving, from a device used by a user, a request to access a resource hosted by a computer system; identifying, by the computer system, a level of risk associated with the user requesting access to the resource; adjusting, by the computer system an authentication standard for access to the resource, adjusting based on the identified level of risk; determining values for authentication factors used in authenticating the user's access to the resource; applying weights to the values for the authentication factors; and determining, based on a comparison of the weighted values to the adjusted authentication standard, whether the user is authorized to access the resource. | 05-08-2014 |
| 20140130128 | METHOD AND SYSTEM FOR IMPROVING STORAGE SECURITY IN A CLOUD COMPUTING ENVIRONMENT - A method of improving storage security in a cloud environment includes interfacing a secure microcontroller with a storage controller associated with a client device in the cloud environment to authenticate a platform associated with the storage controller and registering the storage controller with an authentication server configured to be set up in the cloud environment. The method also includes authenticating the storage controller based on a communication protocol between the client device, the authentication server a td the storage controller, and obtaining, at the client device, a signature data of the storage controller following the authentication thereof. The signature data is configured to be stored in the secure microcontroller interfaced with the storage controller. | 05-08-2014 |
| 20140130129 | COUNT VALUES TO DETECT DISCONNECTED CIRCUIT - A connector including a circuit configured to be coupled to a network and an end device. The circuit configured to transmit count values in a count sequence over the network to detect whether the circuit has been, at least temporarily, disconnected from at least one of the network and the end device. | 05-08-2014 |
| 20140130130 | DYNAMIC RADIUS - A system includes a remote authentication dial in user service (RADIUS) server in communication with a network access server. The network access server provides an authentication request to the RADIUS server. The authentication request includes at least a user identifier and a device identifier. The RADIUS server determines an authentication format utilized by the network access server based on the received authentication request. The system may also determine an authorization level to provide with an authentication response. | 05-08-2014 |
| 20140130131 | METHOD AND DEVICE FOR DETERMINING NETWORK DEVICE STATUS - Disclosed is a method of transparently detecting authentication status of endpoint devices in a network. This method may be used for differentiating guest or rogue endpoints from enterprise endpoints. | 05-08-2014 |
| 20140130132 | FEATURE SET DIFFERENTIATION BY TENANT AND USER - A system for online collaboration includes an application for online collaboration, the application including an application feature set, a control module programmed to receive a request from a user to access a tenancy associated with the application on the system, the tenancy including a site provisioned for a tenant, the request including a tenancy identifier identifying the tenancy and a user identifier identifying the user, the control module using the tenancy identifier to identify a tenancy feature set associated with the tenancy, and the control module using the user identifier to identify a user feature set associated with the user, and a web-page render module programmed to generate a collaboration web site including a site feature set including the tenancy feature set and the user feature set, the web site being sent to the user for rendering on the user's computing device. | 05-08-2014 |
| 20140130133 | METHOD OF SECURING NETWORK ACCESS RADIO SYSTEMS - A method of providing security for network access radio systems and associated access radio security systems used with the systems. The method includes connecting an access radio having a radio link to a network; communicating between the access radio and a computer over the network using a ping application having ping commands and unique encrypted codes; and enabling operation of the access radio when the access radio is receiving ping commands. Typically, the access radio and the computer are nodes on the network and the network is a local area network (LAN). The ping application sends packets of information from the computer to the access radio and receives a response from the access radio. The ping application must be functioning (i.e., sending and receiving commands between the computer and the access radio) to enable the access radio to communicate via the radio link with a remote network. | 05-08-2014 |
| 20140137186 | Enterprise Application Session Control and Monitoring in a Large Distributed Environment - Mechanisms are provided for performing centralized control of application sessions across a distributed computing environment comprising a plurality of application servers. A request to perform an application session control operation to control the application sessions associated with a specified user account identifier across the plurality of application servers in the distributed computing environment is received. A plurality of application instances upon which to perform the requested application session control operation are identified. An application session control request is transmitted to a plurality of session control clients associated with the application instances on the plurality of application servers of the distributed computing environment. The application session control request causes each session control client to control a user's ability to use the application sessions of application instances, associated with the session control client, that are associated with the specified user account identifier, to access the associated application instances. | 05-15-2014 |
| 20140137187 | Scalable and Highly Available Clustering for Large Scale Real-Time Applications - Scaling and highly available clustering for large scale real-time applications is provided. A ring may be formed which includes multiple nodes for providing a set of services in a system. When a network partition is detected which affects communications between each of the nodes in the ring, the formation of additional rings is prevented by shutting down nodes which include a minority of voting nodes in the ring while maintaining the availability of the nodes which include a majority of the voting nodes to continue providing the set of services in the system. | 05-15-2014 |
| 20140137188 | DEVICES, SYSTEMS, AND METHODS FOR SIMULTANEOUSLY DELIVERING PERSONALIZED/ TARGETED SERVICES AND ADVERTISEMENTS TO END USERS - Systems, devices, and methods are disclosed for enabling the reconfiguration of services supported by a network of devices. Such reconfiguration can be realized dynamically and in real time without compromising the security of the overall system from external threats or internal malfunctions. These systems, devices and methods may provide a first functional stack supporting a previous version of a specific service and the provisioning of a second functional stack dynamically and in real-time that supports an updated version of the specific service. In addition, an administration function may be included in the embodiment such that the administration function manages and controls the functional stacks and network operations. Using these mechanisms, an existing service can be changed dynamically or a new service can be added dynamically in a secure manner without interruption of other existing services. | 05-15-2014 |
| 20140137189 | CROSS-SITE REQUEST FORGERY PROTECTION - A cross-site request forgeries (CSRF) protection system helps protect against cross-site request forgeries attacks. A CSRF protector is arranged to receive a signal from a service provider that notifies a browser running on a potential victim consumer machine to selectively permit and/or deny cross-site requests in accordance with a set of one or more security policies. The policies can be selected and applied on a domain name basis, IP address basis, trusted zone basis, and combinations thereof. The CSRF protector can also provide a context of the event that triggers a request that contains a cross-site request, where the context provides indicia of circumstances that indicate a likelihood of a cross-site request forgery is being attempted. | 05-15-2014 |
| 20140137190 | METHODS AND SYSTEMS FOR PASSIVELY DETECTING SECURITY LEVELS IN CLIENT DEVICES - Embodiments of the present teachings relate to systems and methods for testing and analyzing the security of a target computing device. The method can include providing, to a server via a network, a security tool operable to be associated with a webpage accessible by a target computing device through the server, wherein security tool is operable to be executable by the target computing device and operable to collect one or more security metrics of the target computing device; receiving, from the server, the one or more security metrics of the target computing device; comparing the one or more security metrics with a security vulnerability database; and determining a level of security vulnerability for the target computing device based on comparing the one or more security metrics with the security vulnerability database. | 05-15-2014 |
| 20140137191 | MOBILE COMMUNICATIONS DEVICE PROVIDING HEURISTIC SECURITY AUTHENTICATION FEATURES AND RELATED METHODS - A mobile communications device may include a plurality of first input devices capable of passively collecting input data, a second input device(s) capable of collecting response data based upon a challenge, and a processor capable of determining a level of assurance (LOA) that possession of the mobile communications device has not changed based upon a statistical behavioral model and the passively received input data, and comparing the LOA with a security threshold. When the LOA is above the security threshold, the processor may be capable of performing a given mobile device operation without requiring response data from the second input device(s). When the LOA falls below the security threshold, the processor may be capable of generating the challenge, performing the given mobile device operation responsive to valid response data, and adding recent input data to the statistical behavioral model responsive to receipt of the valid response data. | 05-15-2014 |
| 20140137192 | System and Method for Authenticating Email Messages from Trusted Sources - A system and method for authenticating email messages from trusted sources. A trusted sender (TS) registers at a Trusted Validator (TVAL). The TVAL performs a one-time validation of the TS's identity, and creates a public access URL and private application key for the TS. The TS uses the private application key to generate, for each email message/address pair, a unique message access URL. The message access URL is inserted, along a text containing instructions, at the top of the email message to be sent. The public access URL is published by the TS (typically at the TS's web site) for the message receiver (MR) to associate the TS with his/her account in the TVAL. The MR obtains an authentication cookie for his/her email address at the TVAL, and, for each TS, he/she registers a “key phrase” only known to the MR in relationship with the TS. When the email message is opened by the MR, the email client uses the message access URL to obtain from the TVAL (if an authentication cookie has previously been created) the MR's key phrase in the form of a human-readable (but machine-non-readable) form. The MR authenticates the message as trusted by identifying the key phrase associated with the TS. | 05-15-2014 |
| 20140137193 | COMMUNICATION SYSTEM, METHOD FOR PERFORMING THE SAME AND COMPUTER READABLE MEDIUM - A communication system including: a first acquiring unit configured to obtain start request information for specifying whether participation in the session of a terminal is limited or not, and participation authentication information for authenticating participation in the session for the terminal; a session manager configured to establish the session; a second acquiring unit configured to obtain participation request information for requesting participation of a third terminal in the session, and the participation authentication information input from the third terminal; and a participation determination unit configured to compere the participation authentication obtained by the first acquiring unit and by the second acquiring unit, and determine whether participation of the third terminal in the session is allowed or not, and the participation determination unit configured to record terminal information of the third terminal, and to reject a subsequent participation request of the third terminal in the session thereafter. | 05-15-2014 |
| 20140137194 | CONTROL SERVER, DATA PROCESSING DEVICE, AND CONTROL DEVICE FOR DATA PROCESSING DEVICE - A control server may receive first location information indicating a location of specific web page data via a data processing device, in a case where a terminal device comprising a web browser receives the specific web page data from a specific service providing server by using a first type of wireless communication and sends the first location information to the data processing device by using a second type of wireless communication. The control server may cause a display unit of the data processing device to display at least N items of account information among M items of account information currently stored in the data processing device, in a case where the first location information is received. Each of the N items of account information may be available for receiving a data providing service from the specific service providing server. | 05-15-2014 |
| 20140137195 | SYSTEM AND METHOD FOR VERIFIED SOCIAL NETWORK PROFILE - A method for verifying the on-line identity of a subscribed user and securely displaying an indicia in connection with that user's on-line content, wherein the indicia includes an aspect corresponding to the verification level assigned to the subject user's profile. | 05-15-2014 |
| 20140137196 | METHOD FOR INTERNET TRANSACTIONS - The present invention consists of a computer security method that enables all users of a computer application to enjoy superior security levels when sensitive information is being exchanged with transaction applications. The method of the present invention consists of developing a virtual desktop or isolated execution environment that restricts the user to working in a specific zone. Said virtual desktop or isolated environment is programmed in such a way that message listening techniques such as hooking or quartz techniques are implanted for intercepting messages between the transaction application, such as the electronic bank, and the user's Operating System (OS). The method that is used in the present invention also blocks special key combinations in order to prevent malicious code execution in OS support devices, like Apple® IOS and Google™ Android, where special key combinations are not evident, but combinations such as “*#06#” exist. | 05-15-2014 |
| 20140137197 | DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION - Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, an authentication value is generated at a first mobile device based on a message and a shared secret value stored on the first mobile device. In response to detecting proximity of a second mobile device, the message and the authentication value are wirelessly transmitted from the first mobile device to the second mobile device. In some implementations, the message and the authentication value can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface. | 05-15-2014 |
| 20140137198 | Anonymous Authentication - A method and system for anonymous purchase by a first user device, is described, the method and system including sending R from the first user device to a second user device, where R is a result of a one-way function performed on a random number r selected by the first user device, the second user device being operative to send R to a service provider, which stores R with a data string T and the service provider returns a digitally signed R and T to the second user device, thereby providing the a data string T to the second user device, receiving R and T at the first user device from the second device, thereby ensuring that the identity of the first user device remains unknown to the service provider, opening a communication channel between the first user device and the service provider, sending the service provider r and T from the first user device via the communication channel along with a re quest for the service provider to provide a service, and receiving the requested service from the service provider. Related methods, systems and apparatus are also described. | 05-15-2014 |
| 20140137199 | METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USERS - The invention provides methods for facilitating the identification of internet users, for detection of misuse of an identity during an electronic transaction, and for controlling access to web sites. The method employs determining the location of the user's wireless communication device, based on the geographical proximity of Wi-Fi locations and cached position information. | 05-15-2014 |
| 20140137200 | APPARATUS AND METHODS FOR MULTI-MODE ASYNCHRONOUS COMMUNICATIN - A method includes receiving at a host device a first communication associated with a transaction from at least one electronic device included in a set of electronic devices. The host device includes at least a memory, a processor, and a database. The first communication received at a first time and via a first communication mode. The method includes sending a response to the first communication at a second time after the first time and independent of the first time. The host devices receives a second communication associated with the transaction from the at least one electronic device at a third time. The first communication, the response to the first communication, and the second communication are displayable in a persistent record of the transaction regardless of a difference between the first time and the third time. | 05-15-2014 |
| 20140137201 | DETERMINING A TRUST LEVEL OF A USER IN A SOCIAL NETWORK ENVIRONMENT - A system and method for determining a trust level for a non-approved user in a social network is described. The method includes monitoring requests for social network interactions between an approved user and the non-approved user and determining if each interaction requested is of a first type or a second type. The method further includes increasing a first trust value when the interaction requested is of the first type and increasing a second trust value when the interaction requested is of the second type. The method further includes determining the trust level based on the first trust value and the second trust value. The method further includes changing the status of the non-approved user to an approved user based on the trust level, the first trust value and/or the second trust value. | 05-15-2014 |
| 20140143831 | COMPUTERIZED METHOD AND SYSTEM FOR MANAGING AMENDMENT VOTING IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT - In embodiments of the present invention improved capabilities are described for managing amendment voting in a networked secure collaborative computer data exchange environment, the method comprising establishing a secure exchange server-based environment between users of at least two business entities, the secure exchange server environment managed by an intermediate business entity, the users exchanging content, and providing an amendment voting facility when the content relates to a proposed amendment to an agreement wherein the amendment voting facility enables users to vote on the proposed amendment. | 05-22-2014 |
| 20140143832 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, STORAGE MEDIUM AND INFORMATION PROCESSING METHOD - A non-limiting example game system includes a game apparatus which is stored with various kinds of application programs. When an application program for a specific service such as a television program guide (program guide program) is started, prior to an acquisition of a content (webpage), an authentication of the game apparatus is performed, and a white list which records a domain name accessible by the game apparatus (the program guide program) is acquired from a managing server which is controlled by a provider of the television program guide. In the program guide program, it is determined whether or not a domain name described in URL of the webpage appears in the white list when a request to send the webpage is to be sent. If not appeared in the white list, the program guide program is suspended, and a web browser is activated to send the request to send the webpage. | 05-22-2014 |
| 20140143833 | SECURE MACHINE TO MACHINE COMMUNICATION - An embodiment of the invention allows a network access server to control network access for individual applications that run on a device. The device may be included in a machine-to-machine environment. The embodiment may provide a secure channel between the network access server and the device access layer and another secure channel between the device access layer and the device application layer. Thus, before applications are allowed to access the network those applications may be required to authenticate themselves via a secure channel. Other embodiments are described herein. | 05-22-2014 |
| 20140143834 | Data Selection Method for Reducing the Decoding Computational Complexity of a Vehicle-to-X Communication System, and Vehicle-to-X Communication System - A data selection method for reducing the decoding computational complexity of a vehicle-to-X communication system. The communication unit is used to transmit and receive vehicle-to-X messages, wherein the vehicle-to-X messages each include at least one useful data portion and at least one header data portion, wherein the at least one header data portion in each case is transmitted in uncoded form, and wherein the at least one useful data portion in each case is transmitted in coded form. The received vehicle-to-X messages are weighted into at least two categories on the basis of the at least one header data portion in each case, wherein the at least one useful data portion in each case is decoded on the basis of the weighting. | 05-22-2014 |
| 20140150058 | AUTHENTICATION METHOD FOR STATELESS ADDRESS ALLOCATION IN IPV6 NETWORKS - The authentication method for stateless address allocation in IPv6 networks provides a P2P trust-verification approach for identifying a rogue node. Alternatively, the authentication method provides an information hiding scheme to avoid being plagued by rogue nodes. In both cases, the authentication method is embodied in a computer software product having machine readable code. | 05-29-2014 |
| 20140150059 | CONFERENCE DATA MANAGEMENT - Tools are provided for conducting a conference/meeting and/or obtaining, managing and archiving conference/meeting data. For example, a conference application can be provided through a network to a registrant or participant of the conference. The conference application allows the registrant or participant to access conference data (such as presentation slides, conference materials, other posted content, etc.), save comments, files, other content, etc., make revisions to the conference data, and share data with other registrants or participants of the conference. | 05-29-2014 |
| 20140150060 | SYSTEM AND METHOD FOR PROTECTING DATA IN AN ENTERPRISE ENVIRONMENT - Provided are a system and method for protecting data in an electronic communications environment. An interested entity establishes one or more controls for a received unit of data. At a source device in the electronic communications network, the unit of data is encapsulated with self-protection security data that includes the one or more controls. The encapsulated unit of data is delivered from the source device to a destination device in the electronic communications network. A data broker facilitates the delivery of the data to the destination device according to the controls. Facilitating the delivery of the data includes: identifying for the receiving device a collection of services corresponding to the controls independently of the network. | 05-29-2014 |
| 20140150061 | FULL SPECTRUM CYBER IDENTIFICATION DETERMINATION PROCESS - A full spectrum cyber identification determination process for accurately and reliably determining and reporting any identification determination from a full spectrum of possible cyber identification determinations. | 05-29-2014 |
| 20140150062 | SYSTEM FOR PROVIDING LEARNING ACCORDING TO GLOBAL POSITIONING INFORMATION AND METHOD THEREOF - A system for providing learning according to global positioning information and a method thereof are provided. A server queries for a corresponding learning content according to global positioning information provided by a first client, so that a student can learn anytime and anywhere. The server records contents already learnt by the student. A corresponding test type and test content are provided for a second client, and selection is performed to generate a test paper, which is provided for the first client so that the student can take a test. Therefore, learning anytime and anywhere is enabled, thereby achieving the technical effect of optimal learning efficiency. | 05-29-2014 |
| 20140150063 | SECURE ASSOCIATION - To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. The target device establishes a secure connection to a second server. Provided the first and second servers can establish a conventional IP-type SA (e.g. using IPSec or TLS), there is a chain of secure associations between the two devices. This chain is then used to build a new secure association between originating device and target Device. The first and second servers thus act as proxies for two devices respectively and negotiate the secure association on their behalf. They then transfer the new secure association information securely to the devices using the existing chain of secure associations. | 05-29-2014 |
| 20140150064 | Authentication of Warning Messages in a Network - There is described herein a device ( | 05-29-2014 |
| 20140157364 | WIRELESS NETWORK SECURITY SYSTEM - A wireless network security system with a plurality of communication terminals including an Access Point (AP) and a station is provided. The wireless network security system includes a plurality of sensor devices for collecting identification information of the communication terminals, and a WIPS server communicating with the sensor devices, for transmitting a control signal to the communication terminals, wherein the WIPS server transmits the control signal to the plurality of communication terminals through the sensor devices, and when a control signal for blocking connection of two or more communication terminals among the plurality of communication terminals associated through a network is transmitted, connection blockage packets different from one another is created and sequentially and repeatedly transmitted. | 06-05-2014 |
| 20140157365 | ENHANCED SERIALIZATION MECHANISM - The present disclosure discloses a method and network device for an enhanced serialization mechanism. Specifically, the disclosed system receives a plurality of packets from a plurality of transport layer flows corresponding to a security association. Also, the system designates one processor of a plurality of processors to be associated with the security association. Moreover, the system assigns a sequence number to each packet, and transmits the plurality of packets from the plurality of transport layer flows such that packets within the same transport layer flow are transmitted in order of their sequence numbers. However, at least two packets from two different transport layer flows may be transmitted out of incremental order of their sequence number. | 06-05-2014 |
| 20140157366 | NETWORK ACCESS CONTROL SYSTEM AND METHOD - The present invention relates to a system and method for controlling a network access of a network packet on the basis of a thread which is inserted into a process through code injection. The network access control system according to the present invention comprises: a process inspecting unit for detecting a code injection-based thread included in a process; and a network monitoring unit for performing network filtering so as to detect a network packet having access to a network, and, if a communication subject of the detected network packet is the code injection-based thread, blocking the traffic of the detected network packet. | 06-05-2014 |
| 20140157367 | VERIFICATION METHOD AND NODE FOR BIDIRECTIONAL FORWARDING DETECTION SESSION - A verification method and node for a BFD session relate to the field of communications technologies. The method includes: adding, by an initiating node, a first random number to a first BFD control packet and sending the first BFD control packet to a remote node; obtaining and saving, by the remote node, the first random number in the received first BFD control packet; adding, by the remote node, a second random number to the received first BFD control packet and sending the first BFD control packet to the initiating node; and obtaining and saving, by the initiating node, the second random number in the received second BFD control packet. | 06-05-2014 |
| 20140165142 | INTERACTIVE CLOUD COMMUNICATION SYSTEM - An interactive cloud communication system includes at least a client end and a cloud. The client end includes a browser. The cloud includes a cloud server module and a server module connected to the cloud server module. The cloud server module includes a websocket authentication unit. When the client end connects to the cloud through the browser, the cloud server module performs an authentication mechanism to the client end by the websocket authentication unit for opening at least a transmission channel allowing information transmission between the client end and the cloud. | 06-12-2014 |
| 20140165143 | METHOD AND A PROGRAM FOR CONTROLLING COMMUNICATION OF TARGET APPARATUS - Disclosed are a method and program for controlling communication of the target apparatus, specifically, blocking the communication of the target apparatus immediately and certainly in case where illegal connection to the target apparatus is detected in the network arranged one or more Layer-2 switches. The network monitoring manager H carries out blocking communication of the target apparatus immediately and certainly by detecting automatically the Layer-2 switch port connected to the communication apparatus, that is identified as the target apparatus including illegal connection, based on the MvP table, and blocking the communication of the target apparatus by administratively disabling the Layer-2 switch port connected to the target apparatus, in case where the network monitoring manager H detects illegal connection to the communication apparatus in the network. | 06-12-2014 |
| 20140165144 | SECURED COMMUNICATION - Technologies are generally described for providing secured communications. In some examples, a method performed under control of a first device may include transmitting a jamming signal, receiving a mixed signal that includes the jamming signal and an information signal generated by a second device and obtaining the information signal by eliminating the jamming signal from the mixed signal. | 06-12-2014 |
| 20140165145 | SYSTEM AND METHOD OF PERFORMING ELECTRONIC TRANSACTIONS - A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received. | 06-12-2014 |
| 20140165146 | COMMUNICATION APPARATUS, CONTROL METHOD THEREOF, AND COMPUTER PROGRAM - A communication apparatus for performing a communication parameter configuration process as one of a communication parameter providing apparatus and a communication parameter receiving apparatus, comprises: a first reception unit adapted to receive a communication parameter from another communication apparatus; and an enabling unit adapted to enable a communication parameter providing function for providing a communication parameter to another communication apparatus, after the communication parameter is received. | 06-12-2014 |
| 20140173690 | METHOD AND APPARATUS FOR SECURITY MECHANISM FOR PROXIMITY-BASED ACCESS REQUESTS - An approach is provided for providing security mechanism for proximity-based interactions among devices. At least one first device (e.g., a memory tag) may determine a request for interaction between the at least one first device and at least one second device (e.g., a mobile phone), wherein at least the at least one first device is associated with at least one first antenna and at least one second antenna. The at least one first device may determine a first signal received by the at least one first antenna and a second signal received by the at least one second antenna. Further, the at least one first device may determine one or more differences in one or more characteristics of the first signal and the second signal. Furthermore, the at least one first device may process and/or facilitate a processing of the one or more differences to determine whether to allow the interaction. | 06-19-2014 |
| 20140173691 | METHOD AND SYSTEM FOR AUTOMATED USER AUTHENTICATION FOR A PRIORITY COMMUNICATION SESSION - An approach is provided for automated user authentication for a priority communication session. An authentication platform receives a session request for establishing a priority communication session over a data network between a user device and a service platform. The authentication platform determines network information and device information associated with the session request and the user device, respectively. The authentication platform further determines user history information regarding one or more prior communication sessions of a user of the user device. The authentication platform authenticates the user based on the network information, the device information, and the user history information for establishing the priority communication session. | 06-19-2014 |
| 20140181901 | Secure Active Networks - A secure active network includes a plurality of secure elements which communicate with one another to share and log information such as identification, location, and user activity associated with each secure element. Secure elements exchange data with one another, and log data received. The periodicity of communication between secure elements, encryption of the information, and the operating frequency in which the information is transmitted and received may be changed if communication is lost between any of the secure elements or if a determination is made that a secure element has travelled outside a predetermined zone. The integrity of the secure network may be verified at any time by comparing the logged information to a reference network. | 06-26-2014 |
| 20140181902 | AUTHENTICATION IN A WIRELESS ACCESS NETWORK - To allow devices to authenticate to a wide area mobile network when they temporarily do not have a connection to a SIM card and to authenticate the base station and so protect against false base stations, a system is provided where certain authentication credentials are pre-fetched while connection to the SIM card and the authentication subsystem of the wide area mobile network are in signaling connection. These advance credentials are then presented by the devices in authentication requests without requiring access via the mobile network or the connected presence of the SIM card being necessary for successful authentication. | 06-26-2014 |
| 20140181903 | Secure Mobile Information System - The present invention relates to a method for making specific task information available via a mobile station, preferably comprising a PDA, tablet or a mobile phone, to a user such as personnel on duty, wherein the method comprises steps for:—compiling the task information by means of a server,—transmitting the task information from the server to the mobile station of the user,—determining an availability time period for the task information for the users,—making the task information retrievable in readable manner on the mobile station within the availability time period. | 06-26-2014 |
| 20140181904 | DERIVING A WLAN SECURITY CONTEXT FROM A WWAN SECURITY CONTEXT - Techniques for deriving a WLAN security context from an existing WWAN security context are provided. According to certain aspects, a user equipment (UE) establishes a secure connection with a wireless wide area network (WWAN). The UE may receive from the WWAN an indication of a wireless local area network (WLAN) for which to derive a security context. The UE then derives the security context for the WLAN, based on a security context for the WWAN obtained while establishing the secure connection with the WWAN and establishes a secure connection with the WLAN using the derived security context for the WLAN. This permits the UE to establish a Robust Security Network Association (RSNA) with the WLAN while avoiding lengthy authentication procedures with an AAA server, thus speeding up the association process. | 06-26-2014 |
| 20140181905 | SYSTEM AND METHOD FOR PROVIDING A VIRTUAL PEER-TO-PEER ENVIRONMENT - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables the creation of a virtual endpoint that may operate within a peer-to-peer network to represent a device that is unable to operate as an endpoint. | 06-26-2014 |
| 20140181906 | SYSTEM FOR SECURE ENROLLMENT AND SECURE VERIFICATION OF NETWORK USERS BY A CENTRALIZED IDENTIFICATION SERVICE - A system and method for providing, as a service over a computer network (especially a packet-switched computer network) to a body of merchants connected to the computer network, verification of consumer identification based on data provided over the computer network by scanning devices attached to the computers operated by consumers. | 06-26-2014 |
| 20140181907 | Persistent Public Machine Setting - Disclosed herein are methods for protecting user information on a client device that may have a plurality of users. A user interface with a public machine designation portion is presented to a user prior to the start of the authentication process. The public machine designation removes web service account descriptions and any user specific information stored on the client device. Also, the client device is prevented from storing any new user specific information that is provided to the client device. The public machine designation is a persistent feature that may only be disabled by an affirmative action from the user. | 06-26-2014 |
| 20140189789 | METHOD AND APPARATUS FOR ENSURING COLLABORATION BETWEEN A NARROWBAND DEVICE AND A BROADBAND DEVICE - A network device is configured to authenticate a collaborative session between at least two communication devices. The network component receives an indication that at least two devices located within a predefined physical range are attempting to collaborate. The network component determines, based on the indication, that the two devices are authentic and that the two devices are attempting to collaborate. Responsive to determining that the two devices are authentic and attempting to collaborate, the network component determines that the two devices are authorized to collaborate and a level on which the two devices are authorized to collaborate. The network component sends an authorization response to at least one of the at least two devices, wherein if the two devices are authorized to collaborate the authorization response includes the level on which the two devices are authorized to collaborate. | 07-03-2014 |
| 20140189790 | PROVIDING MULTIPLE APN CONNECTIONS SUPPORT IN A BROWSER - At a web browser application installed on a device a first Uniform Resource Locator (URL) is received. The web browser application determines a first Access Point Name (APN) network identifier associated with the first URL and establishes a first data connection based on the first APN network identifier between the device and a network. At the web browser application installed on the device a second URL is received. The web browser application determines a second Access Point Name (APN) network identifier associated with the second URL and establishes a second data connection based on the second APN network identifier between the device and a network. | 07-03-2014 |
| 20140189791 | SYSTEM AND METHOD FOR IMPLEMENTING PRIVACY CLASSES WITHIN AN AUTHENTICATION FRAMEWORK - A system, apparatus, method, and machine readable medium are described for implementing privacy classes within an authentication framework. For example, one embodiment of a method comprises: transmitting a query for client information from a server to a client, the client information including information related to authentication devices coupled to the client; analyzing the query to determine an appropriate privacy class to be used for providing client information to the server; providing a subset of client information selected based on the determined privacy class, the subset of client information including the information related to the authentication devices coupled to the client; and using the subset of client information within an authentication framework to provide user authentication services over a network. | 07-03-2014 |
| 20140189792 | METHOD AND SYSTEM FOR ELECTRONIC CONTENT STORAGE AND RETRIEVAL USING GALOIS FIELDS AND INFORMATON ENTROPY ON CLOUD COMPUTING NETWORKS - A method and system for electronic content storage and retrieval using Galois Fields and information entropy on cloud computing networks. Electronic content is divided into plural portions and stored in plural cloud storage objects based on determined information entropy of the electronic content thereby reducing location guessing of the electronic content using information gain and mutual information. Storage locations for the plural cloud storage objects are selected using a Galois field. The plural cloud storage objects are distributed across the cloud network. The Galois filed and information entropy providing various levels of security and privacy for the electronic content. | 07-03-2014 |
| 20140189793 | VIRTUAL FILE SYSTEM FOR INTERWORKING BETWEEN CONTENT SERVER AND INFORMATION-CENTRIC NETWORK SERVER AND OPERATING METHOD THEREOF - Disclosed is a virtual file system for interworking between a content server and an information-centric network server, the system including: a file system function processing unit configured to process a file operation for a predetermined content requested from a plurality of content service protocols; a cache control unit configured to process the content requested through the file operation by managing a cache in a node; and a protocol matching unit configured to process the content requested through the file operation by interfacing with a plurality of content transfer protocols. | 07-03-2014 |
| 20140189794 | SYSTEM AND METHOD FOR UTILIZING AND REPLACING ANONYMOUS RECOGNITION CARDS - A system and method for utilizing and replacing an anonymous recognition substrates, which can be anonymous recognition cards, codes, emitters, tags, or any combination. The invention permits replacing and utilizing of anonymous recognition substrates at anonymous web-based program and/or at an anonymous interactive display terminals. Whereby the anonymous substrate holder may create an anonymous account on a web-based program and/or at an interactive display terminal using the anonymous substrate's anonymous code. The user may securely request a new anonymous substrate from the web-based program and/or at the interactive display terminal. The web-based program provider and/or the interactive display terminal provider can anonymously message and track the anonymous account holder and/or anonymous substrate holder. | 07-03-2014 |
| 20140189795 | Method and Apparatus for Conducting Service by Service Delivery Platform - A method for conducting a service by a service delivery platform (SDP) and an SDP are provided. By means of the method for opening a service capability by a provided SDP, the time required for introduction of a new capability to the SDP can be reduced, being advantageous in implementation of rapid launching of a new service. | 07-03-2014 |
| 20140189796 | GROUP DEFINITION MANAGEMENT SYSTEM - A group definition management system can easily acquire correspondence between an internal ID and an external ID and easily reflect information of a group definition for the internal ID to an external site. In a typical embodiment of the present invention, this is configured of an internal server | 07-03-2014 |
| 20140196110 | TRUST-BASED AUTHENTICATION IN A SOCIAL NETWORKING SYSTEM - A social networking system determines whether a user is a real public figure or is the correct “public persona” of an individual who is famous within a particular domain. The system selects one or more trusted agents. A trusted agent is a user who has been confirmed or is otherwise trusted within the system. The system traverses the social graph of the trusted agent to score and identify additional users who have a sufficient connection to the trusted agent to authenticate them as other confirmed public personas/figures. The system computes confidence scores of the connections of the trusted agent, considering the strength of the connections and other relevant factors. The system provides confidence scores for one or more target users in the social network based on the confidence scores of the friends or connections connecting the trusted agent and the target user. | 07-10-2014 |
| 20140196111 | SECURED ELECTRONIC DEVICE - Methods, systems, and apparatus for communicatively pairing and securing an electronic device to a vehicle based electronic system. The pairing can enable the electronic device to seamlessly communicate with the electronic device and can provide infotainment to users of the vehicle. | 07-10-2014 |
| 20140196112 | DEPLOYING WIRELESS DOCKING AS A SERVICE - A method includes establishing, by a wireless docking center, a secure wireless communication connection with a wireless dockee, receiving, by the wireless docking center, from the wireless dockee, an ASP session request for a wireless docking service of the wireless docking center, receiving, by the wireless docking center, from the wireless dockee, a passphrase for authenticating with the wireless docking service, determining, by the wireless docking center, whether the wireless dockee is authorized to access the wireless docking service based on the received passphrase, responsive to determining that the wireless dockee is not authorized to access the wireless docking service, denying, by the wireless docking center, the wireless dockee access to the wireless docking service, and responsive to determining that the wireless dockee is authorized to access the wireless docking service, granting, by the wireless docking center, the wireless dockee access to the wireless docking service. | 07-10-2014 |
| 20140196113 | Secure on-demand supply method and system and traffic type acquisition method - A secure on-demand supply method is disclosed. The method includes: a configuration parameter of a security function module is determined according to a security level set for requested traffic by a user, and/or an application scenario of a user terminal, and/or a traffic type; the security function module is configured by using the configuration parameter; and security protection is carried out on traffic data of the user. A traffic type acquisition method for protecting security of a specific user and/or traffic is disclosed. The method includes: a traffic identifier of data is acquired by using a traffic type classification function of a Quality of Service (QoS) function module, to protect the security of the specific user and/or traffic. A secure on-demand supply system and a traffic type acquisition method are disclosed. The disclosure can provide various traffic security assurances according to security requirements of different users for different traffics. The system of the disclosure satisfies security requirements of various users and various traffics, provides personalized security assurances for the users, and enhances user experience. | 07-10-2014 |
| 20140201809 | Characteristics of Security Associations - Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource. | 07-17-2014 |
| 20140201810 | System, Method, and Device for Communicating and Storing and Delivering Data - A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller, executable sensors, and a virtual operating system. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to execute the virtual operating system, which gives the platform processor access to virtual operating system resources necessary to verify the platform and create a connection to a connection server. | 07-17-2014 |
| 20140201811 | Cross-Domain Security For Data Vault - Cross-domain security for data vault is described. At least one database is accessible from a plurality of network domains, each network domain having a domain security level. The at least one database includes at least one partitioned data table that includes at least two partitions. Each partition has a security level. Each partition is configured to store data records. Access control security is operable to provide, to a selected network domain, access to a selected data record in the at least one database based on a domain security level of the selected network domain and a security level of a selected partition storing the selected data record. | 07-17-2014 |
| 20140201812 | METHOD AND SYSTEM FOR DIGITALLY CERTIFYING THE ASSOCIATION BETWEEN AN ENTITY AND A PLACE - A method of processing data in order to digitally certify the association of at least one entity with a place, the method comprising the receipt of at least one piece of positioning data coming from at least one locating device located in the proximity of said place, the generation of a digital certificate associating the entity with said place according to the positioning data received, and the checking of the association of the entity with said place, by means of said digital certificate, in order to obtain a service dependent on the association of the entity with said place. | 07-17-2014 |
| 20140208382 | User Authentication Based on Network Context - Example systems and methods of user authentication based on network context are presented. In one example, a command to authenticate a user of a computing device is received in response to a request transmitted from the computing device to access a computing solution. In response to the command, a determination is made whether a network address corresponding to the request matches at least one network address associated with a protected network. Based on the network address corresponding to the request not matching the at least one network address associated with the protected network, authentication of the user is initiated at an identity provider corresponding to the computing solution. Otherwise, based on the network address corresponding to the request matching the at least one network address associated with the protected network, authentication of the user is delegated to an identity management system located within the protected network. | 07-24-2014 |
| 20140208383 | SYSTEMS AND METHODS FOR SECURITY TIERING IN PEER-TO-PEER NETWORKING - A method may also include receiving from each of one or more of potential peer information handling systems a connection request comprising a peer minimum acceptable security level for the peer information handling system. The method may additionally include comparing the peer minimum acceptable security level to a security level of the information handling system. The method may further include completing a peer-to-peer connection between the information handling system and the peer information handling system if the minimum acceptable security level is not higher than that of the security level of the information handling system. | 07-24-2014 |
| 20140208384 | SYSTEM AND METHOD FOR MANAGING, CONTROLLING AND ENABLING DATA TRANSMISSION FROM A FIRST DEVICE TO AT LEAST ONE OTHER SECOND DEVICE, WHEREIN THE FIRST AND SECOND DEVICES ARE ON DIFFERENT NETWORKS - A computer-implemented method of pairing at least two micro-processing devices (a primary device on a first network and a secondary device on a second network which may be different from the first network) comprises a device pairing server for the purpose of at least one of direct data exchange and indirect data exchange, between the devices. | 07-24-2014 |
| 20140208385 | METHOD, APPARATUS AND SYSTEM FOR WEBPAGE ACCESS CONTROL - A method is provided for webpage access control. The method includes sending a webpage access request which carries a first URL to a browser control and receiving N number of callbacks corresponding to the webpage access request. The method also includes comparing a second URL carried in a first callback with recorded M number of trusted URLs. Further, the method includes instructing the browser control to access a webpage corresponding to the second URL when the second URL is the same as one of the M trusted URLs. When the second URL is different from any one of the M trusted URLs, the method includes instructing the browser control to cancel the webpage access request when the webpage is not an embedded sub-webpage and instructing the browser control to deny display of the sub-webpage but to allow display an original webpage when the webpage is an embedded sub-webpage. | 07-24-2014 |
| 20140215556 | Authentication within OpenFlow Network - An OpenFlow network controller controls an OpenFlow network. A networking connection is established between the OpenFlow network controller and an OpenFlow network device attempting to become part of the OpenFlow network. After establishing the networking connection with the OpenFlow network device, the OpenFlow network controller attempts to authenticate the OpenFlow network device. Where authentication of the OpenFlow network device is successful, the OpenFlow network controller sends a message to the OpenFlow network device to indicate that the authentication was successful and permits the OpenFlow network device to join and perform OpenFlow messaging. | 07-31-2014 |
| 20140215557 | TETHERING ENFORCEMENT DEVICE CONTROLLER AND METHODS THEREOF - Embodiments of the present invention are directed to a tethering enforcement device controller and methods thereof. The tethering enforcement device controller (TEDC) is installed on a primary device, or otherwise known as the tethered device. The TEDC is configured to detect, control and block unauthorized or inappropriate tethering with a secondary device, or otherwise known as the tethering device, via either a native or a third-party tethering application, by retrieving a configuration file from a server associated with a wireless carrier. The configuration file typically includes customer profile and currently blacklisted package names of third-party tethering applications. The customer profile typically includes subscription information, including use of tethering services. If the customer is trying to tether and tethering is not allowed, then the TEDC will prevent the secondary device from tethering with the primary device. In some embodiments, the TEDC is an untethering application installed on the primary device. | 07-31-2014 |
| 20140215558 | ESTABLISHMENT OF A TRUST INDEX TO ENABLE CONNECTIONS FROM UNKNOWN DEVICES - A method of controlling access to a remote system includes granting a connecting device full access to the system upon determining the device is registered to a user, upon determining the device is not registered, determining whether the device has connected to the system before, granting the device full access to the system if the device has connected before and a trust index based on a trust level for the device and a trust level of a location the device is currently connecting from exceeds a threshold, and granting the device limited access to the system otherwise. | 07-31-2014 |
| 20140215559 | SYSTEM AND METHOD FOR ADAPTIVE MULTIFACTOR AUTHENTICATION - In one embodiment, a method includes receiving a request for wireless connection from a supplicant device via a service path. The service path includes a peer-to-peer communication path. The method further includes, based on an indication received from the supplicant device, adapting an authentication method to the supplicant device. The adapting includes selecting at least one authentication factor from a plurality of supported authentication factors. Each of the plurality of supported authentication factors comprises an authentication path that is distinct from the service path. In addition, the method includes authenticating the supplicant device via each of the at least one authentication factor. | 07-31-2014 |
| 20140215560 | SECURITY DEVICE IMPLEMENTING NETWORK FLOW PREDICTION - A security device for processing network flows is described, including: one or more packet processors configured to receive incoming data packets associated with network flows where a packet processor is assigned as an owner of network flows and each packet processor processes data packets associated with flows for which it is the assigned owner; and a packet processing manager configured to assign ownership of network flows to the packet processors where the packet processing manager includes a global flow table containing global flow table entries mapping network flows to packet processor ownership assignments and a predict flow table containing predict flow entries mapping predicted network flows to packet processor ownership assignments. A predict flow entry includes a predict key and associated packet processor ownership assignment. The predict key includes multiple data fields identifying a predicted network flow where one or more of the data fields have a wildcard value. | 07-31-2014 |
| 20140215561 | FLOW OWNERSHIP ASSIGNMENT IN A DISTRIBUTED PROCESSOR SYSTEM - A security device for processing network flows includes one or more packet processors configured to receive incoming data packets associated with one or more network flows where a packet processor is assigned as an owner of one or more network flows and each packet processor processes data packets associated with flows for which it is the assigned owner; and a packet processing manager configured to assign ownership of network flows to the one or more packet processors where the packet processing manager includes a global flow table containing entries mapping network flows to packet processor ownership assignments. The packet processing manager informs a packet processor of an ownership assignment after one or more packets are received, and the one or more packet processors learns of ownership assignments of network flows from the packet processing manager. | 07-31-2014 |
| 20140215562 | EVENT AGGREGATION IN A DISTRIBUTED PROCESSOR SYSTEM - A security device for processing network flows includes packet processing cards with packet processors formed thereon where each packet processing card stores local counter values for one or more events and a packet processing manager including global event counters to maintain event statistics for events in the security device. In one embodiment, the packet processing manager stores a copy of the local counter value of an event for each packet processor reporting the event in the counter memory and the global event counter provides a global counter sum value for the event by summing the copies of local counter values in the local memory. In another embodiment, the global counter sum is compared to a threshold value to put the event in a conforming state or non-conforming state. The packet processing manager sends a multicast message to the interested packet processors indicating an event has transitioned to a non-conforming state. | 07-31-2014 |
| 20140215563 | METHOD OF AUTHENTICATING USER, SERVER AND MOBILE TERMINAL PERFORMING THE SAME - A user authenticating method is performed by a user authenticating server connectable to at least one mobile terminal and a user terminal. The user authenticating method includes: receiving access information of a network including an access identification code and an access location code from the user terminal; estimating an access location of a network based on the access location code; determining at least one mobile terminal associated with the access identification code; transmitting the estimated access location of a network to the at least one mobile terminal; and receiving a location-based access approval or access rejection determined based on the access location of a network and a location of a particular mobile terminal belonging to the at least one mobile terminal from the particular mobile terminal. | 07-31-2014 |
| 20140215564 | INDICATING ORGANIZATION OF VISITOR ON USER INTERFACE OF USER ENGAGED IN COLLABORATIVE ACTIVITY WITH VISITOR - A method, system and computer program product for indicating an organization of a visitor on a user interface of a user engaged in collaborative activity with the visitor. The visitor attempting to engage in a collaborative action (e.g., participating in an online meeting, sharing files) with a user from a different organization is authenticated to confirm that the visitor has the right to engage in collaborative activity with the user from the different organization. The identification of the organization of the visitor is extracted from the information used to authenticate the visitor. The identification of the organization of the visitor is then displayed on the user interface of the user engaging in the collaborative action with the visitor. In this manner, the organization of the visitor is easily discoverable by the user without requiring the user to perform a time consuming search to determine the organization of the visitor. | 07-31-2014 |
| 20140215565 | AUTHENTICATION SERVER, AND METHOD AUTHENTICATING APPLICATION - An application authentication program causes a data server and an application server to execute the processes of: accepting an access request containing application-related information and redirection information from an application running on a communication terminal; and when judging that the redirection information is legitimate, transmitting an access response being a response to the access request and containing application identification information corresponding to the application-related information to the communication terminal including a redirection destination corresponding to the redirection information. | 07-31-2014 |
| 20140215566 | TRANSMISSION NETWORK SYSTEM, TRANSMISSION METHOD, AND AUTHENTICATION INFORMATION DEVICE - A transmission network system includes a network terminating device connected to a user terminal and an authentication information device connected to the network terminating device through a transmission network. The transmission network is connected to a reference clock that holds a reference time. The network terminating device includes a terminating internal clock that synchronizes with the reference clock, when receiving a first frame from the user terminal, generates a second frame including a time outputted from the terminating internal clock as a request time on the basis of the first frame, and transmits the second frame to the authentication information device. The authentication information device generates time authentication information based on the request time included in the received second frame, generates a third frame including the generated time authentication information, and transmits the third frame to the transmission network. | 07-31-2014 |
| 20140215567 | COMMUNICATION SYSTEM AND COMMUNICATION DEVICE - A communication system has a first communication device, and a second communication device conduct wireless communication with the first communication device. The first communication device has a first transmitter that transmits a signal to the second communication device, and a first transmission controller that controls the first transmitter. The second communication device has a first receiver that receives the signal from the first communication device, a first reception controller that controls the first receiver, a signal processor that processes the signal received by the first receiver, and a determination part that determines whether the signal received by the first receiver is a normal signal. When transmitting a predetermined first signal, the first transmission controller divides the first signal into a plurality of segments to change a transmission frequency of the first transmitter in units of segments. | 07-31-2014 |
| 20140223511 | AUTHENTICATION SWITCH AND NETWORK SYSTEM - An authentication switch monitors a failure of an external server, and redirect information to a Web server that holds authentication information registration screen data is provided to a terminal using a monitoring result. A life-and-death monitoring control unit for monitoring life and death of an external Web server is disposed within an authentication switch to monitor the life and death of the external Web server. An authentication processing unit within the authentication switch switches the redirect information on the basis of a life-and-death monitoring table of the external Web server provided in the life-and-death monitoring control unit in response to an authentication request from the terminal, and enables web authentication even when the external Web server is in failure. | 08-07-2014 |
| 20140237544 | AUTHENTICATION METHOD, TRANSFER APPARATUS, AND AUTHENTICATION SERVER - It is provided an authentication method for realizing a network authentication function for an authentication system, the authentication system including an authentication server for authenticating a terminal used by a user, and a switch for mediating an authentication sequence between the terminal and the authentication server. The authentication method includes steps of: providing, by the switch, identification information for identifying the switch to the authentication server in the authentication sequence; authenticating, by the authentication server, an authentication request transmitted from the terminal; transmitting, by the authentication server, an authentication result of the authentication to the switch based on the provided identification information on the switch; and authenticating, by the switch, access from the terminal based on the authentication result received from the authentication server. | 08-21-2014 |
| 20140237545 | HIERARCHICAL RISK ASSESSMENT AND REMEDIATION OF THREATS IN MOBILE NETWORKING ENVIRONMENT - Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score. | 08-21-2014 |
| 20140237546 | Image Processing Apparatus and Image Processing System - An image processing apparatus including: a first interface; a second interface configured to be connected with a server configured to perform user authentication; an image processing unit configured to execute a job including image processing; and a control device configured to: receive authentication information of a user via the first interface; transmit the received authentication information to the server via the second interface; execute a specific operation after receiving the authentication information, the specific operation being a part of the job; receive a result of the user authentication from the server after executing the specific operation; determine whether the user authentication by the server has been successful in accordance with the received result; and execute the rest of the job after completing the specific operation and determining that the user authentication has been successful. | 08-21-2014 |
| 20140237547 | SPECTRUM ACCESS SYSTEM - A method for dynamically managing spectrum access and supporting multiple tiers of users is provided. A spectrum access server receives a request from a device to access a segment of spectrum, and determines which tier of the multiple tiers is associated with the request. If the request is from a second tier user and the request does not interfere with first tier users, the request is granted. If the request is from a third tier user and the request does not interfere with first tier users and authorized second tier users, the request is granted. | 08-21-2014 |
| 20140237548 | COMPUTING DEVICE WITH ENVIRONMENT AWARE FEATURES - A method and mobile electronic device are provided which automatically adjust settings based on the environment of the mobile electronic device. The settings of the mobile electronic device which are adjusted may be security settings, filter settings, or status for instant messaging in dependence on the determined location of the mobile electronic device. | 08-21-2014 |
| 20140237549 | COLLABORATIVE COMPUTING COMMUNITY ROLE MAPPING SYSTEM AND METHOD - A role mapping method and system for a collaborative computing environment in provided. A set of permissions defining access to a generic business component for a named permission set is stored in a database. The set of permissions for the named permission set are mapped to an abstract role. Based on these mappings, access permissions to a business component instance within a community can be set. | 08-21-2014 |
| 20140237550 | SYSTEM AND METHOD FOR INTELLIGENT WORKLOAD MANAGEMENT - The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources. Further, the authentication tokens may be embedded in the service distributions, whereby the embedded authentication tokens may control access to the resources in the information technology infrastructure. | 08-21-2014 |
| 20140237551 | SYSTEMS AND METHODS FOR IDENTIFYING DEVICES BY A TRUSTED SERVICE MANAGER - Embodiments of the disclosure provide systems and methods for identifying devices by a trusted service manager. According to one example embodiments of the disclosure, a method for identifying communications is provided. The method can include receiving, by a service provider from a device, a message comprising card production life cycle (CPLC) information associated with a secure element incorporated into the device; and evaluating, by the service provider, the received CPLC information in order to identify the secure element. | 08-21-2014 |
| 20140237552 | AUTHENTICATING MEDIUM, AUTHENTICATING TERMINAL, AUTHENTICATING SERVER, AND METHOD FOR AUTHENTICATION BY USING SAME - The present invention relates to an authenticating medium, an authenticating terminal, an authenticating server, and a method for authentication by using same. According to the present invention, an operating code for creating an authentication requesting code is periodically updated, and thus the authentication requesting code is also periodically changed. Thus, even if the authentication requesting code or the operating code exchanged through networks is leaked to other users, the security of an account may be maintained, and thus the security may be enhanced. In addition, even if users do not remember authentication codes for granting authorization, the codes recorded in an authentication medium are periodically updated and automatically authenticated, and which may prevent damages that may occur when users forget the authentication codes or the authentication codes are set using numbers that are easy to memorize. | 08-21-2014 |
| 20140245385 | METHOD AND APPARATUS FOR PACKET SOURCE VALIDATION ARCHITECTURE SYSTEM FOR ENHANCED INTERNET SECURITY - A router in a global computer network for enhanced Internet security provides for an adaptation of major routers of the global computer network with a packet source validation function. The validation function checks the presence of a source validation code in the header of a packet and routs only those packets that have the source validation code. The validation function after checking the presence of the source validation code, verifies the source validation code with reference to a key server. | 08-28-2014 |
| 20140245386 | SYSTEM AND METHOD FOR ACCESS CONTROL MANAGEMENT - A system or method of monitoring data accessed in operations or systems calls or functions to find in such data words, phrases or data strings that are to be transferred or subject to the system call. The data strings may be added to files as an indication that the file data is protected, or may be searched for as an indication of a suspicious data string. Data strings that are detected in the system call may serve as a trigger or indication that the data is to be subject to some review or screening process. | 08-28-2014 |
| 20140245387 | DATA PROCESSING LOCK SIGNAL TRANSMISSION - In accordance with one aspect of the present description, a node of the distributed computing system has multiple communication paths to a data processing resource lock which controls access to shared resources, for example. In this manner, at least one redundant communication path is provided between a node and a data processing resource lock to facilitate reliable transmission of data processing resource lock signals between the node and the data processing resource lock. Other features and aspects may be realized, depending upon the particular application. | 08-28-2014 |
| 20140245388 | AUTHENTICATION APPARATUS, METHOD FOR CONTROLLING AUTHENTICATION APPARATUS, COMMUNICATION APPARATUS, AUTHENTICATION SYSTEM, AND STORAGE MEDIUM IN WHICH CONTROL PROGRAM IS STORED - A family message board server includes a device authentication section which authenticates a television in a case where an access to a family message board is made via the television, identification information of the television, user identification information, and identification information of a smart phone are received via the smart phone, and it is determined that the user identification information and the identification information of the smart phone which have been received respectively match user identification information and identification information of the smart phone which have been associated with each other by a device registration section. | 08-28-2014 |
| 20140245389 | SYSTEM AND METHOD FOR PROXYING FEDERATED AUTHENTICATION PROTOCOLS - A system and method that include receiving a service provider identity request through a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and transmitting the proxy identity assertion to the service provider. | 08-28-2014 |
| 20140245390 | SYSTEMS AND METHODS FOR PROVIDING SECURE MULTICAST INTRA-CLUSTER COMMUNICATION - Systems and methods which facilitate secure multicast communications between any valid node of a cluster using authentication between a node joining the cluster and any single node which is validly part of the cluster are disclosed. In accordance with embodiments, a cluster key is utilized to provide security with respect to intra-cluster communications. The cluster key of embodiments is shared by a node which is already part of the cluster with a node joining the cluster only after these two nodes mutually authenticate one another. The mutual authentication handshake of embodiments implements a protocol in which a session key is calculated by both nodes, thereby providing a secure means by which a cluster key may be shared. Having the cluster key, each node of the cluster is enabled to securely communicate with any other node of the cluster, whether individually (e.g., unicast) or collectively (e.g., multicast), according to embodiments. | 08-28-2014 |
| 20140245391 | Authentication Method - A method of authenticating a user to a transaction at a terminal ( | 08-28-2014 |
| 20140250495 | Contactless Authentication Of Optical Disk Drives - An optical disc drive (ODD) includes a radio-frequency identification (RFID) reader. The reader includes a circuit and a coil antenna which has a rotational symmetry with respect to a rotation axis of a motor, shaft and turntable of the ODD. The coil antenna can be secured to a wall of a housing of the ODD or around the motor and/or shaft. The reader can read an RFID tag on an optical disc. The RFID tag includes a circuit and a coil antenna which has a rotational symmetry with respect to the disc. As a result, the RFID tag can be read while the disc is rotating. A magnetic insulating material such as a ferrite polymer composite film is used to magnetically insulate the coil antenna. An authentication code can be read from the RFID tag to control access to content of the optical disc. | 09-04-2014 |
| 20140250496 | METHODS, SYSTEMS, AND PRODUCTS FOR MEASURING TRUST SCORES OF DEVICES - Methods, systems, and products are disclosed for measuring trust. A device is encountered. A trust score for the device is calculated and compared to a threshold. The threshold may be a minimum trust score associated with the function. If the calculated trust score equals or exceeds the threshold, then the function is executed. If the calculated trust score is less than the threshold, then the function is denied. | 09-04-2014 |
| 20140250497 | Method and apparatus for providing enhanced authenticity for multimedia data item - A method for providing enhanced authenticity for a multimedia data item, the multimedia data item including captured multimedia data with associated metadata, wherein the method includes receiving the multimedia data item over a transmission path. The method further includes defining path information for the received multimedia data item based on the used transmission path; and storing the path information to the multimedia data item for providing enhanced authenticity of the association between the metadata and the captured multimedia data. | 09-04-2014 |
| 20140259105 | SYSTEM AND METHOD FOR SECURELY ACCESSING DATA THROUGH WEB APPLICATIONS - A system for providing information server security in a distributed computing environment achieved by injecting a proprietary mediating entity into the solicitation of service request process via web server between application servers and information servers. The system comprises a computer apparatus, a mediating entity, solicitation for service requests and responses to the solicitations for service requests. The mediating entity is comprised of an application server hosting a proprietary mediating entity client and a mediating entity server, where the proprietary mediating entity client comprises industry-recognized business organization selected security protocols. The information server comprises a database server and a database, the database comprises data that is extracted or stored based on the service request. | 09-11-2014 |
| 20140259106 | Location Constraints for Template Access and Form Activities - A system and method for limiting access to one or more forms based on a location constraint is described. A form access module retrieves one or more forms on a portable computing device, determines a location of the portable computing device, determines whether the location of the portable computing device is within a region where form access is granted, granting access to the one or more forms responsive to the location of the portable computing device being within the region, receiving strokes from a first user in at least one field on the one or more forms and storing the one or more forms and the strokes received on the one or more forms. | 09-11-2014 |
| 20140259107 | UTILIZING ROUTING FOR SECURE TRANSACTIONS - The present disclosure relates to methodologies, networks, and nodes for providing secure transaction routing among network components. Network transactions (messages) may be intentionally routed though networks using different paths where the act of following the particular node paths or traversing particular nodes provides a security enhancing feature for the messages. A transaction receiving node will examine the paths taken from a sending node to determine if the paths correspond to predetermined paths to verify the authenticity of the transaction. In some embodiments, predetermined paths may change in a predetermined sequence where the sequence itself becomes a portion of the security feature. | 09-11-2014 |
| 20140259108 | DEVICES FOR PROVIDING SECURE REMOTE ACCESS - A method for providing secure remote access by a controller is described. The method includes sending one or more endpoint requests. The method also includes receiving authentication service endpoint information and connection service endpoint information. The method further includes requesting authentication based on the authentication service endpoint information. Requesting authentication includes requesting license validation. The method also includes sending one or more registration messages based on the connection service endpoint information. The method further includes receiving a session request. The method additionally includes determining controller candidate link information. The method also includes sending the controller candidate link information. The method further includes receiving an automation message based on the controller candidate link information. | 09-11-2014 |
| 20140259109 | EDGE SERVER SELECTION FOR ENHANCED SERVICES NETWORK - An enhanced services network provides enhanced privacy and/or security over public networks to client subscribers of the service. Client devices access the enhanced services network over a public communications network (e.g., the Internet, cellular network, etc.) via a client-side edge server of the enhanced services network. The enhanced services network interfaces with client-requested network resources hosted by third-party server devices via a resource-side edge server. The particular client-side edge server and/or resource-side edge server that is utilized for a particular client session may be selected by the enhanced services network according to a rule set. The rule set may seek to achieve one or more target goals, such as: (1) limit discoverability of the enhanced services network, (2) minimize or reduce geographic/network distance between an edge server and a target computing device, and/or (3) establish connections that are more secure than the connections originally requested by the client. | 09-11-2014 |
| 20140259110 | Communication System And Method, Information Processing Terminal and Method, And Information Processing Device And Method - The present invention relates to a communication system and method, an information processing terminal and method, and an information processing device and method which enable simple and secure restricted access. When a PDA | 09-11-2014 |
| 20140259111 | AIRBORNE WIRELESS DEVICE SECURITY - A method and apparatus for managing wireless devices on an aircraft. A map for a number of wireless devices on the aircraft is generated. The number of wireless devices is identified in a profile. A risk for the number of wireless devices on the aircraft is identified during operation of the aircraft using state information for the aircraft and the profile. Access to a wireless network on the aircraft by the number of wireless devices is managed based on the risk identified for the number of wireless devices. | 09-11-2014 |
| 20140259112 | Verificaiton Service - Concepts and technologies are disclosed herein for verifying sender information. According to various embodiments of the concepts and technologies disclosed herein, a verification service can determine, receive a request, or receive a call to verify sender information associated with data. The server computer generates and delivers a verification message to a sender device in response to determining that sender information verification is to be provided. The server computer receives a response indicating if the data was sent by the sender device. If the response indicates that the sender device did not send the data, the server computer can block delivery of the data, generate alarms or alerts, take other actions, and/or take no action. If the response indicates that the sender device sent the data, the server computer can deliver the data, provide a verification response to the recipient device, take no action, and/or take other actions. | 09-11-2014 |
| 20140282864 | THROTTLING AND LIMITING THE SCOPE OF NEIGHBOR SOLICITATION (NS) TRAFFIC - In one embodiment, a switch in a computer network may receive a neighbor solicitation (NS) message for a target node for which no neighbor authentication (NA) reply has been received at the switch. The switch may then determine whether to forward the NS message to only non-constrained links of the switch, or to both non-constrained links and constrained links of the switch. The determining may be configured to intermittently result in forwarding the NS message for the target node to both the non-constrained links and the constrained links. The switch may then forward the NS message according to the determination. | 09-18-2014 |
| 20140282865 | DYNAMIC H-SLP ALLOCATION FOR SET INITIATED SUPL SERVICES - Methods, systems, computer-readable media, and apparatuses for accessing services from multiple home Secure User Plane Location (SUPL) Platforms.(H-SLP) servers are provided. In one potential embodiment, a method describes identifying in an application identifier list, a fully qualified domain (FQDN) name associated with the application from a plurality of FQDNs. A subsequent request for services by a different application on the device may identify a different FQDN associated with a different H-SLP to provide services to the device for the second application. | 09-18-2014 |
| 20140282866 | SYSTEMS AND METHODS FOR DETERMINING AN AUTHENTICATION ATTEMPT THRESHOLD - Systems and methods are provided for determining an authentication attempt threshold. Authentication systems often have predetermined authentication attempt thresholds that may not be sufficient for some users and do not necessarily provide any increased security. Systems and methods provided for determining an authentication thresholds described herein may determine the authentication threshold based on certain factors in a user's authentication attempt history that may provide information about a user's probability of a successful authentication to provide additional security for users more likely to successfully authenticate while providing additional assistance to users who may be less likely to successfully authenticate. | 09-18-2014 |
| 20140282867 | DEVICE LOCAL REPUTATION SCORE CACHE - Data can be stored, at a network device, in a device local reputation score cache. The data can include a reputation score for a domain name. The network device can receive a domain name system (DNS) data unit and determine if a domain name in the DNS data unit has a reputation score stored in the device local reputation score cache. | 09-18-2014 |
| 20140282868 | Method And Apparatus To Effect Re-Authentication - A system is provided to determine whether to re-authenticate a user based on identification parameter measurements of low power sensors. According to an embodiment of the invention, a system may include a processor that includes analysis logic to determine whether to re-authenticate the user based on parameter values received from at least one of one or more agents. The system may also include authentication logic to re-authenticate the user that includes a confirmation of whether the user is authenticated based on input received from one or more authentication sensors. Other embodiments are described and claimed. | 09-18-2014 |
| 20140282869 | CERTIFICATE BASED PROFILE CONFIRMATION - Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused. | 09-18-2014 |
| 20140282870 | Alias-Based Social Media Identity Verification - An approach is provided to use social media content to verify the identity of a user using aliases established by the user in a social media environment. In the approach, a user authentication request pertaining to a user is received. Aliases corresponding to the user's social media contacts are retrieved from a social media data store. User questions and expected answers are prepared based on the user's social media contacts and the corresponding aliases. The user is prompted to provide one or more user answers responsive to the user questions. In response to receiving answers that match the expected answers, the user authentication request is confirmed. Conversely, in response to receiving user answers that fail to match the expected answers, the user authentication request is invalidated. | 09-18-2014 |
| 20140282871 | UNIVERSAL ACTOR CORRELATOR - Precorrelation of data applied to use cases by a module intermediate to the data and use cases provides normalized data across multiple sources for more effective analysis. For example, network sensors provide network telemetry to a precorrelation core, which extracts and normalizes the data to correlate actors to events. Universal actor correlation improves visualizations by creating a mesh of events tied to each other through a common actor. | 09-18-2014 |
| 20140282872 | STATELESS WEB CONTENT ANTI-AUTOMATION - A computer-implemented method for coordinating content transformation includes receiving, at a computer server subsystem and from a web server system, computer code to be served in response to a request from a computing client over the internet; modifying the computer code to obscure operation of the web server system that could be determined from the computer code; generating transformation information that is needed in order to reverse the modifications of the computer code to obscure the operation of the web server system; and serving to the computing client the modified code and the reverse transformation information. | 09-18-2014 |
| 20140282873 | Cryptographic Method and Apparatus - A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used. | 09-18-2014 |
| 20140282874 | SYSTEM AND METHOD OF IDENTITY VERIFICATION IN A VIRTUAL ENVIRONMENT - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identity verification in a virtual environment. | 09-18-2014 |
| 20140282875 | SYSTEMS, METHODS AND APPARATUSES FOR ENSURING PROXIMITY OF COMMUNICATION DEVICE - The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a message from the communication partner via the communication port, send a response to the message to the communication partner, generate a secondary value that includes a selected portion of the message and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device. | 09-18-2014 |
| 20140282876 | METHOD AND SYSTEM FOR RESTRICTING THE OPERATION OF APPLICATIONS TO AUTHORIZED DOMAINS - A method and system of restricting the operation of applications to authorized domains is described herein. The method can include the steps of receiving reference domain restriction data associated with an application and receiving generated domain restriction data associated with the application. A domain restriction check can be performed by comparing the generated domain restriction data with the reference domain restriction data, In addition, a domain restriction approval signal can be generated if the domain restriction check is satisfied. The domain restriction check can ensure that the application will not operate in unauthorized domains. | 09-18-2014 |
| 20140282877 | SYSTEM AND METHOD FOR CHANGING SECURITY BEHAVIOR OF A DEVICE BASED ON PROXIMITY TO ANOTHER DEVICE - The security and convenience of a mobile communication device is enhanced based on a separate key device. If the key device is near the mobile communication device, the mobile communication device may be automatically unlocked without the user having to input an unlock code. The mobile communication device may be automatically unlocked into a first mode having a first level of functionality. If the user inputs a correct unlock code, the mobile communication device may be unlocked into a second mode having a second level of functionality, greater than the first level of functionality. | 09-18-2014 |
| 20140282878 | METHODS, APPARATUSES AND SYSTEMS FOR PROVIDING USER AUTHENTICATION - The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device. | 09-18-2014 |
| 20140282879 | Automatically Securing Distributed Applications - A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application. | 09-18-2014 |
| 20140289797 | Networked Security System with Translating Router - A system and method for protocol translation between security devices in a security network using a transforming router. The router utilizes protocol templates to identify the protocols that encapsulate messages sent by the devices, and to determine the format of the messages. Using the protocol templates, the router translates the messages from protocols of source security devices to an intermediate protocol, translates the messages in the intermediate protocol into destination protocols for destination security devices, and forwards the messages to the destination security devices. | 09-25-2014 |
| 20140289798 | INFORMATION PROCESSING APPARATUS, COMMUNICATION SYSTEM, AND COMPUTER-READABLE MEDIUM - An information processing apparatus includes a request information reception unit that receives a request for information processing from a client apparatus, an inquiry information transmission unit that inquires about the presence of authentication information for the information processing, first and second determination units, a prompt information transmission unit, an acquisition information reception unit, and a process start unit. If the first determination unit determines that any piece of the authentication information is missing, using a response to the inquiry, the second determination unit determines whether a second apparatus is to be prompted to obtain the missing authentication information, based on predetermined information. If the determination result is positive, the prompt information transmission unit transmits a prompt to the second apparatus. When the acquisition information reception unit receives an acquisition notification of the missing authentication information from the second apparatus, the process start unit starts the information processing. | 09-25-2014 |
| 20140289799 | COMMUNICATION APPARATUS, AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - A communication apparatus transmits an authentication frame to an authentication apparatus and receiving a response frame for response to the authentication frame from the authentication apparatus so that an authentication process is performed for the communication apparatus by the authentication apparatus. The communication apparatus includes a receiving section which receives a communication frame transmitted from another apparatus, and an authentication processing section which determines whether the received communication frame is a frame of EAP-response (Extensible Authentication Protocol-response) or not. The authentication processing section discards the received communication frame if it is determined that the received communication frame is the frame of EAP-response. | 09-25-2014 |
| 20140289800 | SYSTEM AND METHOD FOR FILTERING NETWORK TRAFFIC - Protocol status information is used to perform traffic filtering by dropping messages that are not consistent with the protocol status information. In one embodiment, a method involves comparing message information and protocol status information. The message information is associated with a first message. The protocol status information is obtained in response to one or more second messages, which are conveyed according to a protocol used to assign network addresses to clients. The method also involves determining whether to discard the first message, based on an outcome of the comparison of the message information and the protocol status information. For example, it can be determined that the first message should be discarded, if the message information does not match the protocol status information. | 09-25-2014 |
| 20140289801 | CONTENT CUSTOMIZATION PORTAL FOR MEDIA CONTENT DISTRIBUTION SYSTEMS AND METHODS - An exemplary system includes a content delivery subsystem configured to receive media content from a content provider and transmit the media content over a network to a content processing subsystem configured to process and provide the media content for presentation to an end user. The content delivery subsystem is further configured to maintain resource data associated with at least one of the media content and the content provider, make at least a subset of the resource data available to the content processing subsystem for inclusion in an end user interface, provide a content customization portal for access by the content provider, authenticate the content provider accessing the content customization portal, receive custom content from the authenticated content provider via the content customization portal, and provide the custom content to the content processing subsystem for inclusion in the end user interface. | 09-25-2014 |
| 20140289802 | MULTIMEDIA MESSAGE SERVICE METHOD AND SYSTEM - Disclosed is a method of sharing multimedia contents, by a server, including storing the multimedia contents, receiving an establishment request configured to establish one of a plurality of access modes for the multimedia contents from a first terminal, establishing an access mode according to the establishment request for the multimedia contents, receiving an access request for the multimedia contents stored in the server from at least one second terminal, determining whether the at least one second terminal is allowed to access the multimedia message based on the access mode, and transmitting the multimedia contents, wherein the access mode includes at least one of a private mode for access by only the first terminal, a restricted mode for access by the at least one second terminal, and a public mode for access by all terminals. | 09-25-2014 |
| 20140298413 | Mapping the Network File System (NFS) protocol to secure web-based applications - Users on a client system access files served by a web application through the Network File System (NFS) protocol using common web authentication mechanisms while still honoring constraints imposed by the application's authorization rules. To this end, the client system is modified to include an NFS server. Following authentication of the NFS server with the web application, NFS-based requests (from a local NFS client) directed to the application are received at the NFS server instead of being sent to the application directly. The NFS server, in turn, maps those requests to the web application preferably using standard HTTP. Because the web application's normal security model is enforced as intended at the web application, the approach enables individual users of the client system to operate under different visibility constraints dictated by the web application. Thus, fine-grained permissions may be enforced at the web application for different users. | 10-02-2014 |
| 20140298414 | BROWSING REMOTE CONTENT USING A NATIVE USER INTERFACE - The disclosed technology relates to receiving media signals from a media device and rendering a user interface that is native to the device receiving the media signals based on information encoded in the media signals. The device receiving the media signal interprets information received from the media device describing media content and semantic information describing a type of interface page, and displays the content based on the semantic information in a graphical user interface (GUI) on the electronic device based on the interpretation. | 10-02-2014 |
| 20140298415 | METHOD AND SYSTEM FOR PROVIDING CONNECTIVITY FOR AN SSL/TLS SERVER BEHIND A RESTRICTIVE FIREWALL OR NAT - A method and a relay service node to facilitate establishment of a secure connection between a first node within a restrictive access network, and a second node, the method accepting a control connection from the first node; accepting a second connection from the second node, and receiving, over the second connection, a message requesting secure connection establishment with the first node and providing an identifier for the first node; sending, over the control connection, a connection attempt request to establish a third connection from the first node; accepting the third connection from the first node; binding the second connection with the third connection; and forwarding the message requesting secure connection establishment with the first node to the first node. | 10-02-2014 |
| 20140298416 | PROVIDING ACCESS TO MANAGED CONTENT IN RICH CLIENT APPLICATION ENVIRONMENTS - Providing access to managed content in rich client application environments is disclosed. A request is received from within a first application environment for access to managed content not managed primarily by a first application with which the first application environment is associated. Access is provided to managed content based at least in part on a context data associated with the first application environment. | 10-02-2014 |
| 20140298417 | CONTROL METHOD OF IMAGE COMMUNICATION APPARATUS, DATA DISTRIBUTION SYSTEM, EXPORT APPARATUS, AND IMPORT APPARATUS - An image communication apparatus includes a storage unit including a shared address book area and an individual address book area, a communication unit configured to receive an import file including shared address book data shared among a plurality of users or private address book data limiting users who can utilize the data, and a CPU, and if the import file includes the private address book data and the shared address book area is designated as an import destination, the CPU warns the user that the private address book data may be shared and prevents the user from importing the import file. | 10-02-2014 |
| 20140304772 | Systems and/or Methods for Managing Critical Digital Assets in Power Generating Plants - Systems and methods are disclosed that implement a coordinated cyber security program for a power generation plant to establish and/or maintain cyber security controls for the power generation plant through a comprehensive life cycle approach. | 10-09-2014 |
| 20140304773 | SYSTEMS, DEVICES, COMPONENTS AND METHODS FOR COMMUNICATING WITH AN IMD USING A PORTABLE ELECTRONIC DEVICE AND A MOBILE COMPUTING DEVICE - The present disclosure involves a method of communicating with an implantable medical device. An authentication process is performed to verify an identity of a user of a mobile computing device. A request is received from the user to access an implantable medical device via the mobile computing device. Based on the identity of the user, a first user interface suitable for the user is selected from a plurality of user interfaces that are each configured to control an implantable medical device. The plurality of user interfaces have different visual characteristics and different levels of access to the implantable medical device. The first user interface is displayed on the mobile computing device. | 10-09-2014 |
| 20140304774 | Controlling Access to a Website - Methods and apparatus for website access control. The methods and apparatus include, at a user terminal: accessing a plurality of training websites over a network; training the user terminal by classifying the training websites in a content category based on a user input, extracting one or more features indicative of the content category from the training websites and determining a classifier based on the extracted features; classifying further requested websites using the determined classifier; and controlling access to the further requested websites based on the classification of the websites. | 10-09-2014 |
| 20140304775 | EMPLOYING PHYSICAL LOCATION GEO-SPATIAL CO-ORDINATE OF COMMUNICATION DEVICE AS PART OF INTERNET PROTOCOL - A current physical location value associated is incorporated with a communication device as part of internet protocol (IP). An IP management component obtains current physical location information of a wireless communication device and modifies the IP address to incorporate the current physical location value corresponding to the current physical location of the communication device as part of the IP address of the communication device to prevent undesired intrusions by hackers, as communications associated with the communication device are routed to/from the communication device that is at the current physical location. If the communication device moves to a new location, the IP management component can perform a new IP address modification to modify the IP address to incorporate a new physical location value associated with the communication device. | 10-09-2014 |
| 20140304776 | METHODS AND APPARATUS FOR MANAGING NETWORK TRAFFIC - Methods, apparatus, and computer readable storage medium for authenticating assertions of a source are disclosed. In one aspect, a method for authenticating an assertion of a source in an environment of distributed control include receiving a notification of the assertion; determining an entity responsible for maintaining an authenticated list of assertions by the source based on a first trusted public record, determining an assertion authenticator for the entity based on a second trusted public record, determining one or more assertions of the source from the assertion authenticator, and authenticating the assertion based on the determined one or more assertions. | 10-09-2014 |
| 20140304777 | SECURING DATA COMMUNICATIONS IN A COMMUNICATIONS NETWORK - A method of securing communications between first node attached to first network and second node attached to second network. At the second node, first and second information is received on whether the respective first and second networks have a secure network layer path to the respective first and second nodes or are known to use a secure network layer path to attached nodes. Third information is received on whether the first network has a secure internal network layer path and, where the first and second networks are different, whether the first network has a secure network layer path to the second network or is known to use a secure network layer path to the second network. The information determines whether the entire path between the first node and the second node is secured at the network layer level, and whether to establish application layer security for communications. | 10-09-2014 |
| 20140310773 | BROWSER ACCESS TO NATIVE CODE DEVICE IDENTIFICATION - A thick client installed on a client device includes a network protocol server that serves thin client requests for digital fingerprints of the client device. A thin client requests a digital fingerprint of the client device in which the thin client is executing by forming a URL according to a protocol served by the server of the thick client and addressing the URL to the local client device. The thick client returns the digital fingerprint as a response to the request from the thin client. | 10-16-2014 |
| 20140310774 | DEVICE AUTHENTICATION USING INTER-PERSON MESSAGE METADATA - A device authentication server authenticates a remotely located device using unique data associated with the user of the device stored on a remotely located server that has an established relationship with the device, such as client logic installed on the device and authentication data of the user stored on the device. The unique data can be unique metadata associated with inter-person messages. Since each user receives and sends a unique collection of messages, the unique message meta-data associated with a user's account is, in aggregate, unique. | 10-16-2014 |
| 20140310775 | DISPERSED STORAGE NETWORK WITH CUSTOMIZED SECURITY AND METHODS FOR USE THEREWITH - A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules. | 10-16-2014 |
| 20140310776 | Control Access Based on Network Status - Embodiments herein relate to controlling access to a device based on status information of a network. The device is connected to and detects status information from the network. Further, the device controls access to a feature of the device based on the detected status information. The device detects the status information and controls access regardless of at least one of a power state of the device and an operating state of an operating system (OS) of the device. | 10-16-2014 |
| 20140317687 | METHOD AND SYSTEM FOR TRUST MANAGEMENT IN DISTRIBUTED COMPUTING SYSTEMS - A method and system for determining trustworthiness of individual nodes in distributed computing systems by considering the various malicious behaviors of the individual nodes as trustworthiness parameters. The invention provides a method and system that explores the behavioral pattern of the malicious nodes and quantifies those patterns to realize the secure trust management modeling. The invention also provides a method and system to distinguish between malicious node, defective node and accuser node. | 10-23-2014 |
| 20140317688 | METHOD AND DEVICE FOR GENERATING ACCESS STRATUM KEY IN COMMUNICATIONS SYSTEM - In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device. | 10-23-2014 |
| 20140325596 | AUTHENTICATION OF IP SOURCE ADDRESSES - A method and system for authenticating IP source addresses by accessing one or more HTTP requests whose source client identifies itself as a legitimate web crawler. One or more IP addresses are detected from the one or more HTTP requests and each detected IP address is authenticated via a probability estimation regarding its association with a legitimate web crawler. A lookup table is preferably compiled for the authenticated IP addresses for reference, publication and authentication purposes. | 10-30-2014 |
| 20140325597 | ACCESS CONTROL FOR CLOSED SUBSCRIBER GROUPS - A network transmits (broadcasts) an access mode indicator that indicates whether a closed subscriber group CSG network is being operated as open or closed and if it indicates open a user equipment UE that is not a registered member of the CSG is allowed access as a guest member, a user group of the closed subscriber group network, and allowing the user equipment access to the closed subscriber group network as a guest member. The CSG network can provide higher priority services to its registered members by differentiating them over guest members by an indication, received from each UE in its RADIO RESOURCE CONTROL CONNECTION REQUEST message, whether it is registered or a guest. The CSG can also transmit its ID/name for display at the UE so they may select whether and which CSG to join. | 10-30-2014 |
| 20140325598 | USING CLOCK DRIFT, CLOCK SLEW, AND NETWORK LATENCY TO ENHANCE MACHINE IDENTIFICATION - Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data. | 10-30-2014 |
| 20140331282 | Methods and Systems for Identifying, Verifying, and Authenticating an Identity - A method of authenticating the identity of a user is disclosed. The method may include registering a user, where registering the user includes receiving identification of a plurality of individuals associated with the user and a communication address for each of the plurality of individuals. The method may also include receiving a request to authenticate the identity of the user. The method may further include selecting at least one of the plurality of individuals to serve as an authentication agent. The method may additionally include initiating at least a first communication between the user and the authentication agent via the communication address. The method may moreover include receiving a second communication from the authentication agent. The method may furthermore include sending a message indicating the identity of the user is authenticated based at least in part on the second communication including a confirmation of the identity of the user. | 11-06-2014 |
| 20140331283 | Differentiating Between Good and Bad Content in a User-Provided Content System - A system differentiates good content from bad content in a user-provided content system. Messages are analyzed for features that characterize messages. A feature may occur in one or more messages. A feature that has more than a threshold number of occurrences in messages in a time interval is identified for further analysis. Enhanced authentication is requested from senders of the messages with occurrences of the identified feature. Based on the rate at which senders of the messages pass authentication, the content associated with the message is determined to be good content or bad content. Subsequent messages are blocked or successfully delivered based on whether features occurring in the messages are indicative of good content or bad content. | 11-06-2014 |
| 20140337918 | CONTEXT BASED SWITCHING TO A SECURE OPERATING SYSTEM ENVIRONMENT - Generally, this disclosure provides devices, systems, methods and computer readable media for context based switching to a secure OS environment including cloud based data synchronization and filtration. The device may include a storage controller to provide access to the secure OS stored in an initially provisioned state; a context determination module to monitor web site access, classify a transaction between the device and the website and identify a match between the web site and a list of web sites associated with secure OS operation or a match between the transaction classification and a list of transaction types associated with secure OS operation; and an OS switching module to switch from a main OS to the secure OS in response to the identified match. The switch may include updating state data associated with the secure OS, the state data received from a secure cloud-based data synchronization server. | 11-13-2014 |
| 20140337919 | SYSTEMS AND METHODS FOR REMOTE ACCESS TO COMPUTER DATA OVER PUBLIC AND PRIVATE NETWORKS VIA A SOFTWARE SWITCH - Provided are systems and methods for performing network-based digital data software switching between geographically dispersed subject computing devices, to obtain full access to digital data from the non-transitory computer-readable media of geographically dispersed computing devices such that the entire physical or logical media from each device is fully accessible to one or more user computers on the Internet. This is achieved via network-based digital data software switching systems that may be implemented on public or private networks. The data software switching system may be implemented on a private network for use by a private entity, or it may be achieved via a “cloud computing” model whereupon the user obtains, from a public network such as the Internet, the use of both dedicated and shared resources to engage the data software switching capability. | 11-13-2014 |
| 20140337920 | Secure Element as a Digital Pocket - The disclosure includes a system and method in which one or more virtual resources are presented to a secure element; and the one or more virtual resources are mapped to available resources based on a model architecture for the secure element in order to provide hardware abstraction, the available physical resources varying based on the model architecture and an associated host device, the virtual resources allowing consistent interaction with the virtual resources regardless of variation in the physical resources available and their location. The hardware abstraction increases the versatility of the secure element and may contribute to the secure element's functionality. The secure element providing functionality to replace most items carried in an individual's pockets, e.g., logical and physical keys, a thumb drive, identification, credit and debit cards, etc. | 11-13-2014 |
| 20140337921 | SECURITY AND ACCESS SYSTEM BASED ON MULTI-DIMENSIONAL LOCATION CHARACTERISTICS - An invention is provided for system security and access based on multi-dimensional location characteristics. The invention includes collecting contextual information characterizing a specific location during a first time period utilizing a contextual data collection device (CDCD), wherein the contextual information indicates specific characteristics of the location and is collected at the location. Then, a contextual location fingerprint (CLF) is created based on the collected contextual information. In general, the CLF is a data space of values mapped over specific period of time. In operation, new contextual information is collected at a location occupied by a device to be verified during a second time period. The new contextual information then is compared to the CLF and authenticating the device fir the new contextual information is within predefined parameters of the CLF. | 11-13-2014 |
| 20140337922 | COMMUNICATIONS HUB FOR USE IN LIFE CRITICAL NETWORK - Secured communications between patient portable communicators (PPC) and a central authority (CA) via an unsecured network are implemented using software implemented by a communications device. The communications device provides for detecting, using a multiplicity of disparate communication protocols, presence of entities requesting a network connection and determining whether or not each of the entities is a PPC, establishing, only for the entities determined to be PPCs, a connection to the CA via the unsecured network using the disparate communication protocols, authenticating only the PPCs to the CA, and facilitating communication of PPC data between the PPCs and the CA via the communications device and the unsecured network upon successful PPC authentication. The PPC data comprises at least some patient implantable medical device data acquired by the PPCs. | 11-13-2014 |
| 20140344892 | CLOUD-STORAGE-BASED FILE PROCESSING METHOD AND SYSTEM - The present invention provides a cloud-storage-based file processing method and system. The method includes: a cloud server receiving a trigger request from a mobile terminal and the trigger request is a cloud processing task request triggered by the mobile terminal; the cloud server performing a corresponding processing operation according to the trigger request; and, when the trigger request is an uploading request, selecting a file which needs to be uploaded from the cloud server's cloud storage space and transferring the selected file to a target website. According to the present invention, by using the cloud server on behalf of a user to carry out the file processing operations, such as downloading and uploading, it helps the user completing the online file sharing process, prevents the file uploading and downloading processes from being affected by the network access condition and the mobile terminal's hardware quality, and saves the user the data volume of the mobile terminal throughout the process. | 11-20-2014 |
| 20140351885 | CONTROL OF SIMPLE NETWORK MANAGEMENT PROTOCOL ACTIVITY - A server system may be configured to receive configuration information. The server system may also be configured to determine if the configuration information includes SNMP configuration information. The server system may be further configured to disable SNMP activity and close an SNMP port if it determines that the configuration information does not include SNMP configuration information. Therefore, in the absence of any configuration information which specifies that SNMP should be available, SNMP activity is disabled and the SNMP port is closed. | 11-27-2014 |
| 20140351886 | METHODS AND APPARATUSES FOR PROTECTING POSITIONING RELATED INFORMATION - Various methods, apparatuses and articles of manufacture are provided which may be implemented to authenticate the provider of a positioning engine provisioned within a mobile station to enable the positioning engine to obtain and use protected positioning assistance data. In certain examples, a relationship between the provider of a location server and the provider of a positioning engine provisioned within a mobile station may be authenticated, and protected positioning data may be obtained from said positioning engine by said location server. | 11-27-2014 |
| 20140351887 | Authentication Method and Device for Network Access - Embodiments of the present invention disclose an authentication method and device for network access. In the authentication method for network access in the embodiments, a first radio access network device establishes a data transmission channel of a first radio access network with a user equipment, obtains identification information of the user equipment in a second radio access network, and generates authentication information which is of the second radio access network and corresponds to the identification information, where the authentication information includes authentication information which is of the second radio access network and is for the user equipment and a second radio access network device to use; and sends the authentication information for the user equipment to use to the user equipment, and send correspondence between the identification information and the authentication information for the second radio access network device to use to the second radio access network device. | 11-27-2014 |
| 20140351888 | COMMUNICATION ACCESS CONTROL SYSTEM - A communication access control system includes a messaging service facility and a computing system. The computing system has a permanent memory and hosts a plurality of access control cells (each having an input and an output address); a messaging service to send messages between at least some of the access control cells; and a control service to define a link. The link is selected from a C-link, an F-link, and a Q-link. The C-link connects the output address of a first read-write cell of the access control cells to the input address of a second read-write cell of the access control cells. The F-link connects a forwarder address to the input address of at least one of the access control cells. The Q-link connects the output address of at least one of the access control cells to a queue address. | 11-27-2014 |
| 20140351889 | SANDBOX TECHNOLOGY BASED WEBPAGE BROWSING METHOD AND DEVICE - The invention discloses a sandbox technology based webpage browsing method and device. The method comprises: upon receiving an instruction for webpage browsing in a sandbox, starting a framework process outside the sandbox, so that an operation incurred in the framework process is processed outside the sandbox; intercepting a browser process created by the framework process and putting the browser process into the sandbox, so that a webpage access result is saved in a specified directory in the sandbox, and/or a script in the webpage runs in a virtual environment of the sandbox. The present invention not only ensures the convenience of user operations, but also meets the security requirement for webpage access. | 11-27-2014 |
| 20140351890 | Systems and Methods for Publishing Datasets - Systems and methods for publishing datasets are provided herein. According to some embodiments, methods for publishing datasets may include receiving a request to publish a dataset to at least one of an internal environment located within a secured zone and an external environment located outside the secured zone, the request comprising at least one selection criteria, selecting the dataset based upon the at least one selection criteria, the dataset being selected from an index of collected datasets, and responsive to the request, publishing the dataset to at least one of the internal environment and the external environment. | 11-27-2014 |
| 20140351891 | COOPERATIVE DATA ACCESS REQUEST AUTHORIZATION IN A DISPERSED STORAGE NETWORK - A method begins by storage units of a set of storage units receiving an access request regarding a set of encoded data slices from a user device. The method continues with a storage unit interpreting to determine whether the user device is authorized to access the set of encoded data slices. When the storage unit determines that the user device is authorized to access the set of encoded data slices as requested in the access request, the method continues with the storage unit sending a message to proceed with responding to the access request to the other storage units. When the storage unit determines that the user device is not authorized to access the set of encoded data slices as requested in the access request, the method continues with the storage unit sending a message to disregard the access request to the other storage units. | 11-27-2014 |
| 20140351892 | DATA DRIVEN ROLE BASED SECURITY - Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access. | 11-27-2014 |
| 20140351893 | MANAGING HARDWARE REBOOT AND RESET IN SHARED ENVIRONMENTS - In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine. | 11-27-2014 |
| 20140351894 | TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE - Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment. | 11-27-2014 |
| 20140359700 | SYSTEM AND METHOD FOR MANAGING TLS CONNECTIONS AMONG SEPARATE APPLICATIONS WITHIN A NETWORK OF COMPUTING SYSTEMS - An approach for reutilizing transport layer security (TLS) connections among separate application is provided. In one aspect, a computing system establishes a a transmission control program/Internet protocol (TCP/IP) connection between a first application of a first endpoint and a second application on a second endpoint. The computing system further performs a TLS handshake over the established TCP/IP connection. The computing system also transmits a request from a third application of the second endpoint to transfer a TLS context from the second application on the second endpoint. In response to the second application on the second endpoint accepting the transfer request, the second application utilizing via the one or more computer processors, a predetermined method of providing a TLS context to the third application, wherein the third application of the second endpoint and the first application of the first endpoint communicate securely. | 12-04-2014 |
| 20140359701 | DEVICE, INFORMATION PROCESSING TERMINAL, INFORMATION PROCESSING SYSTEM, DISPLAY CONTROL METHOD, AND RECORDING MEDIUM - A device includes an operation unit; a first processing unit sending a display request; a detection unit detecting a change of an authentication state of a user; a first communication unit receiving the display request, designating identification information identifying the configuration element, and transmitting the display request or transmitting notification information indicating the change of the authentication state to the operation unit. Further, the operation unit includes a second communication unit receiving the display request or the notification information, and a second processing unit displaying the configuration element in a form that is different from a form designated in the display request received by the first communication unit, or changing a display manner of the configuration element in accordance with the notification information. | 12-04-2014 |
| 20140359702 | INFORMATION PROCESSING SERVER SYSTEM, CONTROL METHOD, AND PROGRAM - An information processing server system in which agreement to terms of service by a user is confirmed using a second authentication session different from a first authentication session used when a client uses the web service is provided. | 12-04-2014 |
| 20140359703 | METHOD FOR SECURING AN ACTION THAT AN ACTUATING DEVICE MUST CARRY OUT AT THE REQUEST OF A USER - A method for securing an action that an actuating device must carry out at the request of a user. In the method, before any request by the user for an action, an identification link and a user authentication link are set up and registered on the security server via a dialog among the security server, the actuating device, and the user acting via a portable terminal. The invention can be used in the field of bank transactions. | 12-04-2014 |
| 20140359704 | PRIVATE CLOUD ROUTING SERVER, PRIVATE NETWORK SERVICE AND SMART DEVICE CLIENT ARCHITECTURE WITHOUT UTILIZING A PUBLIC CLOUD BASED ROUTING SERVER - A method and system for use with a public cloud network is disclosed, wherein the public cloud network includes at least one private cloud routing server, at least one private network service and at least one smart device client in communication therewith. The method and system comprise setting up the at least one private cloud routing server, the at least one private network service and the at least one smart device client in a client server relationship. The at least one private cloud routing server includes a message box associated therewith. The first message box is located in the public network. The at least one smart client includes a second message box associated therewith. The second message box is located on the public network. The method includes passing session based message information between the at least one private cloud routing server and the at least one smart device client via the first message box and the second message box in a secure manner. The session based information is authenticated by the private cloud routing server and the at least one smart device client. The smart device client and the private cloud routing server can then communicate with each other after the session based information is authenticated. The at least one private network service is then manageable and accessible by the at least one smart device client from anywhere at anytime without utilizing a public cloud based routing server. | 12-04-2014 |
| 20140366090 | UNAUTHENTICATED ACCESS TO ARTIFACTS IN COMMERCE NETWORKS - The disclosed embodiments provide a system that facilitates business interaction. During operation, the system identifies a non-registered entity associated with an interaction within a commerce network. Next, the system enables, for the non-registered entity, access to an artifact associated with the interaction without requiring authentication of the non-registered entity. | 12-11-2014 |
| 20140366091 | CUSTOMIZED INFORMATION SETUP, ACCESS AND SHARING DURING A LIVE CONFERENCE - A user device may access a remote conference management application and setup a conference customized for the user. For example, a number of presentation data files may be received from a user device and a user account may be authenticated which is associated with the user device. The presentation data files may be stored as a unique presentation and a scheduled presentation time may also be setup and stored for execution at a later time, and a notification may be transmitted to the user device to confirm that presentation time. | 12-11-2014 |
| 20140366092 | DATA TRANSMISSION METHOD AND MOBILE STORAGE DEVICE USING THE SAME - A mobile storage device is disclosed. The mobile storage device includes a wireless communication unit configured to allow the mobile storage device to be coupled to a cloud server via a network; a synchronizing unit configured to transmit data between the mobile storage device and the cloud server; and a storage unit configured to store data. | 12-11-2014 |
| 20140366093 | APPARATUS AND METHOD FOR VIRTUAL DESKTOP SERVICE - Disclosed herein are a method and architecture capable of efficiently providing virtual desktop service. A service architecture for virtual desktop service according to the present invention includes a connection broker configured to perform authentication, manage virtual machines, and perform a server monitoring and protocol coordination function, a resource pool configured to manage software resources that are delivered to a specific virtual machine in a streaming form on a specific time in order to provide on-demand virtual desktop service and are executed on the specific virtual machine and to provide provision information about the managed software resources in response to a request from the connection broker, and a virtual machine infrastructure configured to support hardware resources, generate virtual machines in which the software of a user terminal is executed, and provide the generated virtual machine as virtual desktops. | 12-11-2014 |
| 20140366094 | COMMUNICATION METHOD, COMMUNICATION APPARATUS AND TERMINAL - The invention provides a communication method, a communication device and a terminal. The method includes: recording a first time point of a first communication performed via a wireless network; and performing a second communication via the wireless network before a duration shorter than or equal to an authentication cooling threshold is elapsed from the first time point, wherein the authentication cooling threshold is associated with a duration in which a valid authentication of the terminal by the wireless network is retained. | 12-11-2014 |
| 20140366095 | METHODS FOR AUTHENTICATION USING NEAR-FIELD - Authentication methods are used to authenticate, a device1 having an ESN1 (electronic serial number), a device2 having an ESN2, and/or a user of the devices. In one implementation, device1 receives the ESN2 in a near-field signal; derives an authentication result as a function of the ESN1 and ESN2; and sends the authentication result to an authenticator device to use in completing authentication. Authentication is confirmed when the device1 authentication result matches an authentication result independently generated by the authenticator device, which is provisioned with the ESN1 and ESN2. In a second implementation, device1 generates a RAND1 (random number) and sends the RAND1 to device2 over a near-filed link. An authenticator device confirms authentication upon receiving the same RAND1 from both device1 and device2. | 12-11-2014 |
| 20140366096 | TECHNIQUES FOR SHARING VIRTUAL MACHINE (VM) RESOURCES - Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM). | 12-11-2014 |
| 20140373092 | PROVIDING DOMAIN-JOINED REMOTE APPLICATIONS IN A CLOUD ENVIRONMENT - Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a computer system receives authentication information for a private domain from an entity. The entity indicates that their private virtual machines are to be provisioned on a public cloud, where the entity's private domain is accessible using the authentication information. The computer system establishes a virtual network on the public cloud which is configured to host the entity's private virtual machines, where each virtual machine hosts remote applications. The computer system establishes an authenticated connection from the virtual network to the entity's private domain using the received authentication information and provides the entity's private virtual machines on the public cloud. The remote applications provided by the private virtual machines then have access to data stored within the entity's private domain using the authenticated connection. | 12-18-2014 |
| 20140373093 | ONLINE SECURE TRANSACTION VERIFICATION SYSTEM PROXY SERVER AND METHOD - In one example, a proxy server acts as a gateway to a website and modifies the traffic between a web browser on a user device and the website server, as necessary to request protection by providing step-up authentication and/or transaction verification. The proxy server blocks transactions when protection is required but has not occurred (either because the authentication was not proper or due to the detection of another problem). Associated methods and systems are also provided. | 12-18-2014 |
| 20140373094 | METHOD OF CONNECTING A USER TO A NETWORK - The present invention comprises a method of and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients. | 12-18-2014 |
| 20140373095 | BLOCKING/UNBLOCKING ALGORITHMS FOR SIGNALING OPTIMIZATION IN A WIRELESS NETWORK FOR TRAFFIC UTILIZING PROPRIETARY AND NON-PROPRIETARY PROTOCOLS - According to one aspect, the subject matter described herein includes a method for signaling optimization in a wireless network utilizing proprietary and non-proprietary protocols. A first session is established between an application on a mobile device and a local proxy on the mobile device, a second session is established between the local proxy and a proxy server not located on the mobile device, and a third session is established between the proxy server and a content server. A byte stream present within the first and second sessions is monitored to identify patterns within the byte stream. If a pattern is found, the pattern is used to determine a behavior of the application. If that behavior is one that is a candidate for optimization, signaling optimization is performed between the application and the content server. Signaling optimization includes dismantling the second session, replaying the pattern to the application via the first session, and replaying the pattern to the content server via the third session. | 12-18-2014 |
| 20140380417 | Methods And Devices For Controlling Access To Distributed Resources - Access to distributed resources of a network may be controlled by access control data structures that may be customized for a given user or application by taking into consideration a plurality of factors, such as the users and applications seeking access, and the status of a given user or application session. A combination of such parameters may dictate a strict or lenient authentication process. | 12-25-2014 |
| 20140380418 | System and method for verifying the legitimacy of requests sent from clients to server - Disclosed herein are method and system that can be used for: preventing brute force attacks against passwords; preventing denial of service attacks by flooding; restricting bots from spamming emails, registering resources, and collecting sensitive information; and possibly in other challenge-response tests. It also can be used to replace CAPTCHA in some situations, with advantages of better reliability and spares human participation during the process. This present invention considers a request as legitimate when the requesting client has paid certain amount of computation resource required by the server, in exchange for the server to admit the request. It performs a challenge-response test. The subject challenged is the sincerity of the client to make that request, which is measured by computation resources the client willing to spend in exchange for the service provided by the server. The invention also gives a method to control and guarantee the computation complexity of the challenge problem of the test. | 12-25-2014 |
| 20140380419 | METHODS FOR AUTHENTICATING DEVICE-TO-DEVICE COMMUNICATION - Devices and methods are described to enable devices to be paired in a convenient and secure way based on proximity with the use of a single radio transmission protocol. Using devices configurable to perform the processes described, users are able to pair Bluetooth enabled devices or other radio communication protocols simply by putting the devices briefly in contact, or within close proximity, usually few centimeters. When the two devices touch or are in close proximity, the encryption key is shared across the two devices without further interaction required by the user. The encryption key is not made visible, so one potential source of security breach is eliminated. After first setup, proximity is not required and the device can communicate securely based on the previously exchanged security tokens (and encryption keys) without the requirement of proximity. This method is hence superior to all other authentication methods in use as it combines the benefit of an easy setup/configuration with the use of secure communications and cheaper design and manufacturing. | 12-25-2014 |
| 20150020155 | ONE-WAY INTERFACE FOR PI TO PI DATA TRANSFER - A system for transferring information from a first PI server coupled to a first network to a second PI server coupled to a second network. The system includes a source platform coupled to the first network and in communication with the first PI server, a receive platform coupled to the second network and in communication with the second PI server, and a one-way data link coupling the source platform to the receive platform. The source platform is configured to read transfer configuration information from the first PI server and to dynamically modify the transfer parameters based thereon. The receive platform is configured to, if there is changed database record configuration information, continually store a current predefined portion of the historical information in memory without transferring such information to the second PI server until a user, via a user interface, authorizes the release of such information to the second PI server. | 01-15-2015 |
| 20150020156 | MULTIPLE TRANSACTION INTERFACE FRAMEWORK - Example methods and systems are directed to a multiple transaction interface framework. A system may comprise three computing devices. The first computing device may be accessible to a plurality of users. The second computing device may be inaccessible to the plurality of users, but accessible by a user account of the first computing device. The third computing device may be inaccessible to the plurality of users, and inaccessible by the user account of the first computing device, but accessible by a user account of the second computing device. In some example embodiments, the first computing device causes a user interface to be presented. The user interface may include data retrieved from the second computing device. The data may have been retrieved by the second computing device from the third computing device, which may be configured to store the data. | 01-15-2015 |
| 20150020157 | APPARATUS AND METHOD FOR MULTI CELL COMMUNICATION USING BEAMFORMING IN WIRELESS COMMUNICATION SYSTEM - A multicell access method using beamforming in a wireless communication system is provided. In the method for operating a terminal, an access procedure for accessing a first base station using a first antenna and accessing a second base station using a second antenna is performed. Communication with the first base station is performed using the first antenna. Communication with the second base station is performed using the second antenna. | 01-15-2015 |
| 20150020158 | SHARED SECRET TECHNIQUES FOR UBIQUITOUS COMPUTING DEVICES - Technologies and implementations for secure access to online services are generally disclosed. | 01-15-2015 |
| 20150020159 | THIN TERMINAL MODE-BASED SECURITY INFORMATION EXCHANGE SYSTEM, TERMINAL, SERVER AND METHOD - The present invention proposes a security information interaction system, terminal, server and method based on the thin terminal mode. Said system comprises an access server which is capable of transferring the application service address associated with the target application service back to said security information interaction terminal based on the security information interaction request from the corresponding security information interaction terminal. The security information interaction system, terminal, server and method based on the thin terminal mode disclosed in the present invention possess the flexible expansibility, can compatibly use multiple servers providing different application services, and have higher work efficiency and higher performance. | 01-15-2015 |
| 20150020160 | Method for Routing Within a Mobile Terminal Emulating a Contactless Payment Card - The present invention concerns the field of the emulation of contactless payment cards and more particularly the routing of the contactless communication within a device comprising several contactless payment card emulation circuits. | 01-15-2015 |
| 20150020161 | REVERES ACCESS METHOD FOR SECURING FRONT-END APPLICATIONS AND OTHERS - A System that provides a secured connection between servers on the LAN and clients on the WAN comprises the LAN (which includes LAN Server and LAN Controller) and the DMZ (which includes DMZ Server and DMZ Stack Pool Service). Wherein the Client Request reaches the DMZ Server it stores it in the DMZ Stack Pool Service and the LAN Controller establishes outbound TCP based connection to the DMZ Stack Pool Service that passes the Client Connection Information to the LAN Server via the LAN Controller. Then the LAN Server then generates a connection between the Service and DMZ Server. | 01-15-2015 |
| 20150020162 | METHODS FOR ACQUIRING AN INTERNET USER'S CONSENT TO BE LOCATED - A method and system for acquiring an internet user's consent to be geographically located via at least two independent sources of geographical information, where at least one independent source of geographical information is the wireless location of the internet user's communication voice device. The method does not require any user intervention other than the user's interaction with an internet site via the internet user's internet browser. | 01-15-2015 |
| 20150020163 | APPARATUS AND METHODS FOR PROTECTING DATA ON A WIRELESS DEVICE - Apparatus, methods, and programs for protecting data on a wireless device may include a wireless device having a computer platform with a processing engine operable, based upon configurable parameters, to log data access attempt on the wireless device and transmit the log to a remote device. Furthermore, the wireless device may be configured to execute locally and remotely generated control commands on the wireless device, the commands operable to modify an operation of the wireless device. The embodiment may also include an apparatus operable to receive the transmitted log, analyze the received log and transmit a control command to the wireless device. The apparatus may further generate a data access report and make the report available to an authorized user. | 01-15-2015 |
| 20150026768 | REMOTE WIRELESS ADAPTER - Systems and methods are described for connecting a private network to the Internet through a remote wireless adapter. According to one embodiment, a remote wireless adapter sets up a tunnel with a network security device through a local area network (LAN) adapter of the remote wireless adapter and sets up a wide area network (WAN) connection through a wireless modem which is connected to the wireless adapter. The remote wireless adapter receives an outgoing data packet sent by the network security device through the tunnel and writes the outgoing data packet to the WAN connection. The remote wireless adapter also receives an incoming data packet through the WAN connection and forwards the incoming data packet to the network security device through the tunnel. | 01-22-2015 |
| 20150026769 | System And Method For Managing A Broadband Network - A process for managing usage on a broadband network, said process comprising: (a) monitoring a subscriber's broadband usage; (b) determining if said usage rises to a level indicative of an event; (c) determining if said event is consistent with heavy usage or with a security incident; (d) if said event is consistent with heavy usage, offering said subscriber at least one of a plan for an upgraded subscription, or an incentive to concentrate usage in nonpeak time; and (e) if said event is consistent with a security incident, exercising security measures to minimize unintended usage. | 01-22-2015 |
| 20150026770 | SAFETY INFORMATION TRANSFER SYSTEM, DEVICE AND METHOD BASED ON EXTENDED PARAMETER SET - The present invention proposes a security information interaction system, device and method based on the extended parameter set. Said security information interaction system based on the extended parameter set comprises a security information interaction device and a security information interaction terminal, wherein said security information interaction device may execute the operations related to the transfer of a resource by means of performing the security information interaction with said security information interaction terminal via a communication interface based on one of a primary parameter set and the extended parameter set. The security information interaction system, device and method based on the extended parameter set disclosed in the present invention may realize the transfer operations of multiple kinds of resource having different attributes, the cost is lower, and the flexible configuration and extension can be realized according to the requirements. | 01-22-2015 |
| 20150026771 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes validating the communications device, capturing biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and granting access to the protected resources when the transmitted and stored one-time pass-phrases match. | 01-22-2015 |
| 20150033289 | ADAPTIVE AND CONTEXT BASED NFC ACCESS CONTROL FILTERING - A mobile device includes a transceiver for performing wireless communication; one or more secure elements which execute applications in a secure environment; a near field communication system for performing wireless communication independent of the transceiver and at a lower amount of power than said transceiver; and a contactless front end included in the near field communications system for receiving a data message from a near field communication device. The contactless front end includes a filter list for evaluating the data message and for controlling whether each data message is transmitted further into the mobile device. | 01-29-2015 |
| 20150033290 | Method and Internet Terminal for Remotely Performing Operations on a Secure Element Connected to a Communication Device - The invention relates to a method for remotely performing operations determined by a service provider on a secure element connected to a communication device having a user application capable of IP based communication, characterised by providing a non service provider specific Internet terminal client module for the user application for establishing connection with the secure element; obtaining context parameters for connection to an Internet terminal provider module hosted on a remote server via the user application, launching the Internet terminal client module by the user application, using the context parameters to establish remote connection between the Internet terminal provider module and the Internet terminal client module, detecting the secure element connected to the communication device via the Internet terminal client module, opening a virtual communication channel between the Internet terminal provider module and the secure element over the connection between the Internet terminal client module and the Internet terminal provider module, transmitting secure element commands determined by the service provider to the secure element over the virtual communication channel and performing an operation corresponding to the secure element commands on the secure element. The invention further relates to an Internet terminal comprising an Internet terminal provider module for remotely performing operations determined by a service provider on a secure element connected to a communication device having a user application capable of IP based communication, characterised by comprising a non service provider specific Internet terminal client module that can be launched by the user application which Internet terminal client module is configured to establish connection with the secure element, and to connect to the Internet terminal provider module and to open a virtual communication channel between the Internet terminal provider module and the secure element, which virtual communication channel is adapted to transmit secure element commands to the secure element for performing operations determined by the service provider. | 01-29-2015 |
| 20150033291 | MULTI-ISSUER SECURE ELEMENT PARTITION ARCHITECTURE FOR NFC ENABLED DEVICES - A method for providing secure element partitions for an NFC enabled device for a plurality of card issuers, the method comprising creating in a secure element of the NFC enabled device a plurality of secure element partitions; and allocating said secure element partitions of the secure element to the respective card issuers. | 01-29-2015 |
| 20150040186 | APPARATUS, METHOD, AND COMPUTER-READABLE MEDIUM - An apparatus includes a memory; and a processor coupled to the memory and configured to: set an indicator so that the indicator indicates an access to data is allowed when a start time of time zone arrives, the access to the data being allowed when time is within the time zone; set the indicator so that the indicator indicates the access to the data is not allowed when an end time of the time zone arrives; and determine whether to allow the access to the data on the basis of the indicator when the access of the data is requested. | 02-05-2015 |
| 20150040187 | SERVICE PROVISION SYSTEM, SERVICE PROVISION METHOD, AND COMPUTER PROGRAM PRODUCT - A service provision system includes: a management information storage unit that stores management information for managing user identification information, device identification information, and service identification information in association with one another; an authentication information receiving unit that receives authentication information including user authentication information and device authentication information from a device connected via a network; a service specifying unit that specifies, when the authentication information is authenticated by an authentication unit, a service associated with the authentication information based on the authentication information and the management information; and a first execution unit that receives a use request of a mail distribution service from the first device connected via the network, composes a mail according to the use request of the mail distribution service received from the first device, and distributes the composed mail to a previously specified mail server connected to the service provision system via a network. | 02-05-2015 |
| 20150040188 | SERVICE PROVIDING SYSTEM AND DATA PROVIDING METHOD - A system providing a service to a service receiving apparatus includes a management information storage that stores management information including service identification information, user authentication information of a user, and device authentication information of the service receiving apparatus that are associated with each other; an authentication information receiving unit that receives, as authentication information, at least one of user authentication information and device authentication information from the service receiving apparatus; an authentication unit that performs authentication by referring to the management information storage based on the received authentication information; an obtaining unit that obtains process target data from an external service based on an entry request from the service receiving apparatus that has been successfully authenticated; and a conversion unit that converts the obtained process target data into output data with a data format that the service receiving apparatus is able to output. | 02-05-2015 |
| 20150040189 | SERVICE PROVISION SYSTEM, SERVICE PROVISION METHOD, AND COMPUTER PROGRAM PRODUCT - A service provision system that includes: a management information storage unit that stores management information for managing user identification information, device identification information, and service identification information in association with one another; a workflow storage unit that stores a workflow in association with the registered service; an authentication information receiving unit that receives authentication information including user authentication information and device authentication information from a device connected via a network; an authentication unit that executes authentication processing of the received authentication information; a service specifying unit that specifies, when the authentication information is authenticated, a service associated with the authentication information based on the authentication information and the management information; and an execution unit that receives a use request of a specified service from the device connected via the network and executes processing according to the workflow stored in association with the specified service. | 02-05-2015 |
| 20150040190 | SYSTEM AND METHOD FOR PROXYING FEDERATED AUTHENTICATION PROTOCOLS - A system and method that include receiving a service provider identity request through a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and transmitting the proxy identity assertion to the service provider. | 02-05-2015 |
| 20150040191 | SYSTEM AND METHOD OF FACILITATING THE IDENTIFICATION OF A COMPUTER ON A NETWORK - A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack. | 02-05-2015 |
| 20150046975 | DATA TRANSMISSION APPARATUS, DATA TRANSMISSION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A data transmission apparatus having an authentication mode in which user authentication is required in order to transmit data and a non-authentication mode in which data may be transmitted without requiring user authentication includes an authenticating unit that authenticates a user, an address acquiring unit that acquires a destination that is a transmission destination of data and that is associated with the user who is authenticated, a history information acquiring unit that acquires history information that is a group of destinations that have been used previously, and a display that displays the destination, which is associated with the user who is authenticated, as a destination of data in the case where the authenticating unit performs user authentication successfully in the authentication mode and that displays a destination that is included in the history information as a candidate for a destination of data in the non-authentication mode. | 02-12-2015 |
| 20150046976 | IMAGE PROCESSING SYSTEM AND IMAGE PROCESSING APPARATUS FOR SENDING IMAGE DATA - An image processing system receives an input of authentication information from a user, and authenticates the user based on the received authentication information. The image processing system further selects a folder setting method in a case where an operation key for setting a folder of the user as a destination of image data is operated, sets the folder according to the selected folder setting method in response to the operation of the operation key, and sends the image data to the set folder as the destination. | 02-12-2015 |
| 20150046977 | Permit Compliance System - A system and method is disclosed that enables the display of permits and/or permit information related to a specific location, collection of permitting data onsite, comparison of the onsite data to permitted constraints, and reporting the results of the inspection (as required under the appropriate regulatory policy or as requested by the organization or entity being inspected), as well as sending immediate notifications, as appropriate, to decision makers. In certain embodiments, the system and method may also offer predictions on the likelihood of an enforcement action against the organization given factors such as, but not limited to, the type of violation, degree of violation, and enforcement actions against others for similar violations. In other embodiments, the system and method allows the permittee to mitigate the risk of a violation by notifying emergency personnel in addition to decision makers within the organization. | 02-12-2015 |
| 20150046978 | Electronic Messaging Exchange - A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform. | 02-12-2015 |
| 20150046979 | Storage Detection Apparatus, System, and Method - A storage detection apparatus is placed in an operating system in kernel mode; after file information is intercepted and a security level of file content is determined, file content of a high security level is redirected to a storage area of high storage security; the security level of the file content itself is determined and stored, which is transparent to a user, thereby implementing division of security levels for different documents generated by a same application. | 02-12-2015 |
| 20150046980 | SECURITY MODULE HAVING A SECONDARY AGENT IN COORDINATION WITH A HOST AGENT - The invention is directed to a security module deployed in a host device, which provides a secondary agent that operates in coordination with the host agent in the host device, but operates independent of the host operating system of the host device to independently access an existing communication network interface in the host device or a separate dedicated network interface, if available. In one aspect, the present invention enables robust theft recovery and asset tracking services. The system comprises a monitoring center; one or more monitored devices; a security module in the monitored devices; and one or more active communications networks. Monitored devices may be stand alone devices, such as computers (e.g., portable or desktop computers), or a device or a subsystem included in a system. A monitored device comprises a security module, a host agent and software to support the host agent that runs in the monitored device's OS. | 02-12-2015 |
| 20150046981 | TRUST DISCOVERY IN A COMMUNICATIONS NETWORK - A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data. | 02-12-2015 |
| 20150052578 | WIRELESS CONFIGURATION AND MANAGEMENT OF A SECURITY SYSTEM - A computer implemented method and system for configuring and managing a security system wirelessly is provided. The security system includes a gateway device and a wireless access point (WAP) for communicating with one or more electronic devices and monitoring event data from the electronic devices. The electronic devices connect to the gateway device via the WAP in the gateway device. A wireless router is connected to the security system to establish a network. A security management application on a control device accesses, configures, and controls the security system wirelessly through the WAP. The security system receives and transmits event data through the WAP to a database, the control device, and/or one or more secondary devices via the network. The security management application wirelessly configures and manages the security system and one or more electronic devices through the WAP via the network based on the received event data. | 02-19-2015 |
| 20150052579 | ORGANIZATIONAL ATTRIBUTION OF USER DEVICES - A login request to access information associated with a website may be received from a user device accessing the website via a browser. A determination may be made as to whether a browser attribute of the browser, font type, or service set identifier (SSID) information is located within a database. A further determination may be made as to whether to grant access to the information associated with the website. The determination as to whether to grant access to the information associated with the website may be based at least in part on the browser attribute font type, or service set identifier (SSID) information. | 02-19-2015 |
| 20150052580 | COMMUNICATIONS SYSTEM - A communications system is provided. A network device ( | 02-19-2015 |
| 20150052581 | DATA COMMUNICATION SYSTEM FOR AGRICULTURAL MACHINE - Data on agricultural machines can be outputted to mobile terminals easily and properly. A data collection device is provided separately from a control device that controls the operation of an agricultural machine and is connected to a vehicle communication network installed in the agricultural machine, and is removably connected to the vehicle communication network. The data collection device includes a data collection unit for collecting agricultural machine data outputted to the vehicle communication network, an authorization determination unit for implementing authentication with a mobile terminal to determine whether or not the collected data is transmitted to the mobile terminal by wireless communication, and a data communication unit for transmitting data to the mobile terminal by wireless communication when the authorization determination unit authorizes data transmission. | 02-19-2015 |
| 20150052582 | SECURE AREA FOR APPS - Privacy and restricted access are provided for functions, applications, and services on a computing device. An area accessible to a user interface is provided. A request from a user is accepted, the request for associating with the area with one or more available functions. The one or more functions are then associated with the area, and are made invisible. Another request from the user is accepted, the other request for gaining access to the area. Authentication against the user is requested. Access to the one or more functions is granted if the authentication is successful. According to another embodiment, an authorized user may send and receive messages via another device that belongs to another user based on identification of the user by the other user. | 02-19-2015 |
| 20150052583 | METHOD AND SYSTEM FOR PROVIDING EXTENDED AUTHENTICATION - A method and system for extending an authentication of a wireless device are disclosed. For example, the method includes authenticating access to the wireless device via a first authentication. The method detects a bonded authentication device as a second authentication. The method permits access to the wireless device when the bonded authentication device is detected. | 02-19-2015 |
| 20150058925 | SECURE ONE-WAY INTERFACE FOR OPC DATA TRANSFER - A system for transmitting OPC information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first OPC server in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to one or more OPC clients in the second security domain. | 02-26-2015 |
| 20150058926 | Shared Page Access Control Among Cloud Objects In A Distributed Cloud Environment - A management system in a distributed cloud environment that includes a plurality of cloud object, may administer shared page access control among cloud objects. Such shared access control includes: receiving, by the management system from a requesting cloud object, a request to access a shared page; discovering, by the management system, one or more page attributes of the shared page, where the one or more page attributes of the shared page include attributes specified by one or more cloud objects of the distributed cloud environment; identifying, by the management system in dependence upon the page attributes, one more access control measures to perform; performing, by the management system in dependence upon the page attributes, the access control measures; and determining, by the management system, whether to grant the requesting cloud object access to the shared page. | 02-26-2015 |
| 20150058927 | SECOND SCREEN MEDIATION - A system authenticates a first session for a first application running on a workstation and a second session for a second application running on a second screen device. The system links the first application to the second application when the first session matches the second session. The system receives data indicating the linked first application was changed at the workstation and provides update data to the second application corresponding to the change in the linked workstation application, causing a display of the second screen device to update based on the update data. | 02-26-2015 |
| 20150058928 | APPLYING CIRCUIT DELAY-BASED PHYSICALLY UNCLONABLE FUNCTIONS (PUFS) FOR MASKING OPERATION OF MEMORY-BASED PUFS TO RESIST INVASIVE AND CLONE ATTACKS - One feature pertains to generating a unique identifier for an electronic device by combining static random access memory (SRAM) PUFs and circuit delay based PUFs (e.g., ring oscillator (RO) PUFs, arbiter PUFs, etc.). The circuit delay based PUFs may be used to conceal either a challenge to, and/or response from, the SRAM PUFs, thereby inhibiting an attacker from being able to clone a memory device's response. | 02-26-2015 |
| 20150058929 | SYSTEM AND METHOD FOR TRUSTED MOBILE COMMUNICATIONS - Systems and methods for trusted mobile communications are described. A network system provisions a mobile client system with a collection of security parameters on a per application basis and a per device basis. The airplane system provides access to the mobile client system based on the established chain of trust without previously having information about the mobile client system even when the mobile client system and the airplane system are offline with respect to the network system. | 02-26-2015 |
| 20150058930 | METHOD AND APPARATUS FOR ENABLING AUTHORISED USERS TO ACCESS COMPUTER RESOURCES - An authentication system is disclosed for use in authenticating an entity to a relying party, to enable the entity to access a protected resource provided by the relying party via a web page, comprising an authentication component installable in a web browser used by the entity to access the web page, the authentication component comprising (a) a page scanner component which is operable when the entity accesses the web page to scan the web page (and/or to ask the entity) to identify a plurality of authentication systems supported by the web page; and (b) an activator component which is operable when the entity accesses the web page to install an identity system selector component in the web page which is operable to interact with the entity to enable the entity to select which of the plurality of authentication systems to use. | 02-26-2015 |
| 20150058931 | System and Method for Identity Management - Some implementations may provide a machine-assisted that includes: receiving, from a participant entity, a request to determine a trustworthiness of a transaction request, the transaction request being submitted by a user to access data managed by the participant entity; submitting a first inquiry at an authentication verification engine to determine an authenticity of a purported identity of the user submitting the transaction request; receiving a response from the authentication verification engine, the response including a computed authenticity score quantitatively attesting to the purported identity of the user submitting the transaction request; based on the computed authenticity score, determining the trustworthiness of the transaction request being submitted by the user; and notifying the participant entity of the determined trustworthiness of the transaction request to access data managed by the participant entity. | 02-26-2015 |
| 20150058932 | VISUALIZATION OF ACCESS PERMISSION STATUS - Queries regarding access permissions of users and rights to directories in a complex enterprise are executed in near real-time, using lookups to tables that form a condensed database maintained for each file server. User information is condensed by arranging users in user groups having common data access rights. Directory permissions storage is condensed by showing only distinctive permissions to a directory in a table entry, and referencing inherited permissions of parent directories. The tables indicate recursive and ancestral relationships among the user groups and directories. They are developed and updated in advance of any queries. A consolidated view of the query results is presented on a single display screen. Using the tables results can be obtained without exhaustive searches of large file system tables. | 02-26-2015 |
| 20150058933 | METHOD FOR ESTABLISHING SECURE COMMUNICATION LINK BETWEEN COMPUTERS OF VIRTUAL PRIVATE NETWORK - A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet. | 02-26-2015 |
| 20150058934 | METHOD AND SYSTEM FOR PROVIDING WI-FI SERVICE BY WI-FI DEVICE - A method and a system for providing a Wireless Fidelity (Wi-Fi) service, in which when multiple counterpart devices are selected based on manufacturer information and support information on supported functions and capability defined in a service information field of each beacon message or each probe response message, a final device is determined by checking multiple pieces of signal information of the selected counterpart devices, are provided. The method includes receiving messages from multiple counterpart devices, selecting one or more counterpart devices, each of which supports a requested service, from an identical manufacturer when the messages are received, checking multiple pieces of signal information of the selected counterpart devices when the number of the selected counterpart devices is greater than one, and determining a device having the signal information satisfying set conditions as a final device. | 02-26-2015 |
| 20150067774 | AUTOMATED METHOD FOR INCREASING AND MAINTAINING THE NUMBER OF SOCIAL MEDIA FOLLOWERS - An automated method, which acts on increasing and maintaining the number of social media followers of a particular identification (ID) on social media, is proposed. The proposed method may operate without the presence of a unique IP per user, and requires no local or central database for user information. User information is generated, encrypted, and saved on user web browser as a cookie. | 03-05-2015 |
| 20150067775 | System and Method of Secure Logon for Shared Devices - A system includes a sensor to determine a user is proximate to the system and a logon module to receive information from the sensor that a user is proximate to the system, receive logon information from the user and identification information associated with the user, authenticate the user to use the system based on the logon information, store the identification information, receive second information from the sensor that the user is not proximate to the system, suspend an operating system session, receive information from the sensor that the user is again proximate to the system, receive second identification information associated with the user, determine that the first and second identification information matches, and resume the OS session in response to determining that the first and second identification information matches. | 03-05-2015 |
| 20150067776 | METHOD AND APPARATUS FOR COMPILATION OF FINITE AUTOMATA - A method and corresponding apparatus are provided implementing run time processing using Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic and a unified deterministic finite automata (DFA) may be generated using the subpatterns selected from all patterns in the set, and at least one non-deterministic finite automata (NFA) may be generated for at least one pattern in the set, optimizing run time performance of the run time processing. | 03-05-2015 |
| 20150067777 | SYSTEMS AND METHODS FOR AUTHENTICATING NODES - To authenticate nodes, a connection between a first node and a second node may be identified. A first set of nodes having connections with the first node and assigned to a first plurality of clusters may be identified. A second set of nodes having connections with the second node and assigned to a second plurality of clusters may be identified. A first distribution of clusters may be generated based on the first set of nodes. A second distribution of clusters may be generated based on the second set of nodes. The first distribution and the second distribution may be analyzed. An authenticity metric for at least one of the first node and the second node may be generated based on the analyzing the first distribution and the second distribution. | 03-05-2015 |
| 20150067778 | INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING METHOD - An information processing device includes a reception unit and a control unit. The reception unit receives an access request including identification information of a transmission source from a terminal. The control unit acquires user information that is information about a user using the terminal based on the identification information included in the access request. | 03-05-2015 |
| 20150067779 | SERVER APPARATUS, LOGIN MANAGEMENT SYSTEM, AND NON-TRANSITORY STORAGE MEDIUM - The present invention is provided with the page responding unit | 03-05-2015 |
| 20150067780 | Mobile Terminal Detection Method And Mobile Terminal - A mobile terminal detection method and a mobile terminal. The method includes: reading a first international mobile equipment identity (IMEI) stored in a flash; comparing the first IMEI with a backup IMEI stored in a one-time programmable data (OTP) region which is prohibited from being modified; and disabling the mobile terminal when the first IMEI and the backup IMEI are inconsistent. In the present invention, the IMEI plaintext is directly backed up to the OTP region of the mobile terminal, and the value of the IMEI stored in the flash and the value of the backup IMEI are dynamically compared, so as to conveniently detect the legitimacy of the IMEI of the mobile terminal, effectively protect the IMEI number of the mobile terminal from being arbitrarily modified, and ensure the legitimate interests of users and operators. | 03-05-2015 |
| 20150067781 | Data Processing Based on Two-Dimensional Code - The present disclosure provides example methods and apparatuses of data processing based on a two-dimensional code. The two-dimensional code is generated upon receiving a data processing request from a user of a first communication device. Information relating to the data processing request obtained through scanning the two-dimensional code by a second communication device is received. A user interface for data processing is generated at the second communication device based on the information relating to the data processing request. The present techniques for data processing based on the two-dimensional code use the two-dimensional code to complete logging-in and avoid the tedious logging-in process, thereby conveniently, efficiently, and securely implements data output processing. | 03-05-2015 |
| 20150067782 | METHOD FOR CONNECTING TO NETWORK AND ELECTRONIC DEVICE THEREOF - A method and electronic device for network connection and authentication is disclosed herein. A control unit is configured to detect authentication information necessary to access a communication network, and detect whether the authentication information corresponding to the communication network is stored in a profile storing at least the authentication information for at least the communication network. A radio frequency (RF) processing unit configured to couple to the communication network in response to detecting that the authentication information is authenticated by an authentication server for the communication network. | 03-05-2015 |
| 20150067783 | SYSTEM AND METHOD FOR A CLOUD COMPUTING ABSTRACTION LAYER - According to one system of the invention, the system provides a cloud-computing service from a cloud-computing environment comprising a plurality of cloud-computing resources. The system may comprise: a management module configured to manage a cloud-computing resource of the plurality of cloud-computing resources as a cloud-computing service, wherein the cloud-computing service performs a computer workload; an adapter configured to connect to the cloud-computing resource to the system and translate a management instruction received from the management module into a proprietary cloud application program interface call for the cloud-computing resource; a cloud service bus configured to route the management instruction from the management module to the adapter; a consumption module configured to allow a user to subscribe the cloud-computing service; a planning module configured to plan the cloud-computing service; and a build module configured to build the cloud-computing service from the cloud-computing resource and publish the cloud-computing service to the consumption module. | 03-05-2015 |
| 20150074758 | METHOD OF USING A MOBILE TERMINAL TO IMPLEMENT CLOUD SEARCHING - A method of using a mobile terminal to implement cloud searching is provided. The method includes receiving, by the mobile terminal, searching conditions inputted by a user; executing, by the mobile terminal, local searching; and detecting whether networking is executed. If networking is executed, the method includes detecting, by the mobile terminal, whether the local stores user account information; and connecting to a cloud server when the local of the mobile terminal stores the user account information. If networking is not executed, the method includes returning local searching results. The method further includes transmitting, by the mobile terminal, the searching conditions to the cloud server; and executing, by the cloud server, cloud searching according to the searching conditions; and returning searching results to the mobile terminal. | 03-12-2015 |
| 20150074759 | APPLICATION TRUST-LISTING SECURITY SERVICE - Provided are techniques for controlling access to computing resources comprising generating a first fingerprint corresponding to a first executable file; storing the fingerprint in a non-transitory computer-readable storage medium; receiving a request to execute a second executable file on a computing system; generating a second fingerprint corresponding to the second executable file; determining whether or not the first fingerprint matches the second fingerprint; and, in response to determining that the first and second fingerprints match, executing the executable file on the computing system; and, in response to determining that the first and second fingerprints do not match, preventing the executable file from executing on the computing system. | 03-12-2015 |
| 20150074760 | System and Processing Method for Electronic Authentication Client, and System and Method for Electronic Authenication - A system for an electronic authentication client and a processing method thereof, and a system for electronic authentication and a method thereof are disclosed. The system for the electronic authentication client includes an intelligence remote controller and a television controller, wherein the television controller is configured to receive data of an authentication code from an authentication server, send the data of the authentication code to the intelligence remote controller, receive an operation result of an authentication code from the intelligence remote controller, and send the operation result of the authentication code to the authentication server; and the intelligence remote controller is configured to receive the data of the authentication code from the television controller, operate on the data of the authentication code based on a built-in authentication algorithm to obtain the operation result of the authentication code, and send the operation result of the authentication code to the television controller. | 03-12-2015 |
| 20150074761 | METHOD, DEVICE AND COMMUNICATIONS SYSTEM FOR NETWORK CONVERGENCE - Embodiments of the present invention provide a method, a device and a communications system for network convergence, which can support a charging manner of a network to which an access user belongs. The method for network convergence includes: after authentication of an access user is successful, receiving, by a second gateway, a PDN connection establishment message corresponding to the access user, where the message carries an access user identifier and is sent by a first gateway, the first gateway is a gateway of a first network in which the access user is currently located, and a service borne by the PDN connection corresponding to the access user includes a network side service of the access user in the first network; and initiating, by the second gateway, according to the access user identifier, a charging procedure corresponding to the access user. | 03-12-2015 |
| 20150082381 | METHOD AND APPARATUS FOR PROVIDING A DYNAMIC TOOL MENU BASED UPON A DOCUMENT - A method, non-transitory computer readable medium, and apparatus for providing a tool menu based upon a document displayed on an endpoint device are disclosed. For example, the method opens the document requested by a user in the endpoint device, detects one or more portions of the document that require data entry, determines a type of data entry that is required for the one or more portions of the document that are detected to require data entry, detects one or more configuration settings of the endpoint device and displays one or more tools selected from a plurality of tools on the tool menu based upon the type of data entry that is required for the one or more portions of the document and the one or more configuration settings of the endpoint device. | 03-19-2015 |
| 20150082382 | TECHNIQUES FOR MULTI-STANDARD PEER-TO-PEER CONNECTION - Techniques for multi-protocol peer-to-peer connection are described. An apparatus may comprise a discovery component to discover a remote device using a first protocol, and receive discovery information from the remote device, the discovery information including protocol information. The apparatus may comprise an authentication component to authenticate the remote device. The apparatus may comprise a connection component to establish a peer-to-peer connection with the remote device using a second protocol based on the protocol information. Other embodiments are described and claimed. | 03-19-2015 |
| 20150082383 | System and Method for Controlling Access to an Electronic Message Recipient - A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging. | 03-19-2015 |
| 20150082384 | Mobile-Device-Based Trust Computing - In one embodiment, a method includes receiving a request to access a shared device. The request may include data uniquely identifying a first user of the social-networking system. The first user may be represented by a first user node in a social graph associated with the social-networking system, and wherein the social graph comprises a plurality of user nodes and a plurality of edges connecting the user nodes. The method may further include determining that a social-networking account for each of one or more second users of the social-networking system was compromised, wherein each of the second users previously accessed the shared device. Each of the second users may be respectively associated with second user nodes in the social graph. The method may further include sending, to the shared device, a message indicating that the social-networking accounts for the second users were compromised. | 03-19-2015 |
| 20150082385 | Communication Gateway for Facilitating Communications With a Supervisory Control and Data Aquisition System - Transfer of data between at least one supervisory control and data acquisition (SCADA) device and an advanced metering infrastructure (AMI) device via a wireless communication network is facilitated. The data is used for monitoring and/or controlling the AMI device. A protocol conversion of the data is performed to facilitate transfer of the data between the SCADA device and the AMI device as data packets via a packet data network gateway and a wireless communications network. | 03-19-2015 |
| 20150089585 | Scored Factor-Based Authentication - Concepts and technologies are disclosed herein for scored factor-based authentication. A verification service can receive an authentication request from a requestor, wherein the authentication request identifies a transaction. The verification service can determine a risk associated with the transaction, an authentication score based upon the risk, a plurality of groups of authentication factors, each of which the authentication score. The verification service can provide factor group data identifying the plurality of groups of authentication factors to the requestor. | 03-26-2015 |
| 20150089586 | SYSTEMS AND METHODS FOR NFC ACCESS CONTROL IN A SECURE ELEMENT CENTRIC NFC ARCHITECTURE - This disclosure describes systems, methods, and computer-readable media related to near field communication (NFC) access control in a secure element centric NFC architecture. A secure element may receive a request for information and process the received request to identify a first access level associated with the request and a second access level associated with an originator of the request. The secure element may determine if the first access level matches the second access level. If the first access level does not match the second access level, the secure element may transmit a message to the originator of the request indicating a denial of the request. If the first access level does match the second access level, the secure element may transmit the request to a near field communication (NFC) controller, receive information from the NFC controller, and transmit the information from the NFC controller to the originator of the request. | 03-26-2015 |
| 20150089587 | ACCESS NETWORK TRUSTWORTHINESS DETECTION IN CORE NETWORK - There are provided measures for access network trustworthiness detection in core network. Such measures exemplarily comprise signaling of a trustworthiness indication of an access network with respect to a core network together with an access technology type of the access network from the access network, acquisition of the trustworthiness indication in the core network, detection of a trusted or untrusted property of the access network of the access technology type based on the acquired trustworthiness indication and access technology type in the core network, and operation according to the detected trusted or untrusted property of the access network in the core network. Such measures are exemplarily, but not exclusively, applicable in the context of a non-3GPP access network providing IP connectivity to a 3GPP core network. | 03-26-2015 |
| 20150089588 | AIR INTERFACE SECURITY METHOD AND DEVICE - Provided is an air interface security method. In the process of protocol transmission, the method executes: 1) a short-range coupling device sending a security parameter request message to a short-range card; 2) after receiving the security parameter request message, the short-range card conduct security parameter feedback on the short-range coupling device; and 3) the short-range coupling device and the short-range card establish a security link according to a security parameter. Provided are a short-range coupling device, a short-range card, etc. for achieving the method. By introducing a security mechanism, the present invention provides a security protection capability for an air interface, can provide identity authentication for a short-range coupling device and a short-range card to ensure the validity and authenticity of the identities of both sides in the communications, and at the same time, will not bring additional hardware overhead to the short-range coupling device and the short-range card. | 03-26-2015 |
| 20150089589 | SECURE DATA PROCESSING - A secure data processing apparatus and a method are disclosed. The secure data processing apparatus is operable to securely process user data provided by a user and includes a trusted domain having a trusted bus; a trusted domain controller coupling the trusted bus with an untrusted bus of an untrusted domain, the trusted domain controller being operable to ensure that encrypted incoming user data received over the untrusted bus is decrypted and provided over the trusted bus as the incoming user data and to ensure that outgoing user data is encrypted and provided over the untrusted bus as encrypted outgoing data. The trusted domain controller that only encrypted data is provided in the untrusted domain reducing the chance of the data being compromised. The trusted domain controller ensures that access to the unencrypted data within the trusted domain can be avoided. The confidentiality of the data can be assured without performance shortfalls. | 03-26-2015 |
| 20150089590 | METHODS FOR SECURE CONTROL OF AND SECURE DATA EXTRACTION FROM IMPLANTABLE MEDICAL DEVICES USING SMARTPHONES OR OTHER MOBILE DEVICES - The system presented allows secure control of and secure data extraction from implantable medical devices (IMD) using smartphones or other mobile devices. In particular, a patient's or a healthcare provider's mobile device can be utilized to securely interface with an IMD that has been implanted in or on a patient's body. Embodiments include, but are not limited to devices, systems, and methods for securing implanted medical devices. | 03-26-2015 |
| 20150095979 | METHOD AND SYSTEM FOR MANAGING USER SECURITY PERMISSIONS FOR ACCESS TO RESOURCES - Disclosed is a method and system of managing user security permissions for access to resources accessible over a communications network, to participate in a designated task or conversation relating to the resources. The method and system include: assembling resources relating to the designated task or conversation into a collection and allocating security permissions for users to access said resources in the collection over the network based on whether the users a |
