| Entries |
| Document | Title | Date |
|---|
| 20080201766 | Efficient data structures for multi-dimensional security - Efficient data structures are generated to enforce permissions on a multi-dimensional representation in a performance management application. A model site is generated having at least one model with at least one dimension. User permissions and group permissions are set for the model. The user permission and the group permissions are deployed to a relational database. A collective user permission table is generated based on the user permissions and the group permissions. Thus, an end user may receive permissions associated with a model and permissions associated with particular dimensions of a model without an inefficient consumption of resources. | 08-21-2008 |
| 20080209521 | Location-Enabled Security Services in Wireless Network | 08-28-2008 |
| 20080209522 | Method, Apparatus, and Computer Program Product for Authenticating Subscriber Communications at a Network Server - An apparatus for authenticating subscriber communications at a network server includes a determining element and an identification element in communication with the determining element. The determining element may be configured to receive an incoming message. The identification extractor may be configured to extract a device identifier and an address identifier from the incoming message. The determining element may be further configured to determine whether the device identifier and the address identifier of the incoming message match both a registered device identifier and a registered address identifier associated with the registered device identifier, respectively. | 08-28-2008 |
| 20080209523 | SHARING DATA OVER TRUSTED NETWORKS - Data is automatically shared over one or more contact networks which are interrelated by a trust relationship. The data can be shared using a network-based communication service and is stored as a data record in a local data store. The communication service may be implemented as an instant messaging, electronic mail, mobile phone or some other type of communication service. The data record can include data created by a user, a relevance value, a maximum share count and/or other data. The number of times that data may be shared may be configured by the user that generates the data. The relevance of the data may be updated each time the data is shared. | 08-28-2008 |
| 20080209524 | Caching public objects with private connections - Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections. | 08-28-2008 |
| 20080209525 | APPLICATIONS AND USES FOR SYSTEM AND METHOD OF CONTROLLING AND MONITORING COMPUTER PROGRAM USAGE - Embodiments of the present invention include applications for a method of modifying a computer program to control and monitor usage, e.g., for software protection, by dividing the computer program code into protected and unprotected parts. The policy may dictate the conditions under which the resource may be released. The policy may be associated, for example, with a particular copy of the computer program being executed, or it may be associated with a user identification (for example, as identified by a user name and password), or a time limitation, or a mode of use of the software, or other conditions placed on the set of parameters received from the user machine. The policy may be dictated statically, or it may be changed dynamically by a supervisor. | 08-28-2008 |
| 20080216156 | Fault tolerant security system, method and apparatus - A security system comprises a host system, a plurality of master controllers and a plurality of sub-controllers, wherein each sub-controller is assigned a specific master controller as well as alternate master controllers for communication access upon failure of the primary master controller. The host, master controller and sub-controllers are all coupled by a series of primary communication networks and paths and have multiple alternative communication network paths which function should there be a failure of the primary communication network. The host system comprises system and application software, data storage devices and communication ports to support the application requirements of the master controller, sub-controller network and access control devices attached thereto necessary to support a fault tolerant network. The system is configured with backup communication networks between the components so that upon failure of one or more components or communication paths the function of the failed component or path is assumed by alternative predesignated components or paths such that the operations of the system is not interrupted. | 09-04-2008 |
| 20080216157 | Method, System and Computer Program Product for Providing Access Policies for Services - The invention relates to a method, system and computer program product for provisioning in a communications network. According to the method at least one request is received form a client system ( | 09-04-2008 |
| 20080216158 | Lawful Interception of Unauthorized Subscribers and Equipments - The present invention relates to methods and arrangements in a telecommunication system to override current access rights. The telecommunication system comprises an Access Point IAP; MSC, SGSN associated with a Configuration Unit ICU. The method comprises the following steps: —Receiving to the Access Point IAP; MSC, SGSN from the Configuration Unit ICU, a request ( | 09-04-2008 |
| 20080216159 | System and method for electronic consent and delivery of financial and/or other transaction-related information - The present invention relates to a method and system for effectively and efficiently delivering financial and/or other transaction-related information to investors while complying with relevant governmental rules and regulations regarding notice, access and proof of delivery. The method and system of the present invention enable individual consent of electronic delivery of financial and/or other transaction-related information from investors and electronically delivering such information and/or documentation to the consented recipients. The system can manage and update investor lists for issuers and/or market intermediaries; prepare financial and other transaction-related information for review; replace or supplement hardcopy documents by disseminating such financial and other transaction-related information through an electronic delivery fulfillment system that complies with governmental rules and regulations; and enable real-time audit tracking of the electronic delivery to confirm both delivery and access of delivered information and to track corrupted electronic deliveries. | 09-04-2008 |
| 20080222705 | SYSTEM AND METHOD FOR DELIVERING GEOGRAPHICALLY RESTRICTED CONTENT, SUCH AS OVER-AIR BROADCAST PROGRAMMING, TO A RECIPIENT OVER A COMPUTER NETWORK, NAMELY THE INTERNET - A system and method for delivering geographically restricted content, including but not limited to over-air broadcast programming, to a recipient over a computer network, namely the Internet. The content is only delivered over the computer network if the recipient's computer or network device requesting the content over the network is verified to be located in the geographically restricted area. A conventional tuner is employed by the recipient's computer to receive one or more over-air signals having a broadcast range deemed to be synonymous with the geographically restricted area for the requested content. If the tuner is able to receive such over-air signal(s), the requested content is delivered over the network to the recipient's computer. This is because the recipient is known to be physically located in the geographically restricted area by the ability of the tuner to receive the over-air signal(s). | 09-11-2008 |
| 20080222706 | GLOBALLY AWARE AUTHENTICATION SYSTEM - A computer security monitoring method and system includes receiving input data, wherein the input data includes user account data associated with a user's security-related interaction with a particular network, security-related local network data associated with the particular network, and security-related external network data regarding security threats at one or more independent, external networks. The input data is analyzed to generate at least one composite security status score, wherein the analyzing includes an analysis of the user account data based on previously stored data associated with the user account, and an analysis of the security-related local and external network data to adjust the composite security status score when the analysis of the security-related local and external network data indicates an increased security threat. The method and system may produce human-readable output including an alert associated with the at least one composite security status score. Other features are disclosed. | 09-11-2008 |
| 20080222707 | SYSTEMS AND METHODS FOR CONTROLLING SERVICE ACCESS ON A WIRELESS COMMUNICATION DEVICE - Methods, devices, systems and computer program products are provided for controlling access to services, content, applications and the like on a wireless communication device. In one aspect, wireless communication device-wide access control is provided such that unified access control may exist on the device; providing access control to more than one, and in some instances all, of the services and/or applications that are accessible on the device. Additionally, aspects provide for limiting or prohibiting access based on numerous access control factors, such as content type, service type, location of the device, time or any other device environmental characteristic. The methods, devices, systems and computer program products for content access control may be executed on the wireless communication device or they may be executed within the wireless network. | 09-11-2008 |
| 20080222708 | IMPLEMENTING ACCESS CONTROL FOR QUERIES TO A CONTENT MANAGEMENT SYSTEM - A system to generate an SQL sub-expression that implement access control rules stored in a library server. The SQL sub-expression is then merged with the SQL passed from an application program interface (API). The access control checking mechanism is implemented on the server side of the content management system. In this client/server environment, the query SQL statement is built in two layers: the API (client) layer and the server layer. The API sends the query string to the underlying stored procedure. The stored procedure then generates the access control logic based on the configuration parameters of the library server. This access control logic is dynamically added to the query string sent by the API. The stored procedure prepares, builds and executes this new query string as a dynamic SQL statement. | 09-11-2008 |
| 20080229392 | SYMBIOTIC HOST AUTHENTICATION AND/OR IDENTIFICATION - Embodiments of identifying and/or authenticating membership in a symbiotic network are disclosed. | 09-18-2008 |
| 20080229393 | Method and apparatus for access security services - One embodiment disclosed relates to a method for a switch to respond to a new client. A new client is detected at a port of the switch. The switch temporarily assigns the port to be an untagged member of a virtual local area network (VLAN) which is configured for unauthorized clients. Initialization services are provided to the new client via the unauthorized-client VLAN. The new client may be authenticated by way of an authentication session using the unauthorized-client VLAN. If the new client is authenticated, then the untagged membership of the port in the unauthorized-client VLAN is dropped, and the port is assigned to be an untagged member of a specified VLAN. | 09-18-2008 |
| 20080229394 | Method and System For Securely Protecting Data During Software Application Usage - Techniques for use in enterprise and similar computing systems securely protect data during software application use by generating private table seeds as a function of a predetermined parameters and private tables as a function of the private table seeds. Each of the private tables associates with a distinct one of the private table seeds, each of the private tables associates with a site. An enterprise table seed is formed using other parameters and an enterprise table is derived from the enterprise table seed. The enterprise table permits data communication throughout an enterprise. A string of characters allows accessing a global private information protection system which includes global tables for integrating the private tables, the enterprise tables, and the global tables into a runtime application program at a remote location and coordinating the user's use to control assure only secure use and prevent inadvertent disclosure of the protected information. | 09-18-2008 |
| 20080229395 | Method and Apparatus for Using a Proxy to Manage Confidential Information - A method, apparatus, and computer usable code for managing confidential data. A request is received to access an application from a user, wherein the application includes logic to process the confidential data. One of a first interface or a second interface is selected based on an identification whether the user is permitted to see the confidential data to form a selected interface in response to receiving the request. A selected interface is presented to the user. The first interface presents the confidential information and second interface presents non-confidential information without presenting the confidential information. The second interface allows access to the logic in the application without accessing the confidential data. | 09-18-2008 |
| 20080229396 | ISSUING A COMMAND AND MULTIPLE USER CREDENTIALS TO A REMOTE SYSTEM - A login shell and command access checking supporting multiple user credentials are provided. The login shell receives a request to execute a command from a remote computer including a multi-user credential. The login shell authenticates the command access rights of the multi-user credential. In response to command access rights being granted, the command is executed. | 09-18-2008 |
| 20080235770 | System and Method of Network Authentication, Authorization and Accounting - A network authentication, authorization and accounting system and a method thereof, wherein said system comprises: a subscriber device, via which a subscriber is connected with the network; an access server, connected with the subscriber device and designed to enable the subscriber device to access the network; an AAA server, connected with the access server and designed to collaborate with the access server to accomplish authentication, authorization, and accounting for the subscriber accessing the network; a service server, connected with the access server, designed to provide specific services, to exchange authentication and authorization information with the AAA server, and to interact with the subscriber device to provide the service; a service accounting server, connected with the service server, designed to collaborate with the service server to accomplish accounting for service resource use of the subscriber, and to send the accounting data to the AAA server. Accordingly, the present invention also discloses a network authentication, authorization and accounting method. The present invention enables a subscriber to access different types of services with only the subscriber identification information (user name and password) through a single identity authentication process, and supports centralized accounting. | 09-25-2008 |
| 20080235771 | Method and System For Dynamic Adjustment of Computer Security Based on Network Activity of Users - A method, system, apparatus, or computer program product is presented for securing computational resources in a data processing system. A first user uses a first computational device, and a user security level is associated with the first user. Likewise, a second user uses a second computational device, and a user security level is associated with the second user. The computational resources on the first computational device are automatically reconfigured based on the second user security level of the second user. A computational security level may be assigned to a computational resource on the first computational device, and the computational security level is dynamically adjusted in response to detected network activity by the second computational device that is being used by the second user. Modified security-related parameters for reconfiguring computational resources on the first computational device are reconfigured based on the adjusted computational security level. | 09-25-2008 |
| 20080244706 | Method of and System For Generating an Authorized Domain - This invention relates to a system and a method of generating an Authorized Domain (AI)), the method comprising the steps of selecting a domain identifier (Domain ID) uniquely identifying the Authorized Domain, binding at least one user (P | 10-02-2008 |
| 20080244707 | WIRELESS TRANSMITTER IDENTITY VALIDATION IN A WIRELESS NETWORK - An apparatus, a method, and logic encoded in computer readable media that when executed operable to carry out the method. The method includes wirelessly receiving at a receiving station a signal transmitted from a transmitting station in a wireless network. The signal includes a network identifier, e.g., MAC address of the transmitting station. The method includes determining one or more RF waveform characteristics of at least a transient part of the received signal, decoding the received signal to determine the network identifier, e.g., MAC address, determining one or more behavior characteristics from the received signal; and using the decoded network identifier, e.g., MAC address and a combination of the one or more waveform characteristics and the one or more behavior characteristics to ascertain whether or not the network identifier, e.g., MAC address is a spoofed identifier, the ascertaining using historical samples of combinations for different network identifiers. | 10-02-2008 |
| 20080244708 | UPDATING AUTHENTICATION SERVER LISTS FOR USERS ACCESSING SHARED ACCESS DEVICES - A method, service, system, computer program, etc., provides a list of acceptable authentication servers that a user could use to log in when accessing a networked device, such as a networked printer or document processing device. The embodiments include preparing a module, such as a dynamically loadable module (DLM) for use in the networked system accessed by the users. Each of the networked devices is enabled to accept the DLM. The embodiments forward the DLM to the networked devices as a print job along a print job submission path within the network. The networked devices recognize the DLM as a special job. Further, the networked devices use the DLM to install the XML file on each of the networked devices. Thus, the authentication server lists and authentication programs are updated within each of the networked devices using the DLM. | 10-02-2008 |
| 20080244709 | METHODS AND SYSTEMS TO ALLOW MULTIPLE SIP APPLICATIONS ON A SIP CLIENT THE ABILITY TO SELECT SPECIFIC APPLICATIONS AND FEATURES ON A SIP SERVER - A method is provided for a SIP client to select a SIP application and a SIP feature associated with the SIP application by sending a message to a remote SIP server that includes the identification of the SIP application and SIP feature. The message may be generated by the SIP client using SIP application configuration information stored on the SIP client. The SIP application configuration information includes information about SIP applications and associated features and where the SIP applications can be located. A further method is provided for a SIP enabled device, for example a SIP client or a SIP server, to be provided with SIP application configuration information by a configuration server. Various SIP enabled devices and a configuration server for implementing the methods are also described herein. | 10-02-2008 |
| 20080244710 | METHODS AND SYSTEMS FOR AUTHENTICATION USING IP MULTIMEDIA SERVICES IDENTITY MODULES - Systems and methods provide two levels of authentication for a user on an IMS-IPTV system. A first level of authentication validates an ISIM card (set-top box) with the network using, e.g., an IMSI comparison. A second level of authentication validates the user through comparing user entered information with information stored on the ISIM card. Additionally, methods for populating security information onto the ISIM card to facilitate the second level of authentication are described. | 10-02-2008 |
| 20080244711 | System and Method for Specifying Access to Resources in a Mobile Code System - Mobile code, such as an applet, is permitted to create a network connection with a content server on a network, without restricting the applet only to connections from the computer from which it was downloaded. This is achieved in accordance with the principles of the present invention by using network restriction software in the execution engine or runtime system under which the applet executes. When the applet attempts to create a network connection to a content server, the network restriction software checks a name file on the content server for the presence of an entry whose name corresponds to the name of the computer from which the applet was downloaded. If such an entry is present, then the network restriction software permits the network connection between the applet and the content server to be created. If not, the applet may not create a network connection with the content server. | 10-02-2008 |
| 20080250476 | Method and Apparatus to Enable a Securely Provisioned Computing Environment - A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer. | 10-09-2008 |
| 20080250477 | SYSTEM AND METHOD FOR SECOND FACTOR AUTHENTICATION SERVICES - A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds. | 10-09-2008 |
| 20080256605 | Localized authorization system in IP networks - The invention provides a method for bootstrapping a local authorizer of a non-public access network. The local authorizer is arranged for granting access for a client device to the non-public access network. Therefore, the local authorizer includes a credentials database, which is used in authentication and authorization of the client device during access to services or resources of the non-public network. A secret knowledge of the client device is used for generating at least one set of credentials. The bootstrapping method includes the step of uploading the at least one set of credentials to the credentials database of the local authorizer. This upload is performed by the client device at least at first access of the client device to the non-public network. Then the credentials in the credentials database are used for authentication and authorization of the client device during access to the non-public access network. | 10-16-2008 |
| 20080256606 | Method and Apparatus for Privilege Management - A computer implemented method, apparatus, and computer program product for managing privileges on a data processing system. The process initiates a privilege monitor. All other entities in the data processing system are prevented from assigning privileges. The privilege monitor is the only entity authorized to assign privileges. The process monitors for requests for privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor. | 10-16-2008 |
| 20080256607 | Extensible and programmable multi-tenant service architecture - An extensible, multi-tenant software-as-a-service business application platform is provided for hosting multiple organizations. Organization services are provided by virtual or physical servers with dedicated data stores assembled in scalable groups. Distributed interaction between components of the scalable groups may enable extensibility and reliability, while changes in locations of organization services are provided to the client(s) for seamless continuation of the client's access to the services. Customizable and dynamic APIs for accessing each organization's data and applications isolated from the others and pluggable third party authentication services may also be integrated into the platform. | 10-16-2008 |
| 20080256608 | Linking Between Internet Subscription Websites - A method and system for managing delivery of a web resource to a user on a web server. The method determines the identity of the user on the web server and retrieves the web resource from the web server. The method scans the web resource to identify links, such as hypertext links, in the web resource that refer to a target web resource. For each link, the method determines whether access is allowed or denied by the user to the target web resource. The method creates a copy of the web resource and deactivates each link in the copy of the web resource if access is denied by the user to the target web resource referred to by the link. The method then delivers the copy of the web resource to the user on the web server. | 10-16-2008 |
| 20080256609 | Multiple User Credentials - A login shell and file/directory access checking supporting multiple user credentials are provided. The login shell receives user input from a particular user including login information for a plurality of user accounts for that particular user. The login shell authenticates the plurality of user accounts using the login information and retrieves a plurality of user credentials corresponding to the plurality of user accounts. This plurality of user credentials forms a multi-user credential. In response to a request for access to a file, the access rights to the file for the user are verified by verifying the access rights of the multi-user credential. | 10-16-2008 |
| 20080256610 | SYSTEM AND METHOD FOR DYNAMIC ROLE ASSOCIATION - A pluggable architecture allows security and business logic plugins to be inserted into a security service hosted by a server, and to control access to one or more secured resources on that server, on another server within the security domain, or between security domains. The security service may act as a focal point for security enforcement, and access rights determination, and information used or determined within one login process can flow transparently and automatically to other login processes. Entitlements denote what a particular user may or may not do with a particular resource, in a particular context. Entitlements reflect not only the technical aspects of the secure environment (the permit or deny concept), but can be used to represent the business logic or functionality required by the server provider. In this way entitlements bridge the gap between a simple security platform, and a complex business policy platform. | 10-16-2008 |
| 20080256611 | METHOD AND APPARATUS FOR RESOURCE LOCATOR IDENTIFIER REWRITE - A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client. | 10-16-2008 |
| 20080263635 | POLICY STORE - A method for obtaining resource restriction information of a client application's resource includes: receiving authentication information from one of a plurality of authentication modules; identifying a client application's resource and authentication module based on the received authentication information; locating a policy store that is associated with the identified client application's resource, the policy store containing resource restriction information for each of the plurality of authentication modules; and obtaining the resource restriction information associated with the identified authentication module from the policy store. | 10-23-2008 |
| 20080263636 | METHOD AND SYSTEM FOR VALIDATING ACTIVE COMPUTER TERMINAL SESSIONS - Systems, methods and program codes are provided wherein an analyzer analyzes input from a terminal device; ascertains human-like behavior; and terminates an active session, generates a time-out warning, manipulates an idle session timer or presents a challenge in response to a humanness likelihood determination or to a challenge result. In one aspect a keystroke analyzer and a command sequence analyzer determine whether the terminal device input is likely from a human user or from an automaton. In another aspect a Completely Automated Public Turing Test to tell Computers and Humans Apart challenge is presented. Timing characteristics include maximum generation rate, burstiness, and keystroke sequence delays, and command characteristics include a no-action-required characteristic and a query characteristic. A command sequence analyzer may have an affinity for a command line interface. Weighting algorithms or artificial intelligence routines may be applied to humanness likelihood outputs. | 10-23-2008 |
| 20080263637 | Information Distribution System and Terminal Device - A terminal device that can, when delivering information to an other terminal device, control delivery of the information from a primary delivery destination to a secondary delivery destination is provided. The terminal device stores a primary delivery condition regarding whether delivery of the information to the primary delivery destination is prohibited or permitted, and trustability showing a degree of trust of a user in the primary delivery destination. The terminal device judges whether or not to deliver the information to the primary delivery destination, by using the primary delivery condition. When judging to deliver the information, the terminal device calculates a secondary delivery condition using the trustability and the primary delivery condition, the secondary delivery condition regarding whether delivery of the information from the primary delivery destination to the secondary delivery destination is prohibited or permitted. The terminal device sends the generated secondary delivery condition to the primary delivery destination. | 10-23-2008 |
| 20080263638 | AUTHORIZATION FOR ACCESS TO WEB SERVICE RESOURCES - A web service includes a protected resource. A requester requests access to the protected resource by sending a request to the web service. The web service prevents access to the web service until the request has been authorized by an authorizer. After the request has been authorized by the authorizer, the web service allows the requester to access the protected resource. | 10-23-2008 |
| 20080263639 | System for securing inbound and outbound data packet flow in a computer network - A method provides for control of access to network resources. A virtual identity machine resides in the network and is pre-authorized to access certain network resources. End users desiring access to those network resources attempt to logically connect to the virtual identity machines. If the logical connection attempt is successful, then the end user assumes the virtual identity of the virtual identity machine and has access to all of the same information that was available to the virtual identity machine. | 10-23-2008 |
| 20080271121 | EXTERNAL USER LIFECYCLE MANAGEMENT FOR FEDERATED ENVIRONMENTS - The present invention provides a generic technique that externalizes the management of a user session, particularly in the context of a federated environment. The invention obviates any requirement to design and implement special software (or any requirement to modify a previously installed plug-in) to enable third party SSOp-aware applications to manage the lifecycle of a user session. In an illustrative embodiment, the user session lifecycle is managed externally through an external authentication interface (EAI) that has been extended to enable any POC (or SSOp-aware application) to interface to a federated identity provider component using a simple HTTP transport mechanism. In the inventive approach, HTTP request and response headers carry the information that is used by the POC to initiate and later destroy a user session, and such information is provided by a federated entity without requiring use of a special authentication API. | 10-30-2008 |
| 20080271122 | GRANULATED HARDWARE RESOURCE PROTECTION IN AN ELECTRONIC SYSTEM - A control logic secures access to an electronic system. The control logic comprises an initialization logic and an operational logic. The initialization logic allocates access rights individually among a plurality of hardware and/or operation elements in the electronic system and individually secures the plurality of hardware and/or operation elements with electronic and/or software-activated access. The operational logic responds to attempted access by a user to authenticate hardware and/or operation elements and enable operation of the hardware and/or operation elements upon authentication. | 10-30-2008 |
| 20080271123 | System and Method For Controlling Devices in a Home-Automation Network - A home-automation system ( | 10-30-2008 |
| 20080271124 | Secure Computer Use System - Methods and apparatus for ensuring the computer security of users of a computer system are described. A user is allocated a security grading relating to how secure their computer system ( | 10-30-2008 |
| 20080271125 | Authenticating a Requestor Without Providing a Key - A system for authenticating a requesting entity in a subnet communications environment includes determining a client identification of a client node associated with the requesting entity, and determining whether the requesting entity associated with the client node is acting in a supervisor capacity. A key to the requesting entity is returned from a resource provider node upon determining that the client identification of the client node indicates that the client node is permitted to access one or more resources of the provider node, and that the client node is acting in a supervisor capacity. | 10-30-2008 |
| 20080276304 | Method and System for Handling Content Delivery in Communication Networks - A system for handling transactions in a communication network, wherein the transactions include at least one technology-dependent request for a given content made by a requester to at least one server. The system operates based on an access content list including permit/deny access clauses regulating access of the requesters to the contents by the server. A processing module, configured for detecting the technology-dependent request, and extracting therefrom information identifying the requester making the request and the content requested, is provided. A corresponding technology independent access content entry, adapted to be checked against the access content list to derive permit/deny information concerning the request detected, can thus be generated. The request is handled as a function of the permit/deny information derived and thus, e.g., forwarded toward the server or either dropped or forwarded to an alternative destination. Access to the various contents delivered is thus controlled in a manner that is independent of the specific technologies used for delivering the media contents. | 11-06-2008 |
| 20080282325 | Aaa Support for Dhcp - A basic idea is to use the AAA infrastructure to assign (S | 11-13-2008 |
| 20080282326 | CONTROL PRODUCTION SUPPORT ACCESS - A device creates a group for accessing a front door program that enables access to a secure resource, assigns, to the group, one or more permissions to perform one or more tasks associated with the secure resource, and adds a user to the group using identification information associated with the user, wherein the user is permitted to perform the one or more tasks based on the addition of the user to the group. | 11-13-2008 |
| 20080282327 | NETWORK AUTHORIZATION STATUS NOTIFICATION - A system that enables network authorization status to be conveyed to the device requesting network services within or outside the scope of an authentication exchange is provided. The authorization status notification or information can be automatically generated or otherwise triggered by a request from the user or device. For instance, a query can be employed to solicit device authorization status related to a particular service or group of services. Additionally, authorization status notification can be automatically triggered based upon a change in the device authorization state. | 11-13-2008 |
| 20080282328 | METHOD AND SYSTEM FOR MODELING OPTIONS FOR OPAQUE MANAGEMENT DATA FOR A USER AND/OR AN OWNER - Distributed Management Task Force (DMTF) management profiles, based on the Common Information Model (CIM) protocol, may be utilized to perform access authentication during opaque management data profile operations based on DMTF/CIM Role Based Authorization (RBA) profile and/or Simple Identity Management (SIM) profiles. Instances of CIM_Identity class may be utilized to enable validation of ownership and/or access rights, via instances of CIM_Role class and/or instances of CIM_Privilege class for a plurality of common users and/or applications. Quota related operations may be performed via “QuotaAffectsElement” associations between instances of CIM_Identity class and instances of the CIM_OpaqueManagementDataService class. The “QuotaAffectsElement” association may comprise “AllocationQuota” and/or “AllocatedBytes” properties to enable tracking and/or validating of quota related information within the opaque management data profile. | 11-13-2008 |
| 20080282329 | CONTROLLING ACCESS TO NAME SERVICE FOR A DOMAIN NAME SYSTEM - A system and method is provided for using a DNS server operating on a wide area network to enable an authorized reception device to receive (or be provided with) restricted content data associated with a particular wide area network address and redefine the domain name associated with a particular wide area network address. In a preferred embodiment of the present invention, an authorization application is adapted to provide the reception device with user-verification data, receive from the reception device verification data, and provide the filtering application with authorization data. The filtering application, which operates similarly to prior art DNS server systems, is further adapted to receive filtered data (i.e., password-required data and/or pseudo-domain-name data) and authorization data in order to provide an IP address of the content server to the reception device via a wide area network, such as the Internet. | 11-13-2008 |
| 20080289006 | MEDIA FILE DISTRIBUTION SYSTEM AND METHOD - A file distribution method and system for distributing media files to authorized recipients. The method and system exploit the advantages of peer-to-peer file distribution protocols, such as BitTorrent, while maintaining security and control over the file distribution. A server farm containing a plurality of servers is placed behind the security of a distribution system, preventing unauthorized client devices from accessing the media files stored on the server farm. Media files are fragmented and stored on each of the plurality of servers within the server farm. Each server on the server farm features at least one IP address and each server is pre-seeded with a complete copy of the fragmented media file. Fragments are distributed to requesting authorized clients in accordance with a peer-to-peer file distribution protocol. | 11-20-2008 |
| 20080289007 | System and Method for Granting Privileges Based on Location - A method grants privileges based on location. The method comprises determining a location of a mobile unit disposed within a coverage area of a network. The coverage area is separated into a plurality of zones. The method comprises determining a first zone in which the mobile unit is disposed. The method comprises granting access to a first privilege to the mobile unit, the first privilege being based on the first zone. | 11-20-2008 |
| 20080289008 | Method and Equipment for Controlling Access to Multicast Ip Flows - The invention relates to a method of controlling access to multicast IP flows. Following connection to a collection equipment by a user terminal, the method consists in: transmitting an access authorization request message from said collection equipment to an access control server; and, subsequently, upon successful verification of the user access right, transmitting an access authorization acceptance message comprising at least one multicast filter from the server to the collection equipment or, in the absence of a successful verification, transmitting an access refusal message from the server to the collection equipment in order to inhibit the connection of the user terminal. The invention is suitable for multicast broadcasting over an IP, Internet and/or corporate network. | 11-20-2008 |
| 20080289009 | Method and Apparatus for Controlling of Remote Access to a Local Network - The present invention is to ensure security of a local network, e.g., a home network from remote access while allowing remote access. In a method of the present invention, if a device on the local network is to be accessed remotely, user identifying information (and/or device identifying information) and connection information of a target device, that are accompanied by the access, are compared with information of registered allowance entries and whether to allow the access is determined based on the comparison result. According to the method, remote access to a device invoked by a user (and/or a remote device) whose remote access is not set to allowance is blocked while remote access invoked by a user (and/or a remote device) whose remote access is set to allowance is admitted. | 11-20-2008 |
| 20080289010 | Managing Secured Resources in Web Resources that are Accessed by Multiple Portals - A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier. | 11-20-2008 |
| 20080289011 | Dualistic Microprocessor System for Purpose of Controlling Personal Computer Internet Communication Resource - A system comprising of both software on a target computer and software residing on a removable hardware device, (currently embodiment is a USB device) designed for the sole purpose of limiting and or controlling Internet (IP based network) communications, based upon the presence of the external device. The system utilizes a unique device descriptor along with a unique stored identifier of the Physical Control Node (PCN) for the purposes of enabling the target computer to discriminate devices. A unique identifier held within the computer allows the PCN to discriminate the target computer. Furthermore, allowed IP addresses are stored in the PCN and or computer for the purpose of allowing access to specific IP addresses while connected. Tertiary criteria can be stored within the PCN and or computer for the purposes of further defining system behavior i.e. calendar and time restricted behavior, while logging associated events. | 11-20-2008 |
| 20080289012 | SYSTEM AND METHOD FOR CREATING, EXECUTING, AND MAPPING SERVICE - A service creation system and a method thereof are provided. In creation of a new service, a combined abstract service logic is created in accordance with existing service classes in a class catalog of existing services to implement service-level reuse. A service execution system and a method thereof are also provided, and during the operation of an abstract service logic, the abstract service logic is converted into a concrete service logic, and then a service is accessed in accordance with the concrete service logic. An abstract service mapping system and a method thereof are further provided. With the invention, the efficiency and flexibility of service development can be improved, services on a service network can be developed and deployed simply and rapidly, and the normal operation of the service network can be ensured effectively. | 11-20-2008 |
| 20080295154 | METHOD AND SYSTEM FOR MANAGING MOBILITY OF ACCESS TERMINAL USING PROXY MOBILE INTERNET PROTOCOL IN A MOBILE COMMUNICATION SYSTEM, AND METHOD FOR ALLOCATING HOME ADDRESS OF ACCESS TERMINAL FOR THE SAME | 11-27-2008 |
| 20080295155 | SYSTEMS, METHODS, AND MEDIA FOR MANAGING ELECTRONIC ASSET TAGS FOR ASSET DEVICES | 11-27-2008 |
| 20080295156 | SYSTEM, COMPUTER PROGRAM PRODUCT AND METHOD FOR SCANNING AND MANAGING DOCUMENTS | 11-27-2008 |
| 20080301778 | System And Method For Preventing Automated Programs and Unauthorized Users In A Network - A system for preventing an unauthorized user in a networked computing environment includes a client computer provided with a visual test upon a request transmitted through a network by the client computer for a service, wherein the visual test is displayed on a video display, wherein the visual test requires the performance of a predetermined action on a group of images displayed on the video display in order to gain access to the service, wherein the group of images comprises at least two images that are associated with each other. | 12-04-2008 |
| 20080301779 | Configuring Security Mechanisms Utilizing A Trust System - Implementations of configuring security mechanisms utilizing a trust system are described. In one implementation, a request to communicate is received at a protected device. Before permission to communicate can be granted, a list of trusted devices is accessed. If information, such as an identity or a secret, associated with the device sending the request to communicate correlates to information found on the list of trusted devices, then communication can be allowed. Otherwise, communication between the device and the protected device can be denied. | 12-04-2008 |
| 20080301780 | ACCESS CONTROL NEGATION USING NEGATIVE GROUPS - The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group. | 12-04-2008 |
| 20080301781 | METHOD, SYSTEM AND COMPUTER PROGRAM FOR MANAGING MULTIPLE ROLE USERID - In a data processing system it is necessary to make sure that only authorized users have access to system resources and normally not all the users can have access to all and to the same resources. The present invention provides a method and a system for controlling resources, handling multiple authorization roles with a single userID, and allows for movement between the roles without changing identity. This results in a clearer audit trail, and removes the need for extensive knowledge of the security system commands and for multiple steps to allow a step up or down in authorization. | 12-04-2008 |
| 20080301782 | BROADCAST/MULTICAST SERVICE SYSTEM AND METHOD PROVIDING INTER-NETWORK ROAMING - A method of providing a broadcast/multicast (BCAST) service, the method including receiving, from a terminal, a request of access to a BCAST service, performing service authorization with a home network, delivering, to the terminal, a message including a rights object (RO) to access the BCAST service, if the terminal is authorized to receive the BCAST service as a result of the service authorization, and providing the BCAST service to the terminal that was authorized to receive the BCAST service. | 12-04-2008 |
| 20080307502 | USER MESSAGE MANAGEMENT METHODS AND SYSTEMS - User message management methods and systems for use in an IPMI (Intelligent Platform Management Interface) system. A BMC (Baseboard Management Controller) receives a request to access a user message list in a storage unit from a console. The BMC performs operations by accessing at least one user message in the user message list based on the request. | 12-11-2008 |
| 20080307503 | System and Method for Search Parameter Data Entry And Result Access In A Law Enforcement Multiple Domain Security Environment - A system and method for law enforcement query entry that enables universal platform access without requiring specialized platform software by utilizing a keystroke efficient lexicon for data entry that is converted to standardized search commands by a back end server and by displaying search results in accordance with user, platform, network, and data security constraints. | 12-11-2008 |
| 20080307504 | SYSTEM CONNECTIONS AND USER INTERFACES - This description relates to methods and systems for providing a connection from a first system to a second system using a server. In one embodiment, a method includes receiving a user input to establish a sharing service on a first data processing system (DPS) for a user of a second DPS; determining, in response to the user input, whether the user of the second DPS has an account with a service which includes a server which is capable of being coupled to the first DPS through a network; receiving from the server, if the account exists, authentication data for use in authenticating the user of the second DPS when the sharing service is enabled. Other methods and systems and computer readable media are described. | 12-11-2008 |
| 20080307505 | DETERMINING ROLES FOR AUTOMATED TASKS IN A ROLE-BASED ACCESS CONTROL ENVIRONMENT - A computer implemented method, apparatus, and computer program product for performing an automated task in a role-based access control environment. A set of roles is assigned to a user to form assigned roles, wherein the role-based access control environment allows the user to assume a subset of the assigned roles at a given time. Responsive to receiving a request to execute an automated task, an identity of the user creating the automated task is identified. Responsive to determining that the user creating the automated task is not logged in, a set of session roles are identified based on the identity of the user. A session is created for the automated task. The automated task is performed in the session using the set of session roles. | 12-11-2008 |
| 20080307506 | AUTHORIZATION FRAMEWORK - Embodiments of the present invention provide an authorization framework that can accept one or more pluggable authorization modules and the final authorization decision can be a collective decision of these modules based on some criteria. The authorization framework of the present invention can be used by an application to call upon one or more pluggable authorization modules, which can be configured externally by some mechanism, to make individual authorization decisions. The overall authorization decision by the authorization framework is cumulative decision of the individual modules based on some criteria that can be configured. Each pluggable authorization module can be configured to perform its own authorization decision making process that can be different from those of the other modules. | 12-11-2008 |
| 20080307507 | Memory device using time from a trusted host device - A memory device for using time from a trusted host device is disclosed. In one embodiment, a memory device comprises a memory array and circuitry operative to provide a security system operative to authenticate an entity running on a host device, a time module that keeps track of time, and an application operative to perform a time-based operation, wherein the application is further operative to use time from the host device instead of time from the time module to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination. | 12-11-2008 |
| 20080307508 | Method for using time from a trusted host device - A method for using time from a trusted host device is disclosed. In one embodiment, an application on a memory device receives a request to perform a time-based operation from an entity authenticated by the memory device, wherein the entity is running on a host device. The application selects time from the host device instead of time from a time module on the memory device to perform the time-based operation and uses the time from the host device to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination. | 12-11-2008 |
| 20080307509 | METHOD AND APPARATUS FOR CONTROLLING HOME NETWORK DEVICES USING RICH SITE SUMMARY SERVICE - A method of controlling at least one home network device, in which a home network periodically connects to a rich site summary (RSS) server, fetches a control command for the at least one home network device, and controls the at least one home network device on the basis of the fetched control command. | 12-11-2008 |
| 20080307510 | Information processing apparatus and information processing method - A multifunction product, when receiving input of login name and password, requests an LDAP server to perform authentication by using a pre-set representative ID. If the authentication is successful, the multifunction product requests the LDAP server to search for user information (DN) with the use of the login name, and after acquiring the DN, requests the LDAP server to perform authentication with the use of the DN. If the authentication processing is successful, the multifunction product permits a search for user information stored in the LDAP server. | 12-11-2008 |
| 20080307511 | Network invitation arrangement and method - Method and arrangement for enabling communications between an entity operating a network including a first user, and a second user includes sending a message from the first user to the entity informing the entity of identification information of the second user interested in joining the network, sending from the entity to the first user a key to allow the second user to communicate with the entity, providing a message from the first user directly to the second user containing the key, sending a message from the second user to the entity using the key, determining whether the key sent by the second user corresponds to the key provided by the entity to the first user, and if so enabling communications between the second user and the entity. The ability of the first user to obtain a key to enable the second user to join the network is time-limited. | 12-11-2008 |
| 20080307512 | Property Centric Real Estate Maps with Personalized Points of Interest - This patent describes a method for the Sellers of Real Estate to annotate, personalize and highlight the surroundings of their property-for-sale using graphical icons on a digital map. Potential buyers can view surroundings of Real Estate properties that are so annotated. This method describes a web-based, secure and personalized conduit that is established between the seller and all potential buyers. Also described is the method in which sellers can customize the process of annotating their property so that every subsequent annotation takes less time than the last. | 12-11-2008 |
| 20080313711 | MANAGING STATUS AND ACCESS FOR A VARIABLE SOURCE CONTENT STREAM - In one embodiment, a method can include: receiving rules in an interoperability server, the rules being related to access control for an endpoint coupled to a variable source content stream via a multicast network; and sending to the endpoint using in-band controls of the variable source content stream via the multicast network: a description of content streams available for selection by the endpoint; a procedure for selecting an available content stream; and permission for accessing the selected content stream, the permission being based on the rules. | 12-18-2008 |
| 20080313712 | TRANSFORMATION OF SEQUENTIAL ACCESS CONTROL LISTS UTILIZING CERTIFICATES - The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL. | 12-18-2008 |
| 20080313713 | AUDIO START SERVICE FOR AD-HOC MEETINGS - An audio start service method for enabling and scheduling ad hoc distributed meetings. Only a short (in some embodiments less than or equal to about 32 bits) unique device identification is needed to enable distributed meeting devices participating in the meeting to rendezvous at a common rendezvous network address. Once the participants know the unique meeting network address they can take part in the meeting, while others can join or leave the meeting. The data string is each device's unique identification that is encoded into an inaudible watermark and continuously exchanged between devices over the telephone network. A first distributed meeting device requests a network address from a distributed meeting server. This unique meeting network address then is sent to an audio start service that identifies “buddies” of the first device and sends out meeting invitations and the network address to other devices so they can join the meeting. | 12-18-2008 |
| 20080313714 | Systems and methods for network authentication - Exemplary systems and methods for network authentication are provided. Exemplary systems include an application program interface configured for receiving a request for an authentication code, a code generator in communication with the application program interface, the code generator configured to generate the authentication code, and the application program interface further configured to receive the generated authentication code and allow an application to communicate digital data with a web-based social network. Further systems include the generated authentication code being received from a network device without an Internet browser and the received generated authentication code allowing an application to communicate digital data with a web-based social network for an extended period of time. Exemplary methods include receiving a request for an authentication code, generating the authentication code, receiving the generated authentication code, and allowing an application to communicate digital data with a web-based social network. | 12-18-2008 |
| 20080313715 | NODE AUTHENTICATION - A system and method of accessing a service on a terminal node. The system includes a chain of nodes, the chain comprising a first node, one or more intermediate nodes, and the terminal node, the terminal node maintaining the service, wherein the first node is arranged to initiate an access request and to transmit the access request to an adjacent node, each intermediate node is arranged to authenticate the transmitting node and to transmit the access request to an adjacent node, and the terminal node is arranged to authenticate the transmitting node and to execute the access request. | 12-18-2008 |
| 20080313716 | ROLE-BASED ACCESS CONTROL TO COMPUTING RESOURCES IN AN INTER-ORGANIZATIONAL COMMUNITY - A method for controlling access to a plurality of computing resources in a distributed computing environment can comprise the steps of: an application role server, responsive to receiving a certificate request, authenticating the requester and issuing a digital certificate to the requester; an access control node, responsive to receiving a resource access request, granting access to the computing resource to the requester upon ascertaining the requestor's access privileges, or forwarding the resource access request to another access control node. | 12-18-2008 |
| 20080320564 | Method for Handling Event Triggers and Re-Authorization Triggers in Flow Based Charging - The present invention discloses a method for handling event triggers and re-authorization triggers in flow based charging. The method comprises: TPF determines whether the bearer event matches an event trigger, if the bearer event matches an event trigger, TPF requesting the charging rules from CRF, then TPF determines whether the bearer event matches a re-authorization trigger, if it matches, the TPF performing a re-authorization process, otherwise, ending the current process; if the bearer event does not match any event trigger, just determining whether the bearer event matches a re-authorization trigger, if it matches, the TPF performing a re-authorization process, otherwise ending the current process. In this way, only one interaction for re-authorization is needed between TPF and OCS, thus the re-authorization process is optimized when there is overlap between event triggers and re-authorization triggers, and the re-authorization process in flow based charging is improved. | 12-25-2008 |
| 20080320565 | Open enhanced federation security techniques - Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed. | 12-25-2008 |
| 20080320566 | Device provisioning and domain join emulation over non-secured networks - Proxy service that enables a domain join operation for a client over a non-secure network. The join operation is achieved with minimal security exposure by using machine identity information rather than user credentials. The proxy only uses permission associated with adding a new machine account to the enterprise directory, and not for adding a user account or take ownership of existing accounts. The proxy enables authentication based on actual machine account credentials to obtain a signed certificate, rather than conventional techniques such as delegation. Moreover, the enrollment process employs an original trust relationship between the device and the proxy rather than requiring or depending on public trust. | 12-25-2008 |
| 20080320567 | SYSTEM AND METHOD FOR PREVENTING WEB FRAUDS COMMITTED USING CLIENT-SCRIPTING ATTACKS - A method for detecting and blocking Javascript hijacking attacks, comprising checking if an incoming request belongs to a valid session established between a client and a trusted server. When said incoming request does belong to a valid session, it is checked if a Referer header of said incoming request includes a valid domain name. The incoming request is marked as suspicious, when said incoming request does not include a valid domain name. It is checked if a respective response of said suspicious incoming request includes a script code. A preventive action responsive to a user input is taken when said respective response includes a script code. | 12-25-2008 |
| 20090007238 | Method and Apparatus for Management and Updating of Distributed User Databases - The invention includes a method and apparatus for authenticating a visiting node in a wireless network. A method includes receiving a request to transfer a user database of a visiting node, obtaining the visiting node user database from the visiting node in response to a determination to update a master user database to include the visiting node user database, and merging the visiting node user database with the master user database. The request to transfer the visiting node user database is received, from the visiting node, at a primary authentication node of the network. The visiting node user database includes entries for users associated with the visiting node. The master user database includes entries for users associated with nodes authenticated by the primary authentication node of the network. | 01-01-2009 |
| 20090007239 | Mobile IP Bulk Registration Revocation - Techniques for Mobile IP bulk registration revocation are described herein. According to one embodiment, a first mobile agent of a mobile IP network sends a registration revocation message to a second mobile agent of the mobile IP network. The registration revocation message includes information identifying multiple home IP addresses of multiple mobile nodes whose registrations are to be revoked. In response to the registration revocation, the second mobile agent terminates bindings of services associated with multiple mobile nodes identified by the multiple home IP addresses and sends an acknowledgement message to the first mobile agent. Other methods and apparatuses are also described. | 01-01-2009 |
| 20090007240 | Systems and methods for conditional access and digital rights management - Conditional access (CA) and digital rights management (DRM) in digital media delivery, processing, and storage systems. Methods and apparatuses are provided for managing digital rights under the protection of multiple CA and/or DRM systems. Some embodiments provide secure and robust methods for bridging multiple DRM systems in the digital media content distribution and playback systems. The present invention simplifies content repurposing, after it has been bridged to a secondary DRM system, but still under the control of the original DRM system. | 01-01-2009 |
| 20090007241 | SECURE CONTENT DELIVERY SYSTEM - A secure streaming content delivery system provides a plurality of content servers connected to a network that host customer content that can be cached and/or stored, e.g., images, video, text, and/or software. The content servers respond to requests for customer content from users. The invention load balances user requests for cached customer content to the appropriate content server. A user makes a request to a customer's server/authorization server for delivery of the customer's content. The authorization server checks if the user is authorized to view the requested content. If the user is authorized, then the authorization server generates a hash value using the authorization server's secret key, the current time, a time-to-live value, and any other information that the customer has configured, and embeds it into the URL which is passed to the user. A content server receives a URL request from the user for customer content cached on the content server. The request is verified by the content server creating its own hash value using the customer server's secret key, the current time, a time-to-live value, and any other related information configured for the customer. If the hash value from the URL matches the content server's generated hash value, then the user's request is valid and within the expiration time period and the content server delivers the requested content to the user. | 01-01-2009 |
| 20090007242 | Access Control System and Method - Certain embodiments of the invention relate to an access control system defining one or more compartments and providing rules, which are applied to the compartment(s), to control access to network services by entities that are associated with a said compartment, the rules comprising at least a first kind of rule for controlling access to network services that use dynamically-assigned communications ports. | 01-01-2009 |
| 20090013383 | MONITORING NETWORK SERVICE AFFECTING EVENTS, TAKING ACTION, AND AUTOMATING SUBSCRIBER NOTIFICATION - In one embodiment, a method includes identifying at least one parameter as being associated with a service provided to an entity, as for example a subscriber. The service is arranged to service the entity. The method also includes monitoring the parameter to determine if accessibility to the service by the entity is compromised, and invoking a notification mechanism to send a notification to the entity if it is determined that the accessibility to the service by the entity is compromised. The notification indicates that the accessibility to the service is compromised. | 01-08-2009 |
| 20090013384 | Deriving a Username Based on a Digital Certificate - One embodiment of a method for determining a username comprises obtaining a digital certificate from a first computer application requesting a service; authenticating the digital certificate of the first computer application; and retrieving the username from the digital certificate that is recognized by a second computer application performing the service as a user of the second computer application. Other methods and systems are also provided. | 01-08-2009 |
| 20090013385 | Authorization System and Method - An authorization system and a method for the protection of digital content and subscriber integrity in a digital content distribution system. At least one subscriber management system is arranged to maintain subscriber identification data. A subscriber authorization system arranged to maintain subscriber entitlement data separately from the subscriber identification data. The subscriber management system is arranged to identify a subscriber upon receipt of a request by the subscriber to extract digital content, and to generate an order to the subscriber authorization system to entitle the subscriber to access to the requested digital content. The subscriber authorization system is arranged to, upon receipt of such an order, verify the subscribers entitlement to access to the requested digital content and if verified transmit to a system client associated with the subscriber an entitlement to access the requested digital content. | 01-08-2009 |
| 20090013386 | Peer discovery and connection management based on context sensitive social networks - In a method for automatically filtering communications, a networking request from an initiating party on an initiating communication device is received. The networking request pertains to a request for communication between the initiating communication device and a recipient communication device of a user over a communication channel. A determination is made of whether the communication channel to be used for the communication matches a communication channel for a previous communication between the initiating party and the user. It is automatically determined whether to grant the networking request, based at least in part on the determination of whether the communication channel for the communication matches the communication channel for the previous communication between the initiating party and the user. Other embodiments are described and claimed. | 01-08-2009 |
| 20090019527 | Assent To Conditions For Network Access - A device that includes a first processor, a second processor, and an encryption module in communication with the first processor and the second processor may be used to accept conditions for access to the network. The first processor may receive condition data, and in response, may send an acceptance signal via the encryption module to the second processor. The second processor may receive the acceptance signal and, in response, may send acceptance data to a gatekeeper. The encryption module may block unencrypted data other than the acceptance signal from being communicated from the first processor to the second processor. The encryption module may support type 1 encryption. | 01-15-2009 |
| 20090019528 | METHOD FOR REALIZING NETWORK ACCESS AUTHENTICATION - A method for realizing network access authentication, wherein a network access authentication device pre-storing a system integrity value of a device waiting to access and a correspondence between each device waiting to access and its system integrity value. When the device waiting to access needs to access the network, it acquires its current system integrity value, and sends the current system integrity value to the network access authentication device; the network access authentication device judges whether the received current system integrity value of the device waiting to access and its stored integrity value of the device waiting to access are identical or not, and in a case where the received current system integrity value of the device waiting to access and its stored integrity value of the device waiting to access are identical, it determines that the network access is authenticated. As such, the network access device could determine the real status of the device waiting to access, and ensure the device accessing to the network is really secure, thereby ensuring the security of the network. | 01-15-2009 |
| 20090019529 | Method of Processing Authorization Messages Destined for a Plurality of Mobile Receivers and Method of Transmitting Such Messages - A method of transmitting authorization messages to a plurality of mobile receivers comprises the steps of defining at least one set of authorization messages, a first part of which, forming a first message category, is intended for a first group of mobile receivers, a second part of which, forming a second message category, is intended for a second group of mobile receivers; creating a first authorization message packet containing at least the first part of the set of authorization messages; creating a second authorization message packet containing at least the second part of the set of authorization messages; transmitting the first authorization message packet over a first service, without previously sending information indicating to which mobile receivers the message packets are directed; and transmitting the second authorization message packet over a second service without previously sending information indicating to which mobile receivers the message packets are directed. | 01-15-2009 |
| 20090019530 | Device-Specific Authorization at Distributed Locations - With the proliferation of wireless devices, seamless authentication of devices at distributed locations (e.g., so-called Wi-Fi hotspots) may be essential for convenient use of various devices at these locations. Previous methods for authentication relied on an account-based method using a username and a password inputted from a user. This method may be awkward for mass-distribution of devices. Various embodiments disclosed may provide an authorization client that communicates with one or more servers that relies on client software and message authentication codes for authorization of network access. | 01-15-2009 |
| 20090019531 | SYSTEM AND METHOD FOR WIRELESS LOCAL AREA NETWORK MONITORING AND INTRUSION DETECTION - Systems and methods for providing improved network security against unauthorized wireless devices are presented. A security component within in a wired portion of a computer network is provided. The security component is configured to control the bridging of network activity between the wireless portion and wired portion of the computer network. Using the security component, network traffic between the wireless and wired portions of the computer network for unknown wireless devices is passively monitored. Upon network traffic between the wireless and wired portions of the computer network for an unknown wireless device, the security component determines at least one identifying characteristic of the unknown wireless device by actively probing the device for an identifying characteristic. The security component determines at least one behavioral characteristic of the device according to the network traffic between the device and devices in the wired portion of the computer network. A device profile for the unknown wireless device is generated according to the identifying and behavioral characteristics, access privileges corresponding to the unknown wireless device according to the device profile are determined, and network traffic from the unknown wireless device is permitted to pass to the computer network according to the determined access privileges. | 01-15-2009 |
| 20090025061 | CONDITIONAL PEER-TO-PEER TRUST IN THE ABSENCE OF CERTIFICATES PERTAINING TO MUTUALLY TRUSTED ENTITIES - A method, apparatus, and electronic device for protecting digital rights are disclosed. A network interface may receive a rights representation for a set of digital content from a source entity. A processor may conditionally accept the set of digital content. A memory may store a local blacklist identifying the source entity if a rights event occurs. | 01-22-2009 |
| 20090025062 | Verifying authenticity of conference call invitees - A conference call server comprises a collection of computer-executable instructions for facilitating conference call authentication functionality. Computer-executable instructions are provided for authenticating a plurality of invitees to a conference call session during the conference call session. Authenticating the plurality of conference call invitees includes cryptographically verifying an identity of each one of the conference call invitees using information associated with a respective authentication certificate. Computer-executable instructions are provided for outputting identification information contained in the authentication certificate of each one of the conference call invitees in response to successful authentication thereof. The identification information is outputted to at least one of the conference call invitees. | 01-22-2009 |
| 20090025063 | Role-based access control for redacted content - Apparatus and methods are described for accessing redacted material based on user roles. An author designates portions of content as to-be-redacted. The author establishes various users roles able to access it and defines attributes or time constraints affecting the viewing/using. Upon electronically saving the content, the to-be-redacted portion is encrypted. An intermediary, such as a keytable service, mediates access between later users and the content. Upon identification of a role of a user attempting to interact with the content, and matching the role to one of the author-established roles, the encrypted redacted portion is decrypted. In this manner, users gain access to content based only on their role. The surrounding events are also loggable, traceable, and verifiable. A monitored connection between the user and the content, as well as various user interface options, are other noteworthy features. Computer program products and computing network interaction are also defined. | 01-22-2009 |
| 20090025064 | ACCESS AUTHENTICATION FOR DISTRIBUTED NETWORKS - The present invention provides an account management system and method for use within a computer network that allows for automated provisioning, configuration, and maintenance of the servers and other devices connected to a computer network. This account management system and method make use of a master directory structure which is replicated by way of a directory structure replication hub to multiple remote data centers in the form of multiple copies of a directory structure. The directory structure allows access to various customers, who may access information contained only within that particular customer's account. Authentication information for each of the customers is located within the copies of the directory structures contained at each customer data center, and therefore transmitting authentication information is not required. | 01-22-2009 |
| 20090025065 | Image output system - When image data is outputted in a special image processing apparatus which has printed confidential data before, a server confirms whether the user who has instructed output is a permitted user or an unpermitted user. If the user is a permitted user, the server permits printing. If the user is an unpermitted user, the server confirms whether a predetermined period has elapsed after the special image processing apparatus was used last. If the predetermined period has elapsed, the server permits printing. If the predetermined period has not elapsed, the server restricts output by stopping printing or by document filing for storing image data. Thus, by restricting use by an outside user, leakage of confidential data is prevented. | 01-22-2009 |
| 20090031400 | SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR TRANSFERRING CONTENT FROM ONE DVR-EQUIPPED DEVICE TO ANOTHER - A headend for providing content over a broadband communication network, includes an input for receiving content to be broadcast to subscriber devices over the network. The headed also includes a multiplexer for multiplexing video streams received from the input and a modulator for modulating the multiplexed video streams onto the broadband communications network. A content authorization server is provided in the headend for authorizing transfer of selected content residing on a first subscriber device to a second subscriber device by sequentially transferring blocks of the selected content. The individual blocks are transferred to the second subscriber device and removed from the first subscriber device before subsequent blocks of the selected content are transferred. | 01-29-2009 |
| 20090031401 | ANNOTATIONS FOR ENTERPRISE WEB APPLICATION CONSTRUCTOR - A web-based application constructor can be used constructing a web display. The web-based application constructor can obtain data from heterogeneous data sources having Web Services schemas to produce the web display. The web display can contain page components and can display the data from at least some heterogeneous data sources. A versioning system can keep track of changes to page components, page layouts, searches, and text to allow users to make changes without administrative approval. Users can annotate page components, page layouts, records, and text with comments. | 01-29-2009 |
| 20090031402 | METHOD AND APPARATUS FOR MANAGING ACCESS PRIVILEGE IN CLDC OSGI ENVIRONMENT - Provided are a method and apparatus for managing an access privilege of an application in a Connected Limited Device Configuration (CLDC) and Open Service Gateway initiative (OSGi) environment. The method includes: marking a privileged code in the application; executing the privileged code in a secured thread having a unique thread identifier; identifying the privilege code by mapping the unique thread identifier with an application identifier from a mapping table; checking a permission policy file to determine what kind of resource access privilege the identified privileged code has; and permitting the application to access the resources according to the determination results. Accordingly, when an application tries to access resources in a framework, an access privilege of the application can be managed so that no applications can maliciously access the resources by identifying the application by using the mapping table and checking the security policy file of the identified application. | 01-29-2009 |
| 20090031403 | Methods and Apparatuses for Securely Operating Shared Host Computers With Portable Apparatuses - The present invention provides methods and apparatuses that utilize a plurality of portable apparatuses to securely operate a plurality of host computers. Each portable apparatus including an operating system and a list of software applications is installed in a removable data storage medium. An authorization procedure is implemented before establishing a connected-state operation between a portable apparatus and a host computer. The host computer loads the operating system in the portable apparatus into its random access semiconductor memory (RAM) through the established connected-state operation. | 01-29-2009 |
| 20090037983 | USER-CENTRIC AUTHENTICATION SYSTEM AND METHOD - A system for authenticating a user in a network. The authentication system includes a computer resource having secure data, an authentication computing system providing dynamic authentication of a user accessing the computer resource, and a user communication device for communicating between the user and the computer resource. The computing system presents a challenge for which a specified response is required based upon a pre-determined function. Access is then granted by the computing system upon providing the correct response to the presented challenge by the user. | 02-05-2009 |
| 20090044253 | Managing unprotected and protected content in private networks - A method for managing unprotected and protected content in a private network, the method including the steps of: receiving content; retrieving metadata associated with the received content; determining whether the received content is unprotected or protected based on the associated metadata; for unprotected content, allowing the unprotected content to be selectively stored, managed and distributed in the private network based on the associated metadata; for protected content, identifying a content protection system associated with the protected content based on the associated metadata, and performing at least one of: displaying information to a user of the private network facilitating retrieval of one or more hardware/software components required by the associated content protection system; retrieving the one or more required hardware/software components; verifying that the one or more required hardware/software components are present in the private network, before allowing the protected content to be selectively stored, managed and distributed in the private network based on the associated metadata. | 02-12-2009 |
| 20090044254 | Intelligent electronic document content processing - A network device includes a content processing module that is configured to perform intelligent document content processing, such as confidential information processing, content optimization and workflow optimization. The network device authenticates a user and determines electronic document data that is to be processed. The electronic document data may be created at the network device, e.g., by a scanning module on the network device, or at a client device, e.g., by a word processing application executing on the client device. The content processing module retrieves particular user preference data based upon the user authentication. The particular user preference data may specify confidential information preferences, content optimization preferences and/or workflow preferences. The content processing module performs intelligent document content processing on the electronic document data based upon the particular user preference data and generates processed electronic document data. | 02-12-2009 |
| 20090044255 | DEVICE AUTHENTICATION CONTROL METHOD, DEVICE AUTHENTICATION CONTROL DEVICE, AND BOAT - In a device authentication control method and device, when a connection device is connected to a network mounted on a boat, it is determined whether or not the connection device corresponds to an authentication-free device. If the connection device does not correspond to an authentication-free device, an authenticating action is performed on the connection device. If the connection device does correspond to an authentication-free device, the connection device is exempted from the authenticating action. In this way, when a connection device does not correspond to an authentication-free device, an authenticating action is performed, but when the connection device corresponds to an authentication-free device, the connection device is exempted from an authenticating action. As a result, it is possible to handle specific connection devices as authentication-free. | 02-12-2009 |
| 20090044256 | METHOD, COMPUTER PROGRAM AND APPARATUS FOR CONTROLLING ACCESS TO A COMPUTER RESOURCE AND OBTAINING A BASELINE THEREFOR - A plurality of computer messages are classified into clusters according to the behaviour of the computer messages in the context of a computer resource. For a new message of the plurality of computer messages, it is determined whether the cluster to which the new computer message is classified has been seen previously. A measure is then obtained of the probability that the cluster to which the next new message will be classified has been seen previously. | 02-12-2009 |
| 20090044257 | METHOD AND SYSTEM FOR ASSIGNING HOME AGENT - The invention discloses a method and system for assigning a home agent, and the method includes: indicating, by a visited network, to a home network that the visited network supports the home agent assignment; receiving, by the visited network, authorization information from the home network, the authorization information indicates the visited network is authorized for assigning the home agent; and sending, by the visited network, information about an address of the home agent to a mobile node. The invention can remedy the drawback that the home agent can be assigned to the mobile node only in the home network, thus improving the communication efficiency and reducing the delay. Further, an effective control can be enforced on assignment, so that the visited network can indicate to the home network whether it can support assigning of the home agent, and the home network can enforce a control on whether to perform assignment in the visited network. | 02-12-2009 |
| 20090044258 | COMMUNICATION METHOD AND SERVICE IN PERSONAL AREA NETWORK - The present invention provides a communication method and device in personal area network, the method for communication between device in a PAN includes: a central device in the PAN receives from a first device in the PAN a communication request for communication with a second device in the PAN; the central device authenticates the first device and the second device; and a point-to-point connection is established between the first device and the second device. Since no access to the access network and the core network is needed during security authentication, thus reducing the signaling traffic of the access network and the core network. | 02-12-2009 |
| 20090049521 | Method and system for communication between a secure information storage device and at least one third party, and corresponding entity, device and third party - The disclosure relates to a method for communication between a secure information storage device and at least one third party with which information is exchanged. An entity ensures the management of a plurality of secure information storage devices to which said device pertains. The method includes the following steps: the entity places, in a secure container which is arranged in the device and specific to a third party, an authorisation for communication between the secure container and the given third party; the entity sends an identifier of the device, an address of the device, an identifier of the secure container, and the authorisation to communicate, to the give third party; the given third party attempts to establish communication with the secure container, using the address of the device, the identifier of the device, the identifier of the secure container, and the authorisation to communicate; and, before accepting said communication, the device checks that the authorisation to communicate transmitted by the third party is acceptable in view of the authorisation to communicate previously placed in the secure container by the entity. | 02-19-2009 |
| 20090049522 | SYSTEMS AND METHODS FOR MANAGING AND DISTRIBUTING USER PROFILES FOR SURGICAL SYSTEMS - A medical system is presented, where the system includes a medical profile directory configured to maintain a set of medical system profiles, a medical profile manager configured to update and maintain medical system profiles within the medical profile directory, and a server configured to interface with the medical profile manager to facilitate medical system profile maintenance. The server is configured to transmit information from at least one medical system profile to a surgical system, thereby enabling the surgical system to employ a current operational parameter within the medical system profile desired by a user. | 02-19-2009 |
| 20090049523 | METHOD AND SYSTEM FOR MULTIPLEXING MULTIPLE LEVEL SECURITY SERVER APPLICATIONS ON THE SAME INTERNET ADDRESS AND PORT - The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label. | 02-19-2009 |
| 20090049524 | SYSTEM AND METHOD FOR PARTITIONING A MULTI-LEVEL SECURITY NAMESPACE - The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels. | 02-19-2009 |
| 20090049525 | Platform for providing a social context to software applications - The present invention provides a system and method for providing a social context to software applications. According to one embodiment of the invention, a user of a social network authorizes access by an external software application to information available in the social network. At some time later, the user of the social network uses an application designed by a third-party software developer. The application contacts the social network provider for permission to access the information available in the social network. If access has been authorized, the application incorporates the information from the social network into its interaction with the user, providing a social context to the user's interaction with the application. | 02-19-2009 |
| 20090049526 | METHOD, SYSTEM AND APPARATUS FOR ACCESSING A VISITED NETWORK - The embodiments of the present invention disclose a method for accessing a visited network. The method includes: a user selects a visited network and initiates an access request to a user information application apparatus; when the user information application apparatus detects that the visited network has changed, it obtains a list of authorized visited networks from a user information storage apparatus and checks whether the user is authorized to access the visited network; or the user information storage apparatus checks whether the user is authorized to access the visited network; if the user is authorized to access the visited network, the user information application apparatus returns an access accept response to the user, allowing the user to access the visited network. The embodiments of the present invention also disclose systems and apparatuses for accessing a visited network. The embodiments of the present invention make it possible to accurately check whether the user is authorized to access a visited network. | 02-19-2009 |
| 20090049527 | METHOD AND SYSTEM FOR EXCHANGING DATA RESERVED FOR A USER - A method is provided to exchange data reserved for a user or a group of users with personal equipment. The method includes a step of short-distance communication of the data, for example of the NFC type, between the personal equipment and a secure terminal determined by an identification of the user and by a detection of the personal equipment in the vicinity of the secure terminal. The secure terminal preferably obtains the data from an integrated source by a secure end-to-end connection. | 02-19-2009 |
| 20090049528 | SYSTEM, METHOD AND APPARATUS FOR ESTABLISHING PRIVACY IN INTERNET TRANSACTIONS AND COMMUNICATIONS - A system for conducting a transaction with privacy on a wide area network, the system including a personal access device (PAD) associated with a subscriber to the system, the PAD storing a profile of the subscriber and generating commands, a privacy service provider (PSP) connected to the wide area network, the PAD being accessible by the PSP under first conditions set by the profile and the PSP being responsive to the commands from the PAD, a registered vendor (RV) connected to the wide area network, and a privacy shield network (PSN) connected to the wide area network, the RV being registered with the PSN and the PSN being structured to carry communications between the PSP and the RV related to the transaction under second conditions set by the profile. Advantageously, the PAD stores private data associated with the subscriber, and the PSP releases any of the private data to the RV only under the first and second conditions. | 02-19-2009 |
| 20090049529 | Method Of Billing A Purchase Made Over A Computer Network - A method of effecting a sale over a computer network in which it is determined whether a user passes fraud control before effecting a sale over a computer network. Information associated with a method of payment, such as credit card information, debit card information, checking account information, a telephone service account, a cable television account, a utility service account, or an Internet service provider account, is requested from the user after the user passes the fraud control. Information associated with the method of payment is received from the user in real time. Method-of-payment information is communicated to a payment authorization database, which can be located locally or remotely. The method-of-payment information includes the received information associated with the method of payment. Payment authorization information associated with the method of payment is received from the payment authorization database. A sale transaction is completed when the payment authorization information is affirmative. Sale charge information associated with the sale effected over the computer network is transmitted to the payment authorization database when the sale transaction is complete. The sale charge information includes information for charging the method of payment an amount representing a charge for the sale. | 02-19-2009 |
| 20090049530 | Method, System, And Storage Medium For Validating Users Of Communications Services And Messages Transmitted - Exemplary embodiments of the invention relate to a method, system, and storage medium for validating users of communications services. The method includes generating records for communications service users by at least one service provider. The records store information relating to the communications service users including legal liability information, an originator type code, and a validation code assigned to selected originator type codes. The validation code facilitates validation of the communications service users. The method also includes storing the records in a subscriber classification database. The originator type code classifies the communications service users according to nature of use, communications type, business type, geography, and age. | 02-19-2009 |
| 20090055899 | METHOD AND APPARATUS FOR OPTIMIZATION OF SIGCOMP UDVM PERFORMANCE - A mobile communication system that utilizes multiple access technologies achieves multiple session registrations by deriving a plurality of extended unique device identifications from a specific unique device identification (e.g., private user identification (PIID) stored on a subscriber identity module (SIM)) assigned to a user equipment. Each of the plurality of extended unique device identifications have the benefit of allowing multiple registrations with one or more access networks while allowing a home subscriber system to detect the one unique device identification embedded in the extended unique device identifications for authentication purposes. Thereby, a large population of deployed UEs and access network infrastructure may benefit without replacement by allowing a UE to maintain session continuity when transitioning between access networks, to select a preferred access technology when in overlapping coverage areas without session interruption, or to maintain multiple sessions (e.g., simultaneous Voice over IP (VoIP) and media streaming) with different access networks. | 02-26-2009 |
| 20090055900 | ENTERPRISE WIRELESS LOCAL AREA NETWORK (LAN) GUEST ACCESS - In one embodiment, detecting a wireless network access request, forwarding data associated with the detected wireless network access request to a first multipoint Generic Routing Encapsulation (mGRE) tunnel, receiving authentication information associated with the detected wireless network access request, receiving authentication status information for the detected wireless network access request, and forwarding data associated with the detected wireless network access request to a second multipoint Generic Routing Encapsulation (mGRE) tunnel connected to a predetermined internet protocol (IP) subnet when the received authentication status information includes a successful authentication, are provided. | 02-26-2009 |
| 20090055901 | De-Centralization Of Group Administration Authority - An embodiment of a network manager permits a resource group administrator (with resource group level permissions but without global permissions) to add a global object to his/her resource group as a managed object, without requiring the administrator to have a global permission, as discussed further below. An embodiment of the network manager permits a resource group administrator to also edit the configuration settings that are attached to his/her resource group without requiring the administrator to have a global permission. | 02-26-2009 |
| 20090055902 | SECURE DELEGATION USING PUBLIC KEY AUTHENTICATION - A client is impersonalized to a plurality of servers using a middle-tier server. A common nonce associated with each of the plurality of servers is obtained and the common nonce is provided to the client. The common nonce signed by the client is received at the middle-tier server and provided as a signature for transactions from the client to the plurality of servers so as to authenticate the client to the plurality of servers. | 02-26-2009 |
| 20090055903 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - The present invention provides an information processing system, an information processing apparatus, and an information processing method, capable of reducing a load of user authentication on a user, when a specific operation is performed using a plurality of apparatuses. In an embodiment of the present invention, an authentication server searches a device group corresponding to devices identified by device identification information transmitted to the authentication server, and searches a workflow. Subsequently, the authentication server judges whether or not a workflow in operation exists, and, if exists, does not instruct password input but directly instructs device processing. | 02-26-2009 |
| 20090055904 | Distributed Authentication System and Distributed Authentication Method - [Subject] In a distributed authentication system, if a terminal including a plurality of communication devices changes a communication device to another communication device during using a service, the service under use can be used in succession, and the number of times for execution by the user can reduced. | 02-26-2009 |
| 20090055905 | ACCESS CONTROL LIST CHECKING - Method and system for dynamically checking an access control list during the data transfers between a client web browser and a web server. The method and system allow checking of access control list by an application firewall, independent from the web application. The rules, upon which the checking is based, can be easily updated without affecting the web application. | 02-26-2009 |
| 20090064282 | METHOD FOR ORGANIZING ACTIVITIES IN ACTIVITY-CENTRIC COMPUTING NETWORKS - A method for organizing activities in an activity-centric computing network includes receiving access to activities associated with at least one user of the activity-centric computing network, granting access to public tag information associated with at least a portion of the activities, granting access to private tag information associated with at least a portion of the activities, and organizing activities based on at least the public tag information and the private tag information. | 03-05-2009 |
| 20090064283 | SYSTEM AND METHOD FOR AUTOMATIC SECURITY AUTHENTICATION IN WIRELESS NETWORKS - A system for automatic security authentication in a wireless network includes a server and a terminal. The terminal includes a processor, a first communications unit, and a second communications unit. The server includes a database, a control unit, and a third communications unit. The processor receives an identification code of an access point through the first communications unit, and sends a message to the control unit through the second communications unit. The message includes the identification code of the access point, a user account and a user password. The control unit sends an authentication code corresponding to the identification code according to data stored in the database to the processor through the third communications unit. After receipt of the authentication code, the processor automatically logs in to the access point through the first communications unit to activate a wireless network access function. | 03-05-2009 |
| 20090064284 | Method and System for Access to Material on a Web Site - A user connected to a first service mounted on a remote server is enabled to connect to a second service, on the same or another server, without new steps required for log-in, and optionally including the passing of parameters from the first to the second service that enable the second service to open in a manner appropriate to the state of the user's interaction with the first service at the moment of requesting the connection. In the case of the second service being provided from a second server, authentication is provided by means of an authentication broker, which provides a token that the operating system of the user's computer is induced (via its normal response to received messages) to embed in a request for service to the second server, which verifies the token by an exchange with the broker. In either case, once the connection with the second server is achieved, later repeated access may be enabled without the user having to go through the procedure required to enable such access from scratch. | 03-05-2009 |
| 20090064285 | ELECTRONIC INFORMATION MANAGEMENT DEVICE, COMPUTER READABLE RECORDING MEDIUM, METHOD FOR CONTROLLING ACCESS, AND METHOD FOR TRANSFERRING DATA - An electronic information management device includes: an associating unit that associates electronic information with first access right information with respect to each user, the electronic information being associated with an associated site so that the electronic information is stored at the associated site, the associating unit further associating the associated site with second access right information with respect to each user; a receiving unit that receives a request for access to the electronic information from a user; a determining unit that, when the receiving unit receives a request for access to the electronic information, determines the sum of the first access right information and the second access right information, and, based on the sum of the access right information, determines whether to allow the user to access the electronic information; and an access controlling unit that controls access to the electronic information in accordance with the determination result of the determining unit. | 03-05-2009 |
| 20090064286 | Methods and systems for internet security via virtual software - A method for providing internet security includes providing a storage medium including a first executable application module. In response to inputting the storage medium onto a local computer the first executable application module is loaded into virtual memory in the local computer. The first executable application module is executed, the first executable application module providing information identifying at least one remote server. Communication is performed between the local computer and the remote server using the information provided by the first executable application module. The remote server is instructed to send a second application module to the local computer. Upon receipt of the second application module, the second application module is loaded into virtual memory on the local computer. The second application module is executed from virtual memory and a prompt is displayed to the user. | 03-05-2009 |
| 20090064287 | APPLICATION PROTECTION ARCHITECTURE WITH TRIANGULATED AUTHORIZATION - Application protection architecture with triangulated authorization is described herein. According to one embodiment, a packet of a network transaction is received at a network element from a client system over a first network for accessing a destined server of a datacenter over a second network, where network element operates as a security gateway to the datacenter. In response to the packet, one or more user attributes associated with a user of the client system are obtained from an identity store, where the user attributes include a user identifier that identifies the user and a machine identifier that identifies the client system. Authentication and/or authorization are performed on the packet using the user attributes to determine whether the user of the client system is eligible to access the destined server of the datacenter. Other methods and apparatuses are also described. | 03-05-2009 |
| 20090064288 | HIGHLY SCALABLE APPLICATION NETWORK APPLIANCES WITH VIRTUALIZED SERVICES - An application network appliance with virtualized services is described herein. According to one embodiment, a packet of a network transaction is received from a client for accessing an application server of a datacenter, where the network element operates as an application services gateway of the datacenter. A context associated with the application server is identified based on the packet, including information that identifies application services to be performed on the packet and resources to be allocated for performing the application services. A context includes information representing a logical instance of physical resources of the network element shared by multiple contexts. One or more application services are performed on the packet using the resources identified by the context. Other methods and apparatuses are also described. | 03-05-2009 |
| 20090064289 | METHOD OF AUTHENTICATING USER USING SERVER AND IMAGE FORMING APPARATUS USING THE METHOD - A method of authenticating a user using a server and an image forming apparatus using the same, the method including: transmitting, from an image forming apparatus to a first server that functions as an authentication server, user authentication information; determining if the first server authenticates the user based on the user authentication information; and transmitting, to a second server that processes image data, the user authentication information if the first server authenticates the user, wherein the second server authenticates the user based on the transmitted user authentication information authenticated by the first server. Thus, the user of the image forming apparatus can be automatically authenticated by the second server by authenticating the user on the first server. | 03-05-2009 |
| 20090070858 | AUTHENTICATION COMPUTER AND PROGRAM - By utilizing representative embodiment of present invention, the security and convenient of personal authentication system are enhanced. An authentication computer comprising a processor, a memory and an interface: wherein the memory memorizes an user information; wherein the processor receives an authentication demand; wherein the processor allocates, to the received authentication demand, an e-mail address which hasn't been allocated to any authentication demand; wherein the processor receives an e-mail; wherein the processor receives an authentication result demand; wherein the processor specifies the authentication demand corresponded to the received authentication result demand; wherein the processor specifies a source e-mail address from the e-mail where a destination e-mail address is the e-mail address allocated to the specified authentication demand; wherein the processor refers to the user information to specify the user corresponded to the specified source e-mail address; and wherein the processor sends data corresponded to the specified user to the client computer. | 03-12-2009 |
| 20090077634 | FIRMWARE UPDATE METHOD AND SYSTEM USING THE SAME - A firmware update method and a system using the same are provided. The firmware update system comprises a device, a storage unit comprising a boot block code, and a network interface controller. When the system boots, the device executes the boot clock code, and determines whether an update alert exists. When the system boots, the network interface controller connects to a web server via Internet, downloads firmware from the web server, and generates the update alert after the firmware is downloaded. In response to the update alert, the device selects the firmware to be updated as an active code to the storage unit. The systems reboots after the firmware is updated to the device. | 03-19-2009 |
| 20090077635 | METHOD, APPARATUS AND SYSTEM FOR NETWORK SERVICE AUTHENTICATION - The invention discloses a method for network service authentication. The method includes: an AAA server receiving a network service authentication request which contains a user access device identifier; the AAA server determining whether the user is allowed to use the requested network service according to the user access device identifier and a preset correspondence between user access device identifier(s) and network service(s). The invention also discloses an apparatus and system for network service authentication. Based on the invention, a user's right to use the network service may be authenticated according to the user access device. | 03-19-2009 |
| 20090083837 | STORAGE CONTROLLER FOR CONTROLLING ACCESS BASED ON LOCATION OF CONTROLLER - Provided is a controller in a computer system, the computer system including a plurality of data storage systems, and at least one controller for controlling access to data stored in the plurality of data storage systems, the each controller including: an interface coupled to the network; a processor coupled to the interface; and a storage unit coupled to the processor, in which: the storage unit holds attribute information indicating whether to permit access to the data; and the processor is configured to: receive a writing request of the data from a client computer coupled to the network; judge whether each of the each controller permits the requested writing based on the held attribute information and information of a location where the each controller is installed; and write the data in a data storage system controlled by a controller judged to permit the writing. | 03-26-2009 |
| 20090089862 | Cross domain delegation by a storage virtualization system - The present is a system and method for preserving user account security privileges during a migration or re-direction of data from one network attached storage (“NAS”) system to another. Certain NAS systems authenticate user accounts using Kerberos Delegation Technology. In addition, some NAS systems feature the ability to constrain delegation to certain services. While effective in limiting access and promoting network security, this constrained delegation restricts the ability of a storage virtualization system to migrate or re-direct data to other NAS systems, especially if the other NAS system resides or is identified by a different domain name. The present invention is a system and method for storing user account credentials that work with the former NAS system, and providing a way to translate these credentials to a new NAS system with a new domain, permitting seamless data migration and re-direction across domains. | 04-02-2009 |
| 20090094681 | METHOD AND SYSTEM FOR PROVIDING EXTENDED AUTHENTICATION - A method and system for extending an authentication of a wireless device are disclosed. For example, the method includes authenticating access to the wireless device via a first authentication. The method detects a bonded authentication device as a second authentication. The method permits access to the wireless device when the bonded authentication device is detected. | 04-09-2009 |
| 20090094682 | METHODS AND SYSTEMS FOR USER AUTHORIZATION - A method for controlling access to a system is provided. The method includes creating a role tree including a plurality of privileges, creating a resource tree including a plurality of resources, assigning at least one role for at least one resource to a user, and evaluating the plurality of privileges of the user for a requested service access based on at least one of a user role assignment, a user resource assignment, and a location of a device used by the user to request the service access. | 04-09-2009 |
| 20090094683 | METHOD FOR AUTHENTICATING MOBILE UNITS ATTACHED TO A FEMTOCELL THAT OPERATES ACCORDING TO CODE DIVISION MULTIPLE ACCESS - The present invention provides a method involving a femtocell in communication with a secure core network such as an Internet Protocol Multimedia Subsystem (IMS) network. The method includes receiving, from the femtocell and at a first secure entity in the IMS network, a global challenge including information indicating a random number. The method also includes receiving an authentication response computed by a mobile unit based on the random number and the first key known by the mobile unit and not known by the femtocell. The method further includes determining, at the first secure entity, that the random number is a legitimate random number provided to the femtocell by the IMS network. | 04-09-2009 |
| 20090094684 | Relay server authentication service - A relay server authentication service for a relay server is described. An apparatus may include a proxy server to receive an authentication request for client authentication information from a first client to traverse a network address translation device. The apparatus may further include a relay server with a relay server authentication service module. The relay server authentication service module may be arranged to receive the authentication request from the proxy server, generate the client authentication information for the first client, and send an authentication response with the client authentication information to the first client through the proxy server. Other embodiments are described and claimed. | 04-09-2009 |
| 20090094685 | METHOD AND ARRANGEMENT FOR ACCESSING CALL NUMBER PORTABILITY DATA - The invention relates to a method for accessing MNP data, which is stored in an MNP memory in a mobile radio network, by a network-external data processing device. The network interface, which in terms of signal flow is arranged between the network-external data processing device and the MNP memory, checks whether the network-external data processing device is authorized to access the MNP data. If the authorization is present, an identification for a communication terminal is transmitted by the network interface from the network-external data processing device to the MNP memory, MNP data which is associated with the communication terminal is read from the MNP memory, and this MNP data is transmitted via the network interface to the network-external data processing device. | 04-09-2009 |
| 20090100506 | System and Method for Managing Network Flows Based on Policy Criteria - A policy-based network flow management system and method. In one embodiment, various policy conditions are configured based at least in part upon source network conditions and multi-layer information (e.g., Layer 2, Layer 3, and so on) associated with network traffic. Where network traffic from a content requester is determined to satisfy a policy condition, a corresponding policy action is effectuated, e.g., dropping the network traffic, forwarding the network traffic, redirecting the network traffic, or queuing the network traffic. | 04-16-2009 |
| 20090106822 | Using social networks while respecting access control lists - Techniques are described for use with social networks and associated access information, such as access control lists, indicating which users are allowed to access the social networks. The social networks represent relationships between users. The social networks and access control lists may be represented in a graph which is traversed in connection with performing different operations using the social networks. | 04-23-2009 |
| 20090106823 | System and method for remote access data security and integrity - A system and method for locating and accessing remote data over a computer network that provides data security and integrity. The system includes at least one data server located in a first region, at least one data server located in a second region, a first indexing and network management server providing authentication services for the at least one data server located in the first region, a second indexing and network management server providing authentication services for the at least one data server located in the second region, and a central registration server providing authentication services to the first and second indexing and network management servers, including maintaining valid public key certificates for each indexing and management server. A local server is authenticated by its regional indexing and management server, which provides an authentication passport to indexing servers, on behalf of the local server. Thus, a local server can be authenticated to remote data servers and can request information from the remote data servers. Methods of authentication and data integrity are also provided. | 04-23-2009 |
| 20090106824 | Method of Securing Access to a Proximity Communication Module in a Mobile Terminal - A method of securing access to a near-field communication module ( | 04-23-2009 |
| 20090113522 | Method for Translating an Authentication Protocol - A method of translating messages conforming to a first authentication protocol into messages conforming to a second authentication protocol during an authentication phase in which a peer, having an identity and seeking to access a resource of a network, is connected to an authenticator, said authenticator authorizing access to the network as a function of verification of the identity and rights of the peer effected by an authentication server as a function of authentication data received in messages conforming to the second authentication protocol. The translation method comprises: a step of receiving the identity of the peer in a message conforming to the first authentication protocol, a step of generating and sending a challenge, a step of receiving a first response that is a response to said challenge, generating a request for access to the network conforming to the second authentication protocol, and sending said request to the authentication server, a step of receiving a second response that is a response to said request and translating the second response to generate an authentication result conforming to the first authentication protocol. | 04-30-2009 |
| 20090113523 | TECHNIQUES FOR FLEXIBLE RESOURCE AUTHENTICATION - In various embodiments, techniques for flexible resource authentication are provided. A principal attempts to login to a target resource using first credentials. The target resource does not recognize the first credentials and in response thereto forwards the first credentials to an identity service. The identity service authenticates the principal via the first credentials and supplies second credentials to the target resource. The target resource recognizes and authenticates the second credentials and grants access to the principal. | 04-30-2009 |
| 20090113524 | VIRTUAL UNIVERSE ACCOUNT PROTECTION - A protection mechanism(s) for a virtual universe account maintains integrity of the virtual universe account as well as the virtual universe. An avatar associated with a virtual universe account may be misappropriated and/or used inappropriately by a non-comporting user against the wishes or without the knowledge of the virtual universe account owner. A non-comporting user (i.e., a user not authorized to use the virtual universe account, an authorized user who misuses a virtual universe account, etc.) can use an avatar to perform potentially damaging and/or damaging activities in the virtual universe (e.g., destroy property, impact reputation associated with the virtual universe account, reduce value of the virtual universe account, etc.) Embodiments of the inventive subject matter detect when a user misappropriates and/or misuses a virtual universe account (i.e., detects a non-comporting user), and attempts to restore state of the virtual universe prior to the misuse and/or misappropriation. | 04-30-2009 |
| 20090113525 | System and Method for Providing Secure Access to Wireless Wide Area Networks - A subscriber station with a secure element and an access control system combine to permit secure connections to a Wide Area Network, and to the terminal equipment within a customer premises network. A removable secure element provides a simplified upgradeability and portability of credentials to new hardware. Also, a terminal equipment device that does not have the ability to connect to the Wide Area Network gains the ability to connect to the Wide Area Network through any subscriber station with a secure element. | 04-30-2009 |
| 20090113526 | Method and system for ensuring a sharing violation free environment for a trusted software agent - A method and system is provided by which a trusted software agent can perform in a sharing violation free environment, which reduces complexity and eliminates interference with applications. A method for handling sharing violations in a computer system comprises intercepting a request by an application for access to a file, capturing a sharing violation raised by the operating system due to the said request, determining whether the sharing violation is due to the trusted agent, and if so holding the request by the application for access to the file until the trusted agent no longer holds the file, and then reprocessing the request by the application for access to the file. The application is not aware that the sharing violation due to the trusted agent occurred, or that the request was pending and reprocessed as at the end of the process it receives a file handle as if a sharing violation did not occur. | 04-30-2009 |
| 20090119752 | Method and system for transparent encryption and authentication of file data protocols over internet protocol - A method processing one or more files using a security application. The method includes a method processing one or more files using a security application. The method includes connecting the client to a proxy server, which is coupled to one or more NAS servers. The method includes requesting for a file from a client to the proxy server and authenticating a requesting user of the client. The method also includes authorizing the requesting user for the file requested; requesting for the file from the one or more NAS servers after authenticating and authorizing; and requesting for the file from the one or more storage elements. The file is transferred from the one or more storage elements through the NAS server to the proxy server. The method determines header information on the file at the proxy server and identifies a policy based upon the header information at the proxy server. The method also includes processing (e.g., decompressing the file, decrypting the file, and verifying the file) the file according to the policy. The method includes transferring the processed file to the user of the client. | 05-07-2009 |
| 20090119753 | Connector and method for providing access to a data-processing network for a data-processing device - The invention relates to a connector and also to a method for providing access to a data-processing network for a data-processing device, wherein an individual, decentralized, and secure access to a data-processing network is provided and wherein data exchange between the device and the network is possible or granted only when the device has at least one predefined identification feature. The invention further relates to a method for configuring the connector according to the invention. | 05-07-2009 |
| 20090119754 | System, an Arrangement and a Method for End User Authentication - The present invention relates to a system for authentication of an end user of a user station arrangement ( | 05-07-2009 |
| 20090119755 | SYSTEM AND METHOD FOR ROLE BASED ACCESS CONTROL OF A DOCUMENT PROCESSING DEVICE - The subject application is directed to a system and method for controlling access to a document processing device based on roles assigned to user groups. Each group of users has certain functions for which they are authorized to use a document processing device. The device determines the group to which the user belongs, and then determines those functions of the device for which the group is authorized. The device then compares the requested function with the authorized functions to determine if the group to which the user belongs is allowed to use the document processing device for the requested function. The document processing device then performs the authorized requested function or denies use of the device for an unauthorized function. | 05-07-2009 |
| 20090125983 | Security key with instructions - There is described an automation system comprising at least one programmable logic controller with integrated web server, user interface means, and security means. It is configured to allow a complex and flexible presentation of data at the user interface means while reducing the communication load at the same time. For this purpose, the instructions for presentation of the data are stored within the security means. | 05-14-2009 |
| 20090125984 | SYSTEM AND METHOD FOR ESTABLISHING DATA CONNECTIONS BETWEEN ELECTRONIC DEVICES - A system and method is disclosed, including establishing of data connections between electronic devices. One embodiment provides a method for establishing a data connection between a first and a second electronic device, wherein establishing the data connection is authorized by executing at least one action with at least one physical tool. | 05-14-2009 |
| 20090125985 | Verifying electronic control unit code - A method and apparatus are provided for verifying authenticity of program code for an electronic control unit. In one implementation, a method is provided. According to the method, program code for an the electronic control unit is received. The method may access metadata embedded in the program code. The metadata may identify a source of the program code. The method may further communicate via a network with a server to determine a status of the program code. The method may verify the authenticity of the program code based on the source of the program code and the status. | 05-14-2009 |
| 20090125986 | Secure launching of browser from privileged process - Methods and apparatus include securely launching a web browser from a privileged process of a workstation to minimize enterprise vulnerabilities. The workstation includes a web browser pointed toward a web server and a Logon API for use with a password/credential. An executable file is wrapped about the browser and imposes restrictions, such as preventing the writing to a registry or installing ActiveX controls. It also has functionality to prevent users from linking to web locations in other than an https protocol or following links beyond an original host. Upon indication of a forgotten password/credential, a DLL logs onto a user account which invokes the executable file to launch the web browser in the https protocol. Upon authentication of identity, the user changes their password/credential for later logging-on to the workstation via the Logon API, but in a capacity without the limited functionality or the imposed browser restrictions. | 05-14-2009 |
| 20090125987 | DIGITAL RIGHTS MANAGEMENT - A method for distributing rights objects between a first device | 05-14-2009 |
| 20090125988 | SECURE TRANSMISSION OF DIGITAL CONTENT BETWEEN A HOST AND A PERIPHERAL BY WAY OF A DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEM - A host securely transmits content to a peripheral thereof. The peripheral has a symmetric key (PK) and a copy of (PK) encrypted according to a public key (PU) of an entity ((PU(PK))). In the method, the host receives (PU(PK)) from the peripheral, and sends (PU(PK)) to the entity. The entity has a private key (PR) corresponding to (PU), applies (PR) to (PU(PK)) to obtain (PK), and sends (PK) back to the host. The host receives (PK) from the entity, encrypts at least a portion of the content according to (PK), and transmits the encrypted content to the peripheral. The peripheral may then decrypt the encrypted content based on (PK). A bind key (BK) encrypted by (PK) ((PK(BK))) may accompany (PU(PK)), where the content is to be encrypted according to (BK). Thus, (PK) is not revealed to the host. | 05-14-2009 |
| 20090133102 | Optimized security association database management on home/foreign agent - Techniques for security association management on a home agent and a foreign agent are described herein. In one embodiment, in response to a first mobile network registration request from a mobile node, a remote authentication facility is accessed to retrieve a security association for the mobile node for authenticating and providing a first network connectivity to the mobile node, wherein the security association is associated with a lifespan. The security association is inserted in a local security association database to create a security association entry, wherein the security association entry includes the lifespan. A second mobile network registration request from the mobile node after the first network connectivity has been terminated is received and the security association entry in the local security association database that corresponds to the mobile node is used to provide authentication of the mobile node without having to access the remote authentication facility again if the lifespan associated with the security association entry is valid. Other methods and apparatuses are also described. | 05-21-2009 |
| 20090133103 | Method and system for data security in an IMS network - A method and system to enhance the protection of the data in an user equipment and secure real time streaming of the data in the user equipment is disclosed. The method and system includes sending request by at least one user to access at least one application server. The user is provisioned to download a appropriate CMSC and a mapper into the user equipment from the application server. The method and system further comprises user sending request via an IMS network to download a data to the user equipment. The data is encrypted in the application server and is downloaded into the user equipment. The mapper identifies the appropriate CMSC, which may decrypt the data. Further, the data undergoes double decryption in real time within the user equipment before being presented in user interface. The double decryption is provisioned using the valid CMSC downloaded in the user equipment. | 05-21-2009 |
| 20090133104 | Device Access Based on Centralized Authentication - Access control to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user, based on centralized access management information. Access control comprises receiving authenticated information for the walk-up user from the networked peripheral device at a centralized location, determining at the networked peripheral device a level of access to the networked peripheral device by the walk-up user based on received access management information for the walk-up user, and allowing the walk-up user to access the determined user-available features of the networked peripheral device based on the determined level of access. | 05-21-2009 |
| 20090138941 | Method to enhance Principal Referencing in Identity-based Scenarios - A Principal Referencing method is described herein which enables an inviting principal-A to have access control over their shared resources by introducing a pair of user identifiers associated with an invited principal-B which are created and delivered during an invitation process. Each identifier is shared between two parties. The first identifier is shared between the Discovery Services (DS-A and DS-B) of both principals, invited and inviting. The second identifier identifies the invited principal-B as well, but it is shared between the inviting principal's web service provider (WSP-A) and the DS-A. Thus, the DS-A is the identifier switching point which isolates both identifier planes. The purpose of these two identifiers is to enable the invited principal-B to be referenced/identified during a discovery and access process without compromising her/his privacy by allowing anyone identifier to be shared between more than two parties. This is important since if an identifier was shared between more than two parties, then Liberty Alliance Project's privacy protection requirement would not be satisfied. | 05-28-2009 |
| 20090138942 | SECURE OVER-THE-AIR MODIFICATION OF AUTOMOTIVE VEHICULAR OPTIONS - A method and system are provided for secure over-the-air modification of vehicular options by a vehicle user. The system includes a vehicle and a secure server. The vehicle includes receiver circuitry for receiving and demodulating wireless signals and a controller coupled to the receiver. The secure server is accessible by the vehicle user and generates a vehicular option modification package for provision to the vehicle by generating option parameter modification instructions in response to user parameter modification requests from the vehicle owner and generating authentication information in response to unique server authentication information associated with the secure server. The vehicle's receiver demodulates received wireless signals to generate the vehicular option modification package and the vehicle's controller authenticates the vehicular option modification package and, when the vehicular option modification package is authenticated, modifies the vehicular options of the vehicle in response to the parameter modification instructions. | 05-28-2009 |
| 20090138943 | TRANSACTION METHOD IN 3D VIRTUAL SPACE, PROGRAM PRODUCT AND SERVER SYSTEM - A method for carrying out a secure transaction in a 3D virtual space is desired from both an administrator side operating a facility and a user side. It is also desired to solve the problems such as the confidentiality of a transaction in the 3D virtual space and a phishing scam. In the present invention, a copy space of an original space of a facility in the 3D virtual space is created. Since only avatars permitted to enter the copy space can enter the copy space, a secure transaction can be carried out between the facility and a user avatar. | 05-28-2009 |
| 20090138944 | METHOD AND APPARATUS FOR CAMOUFLAGING OF DATA, INFORMATION AND FUNCTIONAL TRANSFORMATIONS - A computer-representable object (including, without limitation, a cryptographic key, or a graph or a Boolean description of a system) is secured using a generalized camouflaging technique. The secured object need not be stored in the system, not even in encrypted form. Instead, the technique employs a composition function that regenerates the secured object when one inputs a valid password (which may be any computer-representable information held by a user). By regenerating the secured object each time a valid password is entered, there is no need to store the secured object. If one inputs an invalid password, the technique may generate an incorrect object, such that the user is unable to distinguish this incorrect object from the secured object. If the user tries to use the incorrect object, the user can be exposed as unauthorized, without the user's knowledge that he has been exposed. | 05-28-2009 |
| 20090138945 | High-Performance Network Content Analysis Platform - One implementation of a method reassembles complete client-server conversation streams, applies decoders and/or decompressors, and analyzes the resulting data stream using multi-dimensional content profiling and/or weighted keyword-in-context. The method may detect the extrusion of the data, for example, even if the data has been modified from its original form and/or document type. The decoders may also uncover hidden transport mechanisms such as, for example, e-mail attachments. The method may further detect unauthorized (e.g., rogue) encrypted sessions and stop data transfers deemed malicious. The method allows, for example, for building 2 Gbps (Full-Duplex)-capable extrusion prevention machines. | 05-28-2009 |
| 20090144808 | Collaborative Learning Space Portal - The embodiments of present invention provide a method of providing online community portal to improve communication and collaboration among authorized users of a wide range of learning communities of the portal and further presenting and sharing the information from diverse sources in a unified way. Collaborative learning space is created by authorized user based on the preference and administrative privileges provided to user and metadata is attached to the learning space. Users with similar profiles are invited the learning space through automatic pattern match and search. The authorized user of the learning space can interact, communicate, and collaborate, co-ordination and share the knowledge and data with other users of the learning space. | 06-04-2009 |
| 20090144809 | INFRASTRUCTURE-LESS BOOTSTRAPPING: TRUSTLESS BOOTSTRAPPING TO ENABLE MOBILITY FOR MOBILE DEVICES - Methods and apparatus for supporting a session in Mobile IP are disclosed. A Mobile Node sends a first Mobile IP message identifying the Mobile Node to a Home Agent, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session. A Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node is obtained or generated by the Mobile Node and the Home Agent, where the Mobile-Home authentication key is not valid after the session has ended or during another session. The Home Agent sends a second Mobile IP message to the Mobile Node, the second Mobile IP message including a lifetime associated with the session, wherein the lifetime indicates a lifetime of the key, thereby enabling the Mobile Node to register with the Home Agent using the Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session. | 06-04-2009 |
| 20090150978 | ACCESS CONTROL OF CONTENT SYNDICATION - A content syndication access control solution is provided. An illustrative content syndication access control system comprises: a syndication subscriber for acquiring a authorized content syndication feed; content syndication providing means for authorizing the syndication subscriber according to a public key and submitting content to a syndication server; and the syndication server for performing an authorization on content items according to the public key and a symmetric key and encrypting the authorized content items and the symmetric key, and generating the content syndication feed according to the encrypted content items and the symmetric key. By means of the system, the granularity of access control can become finer, and the consolidated content feed maintains all access control information, so existing access control remains valid. | 06-11-2009 |
| 20090150979 | NETWORK SYSTEM, NETWORK METHOD, AND TERMINAL AND PROGRAM THEREFOR - A network system includes a first terminal having authority to access content, and a second terminal, wherein the first terminal comprises a first limited communication unit which performs limited communication with the second terminal, wherein the second terminal comprises a second limited communication unit which performs limited communication with the first terminal; and wherein the second terminal acquires certification information for authenticating access to the content from the first terminal, using the limited communication performed by the first and second limited communication units, if a predetermined relationship is confirmed between the first terminal and the second terminal. | 06-11-2009 |
| 20090158396 | Secure Home-to-Vehicle Wireless Connectivity - A method for providing a secure communications link between a home PC and a vehicle through a wireless access point. The method includes providing a wireless connection between a vehicle communications system and the wireless access point and causing a user of the PC to initiate a communication with the vehicle communications system through the wireless access point so as to allow the user to send information to the vehicle from the home PC. The method also includes causing the vehicle communications system to send an authentication challenge to the PC, such as identifying a user name and password, to authorize the user to communicate with the vehicle communications system, and establishing a secure communications link between the vehicle communications system and the PC if the user responds to the challenge with a correct response. | 06-18-2009 |
| 20090158397 | Secure Push and Status Communication between Client and Server - Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway. | 06-18-2009 |
| 20090158398 | ENABLING PROVIDER NETWORK INTER-WORKING WITH MOBILE ACCESS - Various example embodiments are disclosed herein. In an example embodiment, a method may comprise authenticating a subscriber based upon one or more messages received from a subscriber equipment, via an Access Network Gateway (ANG); sending an access authorization message to the ANG authorizing the subscriber equipment; and wherein the access authorization message includes an address of a tunnel endpoint node and a tunnel method identifier (ID) to be used by the ANG to establish a tunnel between the ANG and the tunnel endpoint node for the subscriber equipment. | 06-18-2009 |
| 20090158399 | Method and apparatus for processing a multi-step authentication sequence - A method of automating an authentication sequence for accessing a computer resource comprising processing form information associated with the authentication sequence, wherein the authentication sequence comprises a plurality of queries associated with a plurality of web pages; and communicating a response to a portion of the authentication sequence using form information that corresponds to a query upon recognition of indicia of the portion of the plurality of web pages where the portion comprises the query. | 06-18-2009 |
| 20090158400 | WIRELESS COMMUNICATION TERMINAL, METHOD FOR PROTECTING DATA IN WIRELESS COMMUNICATION TERMINAL, PROGRAM FOR HAVING WIRELESS COMMUNICATION TERMINAL PROTECT DATA, AND RECORDING MEDIUM STORING THE PROGRAM - Security of a file or an application program saved in a wireless communication terminal is maintained. A process performed by the wireless communication terminal includes the steps of: detecting an access point for wireless LAN (Local Area Network) based on a signal sent from a wireless communication I/F; obtaining an SSID (and a MAC address) of the detected access point; referring to access management data stored in a hard disk based on the obtained SSID; and restricting access to the file or the program based on the access management data. | 06-18-2009 |
| 20090158401 | DOWNLOADABLE CONDITIONAL ACCESS SYSTEM AND CONTROLLING METHOD FOR THE SAME - A method and apparatus of supporting a fee-based broadcasting service in a Downloadable Conditional Access System (DCAS) is provided. A control method of a DCAS, the method including: receiving a Conditional Access (CA) image file from a Conditional Access System (CAS) server and receiving Integrated Personalization Server (IPS) access information from an IPS; providing an Authentication Proxy (AP) with information about the received CA image file; controlling the AP to provide a terminal with access information to the IPS and image installation information when the terminal joins a fee-based service based on verifying device information of the terminal; and controlling the IPS to enable the terminal to receive a CA image code of the terminal based on the access information and the image installation information. | 06-18-2009 |
| 20090158402 | SYSTEM AND METHOD FOR AUTHORIZING ACCESS REQUEST FOR HOME NETWORK - A system and method for authorizing an access request for a home network. The system includes at least one accessed device, at least one authorizing device and at least one authorizing proxy server, wherein a connection request managing module is provided in the accessed device, the authorizing proxy server includes an access request information forwarding module, an authorizing information forwarding module and an authorizing mode managing module. The method includes the authorizing proxy server receives an access request information of an accessing device that is acquired and transmitted by the accessed device; the authorizing proxy server forwards the received access request information to the authorizing device; after receiving the authorized information of the authorizing device, the authorizing proxy server feedbacks the authorized information to the accessed device; the authorized information is the information that is sent to the authorizing proxy server after the authorizing device determines the authorization according to the received access request information. | 06-18-2009 |
| 20090165092 | Sustained authentication of a customer in a physical environment - A system for use in allowing a user to conduct one or more transactions at one or more touchpoints in a business facility includes an authentication component, a tracking component, and a control component. The authentication component is configured to authenticate the user as a person allowed to conduct the one or more transactions. The tracking component is configured to track the user's location within the facility as the user moves through the facility. The control component is configured (a) to receive authentication information from the authentication component, (b) to receive location information from the tracking component, (c) to use the location information to recognize that the user has moved into position to engage one of the touchpoints, and (d) to deliver a message to the touchpoint authorizing the touchpoint to engage in one or more transactions with the user. | 06-25-2009 |
| 20090165093 | INFORMATION PROCESSING APPARATUS AND IDENTIFICATION CONTROL METHOD - According to one embodiment, an information processing apparatus includes a cabinet, a first storage module contained in the cabinet, a communication unit which is detachably inserted into the cabinet, equipped with a second storage module, and used for connecting to a communication line, a verification module which verifies identification information of the communication unit stored in the first storage module against that of the communication unit stored in the second storage module after receiving an instruction of activation of the information processing apparatus, a registration module which registers with the predetermined server unit for use of the communication unit when verification is performed against the identification information of the communication unit stored in the predetermined server unit and the use of the communication unit is determined to be matching. | 06-25-2009 |
| 20090165094 | Terminal activation method - The invention relates to a method for activating a terminal ( | 06-25-2009 |
| 20090165095 | NETWORK CONNECTION TERMINAL AUTHENTICATION METHOD AND APPARATUS - A network connection terminal authenticating method that authenticates a terminal device demands communication with other terminal device in a computer network. The network connection terminal authenticating method include authenticating the terminal device outside a communication path between the terminal device and the other terminal device in response to a demand for communication of the terminal device with the other terminal device and determining whether communication with the other terminal device is permitted, and starting data transmission from the terminal device to the other terminal device when the terminal device is authenticated in the authenticating. | 06-25-2009 |
| 20090172782 | Service Utilization Control Manager - Aspects of the invention allow mobile network users as well as mobile network providers to define policies that are managed across several applications and services. Thus, several application servers and network elements are coordinated to implement a service policy. More specifically, aspects of the invention define service level policies for any service be within an IMS based or non-IMS based wireless network implemented by SIP or non-SIP network elements. | 07-02-2009 |
| 20090172783 | Acquiring And Using Social Network Information - Among other things, a user of a site is provided access to information about a person to whom the user has a connection. The connection is stored in a shared social network (SN) system controlled independently of the site. The information is displayed to the user of the site only in accordance with a permission of the person for whom the user has the connection. | 07-02-2009 |
| 20090172784 | Apparatus and method for processing data broadcast signal - An apparatus and method for receiving and processing a data broadcast signal is disclosed. The apparatus receives a data broadcast signal including the application information table and the application, and authenticates the received application. The apparatus can execute a corresponding application only when the execution of the application is permitted according to the authentication result. | 07-02-2009 |
| 20090172785 | PROVIDING MOBILITY MANAGEMENT USING EMULATION - A system and method are disclosed for providing mobility management among mobile nodes in a communication network. Emulation can be provided to allow a mobile node that uses mobile IP (MIP) to access and use a communication network that is based on proxy mobile IP (PMIP). A gateway can be used to terminate the MIP based protocol access from the mobile node and communicate with the PMIP based core network. Emulation can be provided on a gateway to provide communication from a internet protocol version 4 (IPv4) mobile node and a core network running internet protocol version 6 (IPv6). This allows the network operator to provide access to the deployed base of MIP or IPv4 mobile nodes. | 07-02-2009 |
| 20090172786 | Encryption Sentinel System and Method - An encryption sentinel system and method protects sensitive data stored on a storage device and includes sentinel software that runs on a client machine, sentinel software that runs on a server machine, and a data storage device. When a client machine requests sensitive data from the data storage device, the data storage device interrogates the sentinel software on the server machine to determine if this client machine has previously been deemed to have proper encryption procedures and authentication. If the sentinel server software has this information stored, it provides an approval or denial to the storage device that releases the data if appropriate. If the sentinel server software does not have this information at hand or the previous information is too old, the sentinel server interrogates the sentinel software that resides on the client machine which scans the client machine and provides an encryption update to the sentinel server software, following which data will be released if appropriate. | 07-02-2009 |
| 20090172787 | IMAGE PROCESSING SYSTEM CAPABLE OF RECORDING CAPTURED IMAGES FOR UNLIMITED RECORDING TIME - An image processing system of the present invention includes an authentication server and an archive server each connected to a mobile terminal through a network, wherein the authentication server transmits a first permission notification to the archive server and the mobile terminal to indicate that the mobile terminal is permitted to use an image processing service when the authentication server authenticates that the mobile terminal which requests a connection is a previously registered terminal, and the archive server which, upon receipt of the first permission notification from the authentication server and upon receipt of image data from the mobile terminal, preserves the received image data. | 07-02-2009 |
| 20090178119 | METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR PROVISIONING VLAN SERVICES IN A NETWORK - Provisioning VLAN services in a network patching system includes receiving a request to provide a VLAN service to an individual communication channel, determining whether a switch connector port connected to the individual communication channel via a patch cord is configured to provide the requested VLAN service, and initiating the requested VLAN service to the individual communication channel in response to determining that the switch connector port is configured to provide the requested VLAN service. Verification that a user associated with the individual communication channel is authorized to access the requested VLAN service may be performed prior to initiating the requested VLAN service. An administrator may be notified that a VLAN service has been requested and/or initiated. The user associated with the communication channel may be notified when the requested VLAN service has been initiated. | 07-09-2009 |
| 20090178120 | ELECTRONIC VERIFICATION SERVICE SYSTEMS AND METHODS - Systems and methods for authenticating an applicant. In one implementation, the applicant indicates to an acquirer an existing account for which the applicant wishes to be authenticated. The acquirer sends a message over an electronic funds transfer (EFT) network to an issuer of the account requesting a set of questions to ask the applicant. The issuer replies with a set of questions. The acquirer asks the applicant the questions, and forwards the applicant's answers to the issuer. The issuer compares the answers with known information relating to the account and decides, based on the comparison, whether the applicant is authenticated. The issuer then communicates its decision to the acquirer. Preferably, the messages and their associated replies are added to the set of messages handled by the EFT network, so that authentication may be handled in a standardized way without proliferating applicants' secret information. | 07-09-2009 |
| 20090178121 | Method For Restricting Access To Data Of Group Members And Group Management Computers - The invention relates to a method for restricting the access to data of group members of a service subscriber group. Group members of a service subscriber group are each assigned an identifier. The data of the group members are assigned to the identifier in each case and the data of the group members are stored in a data memory (DS | 07-09-2009 |
| 20090187973 | SYSTEM AND METHOD FOR VERIFYING AN ATTRIBUTE IN RECORDS FOR PROCUREMENT APPLICATION - A system and associated method for verifying an attribute in records for a procurement application. The procurement application employs a database having a company profile record, a user profile record, and a requisition object record, among which share a company_code attribute as a target attribute that is desired to be valid. The company profile record has a validity attribute, and the requisition object record has a validity flag, to indicate validities of the value for the target attribute in respective record. A company profile configuration module configures the company profile record. A user profile verification module prohibits a user without a valid user profile from accessing the procurement application. A user profile cleanup program removes invalid user profile records from the database. A requisition object verification module checks out valid values for the company_code attribute from the company profile records and blocks modification to invalid requisition objects. | 07-23-2009 |
| 20090187974 | Push Artifact Binding For Communication In A Federated Identity System - A data processing system implements push artifact binding for communication in a federated identity system. A federated identity system in the data processing system comprises an initiator that handles a federated action by determining that a user is to be conveyed to a recipient, constructing an appropriate message request or assertion to be sent to the recipient, and sending the message as a push message over a back-channel communication pathway directed to the recipient's location. The federated identity system further comprises a recipient that handles the federated action by responding to the message by forming a Uniform Resource Locator (URL) to which the user can be directed. The initiator redirects the user to the URL specified in the recipient response. | 07-23-2009 |
| 20090187975 | SYSTEMS FOR AUTHENTICATING A USER'S CREDENTIALS AGAINST MULTIPLE SETS OF CREDENTIALS - Provided are systems for authenticating the identity of a user for use in a distributed computer network including multiple sets of access credentials. A user request, including the user's input credentials, is received, and then compared simultaneously to multiple sets of access credentials in order to verify the user's input credentials. When the user's input credentials are verified, the appropriate level of access authority is then determined, and proper access is granted to the user. | 07-23-2009 |
| 20090187976 | METHODS AND DEVICES FOR IMPROVING THE RELIABILITY OF COMMUNICATION BETWEEN AN AIRCRAFT AND A REMOTE SYSTEM - The object of the invention is methods and devices for improving the reliability of communication between an aircraft and a remote system. According to the invention, the aircraft transmits a request for verification of security to a remote system. Upon reception of the response to this request, comprising at least one indication pertaining to the security of the remote system, the aircraft analyzes this indication and decides to establish or not to establish data communication between the aircraft and the remote system. When a verification request is received, the remote system is verified and a response to the request is transmitted to the aircraft. | 07-23-2009 |
| 20090187977 | SERVICE VERIFYING SYSTEM, AUTHENTICATION REQUESTING TERMINAL, SERVICE UTILIZING TERMINAL, AND SERVICE PROVIDING METHOD - An object is to provide a service providing method capable of curbing rise of cost A service providing method according to the present invention is one for providing services A and B, which authenticates a user of an authentication requesting terminal in order to make service A available to the user and which determines whether service B is available to the user, in a state in which the user is authenticated about service A. When service B is determined to be available, a permission message is stored and a permission response based on the permission message for utilization of service B is transmitted to the authentication requesting terminal. Then the permission message on which a utilization request message from a service utilizing terminal is based, is verified, and, if it is in an available status, the service utilizing terminal is permitted to utilize service B. The use of the authentication result on service A obviates a need for provision of new authentication means for service B, so as to lead to reduction of cost. | 07-23-2009 |
| 20090193503 | Network access control - A Network Access Control (NAC) device has at least first and second network interfaces with first and second network addresses, respectively, for providing connection to the network, and a computer device interface for providing connection to a user's computer device. A first network channel is configured in the NAC device over the first network interface for providing transactions between the computer device and the network using first application software installed in the NAC device. A second network channel is configured in the NAC device over the second network interface for providing transactions between the computer device and the network using second application software installed in the computer device. | 07-30-2009 |
| 20090193504 | Device Controller, System, and Method for Authenticated Printing - A device controller is connected with multiple terminals and with at least one input-output device via a network. The device controller has: a reception controller configured to perform first authentication according to data input from a first terminal and to cause the first terminal to obtain information on a specified series of processing based on a result of the first authentication; and an input-output controller configured to perform second authentication according to data input from a second terminal and to cause a specific input-output device selected out of the at least one input-output device to perform the specified series of processing, based on a result of the second authentication. The input-output controller allows the specific input-output device to perform the specified series of processing when the second terminal is selected in advance for the specific input-output device. | 07-30-2009 |
| 20090199273 | Row-level security with expression data type - Systems, methods, and other embodiments associated with row level security for a database table are described. One example method includes detecting an access statement seeking access to a row in a database table for which row level security is active. The method includes adding a predicate to the access statement. The predicate is based on an access control expression associated with the row. The access control expression depends on an instance of an expression data type associated with the row. The method includes populating an attribute of the predicate, and controlling access to the row based on a computed value for the predicate. | 08-06-2009 |
| 20090199274 | METHOD AND SYSTEM FOR COLLABORATION DURING AN EVENT - A system and method for gathering data from a plurality of computer environments. The computer environments are authenticated, data is copied from the plurality of authenticated computer environments to a memory location, and access to the memory location is provided to a plurality of authenticated users. The data may be marked so that a user may determine which computer environment provided the data. | 08-06-2009 |
| 20090199275 | WEB-BROWSER BASED THREE-DIMENSIONAL MEDIA AGGREGATION SOCIAL NETWORKING APPLICATION - Systems and methods for social networking and digital media aggregation represented as a three-dimensional virtual world within a standard web browser are described. In one embodiment, multiple, independent groups of users interact with each other inside a dynamic, three-dimensional virtual environment. These groups may be mutually exclusive and members interact only with other members within the same group. In this manner, system architecture and server requirements may be greatly reduced, since consistent environmental state needs to be maintained only for a small number of interacting participants—typically less than one dozen. | 08-06-2009 |
| 20090205019 | Mobile access to location-based community services - The present invention discloses a method of accessing a network service via a mobile end device of a user in a wireless network wherein a first localisation procedure is performed in order to ascertain a position of the mobile end device. The availability of the network service is determined if the mobile and device is within or is about to enter a predetermined zone in which the network service is available. Then, the number of users of said network service in said zone is determined by using a second localisation procedure. Dependent on the number of users of the network service in said zone, one or more parameters for access of the network service by the mobile end user are set. | 08-13-2009 |
| 20090205020 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD AND COMPUTER READABLE MEDIUM - An information processing apparatus includes a first setting section, and a second setting section. The first setting section sets, when a first user is in a first status which indicates the first user moves out from a first group, a first authority under which the first user is permitted to read out and prohibited to write into the first electronic information. The first setting section sets, when a second user is in a second status which indicates the second user moves into a second group, a second authority under which the second user is permitted to read out and prohibited to write into the second electronic information. The second setting section cancels, when the first user satisfies a first condition, the first authority. The second setting section changes, when the second user satisfies a second condition, the second authority into an authority based on the second group. | 08-13-2009 |
| 20090205021 | MANAGEMENT OF RIGHTS CLEARANCE NEGOTIATIONS AND BROKERING OVER A NETWORK - Managing negotiations to clear rights for using an asset. A rights requester requests approval through a broker to a rights holder, such as a film studio, to use an image or other asset in a project, such as an advertising campaign. The rights requester or broker provides initial terms, such as fee amounts, type of use, sample of use, territory, or other terms. The broker notifies the rights holder of the opportunity, and provides an interface that enables the rights holder to review, revise, forward, approve, or otherwise manipulate the opportunity. The interface also enables the rights holder to search, sort, filter, analyze, and obtain aggregated information on a number of opportunities. Based on such actions, the broker can propose additional or alternate terms or opportunities. The broker may also automatically accept a counter offer if the revised terms fall within predefined ranges. Alternatively, relays a requester's reply offer. | 08-13-2009 |
| 20090205022 | ADVANCED ACCESS CONTROL FOR MEDICAL AD HOC BODY SENSOR NETWORKS - A secure wireless network ( | 08-13-2009 |
| 20090205023 | PROVIDING COMMUNICATIONS USING A DISTRIBUTED MOBILE ARCHITECTURE - A communication apparatus is disclosed that includes a wireless transceiver and a computer readable storage medium. A mobile switching center (MSC) module is embedded in the computer readable storage medium. The MSC module includes an authentication, authorization, and accounting (AAA) module configured to support generation of a set of call detail records at the communication apparatus. A base station controller (BSC) module is also embedded in the computer readable storage medium. The communication apparatus is adapted to transmit Internet Protocol (IP) packet data received at the wireless transceiver to a second apparatus via a peer-to-peer IP connection. | 08-13-2009 |
| 20090210928 | METHOD AND A SYSTEM FOR MANAGING A USER RELATED ACCOUNT INFORMATION ASSOCIATED WITH APPLICATION SERVICES DISTRIBUTED OVER A DATA NETWORK - There is provided a method for managing a user related accounts, the method comprising: receiving user account information for use in connection with at least one application service associated with the user for which a user account management is required; receiving node identification information allowing for identifying at least one application node distributed over a data network, where the at least one application node stores the at least one application service; using the received node identification information for delivering to the at least one application node, through the data network, the user account information; and instead of requiring from the user any manual procedures, automatically processing, at the at least one application node, the delivered user account information, where the processing comprises, in connection with each one of the at least one application service, creating or accessing and updating a corresponding user account using the received user account information. There is further provided a system for managing a user related accounts associated with application services distributed over a data network. | 08-20-2009 |
| 20090210929 | INTER-PROCESS NETWORKING FOR MANY-CORE OPERATING SYSTEMS - Systems and methods that facilitate inter-process networking are described that can provide inter-process communication, firewall restrictions, process and host mobility, as well as parallelization of task performance. In various embodiments, a computer process can be provided with its own internet protocol address and network stack to facilitate inter-process networking. In further embodiments, a gateway process can facilitate process mobility, host mobility, and parallelization of task performance, as well as management of a host area network by facilitating inter-process communication between suitably configured processes. | 08-20-2009 |
| 20090210930 | METHOD OF AUTHENTICATING A CLIENT, IDENTITY AND SERVICE PROVIDERS, AUTHENTICATION AND AUTHENTICATION ASSERTION REQUEST SIGNALS AND CORRESPONDING COMPUTER PROGRAMS - A method is provided of authenticating a client to access a service provided by a service provider, whereby the service provider queries an identity provider to verify identity of the client and authorize access the service. The method includes: verifying using the identity provider to verify that an identity level corresponding to an earlier authentication of the client is stored with the identity provider, and granting service access authorization to the client, which is performed either (i) directly following the verification step when the identity level required is less than the stored identity level, or (ii) after the following steps when the identity level required is greater than the stored identity level or when no client authentication is available, namely requesting authentication of the client having the required identity level and replacing the stored identity level with the required identity level if the client is authenticated by the identity provider. | 08-20-2009 |
| 20090210931 | Printing Apparatus Management System, Printing Apparatus Management Method, and Printing Apparatus Management Program - A printing apparatus management system includes: a printing apparatus which includes an IC tag performing wireless communication with the outside and a memory being connected to the IC tag; and a first information terminal which has at least a function of writing information in the memory through wireless communication with the IC tag. The first information terminal maintains authentication data used by the printing apparatus, writes the authentication data in the memory, and transmits the authentication data to another information terminal. In addition, the printing apparatus interrupts a predetermined function, when the authentication data is written by the first information terminal, and in a state where authentication data is written in the memory by the first information terminal or an information terminal other than the first information terminal in the interruption state, the printing apparatus makes the predetermined function effective, when the authentication data written by the first information terminal before the interruption state and the authentication data written by the first information terminal or the information terminal other than the first information terminal after the interruption state accord with each other. | 08-20-2009 |
| 20090217356 | Electronic permission slips for controlling access to multimedia content - An administrator controls viewer access to restricted multimedia programs using electronic permission slips. In response to a viewer's request to view a restricted multimedia program, the viewer may initiate the generation of an electronic permission slip that is sent to an electronic device associated with the administrator. The electronic permission slip may include text-based information, graphical information, audio information, and the like. The electronic permission slip may enable input of permission data regarding whether the viewer is allowed to receive the blocked program. In response to the administrator granting permission, a service provider network allows the viewer to access the restricted multimedia program. | 08-27-2009 |
| 20090222893 | LEGACY DEVICE REGISTERING METHOD, DATA TRANSFERRING METHOD AND LEGACY DEVICE AUTHENTICATING METHOD - A method of registering a legacy device, a method of transferring data, and a method of authenticating a legacy device are provided. The method of registering a legacy device by using a virtual client, which allows the legacy device to access a domain, includes: receiving unique information on the legacy device from the legacy device which requests the domain to register the legacy device; searching a registrable legacy device list including the unique information on the legacy device which can be registered in the domain for the unique information on the legacy device; and requesting a domain manager, which manages the domain, to register the legacy device, when the unique information on the legacy device is included in the registrable legacy device list, and not allowing the legacy device to be registered in the domain when the unique information on the legacy device is not included in the registrable legacy device list. | 09-03-2009 |
| 20090222894 | Systems and Methods for Delegation and Notification of Administration of Internet Access - Disclosed are systems, methods, and computer readable media for delegating administrative rights to a third party in an Internet access control application comprising receiving a designation of a third party wherein the designation identifies the third party as a recipient of administrative rights in an access control application, and receiving a selection of administrative rights to be associated with the third party. Further, an invitation can be sent, or caused to be sent, to the third party. Acceptance of said invitation can be received. Also, administrative rights can be granted to the third party. The systems, methods, and computer readable media can be operable within a client/server architecture. Also disclosed are systems, methods, and computer readable media for notification of an access policy violation. Also disclosed are systems, methods, and computer readable media for administration of an access control application by a third party and access policy violation notification. | 09-03-2009 |
| 20090241172 | Remote Disablement of a Communication Device - Systems, methods and computer readable media for remotely disabling communication devices. When a communication device is identified for disablement, a disable signal may be transmitted to the emergency communication device. If the emergency communication device receives the disable signal, the emergency communication device may authenticate the source of the disable signal. If the source of the disable signal has been authenticated, the emergency communication device may disable itself. Disablement may include physical destruction or physical alteration of hardware or software necessary for the communication device to operate. Disablement may also include being locked-out from access to or use of hardware or software necessary for the communication device to operate. | 09-24-2009 |
| 20090249447 | Information processing system and computer-readable recording medium - When a user makes a remote log-in to a server apparatus from a terminal apparatus, a password managing apparatus, which manages the name of a user of the server apparatus, his/her direct log-in password and transformation rule, displays an authentication purpose symbol sequence on a display apparatus. The user transforms the displayed sequence by his/her transformation rule and supplies, via the terminal apparatus, his/her user name and the post-transformation symbol sequence to the server apparatus, which then sends them to the password managing apparatus. If the result of applying the user's transformation rule to any authentication purpose symbol sequence generated in the past coincides with the post-transformation symbol sequence, the password managing apparatus sends the direct log-in password to the server apparatus to pass the remote log-in to the server apparatus by the terminal apparatus as a success. | 10-01-2009 |
| 20090249448 | METHOD AND APPARATUS FOR HANDLING SECURITY LEVEL OF DEVICE ON NETWORK - Provided is a method of controlling a security level of a device. The method includes: requesting a server to authenticate a device, wherein the requesting is performed by a second application installed in the device; generating a device-server session for communication between the server and the device, based on the authentication of the device by the server; requesting access to the server by using the generated device-server session, wherein the requesting is performed by a first application installed in the device; and receiving content from the server due to the first application accessing the server. | 10-01-2009 |
| 20090249449 | PERSONAL CRITERIA VERIFICATION USING FRACTIONAL INFORMATION - A method for verifying the identity of users connected to a computer network comprises providing fractional information queries to users, wherein responses to these individual queries are not sufficient to identify the user. This method further comprises receiving responses to these fractional information queries and comparing these responses to data available from within a computer network. A set of potential matches to the user is generated according to these responses and is used in determining whether the set of potential matches is sufficient to identify the user. | 10-01-2009 |
| 20090254977 | Method and Apparatus for Communicating Information Between Devices - A network of devices permits data to be stored on the devices and subsequently searched and accessed from any other one of the devices. A plurality of channels are defined to distribute a plurality of access points throughout the network. A mechanism securely assigns authorizations to users to read or write from or to specified ones of the channels, which authorizations are capable of being checked by each of the access points. To write into a channel, a request is made to one of the access points which checks if the requesting user is authorized to write onto the requested channel. If appropriate, the data is associated with the requested channel. To search for data from a particular channel or group of channels, a search request is made to one of the access points which first checks the requesting user is authorized to read from the requested channel or group of channels. If appropriate it issues a corresponding search request or requests to a subset of the devices which checks to see if stored data satisfying the request exists there and, if so, the data is transmitted to the requesting user. Otherwise the search request is forwarded to another one or more of the devices. | 10-08-2009 |
| 20090254978 | DELEGATED AUTHENTICATION FOR WEB SERVICES - Embodiments of the claimed subject matter provide a method and an apparatus for enabling delegated authentication for web services. Delegated authentication is provided without divulging the information the user requires to complete an authorization procedure of another web service or otherwise subjecting the user to unnecessary risk. Furthermore, delegated authentication is granted for a limited duration and access is subject to further limitations to prevent unnecessary intrusion to the user, the user's data, and the host web service. | 10-08-2009 |
| 20090254979 | Method of and System for Enforcing Authentication Strength for Remote Portlets - In a method of and system for enforcing authentication strength for remote portlets, a portlet is provided by a producer portal and consumed as remote portlet by a consumer portal. The producer portal defines an authentication strength level requirement for the portlet. A user requests the remote portlet from the consumer portal. The consumer portal authenticates the user with a particular authentication method that implies a particular authentication strength level. The producer portal authenticates the consumer portal with a particular authentication method that implies a particular authentication strength assertion level. The consumer portal requests the portlet from the producer portal with an assertion of the authentication strength level of the user. The producer portal rejects the request from the consumer portal if the authentication strength level of the user is less than the authentication strength level requirement for the portlet. The producer portal also rejects the request from the consumer portal if the authentication strength assertion level of the consumer portal is not high enough to assert the authentication strength level of the user. The producer portal accepts the request from the consumer portal only if the authentication strength level of the user is not less than the authentication strength level requirement for the portlet and the authentication strength assertion level of the consumer portal is high enough to assert the authentication strength level of the user. | 10-08-2009 |
| 20090254980 | METHOD OF PROVIDING ACCESS RIGHTS BASED ON DEVICE PROXIMITY AND CENTRAL ACCESS DEVICE USED FOR THE METHOD - Provided is method of providing access rights based on device proximity and central access device used for method. Method of providing access rights to mobile device includes: determining proximity showing how close mobile device is to central access device when mobile device connects to central access device in home network; and granting access right to mobile device according to determined proximity. Access rights used for protecting contents of various devices in home network can be seamlessly controlled, and in network, identity of person (identified by his/her device) can be generated and his/her access right can be properly controlled. In addition, there is no need to concern about leakage of data beyond the house and there is no need to try to change anything of set parameters for this purpose, and there is no need to try to protect data in a ubiquitous information network. | 10-08-2009 |
| 20090260064 | METHOD AND PROCESS FOR REGISTERING A DEVICE TO VERIFY TRANSACTIONS - A user-oriented verification system and method provides for verification and fraud reduction in transactions. Users create verification accounts and register one or more devices with the account. Entity data provided by the user is selectively paired with device identifiers associated with registered devices. The entity/device pairs dictate the type and scope of transactions that may be entered into by each registered device. During a transaction, a requester provides entity/device information collected from a user to the verification system. If the entity/device information matches records stored by the verification system (i.e., the user has previously registered the device and associated selected entity information with the device) then the transaction is verified and notice is provided to the requester. | 10-15-2009 |
| 20090265764 | AGGREGATION AND USE OF INFORMATION RELATING TO A USERS CONTEXT - Information, called context information, relating to a current state of a user may be aggregated. In one implementation, the context information may include information that is automatically generated by communication devices of the user and information, submitted by the user, that relates to the user's state. The context information may be used by authorized context consumers. | 10-22-2009 |
| 20090265765 | System and Methods for Managing Trust in Access Control Based on a User Identity - System and methods for managing trust in access control are based on a user identity, in a Universal Plug and Play (UPnP) network. A device has an access control list (ACL), a trusted-to-identify access control list (TIA), and a first TIA management module configured to manage the TIA. A security console is communicatively coupled to the device via the network. The security console has a second TIA management module. The first TIA management module is able to implement an add request from the security console for adding an entry to the TIA. The entry includes a control point identity for a control point communicatively coupled to the device via the network. | 10-22-2009 |
| 20090265766 | Supplying Web Pages - A system is shown that supplies web pages from servers ( | 10-22-2009 |
| 20090271846 | Method and Device to Suspend the Access to a Service - The present invention concerns a device and method for suspending and renewing the authorization to a wireless station to use a service on the device. The device comprises wireless communication means, a memory and at least one service for access by at least one station also comprising wireless communication means, means for authenticating the wireless station, means for authorizing the authenticated station to access one of the at least one service. The device comprises means for suspending the authorized station to access the service; and in response to a user request on the device, renewing the access authorization to the service by the suspended station, without requiring any user interaction on the station. | 10-29-2009 |
| 20090276832 | Controllable Information Diffusion Method - A method of sending data via a communications network NTWK interconnecting terminals (T | 11-05-2009 |
| 20090276833 | Provisioning Data Storage entities with Authorization Settings - A method and system for generating authorization settings that indicate whether host administrators using a host-based storage-management application are authorized to perform provisioning operations on data storage entities residing on a data storage system are disclosed. Accordingly, a storage-management application receives from an administrator an authorization setting indicating on a per-user basis a set of provisioning operations which can be performed with a data storage entity via the storage-management application. The authorization settings are then communicated from the host-based storage-management application to the storage system where the data storage entity resides, and the authorization settings are stored. A storage-management application executing on any host can then utilize the authorization settings to control which users are allowed to interact with certain data storage entities, and what specific interactions (e.g., provisioning operations) are allowed. | 11-05-2009 |
| 20090276834 | SECURING RESOURCE STORES WITH CLAIMS-BASED SECURITY - The present invention extends to methods, systems, and computer program products for securing resource stores with claims-based security. From policy information, a resource store populates a security table of permissions. The permissions authorize resource access based on received claims. Sessions submit claims to the resource store. The resource store accumulates claims for a session into a claims list. From the claims list and the security table, the resource store filters out a subset of metadata including resource IDs for resources the session is authorized to access. Since the metadata corresponds to the session, any application using the session is given similar access to resources at the resource store. | 11-05-2009 |
| 20090276835 | SECURE CROSS-DOMAIN COMMUNICATION FOR WEB MASHUPS - A secure cross-domain communication system and method for facilitating secure communication between a website having a web mashup and websites having content that is to be placed on the web mashup. Embodiments of the system and method set the document domain variable of the mashup website and the websites to facilitate the secure communication. Mediator frames are used as an intermediary between a top frame (containing the web mashup) and untrusted frames (containing the website content to be included in the mashup). The type of setup technique used is dependent on the number of websites being used in the mashup. Once the secure communication is established, data exchange between the top frame and the untrusted frame is dependent on the types of services that that the browser supports. | 11-05-2009 |
| 20090276836 | METHOD AND SYSTEM, IN A PRESENCE AND INTERMEDIATION SYSTEM, TO TRANSFER FROM ONE OWNER TO AT LEAST ONE WATCHER - Method, in a presence and intermediation system, to transfer from one owner ( | 11-05-2009 |
| 20090282463 | EFFICIENT ATTACHMENT OF USER-SELECTED FILES TO E-MAIL FROM HANDHELD DEVICE - A wireless telecommunications system includes facilities in a wireless hand-held device (WHHD) that allows a user to browse files available to that user on storage devices in an enterprise network, and to identify one or more such files to be attached to an e-mail message to be composed on or transmitted from the handheld. The system includes facilities in an enterprise network, such as a file delivery server, that cooperates with the WHHD to provide the file browsing service. A mail agent cooperates with the WHHD, responsive to instruction from the handheld to send an e-mail message that is to contain an attachment, to request the file delivery server to retrieve the identified files and assemble an e-mail containing those files as attachments. The WHHD may receive from the user appropriate credentials needed to access files available to that user on storage devices in the enterprise network, and may forward the credential to the file delivery server and the mail agent. These components may use the credentials to provide the file browsing service and to retrieve the identified files. | 11-12-2009 |
| 20090288146 | SECURE CENTRALIZED BACKUP USING LOCALLY DERIVED AUTHENTICATION MODEL - A system and method for performing backup operations is provided. Mechanisms facilitate a secure centralized backup system with a locally derived authentication model. A local centralized storage server may generate an authentication model, including credentials, and create a share/directory for each client. Clients store their credentials and use them to access centralized storage. Credentials are maintained and provisioned locally. A remote host server may establish trust by providing a list of clients in a circle. | 11-19-2009 |
| 20090288147 | SYSTEM AND METHOD FOR MODIFYING SECURITY FUNCTIONS OF AN ASSOCIATED DOCUMENT PROCESSING DEVICE - The subject application is directed to a system and method for modifying at least one security function of an associated document processing device. Data representing security functions of the document processing device is stored in associated memory. Login data is then received from an administrator via an associated user interface. Selection data is received corresponding to a security function on the document processing device to be enabled. The selected security function is then selectively enabled via the document processing device. Enhanced mode selection data is then received from the administrator corresponding to an enhanced security mode of operation. Each security function associated with the enhanced mode is simultaneously enabled. Operations of the document processing device are thereafter controlled in accordance with each selectively enabled security function. | 11-19-2009 |
| 20090293104 | System and method for comprehensive management of company equity structures and related company documents withfinancial and human resource system integration - A system comprises business logic operable for managing and administering company entities, records, documents, equity instruments, and stakeholders, a database storing data associated with the business logic, integration logic operable to integrate the business logic and its associated data with existing enterprise systems and data associated therewith, and a graphical user interface presenting a hierarchical tree view of the company entities, records, documents, equity instruments, and stakeholders. | 11-26-2009 |
| 20090293105 | ACCESS CONTROL SYSTEM AND ACCESS CONTROL METHOD - An access control system and method is disclosed. The access control system and method includes a terminal and a server. The terminal determines whether to allow access to a requested website and generates a request to the server to download information from the requested website if the terminal determines to allow access. The server determines whether to allow the terminal access to the requested website and provides information from the requested website to the terminal. The server examines the request to determine whether or not the terminal has made a determination whether to allow access to the requested website. The terminal and server work in combination to determine whether to grant access to the requested website. And the server's determination whether to allow the terminal access is dependent on the server's determination of whether or not the terminal has made a determination whether to allow access to the requested website. | 11-26-2009 |
| 20090293106 | METHOD AND APPARATUS FOR CONTROLLING WIRELESS NETWORK ACCESS PRIVILEGES BASED ON WIRELESS CLIENT LOCATION - An access point through which a wireless device attaches to a wireless network determines the access privileges that will be accorded to the device based on a criteria set, such as the ID and physical location of the device requesting network access, the access point through which the device is connected to the network and user credentials. The location of the device is determined by a location determination system using the signal strength of the device signal. The location information and ID information is provided to an access server that uses the criteria set to retrieve access privileges from a privilege database. The retrieved access privileges are then applied to the wireless device by means of the access point and other devices in the wireless network. | 11-26-2009 |
| 20090300722 | SUPPORT FOR INTEGRATED WLAN HOTSPOT CLIENTS - The invention proposes a method and a network device comprising an operation entity ( | 12-03-2009 |
| 20090300723 | SHARING PRIVATE DATA PUBLICLY AND ANONYMOUSLY - Sharing a secret that can later be revoked. A client sends data to a server that makes the data available to other clients. The data is shared generically without specifically identifying the client. The data can be considered quasi-secret data or data that is secret except for the anonymous sharing of the data. The client can later make the shared data private again by changing or deleting the sharing of the data. | 12-03-2009 |
| 20090300724 | METHOD FOR MANAGING DOMAIN USING MULTI DOMAIN MANAGER AND DOMAIN SYSTEM - The present invention relates to a method of managing a domain employing a multi-domain manager and a domain system. The method of managing a domain employing a multi-domain manager includes designating a primary domain manager, configuring the domain by registering a domain device with the primary domain manager, designating at least one secondary domain manager of the domain devices, and managing the domain through conjunction of the primary domain manager and the secondary domain manager. Thus, domain management can be performed efficiently by employing a multi-domain manager. | 12-03-2009 |
| 20090300725 | ENABLING SYNCHRONOUS AND ASYNCHRONOUS COLLABORATION FOR SOFTWARE APPLICATIONS - A method for collaborating a first computer with a second computer. The method includes sending an invitation from the first computer to the second computer, and sending a list of permissions from the first computer to the second computer upon acceptance of the invitation. The list of permissions allows the second computer to access a limited portion of one or more data on the first computer. The method further includes performing an analysis on the limited portion of the data stored on the first computer by the second computer, and sending a notification from the second computer to the first computer, wherein the notification indicates that the analysis has been performed on the limited portion of the data. | 12-03-2009 |
| 20090300726 | ETHERNET SERVICE CAPABILITY NEGOTIATION AND AUTHORIZATION METHOD AND SYSTEM - Described herein are methods and systems for negotiating and authorizing one or more Ethernet and/or IP services among a plurality of network entities in a wireless communication system. In one embodiment, an Access Service Network Entity transmits Ethernet Service capability data to a Home Connectivity Service Entity. Optionally, the Ethernet Service capability data may include Ethernet Service capability data associated with a Visited Connectivity Service Entity. The Home Connectivity Service Entity then determines which Ethernet and/or IP Services are authorized for a particular mobile station associated with the Access Service Network Entity based upon the received Ethernet Service capability data, a subscriber profile, and a home network policy. | 12-03-2009 |
| 20090300727 | SERVER, INFORMATION PROCESSING METHOD AND PROGRAM - A server having an authority information storage configured to store therein authority information on an operation authority, a determination request information receiver configured to receive determination request information that is transmitted from a client and requests a permission/rejection determination on execution of a desired operation in the server or a client, a permission/rejection determination unit configured to make a permission/rejection determination in response to the determination request information received by the determination request information receiver based on the authority information, and a determination result information transmitter configured to transmit determination result information on a determination result made by the permission/rejection determination unit to the client that transmitted the determination request information. | 12-03-2009 |
| 20090300728 | ELECTRONIC MAIL TERMINAL APPARATUS, MAIL SERVER, CHECK CODE REGISTERING METHOD, AND MAIL RECEPTION PERMITTING METHOD - An apparatus includes: an address book to store mail addresses; an address registration unit to register a mail address of electronic mail in the address book; a check code generation unit to generate a check code from the mail address; and a check code transmission unit to transmit a mail reception permission notification including the check code generated from the mail address to a registration unit. | 12-03-2009 |
| 20090300729 | PURCHASING PERIPHERAL SUPPORT IN A MEDIA EXCHANGE NETWORK - A system providing support for user transactions in a media exchange network is disclosed. An embodiment of the present invention may comprise a television display, storage, and a set top box, and may provide an interface device for receiving from a user associated authorization device, information for authorizing user transactions via a communication network. A user transaction may comprise the exchange, purchase, storage, or consumption of media such as, for example, audio, still images, video, and data. The communication network may comprise, for example, a cable infrastructure, a digital subscriber line infrastructure, a wireless infrastructure, and may be the Internet. The system may provide for the completion of the user transaction without divulging the identity of the user to a vendor. | 12-03-2009 |
| 20090307755 | SYSTEM AND METHOD FOR FACILITATING CROSS ENTERPRISES DATA SHARING IN A HEALTHCARE SETTING - A method of sharing patient information including creating a release authorization containing sufficient information to identify a patient and information authorized for transmission, which is a subset of information stored by an electronic health record (EHR) entity for that patient; the release authorization associated with a patient or a person acting as a proxy for the patient; receiving a request from a recipient entity for information; identifying the subset of information associated with the release authorization to be transmitted from the EHR entity to the recipient entity; and transmitting the subset of information from the EHR entity to the recipient entity. | 12-10-2009 |
| 20090307756 | System of Electronic Document Repository which Guarantees Authenticity of the Electronic Document and Issues Certificates and Method of Registering, Reading, Issuing, Transferring, A Certificate Issuing Performed in the System - Provided are an electronic document repository system which guarantees authenticity of electronic document and issues certificates and methods of registering, reading, issuing, and transferring electronic documents in the system, and a method of issuing certificates in the system. The electronic document repository system includes an authentication module, a registration module, a reading module, an issuing module, and a certification module. | 12-10-2009 |
| 20090307757 | Method and System for Centralized Access Authorization To Online Streaming Content - The invention discloses a system to protect online streaming content by a content provider, by means of access authorization in the network operator's platform. The invention provides a solution to the problem of access authorization for streaming content, that is not exactly known with regards to description and/or location at the moment the access authorization is performed. | 12-10-2009 |
| 20090307758 | Method and apparatus to facilitate using a multicast stream to provide on-demand streaming content - A streaming content-on-demand service provider ( | 12-10-2009 |
| 20090307759 | Temporary Domain Membership for Content Sharing - In accordance with one or more aspects, a first device receives a digital certificate of a second device. The first device generates a digitally signed temporary domain join request and sends the request to a domain controller. The domain controller generates, for the first device, a temporary domain certificate allowing the first device to temporarily consume content bound to the domain. The temporary domain certificate is sent to the first device, allowing the first device to temporarily consume content bound to the domain. | 12-10-2009 |
| 20090307760 | ELECTRONIC MAIL TRANSMISSION AND RECEPTION SYSTEM - An electronic mail transmission/reception system is provided, capable of maintaining the confidentiality of restricted attachments desired to be limited in destination, thereby ensuring the security of the restricted attachments. A system management server | 12-10-2009 |
| 20090307761 | ACCESS AUTHORITY SETTING METHOD AND APPARATUS - An access authority setting method includes: detecting an action including activation of a virtual machine, stop of the virtual machine or a movement of the virtual machine between physical servers; and setting access authority required for a state after the action to a related apparatus among a connection apparatus and a disk apparatus in a system. By dynamically setting the access authority to the connection apparatus or disk apparatus according to an operation state of the virtual machine, the unauthorized access is prevented and the improvement of the security is realized. | 12-10-2009 |
| 20090313681 | Preliminary Verification System which has a Authentication by Phone on the Internet Environment - A preliminary verification method under an Internet environment using a phone authentication service in a system including a first terminal, a web server, an authentication server, a host server, a call server and a second terminal, the method comprising the steps of: providing a preliminary transaction request generated from the first terminal to the authentication server through the web server; at the authentication server, transmitting the preliminary transaction request information to the host server, and providing preliminary transaction result information corresponding to the preliminary transaction request information from the host server to the first terminal; at the authentication server, in case of receiving a real transaction request generated from the first terminal, receiving and verifying the authentication information from the first terminal according to the electronic transaction approval, and requesting a phone authentication for the second terminal of the user of the authenticated first terminal to the call server; at the call server, generating an authentication call to the second terminal, receiving a one time password (OTP) number corresponding to the authentication call from the second terminal, generating an OTP number by the same number of an OTP device, and transmitting authentication completion information to the host server if the generated OTP number is the same with the received OTP number; and at the host server, performing the electronic transaction process according to the authentication completion information received from the call server. | 12-17-2009 |
| 20090313682 | Enterprise Multi-interceptor Based Security and Auditing Method and Apparatus - A method of auditing network communications and applying external policy controls enforced by network connectivity including the steps of caching a plurality of packets, tagging each packet with a unique identifier, assembling an array of packets into a readable payload and evaluating the payload contents. | 12-17-2009 |
| 20090320101 | SYSTEM AND METHOD FOR AUTHENTICATING USERS IN A SOCIAL NETWORK - A system and method is provided that authenticates the identity of the person behind a username and stores that information in a manner that allows a first person communicating on a social network with a second person to confirm that the identity of the second person is known and authenticate without requiring the second person to reveal identity information (other than their user name/screen name) to the first person and vice versa. | 12-24-2009 |
| 20090320102 | Methods for Distributing Information Using Secure Peer-to-Peer Communications - A method for providing access to secure peer-to-peer communications to a device can include receiving a request to join an interest group. The request can include a device identification number of the device. The method can further include determining access rights for the device. The access rights can include permission to access shared messages of the interest group. Additionally, the method can include providing an access key to the device. The access key can enable the device to access shared messages of the interest group. | 12-24-2009 |
| 20090320103 | EXTENSIBLE MECHANISM FOR SECURING OBJECTS USING CLAIMS - An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued. | 12-24-2009 |
| 20090320104 | Communications Network with Smart Card - Methods and systems are disclosed to enable a smart card having relatively low data rate and low computational power to control a high data rate communications channel without degradation of performance. The smart card and an associated monitor/interface, which can be implemented in a network access device, are interposed between transmitting and receiving nodes in a network, and configured to intervene when conditions of rules stored in the smart card are met. For example, the smart card can intervene when a packet header indicates sufficient change in information, such as the exceeding of a predefined threshold or a requirement for user authorization/authentication. In one mode of regulating packet flow, the smart card selectively enables or disables packet transmission, reception, or both, according to the rules stored therein. In another mode, the smart card, upon activation, provides rules and modifications for packet data, headers, or both. The rules and modifications can implement communication policies of the entity providing communication services to the user of the services, and can be stored in the smart card to prevent alteration or tampering. | 12-24-2009 |
| 20090328152 | METHOD OF ACCESS CONTROL IMPLEMENTED IN AN ETHERNET SWITCH - An access control system, having at least one access control unit for securing a physical area and controlling entry into and egress out of the physical area, and an Ethernet routing device, is disclosed. The Ethernet routing device includes an access controller for determining access privileges to the physical area; an Ethernet switching unit for directing network communications between multiple network devices; at least one Ethernet connector for connecting the at least one access control unit to the Ethernet routing device; and an access control message interpreter for reading messages received, by way of the Ethernet connector, from the at least one access control unit and providing access control information contained in the messages to the access controller for access privilege determination. | 12-31-2009 |
| 20090328153 | USING EXCLUSION BASED SECURITY RULES FOR ESTABLISHING URI SECURITY - A solution for controlling access to Uniform Resource Identifier (URI) identified resources can receive a request for a resource identified by a URI. The URI associated with the request can be compared against at least one previously established security rule. The security rule can include an exclusion comparison operator and a regular expression defining a pattern. A determination as to whether to grant a requester access to the resource can be based at least in part upon results of the comparing of the URI against the previously established security rule. | 12-31-2009 |
| 20090328154 | ISOLATION OF SERVICES OR PROCESSES USING CREDENTIAL MANAGED ACCOUNTS - This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis. | 12-31-2009 |
| 20090328155 | Master device for controlling application security environments - Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by using a slave device that will enable or disable protection for applications as required. The device supports one or more users, none or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges the processes running in that Application Security Environment have while that Application Security Environment is in that state. | 12-31-2009 |
| 20090328156 | WORKFLOW BASED AUTHORIZATION FOR CONTENT ACCESS - The present invention extends to methods, systems, and computer program products for workflow based authorization for content access. A workflow can be triggered when a protection policy does not fully express an intended recipient's rights in protected content. A workflow processes relevant inputs to more fully express the intended recipient's rights in protected content. Workflows can provide policy item updates and authorizations decisions with respect to protected content. Through the use of workflows to make an authorization decision, access to information can become more flexible, allowing it to follow the desired flow of information throughout its lifecycle. This flexibility allows organizations to protect their information without worrying about the protection stopping the natural flow of business. | 12-31-2009 |
| 20090328157 | SYSTEM AND METHOD FOR ADAPTIVE APPROXIMATING OF A USER FOR ROLE AUTHORIZATION IN A HIERARCHICAL INTER-ORGANIZATIONAL MODEL - A system and method are provided for adaptive approximating of a user for role authorization in a hierarchical inter-organization model. The system includes an authorization redirector for receiving a request for an access control decision for a user. The system further includes an adaptive authorizer for dynamically determining, at run-time, a user role approximation for the user responsive to the request. The user role approximation is based on at least one of a system state and a system goal corresponding to a hierarchical inter-organizational model. | 12-31-2009 |
| 20090328158 | METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR PROVIDING SOFTWARE APPLICATION INVITATION - An apparatus for providing software application invitations may comprise a processor. The processor may be configured to receive an achievement in a software application and formulate at least one invitation to execute the software application. The processor may further be configured to send at least one invitation to at least one invitee. The invitation may include a means to access at least a portion of the software application. Associated methods and computer program products may also be provided. Also, apparatus, methods, and computer program products for processing received software applications invitation may be provided. | 12-31-2009 |
| 20090328159 | Systems and Methods for Secure Printing - Apparatus, systems, and methods consistent with disclosed embodiments provide for the secure printing of documents. A first security data is associated with a document, which is printed to one of several secure trays coupled to a printer, if a second security level derived from the first security data is not lower than the first security level currently associated with the secure output tray. The first security data is matched with second security data obtained from an input device coupled to the printer. Access to the secure tray is granted if the second security data matches a subset of the first security data. In some embodiments, secure output trays on the printer may be dynamically assigned to different security levels corresponding to the security levels of documents printed to the secure output trays. | 12-31-2009 |
| 20090328160 | ADMINISTRATION PORTAL - An administration portal for a network security server, including: (i) control elements allowing a user of a network to access respective services, such as email, spam filter, malware filter, and web browser control services, performed by the security server; and (ii) an administration module for maintaining permission attributes for users of the network, the attributes defining access to the control elements. The permission attributes have a delegation hierarchy so a managed security service provider can set a permission attribute for a user to administrator, and the user with an administrator permission attribute can set another user to have a user permission attribute. The permission attributes can also be set on a group basis for a group of said users. The attributes each have associated capability levels defining a level of access for the respective services. | 12-31-2009 |
| 20090328161 | Peer discovery and connection management based on context sensitive social networks - In a method for automatically filtering communications, a networking request from an initiating party on an initiating communication device is received. The networking request pertains to a request for communication between the initiating communication device and a recipient communication device of a user over a communication channel. A determination is made of whether the communication channel to be used for the communication matches a communication channel for a previous communication between the initiating party and the user. It is automatically determined whether to grant the networking request, based at least in part on the determination of whether the communication channel for the communication matches the communication channel for the previous communication between the initiating party and the user. Other embodiments are described and claimed. | 12-31-2009 |
| 20100005510 | ARCHITECTURE AND METHOD FOR CONTROLLING THE TRANSFER OF INFORMATION BETWEEN USERS - A system and method for marking and controlling the transfer of information between several users ( | 01-07-2010 |
| 20100005511 | USAGE BASED AUTHORIZATION - Embodiments of the invention provide systems and methods for authorizing a request to access a resource based on a context of the request. According to one embodiment, a method of authorizing a request for a resource based on a context of the request can comprise receiving the request from a requester, identifying the context of the request, and determining whether to authorize the request based on the context of the request. In some cases, the request can include context information describing the context of the request. In such cases, identifying the context can be based at least in part on the context information from the request. Additionally or alternatively, context information describing the context can be requested and received in response to the request. In such a case, identifying the context can be based at least in part on the received context information. | 01-07-2010 |
| 20100005512 | System and method for validating requests in an identity metasystem - An information processing system in a computer network comprising an edge system, an identity provider, a relying party and a tracing service, in which the tracing service relays a queue of information of authorized user activity from a relying party to an identity provider, which then can provide that activity information to the user. | 01-07-2010 |
| 20100005513 | Interoperable systems and methods for peer-to-peer service orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 01-07-2010 |
| 20100005514 | METHOD, SYSTEM AND SERVER FOR FILE RIGHTS CONTROL - A file rights control method, a file rights control system, and a server are described. The file rights control method includes: monitoring identity information of a file author; determining at least one authorization object of the file according to identity information of the file author; determining rights corresponding to different authorization objects of the file according to the identity information of the file author and the at least one authorization object of the file; and authorizing the at least one authorization object of the file according to the determined rights corresponding to different authorization objects of the file. A file rights control system and a server are further described. By using the embodiments of the present invention, the complexity of file authorization control operation is reduced, thus improving the working efficiency of users. Moreover, the authorization of a fine granularity and a higher security are ensured. | 01-07-2010 |
| 20100011415 | SYSTEM AND METHOD FOR PROCESSING AN UPLOAD OF A PROGRAM WITH EXPORT COMPLIANCE INFORMATION - Disclosed herein are systems, methods, and computer readable-media for processing a program with export compliance information, the method including in a process of ingesting a program from a developer to an online store, presenting a request to the developer to indicate if the program contains encryption, upon indication that the program contains encryption, presenting an interface for the developer to upload an appropriate export compliance form, blocking the program from the online store if the appropriate export compliance form is not received, and upon receipt of the appropriate export compliance form, receiving and ingesting the program from the developer into the online store. In one aspect, the method further presents an interface to the developer to upload one export compliance form associated with multiple programs. In another aspect, the export compliance form is bundled with the program for distribution in the online store. The method can include blocking the program from the online store if the program does not meet one or more additional requirements. In one aspect, the appropriate export compliance form is transmitted to a reviewing body for approval before completely ingesting the program. The reviewing body may notify the developer of approval or rejection of the export compliance form. | 01-14-2010 |
| 20100011416 | DOCUMENT STORAGE ACCESS ON AN UNSOLICITED TRANSFER BASIS - Systems and methods of the present invention allow a file owner to upload and store a file to a File Storage Area. Through a series of communications, a file owner may provide an intended file recipient access to the file without a request by a file requester. The file owner may grant permissions to access the file and notify the intended file recipient of the results. | 01-14-2010 |
| 20100011417 | SYSTEM AND METHOD FOR PRIVILEGE MANAGEMENT AND REVOCATION - The present disclosure relates generally to the management of privileges associated with certain applications that are accessible by users of electronic equipment, such as, for example, networked computers, mobile wireless communications devices, and the like. In particular, the disclosure is directed to systems and methods for managing privileges associated with particular applications and for revoking these privileges in a timely and robust manner. For example, the device keeps track of which applications get access to which privileges. When policies or application control changes, the system detects which privileges have been revoked for which applications. This can be accomplished by simply comparing the old set of privileges with the new set of privileges. For each revoked privilege for a given application, the system determines if the application has ever accessed that privilege in the past. If an application has accessed a privilege that is now revoked at any time in the past, the device is reset. To ensure that privileges that may be passed between applications are not overlooked, the device is arranged to perform a reset if any revoked privilege accessible by the device is one that may be passed between applications. | 01-14-2010 |
| 20100011418 | KEY CONTROL WITH REAL TIME COMMUNICATIONS TO REMOTE LOCATIONS - A key control system includes at least one premise, a lockbox capable of securing a key to the premise and at least one mobile telephone associated with a user and having a stored access device program capable of communicating an access request to the lockbox. The premise is subject to authorized access by others, such as the user, based on preferences of an approval party established with the system. If specified by these preferences, the mobile telephone automatically initiates a communication to a selected destination to request approval of the access request. | 01-14-2010 |
| 20100017855 | State Saver/Restorer for a Geospatial Decision Management System - A geospatial decision management system (GDMS) can save the overall state of a user's experience at one point in time within a GDMS session so that the user can restore the overall state at a later time, such as by restoring a geospatial browser view (e.g., camera settings for rending the map on the display screen, layer state information, map location) and restoring the states of one or more instances of geospatially-referenced tools that were active at the time of the state save. Upon restore, the browser and tools are initialized with their saved states so that the user is presented with the same functionality, data, and browser view that were displayed and accessible at the time of the state save. Saved states are transportable and can also be sequenced and animated to allow presentation of a slide show of individual GDMS views. | 01-21-2010 |
| 20100017856 | BIOMETRIC RECORD CACHING - An apparatus, method and program product locally stores biometric data in response to a user accessing a network ( | 01-21-2010 |
| 20100017857 | SYSTEM AND METHOD FOR EXECUTING INTERACTIVE APPLICATIONS WITH MINIMAL PRIVILEGES - A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system. The policy-based decision system makes its determination based on an analysis of the application requirements, an analysis of the data security and privacy concerns associated with the execution of the application, the identity of the user and user's role and any other policy considerations previously specified by an administrator. Once the determination as to the appropriate set of privileges to be afforded in the execution environment has been made, the execution environment is created and provisioned or a pre-existing execution environment possessing the requisite privileges is identified and the remote user is logged into the server-side account. The application-specific accounts may be audited by audit trail tools that provide evidence of policy enforcement. | 01-21-2010 |
| 20100017858 | SYSTEM AND METHOD FOR AUTHENTICATING COMPONENTS IN WIRELESS HOME ENTERTAINMENT SYSTEM - Configuration information is exchanged between a home entertainment system server and various wireless components by pushing a button on the server and a random button on a remote control device as it is pointed at the devices sought to be authenticated. | 01-21-2010 |
| 20100024006 | HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT - Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a state manager that is used to identify and maintain the source associated with a client browser that submits requests to the state manager. The state manager can allow requests that are authorized and request authorization for requests that are not. The state manager can maintain the states associated with each domain to reduce the number of transaction needed to authenticate and/or authorize subsequent requests to the same domain or to different domains. | 01-28-2010 |
| 20100024007 | AFFIRMING NETWORK RELATIONSHIPS AND RESOURCE ACCESS VIA RELATED NETWORKS - A technique for providing a prediction as to whether a resource will be accessible to a user is described. The technique can involve comparing asserted membership in a wireless realm with membership records. Advantageously, a user can be made aware of the likelihood of access to a resource before attempting to reach the resource. | 01-28-2010 |
| 20100024008 | Managing Resource Allocations - Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques. | 01-28-2010 |
| 20100024009 | METHOD AND SYSTEM FOR DYNAMIC SECURITY USING AUTHENTICATION SERVER - Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring System, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network. | 01-28-2010 |
| 20100031320 | USER INDICATOR SIGNIFYING A SECURE MODE - Computer-readable media, computerized methods, and computer systems for alerting a user that an operating system has entered a secure mode is provided. Initially, inputs are received at an operating system residing in a default mode. Typically, the default mode allows applications running on the operating system to access the inputs. If the inputs are identified as a call to perform a protected operation, the operating system is transitioned from the default mode to the secure mode. Typically, the secure mode restricts the applications from intercepting the inputs. The transition to the secure mode is automatically communicated to the user via an indicator device. Generally, automatic communication includes providing a message from the operating system to the indicator device over a secure pathway that triggers the indicator device to generate a user-perceivable output. Accordingly, the operating system exerts exclusive control over the operation of the indicator device. | 02-04-2010 |
| 20100031321 | Method and system for preventing impersonation of computer system user - A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided. The method comprises receiving a first request from a user to change the user's password on a target system to be changed, sending a “change password” request for the user to the target system, storing the user's new password, receiving a second request from the target system on behalf of the user for access to a sensitive resource, wherein the second request contains information about the user's password, and denying the second request if the information about the user's password is not consistent with the user's stored new password. | 02-04-2010 |
| 20100031322 | SECURE PRINTING METHOD - A method for secure printing comprising receiving a user print request to print information from a computer terminal, wherein the computer terminal is located in a network and is assigned an internet protocol address, prompting the user for approval to instruct a designated printer to commence printing the print request, wherein the designated printer is connected to a network and is assigned an internet protocol address, determining whether the computer terminal and the designated printer are in the same network by comparing the first portion of the computer terminal's internet protocol address with the first portion of the designated printer's internet protocol address, and instructing the designated printer to commence printing if the computer terminal and the designated printer are determined to be in the same network. | 02-04-2010 |
| 20100031323 | Network Interface Device - There are methods and apparatus, including computer program products, for defining a policy including a set of rules for a packet forwarding device by receiving information sufficient to enable a first rule related to one of security or traffic management to be defined, and based on the received information, enabling a corresponding second rule related to the other one of security or traffic management to be defined. | 02-04-2010 |
| 20100031324 | APPARATUS AND METHOD FOR DYNAMIC LICENSING ACCESS TO WIRELESS NETWORK INFORMATION - An apparatus and method for dynamically licensing access to wireless network information provides multiple third parties with selective access to network device information in real-time. Information is collected in real-time from a plurality of sensing and control devices configured in a network arrangement. Information may be collected from each of the sensing and control devices regardless of the communication protocol associated with the device. The collected information is stored and aggregated by a service broker, which selectively licenses access to the information, or subsets of the information, to one or more third parties. | 02-04-2010 |
| 20100031325 | SYSTEM FOR ENABLING MULTIPLE EXECUTION ENVIRONMENTS TO SHARE A DEVICE - According to the present invention, there is provided a data processing system comprising: a dedicated physical device for access by a single client only; a shared physical device for shared access by multiple clients; a partition of a first type associated with the dedicated physical device, the first type partition comprising said single client and a first device driver for accessing the dedicated physical device; a partition of a second type associated with the shared physical device, the second type partition comprising a second device driver for accessing the shared physical device, and a back end driver for accessing the second device driver; and multiple partitions of the third type each comprising a respective one of said multiple clients and a front end driver for accessing the shared physical device via the second type partition. There is also provided a method of operating the data processing system comprising: executing a user application in the standard domain; and executing in the trusted domain, one or more predetermined operations, services and/or functions relating to the user application. | 02-04-2010 |
| 20100031326 | SYSTEM AND METHOD FOR MANAGING SUPERIOR/SUBORDINATE INTERACTIONS - A system and method for automating the creation, optimization and deployment of multimedia, interactive, mentoring communication modules (“MIPs”) is provided. Simplified interfaces allow superiors to generate MIPs and asynchronously deploy them to subordinates' mobile devices or personal computers. The completed MIP are automatically coded for optimal performance on specific mobile operating systems to which they are deployed. Automatic notifications are sent to registered subordinates upon deployment of a completed MIP. User configurable and system updatable management portals and subordinate portals are automatically generated to provide a user interface to enable mentoring interactions between the superior and subordinates. The MIPs allow custom tailoring of educational and developmental exercises. Performance of the exercises can be monitored by a superior for each of a plurality of subordinates. | 02-04-2010 |
| 20100037298 | Method and System for Protecting a Service Access Link - A method and a system for securing access to data stored in a remote content server ( | 02-11-2010 |
| 20100037299 | Method, System, And Computer Program Product For Identifying An Authorized Officer Of A Business - A method, system, and computer program product are used to identify an authorized officer of a business. In accordance with an exemplary method, titles of executives associated with the business are received from a plurality of data sources. Each executive's title may be classified as authorized, non-authorized or undecided, and each executive's title classified as undecided may be further classified as authorized or non-authorized by using information on the business. For each executive, conformance across the data sources of the executive's title classification is assessed, and each executive is classified as being an authorized officer, a non-authorized officer or a potential authorized officer based on the title classification and the assessed conformance. A measure of confidence is associated with each executive classification. | 02-11-2010 |
| 20100037300 | METHOD AND APPARATUS FOR NOTIFYING REMOTE USER INTERFACE CLIENT ABOUT EVENT OF REMOTE USER INTERFACE SERVER IN HOME NETWORK - An event notifying method includes determining whether a current home network, which is currently connected to a remote user interface server (RUIS) in a home network, is a user's home network selected by a user so as to be allowed to be notified of the event, selectively providing an event page to a remote user interface client (RUIC) selected by a user in the user's home network, and performing user authentication prior to providing the event page, thereby ensuring security of the user's private information. | 02-11-2010 |
| 20100043060 | METHOD, DEVICE, SYSTEM, TOKEN CREATING AUTHORIZED DOMAINS - This invention relates to a method ( | 02-18-2010 |
| 20100043061 | SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR PROVIDING FOR SECURE OFFLINE DATA TRANSFER BETWEEN WIRELESS SMART DEVICES - According to one aspect of the subject matter described herein, a method for registering wireless smart devices for secure offline data transfer is provided. The method includes, for an application configured to execute on a wireless smart device and that requires access to information regarding an account that does not reside on the wireless smart device, register, at a server having access to the information regarding the account, a first wireless smart device has an account owner device (AOD) for operating in an online mode for obtaining the information regarding the account from the server and for operating in an offline mode for transferring the information regarding the account to at least one additional device via a secure offline data transfer using near field communications (NFC). The method further includes registering, at the server, at least one second wireless smart device as an account sharer device (ASD) for operating in an offline mode for receiving the information regarding the account from the first wireless smart device via the secure offline data transfer using NFC. | 02-18-2010 |
| 20100050237 | GENERATING USER AND AVATAR SPECIFIC CONTENT IN A VIRTUAL WORLD - Generation of user and avatar specific content in a virtual world may include generating a local attribute object. The local attribute object may comprise attributes identifying at least one of the user's real world location and the user's avatar's virtual world location. Access to the local attribute object by virtual world operators may be controlled by the user and/or user's avatar. Specific content, based on the local attribute object, is presented to the user's avatar. | 02-25-2010 |
| 20100050238 | SYSTEM AND METHOD FOR A WPAN FIREWALL - Systems and methodologies for implementing Wireless Personal Area Network (WPAN) security are provided herein. As disclosed herein, firewall functionality can be implemented for a WPAN-capable device to control access to resources of the device over a WPAN. In one example, a WPAN protocol can be extended to include low-level access control measures that enable analysis of communication requests to and/or from a device prior to acting on the requests. As described herein, a WPAN firewall associated with a device can be configured to block, monitor, and/or log respective resource accesses to and/or from a WPAN. WPAN firewall functionality as described herein can be configured using mechanisms such as an Application Programming Interface (API) and/or a user control interface. Additionally, lateral regulation of security policies for a WPAN and one or more other networks utilized by a device can be provided. | 02-25-2010 |
| 20100050239 | AUTOMATED SERVICE PLATFORM PROSPECTING - Techniques for automated service platform prospecting are provided. A prospector process is sent out in advance to scout for potential network sites that provide computing infrastructure and computing services (platforms) to self-contained computing environments. The prospector process validates the potential network sites for use and gathers site characteristics that are used to configure the self-contained computing environments when they are to be installed and executed on those network sites. | 02-25-2010 |
| 20100050240 | WIRELESS NETWORK HAVING MULTIPLE SECURITY INTERFACES - A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session. | 02-25-2010 |
| 20100058443 | Confidential Presentations in Virtual World Infrastructure - Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture. | 03-04-2010 |
| 20100058444 | METHODS AND SYSTEMS FOR MANAGING ACCESS IN A SOFTWARE PROVISIONING ENVIRONMENT - A provisioning server can be configured to associate user actions with users that have access to perform the associated user actions. The user actions can include any user action performed within or by the provisioning server, such as configuring the provisioning server, modifying provisioning objects in the provisioning server, accessing provisioning processes by the provisioning server, and the like. The association can be based on the identity of the users or a type of user (administrator, client, guest, etc.). Once a request is received for a particular user action, the provisioning server can be configured to enable the requested action if the requested action is associated with the requesting user. | 03-04-2010 |
| 20100058445 | SERVICE SHARING AMONG IMS USERS - Systems, methods, devices and software according to these exemplary embodiments provide techniques for sharing services among IMS users. An unsubscribed service, e.g., provided by another operator, can be accessed upon request and verification of authorization with an existing subscriber of that service. | 03-04-2010 |
| 20100058446 | INTERNET MONITORING SYSTEM - A method and apparatus support defining user monitoring and restriction parameters; restricting usage in accordance with the restriction parameters; and reporting usage. More specifically, access to web sites is blocked if listed as a blocked site or if usage of a web site or web site category has exceeded a specified daily limit. The system specifically supports generation of displays to allow an administrator to select usage by web site or category in relation to the day of the week. Further, the administrator can define categories by specific web addresses and can specify search terms and associated blocking logic. | 03-04-2010 |
| 20100058447 | SERVICE AUTHORIZATION METHOD, SERVER, AND SYSTEM - The present invention relates to the field of communications, and provides a service authorization method, server, and system. The method includes the following steps. A request for using a service is received from a user terminal, and if the user terminal has not registered the requested service yet, a registration of the user terminal is performed automatically. If the registration is successful, the user terminal is allowed to use the requested service. A license control is performed during the registration of the user terminal. Through the method, server, and system provided by the present invention, users may subscribe to services more conveniently, thus reducing the capital expenditure of operators. | 03-04-2010 |
| 20100064347 | METHODS AND SYSTEMS FOR PROTECT AGENTS USING DISTRIBUTED LIGHTWEIGHT FINGERPRINTS - The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization's secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided. In one embodiment, a combined approach, utilizing both the local lightweight fingerprint database and a remote fingerprint server comprising registered fingerprints is used to achieve overall protection of the organization's secure information. | 03-11-2010 |
| 20100064348 | APPARATUS AND METHOD FOR MANAGING ACCESS AMONG DEVICES - Provided are an apparatus, system composed of apparatuses in a chassis, and a method for managing access among a plurality of devices accommodated in a chassis. Setting information by the user on access between a first management unit including at least one device of said plurality of devices and a second management unit including at least one device of said plurality of devices is accepted. The first attribute information is acquired designating at least any one of an instruction issuing function and an instruction receiving function among the functions of said first management unit and the second attribute information designating at least any one of the instruction issuing function and the instruction receiving function among the functions of said second management unit. A determination is made as to whether or not said setting information is consistent with a combination of said first attribute information and said second attribute information. Information is outputted based on a determination result of the determination. | 03-11-2010 |
| 20100064349 | SECURE TRANSMISSION AND EXCHANGE OF STANDARDIZED DATA - Standardized transmission of digital data with trusted and untrusted connections by translating non-native requests and or non-native responses to and from a normalized format or to a format needed for processing the request and or response configured in hub and spoke, star, direct, peer to peer or hybrid connections. Encryption is provided at multiple layers to establish non-repudiation for a security service that integrates external security applications into a single service. | 03-11-2010 |
| 20100064350 | Apparatus and Method for Secure Affinity Group Management - Disclosed is a method for security management in a station. In the method, a pre-registered credential is received. The pre-registered credential has been associated with a network group by a registration entity. The station is established as a member of the network group based on the received pre-registered credential thereby effecting access rights with other member stations participating in the network group. | 03-11-2010 |
| 20100064351 | Universal Plug and Play Extender - The present invention relates to a solution for providing access to services and media content located in a local area network, e.g. a home network, via a web interface controlled by a universal plug and play (UPnP) control point device. The UPnP device is arranged to discover the services and media content available in the local area network and present this on the web interface for access from a public area network. The UPnP device may further be arranged to authenticate the user in order to secure the content and services from unauthorized access. | 03-11-2010 |
| 20100064352 | MIXED ENCLAVE OPERATION IN A COMPUTER NETWORK - A method is disclosed for mixed enclave operation of a computer network with users employing a multi-level network security interface and users without any network security interface. Either the network security user selects or the network security interface automatically selects whether communications are permissible with other unsecured users. Where a mixed enclave operation is selected, the network security user identifies when communications are being undertaken with another secured user or a non-secured user. Communications with a non-secured user at a lower security level entail securing the data residing with the secured user from transmission back to the non-secured user. | 03-11-2010 |
| 20100071034 | SYSTEM FOR PREVENTING UNAUTHORIZED ACQUISITION OF INFORMATION AND METHOD THEREOF - A system including a server apparatus executes an application program and a client apparatus enabling a user to utilize the application program by communicating with the server apparatus based on an instruction of the user. The server apparatus includes: an output detection section for detecting output-processing which is processing of outputting data from the application program into a shared area; and an output control section for storing instruction information in the shares area, instead of storing the output data outputted from the application program therein, in response to the detection of the output-processing, the instruction information specifying an acquisition method by which an authorized client apparatus acquires the output data. The client apparatus includes: a reading detection section for detecting reading-processing which is processing of reading data from the shared area; and a reading control section which reads the instruction information from the shared area in response to the detection of the reading-processing, and which acquires the output data by the acquisition method specified by the instruction information. | 03-18-2010 |
| 20100071035 | METHODS AND SYSTEMS FOR SECURELY MANAGING VIRTUALIZATION PLATFORM - Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients. | 03-18-2010 |
| 20100071036 | METHOD AND APPARATUS FOR REDISTRIBUTION SYSTEM - A method and apparatus for distributing at least one of documents or data to their respective owners. The method comprising receiving at least one of the documents or the data from users, associating the at least one of the documents or the data with users' login, wherein the users are owners of their respective at least one documents or data, and simultaneously scheduling the distribution of the at least one of the documents or the data to their respective owners. | 03-18-2010 |
| 20100071037 | SYSTEM FOR RESTRICTING CONTENT ACCESS AND STORAGE - UIMID of a UIM | 03-18-2010 |
| 20100077456 | OPERATOR DEVICE PROFILES IN A SURVEILLANCE SYSTEM - The present invention provides systems and methods for allowing an administrator to create device profiles, and map specific device profiles to specific operators. The system comprises a surveillance device to record an event, an administrator station for receiving a data stream corresponding to the event and for assigning the data stream to a device profile based on a plurality of attributes in the metadata of the stream, and a broadcast engine for mapping the data stream alongside a plurality of data streams within the device profile to an operator station. The method comprises recording an event within a secure area via a surveillance device, generating a data stream corresponding to the recorded event, applying a plurality of attributes for the data stream, transmitting the data stream to an administrator station, assigning the data stream to a device profile based in part on the plurality of attributes for the data stream, and mapping the data stream along with a plurality of data streams within the device profile to an operator station over a network. | 03-25-2010 |
| 20100077457 | METHOD AND SYSTEM FOR SESSION MANAGEMENT IN AN AUTHENTICATION ENVIRONMENT - A method for authentication. The method includes receiving a re-directed access request for a resource associated with a second authentication level, where a user has requested, the user is associated with a session, and the session associated with a first authentication level. The method further includes identifying a second authentication context using the second authentication level, generating an authentication request using the second authentication context, and sending the authentication request to an identity provider. In response the identity provider identifies an authentication scheme corresponding to the second authentication context, obtains authentication information from the user, authenticates the user using the authentication information, and generates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme. The method further includes receiving the assertion, associating the session with the second authentication level to generate an upgraded session to the user access to the resource. | 03-25-2010 |
| 20100077458 | Apparatus, System, and Method for Responsibility-Based Data Management - An apparatus, system, and method are disclosed for responsibility-based data management. In one embodiment, the method may include the steps of: (i) receiving, from a network participant, a request to access an information set; (ii) setting a permission indicator in response to a determination that the network participant is associated with a group dissemination attribute that authorizes the network participant to access the information set; (iii) modifying the permission indicator in response to a determination that an exception rule modifies the group dissemination attribute; (iv) setting the permission indicator in response to a determination that the network participant is associated with a system position attribute that authorizes the network participant to access the information set; and (v) providing access to the information set in response to a determination that the permission indicator authorizes the network participant to access the information set. | 03-25-2010 |
| 20100077459 | Network Attachment for IMS Systems for Legacy CS UE with Home Node B Access - A system and method for allowing legacy circuit switch user equipment (CS UE) to operate via a packet switch system, such as an IP Multimedia Subsystem (IMS) system, is provided. The mobility and session control aspects of communications with the legacy CS UE is separated. A user agent is placed in the receiving node (e.g., a home node B) that acts as the SIP agent for the CS UE for session control. An interworking function is provided to allow mobility between the macro CS network and the PS (e.g., IMS) network. Hand-back and hand-in procedures with service continuity are also provided. | 03-25-2010 |
| 20100083351 | ACCESS CONTROL TO CONTENT PUBLISHED BY A HOST - Methods and systems for providing easy access to information and sharing are provided. Embodiments of the present invention enable a host to grant access to published content to one or more users in a manner in which the user(s) can scan small portions of information to decide which information is desired. The embodiments described herein enable, for example, a user to see a library of content that is larger than the storage capacity of the computing unit used by the user. The sharing of information is also secured through the use of auto-lock keys and the creation of abstract identities for the host and each user. | 04-01-2010 |
| 20100083352 | REMOTE ACCESS SYSTEM AND METHOD AND INTELLIGENT AGENT THEREFOR - The invention relates to remote access systems and methods using automatic speech recognition to access a computer system. The invention also relates to an intelligent agent resident on the computer system for facilitating remote access to, and receipt of, information on the computer system through speech recognition or text-to-speech read-back. The remote access systems and methods can be used by a user of the computer system while traveling. The user can dial into a server system which is configured to interact with the user by automatic speech recognition and text-to-speech conversion. The server system establishes a connection to an intelligent agent running on the user's remotely located computer system by packet communication over a public network. The intelligent agent sources information on the user's computer system or a network accessible to the computer system, processes the information and transmits it to the server system over the public network. The server system converts the information into speech signals and transmits the speech signals to a telephone operated by the user. | 04-01-2010 |
| 20100088749 | SYSTEM AND METHOD FOR PERSONAL AUTHENTICATION USING ANONYMOUS DEVICES - A system and method for providing personal authentication is provided. The method comprises the steps of prompting a user of an electronic communication device to provide transaction or session input; establishing a session if the transaction or session input is valid; requesting electronic communication device to establish communication with one or more identity modules and one or more anonymous devices in the vicinity, if the electronic communication device is authorized; interrogating one or more identity modules and one or more anonymous device via electronic communication device and authentication server, after the communication is established between the electronic communication device, one or more identity modules and one or more anonymous devices; and activating the electronic communication device if the one or more identity modules and one or more anonymous devices are authenticated by the authentication server. | 04-08-2010 |
| 20100088750 | TERMINAL APPARATUS, SERVER AND SYSTEM THEREOF - A terminal apparatus is provided which can guarantee operation of a use condition bytecode while securing the degree of freedom for a service provider generating the use condition bytecode. A terminal apparatus ( | 04-08-2010 |
| 20100095353 | SYSTEM AND METHOD FOR CONTENT ACCESS CONTROL - A system and method for managing access to content is provided. One example embodiment provides for a method including acts of identifying a filter of content based at least in part on the preferences a user and a subject presented in the content and presenting the content using the filter to the user. Another example embodiment provides for a system that includes a controller configured to identify a filter of content based on preferences of a user, to present content using the identified filter and to update the preferences of the user based on feedback from the user and the subjects presented in the content. | 04-15-2010 |
| 20100095354 | SECURE ACCESS OF ELECTRONIC DOCUMENTS AND DATA FROM CLIENT TERMINAL - An improved approach for secure access of electronic documents and data is provided. | 04-15-2010 |
| 20100095355 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - According to the present invention, a workflow desired by a user can be easily implemented without making any change or installing any application program in an image processing apparatus. An information processing apparatus includes a generation unit which generates setting information of a button related to execution of a work item, which is included in a screen displayed on an image processing apparatus according to a user, based on an activity corresponding to the work item and information of a user, who can execute the work item, acquired based on a role allocated to the work item, when the work item is generated that represents a work executed by a person in charge in an activity which is a work unit of a workflow executed in the image processing apparatus; and a transmission unit which transmits the setting information generated in the generation unit to the image processing apparatus. | 04-15-2010 |
| 20100095356 | SYSTEM AND METHOD FOR SETTING UP SECURITY FOR CONTROLLED DEVICE BY CONTROL POINT IN A HOME NETWORK - A system and method for setting up security of a controlled device by a control point in a home network are provided, in which authority to perform a function intended by a user is acquired through authentication between the control point and the controlled device, a security channel is created for performing the function, and a credential setting used by the user is synchronized among controlled devices in the home network. | 04-15-2010 |
| 20100100938 | METHOD AND APPARATUS FOR MANAGING SERVICE LISTS - A method and apparatus for managing service lists receives a service list and a security layer identifier at a device. The service list comprises at least two service identifiers. The method and apparatus determines whether the security layer is authorized for the device, and, for each service identified in the service list, when the security layer is authorized for the device the method and apparatus acquires each service in the service list that is not already installed in the device and enables each service in the service list that is not already enabled in the device. | 04-22-2010 |
| 20100100939 | SECURE MOBILE PLATFORM SYSTEM - The present invention is directed toward a secure platform which enables mobile devices, such as a cell phones, smartphones, or PDAs, to have relationships with services or service providers that are controlled by the state of security on each device. In an embodiment, the platform is comprised of a server that receives data from security software on a mobile device regarding the device's security state. The platform enables access to a service to be granted, denied, or limited based on the security state of the mobile device. The platform may provide two-way communications between a mobile device and a service so that the platform can enforce access security both from the client to the service and from the service to the client. Furthermore, the platform allows services or service providers to evaluate the security state of a device independently of using the platform to communicate with the device. | 04-22-2010 |
| 20100100940 | System and Method for Supporting Multiple Identities for a Secure Identity Device - A multiple-identity secure device (MISD) persistently stores a single identification code (a “seed identity”). The seed identity need not be a network address, and may be stored in an integral memory of the device, or on an interchangeable card received in a physical interface of the MISD. The MISD is provided with a transformation engine, in hardware or software form, that is subsequently used to generate one or more unique identities (e.g., network addresses) from the stored seed identity using predefined logic. The generated identities may be dynamically generated, e.g., in real-time as needed after deployment of a device into possession of a subscriber/customer/user, etc., or may be securely stored in the MISD for subsequent retrieval. The transformation engine may generate a unique identity in accordance with an addressing scheme identified as a default setting, a global/network setting, or as determined from a received data transmission. | 04-22-2010 |
| 20100100941 | CONTEXT-AWARE ROLE-BASED ACCESS CONTROL SYSTEM AND CONTROL METHOD THEREOF - A context-aware role-based access control system and a control method thereof. The context-aware role-based access control system includes: a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user, based on a preset context request condition; a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user; an information repository for storing a user profile and context information; and an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request. Accordingly, more efficient access control can be achieved in ubiquitous environments where the context of the user dynamically changes. | 04-22-2010 |
| 20100100942 | System and Method for Exchanging Information Regarding Financial Markets in a Moderated Environment - A method and system for exchanging information regarding financial markets in a moderated environment are disclosed. According to one embodiment, a computer-implemented method comprises granting an administrator access to a collaborative interface, wherein the collaborative interface is one for a financial group that accepts posts from registered group members and distributes posts to the registered group members upon submission of new posts, and wherein the administrator approves the distribution of each new post. One or more clients are granted access to the collaborative interface, wherein the administrator identifies a permission level for each client. Posts are received from the administrator or a client of the one or more additional clients, approval is received from the administrator to display the post, and the post is displayed. | 04-22-2010 |
| 20100100943 | Permissions using a Namespace - Permissions using a namespace is described. In an embodiment, a namespace system includes a network resource that has a resource permission, and includes a namespace that has one or more members associated with the namespace. The namespace system also includes a namespace permission to permission the network resource to one or more of the members of the namespace. | 04-22-2010 |
| 20100100944 | METHOD AND SYSTEM FOR FILTERING UNAUTHORIZED ELECTRONIC MAIL MESSAGES - A computer system and method for filtering unauthorized electronic mail messages that are sent by senders to a user. The system includes a list of the identifications of the senders who are authorized to send an electronic mail message to the user. When an electronic mail message is received, the system determines whether the sender of the electronic mail message is authorized by determining whether the identification of sender in the electronic mail message is in the list of the identifications of the senders who are authorized. When the sender of the electronic mail message is determined to be authorized, the system stores the electronic mail message in an Inbox folder. When the sender of the electronic mail message is determined to be not authorized, the system stores the electronic mail message in a Junk Mail folder. In this way, the electronic mail messages are automatically stored in the appropriate folder based on whether the sender is authorized so that the user can view the Inbox folder containing the electronic mail messages sent by authorized senders separately from the Junk Mail folder containing the electronic mail messages sent by unauthorized senders. | 04-22-2010 |
| 20100107225 | REMOTE SERVICE ACCESS SYSTEM AND METHOD - A wireless service access system and method are disclosed. One aspect of the disclosed system provides a remote device wireless access to one or more services over a communication network, the system comprising a network access module adapted for communicating wirelessly with the remote device and for receiving therefrom identifying data; and a service access module, communicatively linked to the network access module, for authenticating the remote device based on the identifying data and authorizing access to the one or more services thereto via the network access module. | 04-29-2010 |
| 20100107226 | System and Methods for Providing Presence Services In IP Network - A system and methods are shown for providing presence state services in an Internet Protocol network. One exemplary system includes a central presence element configured to track and provide user presence state information, and a local presence element in communication with the central presence element and further in communication with a signaling entity. According to one embodiment, the local presence element is configured to create and manage local presence state authorization data generated based on user presence state information being received from the central presence element. Further, the local presence element is configured to authorize a user service request using the local presence authorization data before providing access to a service requested by the user in the user service request. | 04-29-2010 |
| 20100115588 | Prevent Unauthorised Subscriber Access Advertisement Service System - The present invent ion relates to a mobile advertisement system ( | 05-06-2010 |
| 20100115589 | Apparatus for determining facsimile transmission authorizer and facsimile machine having the apparatus - In a facsimile machine having the function of authorization by the authorizer, an authorizer determining apparatus that can alleviate workload on the authorizers is provided, and a facsimile machine having such an authorizer determining apparatus is also provided. The authorizer determining apparatus for the facsimile machine includes a candidate selecting unit selecting, based on a sum of condition values of a plurality of attributes (such as sender, destination, and format of document to be transmitted) selected in advance for a facsimile transmission, a set of authorizer candidates consisting of possible authorizers having condition values not smaller than the sum, and an authorizer determining unit for determining an authorizer candidate having the lowest condition value among the set of authorizer candidates. | 05-06-2010 |
| 20100115590 | All Hazards Information Distribution Method and System, and Method of Maintaining Privacy of Distributed All-Hazards Information - An information distribution method includes: gathering all-hazards information into an information exchange from a first information source; gathering all-hazards information into the information exchange from a second information source; distributing the all-hazards information from the information exchange to a first independently-controlled alert network; distributing the all-hazards information from the information exchange to a second independently-controlled alert network. | 05-06-2010 |
| 20100122322 | METHOD FOR ADMISSION CONTROL OF MULTIPLE SERVICE FLOWS PAGING IN MOBILE PACKET DOMAIN - A method for paging admission control for multi-service flows in a mobile packet domain is provided and comprises steps of when authentication of a mobile station accessing a connectivity service network through an access service network succeeds, assigning a service flow paging strategy for a downlink service flow of the mobile station, and sending the service flow paging strategy to the access service network; receiving, by the access service network, downlink data of a mobile station in IDLE state from a home agent, searching for a downlink service flow to which the downlink data belong, and judging whether the service flow admits paging according to the service flow paging strategy, and if yes, initiating a paging flow triggered by the downlink data. | 05-13-2010 |
| 20100125893 | TECHNIQUES FOR ENFORCING ACCESS RIGHTS DURING DIRECTORY ACCESS - Techniques for enforcing access rights during directory access are presented. Access rights are maintained at the container level of a directory tree for container objects within a cache. When security is set for a requester of a target, the container object cache is directly accessed along with rights assigned to the target and the security is calculated and then set against the requester. | 05-20-2010 |
| 20100125894 | SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS THAT FACILITATE REMOTE ACCESS OF DEVICES IN A SUBSCRIBER NETWORK - Systems, methods and computer program products facilitate remote access to devices in a private subscriber network by subscriber-selected delegates. A request is received by a service provider from a delegate to access one or more devices in a private subscriber network. The service provider verifies whether the delegate is authorized by the subscriber to access the device, and displays device access information to the delegate in accordance with an access policy established for the delegate by the subscriber. The device access information includes an address to a web server associated with each device. The web server address comprises an IP address for the subscriber network and a port number associated with each device. The device access information includes login information for the device web server, such as a user ID and password, or SSO token. | 05-20-2010 |
| 20100125895 | DOMAIN BASED AUTHENTICATION SCHEME - In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application. | 05-20-2010 |
| 20100132016 | METHODS AND SYSTEMS FOR SECURING APPLIANCES FOR USE IN A CLOUD COMPUTING ENVIRONMENT - An originator of an appliance can independently secure the appliance for instantiation in the cloud, separate from the security level of the cloud. The originator can secure the appliance utilizing a secure rights application. The secure rights application can be configured to “wrap” an appliance in a security container. The security container can limit access to the applications and operating systems contained in the appliance, but allow the appliance to operate normally once instantiated in the cloud. The secure rights application can be configured to cryptographically secure the appliance in order limit the ability of unauthorized parties from accessing the components of the appliance while maintaining the functionality of the appliance. | 05-27-2010 |
| 20100138900 | REMOTE ACCESS OF PROTECTED INTERNET PROTOCOL (IP)-BASED CONTENT OVER AN IP MULTIMEDIA SUBSYSTEM (IMS)-BASED NETWORK - A service control method, device and system for allowing secure, remote access of protected IP-based content delivered over an IMS-based network to one or more devices within a home network. The method involves a remote access device transmitting a remote access request to a service control application in the IMS-based network, the service control application authorizing the remote access request based on a number of criteria, and forwarding the remote access request to the home network. The forwarded remote access request includes information that allows protected content requested by the remote access request to be transmitted from a home network device in the home network to the remote access device upon appropriate verification of the remote access device by the home network device using home network device DRM schemes. Remote access of the protected content can be allowed by relaxing proximity restriction requirements of the home network. | 06-03-2010 |
| 20100138901 | Managing Online Shop Using Instant Messaging System - A method and a system for managing an online shop use an instant messaging system to allow an auxiliary account to log in and manage an online shop of a primary account user. The primary account user creates an online shop in an online shop server, and associates itself with one or more auxiliary accounts in an instant messaging system. Upon authorization by primary account user to allow an auxiliary account to manage the online shop, the system records an authorization relation between the auxiliary account and the primary account. The authorization relation may be recorded in the instant messaging system. Based on the recorded authorization relation, the system allows a user of the authorized auxiliary account to manage the online shop system through the instant messaging system. An instant messaging server serving for this purpose is also disclosed. | 06-03-2010 |
| 20100138902 | STANDING ORDER DATABASE SEARCH SYSTEM AND METHOD FOR INTERNET AND INTRANET APPLICATION - An internet and/or intranet based database search system and method for conducting searches of highly confidential records such as individual patient medical records and to automate the process of securing required approvals to make such records available to a properly authorized and authenticated requesting party. The system's central premise is that the patient has a fundamental right to the confidentiality of their personal medical records and should control that right through specific, informed consent each time that a party requests to receive them. It reinforces the widely held conception of privacy in general as well as of the sanctity of the doctor/patient relationship by granting the doctor the right, subject to the patient's express permission, to initiate a search request. At the same time, it provides an expedited and cost-efficient means for transfer of such records as demanded by many healthcare reform proposals and gives the repositories where these records are held the right to stipulate the specific terms and conditions that must be fulfilled before they will release documents entrusted to their care, thereby substantially reducing the risk of litigation alleging breaches of patient confidentiality. And it carries out all of these legitimate interests in a way that is fast, simple to use and easy to audit. The system optionally includes a billing mechanism to pay for any added cost associated with providing this additional protection; and in its preferred embodiment, is applicable to both digital as well as non-digital records. | 06-03-2010 |
| 20100146592 | SYSTEMS AND METHODS FOR PROVIDING SESSION CONTINUITY ACROSS A CHASSIS MANAGEMENT CONTROLLER FAILOVER - A method for maintaining a continuous authenticated session in an information handling system including first and second chassis management controllers (CMCs) is provided. The first CMC receives user authentication information from a user, authenticates the user for a communication session based on the received user authentication information, generates session information regarding the communication session based at least on the received user authentication information, and stores the session information in memory accessible to the second CMC. Upon a failover from the first CMC to the second CMC, the second CMC automatically accesses the session information from the memory and uses the accessed session information to continue the communication session. | 06-10-2010 |
| 20100146593 | Secure Document Management - A method for providing secure document management includes receiving a document from a user having an associated security access profile and generating a security label to be stored as an attribute of the document. The security label includes a clearance component selected from an authorized subset of clearance components that are determined based on the security access profile associated with the user, and also includes one or more secondary security components selected from an authorized subset of secondary security components that are determined based on the clearance component of the security label and the security access profile associated with the user. The method includes storing the document in a document repository storing a plurality of documents each having an associated security label, and determining whether a third-party user is authorized to access the document based on a comparison of a security access profile of the third-party user and the security label associated with the document. | 06-10-2010 |
| 20100146594 | DATA NAVIGATION USING SET OF AUTHORISED FORUMS THROUGH INTERNET - The present method relates to navigating data via a set of authorized forums. The method includes authenticating the website using an identifying module by a user. Further, the method includes viewing one of a set of authorized forum from the displayed set of authorized forums by the authenticated user. Furthermore, the method includes selecting one of the authorized forums by navigating the website by the authenticated user. | 06-10-2010 |
| 20100146595 | NETWORKING COMPUTERS ACCESS CONTROL SYSTEM AND METHOD - A method, system, and device for controlling access for networking computers or devices, including a controller ( | 06-10-2010 |
| 20100146596 | Method And A Device For Improved Service Authorization | 06-10-2010 |
| 20100146597 | CONTENTS RETRIEVAL SYSTEM AND CONTENTS RETRIEVAL METHOD - In a contents retrieval system, when a publisher terminal uploads shared contents to a shared server, the shared server stores the shared contents in a contents area of a contents database, a partial data formation section forms partial data specifying the shared contents and stores the formed partial data in a partial data area, and a URL generation section forms a URL linked to the shared contents and stores the URL in a URL area. When the contents retrieval section receives partial data from the retriever terminal, it collates the received partial data with the partial data in partial data area of the contents database. When the partial data is found, the contents retrieval section replies a URL of the corresponding shared contents to the retriever terminal. | 06-10-2010 |
| 20100146598 | Method, System and Apparatus for Processing Rights - A method for processing rights granted to an operator of a device or a group of devices using a rights object, wherein the method comprises at least the steps of receiving a rights object from the computer of a third party, generating at least one derived rights object based on the rights object received from the computer of the third party, and forwarding the at least one derived rights object to the device or individual devices from the group of devices. A system is provided which operates in accordance with the method. An apparatus that performs the method is also provided. | 06-10-2010 |
| 20100154034 | CREATING METHOD, INFORMATION INTRODUCING SYSTEM, CREATING APPARATUS, COMPUTER PROGRAM, AND RECORDING MEDIUM - There are provided a method and others capable of appropriately protecting literary works without requiring any operation by a web site administrator or a user. A web server transmits a content, copyright information on the content, and execution information for introducing the content to a creation device. The creation device receives the transmitted content, copyright information, and execution information. When the content is introduced in association with the transmitted execution information, the creation device extracts the copyright information on the transmitted content and transmits the address of the content and the extracted copyright information to a creation program for creating a web page. | 06-17-2010 |
| 20100154035 | Personalized Interaction Using Codes - A method and nodes adapted to provide personalized multimedia services for users having registered a media player ( | 06-17-2010 |
| 20100154036 | SYSTEM AND METHOD FOR ENCAPSULATION OF APPLICATION ASPECTS WITHIN AN APPLICATION INFORMATION DATA FORMAT MESSAGE - A method and system for processing a data request from a watcher for a target at a server, the method receiving a request for information; searching through a policy for rules to be applied based on the watcher; applying any rules found by the searching, the rule causing a transformation of the information into at least one aspect interpretable by the watcher, the applying utilizing a presence information data format transformation; and returning the at least one aspect incorporated in a presence information data format. | 06-17-2010 |
| 20100162363 | INTEGRATED SERVICE IDENTITY FOR DIFFERENT TYPES OF INFORMATION EXCHANGE SERVICES - A service provisioning method includes providing a differentiated set of information exchange services to a user. In some embodiments, differentiation between or among the provided services may include differentiated access networks, differentiated physical network layers, and/or differentiated service providers. An integrated service identity may be generated and/or maintained by the service provider(s) or by a third party. The integrated services identity may enable the user to define preference settings applicable to the information exchange services, to process billable events and activity and to issue integrated statements encompassing all of the information exchange services provided to the user, and enabling the user to access customer support services for any of the information exchange services and further enabling the logging of all customer support activities to the integrated service identity. | 06-24-2010 |
| 20100162364 | HIERARCHICAL STRUCTURE OF A NOTIFICATION SYSTEM INCLUDING RIGHTS BASED ON ROLES - A method for determining access privileges for transmitting mass notifications, is disclosed. The method includes storing information regarding user-level access privileges of a group to transmit a notification. The user group includes a user that inherits the user-level access privileges of the user group. The method also includes storing information regarding administrator-level access privileges of an administrator group, and permitting access to transmit the notification by the user based on the user's access privileges, the at least one notification, and the at least one recipient. The administrator group includes an administrator that inherits the administrator-level access privileges. The administration module is configurable by the administrator based on the administrator's access privileges. A system for determining access privileges for transmitting mass notifications is also provided. | 06-24-2010 |
| 20100162365 | Internet-Based Group Website Technology for Content Management and Exchange (System and Methods) - Internet Based System and Methods for implementing a Group Website Technology Platform for Content Management and Exchange by providing institutions with the means for allowing: A) The Creation of the Educational Group (any group) composed by: A1) A Community Website for Professors (Teachers)/Projects/Education Officials, A2) A Community Website for Students, A3) Individual Website for Professors/Projects/Students. B) The Communication within the Educational Group: B1) Among entity websites (Community, Professors, Projects and Students), B2) To electronic mail via e-mail devices and/or text-messaging devices. These entity websites are independent Content Management Systems (CMS) reachable by their own domain names and/or any search engine. Each CMS includes their own security system, user-defined and predefined pages for forums, blogs, video libraries, marketplace, professional profiles, etc. Each CMS is connected to the Educational Group (GCMS) allowing the Management and Exchange of Content within the Group and among groups. | 06-24-2010 |
| 20100162366 | APPARATUS AND METHOD OF PROTECTING PRIVATE INFORMATION IN DISTRIBUTED NETWORK - Disclosed are methods and apparatus to protect private information in a distributed network. In the distributed network, a service request terminal may receive, from a service providing terminal, trust information related to a level of trust of the service providing terminal with respect to a desired service. Also, the service request terminal may verify whether to be provided with the desired service from the service providing terminal based on the trust information, thereby preventing private information of the service request terminal from being leaked. In addition, the service request terminal may easily verify the identity of the service providing terminal when the service request terminal re-visits the service providing terminal. | 06-24-2010 |
| 20100162367 | PERSONAL CONTENT SERVER APPARATUS AND METHODS - Personal content server apparatus and associated methods that allow a user (e.g., cable or satellite network subscriber) to access content, such as a video program, from a location outside the subscriber's network. In one embodiment, a personal content server streams the content to the subscriber over a network connection from the local e.g., (subscription) network to a remote network upon authorization by a content manager process. Various access, business or operational rules are applied depending on the content and delivery mode; e.g., to live video broadcast, video-on-demand (VOD), or archived content from the subscriber's digital video recorder (DVR) or networked PVR. Secondary content (e.g., promotions, advertisements, etc.) can also be selectively replaced if desired in order to make the remotely delivered content more appropriate to the remote user's context. | 06-24-2010 |
| 20100169954 | Wireless Access System and Wireless Access Method - A policy control device ( | 07-01-2010 |
| 20100169955 | METHOD, APPARATUS AND COMPUTER PROGRAM - A method, and apparatus and computer program for enabling the method, the method comprising: detecting a user input at a first apparatus and, in response to the detection of the user input, selecting content wherein the content is stored at a remote server; establishing a communication link with a second apparatus wherein the second apparatus is different from the first apparatus; transmitting information indicative of the location of the selected stored content over the established communication link to the second apparatus; receiving identification information from the second apparatus over the established communication link wherein the identification information enables at least the user of the second apparatus to be identified; and transmitting information to the remote server to enable a user associated with the received identification information to access the selected stored content. | 07-01-2010 |
| 20100175111 | Computer-Implemented Method for Obtaining a Minimum Biclique Cover in a Bipartite Dataset - A method includes providing a bipartite graph having vertices of a first type, vertices of a second type, and a plurality of edges, wherein each edge joins a vertex of the first type with a vertex of the second type. A unipartite edge dual graph is generated from the bipartite graph, and a minimum clique partition of the edge dual graph is recursively determined. A biclique is then created in the bipartite graph corresponding to each clique in the minimum clique partition of the edge dual graph. | 07-08-2010 |
| 20100175112 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCTS FOR ENABLING TRUSTED ACCESS TO INFORMATION IN A DIVERSE SERVICE ENVIRONMENT - A system, method, and computer program product for enabling mediated access to information controlled by one or more information repositories by one or more application service providers. The information controlled by the one or more information repositories is associated with one or more subscribers of information-based services offered by the one or more application service providers. | 07-08-2010 |
| 20100180321 | SECURITY SYSTEM AND METHOD FOR SECURING THE INTEGRITY OF AT LEAST ONE ARRANGEMENT COMPRISING MULTIPLE DEVICES - In order to provide a security system ( | 07-15-2010 |
| 20100180322 | SYSTEM AND METHOD FOR FLOATING PORT CONFIGURATION - A system and method automatically configures the interfaces of an intermediate network device. A discovery process operating at the device detects the identity or type of network entities actually coupled to the device's interfaces. Utilizing the identity or type of detected entities, a look-up is performed to obtain a configuration macro specially defined for each detected network entity. The retrieved configuration macros are executed and applied at the respective interfaces. During operation, the intermediate network device continues to monitor the identity and type of entities actually coupled to its interfaces. If a change is detected, such as an entity moving from a first to a second interface, the specially defined configuration macro for that entity floats from the first to the second interface where it is executed and applied. | 07-15-2010 |
| 20100186067 | Methods for Secure Data Distribution - A method for secure distribution of data in an interchange network, comprises having a network in which data records stored on at least one computer; and including an authorization service, where the authorization service grants a contractor access to at least a portion of the data records; and a watermarking module that adds one or more artificial records to said portion. The artificial records cannot be distinguished from the data records by the contractor and are valid for processing in the same way as the data records. | 07-22-2010 |
| 20100186068 | COMMUNICATION APPARATUS, COMMUNICATION CONTROL METHOD, AND PROGRAM - When a process ( | 07-22-2010 |
| 20100186069 | METHOD AND DEVICE FOR AUTHENTICATION AND AUTHORIZATION CHECKING ON LBS IN WIMAX NETWORK - A device for performing authentication and authorization checking on Location-based service (LBS) in Wimax network comprises a location assessment module (LA) adapted to performing location assessment, a location coordination and control module (LC) adapted to initiate LBS assessment, location calculation; a memory included in AAA and adapted to store LBS subscription information; an authentication processing module included in AAA and responsible for LBS authentication; an authorization list memory included in LS; and an authorization checking module included in LS and responsible for authorization checking on MO MS. Present invention provides a method for authentication and authorization checking on LBS in Wimax network. This strengthens security for LBS in Wimax network, protects privacy right of subscribers to LBS, and fills up the blankness in the current Wimax standards. | 07-22-2010 |
| 20100192202 | System and Method for Implementing a Secured and Centrally Managed Virtual IP Network Over an IP Network Infrastructure - A method and system for establishing secure IP communication, through a virtual IP network, between at least first and second nodes comprise an access manager for validating a communication request, initiated by one of the at least first and second nodes, for communication between the at least first and second nodes. The access manager further grants at least one unique identifier to each of the at least first and second nodes upon successful validation. A channel provides for secure IP communication between the at least first and second nodes through the virtual IP network using their respective at least one unique identifier. | 07-29-2010 |
| 20100192203 | CONTENT DISTRIBUTION WITH INHERENT USER-ORIENTED AUTHORIZATION VERIFICATION - The invention relates to a method for verifying the use authorization of an access to a communications service ( | 07-29-2010 |
| 20100192204 | Application Identity Design - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. | 07-29-2010 |
| 20100199329 | ROUTER CONFIGURATION DEVICE DERIVATION USING MULTIPLE CONFIGURATION DEVICES - Systems and methods for managing router configuration devices in a secure data communication network are described herein. An illustrative system includes a plurality of programmed external configuration devices and a configuration device programmer. Each programmed external configuration device contains at least a portion of a definition of a secure data path between a first router and a second router. Each programmed external configuration device can be detachably coupled to a first router to create a secure data path between the first router and a second router. The configuration device programmer writes a secure data path definition into a selected external configuration device if a predetermined number of programmed external configuration devices are coupled to the configuration device programmer. | 08-05-2010 |
| 20100199330 | METHOD FOR PROVIDING SUBSCRIPTIONS TO PACKET-SWITCHED NETWORKS - Method for providing a subscription to an IP-based Multimedia Subsystem (IMS) for a first client of a packet-switched network is provided. The first client is identified by the same MSISDN number as a second, mobile client of a circuit-switched network. The method comprises the following steps: a) sending, by the first client, a register request to an IMS Server via the packet-switched network, b) sending, by the IMS server, a location query request to a register for the IMS user identities (HSS), c) requesting, by the register for the IMS user identities (HSS), the user subscription information of the circuit-switched network from the register for the circuit-switched network (HLR), d) sending, by the register for the circuit-switched network (HLR), to the register for the IMS user identities, the user subscription information of the second client, e) creating, by the register for the IMS user identities (HSS), a user IMS subscription information based on user subscription information of the second client. | 08-05-2010 |
| 20100199331 | User profile or user account association with multiple computers - A method of switching a network access configuration associated with a first electronic system to a second electronic system via a network is described. The first electronic system is inoperable. The second electronic system replaces the first electronic system such that a user seamlessly transitions from the first electronic system to the second electronic system. The user continues to access the network resources using the second electronic system rather than the first electronic system. | 08-05-2010 |
| 20100199332 | Access-Network to Core-Network Trust Relationship Detection for a Mobile Node - The invention provides a method for trust relationship detection between a core and access network for a user equipment. The gist is that a security tunnel establishment procedure is used so one entity, be it part of the core network or be it the user equipment itself, is provided with information to determine whether the access network is trusted or untrusted. The information may comprise a first IP address/prefix, which is initially assigned to the user equipment, upon attaching to the access network. The necessary information may further comprise a second IP address/prefix, which is an address/prefix that is allocated at a trusted entity of the core network. Depending which entity determines the trust relationship of the access network, it might be necessary to transmit either the first IP address/prefix or the second IP address/prefix or the first and the second IP address/prefix using the security tunnel establishment procedure. | 08-05-2010 |
| 20100199333 | SYSTEM AND METHOD FOR PROVIDING DEVICE MANAGEMENT SERVICE TO ELECTRONIC DEVICE HAVING NO BROADBAND COMMUNICATION MODULE - Disclosed is a system for providing an electronic device with a DM service, including: a DM server for providing the electronic device with the DM service; and a wireless terminal capable of being directly connected to the DM server for establishing a DM session while cooperating with the electronic device, generating an MO used for managing the electronic device with reference to a DDF of the electronic device if the wireless terminal receives the DDF of the electronic device from the electronic device through the DM session, and transmitting the generated MO to the DM server. | 08-05-2010 |
| 20100205654 | Signalling Method for Communication Networks, Corresponding Network, Devices and Computer Program Product - A method is proposed, for use e.g. in the context of WiMAX networks supporting the CMIPv6 function, for allowing the ASN-GW to become aware of the status of a control procedure, the CMIPv6 mobility binding procedure. The ASN-GW is not directly aware of its result since the procedure implies a message exchange at the U-Plane level, where the ASN-GW implements only a routing function. Nevertheless the ASN-GW needs to know the status of the procedure since it has to perform some subsequent actions depending on that status. The method includes signalling the status via a signalling mechanism between the Access Service Network and the Connectivity Service Network, thus avoiding packet inspection at the U-plane by the Access Service Network Gateway. | 08-12-2010 |
| 20100205655 | NETWORK ACCESS CONTROL SYSTEM AND METHOD - A network access control system includes an information device that has access to a relay device which relays communication in a communication network, by the use of access information, and performs communication via the relay device, and a management unit that finds information devices, wherein when the found information device has no access to the relay device and is a second information device which is allowed to have access to the relay device by a first information device, the management unit transmits the access information to the second information device without a request for authentication. | 08-12-2010 |
| 20100211995 | COMMUNICATION SYSTEM, RELAY APPARATUS, TERMINAL APPARATUS AND COMPUTER READABLE MEDIUM - Authentication information for each communication destination and communication condition information are stored so as to be associated with each other in accordance with each communication destination designated by a request accepted by a server apparatus. Communication permission information containing authentication information of the communication destination is accepted from a requester. Communication condition information associated with authentication information contained in the accepted communication permission information is acquired. Determination is made as to whether or not communication requested by the requester is consistent with a condition indicated by the acquired communication condition information. When determination is made that the communication requested by the requester is consistent with the condition indicated by the acquired communication condition information, the communication from the requester is relayed to the requested communication destination via a virtual service private line which is set in advance. | 08-19-2010 |
| 20100211996 | PREVENTING PHISHING ATTACKS BASED ON REPUTATION OF USER LOCATIONS - User sessions are authenticated based on locations associated with a user account used for sending a request for creating a session. Examples of locations of a source of a request include a geographical location, a network address, or a machine cookie associated with a device sending the request. Locations of the request are compared with stored safe locations associated with the user account and a suspiciousness index is determined for the session. The level of authentication required for the session is determined based on the suspiciousness index. Locations are associated with a reputation based on past history of sessions originating from the locations. A location associated with a history of creating suspicious session is considered an unsafe location. Reputation of the location originating the session is used to determine the level of authentication required for the session. | 08-19-2010 |
| 20100211997 | AUTHENTICATING USER SESSIONS BASED ON REPUTATION OF USER LOCATIONS - User sessions are authenticated based on locations associated with a user account used for sending a request for creating a session. Examples of locations of a source of a request include a geographical location, a network address, or a machine cookie associated with a device sending the request. Locations of the request are compared with stored safe locations associated with the user account and a suspiciousness index is determined for the session. The level of authentication required for the session is determined based on the suspiciousness index. Locations are associated with a reputation based on past history of sessions originating from the locations. A location associated with a history of creating suspicious session is considered an unsafe location. Reputation of the location originating the session is used to determine the level of authentication required for the session. | 08-19-2010 |
| 20100211998 | System, Apparatus and Methods for Storing Links to Media Files in Network Storage - When a user purchases digital rights to a media file, or otherwise obtains the right to have a copy of the media file downloaded to the user's wireless device, a link to the media file that is stored in the media database is stored in a user storage database. When the user desires to have the media file downloaded to the user's wireless device, the user sends a request to the network. The network performs a check to determine whether the user is authorized to receive the requested media file, and if so, causes the requested media file to be downloaded to the user's wireless device where the media file is stored in the local memory of the wireless device for playback by the user on the wireless device. | 08-19-2010 |
| 20100218237 | SYSTEMS AND METHODS FOR MANAGING THIRD-PARTY APPLICATION PROGRAMMING INTERFACE IN A COLLABORATION SPACE - Embodiments relate to systems and methods for managing third-party application programming interfaces in a collaboration space. A collaboration space, such as a wiki site, can host a set of collaboration tools and resources, including, for example, content tools, communication tools, and other resources for the users of the space. The collaboration space can also incorporate and expose a set of application programming interfaces, such as command and data-passing structures to permit users to invoke third-party applications and/or services from within the wiki site or other collaboration space. The set of applications/services be hosted on a remote server or co-hosted on the collaboration server, and can include, for instance, database, spreadsheet, media content, or other applications or services. The invoked applications/services can return data to the requesting user via the collaboration space. Users can subscribe to different applications and/or services available via the collaboration space. | 08-26-2010 |
| 20100218238 | Method and system for access control by using an advanced command interface server - A method and system for allowing one or more users controlled access to at least one server from a plurality of servers by using an advanced command interface (ACI) server. The method and system include receiving a command at the ACI server from the one or more users to access the at least one server. Further, the method and system include comparing the command and impact of the command with a predefined set of criteria, which includes a plurality of skill and role levels corresponding to the one or more users. Subsequently, the command is transmitted from the ACI server to the at least one server for processing at the at least one server. The command is transmitted based on the predefined set of criteria. Thereafter, a response of the processed command from the at least one server is received. Finally, the method and system include forwarding the response of the processed command to the one or more users. | 08-26-2010 |
| 20100218239 | Digital Content Counting System and Method - A digital content counting system and a method thereof are provided for achieving the credible transaction counting mechanism established between the owner of copyrights and the seller, to make the owner of copyrights and the seller collectively confirm the transaction information of the digital contents. The system comprises a sale subsystem, an authorization service subsystem and a transaction clearing subsystem; the sale subsystem and the authorization service subsystem authenticate each other; the transaction clearing subsystem and the authorization service subsystem authenticate each other; the transaction clearing subsystem authenticates the sale subsystem; the sale subsystem generates transaction request information according to a purchase list, sends the transaction request information to the authenticated authorization service subsystem, and records transaction success information; after receiving and confirming the transaction request information, the authorization service subsystem sends transaction success information to a client device, the sale subsystem and authenticated transaction clearing subsystem, sends an approach for obtaining an authorization file to the client device, records the transaction request information, and issues the authorization file; the transaction clearing subsystem records the transaction success information. | 08-26-2010 |
| 20100223658 | Systems and Methods of Handling Access Control Violations - Systems and methods of reporting access violations in a network device are disclosed. One such method comprises setting a forwarding index field in a specific entry of an access control list (ACL) to reference a specific forwarding table entry (FTE). The specific FTE is the only FTE associated with reporting access violations. The method further comprises setting a next destination field in the specific FTE to indicate a copy-to-processor behavior. The method further comprises setting the next destination field in the specific FTE to indicate a drop behavior. The setting of the next destination field is responsive to a timeout on a timer associated with reporting access violations. | 09-02-2010 |
| 20100223659 | METHOD AND SYSTEM FOR ENSURING AUTHORIZED OPERATION OF A COMMUNICATION SYSTEM AS A SECONDARY USER - A communication system ( | 09-02-2010 |
| 20100223660 | PROVIDING MULTIMEDIA CONTENT WITH TIME LIMIT RESTRICTIONS - Users are provided limited access to multimedia programs. An administrator may require users to log in to begin a multimedia distribution session (e.g., a television program viewing session). The administrator may designate that certain users may access multimedia content only for an allotted amount of time during an approved viewing period. The administrator may also designate that a maximum amount of rollover time is carried to a future tracking period if an allotted amount of viewing time is not fully used for any tracking period. | 09-02-2010 |
| 20100223661 | Method, system, and apparatus for processing access prompt information - A method, system, and apparatus for processing access prompt information in an IP session are disclosed. The method includes: managing the state of an IP session in an IP session process, and providing access prompt information of the IP session, where the access prompt information includes an IP session termination cause, or advertisement information or accounting information of the IP session, or any combination thereof; adding the access prompt information to an IP session control signaling message; and sending the IP session control signaling message that carries the access prompt information to a receiver so that the receiver can perform corresponding operations according to the access prompt information. | 09-02-2010 |
| 20100229217 | SYSTEMS AND METHODS FOR CONTROLLING OPERATION OF A MOBILE STATION - Systems, apparatuses, and methods disclosed herein allow a requesting party to control use of another user's mobile station. In some aspects, a server is configured to communicate with a plurality of remote computer systems and target mobile stations. The server includes a memory device and a processor configured to access data and logic instructions embedded on the memory device. The server authenticates a requesting party accessing the computer server from one of the remote communication systems. The requesting party is not a user of a selected one of the target mobile stations. The server receives selective availability attributes for the selected one of the target mobile stations from the requesting party. The selective availability attributes indicate conditions under which the target mobile station is enabled or disabled to operate, and features that are available on the target mobile station under a plurality of conditions when the target mobile station is enabled. The server further determines when the target mobile station is operational and downloads the selective availability attributes to the target mobile station when the target mobile station is operational. | 09-09-2010 |
| 20100229218 | QUOTA MANAGEMENT FOR NETWORK SERVICES - A system and method for managing requests for system resources from a plurality of users. Usage data is maintained for each user with respect to a user quota and a system quota. Aggregate system usage data is also maintained. A user request is checked for compliance with a user quota. The request is checked for compliance with a system quota. If either quota is not complied with, a hint that indicates when to send a next request is determined and sent to the user. Compliance with the system quota may include use of a reservation system, in which the allowance of a request may be based on a user's system usage data, so that a user with lower usage is more likely to have a request accepted when the system is loaded. | 09-09-2010 |
| 20100229219 | DETECTING UNAUTHORIZED COMPUTER ACCESS - A machine executed method comprising at a first computer, receiving from a second computer a request to gain root-administrator access to an operating system (OS) of the first computer; the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the OS to a second state associated with the OS, wherein the second state is different than the first state and the second state indicates that root-administrator access to the OS was granted. | 09-09-2010 |
| 20100229220 | System and method for theft and data recovery from lost portable devices - A system and method for theft recovery, data recovery, and privacy protection for portable devices with IP connectivity is implemented either according to a peer-to-peer or client-server model, with a serverless or a server-based infrastructure. In the P2P model, a distributed hash table (DHT) algorithm is used for storing and retrieving the device IP addresses and the device location coordinates when available. An authorized user can set a protected device into a locked mode or the device automatically enters into a locked mode after the device has been operated without proper authorization. In a locked mode, private data is deleted, transferred to a pre-selected storage system, alerts and location coordinates, when available, are to be sent to preselected accounts. Data on a lost portable device can be synchronized with a pre-selected storage system and be restored when the lost device is recovered. | 09-09-2010 |
| 20100229221 | SYSTEM AND METHOD FOR CREATING A SECURE TRUSTED SOCIAL NETWORK - A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer- based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner. | 09-09-2010 |
| 20100235885 | Secure Client-Side Aggregation of Web Applications - A web browser client includes an aggregated web application runtime environment that controls access by a program fragment of an aggregated web application to a resource therein based upon the originating domain of the program fragment. To do so, the aggregated web application runtime environment appends an access attribute to the Document Object Model (DOM) node associated with the resource. This access attribute is associated with a plurality of access rights definitions where each access rights definition defines a set of access rights to the resource for program fragments originating from a domain with a specific access rights status. Accordingly, the aggregated web application runtime environment sets one or more access rights statuses of the originating domain of the program fragment, and thereafter, grants or denies the program fragment access to the resource based upon one or more sets of access rights defined for that program fragment. | 09-16-2010 |
| 20100235886 | AUTOMATED RELATIONSHIP MANAGEMENT FOR ELECTRONIC SOCIAL NETWORKS - A computer-implemented method of automatically managing relationships between a plurality of users within an electronic social network. The method includes monitoring interactions between the plurality of users in relationships within the electronic social network over time, and obtaining interaction information associated with the monitored interactions, and automatically updating and managing access privileges of users based on the obtained interaction information, to access profile information of respective users. The method ensures automated, adequate and dynamically changing representation of relationships in an ESN system, thereby greatly increasing the value of the ESN system to the user and ways to pro-actively maintain and improve existing relationships or prevent them from decaying. | 09-16-2010 |
| 20100235887 | SYSTEM AND METHOD FOR QUEUING TO A CLOUD VIA A QUEUING PROXY - System and method for servicing queue requests via a proxy are described. In one embodiment, the system includes an enterprise queuing proxy (“EQP”) disposed within an enterprise computing environment and having an enterprise queue associated therewith; a cloud queuing proxy (“CQP”) disposed within a cloud computing environment, the CQP connected to a plurality of cloud queues each having associated therewith at least one queue service process listening on the cloud queue for queue requests to service; and a secure communications mechanism for interconnecting the EQP and the CQP. Upon receipt of a queue request from an enterprise service, the EQP evaluates the request against policy to determine whether to service it locally or remotely and, if the request is to be serviced remotely, forwards the request to the CQP via the secure communications mechanism. Upon receipt of the request, the CQP evaluates the queue request against policy to select one of the cloud queues to which to route the queue request for servicing. | 09-16-2010 |
| 20100235888 | IMAGE FORMING APPARATUS, FUNCTION EXTENDING METHOD AND USER AUTHENTICATION SYSTEM - An image forming apparatus includes an user authentication part | 09-16-2010 |
| 20100235889 | APPLICATION PRODUCTS WITH IN-APPLICATION SUBSEQUENT FEATURE ACCESS USING NETWORK-BASED DISTRIBUTION SYSTEM - An improved system, device and method for accessing features of digital products with assistance from a product distribution site are disclosed. In one embodiment, a user of a client device may have previously acquired rights or permissions to access one or more supplemental features of one or more digital products (e.g., application programs). Typically, a user would purchase an application program and then sometime later also purchase supplemental features for use with the application program. In one implementation the supplemental features can be purchased using the application program with the assistance of a remotely located product distribution server. Sometime thereafter, in some cases, the user desires to make use of such previously acquired one or more supplemental features on another client device. For example, the user may wish or need to transfer from a former client device to a new client device. As another example, the user may wish to utilized (e.g., share) such previously acquired one or more supplemental features with another client device associated with the user, such as another client device within user's account. | 09-16-2010 |
| 20100242094 | IDENTIFICATION OF TELEMETRY DATA - Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server. | 09-23-2010 |
| 20100242095 | METHOD AND APPARATUS FOR MULTI-USER, MULTI-APPLICATION INTERNET ACCESS AUTHENTICATION AND CONTROL - Methods, system, computer program products and data structures are described to allow a client to be identified using a plurality of methods during the process of accessing Internet resources through a Proxy or Firewall device. The resultant plurality of methods combines to result in a specific user identification process via multiple data stores. These independent data stores are then quarried to identify a user via a network access process that would not commonly respond to a specific authentication process. A single aggregate data store of user identification information is created to facilitate a more effective search process. | 09-23-2010 |
| 20100242096 | MANAGING CONNECTIONS IN A DATA STORAGE SYSTEM - Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device. | 09-23-2010 |
| 20100242097 | SYSTEM AND METHOD FOR MANAGING APPLICATION PROGRAM ACCESS TO A PROTECTED RESOURCE RESIDING ON A MOBILE DEVICE - A computer-implemented method for managing application program access to a protected resource residing on a mobile device is provided. The method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization. Data produced by the protected resource is cryptographically signed, and a notification is generated in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource. A system for managing application program access to a protected resource residing on a mobile device is further provided. | 09-23-2010 |
| 20100242098 | NETWORK ATTACHED DEVICE WITH DEDICATED FIREWALL SECURITY - Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorized, and only if the request for network access is authorized, providing the network client with network access to the NAD. | 09-23-2010 |
| 20100251336 | FREQUENCY BASED AGE DETERMINATION - Human ability to perceive higher audio frequencies diminishes with age. Functionality can be implemented to use a combination of audio tones with varying frequencies to identify an age range to which a user belongs and accordingly control access to age dependent access controlled information and services. The user's ability to perceive one or more audio tones in the combination of audio tones depends on the user's age. Thus, different users, depending on the users' age, may perceive the same combination of audio tones differently. Such an age verification system based on human perception of audio tones can minimize the need for identification cards and a reliance on the user providing accurate age information. This can prevent the user from misinterpreting his/her age to access the age dependent access controlled information and can ensure that only an authorized user gets access to the age dependent access controlled information. | 09-30-2010 |
| 20100251337 | SELECTIVE DISTRIBUTION OF OBJECTS IN A VIRTUAL UNIVERSE - A method, product, and system are directed to selective distribution of a virtual universe in a virtual universe. In one embodiment, permission is granted to access the virtual universe, whereby a user navigates to a region. Metadata is detected in a user's profile. A virtual universe object is detected in the region. The virtual universe object includes a tag, which includes one or more fields. The tag and the metadata are compared. A level of similarity is detected between the tag and the metadata in the user's profile. Responsive to detecting the level of similarity between the fields included with the tag and the metadata in the user's profile, the virtual universe object is presented to the user. Either an acceptance or a rejection of the virtual universe object is received. Responsive to receiving an acceptance, the virtual universe object is included in the user's inventory. | 09-30-2010 |
| 20100251338 | Predictive HTTP Authentication Mode Negotiation - A client system and a server system use a Hypertext Transfer Protocol (HTTP) authentication mode preference header to negotiate an HTTP authentication mode. The client system sends an HTTP request to the server system. In response to the HTTP request, the server system sends an HTTP response to the client system. The HTTP response includes an HTTP authentication mode preference header. The HTTP authentication mode preference header indicates whether a preferred HTTP authentication mode is connection-based HTTP authentication or request-based HTTP authentication. In subsequent HTTP requests to the server system, the client system uses the HTTP authentication mode indicated by the HTTP authentication mode preference header. | 09-30-2010 |
| 20100251339 | Managing Security Groups for Data Instances - Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment. | 09-30-2010 |
| 20100251340 | SYSTEM AND METHOD FOR MANAGING THIRD PARTY APPLICATION PROGRAM ACCESS TO USER INFORMATION VIA A NATIVE APPLICATION PROGRAM INTERFACE (API) - A method for managing third party application program access to user information via a particular native application program interface (API) is provided. The method includes providing a wrapped native API including a wrapper library and inspecting a third party application program for the presence of the wrapper library in an unmodified form. The application program is inspected to identify API calls. An identified API call to a circumventing API is instrumented by wrapping the circumventing API to generate a wrapped non-circumventing API and modifying the third party application program to redirect the identified API call from the circumventing API to the wrapped non-circumventing API. A request for a permission to access user information is received from the third party application program via the wrapper library executed on a user device. An authorization is received to provide the permission to access the user information, and the permission to access the user information is provided to the executed third party application program. | 09-30-2010 |
| 20100251341 | LOGIN PROCESS APPARATUS, LOGIN PROCESS METHOD, AND PROGRAM - An authority group definition ( | 09-30-2010 |
| 20100251342 | COMMUNICATION APPARATUS, CONTROL METHOD FOR THE COMMUNICATION APPARATUS, AND STORAGE MEDIUM - In an apparatus, if it is detected that a condition is met to switch the apparatus from the normal power mode to a power saving mode that consumes less power than the normal power mode, a communication speed for the apparatus to communicate via a network is changed, an authentication process is executed, and the apparatus is switched from the normal power mode to the power saving mode when the authentication process is completed. | 09-30-2010 |
| 20100251343 | METHOD AND SYSTEM FOR TRANSMITTING AUTHENTICATION CONTEXT INFORMATION - A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider. | 09-30-2010 |
| 20100251344 | CONTROLLING ACCESS TO NAME SERVICE FOR A DOMAIN NAME SYSTEM - A system and method is provided for using a DNS server operating on a wide area network to enable an authorized reception device to receive (or be provided with) restricted content data associated with a particular wide area network address and redefine the domain name associated with a particular wide area network address. In a preferred embodiment of the present invention, an authorization application is adapted to provide the reception device with user-verification data, receive from the reception device verification data, and provide the filtering application with authorization data. The filtering application, which operates similarly to prior art DNS server systems, is further adapted to receive filtered data (i.e., password-required data and/or pseudo-domain-name data) and authorization data in order to provide an IP address of the content server to the reception device via a wide area network, such as the Internet. | 09-30-2010 |
| 20100263024 | METHODS, APPARATUS AND SYSTEMS FOR ACCESSING VEHICLE OPERATIONAL DATA USING AN INTELLIGENT NETWORK ROUTER - Systems and methods are provided that allow more efficient access to vehicle health maintenance information within a vehicle. In addition, it is desirable to provide remote access to the health information by a plurality of users. | 10-14-2010 |
| 20100263025 | MEHTODS AND APPARATUS TO PROVIDE LAYERED SECURITY FOR INTERFACE ACCESS CONTROL - Example methods and apparatus to provide layered security for interface access control are disclosed. A disclosed example method includes receiving a connect message in a first server from a client application to access at least one server endpoint, in response to receiving the connect message, opening a session between the at least one server endpoint and the client application if the session is authorized to be opened, receiving a request from the client application to open an endpoint that provides at least one of read access, write access, or subscribe access to at least one resource, opening the endpoint within the open session after determining that the client application is authorized to access the at least one resource via the endpoint, receiving a request from the client application to assign a selection of the at least one authorized resource to the endpoint, assigning the at least one selected resource to the endpoint, and granting the client application access to the at least one resource via the endpoint. | 10-14-2010 |
| 20100263026 | METHOD OF OBTAINING PROXY CALL SESSION CONTROL FUNCTION ADDRESS WHILE ROAMING - The present invention provides a method for obtaining a proxy call session control function address, comprising when a terminal accesses an IP multi-media subsystem through a world interoperability for microwave access (WiMAX) network in roaming scenarios, a visited authentication, authorization, and accounting server (V-AAA) of the terminal retransmitting an access request message sent by an access service network (ASN) or a dynamic host configuration protocol (DHCP) or a home agent (HA) of said terminal to a home authentication, authorization, and accounting server (H-AAA) of said terminal after receiving the access request message, and H-AAA finally deciding whether the P-CSCF is located in a visited network or a home network according to a roaming protocol and visited network capability, and returning the determined P-CSCF address information, included by H-AAA in an access accept message corresponding to said access request message, to the sender of said access request message through V-AAA. | 10-14-2010 |
| 20100263027 | Method, Apparatus and System for Providing and Reading Feed Files - A Rich Site Summary or Really Simple Syndication (RSS) server includes: a Feed generating module, adapted to generate a Feed file according to user data and content data; a authorization setting module, adapted to set content authorization of accessing contents of the Feed file according to authorization information provided by a user; and a Feed sending module, adapted to send the Feed file to an RSS reader on a client. A RSS reader includes: an obtaining module, adapted to obtain the Feed file; a resolving module, adapted to resolve content authorization of the Feed file; and a displaying module, adapted to display contents of the Feed file according to the content authorization information of the Feed file. A method for providing Feed files and a method for reading Feed files are also disclosed. With the present invention, the authorization of reading Feed files is filtered, and the user requirements are fulfilled. | 10-14-2010 |
| 20100263028 | METHOD FOR ASSIGNING NETWORK ADDRESSES, NETWORK AND NETWORK NODE THEREOF - A method for assigning network addresses is provided. When a mobile node (MN) moves to an access domain (AN) of a visited network, the method, in the visited network, includes: receiving a network access request sent by the MN; determining a home network of the MN according to user information of the MN, and sending an authentication request to the home network for authenticating the MN; receiving an authentication response returned by the home network, where the authentication response includes a local home of address (L-HoA) for identifying the AN where the MN is currently located; and assigning a local care of address (L-CoA) to the MN, where the L-CoA identifies position information of the MN in the current AN. Correspondingly, a network and a network node are provided. Thus, technical solutions can implement address assignment when the MN moves. | 10-14-2010 |
| 20100269156 | APPARATUS AND METHODS FOR PROVIDING AUTHORIZED DEVICE ACCESS - Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege. | 10-21-2010 |
| 20100269157 | System and Method for User Control of Authorizing and Tracking Access to Electronic Records - A record holder accesses a coordinating server via a network. The coordinating server either itself stores or communicates electronically with one or more other servers that store electronic records (ER), including at least some associated with the record holder. Third-party record recipients are also connected via the network to the coordinating server and possibly also to the ER server(s). The user accesses the coordinating server, selects at least one of the recipients and specifies which of the electronic records, or portions thereof, that the user wishes that particular recipient to be able to access, possibly along with other access right parameters such as an access time or period. The recipient then accesses the coordinating server and/or one of the ER servers to retrieve electronic records of interest, which are made available according to the access rights and limitations pre-set by the user. | 10-21-2010 |
| 20100269158 | SOCIAL NETWORKING SITE AND SYSTEM - Various methods and systems are described for use in operating and maintaining a user subscribed system, such as a website or network. For example, a social networking site or network is contemplated with a member account having one or more member profiles associated with his or her member account. In accordance with one embodiment of the invention, the described systems and methods may provide a user selective access to member-related information, such as topic-based electronic content associated with the member, member-related or identifying information, and other such information, in accordance with member selected categorization and/or organisation. Users may be categorized hierarchically into contact groups, such that access to member-related information by user in a given contact group depends on the permission rights granted to that contact group. The methods and systems described provide a scalable infrastructure to support large volumes of users and requests in a network while ensuring a high degree of fault tolerance, so as to minimize service interruptions and unexpected data loss, for example. | 10-21-2010 |
| 20100269159 | METHOD AND DEVICE FOR OPERATING AN AUDIO AND/OR VIDEOCONFERENCE WITH AT LEAST TWO PARTICIPANTS - The embodiments relate to a method for operating an audio and/or videoconference having at least two participants. A central computer, which controls the audio and/or videoconference, ascertains an identification datum of the participant initiating the conference. The central computer ascertains, on the basis of the identification datum from at least one database, which is coupled to the central computer, contact data of potential participants of the conference, the contact data being associated with the user. The contact data ascertained by the central computer are provided to the user initiating the conference as further conference participants for selection. | 10-21-2010 |
| 20100269160 | SYSTEM AND METHOD FOR MANAGING VIRTUAL USER DOMAINS - The present invention addresses the previous of lack of subscriber identity tracking and management for residential broadband lines and provides customized access and enhanced IP services for a subscriber's household members (virtual user domain) and his/her circle of extended families, relatives, and friends (multiple virtual user domains). Rather than treating a broadband link as a single connection with a single set of services and quality constraints, the present invention enables the subscriber to create multiple user profiles per broadband link; tailor activities such as web services to a specific user and group profile; provide restricted access to minors (e.g. allow only age appropriate content to be viewed); and facilitate connection at multiple access points on a carrier's edge network. | 10-21-2010 |
| 20100275245 | COMMUNICATION AUTHENTICATION USING MULTIPLE COMMUNICATION MEDIA - The invention provides a method, system, and program product for authenticating a first individual for communication with a second individual. In one embodiment, the invention includes receiving a first communication from the first individual via a first communication medium, rejecting the first communication, providing the first individual with information for communicating with the second individual via a second communication medium, receiving a second communication from the first individual via the second communication medium, and authenticating the first individual for communication with the second individual via at least one of the first and second communication medium. | 10-28-2010 |
| 20100275246 | METHOD AND A DEVICE FOR MAINTAINING AN ADDRESS TRANSLATION TABLE - The invention relates to a device for maintaining an address translation table, placed in series between a terminal and a third-party entity of a telecommunications network. According to the invention, such a device is adapted to verify the existence in the address translation table of an entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity and, if there is no entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity, to create a specific entry in the address translation table associating with a private address and a private port of the terminal in a private network connecting it to said device a public address and a public port of the terminal in the telecommunications network and an indication of the validity of the entry, this validity indication taking into account the first reception time. | 10-28-2010 |
| 20100275247 | METHOD AND APPARATUS FOR AUTHORIZATION-DEPENDENT ACCESS TO MULTIMEDIA CONTENTS, AND A SYSTEM HAVING THE APPARATUS - A method, an apparatus and a system for authorization-dependent access to multimedia contents. A first terminal produces a first request for a multimedia content for an output of the multimedia content via the first terminal. A first authorization information item is used to check that the output of the multimedia content is authorized. The first terminal produces a second request for an output of the multimedia content via a second terminal. A check is carried out to determine whether to output a first security note via the first terminal. The output of the multimedia content takes place via the second terminal if the first security note is not to be output, or an input of a confirming acknowledgement for the first security note is identified by the first terminal. | 10-28-2010 |
| 20100275248 | Method, apparatus and system for selecting service network - The present invention relates to network communication technologies, and discloses a method, an apparatus, and a system for selecting a service network to improve network capabilities of serving the client. The method includes: receiving an address request message that carries service network selecting condition from a client or user; and judging whether preconfigured or stored service network configuration information meets the service network selecting condition, and forwarding the address request message to the service network that meets the service network selecting condition if the preconfigured or stored service network configuration information meets the condition. The apparatus includes: a message receiving and sending unit, a configuring unit, and a service network selecting unit. The embodiments of the present invention can select a service network for the client or user according to the requirements of the client or user, and improve the service capabilities of the network. | 10-28-2010 |
| 20100281522 | ACCESS RIGHT MANAGING SYSTEM, ACCESS RIGHT MANAGING METHOD, AND ACCESS RIGHT MANAGING PROGRAM - An authentication device includes a user authentication certificate generation unit that issues to another device user authentication information on which information about a user is recorded; and a right transfer certificate/token generation unit that issues right transfer information and a token corresponding to the right transfer information to another device on the basis of information about a user to whom the right is transferred and a condition under which the right is transferred. A service proxy access device includes a token request unit that requests the issuing of the right transfer information and the token in order to access another device; and a user proxy access unit that accesses another service using the token. The service providing device includes a user authentication certificate request unit that acquires user authentication information from the authentication device using the token. | 11-04-2010 |
| 20100281523 | METHOD AND SYSTEM FOR NEGOTIATING NETWORK SERVICE - A method, system, terminal, and server for negotiating a network service are provided, which belong to the field of network access technology. The method includes: an AAA server for providing basic access (AAAn server) receives a network access identifier (NAI) from a terminal during an authentication process, where the NAI contains service identifier information of a service requested by the terminal. The AAAn server performs identity authentication on the terminal according to the NAI and information associated with the terminal stored in a database of the AAAn server. The AAAn server judges whether the terminal can obtain the requested service according to the service identifier information of the service requested by the terminal contained in the NAI after the terminal successfully passes the identity authentication. The system includes a terminal and an AAAn server. The technical solutions can simplify the negotiation process, and facilitate the network management and operation. | 11-04-2010 |
| 20100287600 | Assigning User Requests of Different Types or Protocols to a User by Trust Association Interceptors - A Universal TAI handles multiple identifications by means of an internal lookup table. When authenticating and authorizing requests, from a pre-registered customer, that are serviced by an application server, a reverse proxy security server receives requests of different protocols and associates user identification information of a single user with different formats based on the types and protocols of the requests. The Universal TAI determines a fundamental identification of the user from a lookup table, substitutes the fundamental identification into the requests of different protocols for the same user principal, and passes the request with the fundamental identification to the application server. | 11-11-2010 |
| 20100287601 | SYSTEM FOR MANAGING RIGHTS OF ACCESS TO AVIONIC APPLICATIONS AND DATA AND METHOD IMPLEMENTED BY THIS SYSTEM - A system for managing a user's access rights to avionic information, loaded onboard an aircraft, that includes at lease one identification device able to read the user's identity information contained on a personal card, and an avionic computer having means of managing access rights able to authenticate the user and determine access rights to avionic information based on the user's identity. | 11-11-2010 |
| 20100293600 | Social Authentication for Account Recovery - A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account. | 11-18-2010 |
| 20100293601 | SHARED DEVICE IDENTITY MANAGER - A device receives an identity claim associated with a user of a shared device, and determines whether the identity claim is valid. The device also determines one of an individual identification or a group identification to affiliate with the shared device when the identity claim is determined to be valid. The device further provides one or more preferences and privileges to the shared device based on the one of an individual identification or a group identification affiliated with the shared device. | 11-18-2010 |
| 20100293602 | SYSTEM OPERATING UNDER WEB ENVIRONMENT AND METHOD OF CONTROLLING THE SAME - In a system which operates under a Web environment in which a service providing server controls the provision of a service with operating a Web server and a client apparatus provides service with operating a Web browser, which are connected via a network. The service providing server stores the history of a job for providing the service with the user ID of a user who requests the service, then acquires, from stored histories, a history having a user ID matched to the user ID of a user who sends a request to browse the history of a job. When the Web server receives the browsing request from the user of the client apparatus via the Web browser, the service providing server creates a file for distributing updated information based on the acquired history, and transmits the file to the Web browser. | 11-18-2010 |
| 20100293603 | METHOD, DEVICE, AND SYSTEM FOR AUTHENTICATION - A method for authentication includes: a Gateway Mobile Station (G-MS) receives an authentication trigger message from a host, and sends the authentication trigger message to an authentication server through an Ethernet Convergence Sublayer (Eth-CS) to trigger authentication. A network system includes a G-MS, which is connected to a host and an authentication server in communicable mode. The G-MS is configured to: receive an authentication trigger message from the host and send the authentication trigger message to the authentication server through the Eth-CS. The authentication server is configured to: receive the authentication trigger message that the G-MS sends through the Eth-CS, and authenticate the host. A G-MS includes: a receiving unit, configured to receive an authentication trigger message from the host; and a sending unit, configured to send the authentication trigger message received by the receiving unit to the authentication server through the Eth-CS. | 11-18-2010 |
| 20100299723 | System and Method for Automated Clock Wind Back Recovery - A method and system for automated clock wind-back recovery are disclosed. According to one embodiment, a computer-implemented method comprises requesting a license to access an application and storing a time anchor, the time anchor comprising a recent system time observation. Clock modification is detected, wherein detecting clock modification comprises comparing a license expiration date to a current system time. The time anchor is compared to a trusted time authority value, the trusted time authority value comprising the current system time and a tolerance. The time anchor is updated, clock modification is corrected, and access to the application is retrieved. | 11-25-2010 |
| 20100299724 | User Interface for Providing Voice Communications Over a Multi-Level Secure Network - According to one embodiment, a computer system executing a computer program is coupled to multiple secure network domains configured in a multi-level security architecture. The computer program simultaneously establishes a voice connection with a first terminal configured on a first secure network domain and a second terminal configured on a second secure network domain. The computer program may then selectively couple an electroacoustical transducer to the first terminal or the second terminal, and generate an indicator on a user interface indicating the security level of the selected terminal. | 11-25-2010 |
| 20100299725 | WIRELESS LAN ACCESS POINT DEVICE AND UNAUTHORIZED MANAGEMENT FRAME DETECTION METHOD - A wireless LAN access point device is structured to perform frame-based data transmission and reception to and from a wireless terminal over a wireless communication path. The wireless LAN access point device has a communication module configured to transmit and receive a frame to and from the wireless terminal. In the wireless LAN access point device, when the communication module receives a predetermined management frame from the wireless terminal, an execution module performs a corresponding operation specified by the received management frame. In the wireless LAN access point device, when the communication module receives a frame, a sequence monitor module obtains a sequence number included in the frame. In the wireless LAN access point device, when a first sequence number obtained by the sequence monitor module and a second sequence number included in the received management frame satisfy a preset condition, an unauthorized frame judgment module identifies the received management frame as an unauthorized frame. This arrangement has the high versatility and effectively protects a wireless LAN network from unauthorized accesses. | 11-25-2010 |
| 20100299726 | SECURITY TECHNIQUE FOR CONTROLLING ACCESS TO A NETWORK BY A WIRELESS DEVICE - The present invention relates to a method for protecting the security of a computer network which is accessed through the use of wireless devices, among other means. Specifically, the present invention pertains to a method of using user-specific biometric data to identify users of wireless devices such as PDAs and yet prevent use by unauthorized persons and prevent changing of the biometric data by unauthorized persons. The method also prevents unauthorized access, and facilitates authorized access, to computer networks. Control of access to the biometric data and control of access to the network can be maintained in the network administrator or other responsible body and thereby also offers security against theft. | 11-25-2010 |
| 20100306823 | Method and Apparatus for Controlling the Number of Devices Installed in an Authorized Domain - The number of devices installed in an Authorized Domain is controlled by a master device functionality. This master devices stores ceiling values for the total number Totaljimit of devices to be installed in the AD; the total number Localjimit of devices to be installed in a local proximity with the master device and the total number Remotejimit of devices to be installed remotely from said master device. The master device also stores current values of the number Local_count of devices installed in the AD in local proximity with the master device; and the number Remote_count of devices installed in the AD remotely from said master device. When a new device is to be installed in the AD, the ceiling values are checked with respect to the current values and it is checked whether the device is in local proximity with the master device to authorize or not its installation in the AD, either locally or remotely. | 12-02-2010 |
| 20100306824 | TRUST AND IDENTITY IN SECURE CALENDAR SHARING COLLABORATION - In some embodiments, a system includes a database of trust information that internalizes security and trust relationships between a first entity and a second entity in regards to scheduling, and a central trust manager operable to determine from the database of trust information whether a trust relationship exists between a first organization and a second organization, the central trust manager also being operable to provide availability information of a user of the first organization to a second user of the second organization, the central trust manager also being operable to determine whether the second user of the second organization is granted access to requested calendar data and the central trust manager also being operable to provide the requested calendar data. | 12-02-2010 |
| 20100306825 | SYSTEM AND METHOD FOR FACILITATING USER INTERACTION WITH A SIMULATED OBJECT ASSOCIATED WITH A PHYSICAL LOCATION - Systems and methods for facilitating user interaction with a simulated object that is associated with a physical location in the real world environment is herein disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, of identifying the simulated object that is available for access based on location data. The location data can include a location of a device in a time period, the device for use by a user to access the simulated object. One embodiment includes, verifying an identity of the user; and in response to determining that the user is authorized to access the simulated object, providing the simulated object for presentation to the user via the device. | 12-02-2010 |
| 20100306826 | METHODS AND SYSTEMS FOR IMPLEMENTING A SELF DEFENDING/REPAIRING DATABASE - This disclosure describes, generally, methods and systems for self defending and repairing a database. The method includes monitoring, at a database server, code modifications to a database management application. The database management application is configured to maintain the database. The method further includes determining that a code modification has occurred to the database management application. The method further includes checking the code modification for the presence of an authorization key, and in response to an invalid or non-existent authorization key, determining that the code modification is unauthorized. Further, the method includes quarantining the modified code in a secure storage location, and automatically accessing original code of the database management application and replacing the modified code with code from the original code of the database management application. | 12-02-2010 |
| 20100306827 | Opaque Quarantine and Device Discovery - Embodiments described herein provide communication control features and functionality, but are not so limited. In an embodiment, a computing environment includes an access control component that can use a number of access states to control access to computing data and/or services. In one embodiment, a server computer can control access to data and/or services using a number of access states including, but not limited to: an allowed state, a blocked state, a device discovery state, and/or a quarantined state. Other embodiments are available. | 12-02-2010 |
| 20100306828 | Method for Secure Validation Utilizing Existing Validation Framework - Granting secure access to stored digital medical information to patients or healthcare providers facilitates information exchange in healthcare. Payment for healthcare services can be accomplished with a credit card or other electronic payment means. Each payment transaction is assigned a unique ID number by financial services computer systems, itself being transmitted with temporal information to the medical record system at the time of issuance. Receiving medical record system(s) incorporate the ID number into the validation process by requiring it during validation in defined time frame from issuance. When correctly entered in the time frame allocated, patient medical information is displayed on the requestor's computer screen. If the ID is not entered in the determined time frame, access if not granted. Transaction ID number usage therefore provides a temporal limit on access to the patient's medical information and serves as an additional validation mechanism. | 12-02-2010 |
| 20100306829 | IMAGE FORMING APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION CONTROL METHOD, AUTHENTICATION CONTROL PROGRAM, AND COMPUTER-READABLE RECORDING MEDIUM HAVING AUTHENTICATION CONTROL PROGRAM - A disclosed image forming apparatus includes an authentication information reception unit configured to receive first authentication information input to the image forming apparatus, an authentication control unit configured to send the first authentication information to a first authentication apparatus connected to the image forming apparatus via a network and cause the first authentication apparatus to carry out a first authentication based on the first authentication information, and an authentication information recording unit configured to record, when the first authentication based on the first authentication information has succeeded, the first authentication information therein as second authentication information. In the image forming apparatus, the authentication control unit carries out, in a case where the first authentication apparatus is not available, a second authentication based on the second authentication information recorded in the authentication information recording unit in lieu of the first authentication based on the first authentication information. | 12-02-2010 |
| 20100306830 | Distributed Hierarchical Identity Management - A system and methods for identity management and authentication are provided herein. The present invention employs shadow domains to prove entity membership in an identity management system where responsibility for trust relationships is devolved to the user. The present invention additionally teaches doubly signed certificate transmission for authentication of assertions made by third parties in the identity management network. | 12-02-2010 |
| 20100313244 | METHODS AND APPARATUS FOR DISTRIBUTING, STORING, AND REPLAYING DIRECTIVES WITHIN A NETWORK - In one embodiment, a processor-readable medium stored code representing instructions that when executed by a processor cause the processor to receive a directive from a first client device, store the directive at a memory location, and send the directive to a second client device. The directive includes a directive description portion and a directive content portion. The memory location is associated with the first client device. The directive is configured to cause the second client device to update a context of a display operatively coupled to the second client device in response to the directive. The context being of a directive class associated with the directive description portion, and having a value associated with the directive content portion. | 12-09-2010 |
| 20100313245 | AUTHENTICATION ENGINE FOR ENROLLMENT INTO A COMPUTER ENVIRONMENT - Embodiments of the invention are generally directed to a system and method for enrolling a user into an authentication system. In some embodiments of the invention, a user completes a first portion of the enrollment or setup process using a first computer environment, but is not permitted to complete the enrollment or setup process from the first computer environment. The system permits the user to complete the enrollment or setup process only from a second computer environment different from the first computer environment. In one embodiment, the second computer environment is any computer environment outside of the first computer environment. | 12-09-2010 |
| 20100313246 | DISTRIBUTED PROTOCOL FOR AUTHORISATION - A decentralised, distributed approach to performing authorisation involves receiving an authorisation request at a service providing device, for example “Carol”, and then retrieving trust information from other peer devices in the network. The gathered information is used by the device “Carol” to make a well-informed authorisation decision. | 12-09-2010 |
| 20100319053 | DEVICES WITH PROFILE-BASED OPERATING MODE CONTROLS - A device (e.g., a phone) can be provided by an entity (e.g., a business) to a user (e.g., an employee). The device includes a profile manager that allows the user to configure a personal profile comprising any of applications, settings, and stored data. The device is also configurable with an entity profile determined by the entity that also may include applications, settings, and stored data. The user can select from operating modes comprising at least a personal mode, and a unity mode; an entity mode also may be available for selection. The profile manager, based on the selected mode, determines whether entity profile data and applications are available to the user, and which applications from either profile may conduct user-perceptible activities. The profile manager may periodically verify entity profile rights with a server, and if verification fails, then the profile manager can restrict entity profile data and applications access, regardless of operating mode. | 12-16-2010 |
| 20100319054 | PORTABLE EMBEDDED LOCAL SERVER FOR WRITE-THROUGH CACHE - A method of facilitating, via an embedded local server, dynamic responses to requests originating from an application and directed to a server is disclosed. An intermediary intercepts requests responds to the requests with locally stored data. The intermediary may also forward requests to an embedded local server for processing based on local data. | 12-16-2010 |
| 20100319055 | RADIO COMMUNICATION APPARATUS AND RADIO COMMUNICATION METHOD - A radio communication apparatus executes communication by establishing a communication link according to a security level with other device. The radio communication apparatus sets a security level according to a type of service, and discriminates whether the security level is necessary for the communication with the other device. If the security level is necessary, the communication link according to the security level is established. If the security level is not necessary, security level is lowered and the communication link according to the lowered security level is established. | 12-16-2010 |
| 20100325698 | Trusted and Secure Techniques for Item Delivery and Execution - Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, “trusted” virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI). | 12-23-2010 |
| 20100325699 | SYSTEM FOR PROVIDING AND MANAGING AN ONLINE COMMUNITY CONTAINING A WILL INFORMATION MANAGEMENT AND DISCLOSURE SYSTEM - A Community Website hosted on A Hosting Server maintained by a Hosting Entity and communicatively coupled to a network makes a Resource Center accessible to a plurality of members. The Resource Center has content generated by the members. A Content Management System can manage content on the Community Website so that a friendship tool allows the members to establish virtual friendships with one another “friend requests” and to add them to their virtual friendship network. The Content Management System contains a will information management and disclosure system for holding will information that it unseals in accordance with unsealing conditions registered in advance by a member and/or when the member has become unable to express his/her intentions and discloses to a predetermined recipient. The members enter as electronic information their deposit information in a rewritable manner via a depositor's terminal. | 12-23-2010 |
| 20100325700 | SYSTEM, METHOD AND APPARATUS FOR PROVIDING MULTIPLE ACCESS MODES IN A DATA COMMUNICATIONS NETWORK - A system, method and apparatus for providing multiple access modes in a data communications network includes a network access device having a plurality of input ports, a plurality of output ports, and a switching fabric for routing data received on the plurality of input ports to at least one of the plurality of output ports. Control logic within the network access device is adapted to determine whether a user device coupled to one of the plurality of input ports supports a user authentication protocol used by a host network. If the user authentication protocol is not supported, then the input port to which the network access device is coupled is placed in a semi-authorized access state that limits access to a pre-configured network accessible via the host network. | 12-23-2010 |
| 20100325701 | METHOD AND APPARATUS FOR MANAGING A USER - In the field of communications, a method and an apparatus for managing a user are provided. The method for managing a user includes the following steps. An identity of a user is authenticated. After the identity authentication of the user is successfully performed, a service router (SR) authenticates a management authority of the user. After the management authority authentication is successfully performed, service configuration management is performed according to the management authority of the user. As compared with the conventional art, by moderately authorizing the lower level user, the technical solutions can reduce the costs of operation and maintenance, improve the efficiency and solve the problem in time, thereby improving customer satisfaction. | 12-23-2010 |
| 20100325702 | AUTHENTICATION-AUTHORIZATION SYSTEM FOR MOBILE COMMUNICATION TERMINAL AND METHOD THEREFOR - An authentication-authorization system for a mobile communication terminal and a method therefor are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system. | 12-23-2010 |
| 20100333177 | SYSTEM AND METHOD FOR IDENTIFYING UNAUTHORIZED ENDPOINTS - In embodiments of the present invention improved capabilities are described for identifying unauthorized endpoints. The present invention includes computer implemented methods and systems for actively polling and monitoring network devices, such as network routers and switches, to obtain information on any or all of the endpoints on a network with which the router or switch may have communicated. Address information acquired through polling is compared with an authorized endpoint list, which is generated from information reported to the store by security agents on the authorized endpoints and which is stored in a security compliance store, in order to identify unauthorized endpoints. Methods and systems disclosed herein also include remediation measures to be taken on the unauthorized endpoints. Related user interfaces, applications, and computer program products are disclosed. | 12-30-2010 |
| 20100333178 | System and Method for Unique User Identification via Correlation of Public and Private Data by a Third-Party - The present invention is a system and method to provide the unique and persistent user identification of networked electronic devices (e.g., computers, mobile phones, game consoles, set-top boxes, etc.) and/or the users (the first-party) by correlating the public information received by a second-party with the private information available to a network access provider or other third-party and then the capability for the third-party to uniquely identify users/devices and provide data to second-parties. The invention is able to uniquely & persistently identify devices and users on a network without exchanging uniquely identifying information between the user/device and the content provider responding to the request (e.g., no reliance on passwords, cookies, challenge/response, encrypted strings.). | 12-30-2010 |
| 20100333179 | FILE SHARING SYSTEM AND METHOD - A file sharing system includes a web server, a first electronic device, and a second electronic device. The web server includes an authorizing module and a server storage module. The server storage module is capable of storing files uploaded from a first electronic device. The authorizing module is capable of recording an authorizing setting from the first electronic device to authorize a second electronic device to access the files in the server storage module. | 12-30-2010 |
| 20100333180 | DATA PROCESSING APPARATUS THAT REGISTERS INFORMATION NOTIFICATION DESTINATION AND METHOD THEREFOR, AND STORAGE MEDIUM - A capable of preventing reception and processing of large data acquired based on a query string, thereby making it possible to prevent data reception and processing from affecting another event notification or registration request processing performed by the data processing apparatus. When a query string determination section determines that destination information for identifying a notification destination contains a specific character string, an event notification destination registration-determining section determines that the notification destination of information concerning the data processing apparatus is not to be registered in an event notification information-storing section. A Web service response-returning section returns a response indicating that the notification destination has not been registered, to an information processing apparatus connected to the data processing apparatus. | 12-30-2010 |
| 20100333181 | SYSTEM AND METHOD FOR REMOTELY CONFIGURING A DESKTOP MAILBOX - A method and system for remotely configuring a desktop mailbox manager. A mobile node operable to communicate within a wireless network includes a remote desktop controller to generate configuration messages for transmission to a home node at which the desktop mailbox manager is located. When reconfiguration is required, reconfiguration criteria are formulated, usually at the direction of the user. The reconfiguration criteria are then used by the remote desktop controller to create a reconfiguration message, which is addressed for delivery to the home node. A network connection is established, and the reconfiguration message is transmitted. A network server associated with the base station through which the mobile node is communicating with the network routes the message to a server associated with the home node, utilizing an appropriate gateway if necessary. The message is stored on the server until the home node establishes communication and then the message is downloaded to the home node. In the home node, the message is used to reconfigure the desktop manager. | 12-30-2010 |
| 20110004922 | User Specified Privacy Settings - Customized content sharing techniques are described. In an implementation, an input is accepted that describes a particular type of content. The input is provided via selection of one or more privacy settings for a user of a social network service. The input is also used to control which other users of the social network service are permitted to communicate content to the user. | 01-06-2011 |
| 20110004923 | METHOD AND SYSTEM FOR GENERATING USER GROUP IDENTIFIERS - A method and apparatus for generating user group identifiers using a permissions matrix is disclosed. The permissions matrix includes an entry that is associated with a row and a column of the permissions matrix. The row of the permissions matrix is indexed with a first role and the column of the permissions matrix is indexed with a second role. A data structure implementing such a method can include, for example, a user group identifier matrix. Alternatively, a method is disclosed in which the expiration of a user group identifier is detected. In such a case, the user group identifier is updated by accessing a user group identifier matrix. | 01-06-2011 |
| 20110004924 | CHALLENGE-RESPONSE SYSTEM AND METHOD - A content-based authorisation method is described, wherein the method is operable to validate that a user has access to certain content. By having access to the content, the system is able to decide that the user is authorised to access the content, and may perform operations or set access rights accordingly. | 01-06-2011 |
| 20110004925 | DATA PROCESSING WITH A POSTERIORI OR A PRIORI AUTHENTICATION - A method and apparatus are provided for processing data. The method includes a step of receiving, during a first communication session established with said server, a request formulated by a first user defining at least one processing operation to be executed on first data, and a step of executing said processing operation on said first data, during a second communication session established with said server after said first session for a second user. The step of executing is applied on condition that the second user has been authenticated via a strong authentication method during the second session and that a relationship between the first and second users has been verified. | 01-06-2011 |
| 20110010758 | METHOD AND APPARATUS FOR ASCERTAINING DATA ACCESS PERMISSION OF GROUPS OF USERS TO GROUPS OF DATA ELEMENTS - A method for ascertaining access permissions of users to computer resources on a storage unit, the method including grouping users into a plurality of user groups wherein all members of at least one of the user groups have at least nearly identical user/resource access permissions to the computer resources, grouping resources into a plurality of resource groups wherein all members of at least one of the resource groups have at least nearly identical resource/user access permissions, ascertaining whether a given user is a member of a user group, if the given user is a member of a user group, ascribing to the given user the user/resource access permissions of the user group, ascertaining whether a given resource is a member of a resource group, and if the given resource is a member of a resource group, ascribing to the given resource the resource/user access permissions of the resource group. | 01-13-2011 |
| 20110010759 | PROVIDING A CUSTOMIZED INTERFACE FOR AN APPLICATION STORE - Embodiments of the present disclosure provide a system and method of providing customized access to an electronic storefront for downloading software for a mobile device based on authorization data stored on the mobile device. In one embodiment, mobile devices have stored one or more profile. Each profile is signed by a particular entity (a particular developer or enterprise) and includes authorization data authorizing one or more devices to install and use software associated with the entity. A content management application associated with the storefront (e.g., iTunes) identifies one or more storefronts associated with the entities of authorized profiles for a particular device upon access to the storefront and provides the entity storefronts to a user of the device based on the authorization data stored on the device. In one embodiment, a profile is authorized, e.g., using encryption and installed to the device by the particular entity. Software for which distribution is limited to those authorized by an enterprise or other entity is thus only available for download to a properly profiled and authorized device. | 01-13-2011 |
| 20110010760 | COMMUNICATION APPARATUS, CONTROL METHOD OF COMMUNICATION APPARATUS, AND PROGRAM - If automatic setting of communication parameters is performed in an ad hoc network when a communication apparatus is connected to an infrastructure network, there is a possibility that infrastructure network information is leaked to the infrastructure network. When an instruction to start the automatic setting of communication parameters is issued, a network participation state of the communication apparatus is determined and the automatic setting of communication parameters is not performed during enterprise connection. | 01-13-2011 |
| 20110016512 | METHOD FOR AUTHORISING A CONNECTION BETWEEN A COMPUTER TERMINAL AND A SOURCE SERVER - The disclosure relates to a method and a system for authorising a connection between a computer terminal and a source server, including an initialisation phase wherein:
| 01-20-2011 |
| 20110023090 | INTEGRATING SERVICE INSERTION ARCHITECTURE AND VIRTUAL PRIVATE NETWORK - Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker. The dynamic mapping facilitates providing differentiated services in the SIA by facilitating forwarding an IPSec packet received on the IPSec VPN tunnel from the user to a service node associated with the SIA service based, at least in part, on the IPSec SADB entry modified using the service information. | 01-27-2011 |
| 20110023091 | AUTHENTICATION, AUTHORIZATION AND ACCOUNTING SERVICES SOLUTION - Methods, systems and modules for Authentication, Authorization and Accounting (AAA) services. In one embodiment, session information is stored in an external database so that the information can be retrieved to continue a session using a different AAA server than the one which originated the session, and/or can be retrieved by non-AAA systems. | 01-27-2011 |
| 20110023092 | Method and system of plug-in privilege control - A plug-in privilege control includes authorizing a plug-in, including assigning a plug-in identification number (PIN) to the plug-in wherein the PIN is used to identify an identification (ID) of the corresponding plug-in; notifying the plug-in about the PIN; storing information about the plug-in and a plug-in accessible service to a mapping of services; receiving a request for a service from the plug-in, wherein the request includes the PIN; retrieving the ID of the plug-in according to the PIN; and determining whether to allow the plug-in to access the service that it requested. | 01-27-2011 |
| 20110023093 | Remote Roaming Controlling System, Visitor Based Network Server, and Method of Controlling Remote Roaming of User Devices - An authorization assisting device sends to the VBN server an authorization request for access to the WAN by a requesting user device. A registration driver has a set of assignable IP address ranges for multiple routing realms, and assigns an IP address to a user device from a relevant IP address range depending on a routing realm from which communication from the user device is received. The assignable IP address ranges include one or more authorization address ranges from which the registration driver assigns an IP address to a user device whose authorization request is received from the authorization assisting device. An authorization module processes the authorization request to generate an authorization response granting or denying access to the WAN by the requesting user device based on registration data in a registration data store and the information in the authorization request. | 01-27-2011 |
| 20110023094 | METHOD, APPARATUS, AND SYSTEM FOR PREVENTING ABUSE OF AUTHENTICATION VECTOR - A method for preventing abuse of an Authentication Vector (AV) and a system and apparatus for implementing the method are provided. Access network information of a non-3rd Generation Partnership Project (3GPP) access network where a user resides is bound to an AV of the user, so that when the user accesses an Evolved Packet System (EPS) through the non-3GPP access network, even if an entity in the non-3GPP access network is breached, or an Evolved Packet Data Gateway (ePDG) connected to an untrusted non-3GPP access network is breached, the stolen AV cannot be applied to other non-3GPP access networks by an attacker. | 01-27-2011 |
| 20110023095 | SYSTEM AND METHOD FOR SUPPORTING SECURITY ADMINISTRATION - A transactional server is configured to receive a transactional procedure call from a client to initiate one or more transaction processes. Said transactional server includes a Lightweight Directory Access Protocol (LDAP) authentication server which is configured to forward the transactional procedure call from the transactional server to a distributed authentication server for authentication. When the transactional procedure call to initiate a transaction is received at the transactional server, the LDAP authentication server identifies a user associated with the transactional procedure call, determines that the distributed authentication server should authenticate the user, and initiates an LDAP session between the transactional server and the distributed authentication server. Then, after receiving from the distributed authentication server corresponding user information, the LDAP authentication server creates a token reflecting an authentication result based on the corresponding user security information, which is subsequently used to authenticate the client to participate in the transaction. | 01-27-2011 |
| 20110030034 | URGENT ACCESS MEDICATION DISPENSING STATION - A medical supply station is disclosed. The medical supply station includes a securable compartment configured to hold medical supplies, and a controller. The controller is responsive to access information and is configured to selectively permit access to the securable compartment when the access information indicates the securable compartment is authorized for access, and restrict access to the securable compartment when the access information indicates the securable compartment is not authorized for access. The medical supply station also includes a critical access module configured to, upon actuation, bypass the access information required by the controller and permit substantially immediate access to the securable compartment. The medical supply station further includes an image capturing device, coupled to the critical access module, configured to capture at least one image of an area proximal to the medical supply station in response to actuation of the critical access module. | 02-03-2011 |
| 20110030035 | METHOD OF MANAGING AUTHORIZATION OF PRIVATE NODE B IN A WIRELESS COMMUNICATION SYSTEM AND RELATED DEVICE - A method of managing authorization of a private node-B for a packet core network terminal of a wireless communication system includes determining authorization validity of the private node-B according to network information and licensed band coverage of the private node-B, and then rejecting the authorization of the private node-B when the network information of the private node-B is out of the licensed band coverage of the private node-B. | 02-03-2011 |
| 20110030036 | RUNNING A SOFTWARE MODULE AT A HIGHER PRIVILEGE LEVEL IN RESPONSE TO A REQUESTOR ASSOCIATED WITH A LOWER PRIVILEGE LEVEL - A request is received from a requester to run a first software module at a first privilege level, where the requester is associated with a second privilege level, and wherein the first privilege level is higher than the second privilege level. It is determined whether the first software module is valid to run at the first privilege level by checking for predefined content associated with the first software module. The first software module is run at the first privilege level on the computer in response to detecting the predefined content. | 02-03-2011 |
| 20110030037 | ZONE MIGRATION IN NETWORK ACCESS - The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment. | 02-03-2011 |
| 20110030038 | Auditing Authorization Decisions - The auditing of authorization decisions is facilitated by integrating or coupling an audit policy to access control decisions. In an example implementation, an audit policy of an auditing scheme is coupled to a semantic framework of an access control scheme such that the audit policy is specified using at least a portion of the semantic framework. In another example implementation, audit policy rules include audit content rules that specify what audit information from any of the inputs, the outputs, or the internal data of authorization decisions is to be included in an audit record. In yet another example implementation, a semantic of an audit trigger rule comports with a semantic framework of an access request and of a logical evaluation for an authorization decision. | 02-03-2011 |
| 20110035788 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match. | 02-10-2011 |
| 20110035789 | Determining a Trust Level of a User in a Social Network Environment - A system and method for determining a trust level for a non-approved user in a social network is described. The method includes monitoring requests for social network interactions between an approved user and the non-approved user and determining if each interaction requested is of a first type or a second type. The method further includes increasing a first trust value when the interaction requested is of the first type and increasing a second trust value when the interaction requested is of the second type. The method further includes determining the trust level based on the first trust value and the second trust value. The method further includes changing the status of the non-approved user to an approved user based on the trust level, the first trust value and/or the second trust value. | 02-10-2011 |
| 20110035790 | METHOD AND SYSTEM FOR SYNCHRONISING BOOKMARKS - Systems and methods for synchronising bookmarks between communications devices are provided. Bookmarks refer to user-defined and nicknamed URLs as local parameters in Browser software, also sometimes known as “Favourites”. Real-time synchronisation of bookmarks is accomplished through an application of “push technology”. Upon identifying a change in the set of bookmarks of a communications device, the communications device transmits an indication of the change to the network. The network uses push technology to push the indication to the other communications device. Once the indication is received by the other communications device, the other communications device updates its set of bookmarks according to the indication thereby achieving synchronisation. Synchronisation may be performed between two or more devices. | 02-10-2011 |
| 20110041160 | SURGERY ROBOT SYSTEM OF SERVER AND CLIENT TYPE - A server-client type surgical robot system is disclosed. One aspect of the present invention provides a surgical robot system that includes a plurality of control clients, which generate control signals, and a surgical server, which is manipulated in correspondence with the control signals received from authenticated control clients. The server-client type surgical robot system can include a plurality of control clients for manipulating one surgical server, and incorporates security technology in server-client based robot surgery, to allow greater safety in performing surgery. | 02-17-2011 |
| 20110041161 | Management of Ancillary Content Delivery and Presentation - Embodiments of the present invention address delivery of content, including advertising, in an online or networked digital environment. Undesirable content or content that needs to be removed from the digital environment may be eliminated through invocation of a ‘kill switch’ that terminates further delivery of the aforementioned content. The ‘kill switch’ may also eliminate certain instantiations of that content already delivered to end-user client devices. In order to lessen the need for termination of content following delivery to the digital environment, content developers and content providers may view content scheduled for delivery in digital environment ‘mock ups’ prior to actual delivery. Content developers and content providers, too, may control certain attributes related to content scheduled for delivery to further obviate post-delivery termination or modification. | 02-17-2011 |
| 20110041162 | METHOD AND APPARATUS FOR PROVIDING ENVIRONMENT FOR USE OF INTERNET-BASED SERVICE - An apparatus and method for improving the convenience and efficiency of use of the Internet and providing a fundamentally new environment for use of an Internet-based service through automation of authentication for Internet-based service are provided. The apparatus includes an authentication-authorization-accounting (AAA) agent which performs network access authentication such that a user terminal can access a network that the user terminal recognizes, and which performs user authentication required for using Internet-based services according to procedures in accordance with requirements predefined for a user's purpose, wherein the Internet-based services are provided over the Internet by a contents provider. Accordingly, it is possible to reduce costs to be spent on service preparation procedures which are not necessarily related to the actual use of services, and thus the convenience and efficiency of service can be improved. | 02-17-2011 |
| 20110041163 | SYSTEMS AND METHODS FOR USER INTERFACE CONTROL - Enabling and disabling login access to a web-based application by examining automatic number identification (ANI) information from a received telephone call, associating the ANI information with a user account, determining a current state of login access to a web-based application for the user account, the state of login access being one of enabled and disabled, and notifying the web-based application to change the state of login access to the other of enabled and disabled depending on the then-current state of login access. The methodology may further include examining dialed number identification service (DNIS) information of the received call to determine which of the enabling or disabling actions to take, and/or to determine which of a plurality of accounts is to be effected by the desired change in state of login access. | 02-17-2011 |
| 20110041164 | GENETIC PROFILING AND BANKING SYSTEM AND METHOD - A method is provided for determining whether a third party is authorized to access information representative of genetic data. This information representative of genetic data is associated with a physical sample and is provided in an accessible format. A set or access rights is received that define which third parties can access the information and how the information can be used. A third party requests to access the information for the purposes of performing a test. The request is compared to the access rights. If the third party is authorized, the test is performed on the information. If, however, the third party is not authorized, access is denied. | 02-17-2011 |
| 20110047598 | DEVICE IDENTITY MATCHING - Devices are identified by their owners and authorization to network two or more devices is based on device ownership. Data structures such as address books can store information about an owner of a device and maintain an entry indicating that a particular entry identifies the owner of the device. Other entries in the address book are contacts of the owner. A host device can authorize a client for communication with the host based on a relationship between the owner of the client and the owner of the host as indicated by the presence of the contact information of the client's owner in the host's address book. Devices and can enable communication and sharing of services and levels of access permissions based on the relationship of the owners' of the respective devices. | 02-24-2011 |
| 20110047599 | MICROMINIATURE PERSONAL COMPUTER AND METHOD OF USING THEREOF - A microminiature personal computer that is connected to external devices using standard interfaces for information input and output. The microminiature personal computer has an interconnected processor, a memory, a security module, and a connector. At least part of memory should be non-volatile to keep operating system, drivers to work with external devices, programs and data. The microminiature personal computer does all processing and all programs are running inside its memory while external device is used only for information input and output through a virtual window thus ensuring security of both systems and lack of unauthorized interaction between them. | 02-24-2011 |
| 20110047600 | SYSTEMS AND METHODS FOR PROVIDING A VIRTUAL WORLD COMMODITY DEVICE - The present invention describes methods and apparatus to enable efficient and protected interaction with a virtual world environment. An exemplary embodiment of the present invention provides a system including a virtual world commodity device including a housing and a memory. Furthermore, the system includes a product unique identifier stored in the memory of the virtual world commodity device. The virtual world commodity device is enabled to communicate with a virtual world environment to provide the product unique identifier and the virtual world environment provides a globally unique identifier to be stored in the memory of the virtual world commodity device. | 02-24-2011 |
| 20110047601 | Electronic Content Distribution and Exchange System - An electronic content distribution and exchange system provides authenticated, reliable content downloads and tracking capabilities. Content is distributed to users through the invention's architecture. A user registers for the purchase of content through an interface on a client system or via a Web site. The purchase is for a license to the content, not for the content itself. A list of available content is displayed to the user through the client system or the Web site. The invention's central servers log the purchase of the content into a license database. The user accesses content through the client system's user interface where the user plays the content and controls its playback. | 02-24-2011 |
| 20110055900 | DISTRIBUTED AUTHENTICATION, AUTHORIZATION AND ACCOUNTING - In some embodiments, computer systems, storage mediums, and methods are provided for controlling a connecting device's access to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for authentication, authorization, and accounting of connecting devices connecting to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of authentication routing data and authorization policies among a plurality of computer networks. In yet other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of accounting among a plurality of computer networks. | 03-03-2011 |
| 20110055901 | WIRELESS DEVICE FOR GROUP ACCESS AND MANAGEMENT - A system and method for establishing a group of wireless devices having shared media stored thereupon associates each group member device of the group of wireless devices, communicates with at least some of the group member devices of the group of wireless devices to identify shared media and upon receiving a request transmitted by a group member device of the group of wireless devices, supports access to shared media. The shared media may be stored on a different group member device, upon a managing server computer, or a media server. Upon a successful validation, the group member device that made the request is notified to facilitate the access to the shared media. The notification includes access information. | 03-03-2011 |
| 20110055902 | DYNAMIC AUGMENTATION, REDUCTION, AND/OR REPLACEMENT OF SECURITY INFORMATION BY EVALUATING LOGICAL EXPRESSIONS - Method, server, and computer product for modifying base permissions of access control lists (ACL) by evaluating logical expressions (LE). Base permissions are determined for a subject by comparing a name of subject against ACL entries for an object. ACL entries having LE entries are determined. LE entries are evaluated to determine which LE entries are true for LE attributes of the subject. Set operators of LE entries are combined to single union ACL, intersect ACL, and replace ACL. Replace operation performed to replace base permissions with replace ACL, resulting in first output. If no replace ACL, base permissions are the first output. Union operation is performed on first output and union ACL, resulting in second output. If no union ACL, first output is second output. Intersect operation performed on second output and intersect ACL, resulting in third output. If no intersect ACL, permissions of second output are the third output. | 03-03-2011 |
| 20110055903 | AUTHENTICATING USE OF A DISPERSED STORAGE NETWORK - At least one dispersed storage (DS) processing unit ( | 03-03-2011 |
| 20110055904 | LICENSE AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - A license authentication system and method enabling authentication of an application to be installed in a client PC which is being incapable of communicating with the server which authenticates the application. A portable terminal performs license authentication of an application to be installed in a client PC in place of the server and gives the client PC a temporary right of use (step | 03-03-2011 |
| 20110055905 | AUTHENTICATION APPARATUS AND COMPUTER-READABLE MEDIUM STORING AUTHENTICATION PROGRAM CODE - An authentication apparatus may include a storage unit, an analysis unit, and an authentication unit. The storage unit may be configured to store pieces of authentication information and an authentication order of the pieces of authentication information. The analysis unit may be configured to compare pieces of input information with the pieces of authentication information and to compare an input order of the pieces of input information with the authentication order. The authentication unit may be configured to authorize the pieces of input information if the comparison shows that the pieces of input information match the pieces of authentication information as necessary to authenticate and the input order of the pieces of input information matches the authentication order. | 03-03-2011 |
| 20110055906 | METHOD FOR AUTHENTICATION AND VERIFYING INDIVIDUALS AND UNITS - A method is provided for authenticating and verifying individuals and units, wherein the data exchange between the units proceeds by means of relative data and/or encrypted data. The method is characterized in that the authentication and/or verification processes of individual and/or units are carried out by units that are allocated to individuals or that the authentication and/or verification processes of individuals and/or units are carried out by units authorized to authenticate and/or verify, a unit being authorized to authenticate and/or verify by the transmission of at least one copy of a power by a unit allocated to an individual through the unit allocated to the individual once the owner of the unit allocated to an individual is authenticated. | 03-03-2011 |
| 20110061092 | METHOD FOR APPLYING A PHYSICAL SEAL AUTHORIZATION TO DOCUMENTS IN ELECTRONIC WORKFLOWS - A system and method for applying a pre-existing physical seal authorization to documents provides for authentication of electronic documents using physical seals and without interrupting the electronic workflow. The system of the present invention includes a seal capture device coupled to a computer, and the computer coupled by a network to a paper-like document server. The seal capture device detects depression of a seal thereon and outputs the image of the seal and other metadata to the computer. The computer stores the metadata in its local log using a logging module. The computer also adds the image of the seal and other metadata to the electronic document being displayed. Finally, the computer sends the metadata for storage in the global log of the paper-like document server, and the authorized document to the next step in the electronic workflow. The paper-like document server stores the metadata in other servers or entangles the global log with the logs of other servers for additional security. | 03-10-2011 |
| 20110061093 | TIME DEPENDENT ACCESS PERMISSIONS - A network object access permission management system useful with a computer network including at least one server and a multiplicity of clients, the system including an access permissions subsystem which governs access permissions of users to network objects in the computer network in real time and a future condition based permissions instruction subsystem providing instructions to the access permission subsystem to grant or revoke access permissions of the users to network objects in real time in response to future fulfillment of conditions which are established by an operator in advance. | 03-10-2011 |
| 20110061094 | Domain Isolation Through Virtual Network Machines - A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains. | 03-10-2011 |
| 20110061095 | Secure Web Based Transactions - Methods of securely performing online transactions are described which involve two independently controlled web servers. In order to complete a transaction, a user interacts concurrently with each of the two web servers and authentication may occur between the user and each web server and between web servers. Each of the two web servers provide data which is used to complete the transaction and the data provided by the first web server is communicated directly to the second web server for use in the transaction. In an embodiment, the first web server provides a web page which enables a user to specify a variable which is used in the transaction. This is communicated to the second web server which processes the transaction along with an identifier for the message. The identifier may be used in validating the variable before it is used in processing the transaction. Following completion of a transaction this may be reported in real time to the first web server. | 03-10-2011 |
| 20110067090 | IMAGE DATA FORMING APPARATUS - An image data forming apparatus includes: an image data forming unit configured to form image data; a user authentication information forming unit configured to form user authentication information; a storage unit storing a program configured to be executed by a destination device to determine whether or not to permit outputting the image data from the destination device based on the user authentication information; an image file forming unit configured to form an image file including the image data, the user authentication information, and the program; and a communication control unit configured to transmit the image file to the destination device. | 03-17-2011 |
| 20110072494 | INTERFACE APPARATUS, CONTROL METHOD OF INTERFACE APPARATUS, CONTROL PROGRAM OF INTERFACE APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM STORING THE CONTROL PROGRAM - Various kinds of content items are dealt with by a single interface apparatus. A content processing apparatus | 03-24-2011 |
| 20110072495 | METHOD FOR USING RIGHTS TO CONTENTS - Disclosed herein is a method of checking whether or not a memory card including rights to contents is mounted in a terminal during a process of using the contents. The checking operation may be performed in synchronization with a timing at which a BCAST client within the terminal requests a traffic encryption key (TEK) to a DRM agent. In addition, there is disclosed herein a method of checking whether or not the memory card is mounted therein, as well as whether or not rights to the contents actually exist in the memory card. | 03-24-2011 |
| 20110072496 | METHOD AND SYSTEM FOR USER ACCESS TO AT LEAST ONE SERVICE OFFERED BY AT LEAST ONE OTHER USER - A method of access by at least one second user, to at least one service offered by a first user is provided, which includes transmitting by the first user to the second user at least one invitation comprising an access level defined by the first user to allow said at least one second user to access said at least one service; verifying the content of said at least one invitation, delivering to the second user an access authorization to said at least one service, dependent on the access level; and requesting access to said at least one service by the second user, on the basis of the access authorization. | 03-24-2011 |
| 20110078767 | USAGE CONTROL SERVICES PERFORMED IN AN END USER DEVICE - Systems and methods are disclosed for providing usage control of communication services within an end user device. A system in the network receives input from a controlling party defining usage restrictions for the end user device. The system then generates a usage control profile, and transmits the usage control profile to the end user device. The end user device then monitors activities in the device to identify a communication attempt (e.g., an incoming voice call). When a communication attempt is identified, the end user device processes the usage control profile to determine whether the communication attempt is authorized, and allows the communication attempt to continue if the attempt is authorized. If the attempt is not authorized, then the end user device blocks the communication attempt. | 03-31-2011 |
| 20110078768 | METHOD FOR DATA TRANSMISSION BETWEEN SERVER AND CLIENT - A method is used for data transmission between a server and a client. The method includes the following steps. The server receives a request from the client through a network. The server determines if the client has access authorization. The server creates a background process when acquiring the access authorization. The server receives a data block and a status checking request from the client. The background process sends a data report to the client for each data block received. The server submits a status report in response to the status checking request. | 03-31-2011 |
| 20110078769 | ELECTRONIC FILE BROWSING SYSTEM AND CONTROL METHOD THEREOF - An electronic file browsing system includes an electronic file delivery device and a file processing server. When document file browsing is requested from a mobile phone, a mobile phone access server in the file delivery device creates link information including session ID as authentication information and sends it to the mobile phone. Based on this link information, the mobile phone accesses the file processing server. The file processing server obtains session ID from the mobile phone and adds this session ID to the delivery request of the document file to the mobile phone access server. | 03-31-2011 |
| 20110083163 | Temporarily providing higher privileges for computing system to user identifier - A root user identifier of a computing system is disabled. Thereafter, and in response to determining that a problem with the computing system requires root privileges to the computing system to solve, a code patch for installation on the computing system is received from a third party. The code patch is installed on the computing system, resulting in a user identifier temporarily having the root privileges to the computing system. The user identifier is different than the root user identifier is. A password for the user identifier is provided to the third party to permit the third party to solve the problem with the computing system using the root privileges, via the user identifier temporarily having the root privileges to the computing system. The code patch is computer code installable on the computing system. | 04-07-2011 |
| 20110083164 | ASSOCIATING MULTIPLE SECURITY DOMAINS TO APPLICATION SERVERS - Multiple security domains can be created and associated with various scopes within the cell allowing security configurations of each scope to be managed collectively. Examples of scopes include the entire cell, one or more application servers, one or more applications, one or more clusters, one or more service integration buses, one or more nodes, etc. Security configurations associated with the security domains can be applied to the scopes based on a hierarchy of the security domains. In addition, new security domains may be created automatically based on security requirements of newly installed applications. | 04-07-2011 |
| 20110083165 | Method and system for regulating, disrupting and preventing access to the wireless medium - A method for restricting one or more wireless devices from engaging in wireless communication within a selected local geographic region. The method includes receiving an indication comprising at least identity information. Preferably, the indication is associated with a selected wireless device, which is associated with an undesirable wireless communication within the selected local geographic region. The method includes selecting one or more processes directed to restrict the selected wireless device from engaging in wireless communication and performing a prioritized access to a wireless medium using at least one of one or more sniffer devices, which are spatially disposed within a vicinity of the selected local geographic region. The method transmits one or more packets from the at least one of one or more sniffer devices. Preferably, the one or more packets are directed to perform said one or more processes to restrict the selected wireless device. | 04-07-2011 |
| 20110083166 | SYSTEM FOR ELIMINATING UNAUTHORIZED ELECTRONIC MAIL - A system for eliminating unauthorized email sent to a user on a network analyzes the sender address of incoming email and determines whether it is to be rejected by returning a standard “no such user” error code or accepted depending upon executing processing rules and analyzing managed lists of authorized senders. This provides an advantage over existing anti-spam filtering systems by intercepting unauthorized email before it reaches an existing email server or client. The system rejects all email unless authorized by using a standard “no such user” error code, and by redirecting the unauthorized email back to the sender or to a sender evaluation site. An ASL module captures authorized sender addresses from the user's outgoing email and other sources in order to update “authorized senders” lists. The system may employ a WBM procedure that notifies senders of rejected email to go to a separate website and register as valid senders after passing an interaction test that precludes automatic registration by a mechanical program. A destination proxy email address procedure allows subscribers to use temporary proxy addresses for receiving email expected from unknown sources and instantiates senders as authorized upon receiving the expected email to the proxy addresses. The unauthorized-email rejection component can be readily configured as a hardware or software appliance used in tandem with a conventional email server, email gateway, or firewall to an intranet, or as a software extension to an existing firewall system. | 04-07-2011 |
| 20110083167 | Leveraging Collaborative Cloud Services to Build and Share Apps - The present invention includes systems and methods for retrieving information via a flexible and consistent targeted search model that employs interactive multi-prefix, multi-tier and dynamic menu information retrieval techniques (including predictive text techniques to facilitate the generation of targeted ads) that provide context-specific functionality tailored to particular information channels, as well as to records within or across such channels, and other known state information. Users are presented with a consistent search interface among multiple tiers across and within a large domain of information sources, and need not learn different or special search syntax. A thin-client server-controlled architecture enables users of resource-constrained mobile communications devices to locate targeted information more quickly by entering fewer keystrokes and performing fewer query iterations and web page refreshes, which in turn reduces required network bandwidth. Applications are built by leveraging existing collaborative cloud services that enable the maintenance and sharing of user content. | 04-07-2011 |
| 20110083168 | Framework of Media-Independent Pre-Authentication - This application describes, among other things, a framework of Media-independent Pre-Authentication (MPA), a new handover optimization mechanism that has a potential to address issues on existing mobility management protocols and mobility optimization mechanisms. MPA is a mobile-assisted, secure handover optimization scheme that works over any link-layer and with any mobility management protocol. This application also shows, among other things, an initial implementation of MPA in our testbed and some performance results to show how existing protocols could be leveraged to realize the functionalities of MPA. | 04-07-2011 |
| 20110088079 | Dynamically Constructed Capability for Enforcing Object Access Order - Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence. | 04-14-2011 |
| 20110088080 | Apparatus and Method for Authorization for Access Point Name (APN) Usage in a Specific Access - An apparatus and method for receiving a request for authorization and access from a requestor; determining the association of a care-of-address (CoA) in the request with an access technology used by the requestor; administering authorization rules based on the association of the care-of-address (COA) and the access technology; and determining either to allow access or to deny access to the requestor using results from administering the authorization rules. | 04-14-2011 |
| 20110093923 | SYSTEM AND METHOD FOR ACCESS CONTROL OF NETWORK DEVICES ACROSS MULTI-PLATFORM ACCESS LISTS - A system for sharing a device between two independent software platforms and for access control of a network device across the two independent software platforms is provided. The system has a first computing device operating on a first software platform for authenticating at least a first user and accessing a first user's access list having at least one address of a second user. The system also has a second computing device operable with the same first user and a second different software platform. A destination across the first and the second software platforms is mapped to selectively control the device by the second user from the first user's access list with the second user operating on the second computing device. | 04-21-2011 |
| 20110093924 | SYSTEM FOR COLLECTING AND ORGANIZING GAME STATISTICS, INFORMATION AND APPLICATIONS FOR DISTRIBUTION, ANALYSIS AND ENTERTAINMENT, AND METHOD - A web-based and accessible sports statistics, information and application system configured to establish a hierarchy of rights controlling access by users to sports statistics stored in the system, establish a hierarchy of permissions to be granted to users based on the hierarchy of rights, establish a hierarchy of reports that can be downloaded by users based on their rights and permissions, and permit synchronization of a team roster and team statistics between the user's database information on a personal computer with database information on the website database. | 04-21-2011 |
| 20110093925 | Entitled Data Cache Management - Systems and methods are disclosed for managing an entitled data cache. A data server may generate and send entitled data to a data cache server. The data cache server, a server that may be located nearer to the user within a data provider's computer network, may receive and cache the entitled data. A permission server may store user's permissions and transmit the user's permissions to the data server and the data cache server. Upon receiving a request for data, the data cache server may retrieve the requested data from the cache and send a subset of the cached data which matches the user's permissions to the user, without the need to request the data from the data server. | 04-21-2011 |
| 20110093926 | SYNDICATION METHODOLOGY TO DYNAMICALLY PLACE DIGITAL ASSETS ON NON-RELATED WEB SITES - An automated method is provided for obtaining selected content for a web page that allows for syndication of digital assets. The selected content itself is not initially part of the web page. The web page includes script associated with the selected content. Upon receiving a web page that includes script associated with the selected content, the script is interpreted. A request is then formatted for obtaining the selected content from a remote site. The request includes a uniform resource identifier (URI) of the web page and a unique identifier of the selected content. The script includes a subscriber identifier and a content identifier, which, together, create the unique identifier of the selected content. | 04-21-2011 |
| 20110093927 | METHOD OF AUTHORIZATION FOR A CELLULAR SYSTEM - A method and entity of authorising in a communication system are disclosed. The method includes using authorising data to reference other data to define an authorisation associated with the other data. The authorising data includes one of a data component, data group, or data element. Further, a user profile can be provided and includes a user profile data component and an authorisation data component. The authorisation data component or the user profile data component references another authorisation component. Access is authorised to data associated with the user profile data component in accordance with the authorisation data component. | 04-21-2011 |
| 20110093928 | MANAGEMENT SYSTEM - A management system manages use of management object provided in facilities by using an information storage medium of a user. An entrance management apparatus, provided in the vicinity of an entrance of the facilities, stores use permission information for permitting the use of the management object on an information storage medium when the user enters the facilities. In the facilities, a use management apparatus, provided for each management object, controls availability or unavailability of the management object based on the use permission information stored on the information storage medium. Additionally, the use management apparatus stores, in the information storage medium, use information showing that the management object is used. Further, a room leaving management apparatus, provided in the vicinity of an exit of the facilities, manages leaving of the user based on the use information stored on the information storage medium. When the user leaves the facilities, it is controlled whether or not the user can leave the facilities, and use history information is stored, based on the use information. | 04-21-2011 |
| 20110093929 | METHOD, SYSTEM, AND TERMINAL FOR USING SUBSCRIPTION SERVICE CONTENT - A method and system for using subscription service content are provided. The method includes: receiving a registration request for using subscription service content transmitted from a user terminal, where the registration request carries an identifier (ID) of the user terminal; determining whether the registered number of the user terminals using the subscription service content registered by a user is greater than the maximum number of the user terminals permitted to use the subscription service content according to the ID of the user terminal, and if not, activating the user terminal according to the ID of the user terminal; and providing authorization for permission of using the service content for the activated user terminal. Through the provided technical solutions, a user is capable of conveniently using the service content at different terminals while unauthorized spread of the service content is avoided during network handover of a user equipment (UE). | 04-21-2011 |
| 20110093930 | Concept of Efficiently Distributing Access Authorization Information - A device for controlling a service access authorization for a user device with regard to an access-restricted service includes a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier when at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device. | 04-21-2011 |
| 20110093931 | Nodes of a Content Sharing Group, Methods Performed by the Nodes, and Computer Programs Executed in the Nodes - A content sharing group node of a content sharing group is disclosed. The content sharing node is arranged to receive a sharing right comprising boundaries of redistribution of the sharing right and content sharing group membership restrictions to further content sharing group nodes of the content sharing group, arranged to access the content according to the combined restrictions of the sharing right and a usage right, and arranged to re-distribute the sharing right within the boundaries of re-distribution of the sharing right and to restrict its content sharing group membership according to the sharing right, wherein the content sharing group is defined as the sharing right is redistributed. Methods and computer programs for content sharing are also disclosed. | 04-21-2011 |
| 20110093932 | METHOD AND SYSTEM FOR SUPPORTING MOBILITY SECURITY IN THE NEXT GENERATION NETWORK - The present invention discloses a method and system for supporting mobility security in a next generation network. In implementation of the method, a Transport Authentication and Authorization Functional Entity (TAA-FE) and a mobile agent functional entity are configured in the network, and a reference point for transmitting key material is established between the TAA-FE and the mobile agent functional entity; when a terminal moves, the mobile agent functional entity receives the key material from the TAA-FE, and performs security protection for signaling between the terminal and the mobile agent functional entity. The system comprises: a transport user profile functional entity, a TAA-FE, and a mobile agent functional entity. Applying the present invention, the mobility security on the transport layer in the next generation network is ensured. | 04-21-2011 |
| 20110099608 | System and Method of Controlling Access to Information in a Virtual Computing Environment - In one embodiment the present invention includes a computer-implemented method comprising storing authorization data on a first client computer system, accessing virtual computing software from the first client computer system, accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system, sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system, and accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data. | 04-28-2011 |
| 20110099609 | ISOLATION AND PRESENTATION OF UNTRUSTED DATA - Architecture that provides a secure environment in which data (e.g., code, instructions, files, images, etc.) can be opened and run by a client application. Once opened the data can be viewed (in a “protected view”) by the user without incurring risk to other client processing and systems. Accordingly, the architecture mitigates malicious attacks by enabling users to preview untrusted and potentially harmful data (e.g., files) in a low risk manner. Files opened in the protected view are isolated from accessing key resources on the client computer and provides the user a safer way to read files that can contain dangerous content. The protected view also provides a seamless user experience. The user is unaware that the client is operating on data in a different mode and allows for the reduction of security prompts. | 04-28-2011 |
| 20110107400 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR RECOVERING A PASSWORD USING USER-SELECTED THIRD PARTY AUTHORIZATION - A password recovery technique for access to a system includes receiving a request from a first party to recover the first party's password to access the system, receiving a selection of a second party from the first party, sending a message to the second party requesting that the second party authorize the request to recover the first party's password, receiving authorization from the second party for the request to recover the first party's password, and resetting the first party's password responsive to receiving authorization from the second party. | 05-05-2011 |
| 20110107401 | ESTABLISHING TRUST RELATIONSHIPS BETWEEN COMPUTER SYSTEMS - An offline trust system establishes a trust relationship between a trust authority computer system and a target computer system without relying on an active network connection between the computer systems. The offline trust system separates the trust establishment operation into a provisioning phase and a configuration phase. The provisioning phase can be performed entirely on the trust authority, while the configuration phase can be performed entirely on the target computer system requesting trust. The two phases can be performed at different times and do not assume any connection between the two computer systems. An administrator may perform the provisioning phase for many target computer systems at the same time. Thus, the offline trust system provides a way to establish trust between computer systems that is more reliable and less prone to failure. | 05-05-2011 |
| 20110107402 | CLIENT SERVER SYSTEM, CLIENT APPARATUS AND SERVER APPARATUS DISPLAYING CONTENTS OF PROVIDED SERVICES - A client server system allowing easy selection of a provided service is provided. In the client server system, a server apparatus includes: an HDD storing a service ID and a user ID indicating a user who is logged in to the service in association with each other; a control unit searching for a service logged in by the user who is logged in to the MFP based on the information stored in the HDD, in response to an inquiry from MFP; and an LAN I/F transmitting the result of search by the control unit to the MFP. The MFP is adapted to include: an operation panel; an inquiry function of a control unit for inquiring of the server about the logged-in service; an LAN I/F receiving the result of search; and a display control function of the control unit, causing the operation panel to display an image indicating the logged-in service, based on the received result of search. | 05-05-2011 |
| 20110107403 | COMMUNICATION SYSTEM, SERVER APPARATUS, INFORMATION COMMUNICATION METHOD, AND PROGRAM - A communication system includes a terminal, a first server apparatus that manages the movement of the terminal, and a second server apparatus that performs authentication of the terminal. The first server apparatus uses AAA protocol to transmit a first message that includes a pseudo-NAI of the terminal to the second server apparatus. The second server apparatus both records the pseudo-NAI and true-NAI of the NAI of the terminal in association with each other and records maintenance function execution necessity information indicating whether a maintenance function must be executed for the terminal in association with the true-NAI of the terminal, and upon reception of the first message from the first server apparatus, uses AAA protocol to transmit a second message that contains the maintenance function execution necessity information that was placed in correspondence with the pseudo-NAI that was contained in the first message to the first server apparatus. | 05-05-2011 |
| 20110113474 | NETWORK SYSTEM SECURITY MANAGMENT - A network system loads operating system (OS) software that includes a switch role tool (SRT). The SRT provides the network system with security management capability that employs a hostname attribute within a user role definition. The user role definition provides for user restrictions to database information and other user actions within the network system. During a user login or switch role command, the security management method interrogates the login location or hostname of the login along with the user request. If that login meets the criteria that the network system stores as a user role attribute for that particular user, the network system allows the login request and action. If that login does not meet the criteria that the network system stores as a user role attribute for that user, the network system denies the login request. The network system grants the user an access privilege level that varies with the determined location or hostname from which the user attempts to login. | 05-12-2011 |
| 20110113475 | NODE FOR A NETWORK AND METHOD FOR ESTABLISHING A DISTRIBUTED SECURITY ARCHITECTURE FOR A NETWORK - The invention relates to a node ( | 05-12-2011 |
| 20110119738 | IDENTITY MANAGEMENT FOR TRANSACTIONAL CONTENT - A method and system for managing access to transactional multimedia content based on hardware identification codes can include determining whether a user is entitled to a first service level or to a second service level and directing requests for transactional multimedia content to an appropriate server. The user of a client device can be authenticated by a certificate sent by the client device and received by a service provider. The certificate includes an indication of a unique hardware identifier for the client device. Access to the transactional content may occur over a public Internet protocol network if the client device is not directly connected to the service provider's private network and if the hardware identifier indicates the client device is authorized. | 05-19-2011 |
| 20110119739 | SECURE CONSUMER PROGRAMMING DEVICE - A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link. | 05-19-2011 |
| 20110126265 | SECURITY FOR CODES RUNNING IN NON-TRUSTED DOMAINS IN A PROCESSOR CORE - A method and apparatus configure a trusted domain and a plurality of isolated domains in a processor core. Each isolated domain is assigned a unique domain identifier. One or more resources are associated with each isolated domain. The associations are stored as permissions to access physical addresses of resources. Code to be executed by a hardware device is assigned to one of the isolated domains. The domain identifier for the assigned isolated domain is written to the hardware device. When the hardware device executes the code, each instruction is logically tagged with the domain identifier written to the hardware device. An instruction includes request to access a physical address. The hardware device compares the domain identifier of the instruction with the permissions. If the permissions allow the domain identifier to access the physical address, then access to the resource at the physical address is allowed. Access is otherwise blocked. | 05-26-2011 |
| 20110126266 | Method and system for authenticating subaccount users - There is provided a method and system for authenticating users to an application. The method comprises receiving a master account identifier corresponding to a master account associated with the application. The method further comprises determining if at least one subaccount is assigned to the master account. The method comprises requesting a master password if at least one subaccount is not assigned to the master account. Finally, the method includes requesting a subaccount identifier and a subaccount password if at least one subaccount is assigned to the master account. | 05-26-2011 |
| 20110126267 | METHOD AND APPARATUS FOR PROVIDING A CONTEXT RESOURCE DESCRIPTION LANGUAGE AND FRAMEWORK FOR SUPPORTING THE SAME - An apparatus for providing a framework for supporting a context resource description language may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus to perform at least receiving an indication of content loaded at a browser, parsing the content for context resource description language providing an identification of properties requested in association with a service from which the content was loaded, and providing property management with respect to the identified properties for provision to the service. A corresponding method and computer program product are also provided. | 05-26-2011 |
| 20110126268 | SYSTEM AND METHOD FOR AUTHORIZATION AND MANAGEMENT OF CONNECTIONS AND ATTACHMENT OF RESOURCES - Embodiments of the present invention are directed to a method and system for authorization management and resource attachment. The method includes receiving, within an electronic system, a notification of an emulated device operable to be provisioned and updating an authorization record of an authorization record datastore. The updating of the authorization record comprises updating routing information related to communication of the emulated device and a virtual device. The method further includes receiving a request for initial instantiation or reconnection of the emulated device with the virtual device and determining whether the emulated device and the virtual device are allowed to communicate based on the authorization record datastore. A response to the request for instantiation or reconnection can then be sent. | 05-26-2011 |
| 20110126269 | SYSTEM AND METHOD FOR VIRTUAL DEVICE COMMUNICATION FILTERING - Embodiments of the present invention are directed to a method and system for virtual device communication filtering. The method includes receiving, within an electronic system, an instantiation request for a first virtual device and determining whether the first virtual device and a second virtual device are allowed to communicate based on an authorization record datastore. The method further includes modifying an authorization record of the authorization record datastore. The modifying comprises setting an indicator of a data filtering module to filter communication between the first virtual device and the second virtual device. A response can then be sent to the instantiation request. | 05-26-2011 |
| 20110126270 | Image Forming System, Image Forming Apparatus, and Method For Creating, Maintaining, and Applying Authorization Information - A user-manager server device includes: registration information on a local group including a domain user separately from a domain group managed by a directory server device, and authorization information on the domain group, the domain user, and/or the local group. When a logged-in user belongs to the local group, an authorization processing unit transmits the authorization information on the local group to a multifunction periphery (MFP) as the authorization information corresponding to the logged-in user. When the logged-in user does not belong to the local group, the authorization processing unit transmits the authorization information on one of the domain group and the domain user to the MFP as the authorization information corresponding to the logged-in user. | 05-26-2011 |
| 20110126271 | METHOD AND APPARATUS FOR REGISTERING A DEVICE IN ACCESS POINT - Provided is a method of registering an unregistered device in an access point (AP) by using a registered device registered in the AP, the method including: transmitting a control signal for controlling the registered device to the registered device so as to transmit a mode change request, which requests the AP to change a mode to an authentication approval mode approving an authentication operation with the unregistered device, to the AP; transmitting a mode confirm request, which confirms whether an operation mode of the AP is the authentication approval mode, to the AP; receiving a mode confirm response as a response to the mode confirm request from the AP that receives the mode change request; and selectively performing an authentication operation with the AP, based on the received mode confirm response. | 05-26-2011 |
| 20110131632 | Management system of technical literature data and method thereof - A management system of technical literature data and the method thereof are disclosed. According to the user's authority corresponding to the user identification, the invention reads out function items that can be accessed by the user. An operating interface displaying the function items, provides the user for manipulating function corresponding to the displayed function items so that multiple users can manage technical literature data together. This can efficiently share notes for the technical literatures, achieving the goal of studying a lot of technical literatures by division of labor and reducing system operation loading. | 06-02-2011 |
| 20110131633 | SYSTEMS AND METHODS FOR PERMISSIONING REMOTE FILE ACCESS VIA PERMISSIONED LINKS - Permissioned links for a novel method of credentialing users and assigning permissions to the user using the link to access repositories holding or intended to hold digital files. The permissioned links comprise a unique identifier that can be correlated to a specific repository of digital files and permission set. Users using the permissioned links for access need not enter a login or password. Moreover, permissioned links are portable, allowing multiple users to access the repository of digital files using the same permissioned link. | 06-02-2011 |
| 20110131634 | Digital Rights Management - A method for digital rights management includes receiving a selection input from a user, associating a customer number with a file based on the selection input, embedding the customer number and a file identifier associated with the file in the file, and sending the file with the embedded customer number and file identifier to the user. One embodiment includes receiving a customer number change request, revising the central database in response to the customer number change request, determining a new customer number responsive to the customer number change request, and embedding the determined new customer number in the file. Another embodiment includes receiving an authorization request associated with a file, determining an authorization based on the central database and authorization request, and sending an authorization notice response to the determined authorization. | 06-02-2011 |
| 20110138447 | Method, System and Device for Obtaining a Trust Type of a Non-3GPP Access System - The invention provides a method for obtaining a trust type of a non-3GPP access system comprising the following steps: a user equipment UE establishing a underlying link with a non-3GPP access system selected by the UE; the UE initiating an access authentication request and sending the identification information of the UE and the information of the non-3GPP access system to an Authentication, Authorization, Accounting server through the non-3GPP access system; the UE receiving a returned access authentication response and the trust type of the non-3GPP access system, and the trust type of the non-3GPP access system being determined by the AAA server based on the identification information of the UE, the information of the non-3GPP access system and the operator's strategy. The invention can realize that the trust type of the non-3GPP access system is determined and is informed to the UE by the AAA server during the access authentication performed by the UE, so that the UE can obtain the trust type of the non-3GPP access system. | 06-09-2011 |
| 20110138448 | METHOD AND APPARATUS FOR ENABLING MOBILITY IN MOBILE IP BASED WIRELESS COMMUNICATION SYSTEMS - A method is provided for providing secured mobile IP services to a mobile terminal which is currently associated with an access network different from its own home access network. The method is characterized by creating a virtual mobile node at an access network server of the current access network, which communicates with a Home Agent associated with the terminal's home mobile network and with one or more access points associated with the current access network, at which the mobile terminal is currently located. | 06-09-2011 |
| 20110145891 | Securing Asynchronous Client Server Transactions - A method, system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided. | 06-16-2011 |
| 20110145892 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO AN ELECTRONIC MESSAGE RECIPIENT - A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging. | 06-16-2011 |
| 20110145893 | WEB RESOURCE REQUEST PROCESSING - Improved approaches for providing secure remote access to email resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to email on a mail server within a private network through a common access point. The solution provided by the improved approaches allow not only native access to email resources but also robust authentication approaches. | 06-16-2011 |
| 20110145894 | PERSONAL SECURITY MANAGER FOR UBIQUITOUS PATIENT MONITORING - The present invention relates to a system and corresponding method for a secure end-to-end patient healthcare system which includes wireless medical sensors adapted to be attached to a patient's body and in communication with each other forming a body sensor network within a wireless medical sensor network including one or more body sensor networks; λ-secure keying means incorporated into each wireless medical sensor for enabling secure communications between the wireless medical sensors, and a personal security manager within the body sensor network and in communication with the wireless medical sensors within the body sensor network, the personal security manager providing secure communications with backend services and providing security relationships within the body sensor network by means of the λ-secure keying means, wherein the λ-secure keying means are such that a coalition of no more than λ compromised wireless medical sensors conceals a pairwise key between any two non-compromised wireless medical sensors and provides protection against node compromise until λ+1 wireless medical sensors have been compromised. | 06-16-2011 |
| 20110145895 | COMMUNICATION SYSTEM - A communication network ( | 06-16-2011 |
| 20110154444 | METHOD AND APPARATUS FOR PROVIDING USER AUTHENTICATION BASED ON USER ACTIONS - An approach is provided for authenticating using user actions. A prompt is initiated on a display for an input to authenticate a user. The input is received as a sequence of user actions on the display. A predetermined sequence associated with the user is retrieved. The received sequence is compared with the predetermined sequence to determine a match. The user is declared to be authenticated based on the comparison. | 06-23-2011 |
| 20110154445 | SYSTEMS TO PROVIDE BUSINESS INFORMATION OVER SOCIAL NETWORKS - Some aspects include registering a business application as a first user of an electronic social network comprising a plurality of users, data associated with each of the plurality of users, and associations between users representing data sharing relationships between associated users. Information to be shared with users of the electronic social network who are associated with the first user is determined, and the information is transmitted to the electronic social network for association with the first user. In some aspects, a request is received from the electronic social network to associate a second user of the electronic social network with the first user of the electronic social network, a correspondence between the second user of the electronic social network and a user of the business application is determined, it is determined whether the user of the business application is authorized to access the information to be shared with users of the electronic social network who are associated with the first user, and if it is determined that the user of the business application is authorized to access the information, the request is accepted from the electronic social network. | 06-23-2011 |
| 20110154446 | SYSTEM AND METHOD OF CONTROLLING IDENTITY PRIVACY IN A COMMUNICATION SESSION - A system and methods for controlling identity privacy in a communication session include processing, at a communication server, a request from a first participant of the communication session to add a second participant to the communication session. Based on the request, the communication server establishes a set of privacy rules related to the second participant that control sharing of identity information between the second participant and a third participant of the communication session. | 06-23-2011 |
| 20110154447 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER OF A COMPUTER APPLICATION, NETWORK, OR DEVICE USING A WIRELESS DEVICE - A method and system for authenticating a user includes providing an invocation element capable of being activated by a single user action, receiving an indication that the invocation element has been activated, obtaining a location of a wireless device associated with the user, determining whether the wireless device is associated with an authorized user, approving the user to use the application based on a predetermined location criterion, and producing an indication that the user has been authenticated. | 06-23-2011 |
| 20110154448 | SERVER, CLIENT, LICENSE MANAGEMENT SYSTEM, AND LICENSE MANAGEMENT METHOD - A server carries out a network position check process for a client which requests to use a content, and the server generates a vicinity check information including a requirement for authorizing omission of the network position check process for the client when the client thereafter requests to use the content again after the network position check process determines that the client is located in a local area network where the server belongs. At least one of the server and the client retains the vicinity check information to determine based on the vicinity check information whether the network position check process can be omitted when the client thereafter requests to use the content again. | 06-23-2011 |
| 20110154449 | System and Method of Multimedia Access - A method includes receiving an authorization from a multimedia distribution system of a multimedia distribution network at a multimedia receiver. The multimedia receiver includes a peripheral device interface, and the authorization identifies a peripheral device that is authorized to transfer content data via the peripheral device interface. The method further includes providing the peripheral device interface with access to a selectively inaccessible peripheral device driver that is associated with the peripheral device in response to receiving the authorization at the multimedia receiver. | 06-23-2011 |
| 20110154450 | REMOTE OPERATION PROGRAM, METHOD AND TERMINAL APPARATUS - A remote-operated unit of a user terminal apparatus remote-operated through network from a remote terminal apparatus of a support staff sends image information of a changed portion to the remote terminal apparatus to display a business screen in an interlocked manner when a change is detected in the business screen displayed by a business processing unit with an image-information transmission unit. When an operation-information reception unit receives remote operation information of a mouse or keyboard from the remote terminal apparatus, a remote-operation prohibited region management unit refers to a remote-operation prohibited region table and prohibits remote operation if the remote operation information is within the operation prohibited region. | 06-23-2011 |
| 20110162046 | Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device - An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection. | 06-30-2011 |
| 20110162047 | Methods, Systems and Computer Program Products for Identity and Access Management - Methods of managing access to systems of an organization are provided. The methods include creating a unique identifier for a user, the unique identifier having an associated user profile for the user and being stored with the associated user profile in an identifier repository associated with the organization; requesting at least one account for the user on at least one system of the organization responsive to the creation of the unique identifier for the user, wherein the at least one account is defined based on the user profile of the user associated with the unique identifier; and generating the at least one account for the user on the at least one system of the organization responsive to the request. Related systems and computer program products are also provided herein. | 06-30-2011 |
| 20110162048 | LOCAL DEVICE AWARENESS - Certain embodiments may take the form of a method of operating an electronic device to find and determine an identity of other local devices. The method includes transmitting electromagnetic signals from a first electronic device to find devices within a prescribed distance of the first device and receiving electromagnetic response signals from a second electronic device within the prescribed distance from the first electronic device. The method also includes identifying the second electronic device using information received in the electromagnetic response signals. Additionally, the method includes determining if the second electronic device is aware of other electronic devices and, if the second electronic device is aware of other electronic devices, obtaining identifying information of the other devices from the second electronic device. | 06-30-2011 |
| 20110162049 | ENTERPRISE-WIDE SECURITY SYSTEM FOR COMPUTER DEVICES - A system and method for securing data in mobile devices ( | 06-30-2011 |
| 20110162050 | System and Method for Transmission of Files Within a Secured Network - A system and method of distributing a file maintained on a first device in a secured network having at least the first and a second device is disclosed. Embodiments of the present invention provide for file synchronization within a secured network without requiring any alteration to the security of the secured network by opening up ports. Each device is located on a tier of the network. The top tier of the network that includes the first device is accessible to network administrators. Network administrators may add files into the system and the network administrators may generate a file privilege file. The file privilege file can include configuration information for a computer on a tier and may also include information about which files the computer at a specific tier has access to. The network will then propagate the file privilege file down from the first device through any intermediate devices and then onto the second device. Once the file privilege file has filtered through the secured network, the second device may receive a copy of any file authorized from the first device via a connection in the secured network. The second device may also propagate files up to the first device. Thus, on a regular basis the file privilege file and files are transferred up and down the tiers of the secured network. | 06-30-2011 |
| 20110167477 | METHOD AND APPARATUS FOR PROVIDING CONTROLLED ACCESS TO A COMPUTER SYSTEM/FACILITY RESOURCE FOR REMOTE EQUIPMENT MONITORING AND DIAGNOSTICS - A hardware-software user connectivity control method and apparatus which provides a secure controlled access arrangement that enables only authorized users to obtain access to stored proprietary information and processing tools/applications on a computer-implemented global monitoring system/network (GMS) used to monitor and diagnose steam turbine power generator equipment and plants. An authentication challenging application (ACA) in the GMS sends a challenge sequence of code/numbers via a non-secure communications link/channel to an authentication response application (ARA) resident on a user/customer computer system. The ARA must respond via the same communications link/channel with an expected response code/number sequence to enable the user's access to the GMS otherwise the communications link/session is terminated. The ARA may optionally be stored on a portable flash memory dongle gaining direct access to the GMS locally. Additionally, a proprietary port connector device is needed when making a direct access connection locally via the GMS facility communications port. | 07-07-2011 |
| 20110167478 | METHOD AND APPARATUS FOR PROVIDING SIMULTANEOUS SUPPORT FOR MULTIPLE MASTER KEYS AT AN ACCESS POINT IN A WIRELESS COMMUNICATION SYSTEM - The described apparatus and methods include a wireless local area network (WLAN) access point having a wireless wide area network (WWAN) backhaul connection to provide a gateway between a LAN and a WAN. In one example, the access point may be a cellular telephone. Here, a processor in the access point is configured to generate a plurality of master keys, such that a plurality of access terminals may each utilize a respective one of the master keys to access the LAN. Further, the processor is configured to enable control of an allocation of resources to at least one of the access terminals. | 07-07-2011 |
| 20110167479 | ENFORCEMENT OF POLICIES ON CONTEXT-BASED AUTHORIZATION - Embodiments of the invention provide methods and systems for enforcing usage/context-based authorization. The method may include generating an authorization context for access to a resource. The access may include a first set of access parameters. The method may further store the authorization context associated with the resource, and intercept an access request for the resource. The access request may include a second set of access parameters. The method may further check the access request against the authorization context to determine if the second set of access parameters matches the first set of access parameters, and in response to the first set of access parameters matching the second set of access parameters, permit access to the resource in accordance with the second set of access parameters. | 07-07-2011 |
| 20110167480 | TECHNIQUES FOR SECURE TRANSPARENT SWITCHING BETWEEN MODES OF A VIRTUAL PRIVATE NETWORK (VPN) - Techniques for secure transparent switching between modes of a virtual private network (VPN) are provided. A principal, via a client, establishes a VPN session in a first mode of operation with a server. The principal subsequently requests a second mode of operation during the same VPN session. The VPN session is transparently transitioned to the second mode of operation without any interaction being required on the part of the principal and without terminating the original VPN session. | 07-07-2011 |
| 20110173678 | User and Device Authentication in Broadband Networks - A network component comprising at least one processor configured to implement a method comprising granting a user restricted access at a reduced rate without authenticating the user, attempting to authenticate the user, and granting the user unrestricted access at a full rate if the user authentication is successful. Included is a method comprising authenticating a user device, a user line, or both using a first communication, and authenticating a user using a second communication separate from the first communication. Also included is an apparatus comprising an access node (AN) configured to couple to an access network and communicate with a user equipment (UE) via the access network, wherein the UE is authenticated using either line authentication or device authentication based on the access network. | 07-14-2011 |
| 20110173679 | RESOURCE ACCESS BASED ON MULTIPLE SCOPE LEVELS - A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted. | 07-14-2011 |
| 20110173680 | METHOD AND SYSTEM FOR IMPLEMENTING DEFINABLE ACTIONS - A method and system is provided for use in business intelligence and reporting. The method and system are able to implement one or more definable actions when presented with data. The data may be produced by a business intelligence application. The actions may relate to activities performed by a user or an agent. The system comprises an action manager, a repository, a data association manager and an implementation engine. In one embodiment a data mining engine is provided. The system enables the availability of an action in response to the execution of analytic queries to be determined based on a relationship defined by the data association manager. If an action is available, an action definition is used to invoke a target in response to selection of the action by an entity, the invocation of the target including propagating data produced by an analytic engine into the target based on metadata to perform the action. | 07-14-2011 |
| 20110173681 | FLEXIBLE AUTHENTICATION AND AUTHORIZATION MECHANISM - Techniques and tools for flexible authentication and authorization of services on a push framework. For example, a push notification framework allows services (social networking web services, etc.) to use either an authenticated access mode or an unauthenticated access mode, in order to push information to client devices (e.g., mobile devices). In the authenticated mode, the push framework requires registration of the service with the push framework before allowing the service to push notifications to client devices. Different authenticated modes are provided for third-party and first-party services. In the unauthenticated mode, registration is not required, but notifications are throttled, thereby limiting risk of abuse by unauthenticated services. This allows flexibility for services that use the push framework. | 07-14-2011 |
| 20110173682 | System and Method for Wide Area Wireless Connectivity to the Internet - A system and method for managing access to a Wi-Fi system include redirecting an access request, comprising a user credential, from a wireless user device to an authentication server, obtaining, from a first database, a list of a plurality of authentication databases from which users may be authenticated, the list including a protocol required for communication with each of the authentication databases, transmitting a request to each of the listed authentication databases using the identified protocol, and permitting the user access to the Internet through the Wi-Fi system if the user is authenticated by at least one of the listed authentication databases. | 07-14-2011 |
| 20110173683 | SYSTEM AND METHOD FOR PROVIDING CUSTOMIZED RESPONSE MESSAGES BASED ON REQUESTED WEBSITE - The invention describes a system, method and computer product to regulate user access to websites. The system receives a URL request by a user corresponding to a website that the user wishes to access. Thereafter, the system determines the associated group of the user and the associated category of the website. Subsequently, a message to be displayed to the user is determined based on the associated group of the user and the associated category of the website. The message is included in a block page and then displayed to the user. | 07-14-2011 |
| 20110179468 | APPARATUS, AND AN ASSOCIATED METHOD, FOR FACILITATING SECURE OPERATIONS OF A WIRELESS DEVICE - An apparatus, and an associated method, facilitates security relating to installation of, such as downloading of, and application at a wireless device. When selection is made to install the application, a security decision is required of a trusted, third-party to install the application. A request is made of a trusted, third-party entity for the security decision. Responsive to the security decision, the application is either allowed to be downloaded to the wireless device or prohibited from being downloaded to the wireless device. | 07-21-2011 |
| 20110179469 | CROSS-DOMAIN AUTHENTICATION - Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data. | 07-21-2011 |
| 20110179470 | NEAR REAL-TIME MULTI-PARTY TASK AUTHORIZATION ACCESS CONTROL - A method and apparatus are used in determining authorization to perform tasks in a computer environment, and specifically requiring multiple parties to authorize a task before access is granted. The present system provides for substantially real time communication to a second party authorizer when a task owner is attempting to perform a task. | 07-21-2011 |
| 20110185399 | PARENT MATCH - A method of providing control preferences set by a person for a second person who is a prospective Internet user, the method comprising the steps of establishing a first account, the settings of the first account being stored in a database; establishing a second account, the settings of the second account being stored in the database; linking the first and second accounts such that control settings of the second account are determined through the first account; and viewing Internet content from the second account consistent with the control settings of the second account. | 07-28-2011 |
| 20110185400 | SYSTEM AND METHOD FOR VERIFYING THE AGE OF AN INTERNET USER - A method of verifying the age of a prospective Internet user comprises establishing an age check account; receiving information about a user, the information including an alleged age of the user; sending the information to be verified; and receiving a notification that the information has been verified. | 07-28-2011 |
| 20110191826 | SYSTEM AND METHOD FOR PROVIDING VIRTUAL USER GROUPS IN A NETWORK ENVIRONMENT - A method is provided in one example and includes communicating an access request to a network element, the access request is associated with network authentication relating to a subscriber. The method also includes receiving an access response that includes a profile associated with the subscriber. The profile can include a group attribute that defines the subscriber as being part of a group of subscribers sharing a network data plan, which defines a data allotment assigned to the group over a specified time interval. In more detailed embodiments, a unique data string sent by an Authentication, Authorization, and Accounting element is received, where the unique data string identifies a full set of subscribers belonging to the group. Data underutilization of a first subscriber is offset by data overutilization of a second subscriber, where a summation of the data underutilization and the data overutilization do not exceed the data allotment assigned. | 08-04-2011 |
| 20110191827 | Detecting Unauthorized Router Access Points or Rogue APs in the Wired Network - Detecting rogue access points (APs) or rogue router APs on the wireless network. An authorized access point (AAP) on a network collects wired MAC addresses of wired devices in its subnet, and also collects BSSIDs of wireless devices operating in its vicinity. A rogue is detected by correlating the OUI portion of MAC addresses and BSSIDs after filtering out authorized OUIs. | 08-04-2011 |
| 20110191828 | AUTHORIZATION AND TRACKING OF MODIFICATIONS TO MEDICAL DEVICES - A system and method for authorizing and tracking a modification to a medical device are provided. The modification may be an installation of software or firmware, an upgrade of software or firmware, an enablement of a feature, and/or a disablement of a feature. The system includes a server for generating and transmitting an authorization key before the modification can be performed. The system also includes a device for generating a confirmation key and transmitting the confirmation key to the server after the modification has been performed. The server is configured for updating a database with information regarding the modification performed on the medical device. In this manner, the system avoids performing unauthorized modifications to a medical device and efficiently traces authorized modifications made to the medical device. | 08-04-2011 |
| 20110191829 | Method for Storing Data, Computer Program Product, ID Token and Computer System - The invention relates to a method for storing data, having the following steps: establishing a first connection between a first ID token and a first computer system via a second computer system for reading at least one first attribute from the first ID token, establishing a second connection between a second ID token and the first computer system via the second computer system for reading at least one second attribute from the second ID token, sending the first and the second attributes from the first computer system to a third computer system, receiving the data from the third computer system by the first computer system, writing the data into the second ID token via the second connection by the first computer system in order to store the data in the second ID token, where the condition for writing the data is that also the first connection still exists, wherein the first and the second connection are respectively connection with end-to-end encryption and a connection oriented protocol. | 08-04-2011 |
| 20110191830 | Common Point Authoring System For The Complex Sharing Of Hierarchically Authored Data Objects In A Distribution Chain - The Common Point Authoring system functions to provide Livestock Informational Objects via the use of a centralized repository of uniquely identified, immutable Livestock Informational Objects. This system automates the authoring, maintenance, and distribution of the Livestock Informational Objects by using an Internet-based paradigm and a centralized repository of uniquely-identified, immutable Data Elements. The Common Point Authoring system provides a set of software modules that the manufacturers can use to author, maintain, and distribute Livestock Informational Objects and their customers, as Members of the system of Livestock Informational Objects, can use to retrieve, maintain, and distribute the Livestock Informational Objects. The system's interconnectivity allows for the use of an Internet-based paradigm for the purchase and sale among Members of the system of Livestock Informational Objects as commodities, and for reducing the burden costs among Members of compliance with government regulations. | 08-04-2011 |
| 20110191831 | Multiple Identity Management in an Electronic Commerce Site - In electronic commerce (e-commerce) sites that are executed on a single e-commerce application, a user's session is only associated with a single user identity for e-commerce site domain. Acting under a single identity across the site may not be desired. There may be requirements to associate an individual user with one or more separate identities within parts of the site. Aspects of the invention provide a method, system and computer program product for managing multiple user identities for a user of an electronic commerce (e-commerce) site. The method comprises defining the e-commerce site as one or more security domains; and in response to a user's request to invoke an operation of the e-commerce site: determining a one of the one or more security domains to which the operation relates; performing one of a) creating a session and b) reusing a session for the user automatically in accordance with the determined security domain, said session associated with a user identity and a role indicating privileges for invoking operations of the e-commerce site in at least the determined security domain; and persisting said session for reuse. The user's request may be received in association with one or more sessions persisted for the user and a one of the sessions selected in accordance with the determined security domain. In response, either a session may be created or reused. Persisting may comprise providing one or more cookies defining the session to the user for associating with a subsequent request. In accordance with a feature of this aspect, the e-commerce site may define each of the one or more security domains as a hierarchy of organizations and assets owned by the organizations and the determining a one of the one or more security domains to which the operation relates may comprise evaluating the user's request in accordance with the hierarchy. | 08-04-2011 |
| 20110197263 | SYSTEMS AND METHODS FOR PROVIDING A SPATIAL-INPUT-BASED MULTI-USER SHARED DISPLAY EXPERIENCE - Exemplary systems and methods for providing a spatial-input-based multi-user shared display session are disclosed herein. An exemplary system includes a spatial input subsystem configured to detect gestures made by a plurality of users within a physical user space associated with a display screen. The system further includes a shared display subsystem communicatively coupled to the spatial input subsystem and configured to authenticate the plurality of users, execute a multi-user shared display session that provides the plurality of authenticated users with concurrent control of a display on the display screen through the detected gestures, and control, based on a shared session heuristic, how at least one resource associated with the display is shared between the plurality of authenticated users during the multi-user shared display session. Corresponding systems and methods are also disclosed. | 08-11-2011 |
| 20110197264 | SYSTEM AND METHOD FOR REMOTE MEDIA ACCESS - Embodiments of the present disclosure provide a system and method for remotely accessing media content. The method includes receiving authentication information originating from a communication device associated with a user. Media content that is stored on a media storage device associated with the user is also received. Digital rights management software is applied to the media content, and the received media content is communicated to the communication device. | 08-11-2011 |
| 20110197265 | METHOD AND APPARATUS FOR ENABLING A USER TO SELECT AN AUTHENTICATION METHOD - The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service. | 08-11-2011 |
| 20110202974 | METHOD OF ACCESSING MEDICAL DATA AND COMPUTER SYSTEM FOR THE SAME - Some embodiments disclose a method of accessing medical data from two or more data sources. The method can include: receiving a first request for first data about a first patient from a first requestor, the first request for the first data includes a request for information regarding at least one of a bone of the first patient, an organ of the first patient, or a body tissue of the first patient; retrieving first access information about the first patient; retrieving second access information about the first requestor; determining whether to grant access to the first data by the first requestor at least partially based on the first access information and the second access information; retrieving the first data from a first source of the two or more data sources; and if the first requestor is granted access to the first data, transforming the first data into a visual depiction and transmitting the visual depiction of the first data to the first requestor. Other embodiments are disclosed herein. | 08-18-2011 |
| 20110202975 | METHOD OF MANAGEMENT IN SECURITY EQUIPMENT AND SECURITY ENTITY - Method of managing security entities positioned to cut off an information stream within a network. The method includes designating an entity to act as a sponsor for a new ward wishing to join the network, requesting to connect the ward with the sponsor, said sponsor determining whether or not it accepts the connection. If the sponsor accepts the connection, then connecting the sponsor and disconnecting from the plurality of entities forming the network. At least one of the entities and the sponsor checking a security level of said ward. If at least one of the entities decides to trust said ward, then the sponsor transmits to the ward configuration information to enable the ward to enter into communication with the network. If at least one of the entities decides not to trust the ward, then the ward cannot access the network and an alarm is generated. | 08-18-2011 |
| 20110202976 | AUTOMATIC WIRELESS SERVICE ACTIVATION IN A PRIVATE LOCAL WIRELESS SERVICE - A secondary Ethernet-like wireless communication system overlapped by a dominant Ethernet-like wireless communication system, and including radio access and communication for activation, association, and authentication of a wireless device in the secondary Ethernet-like wireless communication system. An automated private service activation (APSA) port is used for accepting access and communication requests of a wireless device seeking activation, association and authentication in the secondary Ethernet-like wireless communication system. The APSA port provides an access and communication channel for radiating signals at a level exceeding a signal level of the access and communication channel only within limited spatial constraints. In addition the APSA port provides space for receiving the wireless device for activation and communication in the secondary Ethernet-like wireless communication system. | 08-18-2011 |
| 20110202977 | INFORMATION PROCESSING DEVICE, COMPUTER SYSTEM AND PROGRAM - An information processing device includes: a connection monitoring unit performs determining whether a first external device is connected, and determining whether a receiving unit receives the request from the first or second external device, wherein when the connection monitoring unit determines that the first external device is not connected, a usage permission/prohibition determining unit updates the usage permission/prohibition information stored in a management table so that the usage permission/prohibition information indicates that use of a first virtual computer is prohibited, and wherein when the connection monitoring unit determines that the receiving unit receives the request from the second external device and that the first external device is connected, the usage permission/prohibition determining unit transmits, to the first external device, information that instructs the first external device to prohibit use of a second virtual computer. | 08-18-2011 |
| 20110202978 | METHOD AND APPARATUS FOR ENABLING A USER TO SELECT AN AUTHENTICATION METHOD - The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service. | 08-18-2011 |
| 20110202979 | SYSTEM AND METHOD FOR USING RESOURCES OF A COMPUTER SYSTEM IN CONJUNCTION WITH A THIN MEDIA CLIENT - A computer system including a processor and a memory for retrieving digital media content, storing the digital media content in the memory, and providing the digital media content to a thin media client is provided. | 08-18-2011 |
| 20110202980 | Lawful Authorities Warrant Management - A method is proposed for managing requests from Law Enforcement Agencies for interception or retention of data relating to a target user. The method detects a request of interception or retention on the target user and verifies whether an electronic warrant is activated with respect to the user. | 08-18-2011 |
| 20110209201 | METHOD AND APPARATUS FOR ACCESSING MEDIA CONTENT BASED ON LOCATION - An approach is provided for providing a method for accessing media based on physical locations. A media access platform causes, at least in part, rendering of a user interface, the user interface corresponding to a geographical area and including one or more focal areas. Next, the media access platform determines media content available within the geographical area. Then, the media access platform also causes, at least in part, rendering of one or more representations of the available media content in the user interface. | 08-25-2011 |
| 20110209202 | METHOD AND APPARATUS FOR IDENTITY FEDERATION GATEWAY - Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified. | 08-25-2011 |
| 20110209203 | PROTECTING CONFIGURATION DATA IN A NETWORK DEVICE - Configuration information for a network device may be associated with a protection state that may restrict the modification of portions of the configuration information that are set to the protected state. The network device may be configured using configuration information defined as a group of hierarchically arranged configuration statements. Permissions may be stored for the network device relating to users permitted to modify the configuration information. The permissions may include permission tags, or other information defining the protection state, associated with the configuration statements. Intended modifications to the configuration information may be processed based on whether the intended modifications affect configuration statements associated with one of the permission tags. | 08-25-2011 |
| 20110209204 | AUTOMATED PROVISIONING SYSTEM - A computer system comprising a number of components which make up an infrastructure with the system having a Directory | 08-25-2011 |
| 20110214161 | METHODS, MEDIA, AND SYSTEMS FOR SECURING COMMUNICATIONS BETWEEN A FIRST NODE AND A SECOND NODE - Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node. | 09-01-2011 |
| 20110214162 | METHOD AND APPARTUS FOR PROVIDING COOPERATIVE ENABLEMENT OF USER INPUT OPTIONS - An apparatus for providing cooperative enablement or disablement of user input options may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured, with the processor, to cause the apparatus to perform at least receiving a first indication identifying any user input option to be enabled or disabled based on context information associated with a local device, receiving a second indication of any user input option to be enabled or disabled based on context information associated with a remote device, and providing enablement or disablement of user input options of the local device based on the first indication and the second indication. A corresponding method and computer program product are also provided. | 09-01-2011 |
| 20110214163 | AUTOMATED ANALYSIS OF COOKIES - Techniques and tools relate to analysis of cookies. For example, techniques and tools are described for determining whether cookies stored on a computer in response to a particular event (e.g., the rendering of an advertisement in a browser) are authorized. In one implementation, a cookie analysis system includes a browsing simulator having a web browser and a virtual graphical environment. The browsing simulator renders web pages (e.g., automatically), including ad creative objects (e.g., objects that represent images, graphical animations, video clips, etc.) corresponding to advertisements in the web pages. The cookie analysis system creates test files for the ad creative objects. The cookie analysis system identifies and analyzes cookies (e.g., HTTP cookies, or other objects such as local shared objects) that are set in response to the rendering of ad creative objects. | 09-01-2011 |
| 20110214164 | ACCESS RIGHT CONTROL USING ACCESS CONTROL ALERTS - Systems and methods are provided for providing access controlled event subscription and notification and event access change alerts. In some embodiments, the systems and methods of the present invention operate within a SIP infrastructure. As such, SIP SUBSCRIBE messages and SIP NOTIFY messages are used for subscribing to and receiving notifications related to access control. According to some embodiments, event access change alerts are used in conjunction with access controlled event subscription to provide an efficient method for providing access controlled event subscription using current access control information. | 09-01-2011 |
| 20110219431 | SYSTEM AND METHOD OF QUALITY OF SERVICE ENABLEMENT FOR OVER THE TOP APPLICATIONS IN A TELECOMMUNICATIONS SYSTEM - A system, method, and node providing a predefined Quality of Service (QoS) level to an Over The Top (OTT) service provider in a telecommunications network. A User Equipment (UE) initiates an IP-based application session (e.g., Hyper Text Transfer Protocol (HTTP) session) with the OTT service provider by sending an application-dependent message toward an OTT application server. The method begins with a proxy node in the telecommunications network intercepting the application-dependent message. The proxy node then modifies the application-dependent message by adding a subscriber identification to the header of the application-dependent message. The proxy node forwards the modified application-dependent message to the OTT application server. The OTT application server then sends a request having the subscriber identification to the telecommunications network with a QoS requirement for the HTTP session. Next, a network policy node determines an appropriate QoS level for the subscriber. A network gateway then enforces the determined QoS level for the HTTP session with the OTT service provider. | 09-08-2011 |
| 20110219432 | System and Method for Controlling Access to an Electronic Message Recipient - A system and method for selectively allowing or denying access to a user coupled to an electronic communications network includes a receiver that receives an inbound message over the electronic communications network from a sender. The inbound message includes an identifier that is associated with a sender and an identifier that is associated with a recipient. The system also includes a processor that determines if the identifier associated with the recipient was previously generated by the user and is absent from a plurality of proxy identifiers associated with the recipient. The processor is further determines one of at least three security states associated with the inbound message. A first security state is indicative of allowing delivery of the inbound message to the user. A second security state is indicative of denying delivery of the inbound message to the user. A third security state is indicative of conditionally allowing delivery of the message to the user. Each of the three security states are associated with the sender identifier and the recipient identifier included in the inbound message. | 09-08-2011 |
| 20110219433 | TASK-BASED ACCESS CONTROL IN A VIRTUALIZATION ENVIRONMENT - Methods, systems, and techniques for task-based access control are provided. Example embodiments provide a task-based access control system “TBACS,” which provides task-based permissions management using proxy task objects. In one example embodiment, the proxy task objects encapsulate activities, comprising one or more privileges, each associated with an object upon which the privilege can act. In some examples, proxy task objects may be used with a virtualization infrastructure to delegate permissions to delegate users, real or automated. Proxy task objects may also be associated with their own user interfaces for performance of the corresponding activities. | 09-08-2011 |
| 20110225630 | WIRELESS ROUTER SYSTEM AND METHOD - A wireless router employing a technique to couple a plurality a host services or host systems and a plurality of wireless networks. A method to route data items between a plurality of mobile devices and a plurality of host systems through a common wireless router. A point-to-point communication connection is preferably established between a first host system and a common wireless router, a mobile network message at a mobile device is generated, the mobile network message is transmitted via a wireless network to the common wireless router which in turn routes a data item component of the mobile network message to the appropriate host service. | 09-15-2011 |
| 20110225631 | INTERACTIVE NETWORKING SYSTEMS WITH USER CLASSES - A networking system may comprise a web site incorporating a combination of one or more of the following: a crediting system, a chat bidding system, a performance bidding system, a telephony switching system, a media interaction system, a display system, a photo management system, and a messaging system. The networking system may categorize each user of the web site into classes, including a featured class, a common class, a sponsored class, and a sponsoring class. The networking system may facilitate user interactions, some of which may be partially dependent on user classes. A featured user may opt to temporarily appear as a common user, thus activating an alternative user profile and hiding his featured status. A sponsored user may participate in interactions on the web site if a sponsoring user offers his credits to pay for the sponsored member's participation. Other aspects of the networking system are also disclosed herein. | 09-15-2011 |
| 20110225632 | TRUSTWORTHINESS DECISION MAKING FOR ACCESS AUTHENTICATION - There are provided measures for trustworthiness decision making for access authentication, for example relating to the trustworthiness of non-3GPP access networks within a 3GPP-compliant packet data system, exemplary comprising receiving an indication about a provisional trustworthiness of an access network, which provides packet data access for a roaming user, with respect to a visited network of said user from a network element of said visited network, determining the applicability of local breakout or home routing for each subscribed access point name of said user, and deciding about a final trustworthiness of said access network based upon the received provisional trustworthiness indication and the determined routing applicability for each subscribed access point name of said user. | 09-15-2011 |
| 20110231906 | INFORMATION PROCESSING APPARATUS, CONTENT MANAGEMENT METHOD, AND COMPUTER-READABLE NON-TRANSITORY RECORDING MEDIUM ENCODED WITH CONTENT MANAGEMENT PROGRAM - An information processing apparatus includes: a storage portion having a plurality of storage areas; an authentication portion for authenticating a user; a content setting portion for storing content set public by the authenticated user in a public storage area with no access restriction, of the plurality of storage areas of the storage portion, and for storing content set private into a personal storage area accessible only by the authenticated user, of the plurality of storage areas of the storage portion; and an access permission portion for, when a predetermined process is executed on the content set private stored in the personal storage area, making the content set private accessible by others through the public storage area. | 09-22-2011 |
| 20110231907 | METHOD AND APPARATUS FOR PROVIDING NETWORK SECURITY USING ROLE-BASED ACCESS CONTROL - A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field. | 09-22-2011 |
| 20110231908 | TECHNIQUES FOR PROJECT LIFECYCLE STAGED-BASED ACCESS CONTROL - Techniques for project lifecycle staged-based access control are provided. Access control rights are defined for a stage of a project's lifecycle. As requestors transition to the stage, the access control rights are enforced on top of any existing security restrictions. In an embodiment, selective resources are not visible to requestors within the stage in response to the access control rights. | 09-22-2011 |
| 20110239275 | Centrally Managed Impersonation - Systems, methods and computer readable media for centrally managed impersonation are described. Examples include a system having a central server and a remote shell daemon running on a remote machine, wherein a trust relationship is established between the central server and the remote shell daemon. Examples also include a method wherein a user sends the management system a request to act upon a remote machine. The management system determines whether the user is authenticated for the requested action. Upon authentication, the management system identifies an impersonation policy based on user profile and the remote machine. The management system connects to the remote machine, impersonates an elevated privilege account if required, and executes the user action on the remote machine. | 09-29-2011 |
| 20110239276 | METHOD AND SYSTEM FOR CONTROLLING CONTEXT-BASED WIRELESS ACCESS TO SECURED NETWORK RESOURCES - Information on the identity of each user connecting via a wireless device is obtained using a prior process of authentication and context information and/or the status of the user; a characteristics vector is generated for each user, which comprises the context information and/or the user status and a user profile. Permissions are assigned to each user, determining the type of secured network resources each user is permitted to access, depending on their characteristics vector; and a secured-network-resource access check is performed, enabling the transfer of data only to/from resources permitted for each user, as a function of the permissions assigned. | 09-29-2011 |
| 20110239277 | Method for Managing Computer Network Access - A client computer initiates a first communication session at a first network address and receives therefrom a second network address. The client computer then initiates a second communication session at the second network address and receives therefrom an access configuration including a control setting for a communication protocol capable of being utilized during a third communication session. Concurrent with the second communication session, the client computer initiates a third communication session at a third network address whereupon the conveyance of data to or from an instantiated process on the client computer via the third communication session is controlled based on the control setting for the communication protocol. | 09-29-2011 |
| 20110239278 | Verifying Access Rights to a Network Account Having Multiple Passwords - A computer-implemented system and method for verifying access to a network account are provided. A first user communication portal is associated with a user network account. A request to access the user network account is received from a second user communication portal. Security criteria related to the second user communication portal is determined. Access to the user network account is enabled upon receipt of a communication associated with the first user communication portal when the security criteria is of a predetermined value. | 09-29-2011 |
| 20110239279 | DRM Protected Content Sharing - A system and method for transmitting protected real-time content from one user to another is described. In a first aspect, a user sends a Rights Object to another user. In a second aspect, a user sends a Rights Object to another user via an intermediate server for a multiparty communication. In this second aspect, the users may be able to switch between designated Rights Objects as needed. | 09-29-2011 |
| 20110239280 | DRM Protected Content Sharing - A system and method for transmitting protected real-time content from one user to another is described. In a first aspect, a user sends a Rights Object to another user. In a second aspect, a user sends a Rights Object to another user via an intermediate server for a multiparty communication. In this second aspect, the users may be able to switch between designated Rights Objects as needed. | 09-29-2011 |
| 20110247051 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PERFORMING ONE OR MORE ACTIONS BASED ON A DETERMINED ACCESS PERMISSIONS FOR A PLURALITY OF USERS - In accordance with embodiments, there are provided mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users. These mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users can enable improved data collection and analysis, enhanced client knowledge of system access, etc. | 10-06-2011 |
| 20110247052 | METHOD AND APPARATUS FOR MANAGING REMOTE ACCESS AUTHORITY IN UPnP REMOTE ACCESS SERVICE - A method for managing a remote access authority information of a remote access service server including receiving a remote access authority list from a remote access server for a first user and registering the remote access authority list, by the remote access service server; when the remote access service server receives a remote access authority addition request for a second user from a communication device of the first user, giving a remote access authority to the second user and renewing the remote access authority list; transmitting information of the remote access authority given to the second user to the remote access server of the first user in order to synchronize the renewed access authority list with the remote access server of the first user; notifying the communication device of the first user whether the remote access authority addition is successful. | 10-06-2011 |
| 20110247053 | SERVER AUTHENTICATION - A method of authenticating a content-provider server, the method comprising: determining a domain name of the content-provider server; obtaining a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content-provider server and storing one or more IP addresses associated with the domain name; comparing the IP address of the content-provider server against the IP addresses of the fragment; and providing an indication that the IP address of the content-provider server is included or excluded from the fragment of IP addresses. Additionally, a client computer and server operable to implement the method are described. | 10-06-2011 |
| 20110247054 | METHODS AND APPARATUSES FOR SELECTING PRIVILEGES FOR USE DURING A DATA COLLABORATION SESSION - In one embodiment, a plurality of electronic devices participating in a data collaboration session are detected. A group, of a plurality of groups, is determined to which each of the plurality of electronic devices is associated. At least some of the groups correspond to companies. Based on the determined group to which each of the plurality of electronic devices is associated, one or more limitations are identified that restrict the recording of data shared during the data collaboration session. The identified one or more limitations are enforced on only some of the plurality of electronic devices participating in the data collaboration session, such that electronic devices associated with a group that corresponds to the first company are allowed to record the data collaboration session, yet an electronic device associated with a group that corresponds to a second company is prevented from recording the data collaboration session. | 10-06-2011 |
| 20110247055 | TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service. | 10-06-2011 |
| 20110252458 | Information processing device, information processing method, and program - An IC card compatible with a DES scheme and an AES scheme having a security strength different from that of the DES scheme, includes an inhibition information receiving section for receiving inhibition information for inhibiting predetermined manipulation from being performed in a storage region of the IC card using the DES scheme from an issuing device using the AES scheme, an inhibition flag setting section for performing inhibition processing for inhibiting the predetermined manipulation by the inhibition information, a manipulation request receiving section for receiving a manipulation request from a service providing device or the issuing device, and a manipulation executing section for executing the requested manipulation if the requested manipulation does not correspond to the predetermined manipulation inhibited by the inhibition information. | 10-13-2011 |
| 20110252459 | Multiple Server Access Management - An access management system receives an access request for a target computer from a client computer. The access request comprises a digital certificate belonging to a user. The access management system verifies the identity of the user by validating the digital certificate. When so verified, the user receives access privileges from a policy database. The access privileges contain one or more access attributes. The access management system evaluates the access request based the one or more access attributes and grants the user access to the target computer if all the one or more access attributes are satisfied. | 10-13-2011 |
| 20110252460 | METHODS, APPARATUS AND SYSTEMS FOR AUTHENTICATING USERS AND USER DEVICES TO RECEIVE SECURE INFORMATION VIA MULTIPLE AUTHORIZED CHANNELS - Facilitating display of, and interaction with, secure user-centric information via a user platform operated by a user. A user identity is transmitted to an external computing device hosting an identity management server to authenticate the user. After authenticating, a desktop channel grid framework is displayed on the user platform. The channel grid framework includes multiple channels having respective contents represented as multiple user-selectable items, through which respective portions of the secure user-centric information are presented. At least some of the secure user-centric information in at least one channel is based on the user identity, and in displaying the at least one channel as a selectable item, the at least one channel is authenticated by the identity management server. In one example, the user platform also is authenticated, and multiple user-selectable items included in the channel grid framework is based on information access rights and/or security protocols respectively associated with the corresponding plurality of authorized channels, the user, and the user platform. | 10-13-2011 |
| 20110252461 | METHODS, APPARATUS AND SYSTEMS FOR PROVIDING SECURE INFORMATION VIA MULTIPLE AUTHORIZED CHANNELS TO AUTHENTICATED USERS AND USER DEVICES - Providing secure user-centric information via one or more user platforms operated by one or more users. Multiple channels are configured and implemented, through which information relevant to a given user is presented for user interaction via one or more user platforms associated with the user. A user profile is established identifying user preferences and one or more platform identities. The user profile is managed to grant the user access to specific ones of the multiple channels. In one example, user(s) and user platform(s) are authenticated to receive respective portions of the secure user-centric information based on user identities and platform identities. If authenticated, channel information relating to one or more of the multiple channels is transmitted to one or more users/user platforms, based on information access rights and/or security protocols respectively associated with the corresponding channels, the user(s), and the user platform(s). | 10-13-2011 |
| 20110258683 | APPARATUS AND METHOD FOR ACCESS VALIDATION - One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided. | 10-20-2011 |
| 20110258684 | TEMPORARY USER ACCOUNT FOR A VIRTUAL WORLD WEBSITE - A computer system and method are provided that facilitate permitting temporary access to a website or other computer application in which temporary access is given to a generic virtual character and its corresponding user. Temporary access is made available through a temporary user account that is set up by the user. The temporary user account is active for a limited time and allows the user to learn about the website, for instance, via the generic virtual character. The generic virtual character has limited access to the website and in particular to various activities or areas on the website. Unlike temporary user account holders, users who have purchased a real world item and have created premium user accounts have full access to the website via their corresponding premium virtual characters. In addition, the system and method prevent at least some interaction between the generic virtual characters and the premium virtual characters. | 10-20-2011 |
| 20110265147 | CLOUD-BASED BILLING, CREDENTIAL, AND DATA SHARING MANAGEMENT SYSTEM - A novel solution is provided that utilizes the two-credential characteristics of accessing cloud-hosted data in a portal-oriented enterprise-specific solution. Cloud computing resources may be accessed through a separate, enterprise-specific portal clients used to manage a set of cloud service accounts. Individuals (e.g., employees of the enterprise or company) may access cloud computing resources via an instance of the portal client, and any communication between individuals in an enterprise and cloud services may be facilitated through the portal. Each portal client may also be configured to be compatible with any cloud service vendor. | 10-27-2011 |
| 20110265148 | SYSTEM AND METHOD FOR CREATING A SECURE TRUSTED SOCIAL NETWORK - A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer-based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner. | 10-27-2011 |
| 20110265149 | SECURE AND EFFICIENT LOGIN AND TRANSACTION AUTHENTICATION USING IPHONESTM AND OTHER SMART MOBILE COMMUNICATION DEVICES - To authenticate a user of a mobile communication device for login or transaction authorization, a first application on the device directs transmission of a request for authentication of the user to a security server. A second application on the device receives the request for authentication from the security server and directs presentation of the received request for authentication to the user by the device. The second application receives a user input to the device indicating that the requested authentication should proceed and in response directs transmission of an indication that the requested authorization should proceed, to the security server. In response to this latter transmission, the second application receives a PIN from the authentication server. The first application directs transmission of the PIN received by the second application to the network site, which validates the transmitted PIN, in order to authenticate the user or the transaction to the network site. | 10-27-2011 |
| 20110265150 | MEDIA ASSET/CONTENT SECURITY CONTROL AND MANAGEMENT SYSTEM - A system, method, apparatus, and computer readable storage medium provide the ability to deliver media content in a secure manner in a computer system. A storage repository stores media content and marketing assets for the media content. A server computer is coupled to the storage repository and enabled to provide access to the media content and marketing assets via a website accessible on the Internet worldwide to a user. A digital advertising publicity repository (DAPR) enables an administrator to define first access rights for the user to access the website and second access rights for the user to access the DAPR. | 10-27-2011 |
| 20110265151 | METHOD OF ADDING A CLIENT DEVICE OR SERVICE TO A WIRELESS NETWORK - A smart network host device automatically registers a device or service with a wireless network using identification information and an authorization credential associated with the device or service. The smart network host device obtains the requisite identification information and authorization credential from a network association apparatus associated with the specific device or service to be registered with the wireless network. The smart network host device performs the registration automatically once the smart network host device confirms that the device or service has been associated with the wireless network and a secure password authentication protocol is successfully performed by the smart network host device and the device or service. The network association apparatus may comprise an RFID tag. | 10-27-2011 |
| 20110271327 | Authorized Application Services Via an XML Message Protocol - Disclosed are systems and methods to provide a persistent authorized server address space (ASAS). The ASAS can host components from product suites that are not able to execute in an authorized state. To host other product's components, the ASAS receives “messages” from the unauthorized product components in the form of a generic eXtensible Markup Language (XML) protocol. These messages may request product initialization/administration or performance of a function by the ASAS on behalf of the requesting product. Security constraints are also provided to ensure system and data integrity. Further, the ASAS is not tightly coupled to any requesting product so that flexibility of product update or update to the ASAS itself may not be unnecessarily constrained. | 11-03-2011 |
| 20110271328 | System And Method For Hosting A Social Network That Enables Granular Management Of The Privacy Of Posted Information - A system and method for hosting a social network that enables entities to particularly manage the privacy level of content posted on the social network. This may enable an entity to distribute news, congratulations, accolades, invitations, and/or other internal information within the social network to members, employees, students, investors, and/or other parties. | 11-03-2011 |
| 20110271329 | CROSS-NETWORK REPUTATION FOR ONLINE SERVICES - A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score. | 11-03-2011 |
| 20110277016 | Method for managing shared accounts in an identity management system - This disclosure describes a method of and system for provisioning of shared account credentials to provide authorized access to shared or delegated accounts. Preferably, an enterprise single sign-on (E-SSO) system is used to manage the shared account or control delegation of account access, and preferably the shared or delegated account credential is not exposed to the end user. The described technique enables temporary delegation of account privileges to a member of a shared role. Using the described approach, an information technology (IT) account may be shared so that a user who needs to perform a shared duty can do so in the context of a shared role and without having control over the account itself. The approach facilitates delegating the use of a single account to one of a member of the shared role. | 11-10-2011 |
| 20110277017 | DATA DRIVEN ROLE BASED SECURITY - Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access. | 11-10-2011 |
| 20110277018 | Apparatus and Method for Establishing a Peer-to-Peer Communication Session with a Client Device - The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the client device is received from the server by a host device, communication with the server is maintained, and authentication information from the client device is received by the host device. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device. | 11-10-2011 |
| 20110277019 | SYSTEM AND METHOD FOR SECURE ACCESS OF A REMOTE SYSTEM - A system and method for providing a user with secure access to devices operatively connected to a network comprising at least one processing device that has access to a database. The database maintains information for each user of the system, such as the user's login credentials and access level or permissions, along with information corresponding to each network device, such as, for example, the device's login credentials, IP address, and port settings. The processing device authenticates each user and then provides each user with access to the network devices as defined by the data maintained in the database corresponding to the respective user and the network devices. | 11-10-2011 |
| 20110283338 | SENSOR-BASED AUTHENTICATION TO A COMPUTER NETWORK-BASED SERVICE - Sensor-based authentication technique embodiments are presented which generally employ sensor readings captured by a user's computing device (such as a mobile computing device like a cell phone, smart phone, PDA, and so on) to authenticate the user's access to a computer network-based service (such as a web-service) that is secured with traditional textual passwords. These traditional passwords are saved in an off-device password repository service. The aforementioned sensor readings are not cached on the user's computing device and are immediately streamed to the password repository service, where they are validated against a pre-arranged, known sensor-based password. If the validation succeeds, access to the password protected service is brokered by the password repository service on behalf of the user using the appropriate traditional password, and the user's computing device is granted access. | 11-17-2011 |
| 20110283339 | METHOD AND APPARATUS FOR PROVIDING NETWORK SECURITY USING SECURITY LABELING - A method and apparatus for providing network security using security labeling is disclosed. The method includes comparing first security level information and second security level information, and indicating processing to be performed on the packet based on the comparing. The first security level information is stored in a security label of a packet received at a network node, while the second security level information is stored at the network node. | 11-17-2011 |
| 20110283340 | FLEXIBLE QUASI OUT OF BAND AUTHENTICATION ARCHITECTURE - To obtain user approval of network transactions at different levels of security, a network site selects a form in which a transaction with be presented to the user from a group of transaction presentation forms including presentation of the transaction in a browser pop-up window on a user network device, in a security software application window on the user network device, and in a security application window on another user network device. The network site also selects a type of approval of the transaction required from the user from a group of transaction approval types including approval requiring no action by the user after presentation of the transaction, the user to actively approve the presented transaction, and the user to sign the presented transaction. The transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to obtain approval of the transaction by the user. | 11-17-2011 |
| 20110283341 | Facilitating Secure Communications - The claimed subject matter provides systems and methods for facilitating secure communications. The disclosed systems and methods can include components for receiving and processing user authentication information from users or other systems to selectively provide access to stored information. The stored information may be displayed on or accessed via interfaces that interact with components of the system. An embodiment provides for identifying an authentication framework to verify authentication data, authenticating a user using the identified authentication framework, receiving message data associated with at least one communications message, generating at least one outgoing message in response to the received message data, wherein the outgoing message differs from the received communications message, and providing access to content associated with the at least one communications message. | 11-17-2011 |
| 20110283342 | THIN CLIENT-SERVER SYSTEM, THIN CLIENT TERMINAL, DATA MANAGEMENT METHOD, AND COMPUTER READABLE RECORDING MEDIUM - Provided are a thin client-server system, a thin client terminal, a data management method, and a computer readable recording medium capable of preventing data leakage when the thin client terminal is lost. | 11-17-2011 |
| 20110283343 | DEVICE FOR GENERATING A VIRTUAL NETWORK USER - A device for generating a virtual network user that can be used, for data protection purposes, as a pseudonym by which a physical person or legal entity can gain access to the Internet and engage services that can be implemented via the network. The network user is defined by a freely specifiable combination of real and/or arbitrarily specifiable attributes. The input of these attributes into the network access device (PC) of the user activates a transformation system which facilitates the generation of the data flows that implement the virtual network user and that can be saved with the temporal sequence of the data flow in a storage device of the transformation system. An access system allocated to an independent authority is provided, which upon activation can initiate the readout of such data from a memory allocated to the storage device of the transformation system. | 11-17-2011 |
| 20110289560 | Method And Apparatus To Bind A Key To A Namespace - A method includes identifying an application installed on a device as an authorized application of a certain domain, the application being signed with a private key; deriving a signer identity using a public key that forms a key pair with the private key; mapping the certain domain to another domain using a deterministic function map; making a request to the another domain to obtain a list of signer identities that are authorized to act on behalf of the certain domain; determining whether the signer of the application is in the list and, if it is, authorizing the application to act with the same privileges as granted in the certain domain. Apparatus and computer programs for performing the method are also disclosed. | 11-24-2011 |
| 20110289561 | System and Method for Information Handling System Multi-Level Authentication for Backup Services - Access to backup information, such as at network attached storage compliant with NDMP, is managed by interfacing a backup authentication mechanism with a primary authentication system and responding to requests for backup information according to permissions defined by the primary authentication system. A data management application requests access to backup information with an NDMP MD5 hash and includes a domain name and password for an LDAP or AD authentication through a pluggable authentication module. Access to backup information is provided based upon the permissions associated with the domain of the primary authentication mechanism. | 11-24-2011 |
| 20110289562 | METHOD FOR ENHANCING THE SECURITY OF THE MULTICAST OR BROADCAST SYSTEM - A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system. | 11-24-2011 |
| 20110289563 | SERVICE PROVISION - A method and system for service provision, comprising: a web browser ( | 11-24-2011 |
| 20110296495 | Redundant Credentialed Access to a Secured Network - A mobile communication device is configured to provide redundant credentialed access to one or more secured wireless communication networks. The mobile device obtains credentialed access to one of the secured networks by remotely using credentials stored in a credentialed communication device that is locally available (i.e., in the vicinity of the mobile device). Responsive to detecting the actual, or potential, compromise of the mobile device's credentialed access to that secured network, the mobile device switches to other credentials stored in a different credentialed device and obtains credentialed access to one of the secured networks by remotely using those other credentials. This switching occurs dynamically upon detecting the compromise of credentialed access, as well as automatically without requiring the mobile device's user to manually enter commands into the device's user interface. | 12-01-2011 |
| 20110296496 | System and Method for Maintaining Dual Identity in a Server Process - A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed. | 12-01-2011 |
| 20110296497 | Delegation-Based Authorization - Delegation-based authorization is described. In one example, a reference monitor receives from a first entity a request and a credential statement comprising a delegation of authority over a fact to a further entity. An authorization node then determines whether the further entity consents to provide the fact to the first entity and evaluates the request in accordance with an authorization policy and the credential statement. In another example, an assertion comprising a statement delegating authority over a fact to a further entity is received at an authorization node from a first entity. An authorization policy is then used to determine that the first entity vouches for the fact if each of these conditions are met: i) the first entity consents to import the fact from the further entity, ii) the further entity consents to export the fact to the first entity, and iii) the further entity asserts the fact. | 12-01-2011 |
| 20110296498 | Fax authentication for secure fax transmission and of unwanted faxes - A system and a method of authenticating faxes are disclosed. The method includes receiving image data that includes at least one page to be transmitted by a sending fax device. An authentication code is generated at the sending fax device. The authentication code is transmitted to a receiving fax device. The receiving fax device determines whether the authentication code is one which is accepted. If it is, the receiving fax device authorizes commencement of the fax transmission. | 12-01-2011 |
| 20110296499 | Security Context Passing for Stateless System Management - Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user. | 12-01-2011 |
| 20110296500 | Methods for Server-Driven Packet Congestion Control - Methods for congestion control by a AAA server are provided. In an embodiment of the invention a hint indicator is embedded in reply messages from a AAA server. In subsequent messages received by that AAA server, the AAA server determines when the hint indicator is present. Processing decisions for the subsequent message are based on the presence of the hint indicator. In another embodiment, a method for congestion control at the AAA server is provided. At the AAA server a message received from a network access server is stored and timestamped in an ingress message queue. A congestion state for the AAA server is determined based on an ingress queue state and a message age state. The message is processed based on the congestion state. In alternative embodiments, message processing is based on the congestion state, message type and number of round trip messages. | 12-01-2011 |
| 20110296501 | Connecting Devices to an Existing Secure Wireless Network - An intermediary device may be used to connect a telecommunications device to an existing secure network that is accessed by a computing device. The intermediary device may simplify connections to the secure network by connecting to the secure network without setting up a new connection to the secure network. The telecommunications device may connect to the computing device, via the intermediary device, using a secondary network, which enables the telecommunications device to access the secure network through the computing device. In some instances, the computing device may operate to bridge a connection with the telecommunications device and perform some or all of the functions of the intermediary device. | 12-01-2011 |
| 20110296502 | Methods and Systems for Network-Based Management of Application Security - To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a process's token. The rule includes an application-criterion set and changes to be made to the groups and/or privileges of a token. The rule is set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers. When a GPO containing a rule is applied to a computer, a driver installed on the computer accesses the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process. | 12-01-2011 |
| 20110302630 | IDENTITY MANAGEMENT VIA CLOUD - A system and method of maintaining a user profile for a handheld computer in a shared, scalable computing resource is described. The method includes receiving user profile data from the handheld computer at the shared, scalable computing resource, the user profile data comprising a user security factor. The user profile data is received via a secure wireless communication protocol having authentication of an identity of the handheld computer. The method includes storing the user profile data on the shared, scalable computing resource as a portion of a user profile, the user profile further comprising user preference data. The method further includes receiving the user security factor from a second computing device. The user security factor is received via a secure wireless communication protocol having authentication of an identity of the second computing device. The method further includes downloading user preference data to the second computing device. | 12-08-2011 |
| 20110302631 | SYSTEMS AND METHODS FOR LOGGING INTO AN APPLICATION ON A SECOND DOMAIN FROM A FIRST DOMAIN IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT - A system and method for logging into an application across separate domains in a multi-tenant database environment is provided. The method may include receiving, by a server associated with a first domain, a substitute user request from a user of the first domain, the substitute user request including a request for the user of the first domain to become a user on a second domain, posting, to a server associated with the second domain, the substitute user request, and posting, by the server associated with the second domain, a new session identification allowing the user of the first domain to login to an application on the second domain. | 12-08-2011 |
| 20110302632 | Method and System for Supporting Visitor Access Via a Broadband Gateway - A method and system are provided in which a broadband gateway may enable a guest or visitor to access content available to the broadband gateway. The content may be received by the broadband gateway through one or more of a plurality of network access service providers that may provide separate physical layer access to the broadband gateway. After a visitor's device is connected to the broadband gateway, the broadband gateway may classify the device. Based on the classification, the device may be authorized to access a portion of the content received. Once the authorization process is complete, the appropriate content may be made available and transferred to the device. The authorization process may include the authentication of a device identifier and/or a user identifier. The authorized access may be time-limited, but may be renewed or enabled when a request is received within a determined period of time. | 12-08-2011 |
| 20110302633 | Safe Internet Browser - The present invention provides a computer program product for implementing supervision functions for Internet browsing. The computer program product including a plurality of computer executable instructions stored on a computer readable medium. Wherein, the instructions when executed by a computer having a graphical user interface cause the computer to perform the steps of initiating a custom browser on the computer. The custom browser communicates with a centralized database of authorized content. The authorized content has one or more pictograms associated to the authorized content. The one or more pictograms are displayed on the graphical user interface of the computer. Authorized content is downloaded from the Internet onto the graphical user interface of the computer in response to the activation of the one or more pictograms. | 12-08-2011 |
| 20110302634 | PROVIDING SECURE COMMUNICATION AND/OR SHARING OF PERSONAL DATA VIA A BROADBAND GATEWAY - A broadband gateway may manage confidential data associated with users in a home network managed and/or serviced by the broadband gateway. The broadband gateway may store the user confidential data broadband gateway in a distributed manner, wherein the confidential data may be divided into a plurality of portions and stored separately in multiple storage locations or devices. When users authorize the transfer of the confidential data, all portions may be communicated to enable aggregating them such that the confidential data may be obtained. The user confidential data may be encrypted. The broadband gateway may securely communicate and/or share the user confidential user data. This may be achieved by tracking communication of the user confidential data, by using tags incorporated into the data. The broadband gateway may also ensure that communicated confidential data is rendered unusable under certain conditions, based on use for various timing tags for example. | 12-08-2011 |
| 20110302635 | ENHANCING SECURITY IN A WIRELESS NETWORK - A method of enhancing security in a wireless mesh communication network operating in a process control environment and including a plurality of wireless network devices includes processing a join request from a wireless device wishing to join the wireless mesh communication network, providing a limited network functionality to the wireless device if the join request is granted, requesting a complete approval of the wireless device; and granting a full network functionality to the wireless device if the complete approval of the wireless device is received. | 12-08-2011 |
| 20110302636 | Method of Providing a Digital Asset for Distribution - Digital assets are distributed within an electronic network. An index of digital assets available for distribution over the electronic network is provided, where each digital asset has a first serial number associated with a first transfer within the network. The index can include a list of one or more locations for the digital assets, terms of use, etc. A second serial number is provided for the digital asset in response to a request for a second transfer of a digital asset. The second serial number can be embedded within the asset and transferred from a host server to a client device in response to a confirmation of acceptance of the terms of use. | 12-08-2011 |
| 20110307940 | INTEGRATED WEB APPLICATION SECURITY FRAMEWORK - Various embodiments of systems and methods for integrated web application security are described herein. A unified framework for authentication, authorization, and session management specifically separates credential gathering and authentication as two separate steps that may be extended independently. The credential gathering is done by specific credential providers, and the authentication is performed independently. In another aspect, login/logout processing is separated from the authentication logic. Session validators, credential providers, authenticators, authorizers may be run independently. | 12-15-2011 |
| 20110307941 | Method and apparatus to implement secured, layered logout from a computer system - A secure, layered logout of a user session is implemented in a web-based management tool, such as a middleware appliance. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions associated therewith and that are enforced upon a timeout. Preferably, each succeeding security level in the set of security levels is reached as time increases from an idle time associated with the user session. Upon expiration of a timeout associated with a security level, the set of permissions associated with the security level are then enforced against at least one managed object while the user session continues. As each next security level is reached, the set of permissions associated with the security level are then enforced (with respect to the managed object or against one or more other managed objects), once again while the user session continues. Each of the objects preferably is managed independently of at least one other object; thus, the layered logout may enforce different permissions with respect to different managed objects while at the time maintaining the user session. If the user takes no action, eventually a timeout associated with a final security level of the set of security levels will occur, at which point the user session is finally terminated. | 12-15-2011 |
| 20110307942 | Method and Apparatus for Authorization of Customer Premises Equipment - A computer-implemented method for requesting content over a public network is described. A customer premises equipment (CPE) can receive a time-varying signal over a private broadcast network. The signal can be used to generate authorization information on the CPE for content access over the public network. When a request for content that must be served over the public network is made at the CPE, the validity of the authorization information can be verified before the request is sent to the content delivery system. | 12-15-2011 |
| 20110314518 | PREVENTING MULTIPLE BACKEND CALLS AT BROWSER LAUNCH DURING MOBILE BROADBAND PROVISIONING - To reduce or avoid multiple calls for authentication, during mobile device provisioning for broadband connectivity which might otherwise be caused by add-ons associated with a browser, a provisioning gateway or server system maintains a database of records of source addresses and associated mobile numbers. The records may also indicate time of last request from each address. In response to a new request, the system determines if there is a record for the source address. If there is a record, and in our example, if the record indicates that time since the last prior request is less than a threshold value, then the system continues provisioning processing for the device but without any communication with an authentication system. However, if there is no record or if the last request from a source address is older than the threshold, then the system communicates with the authentication system to obtain the directory number for the mobile device. | 12-22-2011 |
| 20110314519 | APPARATUS, SYSTEMS AND METHODS FOR MEDIA CONTENT DELIVERY - A media content delivery system and method is operable to communicate an authorized single media content stream generated by a local programming provider (LPP) in a domestic market area (DMA) to a client facility, wherein the authorized single media content stream is multiplexed into a multi-media content stream with a plurality of other single media content streams generated by a plurality of other LPPS in the DMA. An exemplary embodiment identifies an authorized single media content stream of interest to a client; accesses the multi-media content stream communicated from a communication network at the client facility, unbundles the authorized single media content stream from the received multi-media content stream, and communicates the authorized single media content stream to a program content generation system operated by the client. | 12-22-2011 |
| 20110314520 | ONLINE SERVICE ACCESS CONTROLS USING SCALE OUT DIRECTORY FEATURES - Embodiments provide application and/or resource access control features of an online computing environment, but are not so limited. In an embodiment, a computer-implemented method provides access control features for an online application environment based in part on the use of a number of directory service instances isolated from direct customer access and deployed in a defined datacenter architecture. In one embodiment, a computing environment uses web-based access control features and a number of directory service instances having organizational units and corresponding mappings to maintain a support infrastructure as part of providing features of online application services to customers. Other embodiments are included and available. | 12-22-2011 |
| 20110314521 | COMPUTER READABLE MEDIUM STORING PROGRAM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - A computer readable medium storing a program causing a computer to execute a process is provided. The process includes obtaining note content information representing note content included in a note if the note has been input to registered information; obtaining user specification information for specifying a user who has input the note; causing the note content information and the user specification information to be stored in a memory in association with the registered information; and outputting at least one of the registered information, and the note content information and the user specification information stored in the memory to a user as a request source, and not outputting at least the user specification information if the user as the request source is different from the user who has input the note, in response to a request for outputting information from the user as the request source. | 12-22-2011 |
| 20110314522 | Method and apparatus for relay node management and authorization - Methods and apparatuses are provided for deploying relay nodes in a communication network. A relay node can initially be wirelessly authenticated to a network entity using initial security credentials. In response to a successful authentication, the relay node is authorized to wirelessly communicate with the communication network for a limited purpose of configuring the relay node for relay device operations. The relay node can receive new security credentials from the communication network, and is subsequently re-authenticated to the network entity using the new security credentials. In response to a successful re-authentication, the relay node is authorized by the network to operate as a relay device for conveying traffic between one or more access terminals and the communication network. | 12-22-2011 |
| 20110314523 | Out-of-band Tokens for Rights Access - Access to content may be administered by storing content, the content comprising one or more selections, accessing a passive optical out-of-band token associated with the content, determining an access right for the content based on the passive optical out-of-band token, and enabling access to the content in accordance with the access right. | 12-22-2011 |
| 20110321129 | DISAMBIGUATING ONLINE IDENTITIES - Described herein are technologies pertaining to disambiguating identities/accounts over a plurality of online services. Public data streams pertaining to accounts of different online services are analyzed, and a determination is made that the accounts are owned by a same user. A searchable profile is generated for the user that comprises data that indicates that the user represented by the profile owns the accounts. The profile is claimable by the user such that the user is enabled to customize contents of the profile. | 12-29-2011 |
| 20110321130 | NETWORK LAYER CLAIMS BASED ACCESS CONTROL - Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s). | 12-29-2011 |
| 20110321131 | SECURITY MODEL FOR WORKFLOWS AGGREGATING THIRD PARTY SECURE SERVICES - A method, system and computer program product for security model for workflows aggregating third party secure services. In one embodiment, a workflow model described in a workflow language is provided and configured to declare security requirements of a composite application integrating protected data from two or more external network resources. The method also incorporates providing an authentication service executing on at least one secure server computer. The authentication service is configured to conduct user authentication and authorization to access the protected data at the external network resources on behalf of the composite application executing on at least one host server computer according to the workflow language. | 12-29-2011 |
| 20110321132 | SYSTEM, METHOD, AND POLICY ENGINE FOR GRANTING TEMPORARY ACCESS TO ELECTRONIC CONTENT - A system, method, and Policy Engine for granting a first user temporary access to a second user's electronic content. The Policy Engine receives a request originating from the first user to access the second user's content, and retrieves from a relationship database, relationship information regarding a relationship between the two users. If an access rule matching the relationship information is stored in the Policy Engine, the Policy Engine applies the access rule to control access by the first user for a period of time specified in the rule. If an access rule is not stored, the Policy Engine obtains the access rule from the second user. The Policy Engine allows access when the matching rule grants access and the matching rule has not expired, and denies access when there is no matching rule, when the matching rule does not allow access, or when the matching rule has expired. | 12-29-2011 |
| 20110321133 | SYSTEM AND METHOD FOR AUTHENTICATING WEB USERS - Disclosed are systems and methods for authenticating web users. In one embodiment, a method includes sending the destination web page to the parent frame of the web browser, where the destination web page when processed by the web browser is operable to perform operations, including determining if the web user is authenticated with the content provider and generating a child frame associated with the parent frame if the web user is not authenticated with the content provider. The destination web page is operable to perform further operations, including requesting, by the child frame, an authentication web page from an authorization provider, receiving, by the child frame, the authentication data from the authorization provider, and receiving, by the parent frame, the authentication data. | 12-29-2011 |
| 20110321134 | Consigning Authentication Method - A method for sharing content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management includes receiving integrity information from a first client at a first trust level in the trust hierarchy at a second client at the first trust level, requesting permission to receive electronic content from the first client, receiving a determination regarding the requested permission, and communicating the determination to the first client. The first client obtained content from a policy enforcement point in the network. The request for permission is made to the policy enforcement point and the request includes the integrity information. The determination is received from the policy enforcement point and is based in part on the integrity information about the first client. The second client communicates to the first client the determination of whether the second client receives the content from the first client. | 12-29-2011 |
| 20110321135 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR CONTROLLING ACCESS TO A RESOURCE - Methods, apparatuses, and computer program products are provided for controlling access to a resource. A method may include determining one or more request attributes associated with a request for access to the resource. The method may further include accessing an access control list associated with the resource. The access control list may include one or more access control attributes associated with the resource. The method may additionally include determining a permission defining one or more access abilities for the resource at least in part by comparing the request attributes to the access control attributes and, for any access control attribute corresponding to a request attribute, including an ability associated with the corresponding access control attribute in the permission. The method may also include determining whether to grant the request based at least in part on the determined permission. Corresponding apparatuses and computer program products are also provided. | 12-29-2011 |
| 20110321136 | GENERALIZED IDENTITY MEDIATION AND PROPAGATION - Provided are techniques for providing security in a computing system with identity mediation policies that are enterprise service bus (EBS) independent. A mediator component performs service-level operation such as message brokering, identity mediation, and transformation to enhance interoperability among service consumers and service providers. A mediator component may also delegate identity related operations to a token service of handler. Identity mediation may include such operations as identity determination, or “identification,” authentication, authorization, identity transformation and security audit. | 12-29-2011 |
| 20110321137 | ACCESS CONTROL DEVICE, ACCESS CONTROL METHOD, PROGRAM, STORAGE MEDIUM, AND INTEGRATED CIRCUIT - An access control device for use in a system for providing users with a content access service, the access control device obtaining a content including one or more pieces of personal information, storing a plurality of pieces of personal information in correspondence with a plurality of pieces of first user information each of which indicates one of (i) a user who is permitted by a person related to a corresponding piece of personal information to access a content including the corresponding piece of personal information, and (ii) a user who is not permitted by the person related to the corresponding piece of personal information to access the content, and determining whether or not to give permission to access the content obtained by the obtaining unit, in accordance with a piece of first user information stored in the storage unit in correspondence with the piece of personal information included in the content. | 12-29-2011 |
| 20110321138 | Mask Based Challenge Response Test - A method for providing a challenge response test associated with a computer resource performed by a physical computing system includes, with the physical computing system, generating a challenge response test image comprising a plurality of well-formed construct elements forming a well-formed construct and a plurality of random construct elements, and providing a number of masks to be placed over the image, one of the number of masks configured to reveal the well-formed construct elements when placed over the image. | 12-29-2011 |
| 20110321139 | Online Protection Of Information And Resources - A computer implemented method and system for protecting information and resources in an online environment is provided. A process initialization monitor application monitors process initialization of a client application provided on a user's communication device. The client application identifies and authenticates one or more components operating on the communication device and one or more third party applications attempting to access the client application. The client application performs the authentication by performing a code integrity check integrated in the client application independent of the communication device, and grants access to the authenticated components and the authenticated third party applications. The client application protects information being processed, exchanged, stored, and displayed within the client application. The client application masks input information, encrypts a communication channel that transfers the input information, blocks attempts to monitor, intercept and manipulate information by unauthorized entities, and prevents access of certificates, resources, etc., by unauthorized entities. | 12-29-2011 |
| 20110321140 | SYSTEM AND METHOD FOR AUTOMATICALLY LEARNING MAILBOX CONFIGURATION CONVENTIONS - A system and method automatically learns mailbox configuration conventions. The validator module determines a valid set of configuration parameters used for accessing an electronic mailbox of a user within a mail domain after receiving configuration information from the user that is limited in the configuration parameters required for accessing the electronic mailbox. A learner module accepts from the validator module a set of configuration parameters determined to be valid and generates configuration conventions for a mail domain. A database store is the generated configuration conventions. The validator and learner modules can be operative as part of a web server. | 12-29-2011 |
| 20120005728 | MANAGING MEETING INVITATIONS TO SUB-INVITEES - A computer implemented method manages meeting invitations to sub-invitees. A meeting coordinating computer detects a meeting invitation being sent from a meeting moderator's computer to a primary invitee's computer. The meeting coordinating computer intercepts a response from the primary invitee's computer. This response contains a request for a sub-invitee to accompany the primary invitee to the meeting. If the sub-invitee is initially authorized by the meeting coordinating computer to attend the meeting, then a request is transmitted to the meeting moderator's computer for additional authorization to invite the sub-invitee to the meeting. | 01-05-2012 |
| 20120005729 | SYSTEM AND METHOD OF NETWORK AUTHORIZATION BY SCORING - A method and system of collecting data from a device seeking authorization for an association with a network, scoring the collected data in accordance with pre-defined criteria, comparing data about the device and request with a past history of requests for authorization by such device, and modifying the score based on such comparison. | 01-05-2012 |
| 20120011567 | APPARATUS AND METHODS FOR CONTENT DELIVERY AND MESSAGE EXCHANGE ACROSS MULTIPLE CONTENT DELIVERY NETWORKS - Methods and apparatus for providing protected content to subscribers of a managed (e.g., MSO) network via a content source accessible via an internetwork such as the Internet. In one embodiment, a user accesses a programmer website, and requests content. The programmer determines whether the requesting user is permitted to access the content, and what rights or restrictions are associated with the user. This includes authenticating the user as a subscriber of the MSO, and determining the subscriber's subscription level. In another embodiment, a user's account with the MSO and programmer may be federated, thus a given user will have MSO-specific information regarding its identity (such as login information, GUID, etc.) and/or information regarding subscription level and service details, stored at the programmer. Messages received from the MSO representing permission for the user to access content may also be stored at the programmer site for later reference. | 01-12-2012 |
| 20120011568 | SYSTEMS AND METHODS FOR COLLABORATIVE, NETWORKED, IN-CONTEXT, HIGH RESOLUTION IMAGE VIEWING - Systems and methods are provided for viewing portions of an image in high resolution and in context with a full image, which is displayed at a base resolution that is lower resolution than the resolution of the high-resolution image. Some embodiments provide for collaborative viewing of imagery, where the image viewing system can be configured to allow a first user to select an area of interest, resolution, and virtual lens shape and size on behalf of a second user or users, and the first user's selections can be saved for later use when the second user or users request the image. Embodiments that support this collaborative technique can be employed in collaborative or instructional applications. | 01-12-2012 |
| 20120011569 | SYSTEM AND METHOD FOR PROTECTING MAC CONTROL MESSAGES - A system to protect MAC control messages is presented. In one embodiment, the system comprises a processor, a memory coupled to the processor, and a communication device coupled to the processor to communicate wirelessly over multiple sub-channels in an orthogonal frequency division multiple access (OFDMA) wireless network. The communication device is operable to determine that a MAC control message is protected if an indicator within the MAC control message is set. The communication device validates, if the indicator is set, integrity of the MAC control message in conjunction with a CMAC (cipher-message authentication code) tuple concatenated with the MAC control message. | 01-12-2012 |
| 20120011570 | WEB-BASED AID FOR INDIVIDUALS WITH COGNITIVE IMPAIRMENT - A system for assisting an individual with cognitive impairment including a display device adapted to connect to a remote server and a dedicated website hosted on the remote server and remotely accessible by an authorized individual dedicated to hosting content for the individual with cognitive impairment. A homepage is displayed on the display device. The homepage displays content provided by the dedicated website. A plurality of informational icons are provided on the homepage. The information icons are adapted to display content from the dedicated website. The authorized individual can modify and transmit content to the homepage through the website to be accessed by the individual with cognitive impairment through the display device. | 01-12-2012 |
| 20120011571 | Method And Apparatus For Cross DRM Domain Registration - A content moving device may provide content to plurality of different user devices using a plurality of different DRM systems. The content moving device provides for registration of the DRM systems associated with the user devices. The content moving device may verify a user device by a DRM ID associated with the user device. A domain size may be used to limit the number of content user devices that may be approved for access. | 01-12-2012 |
| 20120011572 | METHOD OF PERFORMING A SECURE APPLICATION IN AN NFC DEVICE - The invention relates to a method of executing a secure application in an NFC device, the method comprising steps during which: a contactless link is established between first and second NFC devices, the first NFC device transmits by the contactless link an identifier of a secure processor of the first NFC device, the second NFC device transmits by the contactless link an application identifier, the secure processor transmits by the contactless link first authentication data allowing the authentication of the secure processor of the first NFC device, the second NFC device transmits to an application server the first authentication data, the application server transmits to an authentication server the first authentication data and second authentication data) to authenticate the application and authorizes the two NFC devices to execute the application only if the secure processor and the application are authenticated. | 01-12-2012 |
| 20120011573 | SYSTEM AND METHOD FOR MANAGING INSIDER SECURITY THREATS - A defense mechanism module is provided for protecting a system from a privileged user. In some embodiments, a defense mechanism module can be integrated with the system such that all communications between the privileged user and the system first communicate with the defense mechanism module. | 01-12-2012 |
| 20120011574 | GENERIC KEY-DECISION MECHANISM FOR GAA - A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function. | 01-12-2012 |
| 20120017266 | SYSTEMS AND METHODS FOR PERMISSION ARBITRATED TRANSACTION SERVICES - Systems and methods disclosed allow a permitting party to share personal information with a receiving party. The receiving party may use the information to authenticate the permitting party, assess the permitting party, determine if the permitting party is compatible with one or more other users associated with the receiving party, or validate the permitting party. The permitting party may define how much of the permitting party's personal information is shared, and/or limit the use of the information for one or more specific purposes. A requesting party may also set up criteria for the types of information it wants to review along with the intended use of the information. The systems and methods disclosed also enables permitting parties the ability to grant requesting parties access to requested information. | 01-19-2012 |
| 20120023553 | Static Analysis For Verification Of Software Program Access To Secure Resources For Computer Systems - A method includes, using a static analysis, analyzing a software program to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. The method also includes, in response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, outputting a result indicative of the analyzing. Computer program products and apparatus are also disclosed. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. | 01-26-2012 |
| 20120023554 | SYSTEMS AND METHODS FOR PROVIDING A SMART GROUP - The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component. | 01-26-2012 |
| 20120023555 | WIRELESS ENVIRONMENTAL MONITORING OF GOODS - A system for wireless environmental monitoring of goods, the system comprising a portable environmental data logger and a portable computerized device, each comprising: a standard short-range radio module; and an authentication and security module, wherein said standard short-range radio modules of said logger and said computerized device are configured to communicate with one another over a standard wireless communication channel, and wherein said authentication and security modules of said logger and said computerized device are each configured to execute, over the standard wireless communication channel, a non-standard authentication routine for authenticating an identity of said computerized device to said logger, so as to provide said computerized device with data access to said logger based on a security profile assigned to said computerized device. | 01-26-2012 |
| 20120023556 | IDENTITY MANAGEMENT AND SINGLE SIGN-ON IN A HETEROGENEOUS COMPOSITE SERVICE SCENARIO - A server device that includes a memory to store identity information for a group of users, policy information, and context information for a group user devices. The server device also includes a processor to receive, from another server device, a request for login credentials, associated with a user of a user device, that enable a third party application to access a service provider on behalf of the user, the request including identity information associated with the user and context information associated with the user device; verify the identity of the user based on a determination that particular identity information is stored in the memory; authorize the disclosure of the particular identity information based on a determination that the context information matches particular context information stored in the memory and that the policy information permits the disclosure of the particular identity information; and send the particular identity information, that includes the login credentials, to the other server device based on the verified identity and the authorized disclosure. | 01-26-2012 |
| 20120023557 | METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK - A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion. | 01-26-2012 |
| 20120030733 | ACCESSING RESOURCES OF A SECURE COMPUTING NETWORK - According to one embodiment of the present invention, a method for accessing resources of a secure computing network may be provided. The method may include receiving a request to allow a user to access a secure computing network. The user may be associated with an avatar that has a unique set of one or more identifiers that are associated with the user. A security clearance level of the avatar may be determined from the unique set of identifiers of the avatar. The avatar may be authorized to access one or more virtual compartments of the secure computing network according to the security clearance level of the avatar. The virtual compartment may comprise one or more resources of the secure computing network. The method may further include facilitating display of one or more resources of a virtual compartment accessed by the avatar. | 02-02-2012 |
| 20120030734 | FEMTOCELL ACCESS PROVISIONING BASED ON SOCIAL NETWORK, PRESENCE, AND USER PREFERENCES - A system and methodology that facilitates user friendly, automatic and/or dynamic femtocell access provisioning based on social network, presence, and/or user preference information is provided. In particular, the system can includes femto access manager that can identify a list of ‘close friends’, to which the femtocell owner is likely to grant femtocell access, based on an analysis of access data (e.g., data from social networks, communication logs, calendars, address books, websites and/or blogs, transaction related data, and the like). Further, an access priority associated with each of the close friends can be determined based in part on location data, availability data, and/or predefined policies. Furthermore, the femto access control list, within the femto access point (FAP), can be populated, dynamically and/or automatically, with the highest priority friends from the close friends list. | 02-02-2012 |
| 20120036558 | SECURE ACCESS MANAGEMENT AGAINST VOLATILE IDENTITY STORES - Embodiments of the present invention are directed to managing access to protected computer resources. More particularly, embodiments of the present invention provide systems and methods for modifying a user's ability to access a protected computer resource while the user is currently using the resource. If the privileges granted to a user for accessing the protected resource are altered, these alterations take effect in substantially real time. In an exemplary embodiment, a user data repository will initiate the process of altering the user's access privileges upon changes of data in the repository. In this way, it does not matter how or by whom the data in the repository is changed, but the change itself is sufficient to initiate a re-computation of a user's access privileges to the protected resource. | 02-09-2012 |
| 20120036559 | SYSTEM, METHOD AND APPARATUS FOR SECURITY MANAGEMENT OF AN ELECTRONIC DEVICE - A system, method and apparatus for security management of an electronic device or subscriber are provided. In one aspect, the system includes a profile server and an inspection point server that are both connectable to a mobile electronic device. The mobile electronic device is configured to send contextual data such as location data or information pertaining to the identity of the subscriber from the device and into a network attached to the mobile electronic device. The profile server is configured to authorize (or deny authorization) the release of contextual data such as location data or information pertaining to the identity of the subscriber. The inspection point server is configured to intercept the contextual data such as location data or information pertaining to the identity of the subscriber being sent from the device and query the profile server to determine if the request was authorized. | 02-09-2012 |
| 20120036560 | TOPOLOGY BASED FAST SECURED ACCESS - The present invention relates to methods, apparatuses, and computer program products for providing secure access for a user or terminal to a network, wherein an intermediate authentication node is authorized to listen to and store authentication related information. When an authentication request is received, the stored authentication related information is checked and the user or terminal is authenticated if a match between authentication related information of the authentication request and the stored authentication related information is determined, and an authentication server responsible for the authentication request is notified about the authentication result. | 02-09-2012 |
| 20120036561 | METHODS AND SYSTEMS FOR SECURELY MANAGING VIRTUALIZATION PLATFORM - Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients. | 02-09-2012 |
| 20120036562 | Trusted License Removal in a Content Protection System or the Like - A digital license includes an identification of a removal service that can authorize removing such license. A client selects the license to be removed and the service, constructs a challenge including therein a challenge license identification block (LIB) identifying the license to be removed, and sends the challenge to the service. The service receives the challenge, stores at least a portion of the challenge in a database, constructs a response corresponding to the challenge and including therein a response LIB identifying the license to be removed and an identification of the service, and sends the response to the client. The client receives the response, employs the response LIB from the response to identify the license to be removed, and removes the identified license upon confirming that the identification of the service in the identified license matches the identification of the service in the response. | 02-09-2012 |
| 20120042360 | MOBILE SERVICES TAILORED TO USER NEED - A system for controlling delivery of content to a user in a telecommunications network, includes:
| 02-16-2012 |
| 20120042361 | METHOD AND SYSTEM FOR SECURING AGAINST LEAKAGE OF SOURCE CODE - Embodiments of the invention provide a method and a system of detecting source code in a message being sent over a digital communication network to secure against unauthorized leakage of source code. The message is intercepted on a network device, placed into a memory on the network device, and divided into one or more segments, wherein each segment includes a predetermined number of lines of text from the message. For each segment, one or more syntax rules of a programming language is applied to the segment and a predetermined number of context lines of text before the segment and/or after the segment, to determine which of the syntax rules of the programming language are matched in the segment. A determination of whether the text message includes source code is provided based on the syntax rules that were matched. | 02-16-2012 |
| 20120042362 | System and Method for Performing Access Control - Rather than defining roles in terms of those resources and/or actions pertaining to the resources that are permitted to subjects having that role, it has been found that by instead defining a role by negative permissions, i.e. those resources and/or actions related thereto that are not permitted to subjects in that role, the evolution of a system is more convenient to manage. In this way, the system is only required to track and update the denied resources for particular roles. It has also been recognized that by defining a role in terms of negative permissions, i.e. what subjects in that role cannot do, malicious users can be thwarted from creating false user accounts since selecting functions associated with the resources takes permissions away rather than adds them. | 02-16-2012 |
| 20120047560 | Social Age Verification Engine - A social networking system obtains parental authorization from a parent for a child to access a computing resource, where the parent and the child are users of the social networking system. The child user may request the authorization by identifying a purported parent user. The social networking system attempts to verify the validity of the purported parent user's account, the age of the user associated with the purported parent's account, and/or the existence of a parent-child relationship between users of the accounts associated with the purported parent and the child. The social networking system makes these determinations, at least in part, using social and transactional information associated with the purported parent user's account and the child user's account in the social networking system. Upon verification of these items, the social networking system may allow the purported parent to provide authorization responsive to the child's request to access the computing resource. | 02-23-2012 |
| 20120047561 | SECURING RESOURCE STORES WITH CLAIMS-BASED SECURITY - Methods, systems, and computer program products are provided for securing resource stores with claims-based security. From policy information, a resource store populates a security table of permissions. The permissions authorize resource access based on received claims. Sessions submit claims to the resource store. The resource store accumulates claims for a session into a claims list. From the claims list and the security table, the resource store filters out a subset of metadata including resource IDs for resources the session is authorized to access. Since the metadata corresponds to the session, any application using the session is given similar access to resources at the resource store. | 02-23-2012 |
| 20120047562 | SOFTWARE APPLICATIONS DISTRIBUTION METHOD AND APPARATUS - The present invention provides for a method and apparatus for distributing digital information, such as software applications, to application users. By providing the digital information on unused memory space of a computer system, and providing a process for authorizing access to the information, the information can be efficiently and cost effectively transferred to users. Traditional inventory and distribution channel difficulties are avoided. | 02-23-2012 |
| 20120060206 | ROLED-BASED ACCESS CONTROL METHOD APPLICABLE TO iSCSI STORAGE SUBSYSTEM - A role-based access control method for a storage subsystem. The storage subsystem includes at least a first iSCSI target node and at least a first virtual storage device attached to the first iSCSI target node. The method includes: assigning a first role so that the first role has an authority to access the first iSCSI target node; assigning a first subject having the first role; and in login, authenticating a name and a password of the first subject to verify that whether the first subject is allowed to access the first iSCSI target node. | 03-08-2012 |
| 20120060207 | ROLE-BASED ATTRIBUTE BASED ACCESS CONTROL (RABAC) - Systems and methods are disclosed for receiving an access request from a user device, the access request including an identity claim for a user; evaluating a risk of access based on matching an attribute of the user device with attributes stored in a user information database; authenticating the access request based on the identity claim and the risk evaluation to determine an authentication confidence level; generating a token based on the confidence level and the attribute matched; producing an authorization response based on inputs from the token, a risk based access control, a role based access control, and an attribute based access control, in which the authorization response determines whether to allow access to a system, deny access to the system, or request additional input from the user device. | 03-08-2012 |
| 20120066744 | USER AUTHENTICATION AND ACCESS CONTROL SYSTEM AND METHOD - A system and method for permitting user access to a computer controlled device. A display device displays a group of items to the user. Some of the items are known to the user and some are unknown to the user. An input device receives user input from the user. The user input indicates the presence or absence of the known items within the group of items without specifically identifying which items are known and which items are unknown. A computer is programmed to automatically compare the user input to a predetermined answer. If the user input is correct an access device allows access. In one preferred embodiment the user input includes a count of the number of known items within the group of items. In another preferred embodiment the group of items includes subgroups. The user input includes an identification of which subgroup has the largest number of known items. In another preferred embodiment the group of items is displayed in a grid. The known items are displayed in a pattern within the grid. Multiple comparison patterns are displayed along with the grid. The user input includes an identification of which comparison pattern matches the pattern of the known items within the grid. | 03-15-2012 |
| 20120066745 | Association of Multiple Public User Identifiers to Disparate Applications in an End-User's Device - Devices and methods are disclosed which relate to managing multiple public user identifiers (PUIDs) in a database by setting customizable access rules and requiring authorization from applications for access. These PUIDs can be virtually any electronic identifier such as a telephone number, email address, FACEBOOK name, etc. The PUID database is on the memory of a mobile communication device. Applications on the mobile communication device or on the network request access to the PUID database. Access logic on the mobile communication device checks another database of PUID Access Policies and Preferences (PAPP) for authorization. The PAPP database may allow the application immediate access, deny access, or query the user for allowance. The PUID database and PAPP database are on a server on a network. | 03-15-2012 |
| 20120066746 | Secure device feature unlock mechanism third party development - An apparatus and method for managing device features though a network connection for receiving a request to download a development application from an application developer via a computing device, verifying the status of said application developer before the development application is sent to the computing device, verifying the status of said computing device on which the application is to be run before the development application is sent to the computing device, and for facilitating access to retrieve said development application in order to allow the application developer access to the unlocked features stored on the computing device. | 03-15-2012 |
| 20120066747 | SYSTEM AND METHOD FOR PROVISIONING A WIRELESS DEVICE TO ONLY BE ABLE TO ACCESS NETWORK SERVICES WITHIN A SPECIFIC LOCATION - A system and method for provisioning wireless devices such that they are only capable of accessing network services when in a specified location. A device surveys the current location of the device for existing base stations and stores a corresponding network environment profile. After the profile is stored, network services will only be provided to the device if the current network profile matches the stored profile. | 03-15-2012 |
| 20120072971 | DATA SHARING SYSTEM, SHARED DATA MANAGEMENT APARATUS, AND CONTROL METHOD OF SHARED DATA MANAGEMENT APPARATUS - The traffic amount of the radio communication is reduced and the load applied to the management side of the system is reduced, thereby making the data shared with only prescribed users in an efficient manner. There is provided a shared data management apparatus, for managing sharing of data stored in a plurality of data storage units, is provided with: a profile group management unit | 03-22-2012 |
| 20120079566 | SECURE OUT-OF-BAND MANAGEMENT OF COMPUTING DEVICES OVER A COMMUNICATIONS NETWORK - A method on a computer system for facilitating management of virtual machines in a private data center over a communications network can be provided. The method can include receiving, by a first computer in the private data center, a request via the communications network from a user for access to a subset of a plurality of virtual machines in the private data center. The method can further include executing a first authentication process by proxy between the user and the first computer and executing a second authentication process by proxy between the user and a second computer at the private data center. The method can further include establishing a secure, out-of-band connection between the user and the subset of the plurality of virtual machines in the private data network and restricting access of the user to the subset of the plurality of virtual machines according to permissions associated with the user. | 03-29-2012 |
| 20120079567 | WIRELESS MANAGER AND METHOD FOR CONFIGURING AND SECURING WIRELESS ACCESS TO A NETWORK - The disclosure provides a wireless manager operable to receive a request from a mobile device to wirelessly communicate with a network, wherein the request may include information to dynamically identify a location associated with the mobile device. The wireless manager may be further operable to automatically associate the mobile device with an access zone comprising one or more physical or logical characteristics, compare the location associated with the mobile device to the access zone, and authorize the mobile device to wirelessly communicate with the network if the location associated with the mobile device indicates that the mobile device does not violate the access zone. | 03-29-2012 |
| 20120079568 | CONFIGURABLE WEBSITE AND SYSTEM WITH ACCESS CONTROL AND SOCIAL NETWORK FEATURES - A web-based system allows for publishing a website with features and access configured on a user-by-user basis by the website owner to present personal data as well as social network feeds in a single interface. The website owner can update and manage his/her social media from the same page, as well as organize private data if desired. The system includes a messaging function, in accordance with which users can drop a message into the message service of a site owner, and it gets delivered to the site owner in exactly the manner specified by the site owner. | 03-29-2012 |
| 20120084837 | Method and apparatus to implement secured, event-based layered logout from a computer system - A secure, layered logout of a user session is implemented in a web-based management tool, such as a middleware appliance. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions associated therewith and that are enforced upon occurrence of an event. A succeeding security level in the set of security levels is reached upon occurrence of an event associated with that level, in which case the set of permissions associated with the security level are then enforced against at least one managed object while the user session continues. As each next security level is reached, the set of permissions associated with the security level are then enforced (with respect to the managed object or against one or more other managed objects), once again while the user session continues. Each of the objects preferably is managed independently of at least one other object; thus, the layered logout may enforce different permissions with respect to different managed objects while at the time maintaining the user session. If the user takes no action, and as a result of the occurrence of the events, eventually a final security level of the set of security levels will occur, at which point the user session is finally terminated. | 04-05-2012 |
| 20120084838 | METHODS AND SYSTEMS FOR MANAGING CONCURRENT UNSECURED AND CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - An endpoint, method, and authorization server are disclosed which can be used to allow concurrent secure and clear text communication. An endpoint includes a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication interface configured to send and receive data packets via a data communications network. The endpoint also includes a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access list defining a group of access permissions for a community of interest. The community of interest includes one or more users, and an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest. The endpoint also includes a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send and receive data packets via the data communications network. The driver is also configured to selectively split and encrypt data into a plurality of data packets to be transmitted via the data communications network based at least in part upon the contents of the one or more access lists. | 04-05-2012 |
| 20120084839 | SURVEILLANCE NETWORK SYSTEM - Embodiments of a sensor network system provide surveillance capabilities in multiple contexts/environments (e.g., military, commercial, scientific, civic, urban, wilderness, etc.). Network nodes may include devices such as sensors, network routers, network controllers, etc. Network sensors may be configured so that power management objectives are maximized. Network sensors (both individually and as a group) may be capable of intelligent and cooperative information gathering, so that the output of the sensor network does not contain high levels of irrelevant information. The network nodes may communicate among one another via one or more communication links, and in some cases, multiple routes between any two network nodes may be available. The sensor network may include aspects of both high data rate and low data rate network features. One or more network controllers may provide various network management capabilities, including management of network routing, information collection, information exportation, network configuration, etc. | 04-05-2012 |
| 20120084840 | TERMINAL CONNECTION STATUS MANAGEMENT WITH NETWORK AUTHENTICATION - A network relay device includes a communication unit, an authentication processing unit, a DHCP snooping processing unit, and a terminal search processing unit. The authentication processing unit creates first information specifying an authenticated terminal device according to web authentication, and manages whether relay of communication data between a terminal device and a node on the specified network is permissible based on the first information. The DHCP snooping processing unit executes snooping of DHCP communication data between a terminal device and a DHCP server, and creates second information specifying a layer 3 address allocated to each terminal device. The terminal search processing unit specifies an authenticated terminal device based on the first information, specifies a layer 3 address allocated to the specified authenticated terminal device based on the second information, and causes the communication unit to send, to the specified layer 3 address, confirmation communication data. | 04-05-2012 |
| 20120084841 | WEB-BASED SYSTEM FOR PUBLISHING OWNER CONFIGURABLE WEB SITES - A web-based system allows for publishing a website with features and access configured on a user-by-user basis by the website owner to present personal data as well as social network feeds in a single interface. The website owner can update and manage his/her social media from the same page, as well as organize private data if desired. The system includes a messaging function, in accordance with which users can drop a message into the message service of a site owner, and it gets delivered to the site owner in exactly the manner specified by the site owner. | 04-05-2012 |
| 20120084842 | CONFIGURABLE ELECTRONIC MESSAGING SYSTEM THAT MAINTAINS RECIPIENT PRIVACY - A messaging service allows message senders to reach a web site owner in the way the owner wants. Users authorized by the owner drop a message into the message service of a site owner, and it gets delivered to the site owner in exactly the manner specified by the site owner. The site owner can organize incoming messages by time, calendar, user, viewing method, etc. The site owner can receive messages in the way she wants, but all her friends need to know is one address, the owner's site address. | 04-05-2012 |
| 20120090017 | Secure Push and Status Communication between Client and Server - Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway. | 04-12-2012 |
| 20120090018 | DIGITAL RIGHTS MANAGEMENT OF CONTENT WHEN CONTENT IS A FUTURE LIVE EVENT - A method and system for managing use of items having usage rights associated therewith including a point of capture system adapted to generate content of a future event when the event occurs, a content distributor adapted to generate a rights label having usage rights associated with content of the future event before the content is created, the rights label having a distribution key for encrypting the content as the content is generated, the distribution key being encrypted with a public key. The system also includes a license server adapted to generate a license associate with the content from the rights label before the content is generated, the license including the distribution key encrypted with the public key, and a content distributor adapted to distribute the license before the content is generated. | 04-12-2012 |
| 20120090019 | Digital-Rights Management - A method and apparatus for digital-rights management is provided herein. Various forms of authorization are allowed, with each form of authorization being dependent upon an action taken on the digital content. In particular, when server-based authorization is unavailable, less-risky operations are allowed by performing an internal authorization scheme. Thus, higher security offered by a server-based DRM is required for risky actions, yet non-risky actions on the digital content may still be taken when the server is unavailable. | 04-12-2012 |
| 20120096520 | Key Cashing, QoS and Multicast Extensions to Media-Independent Pre-Authentication - This present application relates to, among other things, Key Caching, QoS and Multicast extensions and improvements to the Media-independent Pre-Authentication (MPA) framework, a new handover optimization mechanism that has a potential to address issues on existing mobility management protocols and mobility optimization mechanisms. MPA is a mobile assisted, secure handover optimization scheme that works over any link-layer and with any mobility management protocol. | 04-19-2012 |
| 20120096521 | METHODS AND SYSTEMS FOR PROVISIONING ACCESS TO CUSTOMER ORGANIZATION DATA IN A MULTI-TENANT SYSTEM - Embodiments are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system. | 04-19-2012 |
| 20120096522 | METHOD FOR ASSEMBLING AUTHORIZATION CERTIFICATE CHAINS FOR SIGNED XML - A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access. | 04-19-2012 |
| 20120102547 | METHOD AND SYSTEM TO DIGITALLY SIGN AND DELIVER CONTENT IN A GEOGRAPHICALLY CONTROLLED MANNER VIA A NETWORK - A method and system to digitally sign a content license associated with content, and to distribute content via a network in a geographically controlled manner, commences when a content requestor requests delivery of the encrypted content. A content delivery system performs a content to determine a geographic location associated with the content requestor. The content requestor authorization process may also determine geographic access criteria associated with the content, and whether the geographic location complies with the geographic access criteria. The content delivery system will release the content for delivery to the content requestor if the content location complies with the geographic access criteria. | 04-26-2012 |
| 20120102548 | AUTHORITY DELEGATING SYSTEM, AUTHORITY DELEGATING METHOD, AUTHENTICATION APPARATUS, INFORMATION PROCESSING APPARATUS, CONTROL METHOD, AND COMPUTER-READABLE MEDIUM - An authentication apparatus receives an authority delegating request from an apparatus, acquires information of authorities possessed by the user from a storage unit, presents information of the acquired authorities to the user, and receives an instruction indicating which of the authorities possessed by the user is delegated to the apparatus. A storage unit stores, when the instruction to delegate the authority to the apparatus is received, an identifier required to uniquely identify the instruction and the authority instructed by the user to delegate, in association with each other. Authentication information indicating delegation of the authority is transmitted to the apparatus based on the instruction from the user. | 04-26-2012 |
| 20120102549 | MEDIATING RESOURCE ACCESS BASED ON A PHYSICAL LOCATION OF A MOBILE DEVICE - One or more techniques are provided for causing a location of a screen image associated with a resource to be adjusted on a display device. The adjustment may be based at least in part on determining that a control element receives focus. The resource may be associated with an application, such as an email application that may be hosted remotely from a client device. Access to one or more resources may be controlled or mediated. Access rights may be based at least in part on a determination of a geographic location of a client device. When the client device is located in a safe area, the client device may be provided access to the resource. When the client device is not located in a safe area, the client device might not be provided access to the resource or might not be provided full access to the resource. | 04-26-2012 |
| 20120102550 | Wireless Device Network Association - A method for associating handheld calculators with a network host system of a classroom network that includes receiving a service set identifier (SSID) of the classroom network by a handheld calculator, wherein the SSID includes a network mode indicator, and operating the handheld calculator according to the network mode indicator. The method may also include operating the handheld calculator in a configuration mode in which the handheld calculator sends a request for association to the network host system, wherein the request includes a unique identifier of the first handheld calculator, and acceptance of the request by the network host system, wherein authentication information for the handheld calculator is stored by the network host system to indicate that the first handheld calculator is associated with the classroom network. | 04-26-2012 |
| 20120102551 | System for Two Way Authentication - A system and method for online authentication having at least two levels of authentication has been disclosed. The two levels of authentication provide total security of privileged information by requiring users to authenticate themselves in two stages/levels. The first level of authentication involves simple alphanumeric password verification, which if successful, is followed by a second level of graphical password verification. The graphical password verification is based on the novel concept of challenging users with a dotted grid to enable users to create a non-definable vector pattern of definitive lines by sequentially joining pre-determined dots in the grid. | 04-26-2012 |
| 20120110641 | TRAFFIC STEERING SYSTEM - A method including receiving a session request to establish a network connection with a network; sending a session response to establish the network connection with the network; obtaining, by a traffic steering system, user profile information associated with a user sending the session request; and routing the network connection to a requested user destination via the traffic steering system based on the user profile information, wherein the user profile information includes user-specific preferences. | 05-03-2012 |
| 20120110642 | METHOD AND APPARATUS FOR GRANTING RIGHTS FOR CONTENT ON A NETWORK SERVICE - Techniques for granting rights for content on a social network to multiple users include determining first data. It is also determined to associate a first user identifier and at least a second user identifier with the first data. It is further determined to grant a right for the first data to a first user identified by the first user identifier and at least a second user identified by the second user identifier. | 05-03-2012 |
| 20120110643 | SYSTEM AND METHOD FOR TRANSPARENTLY PROVIDING ACCESS TO SECURE NETWORKS - Network access for a secure network is transparently provided to a wireless device using a social networking type of framework. An operator of a secure wireless network may register the network and access credentials for the network with a network access management system. The operator also may configure network access settings, such as designating a sharing level, that permits wireless devices meeting access criteria for the sharing level to use the network. Electronic devices belonging to social media contacts, such as family members and friends, may be associated with the registered network. When the associated devices or other qualifying devices are within communication range of the network, a client function in the device may coordinate with the network access management system to provide network access to the devices. The coordination may take place through a network different than the secure network, such as a cellular network to which the electronic device has subscription access. The network access may be established in a manner that is transparent to the user of the electronic device. | 05-03-2012 |
| 20120110644 | GLOBALLY VALID MEASURED OPERATING SYSTEM LAUNCH WITH HIBERNATION SUPPORT - An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations. | 05-03-2012 |
| 20120110645 | Server System and Method for Providing at Least One Service - The invention relates to a server system for providing at least one service. Said system having an interface for connecting a server to a user's computer, authentication means that are designed and provided for request personal identification data of a user who logs onto the server via the user computer and to permit the user computer access if authentication is successful, and a server protection system. The server protection system is designed and provides to compare additional user's computer specific identification data with identification data stored in advance on the server, after successful authentication by the authentication means, and to grant authorization to the user's computer to access the service or services depending on the comparison of the user's computer specific identification data. The invention also relates to a method for providing at least one service and the method for executing an application program. | 05-03-2012 |
| 20120110646 | ACCESS AUTHORIZING APPARATUS - An access authorizing apparatus includes a receiving unit, a first transmitting/receiving unit, a token issuer and a transmitting unit. A receiving unit receives first approval information indicating that access to the resource in the device has been approved by an access approver, from the first application via the network. A first transmitting/receiving unit transmits an access approval request including the first approval information to the access approving apparatus, and receives access enable/disable information indicating whether the access to the resource by the first application is permitted, from the access approving apparatus. A token issuer, when the access enable/disable information indicates that the access to the resource is permitted, issues token information that gives authority to access the resource to the first application. A transmitting unit transmits the token information issued by the token issuer, to the first application. | 05-03-2012 |
| 20120110647 | MANAGING UNIQUELY TAGGED ITEMS USING THE INTERNET - The invention teaches managing an item in the Internet of Things, wherein the system comprises: an item registration module, configured to receive at least one registration information of the item, wherein the registration information of the item includes the item's unique number marked by an information sensing device and a tag of an external data source where related information of the item is located, the at least one registration information is from at least one external data source, the unique number is the same in the at least one registration information; a storage module, configured to store the item's registration information; and a query processing module, configured to receive a query to the related information of the item, and obtain the related information of the item from the external data source which corresponds to the external data source tag included in the stored registration information of the item. | 05-03-2012 |
| 20120110648 | USER AUTHENTICATION SYSTEM AND PLANT CONTROL SYSTEM HAVING USER AUTHENTICATION SYSTEM - A plant control system may include a manipulation monitoring terminal that includes a local user authentication unit configured to authenticate a user who logs in the manipulation monitoring terminal and a domain controller that includes a domain user authentication unit and communicates with the manipulation monitoring terminal. The manipulation monitoring terminal may include a user authentication alarm unit configured to generate a security alarm when the local user authentication unit performs user authentication on the user in a state in which the domain controller is in normal operation. | 05-03-2012 |
| 20120110649 | METHODS FOR INTERNET SECURITY VIA MULTIPLE USER AUTHORIZATION IN VIRTUAL SOFTWARE - A method for providing internet security via multiple user authorization in virtual software. Each of two users are provided with a non-transitory tangible storage medium. The first user inputs the storage medium into a local computer. If the first user is granted authorization by a second user, the first user can download at least one additional non-browser based application module into virtual memory of his local computer. | 05-03-2012 |
| 20120110650 | Organizing Permission Associated with a Cloud Customer in a Virtual Computing Infrastructure - Organizing permissions to authorize a subject to perform an action on an object in a cloud computing environment is described. A plurality of permissions associated with a cloud customer is created. A first set of permissions from the plurality of permissions is associated with one or more objects. Each of the first set of permissions describes an action performed on an object. A second set of permissions from the plurality of permissions is associated with one or more users. Each of the second set of permissions describes an action to be performed by one or more users. | 05-03-2012 |
| 20120110651 | Granting Access to a Cloud Computing Environment Using Names in a Virtual Computing Infrastructure - Access to resources in a cloud computing environment having a plurality of computing nodes is described. A group of users is defined within the cloud computing environment. A first name is assigned to the group. At least one subgroup of users is defined from within the group. A second name is assigned to the at least one subgroup. The second name follows a hierarchical naming structure of the form/group/subgroup. | 05-03-2012 |
| 20120117625 | SECURITY SYSTEM FOR COMPUTING RESOURCES PRE-RELEASES - Technology is provided for provisioning a user computer system with membership in a privilege set in order to execute a pre-release resource. Some examples of pre-release resources are alpha and beta versions of firmware or software which can be downloaded to user computer systems. The pre-release resources are associated with different privilege sets based on their security risk levels. In one example, a security risk level may represent a number of user computer systems at risk of an integrity failure of the pre-release resource. In other examples, the security risk may represent an operational layer of the user computer system affected by the resource or a level of security testing certification success for the pre-release resource. A privilege set identifier indicates membership in one or more privilege sets. | 05-10-2012 |
| 20120117626 | Business pre-permissioning in delegated third party authorization - A method to manage access to end user-protected resources hosted in a shared pool of configurable computing resources, such as a cloud computing environment, begins by registering a particular application or service into the environment. The application or service is one that is being permitted to access resources on behalf of end users via a delegated authorization protocol, such as OAuth. For at least one end user associated with the organization, a permission is set, preferably by an organization entity, such as an organization administrator. The permission determines whether the application or service is permitted to access one or more resources associated with the end user. Then, in response to a request by the third party application to access a resource, where the request is received via the delegated authorization protocol, the permission is then used to determine whether the third party application is permitted to access the resource. | 05-10-2012 |
| 20120117627 | Authority Control Systems and Methods - Authority control systems and methods are provided. The system at least includes a first electronic device and a second electronic device. The second electronic device is coupled to the first electronic device. The second electronic device receives an authority setting for the first electronic device, and transmits the authority setting to the first electronic device. The first electronic device determines an access control operation regarding the first electronic device towards the second electronic device according to the authority setting. | 05-10-2012 |
| 20120117628 | Global Account Lockout (GAL) and Expiration Using an Ordered Message Service (OMS) - A method, apparatus and computer program product for providing Global Account Lockout (GAL) using an Ordered Messaging Service (OMS) is presented. A database operation is received from a client, and a determination made regarding whether the operation contains an authentication mechanism. When the operation does not contain an authentication mechanism, then the operation is returned from. When the operation does contain an authentication mechanism, then the following steps are performed: locating the entry and checking its authentication mechanism, determining whether the authentication mechanism in the operation is good, sending a bind message to a GAL manager, checking and updating GAL state, committing updates to GAL state, and returning operation to the client. | 05-10-2012 |
| 20120117629 | RELAY APPARATUS, COMMUNICATION APPARATUS AND RELAY METHOD - A relay apparatus connected to a communication apparatus, a service providing apparatus and a browser-equipped apparatus, includes: a registering unit registering provisional registration information, the provisional registration information being used in an authentication procedure performed between the service providing apparatus and the browser-equipped apparatus; an acquiring unit acquiring permission information representing that use of the service is permitted, the permission information being issued by the service providing apparatus in the authentication procedure; a communication unit transmitting the provisional registration information to the browser-equipped apparatus; a receiving unit receiving input information transmitted from the communication apparatus, the input information being generated in response to the provisional registration information; and a communication unit transmitting the permission information to the communication apparatus which has transmitted the input information if the receiving unit receives the input information. | 05-10-2012 |
| 20120124647 | METHOD AND APPARATUS FOR SMALL FOOTPRINT CLIENTS FOR OPERATOR-SPECIFIC SERVICE INTERFACES - Techniques for small footprint operator-specific network services include determining to obtain and/or process operator data that indicates an operator of a service associated with user equipment. The techniques also include determining to obtain and/or process user data that identifies a user of the user equipment for a gateway provider different from the operator and different from the user. The techniques further include determining to send, to the gateway provider through the communications network, a first message that indicates the operator data and the user data for obtaining a service with an operator-specific interface. In some embodiments, the first message is sent after a random delay to decentralize traffic at the gateway. In some embodiments, the first message is sent when a predetermined fraction of battery life at the user equipment is sufficient to send the first message. | 05-17-2012 |
| 20120124648 | DUAL SCREEN PC - Systems for, and methods of, enabling selective control of resource of an electronic device having a display by a controlling electronic device having a display are disclosed. Selective control of the electronic device is implemented by the electronic device via a set of control permissions for a detected controlling device, based upon an identifier of the controlling device. A controlling device can be any electronic device having a processor, a memory, a display and a communication module. Enabling selective control of the display of an electronic device having a display, by a personal computer, enables the personal computer to operate as a dual screen personal computer. | 05-17-2012 |
| 20120124649 | Attachment method and system for Id-Loc-Split in an NGN - This disclosure provides an attachment method and system for ID-Loc-Split in an NGN, to implement an attachment process for an IPSPLIT-based ID-Loc-Split in an NGN, which can be combined well with various existing functional entities in the NGN, wherein a user identification is represented by a Host ID, and during the attachment process, a user is located through the Host ID, and during an authentication process, a key authentication method is provided to the Host ID; when location of the user changes due to its mobility or multihoming, the Host ID does not change; the application and connection of the transport layer is bound to the user identification, such that the application and connection will not be interrupted, and an ongoing communication session and service will not be interrupted, which guarantees the security of attachment and seamless handover when the location of a host changes due to its mobility or multihoming. | 05-17-2012 |
| 20120124650 | Reactive Authorization for Publications - Systems and methods for reactively authorizing publication of information by a third party are coordinated through the use of a presence server. The presence server communicates with other communication nodes/devices to determine and relay publication information. Publication requests that are initially unauthorized, from the perspective of the presence server, are resolved. | 05-17-2012 |
| 20120124651 | SECURE AND EFFICIENT AUTHENTICATION USING PLUG-IN HARDWARE COMPATIBLE WITH DESKTOPS, LAPTOPS AND/OR SMART MOBILE COMMUNICATION DEVICES SUCH AS IPHONES - A portable apparatus is removably and communicatively connectable to a network device to communicate authentication or authorization credentials of a user in connection with the user logging into or entering into a transaction with a network site. The apparatus includes a communications port to connect and disconnect the apparatus to and from the network device and to establish a communication link with the network device when connected thereto. A processor receives a secure message from the network security server via the port. The message has a PIN for authenticating the user to the network site, and is readable only by the apparatus. The processor either transfers, via the port, the received PIN to an application associated with the network site that is executing on the network device or causes the apparatus to display the received PIN for manual transfer to the application associated with the network site. | 05-17-2012 |
| 20120131645 | User Scriptable Server Initiated User Interface Creation - A computer-implemented method of providing user interfaces in association with network hosted computer scripts is disclosed. A group of selectable user interface elements is provided to a macro author. The elements include behavior that, when controls generated by the elements are selected by a computing device user, cause a web-connected server separate from the computing device to perform one or more operations. A selection by the macro author of a user interface element and an identification of one or more parameters for the element is received. Macro code to generate controls associated with the author-selected elements to be associated with a first macro is executed, the first macro stored to be called from and execute on computing devices different from the device used by the macro author. The macro code is stored and the generated macro code is provided for access by users of a hosted computer system. | 05-24-2012 |
| 20120131646 | ROLE-BASED ACCESS CONTROL LIMITED BY APPLICATION AND HOSTNAME - In a Role Based Access Control (RBAC) system, an additional layer of access control is provided on a per-client basis on a centralized directory or database server. Access to privileged commands that are otherwise accessible by a user under a given role may be restricted by the additional layer of access control, depending on the client under which access is attempted. Thus, a user otherwise authorized to access a privileged command under an assigned role using one client may be restricted from accessing that command from a particular client system, even if another user having the same role is allowed to access that command using another client. | 05-24-2012 |
| 20120131647 | System and Methods for Facilitating Secure Communications on a Website - A system and methods for facilitating secure communications on a website are presented. The system comprising a security server configured to receive a secure message from a creator device is disclosed. The security server encodes the received message and sends the encoded message or a representation of the encoded message for posting on the website so that one or more users of the website have the ability to request that the security server make the message available after the encoded message has been decoded. | 05-24-2012 |
| 20120131648 | INFORMATION MANAGEMENT APPARATUS, INFORMATION MANAGEMENT METHOD, AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM - An information management apparatus includes a first control information setting unit that sets first control information for permitting use of information within a destination terminal to the information; a second control information setting unit that sets second control information for permitting the destination terminal to forward the information to the information; a displaying permitting unit that controls, when information set with the first control information is received from a source terminal, to permit the information to be used locally within an apparatus; and a forwarding permitting unit that controls, when information set with the second control information is received from a source terminal, to permit the information to be forwarded. | 05-24-2012 |
| 20120131649 | APPARATUS REGISTRATION METHOD AND SERVER DEVICE - In a method of registering an access permission from a first device to a second device to the second device over a network, when receiving via the network a connection request from the first device of which access permission is not registered, the second device rejects connection from the first device, and shifts to the first mode. In the first mode, the second device detects user's operation on the second device, and judges whether the detected user's operation is an operation regarding viewing of a reproduction signal from the second device. If the user's operation is not the operation regarding viewing, the second device shifts to the second mode for registering an access permission. If the user's operation is the operation regarding viewing, the second device does not shift to the second mode. | 05-24-2012 |
| 20120137346 | SYSTEM AND METHOD FOR CONTROLLING ACCESS BETWEEN BLUETOOTH DEVICES - A method and system is provided for using an access list stored on a memory of a first computing device, the access list for controlling communication between the first computing device and a plurality of computing devices in a Bluetooth communication network. The method comprises: initiating a restricted mode of operation on the first computing device, the restricted mode of operation configured to secure the access list to prevent subsequent unauthorized modification thereon, the access list including at least one entry representing at least one selected computing device of the plurality of computing devices being permitted to access the first computing device, the at least one entry comprising at least one identifier to identify the at least one selected computing device; in response to a connection request between the first computing device and a particular computing device of the plurality of computing devices, determining whether the particular computing device is on the access list; and preventing connection between the first computing device to the particular computing device in response to determining that the particular computing device is not on the access list. | 05-31-2012 |
| 20120137347 | Method of and System for Implementing Privacy Control - A method and a system for implementing privacy control in a communication network are provided. The method comprises the steps of generating a first Request Verification Code (RVC) for each user request in a privacy server by means of parameter hashing or non-Parameter-hashing and forwarding the user request together with the first RVC to the SP; and verifying a second RVC and user privacy setting (s) in a privacy server, wherein the second RVC is received together with a further request from the SP. The system comprises an untrustworthy subsystem comprising at least one Service Provider (SP) for providing application service and a trustworthy subsystem comprising at least one mobile operator module for providing communication service, wherein the mobile operator module further comprises at least one mobile core network for providing user privacy control by means of Request Verification Code (RVC). According to the method and system of the invention, security and privacy control in a communications network has been greatly improved. | 05-31-2012 |
| 20120137348 | SYSTEM AND METHOD FOR ENCODING AND DECODING DATA AND REFERENCES TO DATA IN MACHINE-READABLE GRAPHICAL CODES - A system for decoding machine-readable graphical codes is provided. The system includes a graphical code reading device configured to read a graphical code and generate reference encoded source data. The reference encoded source data includes a first reference identifier and a second portion. The system also includes a computing device in electronic communication with the graphical code reading device. The computing device also includes a reference decoder configured to effect conversion of the reference encoded source data into source data. The source data includes first affiliated data in place of the first reference identifier. The first affiliated data may be longer in length than the first reference identifier. The source data also includes the second portion. The computing device also includes a software application configured to use the source data. | 05-31-2012 |
| 20120137349 | SAFE APPLICATION DISTRIBUTION AND EXECUTION IN A WIRELESS ENVIRONMENT - The present invention provides safe and secure application distribution and execution by providing systems and methods that test an application to ensure that it satisfies predetermined criteria associated with the environment in which it will execute. Furthermore, by using rules and permission lists, application removal, and a modification detection technique, such as digital signatures, the present invention provides mechanisms to safely distribute and execute tested, or untested, applications by determining whether the application has been modified, determining if it has permission to execute in a given wireless device environment, and removing the application should it be desirable to do so. | 05-31-2012 |
| 20120144452 | MANAGED DISSEMINATION OF LOCATION DATA - A location provider manages dissemination of location data of a user to one or more third-party services, so that the user can take advantage of services offered by the third parties, without the associated burden of continuously granting or denying requests by the third party services to obtain location data of the user. A third-party service can obtain location information of a user from the location provider. Users may control circumstances in which the location provider is to share location data of the user with the one or more third-party services. | 06-07-2012 |
| 20120144453 | Identity based auditing in a multi-product environment - An identity of a user performing an operation with respect to an application is propagated, from a point at which the user authenticates, to one or more other applications in a multi-product environment. The application may be a management console associated with an information cluster. In an embodiment, an administrator logs on to a management console (using an identity) and invokes a management operation. The management console then performs a programmatic remote access login (e.g., using SSH/RXA) to one or more nodes using a system account, invokes an application, and passes in the identity. As the application performs one or more management operations, audit events are logged, and these events each contain the identity that has been passed in by the management console during the SSH/RXA login. The technique thus provides a method for identity-based auditing in an environment having a plurality of applications, where each application typically has a respective authentication process or mechanism and distinct identity registries. | 06-07-2012 |
| 20120144454 | APPARATUS FOR MANAGING AUTHORIZATION IN SOFTWARE-AS-A-SERVICE PLATFORM AND METHOD FOR THE SAME - An authorization management apparatus and method in a software-as-a-service (SaaS) platform is disclosed. The present invention provides an automated authorization management apparatus and method which can efficiently reduce errors by applying a basic authority of a virtual tenant, which is predefined for an application to be provided to a tenant, as it is to the tenant requesting the use of the application. Moreover, the present invention provides an authorization management apparatus and method which can provide services customized to various tenants by defining a role appropriate for the condition of each tenant and allocating an application resource for each role. The authorization management apparatus includes a user application access control device, an access control device for a user's resource, a virtual tenant authority definition device, and a tenant authority definition device. | 06-07-2012 |
| 20120144455 | AUDIO BASED HUMAN-INTERACTION PROOF - A method and system for allowing access to computer functions such as websites that utilizes a user's ability to recognize sounds is described. The method presents a user a series of sounds. Some of the sounds presented in the series are labeled as validation sounds. The user is asked to provide an input every time he or she hears the validation sound. The user must identify the sound within a specified length of time. The system disclosed comprises a user interface, a sound database module, a generation module, and a sound database module. The generation module creates the validation test file and expected answer. The answer confirmation module checks the input from the requesting computer and provides access to the computer function if the computer input from the requesting computer meets the required parameters. | 06-07-2012 |
| 20120144456 | METHOD OF RECEIVING, STORING, AND PROVIDING DEVICE MANAGEMENT PARAMETERS AND FIRMWARE UPDATES TO APPLICATION PROGRAMS WITHIN A MOBILE DEVICE - The present invention is a method for the efficient persistent storage of Device Management (DM) information on a mobile device. More specifically, the present design provides methods for applications to access and update this information consistent with the Open Mobile Alliance (OMA) DM standard. | 06-07-2012 |
| 20120151560 | Portable Identity Rating - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores. | 06-14-2012 |
| 20120151561 | METHODS AND APPARATUS FOR COMMUNICATING WITH GROUPS OF DEVICES SHARING AN ATTRIBUTE - Methods and apparatus for IPv6 based multicast are disclosed. An example method includes broadcasting a multicast group address advertisement instructing a recipient device to join an Internet Protocol multicast group, the Internet Protocol multicast group being associated with a physical attribute of the recipient device; and broadcasting a multicast message to the multicast address instructing the members of the multicast group to perform an action. | 06-14-2012 |
| 20120151562 | METHOD, SYSTEM AND SERVER FOR AUTHORIZING COMPUTING DEVICES FOR RECEIPT OF VENUE-BASED DATA BASED ON THE GEOGRAPHIC LOCATION OF A USER - Methods, systems and servers are disclosed for authorizing access by a user of a service associated with an event at a venue and provided via a computer network based on a determined geographic location of the user. The location of the user can be determined, via a server, based on location information obtained from the held device utilized by the user. The computing device can be authorized to receive the service (e.g., video, concession information, advertisements, statistical information, etc.) based on the location information obtained from the hand held device. | 06-14-2012 |
| 20120159577 | ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES - Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity. | 06-21-2012 |
| 20120159578 | METHODS AND APPARATUS TO CONTROL PRIVILEGES OF MOBILE DEVICE APPLICATIONS - Methods and apparatus to control privileges of mobile device applications are disclosed. A disclosed example method includes assigning a process identifier to an application on a mobile device, the process identifier generated by an operating system of the mobile device, determining via a digital certificate that the application is authorized to be executed on the mobile device and that the application is authorized to access a network interface of the mobile device, configuring a mandatory access control module of the mobile device to enforce access of the network interface by providing the process identifier to the mandatory access control module, and enabling the application to access the network interface. | 06-21-2012 |
| 20120159579 | SYSTEM, METHOD AND DATABASE FOR MANAGING PERMISSIONS TO USE PHYSICAL DEVICES AND LOGICAL ASSETS - A system and method for storing user permissions for multiple disparate physical devices and systems in a unified permissions database connected to a network in common with the devices. The permissions database also stores user permissions for logical assets on or attached to the network. | 06-21-2012 |
| 20120159580 | Method of Establishing Trusted Contacts With Access Rights In a Secure Communication System - A method of establishing trusted contacts with access rights in a secure communication system. The method includes establishing the trustworthiness of an untrusted call received from another end point in a secure communication system and storing information corresponding to the end point as a trusted contact entry in a database if the trustworthiness of the end point is established. Access rights of the trusted contact are determined and stored in the database and any time restrictions are determined and stored in the database. | 06-21-2012 |
| 20120159581 | DISTRIBUTED MESH NETWORK - A device, method, and system are disclosed. In one embodiment a computing device resides in a mesh network. The device includes a first storage device that operates when the computing device is awake. The first storage device stores a last known list of peer computing devices in the mesh network. The device also includes a second storage device that operates regardless of whether any central processing unit in the computing device is awake or asleep. The second storage device includes a local block that stores a list of resources provided by the first computing device and a list of computing devices in the mesh network verified by the first computing device. The second storage device also includes a remote block that stores an unverified remote list of computing devices in the mesh network. | 06-21-2012 |
| 20120167178 | Metadata Container-Based User Interface Flexibility - All metadata relevant to user interface functionality needed to provide a specific unit of business functionality can be stored in one of a plurality of autonomous metadata containers retained on at least one data storage device. After a subset of available business functionality to be provided to a user is determined, a set of the plurality of autonomous metadata containers required to provide the subset of available business functions can be identified. A user interface view can be generated to present a view associated with each of the set of the plurality of autonomous metadata containers, and the generated user interface view can be provided for display to the user. Related systems, articles of manufacture, and computer-implemented methods are described. | 06-28-2012 |
| 20120167179 | FLEXIBLE MULTIMEDIA PRIORITY SERVICES - Presented is a system and methods for allowing a user, through their end user device, to invoke and access on-demand and always-on time interval based multimedia priority services (MPS). The time interval can be specified by the user directly for the user's session or provided by a managing authority for a plurality of user sessions. The time interval can be specified as a period from user invocation forward or as a start time/date pair to an end time/date pair. | 06-28-2012 |
| 20120167180 | CLOUD SERVER AND ACCESS MANAGEMENT METHOD - A cloud server stores information, such as a location data range, IP addresses, account names, and passwords of authorized clients. When receiving an access request from a client, the cloud server determines if location data of the client falls within the location data range and an IP address, an account name, and a password of the client matches corresponding information of any authorized client. If the location data of the client falls within the location data range and an IP address, an account name, and a password of the client match information of any authorized client, the cloud server determines that the client is an authorized client and permits the client to access the cloud server. | 06-28-2012 |
| 20120167181 | IMAGE FORMING APPARATUS, IMAGE FORMING METHOD AND IMAGE FORMING SYSTEM - According to one embodiment, an image forming apparatus which is connected to a server via a communication line includes a control section which obtains a user ID and a password for user authentication, receives a restriction condition which regulates a character string for which use as the password is prohibited and a form thereof from the server, determines whether or not the password input meets the restriction condition, and displays a screen which prompts a change in the password when the restriction condition is not met. | 06-28-2012 |
| 20120167182 | DEVICE INDEPENDENT AUTHENTICATION SYSTEM AND METHOD - A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client's communication device is issued a security token using standard HTML-INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request. | 06-28-2012 |
| 20120174191 | METHOD FOR SECURE EXCHANGE OF CONTEXT DATA BETWEEN USERS AND DEVICES - A method for secure exchange of context data between users and devices is generally presented. In this regard, a method is introduced comprising receiving context data over a network link from a first device registered by a user, and selectively forwarding the context data without user input based on permissions previously established by the user. Other embodiments are also disclosed and claimed. | 07-05-2012 |
| 20120174192 | Displaying A Known Sender's Identifier To A Recipient Of A Joint Senders' Message - An approach is provided in which a request is received from a requestor to send a new email message to one or more recipients on behalf of a selected joint sender group (JSG). The selected JSG includes multiple JSG members with one of the JSG members being the requestor. Permissions corresponding to the JSG are then retrieved and compared to the requestor and the contents of the new email message are identified. The new email message is then sent to the recipients in response to determining, based on the comparison, that the requestor has permission to send the new email message on behalf of the selected JSG. On the other hand, the sending of the new email message is inhibited in response to determining that the requestor lacks permission to send the new email message on behalf of the selected JSG. | 07-05-2012 |
| 20120174193 | METHOD FOR READING ATTRIBUTES FROM AN ID TOKEN - The invention relates to a method for reading at least one attribute stored in an ID token ( | 07-05-2012 |
| 20120174194 | ROLE SETTING APPARATUS, AND ROLE SETTING METHOD - A role setting apparatus includes: an ACL classifying section configured to output an access rule category in which at least one permission and a plurality of user IDs are related to each other, wherein the permission is a combination of a resource ID used to identify a resource as an access object and an action defining permission or non-permission of an operation to the resource, and the plurality of user IDs identify a plurality of users that are access subjects; and an ID attribute storage section configured to store the plurality of user IDs and a plurality of attribute elements, which are related to each other; an role definition storage section configured to store the plurality of attribute elements and a plurality of role definition names, which are related to each other. A role mapping section is configured to acquire a common attribute. which is common to the plurality of user IDs, from the plurality of attribute elements stored in the ID attribute storage section based on the plurality of user IDs of the access rule category, acquire a first role definition name from the plurality of role definition names stored in the role definition storage section based on the common attribute, and relate the access rule category and the first role definition name. | 07-05-2012 |
| 20120180111 | CONTENT OBJECT ENCAPSULATING CONTENT ITEMS FOR ACCESSING CONTENT AND ACCESS AUTHORIZATION INFORMATION - Provided are a method, system, and computer program product for a content object encapsulating content items for accessing content and access authorization information. User input of content items is received, wherein each content item indicates a network address and content type of content at the network address. The content items are added to a content object in a computer readable storage. User input is received of access authorization information indicating a user having authority to access the content object. The access authorization information is added to the content object. A user request is received for the content object from a client computer over a network. The access authorization information is processed to determine whether the user at the client computer initiating the request has authorization to access the content object. The content object is processed to generate a presentation page to return to the client computer in response to determining that the user of the client computer is authorized to access the content object. | 07-12-2012 |
| 20120180112 | Lifecycle Management of Privilege Sharing Using an Identity Management Systen - A method, system and computer-usable medium are disclosed for managing the lifecycle of a shared privileged account. A proxy service is implemented with an Identity Management (IdM) system that defines and manages a plurality of identity services, which in turn manage a plurality of privileged accounts used to access a plurality of managed targets. Each of the identity services is mapped to a privilege group of the proxy service and an ID pool manager is implemented to manage sharing of the privileged accounts. A request is generated to access a managed target with a privileged account. A shared privileges module generates a shared ID authorization account and associates it with the requestor. The shared ID authorization account is populated with sign out information for a shared privileged account, which the requestor uses to access the corresponding managed target. | 07-12-2012 |
| 20120180113 | SYSTEM AND METHOD FOR PEER-TO-PEER HYBRID COMMUNICATIONS - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables two endpoints to directly establish and maintain a communication session after authenticating with an access server. | 07-12-2012 |
| 20120185920 | SERIALIZED AUTHENTICATION AND AUTHORIZATION SERVICES - Requests for User Services on networked computers running on different platforms with different Authentication, Authorization and Auditing (AAA) Security Systems are processed through an AAA Services Manager Server and Web Services Servers. The AAA Services Manager Server communicates requests for User Services to Web Services Servers using corresponding URL Web addresses. Web Services correspond to their respective Authentication Security Systems and Authorization Security Systems through which User Services may be obtained. The Web Services Servers act to access, for User validation, the respective Authentication Security Systems and Authorization Security Systems according to their individual languages and computing platform requirements. | 07-19-2012 |
| 20120185921 | METHOD AND SYSTEM FOR PROVIDING PERMISSION-BASED ACCESS TO SENSITIVE INFORMATION - A method provides for permission-based access to personal information over a communication network. The method includes entering specified owner personal information in an owner terminal, by an owner, to establish a secure owner profile, which is stored in an owner database. The method also includes entering specified user personal information in a user terminal, by a user, to establish a secure user profile, which is stored in a user database. The method further includes entering a user request in the user terminal requesting permission to receive a designated piece of the owner personal information from the secure owner profile. A server determines whether to approve the user request; and provides permission to use the designated piece of the owner personal information to the user over the communication network after the user request is approved by the server. | 07-19-2012 |
| 20120185922 | Multimedia Management for Enterprises - The embodiments herein disclose a unified method of managing multimedia content in an enterprise using a system that is responsible for streaming, efficient storage, archival, analytics, authentication, creating, editing, sharing, broadcast, and encoding of the content. A unified multimedia appliance is provided within an enterprise cloud, and can provide a single interface for all users across multiple locations within an enterprise. The unified multimedia appliance provides a single appliance or software solution for managing multimedia needs of an enterprise. The appliance provides the convenience of a public cloud based service, but with enhanced security and control over the media content being used and distributed within the enterprise. This appliance could be hosted either inside the enterprise datacenter (private cloud) or could be hosted in the public cloud. | 07-19-2012 |
| 20120185923 | DATA COMMUNICATION APPARATUS, DATA COMMUNICATION METHOD, DATA COMMUNICATION PROGRAM, AND STORAGE MEDIUM STORING THE PROGRAM - A data communication apparatus which is capable of preventing reception of undesired data by a destination without increasing the load on a network, etc. Data and a destination thereof are input. A sender ID related to a sender who sends the input data is input. The input data is sent to the input destination. A sender ID for data transmission to the input destination is permitted is stored as a permission ID. The input sender ID is collated with the stored permission ID. Whether to permit data transmission is determined according to the collation result. | 07-19-2012 |
| 20120192252 | METHOD AND APPARATUS FOR AUTHORIZING A USER OR A USER DEVICE BASED ON LOCATION INFORMATION - A method comprises receiving a request for generating a challenge for a device or a user of the device. The method also comprises determining location information associated with the device. The method further comprises determining one or more characteristics that are detectable based, at least in part, on the location information. Furthermore, the method comprises generating the challenge based, at least in part, the one or more characteristics. | 07-26-2012 |
| 20120192253 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO INFORMATION STORED AT PLURALITY OF SITES - An external master portal system consisting of a standalone primary control interface referred to as a master portal which is network-connected to subordinate gateway controllers located at the peer connection points to the network, used to define and control the permitted transfer of data across a peer-to-peer network is disclosed. Further, control of the master portal can be provided to a third party whose data is only a part of broad range of data stored or used at any of the peer sites. | 07-26-2012 |
| 20120192254 | METHOD FOR PRODUCING AN ELECTRO-BIOMETRIC SIGNATURE ALLOWING LEGAL INTERACTION BETWEEN AND IDENTIFICATION OF PERSONS - A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly. | 07-26-2012 |
| 20120198521 | COMMUNICATION APPARATUS, COMMUNICATION APPARATUS SYSTEM, AND METHOD CONTROLLING RELAY APPARATUS - A service cooperation system is provided with a multi-function apparatus and a relay apparatus. The service cooperation system changes a disclosure condition of an album in which an electronic file is categorized and stored, for an electronic file storing service offered by the service provider. Without the need for a terminal apparatus such as a personal computer having a fulfilling web browser function, an image reading apparatus itself can perform uploading process, setting of an album of an upload destination and security setting/changing for an album, while notifying the user, who is authorized to a limited disclosure and to view the album, that the album has been updated. | 08-02-2012 |
| 20120198522 | Method for Information Editorial Controls - A method comprises the steps of submitting at least one comment regarding an editorially-controlled content to be published with the editorially-controlled content. The published comment is authored by a contributing member of an online community. A rating of the published comment is entered. The rating is determined by at least one reviewing member of the online community. Points are assigned within a predefined range for ratings of the published comment that exceeds a predetermined level. The points are assigned to the contributing member by an editor of the online community in which the points identify subject matter expertise for the contributing member. Awarded points are received in which the awarded points received by the contributing member comprise the points capped by a maximum number assigned to the editorially-controlled content. | 08-02-2012 |
| 20120198523 | APPARATUS AND METHOD FOR MANAGING ACCESS AMONG DEVICES - Provided are a method, system, and computer storage device for managing zone information for devices in a network. A zone table includes entries indicating whether devices in at least one zone are permitted to communicate. An attributes table has attributes of the devices indicated in the zone table. A determination is made of attributes from the attributes table for devices indicated in the zone table entries as being permitted to communicate. The entries in the zone table indicating that devices can communicate are verified by determining whether the attributes for the devices indicated as permitted to communicate in the entries in the zone table are consistent with the determined devices being able to communicate. Information is outputted indicating whether the entries in the zone table indicating that devices can communicate are in error. | 08-02-2012 |
| 20120204232 | System And Method For Managing Usage Rights Of Software Applications - The present invention disclose a system for securing managing usage rights of plurality of software applications in plurality of client computers devices to be authorized by a server application. The system comprises the following components: at least one client hardware component operatively associated with at least one computer device, said hardware component including at least one control segment and at least one application segment, where the control segment include a processor, communication port, memory and the application segments are arranged to include usage rights information of plurality of software applications and a provider hardware component operatively associated with at least one server, said provider hardware component including at least one control segment and at least one application segment, wherein said control segment include a processor, communication port and a memory, where said application segments are arranged to include software application license information of plurality of clients. | 08-09-2012 |
| 20120204233 | SOCIAL NETWORK SYSTEM WITH ACCESS PROVISION MECHANISM AND METHOD OF OPERATION THEREOF - A method of operation of a social network system includes: receiving a service request for accessing a peripheral device revealed through a social graph of a social platform; determining a request type for matching the service request to a device service provided by the peripheral device; authorizing the device service through the social graph for accessing the peripheral device; and generating a service command based on the request type of the device service authorized for executing the device service for the peripheral device. | 08-09-2012 |
| 20120204234 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND STORAGE MEDIUM STORING PROGRAM THEREOF - An information processing apparatus acquires, from a Web server, an operation screen for inputting authentication information, displays the acquired operation screen, and accepts authentication information input by a user. The apparatus then executes authentication processing using the accepted authentication information without transmitting the authentication information to the Web server, and authorizes, when the authentication succeeds, the user to use a function of itself. | 08-09-2012 |
| 20120204235 | Updating Resource Access Permissions in a Virtual Computing Environment - Methods, systems, and devices are described for updating resource access permissions in a virtual computing environment. In these methods, systems, and devices, a host computer system determines that a user associated with an existing session has moved from a first location associated with a first set of access permissions to a second location associated with a second set of access permissions. The second set of access permissions is applied at the host computer to the existing session based on the determination that the user has moved to the second location. The user is then allowed to access the existing session from the second location according to the second set of access permissions. | 08-09-2012 |
| 20120204236 | Systems and Methods for User Access Authentication Based on Network Access Point - Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response. | 08-09-2012 |
| 20120204237 | Host Device and Method for Accessing a Virtual File in a Storage Device by Bypassing a Cache in the Host Device - A host device is provided comprising an interface configured to communicate with a storage device having a public memory area and a private memory area, wherein the public memory area stores a virtual file that is associated with content stored in the private memory area. The host device also comprises a cache, a host application, and a server. The server is configured to receive a request for the virtual file from the host application, send a request to the storage device for the virtual file, receive the content associated with the virtual file from the private memory area of the storage device, wherein the content is received by bypassing the cache, generate a response to the request from the host application, the response including the content, and send the response to the host application. | 08-09-2012 |
| 20120204238 | Host Device and Method for Accessing a Virtual File in a Storage Device by Bypassing a Cache in the Host Device - A host device is provided comprising an interface configured to communicate with a storage device having a public memory area and a private memory area, wherein the public memory area stores a virtual file that is associated with content stored in the private memory area. The host device also comprises a cache, a host application, and a server. The server is configured to receive a request for the virtual file from the host application, send a request to the storage device for the virtual file, receive the content associated with the virtual file from the private memory area of the storage device, wherein the content is received by bypassing the cache, generate a response to the request from the host application, the response including the content, and send the response to the host application. | 08-09-2012 |
| 20120204239 | TERMINAL MANAGEMENT SYSTEM AND TERMINAL MANAGEMENT METHOD - A terminal management system and a terminal management method of the system determines whether to permit or prohibit the execution of a particular application software program in the information processing terminal in a space discriminated from an execution space of a general application software program on condition that a recording medium held by a member, and storing predetermined information is loaded on a general information processing terminal, and that the recording medium is authenticated in accordance with the predetermined information on a server side. | 08-09-2012 |
| 20120204240 | MULTI-APPLICATION MOBILE AUTHENTICATION DEVICE - (EN) The invention makes it possible to allow several applications to coexist in the same card; the implementation of the applications uses reading and writing of data by the reader in the same memory location. The invention is a method for exchanging data between a mobile authentication device | 08-09-2012 |
| 20120210398 | Enhanced Backup and Retention Management - An enhanced backup and retention management module associated with an entity may track access and changes made to configuration files that specify backup and/or retention policies for servers located on a network. The management module may also prevent unauthorized users from accessing or making changes to the configuration files. Additional features of the system may include a reporting capability that alerts appropriate personnel of who accessed and/or attempted to modify a backup/retention policy for a server, the name of the server whose policy may have been affected, and specific details of the file modifications that were made/attempted. | 08-16-2012 |
| 20120210399 | LOCATION-ENABLED ACCESS CONTROL LISTS FOR REAL-WORLD DEVICES - Systems and methods are disclosed for providing an accessor with access to an accessed device through a network. In one embodiment, location-based access control rights of the accessor to the accessed device are obtained. The location-based access control rights define at least one location criterion such that access rights are to be granted to the accessor for the accessed device when a location of the accessor complies with one or more of the at least one location criterion. Upon determining that the location of the accessor device complies with the at least one location criterion, the accessor device of the accessor is granted access to the accessed device through the network. In this manner, an administrator of the accessed device can regulate from where the accessor can access the accessor device. | 08-16-2012 |
| 20120210400 | METHOD OF MANAGING AUTHORIZATION OF PRIVATE NODE B IN A WIRELESS COMMUNICATION SYSTEM AND RELATED DEVICE - A method of managing authorization of a private node-B coupled to a packet core network terminal in a wireless communication system. The method includes performing positioning measurement for the private node-B to generate a position information of the private node-B, providing the position information for the packet core network terminal, determining authorization validity of the private node-B according to the position information and home network coverage of the private node-B, and then rejecting the authorization of the private node-B when the position information indicates that the private node-B is located out of the home network coverage. | 08-16-2012 |
| 20120210401 | Device and Method for Managing Access Rights to a Wireless Network - A device and a method for managing access rights to a wireless network uses wireless connection devices advantageously based on a smart card, which enable the wireless connection to the network once connected to a terminal. These devices include devices for time and/or geographical management of access to the network and authentication device. These devices can be easily preprogrammed by the entity managing the service and then distributed to the users. | 08-16-2012 |
| 20120216257 | LABEL PRIVILEGES - Methods, systems, and apparatus for managing labeling privileges. In one aspect, a method includes receiving label data defining a label to be associated with an image of a first user in a photograph, the first user identified by a first user identifier and the label data associated with a submitting user identifier; accessing data defining labeling privileges for the first user identifier, the labeling privileges being for second users identified by respective second user identifiers, and the labeling privileges defining, for each second user, a labeling privilege for the second user to label an image of the first user in a photograph; determining whether the submitting user identifier is included in the second user identifiers; in response to determining that the submitting user identifier is included in the second user identifiers: determining the labeling privileges for the user identified by the submitting user identifier, and processing the label accordingly. | 08-23-2012 |
| 20120216258 | Network Connecting Device and Method - In a network connecting device connectable to a network, a connection approval/disapproval determination section determines approval/disapproval of connection to a network in accordance with a connection approval/disapproval determination rule managed by a connection approval/disapproval determination rule management section. When there is a security problem in a content of the connection approval/disapproval determination rule if a connection is to be formed, the security problem is solved by having a user re-input authentication information in the content of the connection approval/disapproval determination rule. | 08-23-2012 |
| 20120216259 | Network Connecting Device and Method - A network connecting device includes: a network device for connecting to the network; a profile generation determination section for determining whether or not to generate a profile including information necessary for forming a connection with the network; a profile generation section for generating the profile when the profile generation determination section determines to generate the profile; a profile management section for managing the profile generated by the profile generation section; and a network connection section for controlling the network device and connecting to the network, based on the profile managed by the profile management section. | 08-23-2012 |
| 20120222092 | CONTROLLING ACCESS TO MEDIA FOR AN ELECTRONIC DEVICE - An electronic device for controlling access to media is described. The electronic device includes a processor and instructions stored in memory. The electronic device obtains media information and determines remaining battery power. The electronic device also determines whether to restrict access to the media based on the media information and the remaining battery power. The electronic device restricts access to the media if it is determined to restrict access and presents the media on the electronic device if it is determined not to restrict access. | 08-30-2012 |
| 20120222093 | PARTIAL AUTHENTICATION FOR ACCESS TO INCREMENTAL DATA - Embodiments of the invention relate to partial authentication to access incremental information. An aspect of the invention concerns a method of authorizing access to information that comprises providing an initial segment of a password wherein the password includes password segments each associated with an incremental portion of the information. In response to the initial password segment satisfying an expected value, the method may authorize access to the information portion associated with the initial password segment. The method may authorize access to other information portions associated with subsequent segments of the password in response to the subsequent password segments satisfying respectively expected values. | 08-30-2012 |
| 20120222094 | METHOD AND ARRANGEMENT FOR ENABLING THE USE OF A CONSUMABLE UNIT - In a method for enabling the use of a consumable unit in a consumption device of a consumption arrangement, a first item of authorization information assigned to the consumable unit is transmitted from the consumption arrangement to a remote data center. The data center implements a first verification of the first item of authorization information and, as a function of this verification, a second item of authorization information assigned to the consumable unit is generated. The second item of authorization information is transmitted to the consumption arrangement, which implements a second verification of the second item of authorization information, dependent on which use of the consumable unit in the consumption device is enabled. The outcome of either the first or second verification is also used for an accounting for use of the consumable unit when, the first verification indicates that the consumable unit was previously unused. | 08-30-2012 |
| 20120222095 | INFORMATION COMMUNICATION SYSTEM, INFORMATION COMMUNICATION METHOD, NODE APPARATUS AND RECORDING MEDIUM - A node apparatus of an information communication system in which a content is distributed and stored by an overlay network configured by a plurality of node apparatuses and which has a center server that manages the content to be submitted to the overlay network, the node apparatus includes: a first creation unit configured to create meta-information that is used in submitting the content to the overlay network; a transmission unit configured to transmit the meta-information created by the first creation unit to the center server; a first reception unit configured to receive the meta-information and an electronic signature verifying the meta-information, which is determined to be proper by the center server, from the center server, and a permission unit configured to permit the meta-information received by the first reception unit to be acquired on the overlay network. | 08-30-2012 |
| 20120222096 | OPEN MARKET CONTENT DISTRIBUTION - A content distribution system for one or more user devices, including: an open market coordinator (OMC) configured to manage a user domain, wherein the one or more user devices are members of the user domain and have access to content associated with the user domain, and wherein an individual user device has access according to predetermined privileges, the access being valid while the individual user device is a member of the user domain and has an active status with the user domain; and a plurality of domain service providers (DSPs) in communication with the OMC, wherein the DSPs are configured to enforce the predetermined privileges applied to the one or more user devices, and wherein the OMC is configured to support the enforcement of the predetermined privileges among the DSPs. | 08-30-2012 |
| 20120227089 | APPARATUS AND METHOD FOR SHARING CONTENTS OF SOCIAL NETWORK SERVICE IN COMMUNICATION SYSTEM - A system, apparatus, and method in a communication system allow sharing contents of users by acquiring an access right even if there is no connection relationship in a Social Network Service (SNS). The system includes an SNS provider and a middleware server. The SNS provider provides the SNS and generates an authorization key and an authorization token according to an open authorization protocol. The middleware server obtains contents of a second user from the SNS provider by using an authorization key of the second user when a first user requests sharing SNS contents of the second user, and transmits the contents of the second user to the first user. | 09-06-2012 |
| 20120227090 | WIRELESS COMMUNICATION TERMINAL - A wireless communication terminal may include a trigger receiving unit that receives a trigger for starting first setup process in a state in which the wireless communication terminal does not participate in wireless network, a transmitting unit that transmits an acquisition request of setup information representing a participation setup process performed by another wireless communication terminal after receiving the trigger, a receiving unit that receives a response including the setup information transmitted from the other wireless communication terminal receiving the acquisition request, and a control unit that performs control such that the transmitting unit transmits error information representing that wireless communication terminals performing the first setup process are detected to the wireless communication terminals, and performs control such that the participation setup process performed by its own wireless communication terminal is set as second setup process when responses including the setup information representing the first setup process are received. | 09-06-2012 |
| 20120227091 | POLYMORPHIC ASSURED NETWORK - Described herein are devices and techniques for implementing a polymorphic network adapted to change network path configurations among a number of pre-determined network path configurations in response to a perceived threat. Such perceived threats can include detection of an unknown process, or simply according to some schedule, or randomly to prevent or otherwise reduce susceptibility to such perceived threats. Multiple (e.g., redundant) network communications paths can be pre-configured between two endpoints. Network communications between the two endpoints can be periodically redirected, for example, in response to a perceived threat or according to one or more rules and/or a schedule to otherwise avoid a perceived threat. A system adapted to permit such pre-configuration of multiple network paths can include an access restrictor in communication with a network configuration controller to prohibit unauthorized pre-configuration of the network paths. | 09-06-2012 |
| 20120227092 | CONTROLLING USER ACCESS TO ELECTRONIC RESOURCES WITHOUT PASSWORD - Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison. | 09-06-2012 |
| 20120227093 | USER SENSITIVE FILTERING OF NETWORK APPLICATION LAYER RESOURCES - In one embodiment, a method includes receiving authorization data at a local node of a network. The authorization data indicates a particular network address of a different node in the network and an authenticated user ID of a user of the different node. Resource profile data is retrieved based on the user ID. The resource profile data indicates all application layer resources on the network that the user is allowed to access. The particular network address is associated at the local node with the resource profile data for the user. A request from the particular network address for a requested application layer resource on the network is blocked based on the resource profile data associated with the particular network address. | 09-06-2012 |
| 20120227094 | SYSTEMS AND METHODS FOR SINGLE SIGN-IN FOR MULTIPLE ACCOUNTS - Systems and methods which facilitate single user sign-in for multiple accounts are shown. Embodiments create a single user base which maps users to multiple accounts. The use of a single set of credentials by the user is provided for according to embodiments irrespective of the applications associated with the various accounts having very different security protocols. A system hosting the shared user base preferably provides a single authentication point for multiple services. Embodiments an authenticator string, as may be passed between a client and bridge server and/or client and application, in order to enable user access, detect attacks with respect to a client conversation, etcetera. In addition to providing a shared user base for single sign-in, embodiments provide additional shared functionality and/or functionality not available from the applications themselves. | 09-06-2012 |
| 20120233661 | Method and Apparatus for Regulating Electronic Mail Transmission through Account Verification - Methods and apparatus for regulating the transmission of electronic mail messages are provided. The type of account or necessary permissions to transmit the electronic mail messages to their destination is determined and the sender's account is queried to ensure it is of the proper type or has the necessary permissions. If so, the electronic mail message is sent to its destination. If not, the electronic mail message is held and the user is allowed to obtain the proper type of account or an account with the necessary permissions for delivery of the electronic mail message. In determining the proper type of account or necessary permissions, variables can include the geographic location of the electronic mail message's destination or the size of the electronic mail message and its attachments. | 09-13-2012 |
| 20120233662 | ENHANCING COMMUNICATION - Among other things, from content of a communication composed by a user, a strategy is inferred for selecting target information related to the content. The strategy is used to select target information from a body of target information. And information about the selected target information is reported to the user. | 09-13-2012 |
| 20120233663 | SYSTEMS AND METHODS FOR ENABLING TEMPORARY, USER-AUTHORIZED CLONING OF MOBILE PHONE FUNCTIONALITY ON A SECURE SERVER ACCESSIBLE VIA A REMOTE CLIENT - Temporary, user-authorized cloning of physical mobile phone functionality via a secure server can enable physical mobile phone features to be accessed and controlled by a user from a remote client. A secure server can include mobile phone registration information, enable secure access by users via a remote client, maintain communication and synchronization with the mobile phone, receive data associated with the physical mobile phone when is not in communication with at least one of a supporting telecommunication network and the secure server, and enable the physical mobile phone user to obtain secure communication with the secure server via a remote client, access and manage cloned mobile phone data and communicate with third parties. Physical mobile phone user access to the secure server and cloned mobile phone functionality with the remote client can be terminated once the physical mobile phone user logs off of the secure server from the remote client. | 09-13-2012 |
| 20120233664 | SECURING ASYNCHRONOUS CLIENT SERVER TRANSACTIONS - A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided. | 09-13-2012 |
| 20120233665 | DEVICE REPUTATION - A user device is associated with a dynamic trust score that may be updated as needed, where the trust score and the updates are based on various activities and information associated with the mobile device. The trust score is based on both parameters of the device, such as device type, registered device location, device phone number, device ID, the last time the device has been accessed, etc. and activities the device engages in, such as amount of transactions, dollar amount of transactions, amount of denied requests, amount of approved requests, location of requests, etc. Based on a transaction request from the user device, the trust score and a network reputation score is used to determine an overall trust/fraud score associated with the transaction request. | 09-13-2012 |
| 20120233666 | Network-Oriented Matrix Sharing For Genealogy And Social Networks Through Network-Role-Based Access Controls - A computer-implemented method for displaying social media content items using a network based browser. The method includes displaying a plurality of networks from a social media content database, the database including social media content items organized into networks, receiving a selection of a network from the plurality of networks from a user, comparing access control information for the selected network including determining role types authorized to view social media content items in the network to a role type associated with the user for that network, identifying a plurality of social media content items that can be displayed on the comparison, and displaying the identified social media content items. | 09-13-2012 |
| 20120233667 | EFFICIENT DATA STRUCTURES FOR MULTI-DIMENSIONAL SECURITY - Efficient data structures are generated to enforce permissions on a multi-dimensional representation in a performance management application. A model site is generated having at least one model with at least one dimension. User permissions and group permissions are set for the model. The user permission and the group permissions are deployed to a relational database. A collective user permission table is generated based on the user permissions and the group permissions. Thus, an end user may receive permissions associated with a model and permissions associated with particular dimensions of a model without an inefficient consumption of resources. | 09-13-2012 |
| 20120233668 | Pluggable Allocation in a Cloud Computing System - In one embodiment, a cloud computing system provides user extensibility by providing a plugin interface for major systems. Plugin interfaces for a compute service, object service, network service, authentication and authorization service, message service, and image service are disclosed. One or more of the plugin interfaces can be used to alter the allocation of virtual to physical resources across multiple services. Compound services and smart allocation facilities are possible with user-directed modification. | 09-13-2012 |
| 20120233669 | METHOD AND APPARATUS FOR SECURE AUTHORIZATION - A method for authorizing access to a first computing device is provided. The method comprises the first computing device forming a challenge, encoding the challenge into a symbol, and displaying the symbol. The first computing device receives a request for access from a user. Access to the first computing device is allowed in response to provision of an access code to the first computing device by the user. The access code is formed by a server in response to capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server. The server forms a decision to allow access by the user to the first computing device. | 09-13-2012 |
| 20120233670 | METHOD AND SYSTEM FOR MANAGING SECURITY OBJECTS - A message that a user is requesting an access to a resource is received. The access is associated with a requested access level and is granted if an access path exists between the user and the resource for the requested access level. In response to the message reception, a first identifier of the user, a second identifier of the resource, the requested access level, and a first value that represents that the access to the resource was requested is stored in a record. All access paths usable to determine whether the user is authorized to access the resource are identified. Another security object including a flag to represent its usage in authorizing access to the resources is received. A decision is made with respect to whether the received other security object was used within one of the identified access paths as a function of its flag value. | 09-13-2012 |
| 20120233671 | SYSTEM AND METHOD FOR SELECTIVE PROTECTION OF INFORMATION ELEMENTS - A system and method for selective protection of information items is provided a one or more information elements in an information object may be identified. Selected information elements in an information object may be encrypted. Placeholders may replace selected information elements. Presentation of information included in the information object may comprise a presentation of placeholders substituting information elements. Contingent on an authentication, placeholders may be replaced by associated information elements. Contingent on an authentication, information elements may be viewed and/or manipulated. | 09-13-2012 |
| 20120240192 | USING ENTITLEMENT CERTIFICATES TO MANAGE PRODUCT ASSETS - A server receives a consumer request from a client to access a product repository that is coupled to the server. The consumer request comprises an entitlement certificate and a uniform resource locator (URL). The server identifies at least one extended attribute object identifier in the entitlement certificate to determine whether the client is authorized to access the product repository. The at least one extended attribute object identifier has a corresponding URL in the entitlement certificate that specifies a location of the product repository that the client is authorized to access. The server grants the client access to the product repository based on a determination that the URL in the consumer request matches a URL in the entitlement certificate. | 09-20-2012 |
| 20120240193 | SYSTEM AND METHOD FOR ASSIGNING PERMISSIONS TO ACCESS DATA AND PERFORM ACTIONS IN A COMPUTER SYSTEM - A method for setting permissions for a group of users of a computer system. The method includes receiving data that defines a role for a first group of users, the role including one or more permissions each defining a permitted activity of the first group of users with respect to data of users in a second group of users, and setting the one or more permissions based on the defined role. | 09-20-2012 |
| 20120240194 | Systems and Methods for Controlling Access to Electronic Data - Access to an organization's electronic data is controlled by receiving login information for an individual, authenticating the individual based on the received login information, and granting permissions to the authenticated individual for a portion of an organization's electronic data. The granted permissions are associated with rote assignments for the individual, which role assignments are independent of any organizational structure, and may be granted to the individual for more than one role assignment based on the same authenticated login information. Further, an individual may be denied some role assignments to preclude access to certain portions of the organization's electronic data. | 09-20-2012 |
| 20120240195 | APPARATUS, SYSTEM AND METHOD EMPLOYING A WIRELESS USER-DEVICE - Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction. | 09-20-2012 |
| 20120240196 | AUTOMATED SNIFFER APPARATUS AND METHOD FOR MONITORING COMPUTER SYSTEMS FOR UNAUTHORIZED ACCESS - An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus includes a processing unit. It includes a wireless network interface device and an Ethernet (or like) wired network interface device that are coupled to the processing unit. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from a wireless access point device that is operational about the selected local geographic region. A code is directed to performing connectivity test using one or more marker packets to determine connectivity status of the wireless access point device to network to be protected from intrusion. Depending upon the embodiment, other codes may exist to carry out the functionality described herein. | 09-20-2012 |
| 20120240197 | Managing Tethered Data Traffic Over a Hotspot Network - Presented is a system and method for controlling access to a mobile hotspot on a mobile device utilizing a hotspot management application. The method includes detecting unauthorized data traffic over a tethered link between the mobile device and a tethered device by analyzing a signature of the unauthorized data traffic. Analyzing the signature of the unauthorized data traffic may be carried out utilizing a rules engine, where the rules engine is based on one or more carrier controlled tethering policies and one or more user controlled tethering policies. Detecting unauthorized data traffic may further include detecting an unauthorized tethering application on the mobile device utilizing a database of known unauthorized tethering applications. The method further includes controlling the unauthorized data traffic. The method additionally includes redirecting a user of the mobile device to a captive portal for authorized tethering plan support. | 09-20-2012 |
| 20120240198 | COMPUTERIZED AUTHORIZATION SYSTEM AND METHOD - A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity. | 09-20-2012 |
| 20120240199 | CONFIDENTIAL PRESENTATIONS IN VIRTUAL WORLD INFRASTRUCTURE - Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture. | 09-20-2012 |
| 20120240200 | LOCATION-TARGETED ONLINE SERVICES - Described are various implementations of location-targeted online services. When a user accesses the Internet from a supported location, he'll be able to use premium or exclusive online services (premium content, member-only discounts etc.) for free and without going through an elaborate subscription process. The location owner may promote these services before the user enters the location. Example: in addition to mentioning “free Internet”, the hotel owner can attract new customers by mentioning “free Netflix movies” or “free access to premium content, from Zagat reviews to stock reports”. It allows the location owner to utilize a network (WIFI) service provider as a means of increasing its core business and not just as a source of incremental advertisement income. | 09-20-2012 |
| 20120240201 | System and Method for Providing Multimedia Services - A communications system and method is configured to provide multimedia services utilizing a signaling protocol such as a session initiated protocol (SIP), via a local access network. The method includes providing a local proxy having an internet protocol (IP) address, wherein the local proxy is integrated with the local access network. The method further includes providing a client device having a signaling protocol client, wherein the client device is coupled to a remote access network that is, external to the local access network. Additionally, the method includes initiating a session by the client device accessing the IP address of the local proxy. | 09-20-2012 |
| 20120240202 | Communication Abuse Prevention - Communication abuse prevention techniques are described. In an implementation, a reputation level for a communication is determined based on relation information for a sender and an intended recipient of the communication. A challenge is invoked that is to be completed by the sender before the communication is sent. The challenge is selected based on the reputation level for the communication. The communication is caused to be available for access based on successful completion of the challenge. Access to the communication is inhibited in response to a subsequent determination of the reputation level that indicates that the reputation level for the communication has changed to a new reputation level prior to the communication being accessed by the intended recipient. The subsequent determination is based on additional information associated with the sender of the communication | 09-20-2012 |
| 20120246701 | Programming, Verifying, Visualizing, and Deploying Browser Extensions with Fine-grained Security Policies - An environment is described which enables the generation, analysis, and use of secure browser extensions. Each browser extension includes an extension body and a policy expressed in a logic-based specification language. The policy specifies the access control and dataflow privileges associated with the extension body in a fine-grained manner by leveraging the structure and content of resources that are accessible to the browser extension. A suite of analysis tools for testing the safety of the browser extension includes a visualization module identifies features of a resource that are accessible to the policy. A static analysis module uses a static analysis technique to determine whether the extension body satisfies the policy. The environment also includes a conversion module for converting the browser extension, once deemed safe, into a form for use by a particular type of browser. The browser can execute that extension without performing runtime safety checks. | 09-27-2012 |
| 20120246702 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR ACCESS AUTHENTICATION - According to one aspect of the present disclosure, a method and technique for access authentication is disclosed. The method includes: responsive to receiving an access request from a user for a secure resource, logging an Internet Protocol (IP) address of the access request; transmitting a uniform resource locator (URL) to the user via an electronic mail message; responsive to receiving a request for the URL, logging an IP address corresponding to the URL request; and responsive to validating the IP address corresponding to the URL request with the IP address of the access request, providing access to the secure resource. | 09-27-2012 |
| 20120246703 | EMAIL-BASED AUTOMATED RECOVERY ACTION IN A HOSTED ENVIRONMENT - Email-based recovery actions may be provided. A request from a user to perform an action may be received. If the user is determined not to have permission to perform the action, a message may be sent to a second user to approve the requested action. If the second user approves the requested action, the requested action may be performed. | 09-27-2012 |
| 20120246704 | MOBILE SOFTWARE ENTITLEMENTS MANAGER - A mobile entitlements manager implemented on a mobile device stores the software entitlements belonging to a user of the mobile device. The mobile device communicates with client computers on which the user wishes to run software applications. Messages are exchanged between the client and the mobile device to enable activation, continued running, and to deactivate client applications in accordance with the entitlements available to the user. The mobile entitlements manager updates its entitlement information by communicating with a remote entitlements server, and informs the entitlement server of the status of programs running on clients in communication with the device. The entitlements manager handles entitlements for multiple applications and for multiple licensed entities, such as individual users, sites, client computers, or organizations. | 09-27-2012 |
| 20120246705 | Object-Based Access Control for Map Data - Embodiments allow access to geographic data objects on a per-object basis. A client may send a plurality of requests for geographic data to display within a view frustum. Map data may include a layer with a plurality of assets. Each request may be authenticated by an access control filter, which determines whether the user is authorized to view the data requested. | 09-27-2012 |
| 20120254945 | ENFORCING WEB SERVICES SECURITY THROUGH USER SPECIFIC XML SCHEMAS - A method of enforcing web security, by: (a) receiving an incoming request; (b) applying a plurality of XML customized schemas to the incoming request, and thereby: (c) simultaneously validating the incoming request and determining whether the incoming request is authorized; and then, (d) (i) processing the incoming request if the incoming request is both valid and authorized, (ii) sending the incoming request to an authenticator if the incoming request is valid but not authorized, or (iii) ceasing operation on the incoming request if the incoming request is not valid. | 10-04-2012 |
| 20120254946 | ESTABLISHING PRIVILEGES THROUGH CLAIMS OF VALUABLE ASSETS - A service accessible by a set of entities may be provided to each entity at a different service level (e.g., with a different set of privileges) based on the privilege level of the entity. However, many users may attempt to perform malicious activities through the service, and may do so with impunity if the penalties of detection are inconsequential. Instead, privilege levels of entities may be established based on the claims of assets having identifiable value. Such claims may be established by submitting an asset identifier to the service, such as proof of a software license identified by the submission of a license key purchased at a substantial cost. The penalties of malicious activities performed by such users may include the invalidation of such asset identifiers. Establishing the privilege levels of respective entities in this manner raises the penalties, and hence the deterrence, of attempted malicious use of the service. | 10-04-2012 |
| 20120254947 | Distributed Real-Time Network Protection for Authentication Systems - Information about security events detected by a group of protected web-connected resources is centrally managed in order to detect distributed attacks and slow paced attacks by providing to a plurality of web-connected resources a deployment component which couples to a native authorization service of each web-connected resource; receiving a plurality of security event reports from one or more of the deployment components by a command and control center computer; based on collected information from the plurality of security event reports, determining a threat level indicator across the plurality of web-connected resources using one or more analyses and metrics; and transmitting the threat level indicator to each of the web-connected resources. | 10-04-2012 |
| 20120254948 | METHODS AND SYSTEMS FOR AUTHENTICATING ONE OR MORE USERS OF A VEHICLE COMMUNICATIONS AND INFORMATION SYSTEM - In at least one embodiment, a system for authorizing use of a vehicle communication and information system may include one or more data processors configured to receive information associating one or more devices with a vehicle computer. The data processor(s) may be also configured to receive information identifying a user requesting authorization to command the vehicle controls from the one or more devices associated with the vehicle computer. The user(s) may be authorized to command the vehicle controls from the one or more devices associated with the vehicle computer based on performing an authentication process for authenticating the user, determining that the user is an authenticated user based on the authentication process, and enabling command of one or more vehicle controls from the one or more remote devices via the associated vehicle computer based on the user being authenticated. | 10-04-2012 |
| 20120254949 | METHOD AND APPARATUS FOR GENERATING UNIQUE IDENTIFIER VALUES FOR APPLICATIONS AND SERVICES - An approach is provided for adapting and regenerating identifiers for use in connection with applications and services available to a device. An identification generation platform receives a request to generate one or more identifiers associated with a device, a user of the device, or a combination thereof. At least one seed value associated with the device, the user of the device, or a combination thereof is determined. The platform then processes at least one seed value to cause, at least in part, a generation of the one or more identifiers. | 10-04-2012 |
| 20120254950 | Delivery control for messages communicated among end user communication devices - An exemplary method implemented by a first end-user communication device originates an electronic communication. User input is received to create information to be conveyed by the transmission of a digital packet having a header segment and a user data segment. The user data segment contains a user message and an acknowledgement command where the acknowledgement command conveys a request to a recipient device to authorize the sending of an acknowledgement reply message. Authorization of the sending of the reply acknowledgement message serving as a condition precedent to the recipient being able to view the corresponding received user message. Displaying a composition screen by which the user inputs the user message and can insert the acknowledgement command in a command field in the user data segment prior to transmission of the digital packet. The digital packet with the user data segment that contains the user message and the acknowledgement command is transmitted to a recipient device. Another embodiment includes a method implemented by a first end-user communication device that receives and processes such electronic communication. | 10-04-2012 |
| 20120254951 | PROVIDING PROTECTION AGAINST UNAUTHORIZED NETWORK ACCESS - A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation. | 10-04-2012 |
| 20120254952 | INTERFACE DEVICE FOR AN INTELLIGENT ELECTRONIC DEVICE AND METHOD OF OPERATING AN INTERFACE DEVICE - The present invention relates to a system comprising an interface device ( | 10-04-2012 |
| 20120254953 | METHOD FOR PROVIDING AND OBTAINING CONTENT - In a data providing server, whether or not specified compressed content data generated by means of a specified compression coding method corresponding to terminal identification information has been stored in a content database is detected, according to content specifying data transmitted from a portable dedicated terminal. If the specified compressed content data has been stored, the data providing server reads and transmits this to the portable dedicated terminal. And if the specified compressed content data has not been stored, the data providing server generates the specified compressed content data by means of the specified compression coding method, and transmits this to the portable dedicated terminal. | 10-04-2012 |
| 20120254954 | SYSTEM FOR MULTIMEDIA VIEWING BASED ON ENTITLEMENTS - An advertising control method is described. The method includes receiving an advertisement identification message (AIM) ( | 10-04-2012 |
| 20120254955 | PERSONAL AUTHENTICATION METHOD, PERSONAL AUTHENTICATION SYSTEM, AND PORTABLE-TYPE COMMUNICATION TERMINAL - A personal authentication system includes a terminal enabled to perform a predetermined information processing process, a USB memory enabled to perform near field communication with a cell phone having an e-mail function through Bluetooth, and an authentication server. When the USB memory is loaded onto the terminal, USBID is read, and then transmitted from the terminal to the authentication server. The authentication server authenticates the USBID, and transmits an authentication key corresponding to the USBID to the corresponding cell phone if the USBID is authentic. The cell phone transmits the authentication key to the USB memory via Bluetooth. The received authentication key is transmitted from the terminal to the authentication server via the USB memory. The authentication server performs personal authentication by comparing the transmitted authentication key with the received authentication key to check for identification. | 10-04-2012 |
| 20120260315 | FIREWALLS FOR PROVIDING SECURITY IN HTTP NETWORKS AND APPLICATIONS - Systems and methods provide security to HTTP applications. Responses sent from a server, such as a web server, are analyzed and a signature is generated for each HTML object in that page. The signature is encrypted and sent to a client along with the contents of the page. When a client later sends a request, the system checks the signature associated with that request with the contents of the request itself. If the values, variables, lengths, and cardinality of the request are validated, then the request is forwarded to the web server. If, on the other hand, the request is invalidated, the request is blocked from reaching the web server, thereby protecting the web server from malicious attacks. The systems and methods offer security without being limited to a session or user. | 10-11-2012 |
| 20120260316 | Leveraging a Persistent Connection to Access a Secured Service - Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection. | 10-11-2012 |
| 20120260317 | Systems and Methods for a Notification System That Enable User Changes to Quantity of Goods and/or Services for Delivery and/or Pickup - Systems and methods are disclosed for automated notification systems. A representative method, among others, can be summarized by the following steps: monitoring travel data in connection with a mobile thing (MT) that is destined to pickup or deliver an item or service at a stop location; causing initiation of a notification communication session with a personal communications device (PCD) based upon the travel data; and during the notification communication session, enabling a party associated with the PCD to change one or more tasks associated with the pickup or delivery. A representative system, among others, comprises a computer or other automated system that is programmed or designed to perform the foregoing steps. | 10-11-2012 |
| 20120260318 | ACCESS TO A NETWORK FOR DISTRIBUTING DIGITAL CONTENT - A transmission of a digital content to a user terminal is managed by a network comprising a service subnetwork adapted for providing the terminal with a service token, and a digital contents distribution subnetwork which includes a control part and a transmission part. The control part of the distribution subnetwork receives a request from the user terminal for a digital content, indicating a service token. Next, if the service token is recognized as valid, an address relating to the distribution subnetwork is determined and a session token associated with said address is generated. A message indicating said address and the session token associated with said address is then transmitted to the user terminal. | 10-11-2012 |
| 20120260319 | MULTIPLE APPLICATION CHIP CARD HAVING BIOMETRIC VALIDATION - A smart card includes a plurality of application circuits that are each related to at least one application service securely contained within the card, each application circuit is energizable by an outside signal; a control unit making it possible to identify the energized application circuit and the related service and moreover to activate the service in response to activation authorization; and a biometric circuit for authenticating the user so as to generate the activation authorization. | 10-11-2012 |
| 20120260320 | Device-Specific Authorization at Distributed Locations - A method includes receiving, at a client device, an authentication seed from a first network. The method also includes receiving a shared secret. The method further includes, in response to receiving the authentication seed, determining a network address of the client device. The method further includes computing a result of a one-way hash function of a combination of the network address, the authentication seed, and the shared secret. The method further includes transmitting the network address and the result of the one-way hash function to a server that provides access control of a second network coupled to the first network. The method further includes receiving permission from the server to access the second network. | 10-11-2012 |
| 20120266217 | Permitting Access To A Network - Method and communication system for permitting access to a network by sharing access credentials over the communication system between first and second communication clients executed at respective first and second user terminals of respective first and second users of the communication system. The access credentials are for accessing the network. The method comprises the first communication client causing the access credentials to be stored in a first store of the first user terminal or of the communication system, and the first user authorising the second user to access the access credentials stored in the first store. The second communication client accesses the first store and retrieves the access credentials on the basis of the second user's authorisation to access the access credentials stored in the first store. The second communication client stores the retrieved access credentials in a second store at the second user terminal, and the second communication client uses the access credentials stored in the second store to access the network, without conveying the retrieved access credentials to the second user in a form which is comprehensible to the second user. | 10-18-2012 |
| 20120266218 | Differential Encryption Utilizing Trust Modes - Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques. | 10-18-2012 |
| 20120272292 | METHOD AND APPARATUS FOR PROTECTING AGAINST ATTACKS FROM OUTSIDE CONTENT - A method and apparatus for protecting against attacks from outside content is described. In one example, a request is received from a user to access content from a second domain. An active session for the user with the second domain is searched for. If no active session is found, then an active session with a related first domain is searched for. If an active session is found with the first domain, then a session is established with the second domain based on the active session with the first domain. The requested content is then provided to the user based on the established session with the second domain. | 10-25-2012 |
| 20120272293 | COLLABORATIVE GATEWAY - A method and a system for monitoring and controlling remote devices are described. The system has a gateway, a web server, and a client device. The gateway is coupled to a security device. The web server has a management application configured to communicate with the gateway. The management application has a service manager module to enable additional services from the gateway and the security device. The client device communicates with the gateway identified by the web server. The gateway aggregates monitoring data from the security device and from other security devices respectively coupled to other gateways correlated with the gateway. The client device receives the aggregated monitoring data, controls the security device coupled to the respective gateway from a web-based user interface at the client device. | 10-25-2012 |
| 20120272294 | ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD - A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC. | 10-25-2012 |
| 20120272295 | METHOD AND SYSTEM FOR ENABLING AND CONTROLLING COMMUNICATION TOPOLOGY, ACCESS TO RESOURCES, AND DOCUMENT FLOW IN A DISTRIBUTED NETWORKING ENVIRONMENT - Described are a system and method for use by a computing device to transmit information over a communication medium. The computing device communicates over the medium according to a protocol stack having a plurality of protocol layers. Information having an identifier is received at a first protocol layer from a higher protocol layer in the protocol stack. The computing device determines whether to present the information to the network communication medium based on at least one term of a contract associated with the identifier. Upon determining to present the information to the communication medium, the computing device incorporates the identifier in the information before placing the information on the network communication medium. | 10-25-2012 |
| 20120272296 | METHOD AND SYSTEM FOR PROTECTING AGAINST THE EXECUTION OF UNAUTHORIZED SOFTWARE - In accordance with an embodiment of the present invention, a client device is protected against the execution of unauthorized software. The client includes a code authentication process that verifies the integrity of executable code, by generating and comparing a first hash value of the executable code with a known hash value of the original code. Furthermore, during boot-up, the client initializes a CPU exception vector table with one or more vector table entries. One or more, or all, of the vector table entries direct the CPU to execute the code authentication process prior to executing an event handler when an exception event occurs. Consequently, the code authentication process is virtually guaranteed to execute, thereby protecting against the execution of unauthorized code. | 10-25-2012 |
| 20120272297 | CROSS-TRANSPORT AUTHENTICATION - An authentication controller coupled to a first communication port of a portable media device is allowed to provide authentication on behalf of an accessory device coupled to a second communication port of the portable media device. In one embodiment, a cross transport connector includes a connector configured to couple with an accessory and a connector configured to couple with a portable media device such that the accessory can be coupled to the second communication port of the portable media device. The cross-transport connector also includes an authentication controller. The authentication controller may request authentication from the media device over the first communication port of the portable media device. The request may also include an identifier of the second port, to which authenticated permissions obtained via the first port may be transferred. | 10-25-2012 |
| 20120278861 | METHOD FOR SECURELY CREATING A NEW USER IDENTITY WITHIN AN EXISTING CLOUD ACCOUNT IN A CLOUD COMPUTING SYSTEM - The invention proposes a method for securely creating a new user identity within an existing cloud account in a cloud computing system, said cloud computing system providing cloud services and resources, said cloud account comprising cloud user identities, said method comprising enabling a first user to access the cloud services and resources using a first security device, wherein it comprises authenticating to the first security device, creating a new user identity within the cloud account for a second user using the first security device. | 11-01-2012 |
| 20120278862 | METHODS AND SYSTEMS FOR AUTO-MARKING, WATERMARKING, AUDITING, REPORTING, TRACING AND POLICY ENFORCEMENT VIA E-MAIL AND NETWORKING SYSTEMS - A method for tracking the routing of an electronic document, including embedding a unique identifier within an electronic document and monitoring e-mail messages transmitted from senders to recipients, for detection of e-mail messages having the electronic document embedded therewithin or attached thereto, based on the unique identifier. A system and computer readable storage medium are also described and claimed. | 11-01-2012 |
| 20120278863 | AD-HOC USER ACCOUNT CREATION - A mechanism that allows a user to easily configure a rules engine to apply rules to decide which requests for access to a user's computer resources are to be granted and which are denied. A trusted token, such as a certificate of identity issued by a trusted third party authority that verifies identities of computer users, is included in a calling card object provided by the requesting user to the (server) computer that controls the resources desired by the requester. Additional conditions for access may be specified as desired by the user of the server computer. | 11-01-2012 |
| 20120278864 | Monitoring Method and Device - The method of the invention comprises:
| 11-01-2012 |
| 20120278865 | METHOD, SYSTEM AND APPARATUS FOR IDENTIFICATION - One exemplary embodiment describes a method, system and apparatus for storing and providing data. A software application may be utilized on a smartphone or similar device to house data. The data may be accessed by a user to manipulate the data or view the data. The data may also be accessed by an authorized party, for example in the event of an emergency. The application and associated data may be accessed in a variety of manners and the data displayed or available may be adjusted by the user for security and appropriate usage. | 11-01-2012 |
| 20120278866 | METHODS AND APPARATUSES FOR SECURELY OPERATING SHARED HOST COMPUTERS WITH PORTABLE APPARATUSES - The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, an authorization signature may also be utilized to authorize a connected-state guest operation environment in the host device. | 11-01-2012 |
| 20120278867 | SYSTEM FOR ONLINE COMPROMISE TOOL - An Activity Access Control (AAC) utility controls access to applications and devices by allowing an administrator to set terms of use/access regarding a applications and/or devices for a group of users, whose activity are monitored. The AAC utility also enables administrator and user access to a compromise facility via a centralized access point to establish or request changes to the terms of use/access. The AAC utility allows the administrator to dynamically update information and set terms based on real-time information collected during activity monitoring. Dynamic updates may also occur based on the monitored user's request, the priority of the requesting user(s), historical data, occurrence of a special event, completion of other internal or/external tasks, and/or pre-set limitations or thresholds. In addition, the AAC utility facilitates the real-time display or publishing of the terms of use, status information, and statistical information to users and the administrator. | 11-01-2012 |
| 20120284776 | Techniques for Providing Access to Data in Dynamic Shared Accounts - Techniques for providing access to data in dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic shared accounts. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a first user associated with an account, identify a second user to have access to the account associated with the first user in the event the first user is unavailable to access data or perform functions associated with the account, map the second user to the account, and provide the second user access to the account based on the mapping and with access privileges associated with the first user. | 11-08-2012 |
| 20120284777 | METHOD FOR MANAGING DATA IN M2M SYSTEMS - A method enabling managing sensor devices data by aggregating them in virtual entities: Connected Objects (COs). Third Parties access those exposed data if and only if the Owner of those data grants the corresponding access rights. Since communication is bidirectional, Third Parties can also be granted to manage the device set belonging to those COs for which data access was granted. The method allows managing multiple remote devices, enabling systematic naming and addressing schemes to reach those devices. Eventually, the method enables charging procedures through an Object Charging Data Function entity, which finds out the right Object to be charged for and sends the bill to both Owner and Third parties for the provided services. Charging Objects (CHOs) are those COs exposed for the specific application of charging. A hierarchy is proposed (Organisational, Fundamental, Derived and Temporary CHO) enabling inheritance rules (Reverse and Direct) for access rights and/or charging policy. | 11-08-2012 |
| 20120284778 | CONTROLLING ACCESS TO A PROTECTED NETWORK - A system for controlling access to a protected network includes a network access control module coupled to the network and configured to restrict access to the network to an authorized user through a computer coupled to the network. The system also includes a communication device associated with the computer, which automatically transmits a unique identifier corresponding to the communication device to the network access control module when a user uses the communication device to request access to the network via the computer. When the network access control module receives the unique identifier it is configured to authenticate the communication device, to authenticate the user via the communication device when the communication device is authenticated, and when the user is authenticated, to submit log-on information to a log-on interface of the computer associated with the communication device so that the user can access the network via the computer. | 11-08-2012 |
| 20120291100 | AUTOMATIC RESOURCE OWNERSHIP ASSIGNMENT SYSTEM AND METHOD - A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates. | 11-15-2012 |
| 20120291101 | PROTECTED MODE FOR MOBILE COMMUNICATION AND OTHER DEVICES - An electronic device includes at least one memory unit, a plurality of applications residing on at least one of the memory units and a database residing on at least one of the memory units. The database is configured to store a record specifying a subset of the plurality of applications that are to be inaccessible to a user when in a protected mode of operation. The protected mode is designed for a user (e.g., child or friend borrowing the device) who can potentially use the device with setting that are configured under the primary user's (e.g. parent, device administrator) supervision. The device also includes a user interface through which a primary user and not other users can specify the subset of the plurality of applications to be included in the record. A processor is operatively associated with the memory unit, the database and the user interface. The processor is configured to switch, in response to a request from the primary user and not other users, between a normal mode operation in which all of the applications in the plurality of applications are available for use and the protected mode of operation. | 11-15-2012 |
| 20120291102 | PERMISSION-BASED ADMINISTRATIVE CONTROLS - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing permission-based administrative controls. In one aspect, a method includes receiving an administrator-defined pairing that identifies a permission and one or more applications, and receiving a request from a requesting application to perform one or more operations that are associated with the permission. The method also includes determining whether the requesting application is identified in the pairing, and selectively allowing the requesting application to perform the operations based on determining whether the requesting application is identified in the pairing. | 11-15-2012 |
| 20120291103 | PERMISSION-BASED ADMINISTRATIVE CONTROLS - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing permission-based administrative controls. In one aspect, a method includes receiving an administrator-defined pairing that identifies a permission and one or more applications, and receiving a request from a requesting application to perform one or more operations that are associated with the permission. The method also includes determining whether the requesting application is identified in the pairing, and selectively allowing the requesting application to perform the operations based on determining whether the requesting application is identified in the pairing. | 11-15-2012 |
| 20120291104 | PERSONAL CONTENT SERVER APPARATUS AND METHODS - Personal content server apparatus and associated methods that allow a user (e.g., cable or satellite network subscriber) to access content, such as a video program, from a location outside the subscriber's network. In one embodiment, a personal content server streams the content to the subscriber over a network connection from the local e.g., (subscription) network to a remote network upon authorization by a content manager process. Various access, business or operational rules are applied depending on the content and delivery mode; e.g., to live video broadcast, video-on-demand (VOD), or archived content from the subscriber's digital video recorder (DVR) or networked PVR. In another variant, reservation information (for example program or asset ID information) is cached at a headend or hub server, thereby obviating the subscriber (or the network) having to access the subscriber's premises device. In yet another variant, a “virtual” CPE experience is provided for the remote user. | 11-15-2012 |
| 20120291105 | AUTHORIZATION OF SERVER OPERATIONS - An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation. | 11-15-2012 |
| 20120297454 | Systems and Methods for Security Verification in Electronic Learning Systems and Other Systems - The embodiments described herein relate to security verification systems and methods. In some aspects, there is provided a security verification server comprising a server processor. The server processor is adapted to provide at least one account identifier, receive at least one command for execution, determine whether to activate one or more available additional permission sets to execute the received command, and if it is determined that one or more additional permission sets should be activated to execute the received command, activate those permission sets by executing the security verification processes associated therewith. | 11-22-2012 |
| 20120297455 | TARGET-BASED ACCESS CHECK INDEPENDENT OF ACCESS REQUEST - A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource. | 11-22-2012 |
| 20120297456 | GRANULAR ASSESSMENT OF DEVICE STATE - A system for assessing a computer device's state may collect state data about the device, then assess the state with respect to the policy for granting one or more claims. Each claim may be defined by a set of requirements that, if fulfilled, may be used to permit or deny access to a resource, such as an application, network, data, or other resource. A collection engine may reside on the device or other location and may collect requested data, and some collection engines may be extensible with a plugin architecture for expansion. A server may receive information from the device to evaluate claims. Depending on the use scenario, the claim results may be incorporated into communications and passed to an evaluator that may produce an access token which is used to permit or deny access based on the claim results. | 11-22-2012 |
| 20120297457 | Interactive Malware Detector - An interactive detector that includes a challenger and authorizer. The challenger may send a challenge to a source application in response to an intercepted request intended for a destination application from the source application. The challenge may be configured to invoke an expected challenge response from component(s) of the source application. The authorizer may allow the request to proceed to the destination application if a received challenge response generated by the source application satisfies the expected challenge response. | 11-22-2012 |
| 20120297458 | REMOTE VIDEO SOURCE AUTHENTICATION PROTOCOL - A method and system of enabling slave software applications from a portable device via a vehicle interface system. The vehicle includes a first communication channel for exchanging data communications between the portable device and the vehicle interface system and a second communication channel configured to transmit video to the vehicle interface system. A mutual authentication is performed between the portable device and the vehicle interface system using the first communication channel based on identifying the portable device as an entity authorized to execute approved slave software applications. The portable device is authenticated over the second communication channel for verifying that the portable device is the authorized entity to transmit video over the second communication channel. The video is transmitted to the vehicle interface system over the second communication channel conditioned upon a successful authentication of the portable device over the second communication channel. | 11-22-2012 |
| 20120297459 | ZONE MIGRATION IN NETWORK ACCESS - The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment. | 11-22-2012 |
| 20120297460 | Method And System For Restricting Access To User Resources - A user's set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS). The client sends a request to the WGPS to access a service provided by a site in the garden. The site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. If the code lacks permission, the shell stops execution. | 11-22-2012 |
| 20120297461 | SYSTEM AND METHOD FOR REDUCING CYBER CRIME IN INDUSTRIAL CONTROL SYSTEMS - User permissions for an industrial control system are stored in a unified permissions database connected to a network in common with the industrial control system. The permissions database stores user permissions for logical assets on or attached to the network. Physical devices used for industrial control are connected to the network via virtual control devices that convert messages from protocols used by the physical devices into the suite of internet protocols, and vice versa. Control of the physical devices is via a remote computer that permits control according to permissions stored in the database. | 11-22-2012 |
| 20120297462 | System, Method and Apparatus for Electronically Protecting Data and Digital Content - A system, method and apparatus for protecting sensitive data in a file that has been replaced with pointer(s) for each sensitive data. The sensitive data items are protected by restricting subsequent access to and use of the sensitive data items via the pointers by: receiving a first request for data stored in a file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers: sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds. | 11-22-2012 |
| 20120297463 | SYSTEM FOR DISTRIBUTION PERMISSIONS FOR NETWORK COMMUNICATIONS - A system can control whether a recipient of an electronic message (e.g., a text message, a multimedia message, an e-mail message, etc.) with a forwarding-restricted attachment is permitted to forward the attachment to third parties can be implemented on the network without specialized hardware or software for the client devices. The sender of a text message may limit the downstream distribution of that text message through text message forwarding by associating a forwarding restriction flag with the message. | 11-22-2012 |
| 20120304256 | ELECTRONIC MAIL SYSTEM AND METHOD - A method of handling e-mail messages and a server for performing the method are disclosed. In the method comprises, receiving an e-mail message from a sender for delivery to a recipient, and delivering the message if the sender is included in a list of senders authorised for communication with the recipient. Otherwise, the method parses a destination e-mail address in the message to extract from it an authorisation code and if the authorisation code is an acceptable code, adding the sender to the list of senders authorised for communication with the recipient and delivering the message. In the method, any authorisation code has a validity that us limited for a specific length of time. | 11-29-2012 |
| 20120304257 | Access rights used for resource discovery in peer-to-peer networks - Secure resource discover in peer-to-peer networks involves creating a resource discovery record associated with a computing resource of a user device that is made available via the user device to peers of a peer-to-peer network. The resource discovery record describes the computing resource and may be independent of native service discovery mechanisms of the peer-to-peer network. An access right record is created that controls the ability of one or more contacts to gain access to the resource discovery record. The resource discovery record is sent to the one or more contacts via the peer-to-peer network. The one or more contacts can use the resource discovery record to access the computing resource via the peer-to-peer network in accordance with the access right record. | 11-29-2012 |
| 20120304258 | AUTHORISED DATA RECORDING - To facilitate recording of data received from a non-trusted source entity, a trusted source entity, for example a user terminal or a user interface, sends to an operational center an authorization message authorizing the non-trusted source entity to send specific information messages. In response to the authorization message, the operational center creates an automatically verifiable authorization condition. When an information message arrives to the operational center, it checks, whether the message fulfills the condition, and if yes, records the data. | 11-29-2012 |
| 20120304259 | METHOD AND APPARATUS FOR AUTHENTICATING A USER EQUIPMENT - The present invention relates to a Femtocell providing services to a UE, and it proposes a method for authenticating a UE registered in a first operating domain of a communication network (e.g. a mobile core network), when the UE requests the service provided by a second operating domain (e.g. a fixed access network, a backhaul network). An authentication server in the first operating domain allocates the needed information to access the service provided by the second operating domain for the UE, and stores. After receiving the needed information, the UE sends an authentication request message to an authentication server in the second operating domain, wherein the authentication server in the second operating domain forwards the authentication request message to the authentication server in the first operating domain. | 11-29-2012 |
| 20120311671 | SYSTEMS AND METHODS FOR A SECURITY DELEGATE MODULE TO SELECT APPROPRIATE SECURITY SERVICES FOR WEB APPLICATIONS - In accordance with some aspects of the present disclosure, a method is disclosed that can include receiving, by a security delegate module, a set of user authentication credentials by an application running a first instance in a network for a user; determining, by the security delegate module, a type of the application; and selecting, by the security delegate module, a security service based on the set of user authentication credentials and the type of application. | 12-06-2012 |
| 20120311672 | RESOURCE-CENTRIC AUTHORIZATION SCHEMES - A first request is received, at a service application programming interface (API) of an authorization server, to change a permission of a first role for accessing a first resource. In response to the first request, a first role-based permission data structure associated with the first role is accessed to identify an entry associated with the first resource, where the first role-based permission data structure includes entries corresponding to resources, respectively. Each resource is associated with one or more permissions for a user of the first role to access the corresponding resource. One or more permissions are updated in the identified entry associated with the first resource. | 12-06-2012 |
| 20120311673 | MEDIA USAGE MONITORING AND CONTROL - Systems and methods of monitoring access to media content across disparate media devices are disclosed. Aspects relate to systems and methods that may be implemented to control access to media content. In one embodiment, rules may define usage parameters of a user for several types of media content and/or disparate media devices. | 12-06-2012 |
| 20120311674 | Method and system for automatic generation of cache directives for security policy - An authorization method is implemented in an authorization engine external to an authorization server. The authorization server includes a cache. The external authorization engine comprises an authorization decision engine, and a policy analytics engine. The method begins when the authorization decision engine receives a request for an authorization decision. The request is generated (at the authorization server) following receipt of a client request for which an authorization decision is not then available at the server. The authorization decision engine determines an authorization policy to apply to the client request, applies the policy, and generates an authorization decision. The authorization decision is then provided to the policy analytics engine, which stores previously-generated potential cache directives that may be applied to the authorization decision. Preferably, the cache directives are generated in an off-line manner (e.g., during initialization) by examining each security policy and extracting one or more cache dimensions associated with each such policy. The policy analytics engine determines an applicable cache directive, and the decision is augmented to include that cache directive. The decision (including the cache directive) is then returned to the authorization server, where the decision is applied to process the client request. The cache directive is then cached for re-use at the authorization server. | 12-06-2012 |
| 20120311675 | APPARATUS AND METHOD FOR GENERATING AND INSTALLING APPLICATION FOR DEVICE IN APPLICATION DEVELOPMENT SYSTEM - An operating method of a device for installing an application for a device includes receiving an application installation request including an application and an authentication token from an application development apparatus, and installing the application based on the authentication token, which includes serial numbers of devices authorized for the application. | 12-06-2012 |
| 20120311676 | SYSTEM AND METHOD FOR A GLOBAL DIRECTORY SERVICE - A system and method for facilitating the transfer of contact information between network subscribers said system including at least one server coupled to the network; at least one database coupled to the server; a plurality of subscriber terminals coupled to the network wherein each subscriber's terminal is configured to send contact information associated with a subscriber to the server in response to a request by said subscriber; wherein the request causes the subscriber's terminal to compile the contact information into an electronic business card object having one or more textual fields and map the one or more textual fields of the electronic business card to one or more object attributes contained in an electronic business card object and transmit the electronic business card object to the server for storage in the database is disclosed. | 12-06-2012 |
| 20120311677 | METHOD, SYSTEM AND DEVICE FOR RESTRICTING FROM LOGGING INTO A CHAT ROOM - A method, a system, and a device for restricting from logging into a chat room, which belongs to the computer field including, receiving a request from a client corresponding to a chat room administrator for forcing a specified user to exit the current chat room, and sending the client corresponding to the specified user a command to force the specified user to exit the current chat room and changing the status information of the specified user into the restricted state to restrict the specified user into the specified chat room according to the request. The system includes a server and a user client. The user forced to exit the current chat room is prevented from re-entering the chat room and affecting other users therein, but can still enjoy the chat room services in the chat room so as to avoid the chat room losing users and improve the user experience. | 12-06-2012 |
| 20120311678 | CONTENT DELIVERY SYSTEM, CONTENT DELIVERY METHOD, APPLICATION SERVER SYSTEM, USER EQUIPMENT, AND RECORDING MEDIUM | 12-06-2012 |
| 20120311679 | Document Conversion And Network Database System - A network database system wherein clients of subscribing entities are authorized network access to reliable documents that are identified by each entity as being relevant to clients of that entity. Features that can be included in the system are customization of the documents to reflect sourcing by particular subscribers, automated formatting of the documents for storing in a network database, client access facilitated by subscriber-maintained databases, and the avoidance of cookies remaining on clients' computer hard drives following document access. Also disclosed is a method for processing repeated data requests on a distributed computer database. | 12-06-2012 |
| 20120311680 | Authorization and Authentication Based on an Individual's Social Network - In particular embodiments, a method includes accessing a graph structure comprising a plurality of nodes and edges where each node represents a user, receiving a request to transmit content related to a first user to a second user, and prohibiting transmission of the content to the second user if the first user and the second user are connected in the graph structure through a series of edges and nodes that comprises an unauthorized node. | 12-06-2012 |
| 20120311681 | COMPLETION OF PORTABLE DATA CARRIERS - A method for completing at least one portable data carrier connected to a completion device, wherein a completion data set that is present on the completion device is introduced into the data carrier. A security module is connected to the completion device and different authorization data sets are provided on the security module. The security module includes a management application for managing the different authorization data sets. Each of the authorization data sets exactly specifies one completion, and each of the authorization data sets is exactly associated with one completion data set. The managing application on the security module monitors the completion of the at least one data carrier according to the specification in an authorization data set selected from the different authorization data sets. | 12-06-2012 |
| 20120317619 | AUTOMATED SEAMLESS RECONNECTION OF CLIENT DEVICES TO A WIRELESS NETWORK - A host device for a wireless network may be configured to implement at least two virtual access points for connecting client devices to the wireless network. A user virtual access point enables a client device to connect to the wireless network and transmit network traffic to other devices connected to the wireless network. In addition, a setup virtual access point provides an additional access point to connect to the wireless network when network credentials for the user virtual access point, such as a service set identifier (SSID) or a password, are changed by a user. When a client device cannot find the user virtual access point based on a stored SSID or password, the client device may be configured to automatically reconnect to the setup virtual access point to request a new SSID and network credentials for the user virtual access point. | 12-13-2012 |
| 20120317620 | Website visitor identification algorithm - An improved method for identifying and counting the unique visitors to a website, comprising the redundant storage of information about the visitor in a first-party cookie, a third-party cookie, and a Flash cookie, enabling the persistence of visitor identification even if one of the abovedescribed cookies or some information therein is deleted by the visitor or otherwise unavailable. | 12-13-2012 |
| 20120317621 | CLOUD SYSTEM, LICENSE MANAGEMENT METHOD FOR CLOUD SERVICE - A screen to be presented to a customer administrator is generated according to the license status. Also, as a license status, a processing progress status is provided in which the customer administrator is prohibited to perform operations during asynchronous license status change processing. | 12-13-2012 |
| 20120317622 | HARDWARE IDENTITY IN MULTI-FACTOR AUTHENTICATION AT THE APPLICATION LAYER - Device authentication is implemented at the application layer of a computer communication model to add a factor to user authentication without requiring any action by the user. User space applications, such as web browsers, e-mail readers, and such, can remain completely unaffected. Instead, the additional authentication factor is provided at the application layer, typically in an operating system, where protocols such as HTTP(s), FTP(s), POP, SMTP, SNMP and DNS are implemented. Authentication is performed by a challenge/response transaction and the client device's digital fingerprint is compared to a whitelist of digital fingerprints of authorized client devices. | 12-13-2012 |
| 20120317623 | Systems and methods for managing database authentication and sessions - Systems and methods enable remote (or “off-campus”) users complete authorized access to full-record content of 3rd-party databases subscribed to by the user's institution. More particularly, the present invention relates to a method and system that acts as a transparent conduit between the user and a remote database, managing relevant session/context information without the user's awareness and without the need for users to install plug-ins or configure browser proxies. | 12-13-2012 |
| 20120317624 | METHOD FOR MANAGING ACCESS TO PROTECTED RESOURCES AND DELEGATING AUTHORITY IN A COMPUTER NETWORK - In a method, a consumer ( | 12-13-2012 |
| 20120317625 | Dynamic Authentication in Secured Wireless Networks - Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required. | 12-13-2012 |
| 20120317626 | NETWORK RESOURCE ACCESS CONTROL METHODS AND SYSTEMS USING TRANSACTIONAL ARTIFACTS - Methods and systems are provided for use with digital data processing systems to control or otherwise limit access to networked resources based, at least in part, on transactional artifacts and/or derived artifacts. | 12-13-2012 |
| 20120317627 | TOOL, METHOD AND APPARATUS FOR ASSESSING NETWORK SECURITY - Tools and methods in which user interaction via a common user interface enables the assessing of network security prior to implementation of the network, as well as assessing the security of existing networks, portions of existing networks, or modifications to existing networks. A network security model useful in realizing the tools and methods is also disclosed. | 12-13-2012 |
| 20120324538 | SYSTEM AND METHOD FOR DISCOVERING VIDEOS - A method is provided in one example and includes receiving network data from a plurality of users; identifying a data file within the network data; determining whether a particular user associated with the data file is authenticated for a communications platform; identifying an access right associated with the data file; and providing the data file to a video portal, wherein the access right associated with the data file is maintained as the data file is provided to the video portal. | 12-20-2012 |
| 20120324539 | DYNAMIC APPLICATION ADAPTATION IN SOFTWARE-AS-A-SERVICE PLATFORM - Dynamic application adaptation in software-as-a-service platform, in one aspect, may receive an access permission associated with a published shared data management data object in the software-as-a-service platform having shared data management and a plurality of applications deployed, look up one or more rules associated with one or more features of an application deployed on the software-as-a-service platform, based on the received access permission, and activate or deactivate said one or more features associated with said plurality of applications based on said one or more rules. | 12-20-2012 |
| 20120324540 | SYSTEM AND METHOD FOR THE INTEROPERABILITY OF PERSONAL ELECTRICAL APPLIANCES - Systems for, and methods of, enabling selective control of resource of an electronic device having a display by a controlling electronic device wherein one device is housed within the other and each device having a display are disclosed. Selective control of the electronic device is implemented by the electronic device via a set of control permissions for a detected controlling device, based upon an identifier of the controlling device. A controlling device can be any electronic device having a processor, a memory, a display and a communication module. Enabling selective control of the display of an electronic device having a display, by a personal computer, enables the personal computer to operate as a dual screen personal computer. | 12-20-2012 |
| 20120324541 | METHOD AND SYSTEM FOR SUBSCRIBING TO SERVICES VIA EXTENDED UPNP STANDARD AND NASS TISPAN AUTHENTICATION - The present invention relates to a subscription method and system providing a modification of the UPnP standard, which by means of TISPAN delegated NASS authentication allows a user to play contents provided by a service provider via subscription by means of a control point which can be any consumer electronic device of the user. The modification of the standard is based on adding a field called ‘subscriptionURL’ and a variable called ‘subscriptionStatus’. These modifications, the association established by the TISPAN CLF module between the user IP and the user IMSI and the implementation of a UPnP device in the user equipment, allow subscribing to the services provided by several service providers. | 12-20-2012 |
| 20120324542 | SYSTEMS AND METHODS FOR IMPROVED ACCESS TO AN ATTRACTION - The present invention is directed towards systems and methods for improved access to an attraction via a computing device of a user. A first computing device of a user records an identification code associated with an attraction. The first computing device transmits, to a second computing device, a request for access to the attraction, the request comprising the identification code. The first computing device receives, from the second computing device, an access authorization comprising an access code. The first computing device presents the access code to an attraction operator for access to the attraction. | 12-20-2012 |
| 20120324543 | SYSTEM AND METHOD FOR CREATING A SECURE TRUSTED SOCIAL NETWORK - A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer-based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner. | 12-20-2012 |
| 20120324544 | INFORMATION PROCESSING APPARATUS, TERMINAL APPARATUS AND INFORMATION PROCESSING METHOD - This invention is directed to achievement of a content sharing with a high level of safety by restricting the other end of communication with which contents are shared. | 12-20-2012 |
| 20120324545 | AUTOMATED SECURITY PRIVILEGE SETTING FOR REMOTE SYSTEM USERS - A method of secure communication involves determining that a remote system is trusted prior to authorizing secure communication therewith. A removable security device is coupled with a first system. When the first system communicates with a remote system securely, the remote system is evaluated to ensure that it is a trusted remote system prior to secure communication therewith being allowed. | 12-20-2012 |
| 20120324546 | Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device - An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection. | 12-20-2012 |
| 20120324547 | Device, System, and Method of Accessing Electronic Mail - Device, system, and method of accessing electronic mail. For example, a computerized method includes: receiving an identifier of an email account, and a password; if the password matches a first reference password previously stored in association with said email account, then authorizing a substantially full access to said email account; if the password matches a second reference password previously stored in association with said email account, then authorizing a restricted access to said email account. | 12-20-2012 |
| 20120324548 | MESSAGING SYSTEMS AND METHODS - A third-party can subscribe to one or more electronic message group lists without joining the group lists by creating a trust relationship between the subscriber and a group list member. In particular, the subscriber can send a trust indicator to the group member, who can then determine whether to accept the trust indicator for all or specific groups that are associated with the group member, as appropriate. In at least one embodiment, the group member can send a trust indicator acceptance message to the subscriber that identifies the group member, and any or all group lists associated with the group member. The subscriber can then receive messages directed to the trusted group member or group lists, and can send group messages to the group lists subject to a receive setting associated with the group lists or group members of the group lists. | 12-20-2012 |
| 20120324549 | PEER TO PEER SUBSCRIPTION SERVICE - Peer-to-peer approaches to servicing subscriptions to information feeds are generally disclosed. Network nodes may exchange information about information feeds that they can provide to other nodes, and other information about information feeds to which they may be interested in subscribing. Any of a variety of techniques may then be applied to allow the nodes to negotiate for feeds to which they may be interested in subscribing. For example, each node may apply algorithms that service feed subscriptions of other nodes on a prioritized basis, prioritized for example based on which other nodes service subscriptions in return. | 12-20-2012 |
| 20120331525 | PORTAL BRAND MANAGEMENT - Apparatus, systems, and methods may operate to receive, from a node associated with a console owner, an authenticated access request for access to a network portal. Additional activities may include accessing a branding file associated with the console owner, and responsive to the receiving, generating a branded version of a graphical user interface having one or more background colors, a display structure, and a set of uncolored icons. The background color(s) and the icons may be selected based on information stored in the branding file. The branded version may be published to grant access to the network portal, displaying the uncolored icons in front of the background color(s) so that the background color(s) are visible through transparent portions of the uncolored icons. Additional apparatus, systems, and methods are disclosed. | 12-27-2012 |
| 20120331526 | MULTI-LEVEL, HASH-BASED DEVICE INTEGRITY CHECKS - In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to cause a processor to receive, from a mobile device, a first signal including a hash value. The hash value can be based at least in part on a hardware component of the mobile device and a software module stored at the mobile device. The code can further represent instructions configured to cause the processor to send, to the mobile device, a second signal when the hash value matches a stored hash value associated with the mobile device, the second signal configured to grant, to the mobile device, access to a network. | 12-27-2012 |
| 20120331527 | MULTI-LAYER, GEOLOCATION-BASED NETWORK RESOURCE ACCESS AND PERMISSIONS - In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to cause a processor to receive, from a mobile device, a first signal including a request to execute a command at a server. The code further represents instructions configured to cause the processor to receive, from the mobile device, a second signal including a user credential associated with a user account and determine, based on the user credential, a user role associated with the user account. The code further represents instructions configured to cause the processor to receive, from the mobile device, a third signal indicating a geolocation of the mobile device. The code further represents instructions configured to cause the processor to determine, based at least on the user role and the geolocation, whether the user account is authorized to execute the command. The code further represents instructions configured to cause the processor to, when the user account is authorized to execute the command, send a fourth signal such that the command is executed at the server. | 12-27-2012 |
| 20120331528 | APPARATUS, SYSTEMS AND METHODS FOR SECURE AND SELECTIVE ACCESS TO SERVICES IN HYBRID PUBLIC-PRIVATE INFRASTRUCTURES - Embodiments of apparatus, systems and methods facilitate deployment of distributed computing applications on hybrid public-private infrastructures by facilitating secure access to selected services running on private infrastructures by distributed computing applications running on public cloud infrastructures. In some embodiments, a secure tunnel may be established between proxy processes on the public and private infrastructures and communication between the distributed computing application and the selected services may occur through the proxy processes over the secure tunnel. | 12-27-2012 |
| 20120331529 | Persistent Key Access To Album - A method includes receiving a first request from a first user device to access a first resource that includes data for a second user account for which access to the data is restricted to authorized users, the first request including an authorization token and associated with a first user identifier that identifies a first user; determining that the first user identifier does not identify an authorized user and in response: determining that the first user identifier identifies an authorized user based on the authorization token, and provide the first resource to the first user device; receiving a second request for access to data to the second user account, the second request associated with the first user identifier; and based on the first user identifier being determined to identify authorized user, providing access to the data to the second user account in response to the second request. | 12-27-2012 |
| 20120331530 | AUTHENTICATION AND AUTHORIZATION IN NETWORK LAYER TWO AND NETWORK LAYER THREE - A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code. | 12-27-2012 |
| 20120331531 | CUSTOM DATA IMAGE BUILDING - A first server is configured to receive an image from a first client device. The image may include an instruction to provide a second client device with a computer file. The first server is further configured to store the image, receive a task query from the first client device, and provide a task query response to the first client device based on receiving the task query. The task query response may include an indication that the first server is storing a task associated with the second client device. The first server is further configured to receive an image request from the second client device, communicate with a second server to identify whether the second client device is authorized to receive the image, and provide, to the second client device, the computer file associated with the image based on identifying that the second client device is authorized to receive the image. | 12-27-2012 |
| 20130007845 | Authentication and authorization methods for cloud computing security platform - An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud. | 01-03-2013 |
| 20130007846 | Methods and Arrangements for Authorizing and Authentication Interworking - This disclosure relates to a portable communication device and a network-side authorization server, and to methods therein. By splitting the functionality of an OAuth authorization server and moving the authorization endpoint into, for instance a mobile phone, an authorization server within the mobile phone is provided. This mobile phone authorization server does not need to communicate with the network-side for getting an authorization code or an access token. | 01-03-2013 |
| 20130007847 | Communication Protocol for a Containment-Aware Discovery Service - In general, methods and apparatus, including computer program products, implementing and using techniques for providing a discovery service in a unique identifier network are described. Said discovery service is suitable for tracking and tracing a query item represented by a unique identifier in a unique identifier network. In particular, a communication protocol for a containment-aware discovery service is described. | 01-03-2013 |
| 20130007848 | MONITORING OF SMART MOBILE DEVICES IN THE WIRELESS ACCESS NETWORKS - A method for smart mobile devices monitoring in wireless local area networks. The method includes installing a wireless security monitoring system or a wireless access system in a local area network. The method includes configuring the wireless security monitoring system or the wireless access system to communicate with a mobile device management (MDM) system. The method includes detecting a wireless client connecting to the wireless local area network and identifying the wireless client to be a smart mobile device. Moreover, the method includes receiving an indication at the wireless security monitoring system or the wireless access system from the MDM system regarding whether the wireless client is a managed device or not. The method also includes classifying the wireless client as approved or unapproved smart mobile device based at least upon the indication received from the MDM system. | 01-03-2013 |
| 20130007849 | SECURE CONSUMER AUTHORIZATION AND AUTOMATED CONSUMER SERVICES USING AN INTERMEDIARY SERVICE - A transaction processing service that operates as an intermediary between aggregators of transaction requests, service providers, consumers, and third-party recipients of data, is disclosed. As used herein, a transaction request is a request for consumer services to be provided to a consumer or third-party, a consumer's authorization of such consumer services, and/or a consumer's authorization of applicable terms, policies, contracts, or agreements. The intermediary service utilizes a consumer's mobile device as an out-of-band communication channel to notify a consumer of a received transaction request and to receive a consumer's authorization of the transaction. Once a transaction is authorized, the intermediary service facilitates the consumer services related to the transaction and provides a service response from one or more service providers to the user's mobile device and/or another service target. | 01-03-2013 |
| 20130007850 | Verifying Server Identity - The present disclosure describes techniques for verifying server identity. In some aspects a grant to access resources associated with a server is received from the server via a wireless network through which an address of the server is undeterminable. The grant includes the address of the server, and the server is verified as a granting authority for the resources based on the address of the server and known address information for the granting authority of the services. | 01-03-2013 |
| 20130007851 | Method and System for Managing Secure Sharing of Private Information Across Security Domains Using an Authorization Profile - In a method of granting a user in a first organization access to private information stored within an authorization profile of a second organization, an access agreement between the two organizations is formed. Authorization is requested for the user, the authorization profile is retrieved, and authorization to private information is granted if authorized by the access agreement. | 01-03-2013 |
| 20130007852 | System And Method For Information Handling System Multi-Level Authentication For Backup Services - Access to backup information, such as at network attached storage compliant with NDMP, is managed by interfacing a backup authentication mechanism with a primary authentication system and responding to requests for backup information according to permissions defined by the primary authentication system. A data management application requests access to backup information with an NDMP MD | 01-03-2013 |
| 20130014222 | SOCIAL CONTENT MONITORING PLATFORM METHODS - The SOCIAL CONTENT MONITORING PLATFORM METHODS (“Social-Watch”) transforms social media contents via Social-Watch components, into ad effects data. A method is disclosed, comprising: identifying a request to access user social media content; obtaining user authorization credentials to access user social media content; sending an access request with the obtained user authorization credentials to a social media platform; receiving social media content data from the social media platform; determining a type of the received media content data; tagging the received media content data based on the type according to a progressive taxonomy mechanism; receive a social media analytics request for an item; querying the tagged media content data based on key terms related to the item; and determining impression heuristics for the item based on query results. | 01-10-2013 |
| 20130014223 | SOCIAL CONTENT MONITORING PLATFORM APPARTUSES AND SYSTEMS - The SOCIAL CONTENT MONITORING PLATFORM APPARATUSES AND SYSTEMS (“Social-Watch”) transforms social media contents via Social-Watch components, into ad effects data. A system is disclosed, comprising: a memory; a processor disposed in communication with said memory, and configured to issue a plurality of processing instructions stored in the memory, wherein the processor issues instructions for: identifying a request to access user social media content; obtaining user authorization credentials to access user social media content; sending an access request with the obtained user authorization credentials to a social media platform; receiving social media content data from the social media platform; determining a type of the received media content data; tagging the received media content data based on the type according to a progressive taxonomy mechanism; receive a social media analytics request for an item; querying the tagged media content data based on key terms related to the item; and determining impression heuristics for the item based on query results. | 01-10-2013 |
| 20130014224 | METHOD, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR WIRELESSLY CONNECTING A DEVICE TO A NETWORK - A device wirelessly receives first and second identifiers contemporaneously from a network. The first identifier indicates that the network operates in a first mode that is not secure. The second identifier indicates that the network operates in a second mode that is secure. In response to wirelessly receiving the first and second identifiers, the device wirelessly connects to the network in the first mode to determine whether the network accepts the device for the second mode, irrespective of whether the network previously accepted the device for the second mode, and irrespective of whether the device already stores authentication information for the second mode. In response to determining that the network accepts the device for the second mode, the device wirelessly connects to the network in the second mode to securely communicate with the network in response to the authentication information. | 01-10-2013 |
| 20130014225 | COMMUNICATION APPARATUS, COMMUNICATION METHOD, SERVICE OFFERING APPARATUS, SERVICE OFFERING METHOD, COORDINATION APPARATUS, COORDINATION METHOD, PROGRAM, TRANSMISSION/RECEPTION SYSTEM, AND TRANSMISSION/RECEPTION METHOD - A communication apparatus includes an input part configured to input user identification information identifying a user ready to receive a service offered by a service offering apparatus via a network; an acquisition part configured to acquire device identification information from a coordination apparatus capable of offering the service in coordination with the service offering apparatus, the device identification information identifying the coordination apparatus; a transmission part configured to transmit to the service offering apparatus the user identification information input by the input part and the device identification information acquired by the acquisition part; a reception part configured to receive from the service offering apparatus authorization information indicating that the coordination of the coordination apparatus is authorized upon offering of the service responding to the transmission of the user identification information and the device identification information, and a notification part configured to notify the coordination apparatus of the authorization information received. | 01-10-2013 |
| 20130014226 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A system for and method of establishing a secure communication link is disclosed. The method comprises: (1) generating a Domain Name Service (DNS) request; (2) determining that the DNS request corresponds a first computer configured to communicate securely; (3) sending, based on the determination, a request to establish a secure communication link with the first computer configured to communicate securely, the request including an identifier of a client device used to determine whether the client device is authorized to communicate with the first computer; (4) receiving, in response to the request to establish a secure communication link, a resource used to establish the secure communication link; (5) automatically establishing the secure communication link using the received resource; and (6) communicating securely with the first computer over the established secure communication link. | 01-10-2013 |
| 20130014227 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A method of establishing a secure communication link comprises: (a) receiving a request that (i) includes an identifier of a client and (ii) was sent in response to a determination that a DNS request from the client corresponds to a first computer configured to communicate securely; (b) comparing the received client identifier to at least one stored client identifier; (c) determining, based on the comparison, whether the client is authorized to communicate with the first computer; (d) generating a resource used to establish the secure communication link between the client and the first computer; (e) generating a message in response to determining that the client is not authorized to communicate with the first computer; and (f) in response to determining that the client is authorized to communicate with the first computer, making the resource available to the client to automatically establish the secure communication link. | 01-10-2013 |
| 20130014228 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities. | 01-10-2013 |
| 20130014229 | METHOD FOR PERFORMING DISTRIBUTED ADMINISTRATION - A master defines properties for a resource. The master assigns the properties to an owner. The owner associates the properties to an administrator object, the administrator object being an administrator of a company. The administrator can then associate the property to other objects associated with the company, thereby granting other company users access to the resource property. | 01-10-2013 |
| 20130014230 | APPLICATION IDENTITY DESIGN - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. | 01-10-2013 |
| 20130014231 | Anchor authenticator relocation method and system - The disclosure provides an anchor authenticator relocation method and system. The method includes: after an old authenticator accepts an anchor authenticator relocation request of a Mobile Station (MS), a new authenticator sends an authenticator relocation request to an AAA server; when the AAA server's verification on the new authenticator is passed and the old authenticator confirms that the new authenticator is trusted, the anchor authenticator is relocated to the new authenticator. The disclosure provides a detailed solution to perform anchor authenticator relocation without re-authentication. | 01-10-2013 |
| 20130019281 | Server Based Remote Authentication for BIOSAANM Jacobs; William E.AACI BeavertonAAST ORAACO USAAGP Jacobs; William E. Beaverton OR USAANM Bhagia; SunilAACI OlympiaAAST WAAACO USAAGP Bhagia; Sunil Olympia WA USAANM Barsky; DmitryAACI San JoseAAST CAAACO USAAGP Barsky; Dmitry San Jose CA US - Techniques are provided for authenticating a user when accessing a Basic Input/Output System (BIOS) of a computing device. Access request information is received. An access information database is queried to authenticate the access request information with access information stored in the access information database. Validation information is received, indicating whether the access request information is authenticated, and permission is granted for access to settings of the computing device if the validation information indicates that the access request information is authenticated. | 01-17-2013 |
| 20130019282 | Service Mediation FrameworkAANM Rice; Joseph AllenAACI Ballston LakeAAST NYAACO USAAGP Rice; Joseph Allen Ballston Lake NY USAANM Castagna; Brandon MatthewAACI Mount HollyAAST NCAACO USAAGP Castagna; Brandon Matthew Mount Holly NC US - A service mediation framework may allow each component within a computer network to perform common service processing tasks driven by standardized service policies stored within a centralized repository. In particular, an enhanced service domain name system (DNS) server, an enhanced service router, and/or an enhanced service gateway within the network may each access relevant service policies stored within an enhanced service repository to implement tasks such as security, content-based routing, logging, message format translation, and protocol bridging for each service request processed by the network. In addition, each network component may communicate through standardized formats, such as Extensible Markup Language (XML), to realize the end-to-end network solution. | 01-17-2013 |
| 20130019283 | Virtual Private InternetAANM Rice; Joseph AllenAACI Ballston LakeAAST NYAACO USAAGP Rice; Joseph Allen Ballston Lake NY USAANM Castagna; Brandon MatthewAACI Mount HollyAAST NCAACO USAAGP Castagna; Brandon Matthew Mount Holly NC US - A virtual private internet may include various network components, including an enhanced service domain name server (DNS), an enhanced service router, and an enhanced service gateway, which all access service policy information stored in an enhanced service repository. The network components in the virtual private internet perform common service processing tasks for routing service requests across firewalls and other network boundaries. The network components also execute other service policies, such as logging, message format translation, and protocol bridging for each service request processed by the network. Updates to services may be implemented in the virtual private internet via changes to service policy information stored in the enhanced service repository. | 01-17-2013 |
| 20130019284 | AUTOMATED WEB BASED APPLICATIONS WITH A WIRELESS COMMUNICATION DEVICE - A method for automating one or more web-based applications associated with unique identification (UID) displayed on objects and read with a wireless communication device able to connect to a remote server with no human intervention required after the UID is read is disclosed. | 01-17-2013 |
| 20130019285 | VALIDATING THAT A USER IS HUMAN - A method of validating that a user is human. A user question is generated using a computerized device. The user question is output to a user. A user response to the user question is received from the user. The user response is validated as having been provided by a human. | 01-17-2013 |
| 20130019286 | VALIDATING THAT A USER IS HUMAN - A method of validating that a user is human. A user question is generated using a computerized device. The user question is output to a user. A user response to the user question is received from the user. The user response is validated as having been provided by a human. | 01-17-2013 |
| 20130019287 | METHOD AND APPARATUS FOR ENABLING A USER TO SELECT AN AUTHENTICATION METHOD - The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service. | 01-17-2013 |
| 20130019288 | METHOD AND ARRANGEMENT FOR MEDIA ACCESSAANM Holmgren; JimmyAACI LinkopingAACO SEAAGP Holmgren; Jimmy Linkoping SEAANM Kvarnstrom; BoAACI LinkopingAACO SEAAGP Kvarnstrom; Bo Linkoping SEAANM Lundgren; JohanAACI LinkopingAACO SEAAGP Lundgren; Johan Linkoping SE - A method and arrangement in a media server ( | 01-17-2013 |
| 20130024912 | APPARATUS AND METHOD FOR PROVIDING AUTHORIZATION BASED ENHANCED ADDRESS BOOK SERVICE IN MOBILE COMMUNICATION SYSTEM - Method and apparatus providing Enhanced Address Book (EAB) service in a mobile communication system includes performing an authorization procedure to share information with at least one other user; when sharing information of a user of the terminal is updated, identifying at least one other user authorized to receive the information of the user; and transmitting the updated information to a terminal of the at least one identified other user. | 01-24-2013 |
| 20130024913 | HOST DEVICE, MANAGING SERVER AND METHOD OF CONTROLLING IMAGE FORMATION THEREOF - A host device includes a user interface to receive user information to log in a managing server, a communication interface to transmit the user information to the managing server, a display unit, and a controller that, if login to the managing server is performed, controls the display unit to display information corresponding to an image forming apparatus connected to the host device. | 01-24-2013 |
| 20130024914 | AUTOMATIC DEVICE AUTHENTICATION AND ACCOUNT IDENTIFICATION WITHOUT USER INPUT WHEN APPLICATION IS STARTED ON MOBILE STATION - Disclosed procedures automatically identify a carrier-authorized mobile station and verify an account related identifier associated with the device, in response to start-up of an application in the device. Application start-up causes the device to send a request to an application server, with the device's current IP address, MTN and a device identifier such as MEID or ESN. The server queries an AAA system of the network to retrieve the MTN that has been assigned the IP address. If the retrieved MTN matches the MTN passed to the server in the request, the server queries a network database such as DMD for the device identifier associated with the MTN. A match of the device identifier retrieved from the network database with that passed to the server via the request indicates authenticity of the requesting device and its MTN. | 01-24-2013 |
| 20130031610 | Collaborative information management - A method is provided for implementing collaborative information management. Information collaboration entities are authorized to allow entity members thereof access to a collaborative information data structure. Each information collaboration entity is a different business entity than each other information collaboration entity. An entity member of each one of the information collaboration entities is authorized to maintain business process information associated therewith within the collaborative information data structure. The business process information of each one of the information collaboration entities is generated through a business process thereof. The business process information of each one of the information collaboration entities is useful as quality control information for a manufactured product of a particular one of the information collaboration entities. An entity member of a first information collaboration entity is authorized to access business process information of a second information collaboration entity that is maintained within the collaborative information data structure. | 01-31-2013 |
| 20130031611 | CLOUD-ENABLED WEB-ENTRY SYSTEM FOR VISITOR ACCESS CONTROL - The present invention is for a web-enabled entry system for access control of visitors to a residential, commercial or institutional facility having or not receptionist at the entry point, where visitors to such facility should be authorized and/or the visit event should be recorded in a database. This web enabled entry system is for visitor self-registration, announcing and obtain access approval for coming into such facility by the means of a system including touch capable tablet computers, wireless communications, remote servers and methods to notify and validate users providing entry authorization. The system is also capable to provide video capture and streaming using a camera embedded in the tablet computer and with the use of an optional door controller the system allows remote opening of the door or gate. The system also can be optionally used to work in conjunction with a receptionist or guard that will assist the visitor, providing a temporary visitor badge. The system on this invention can replace the use of traditional unattended telephone entry (tele-entry) system or manned computer based visitor control systems typically assisted by a guard or receptionist. | 01-31-2013 |
| 20130031612 | SERVER APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM - An information processing method for a server apparatus controlling access based on a role of a user and a scope as authority held by an authorization token for realizing a unified license management structure that does not reduce an overall performance of a cloud service even if a plurality of services collaborate with the cloud service. | 01-31-2013 |
| 20130031613 | SECURE ACCESS TO CUSTOMER LOG DATA IN A MULTI-TENANT ENVIRONMENT - Systems and methods process log data relating to usage of a multi-tenant application server. An input module receives a request from a user that identifies requested log data by a particular user or tenant of the multi-tenant application system. A log query service automatically formats the database query for the requested log data based upon the request received from the user, and stores the formatted database query on the storage device. A batch server subsequently retrieves the database query from the storage device, submits the database query to the data analysis engine, obtains the requested information from the data analysis engine after the query is completed, and notifies the user that the requested information is available for output. | 01-31-2013 |
| 20130031614 | METHOD FOR REMOTELY LOCKING/UNLOCKING A MACHINE - A method for changing the status, locked or unlocked, of a target machine including a security service and a session management module includes receiving, by the security service, a query corresponding to a request to change the status of the target machine, the query including at least one piece of identification information from a user of a source machine; from the security service, verifying if access rights to the target machine related to the user of the source machine allow a change in the status of the target machine by the user; if so, sending, from the security service, a status change message to the session management module of the target machine and proceeding to the status change made by the session management module. | 01-31-2013 |
| 20130031615 | SYSTEM AND METHOD FOR WLAN ROAMING TRAFFIC AUTHENTICATION - A system and method for recognising traffic generated from an authenticated a device roaming in a wireless local area network and related aspects are provided. An authentication server is arranged to authorise communications traffic originating from a wireless access point to use a roaming service, the traffic comprising an NAT translated IP address. The server first authorises a WLAN roaming device, and then processes a meta-data message received from a WLAN access point in which the source address of the message comprises the source address of the roaming device at the WLAN access point. The server then determines, from the information provided in the meta-data message when it is received by the authentication server, which includes at this point a NAT translated source address in the meta-data message what the NAT translated source address of traffic from said NAT translated source address. In this way, all traffic generated by the roaming device whilst that NAT translated IP address is valid is automatically authorised to use a roaming service to access the internet. | 01-31-2013 |
| 20130036454 | MANAGEMENT OF ACCESS IDENTIFIERS - Access to an on-line account management system is facilitated. A request is received to perform a first action using an on-line account management system. The request comprises a first access identifier. A global party identifier associated with the first access identifier is determined. Restriction information associated with the first access identifier and the global party identifier is accessed from a global party profile operable to store at least one of a time-based, a location-based, and a device-based restriction associated with actions capable of being performed using the on-line account management system. A processor determines whether the first action is permissible based on the restriction information associated with the first access identifier and the global party identifier. | 02-07-2013 |
| 20130036455 | METHOD FOR CONTROLLING ACESS TO RESOURCES - The invention enables a service provider to authorise a service to access a resource or function provided by a service provider based on a resource owner's consent, wherein the consent takes into account both to the identity of the service requesting the access and the identity of the user of the requesting service. The invention separates the service access process into a first step in which the requesting service is granted access on the condition that the access is made in the name of a defined user, and a second step in which the user of the requesting service authorises the requesting service to access the resource in the requesting user's name. | 02-07-2013 |
| 20130036456 | CREDENTIAL PROVISION AND PROOF SYSTEM - A method of authenticating to a computer server involves a first authentication client transmitting an authentication token to the computer server via a first communications channel, and a second authentication client receiving a payload from the computer server via a second communications channel distinct from the first communications channel in accordance with an outcome of a determination of authenticity of the authentication token by the computer server. | 02-07-2013 |
| 20130036457 | Multiple Image Reverse Turing Test - In a Reverse Turing Test an applicant seeking access to a computer process is presented with an image containing human-readable data that is intended to be inaccessible to an automated process or bot. In an improved Reverse Turing Test the applicant is presented with multiple sub-images that have to be rearranged in order to yield the overall image. This does not substantially increase a human applicant's difficulty in dealing with the test, but makes it much more difficult for a bot to interpret the image. | 02-07-2013 |
| 20130042306 | DETERMINING MACHINE BEHAVIOR - When a user visits a webpage, the web browser obtains information of the user's operation behavior on the webpage and sends the obtained information of the operation behavior to the web server. The web server determines a weighted value of machine behavior based on obtained information of the user's operation behavior on the webpage. When the web server determines that the weighted value of machine behavior is not less than a defined threshold, it determines that user's operation behavior on the webpage is machine behavior. | 02-14-2013 |
| 20130042307 | COMMUNICATION METHOD AND INFORMATION PROCESSING SYSTEM - A communication method in an information processing system including a group of first information processing apparatuses that transmit data and a group of second information processing apparatuses that receive the data is disclosed. The communication method includes storing data subject to being transmitted to one of the second information processing apparatuses in a data storage by associating the data with identifier information of the second information processing apparatus, and performing transmission processing to transmit the stored data to the second information processing apparatus in response to reception of a first token generated by the second information processing apparatus serving as a generating source of the first token, the first tokens indicating a transmission right to transmit the data to the second information processing apparatus and being transferred between the group of the first information processing apparatuses and between the group of the second information processing apparatuses. | 02-14-2013 |
| 20130047213 | Method And Apparatus For Token-Based Token Termination - According to one embodiment, an apparatus may store a plurality of token-based rules that facilitate access to a risk-sensitive resource. The apparatus may further store a first token that may indicate that a user is accessing a non-risk-sensitive resource. The apparatus may receive a second token that may indicate that the user is attempting to access the risk-sensitive resource. In response to receiving the second token, the apparatus may apply the token-based rule to make an access decision whereby the user's access to the non-risk-sensitive resource will be terminated. The apparatus may then communicate at least one token representing the access decision. | 02-21-2013 |
| 20130047214 | METHOD AND APPARATUS FOR TOKEN-BASED COMBINING OF AUTHENTICATION METHODS - According to one embodiment, an apparatus may store a first and second subject token that indicate a first authentication method performed by the user and a second authentication method performed by the user respectively. The apparatus may detect at least one new subject token indicating at least one different authentication method performed by the user. The apparatus may then determine that a particular combination of subject tokens in the first subject token, second subject token, and the at least one new subject token indicates a privilege should be granted to the user, and facilitate the granting of the privilege to the user. | 02-21-2013 |
| 20130047215 | METHOD AND APPARATUS FOR TOKEN-BASED REASSIGNMENT OF PRIVILEGES - According to one embodiment, an apparatus may monitor a session that facilitates a user's access to a resource. The user may be granted a privilege associated with accessing the resource. The apparatus may detect a change associated with the privilege granted to the user in at least one token of a plurality of tokens. The apparatus may then communicate a token that represents the change, and receive a risk token associated with the token. The apparatus may then determine to revoke the privilege based on the risk token, and generate a second token that represents the determination to revoke the privilege. The apparatus may then communicate the second token to facilitate the revoking of the privilege. | 02-21-2013 |
| 20130047216 | INFORMATION PROCESSING APPARATUS, RESOURCE PROVIDING APPARATUS, AND INFORMATION PROCESSING SYSTEM - There is provided an information processing apparatus which the communication unit receives a usage request of a resource described in a first format from a program providing apparatus, the conversion unit identifies a resource providing apparatus having the resource as indicated and converts the usage request described in the first format into the usage request described in a second format that can be interpreted by the resource providing apparatus identified, the communication unit transmits the usage request described in the second format to the resource providing apparatus and receives a processing result of the usage request described in the second format from the resource providing apparatus, the conversion unit converts the processing result described in the second format into the processing result described in the first format, and the program execution unit performs an operation according to the processing result described in the first format. | 02-21-2013 |
| 20130047217 | SYSTEMS AND METHODS OF MANAGING VIRTUAL WORLD AVATARS - Systems and methods of virtual world interaction, operation, implementation, instantiation, creation, and other functions related to virtual worlds (note that where the term “virtual world” is used herein, it is to be understood as referring to virtual world systems, virtual environments reflecting real, simulated, fantasy, or other structures, and includes information systems that utilize interaction within a 3D environment). Various embodiments facilitate interoperation between and within virtual worlds, and may provide consistent structures for operating virtual worlds. The disclosed embodiments may further enable individuals to build new virtual worlds within a framework, and allow third party users to better interact with those worlds. | 02-21-2013 |
| 20130047218 | WIRELESS DEVICE AUTHENTICATION BETWEEN DIFFERENT NETWORKS - A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, and providing the device with a single-use token that can be used to sign on to a second network without requiring conventional re-authentication over the second network. | 02-21-2013 |
| 20130047219 | ENTERPRISE-WIDE SECURITY SYSTEM FOR COMPUTER DEVICES - A system and method for securing data in mobile devices ( | 02-21-2013 |
| 20130047220 | Method and system for multi-access authentication in next generation network - The disclosure provides a method for multi-access authentication in Next Generation Network (NGN), which includes: a network side authentication center generates an authentication vector after receiving user terminal information from a user terminal, wherein the user terminal information includes subscription information and multi-access information of the user terminal; the user terminal performs authentication on the network side after receiving an authentication request from the network side authentication center, and generates keying material and network side authentication information upon successful authentication, and sends the network side authentication information to the network side authentication center, wherein the authentication request includes authentication information; the network side authentication center performs authentication on the network side authentication information using the authentication vector, generates keying material according to the multi-access information of the user terminal upon successful authentication, and inform an access forwarding functional module of the keying material; the access forwarding functional module encrypts and decrypts access service information of the user terminal according to the keying material. The disclosure also provides a system of the method. The disclosure enhances the efficiency with which the user terminal accesses the network. | 02-21-2013 |
| 20130047221 | METHOD AND APPARATUS FOR IMPROVED INFORMATION TRANSACTIONS - A mechanism gives users meaningful access to information while protecting the interests of publishers and creators of information including text, graphics, photos, executable files, data tables, audio, video, and three dimensional data and allows a user to review a document while connected to a network but prevents the user from downloading, printing, or copying the document unless a fee is paid. The user is allowed to review documents at a first cost basis, but only provides other access to documents, such as copying, printing, or downloading on a second cost basis. The user is also allowed to purchase a selectable portion of a document at a price based on the amount of material selected where that amount of material can include a portion of a document, an entire document, or an anthology of components of multiple documents. | 02-21-2013 |
| 20130047222 | Implementing secured, event-based layered logout from a computer system - A secure, layered logout of a user session is implemented in a management tool. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions that are enforced upon occurrence of an event. A succeeding security level in the set of security levels is reached upon occurrence of an event associated with that level, in which case the permissions associated with the level are then enforced against at least one object while the user session continues. As each next security level is reached, the set of permissions are then enforced, once again while the user session continues. The layered logout may enforce different permissions with respect to different objects. If the user takes no action, eventually a final security level will occur, at which point the user session is finally terminated. | 02-21-2013 |
| 20130055354 | BUSINESS REVIEW RELEVANCE USING GEO-BASED HISTORY - Architecture that manages a location guestbook by enabling a user to add a review based on actually having visited the location. The location of the user can be validated as part of ensuring that the user visited the location. If a user did not actually visit the location the user is not allowed to add a review in the guestbook. The architecture can also identify that a user has left the location (checked out), and hence, suggest to the user to add a review for the location. If a user has visited the location multiple times, the user review is given a higher weighting, and hence, can be considered more reliable. | 02-28-2013 |
| 20130055355 | METHODS, SYSTEMS, AND COMPUTER-READABLE MEDIA FOR EXCEPTION HANDLING OF INTERACTIVE COMMUNICATIONS PRIVILEGES GOVERNING INTERACTIVE COMMUNICATIONS WITH ENTITIES OUTSIDE A DOMAIN - Methods, systems, and computer-readable media for exception handling of interactive communications privileges governing interactive communications with entities outside a domain are disclosed. The interactive communications privileges may have been learned through domain administrator configuration or may have been self-learned without domain administrator input. The interactive communications privileges can be used to process interactive communications requests between entities inside a domain and entities outside the domain. Exceptions to the interactive communications privileges can be requested by user entities inside the domain for interactive communications with entities outside the domain. In this manner, if the interactive communications privileges are not sufficient according to user entities inside the domain, the user entities inside the domain can request exceptions for other interactive communications privileges with entities outside the domain. Approved exception requests can also be configured as part of the interactive communications privileges for interactive communications with entities outside the domain. | 02-28-2013 |
| 20130055356 | METHOD AND SYSTEM FOR AUTHORIZING AN ACTION AT A SITE - A method for authorizing a single action by a plurality of users at a site may include registering each of the users and at least one mobile communication device associated with that user with an authorization module, identifying the mobile communication device by a unique hardware identification number. The method may also include associating each of the users and the mobile communication device associated with that user with the site by the authorization module. The method may further include requesting each of the users to confirm the action by sending a confirmation request from the site to the mobile communication device associated with that user by the authorization module. The method may also include authorizing the action upon receiving confirmation from the mobile communication devices of all users that are required to authorize that action. | 02-28-2013 |
| 20130055357 | PERSONAL CONTROL OF PERSONAL INFORMATION - A personal information server provides personal information about an individual to a third-party only when authorized by the individual through use of a previously authenticated computing device. The personal information server authenticates both the computing device used by the third-party to access the personal data and the device used by the individual to grant or deny such access using highly secure digital fingerprints of each. The individual can allow the third-party multiple instances of access to the personal information within restrictions specified by the individual. Other advantages also arise from large-scale tracking of which devices access and control personal information of many people—particularly with respect to identifying and preventing fraud and identity theft. | 02-28-2013 |
| 20130055358 | SYSTEMS AND METHODS FOR PROVIDING CONTENT AND SERVICES ON A NETWORK SYSTEM - Systems and methods for managing and providing content and services on a network system. Aspects of the invention include location-based determination of network content and services that may be provided to client computers. Other aspects of the invention include authorization and authentication components that determine access rights of client computers. Additional aspects include systems and methods for redirecting client computers to different network content. The disclosed systems and methods may be used in numerous network system applications. | 02-28-2013 |
| 20130055359 | SECRET INFORMATION LEAKAGE PREVENTION SYSTEM, SECRET INFORMATION LEAKAGE PREVENTION METHOD AND SECRET INFORMATION LEAKAGE PREVENTION PROGRAM - Provided is a system in which two or more clients, each including an application program that transmits a network access request, and a server are able to communicate, wherein at least one client includes first control means for controlling the access request transmitted to the server, based on a security level assigned to the application program, and the server includes second control means for determining whether the first control means has been introduced to the client that has transmitted the access request, authorizing the access request when the determination result is positive, and controlling the access request based on a security level assigned to an access target when the determination result is negative. | 02-28-2013 |
| 20130055360 | CONTENTS SERVICE METHOD, AND MEMBER INFORMATION PROVIDING SERVICE SYSTEM AND METHOD USING COMMUNICATION NETWORK - The present invention relates to a technique capable of transmitting and receiving contents or finding lost objects using a code. According to the present invention, contents can be transmitted and received, and member information needed to find a lost object can be confirmed using a code as a medium. In addition, possibility of malicious use or misuse of information that is accessed through a code by a third party against the intention of a member can be prevented. | 02-28-2013 |
| 20130061288 | METHOD FOR CONTROLLING TRUST AND CONFIDENTIALITY IN DAILY TRANSACTIONS OF THE DIGITAL ENVIRONMENT - The invention comprises a method for controlling trust and confidentiality during pervasive computing transactions supporting users' daily activities. | 03-07-2013 |
| 20130061289 | Secure Messaging - A secure messaging interface enables submission of messages to a messaging gateway via secure means over TLS. A destination mobile device(s) is notified of a pending secure message, and holds the secure message until it is retrieved by an authorized mobile device. The messaging gateway also provides push services for sending data to wireless devices. The secure messager enables sending devices to apply security to an individual message. Sending devices may include, e.g., an enterprise administration server; messages routed through an messaging gateway (MGW) portal; an user messaging application; or a user through a handset. The secured messages may include content as available today across any messaging protocol such as text, audio, video, binaries and images. | 03-07-2013 |
| 20130061290 | SYSTEM FOR SECURELY PERFORMING A TRANSACTION - A system and method for performing a transaction are described. A transaction request to perform a transaction is received. Authorization information necessary to perform the transaction is gathered and stored in a secure memory. The gathered authorization information is verified. A final command to perform the transaction is received. When the final command is received, the transaction is performed and the stored authorization information in the secure memory is erased. | 03-07-2013 |
| 20130061291 | Modular Device Authentication Framework - Systems, methods, and computer-readable media provide a requesting device with access to a service. In one implementation, a server receives a request to access a service, and the request includes a device type identifier of a device requesting access to the service. The server extracts the device type identifier from the request and determines a corresponding device type for the requesting device. An authentication module is selected from a plurality of authentication modules based on the device type identifier, and the selected authentication module implements an authentication scheme for the device type of the requesting device. The server authenticates the request using the selected authentication module to determine whether the requesting device is permitted to access the service, and provides access to the service based on at least a determination that the requesting device is authorized to access the service. | 03-07-2013 |
| 20130061292 | METHODS AND SYSTEMS FOR PROVIDING NETWORK SECURITY IN A PARALLEL PROCESSING ENVIRONMENT - A method of providing network security for executing applications is disclosed. One or more servers including a plurality of microprocessors and a plurality of network processors are provided. A first grouping of microprocessors executes a first application. The first application is executed using the microprocessors in the first grouping. The microprocessors in the first grouping of microprocessors are permitted to communicate with each other via one or more of the network processors. A second grouping of microprocessors executes a second application. At least one server has one or more microprocessors for executing the first application and one or more different microprocessors for executing the second application. The second application is executed using the microprocessors in the second grouping of microprocessors. One or more of the network processors prevent the microprocessors in the first grouping from communicating with the microprocessors in the second grouping during periods of simultaneous execution. | 03-07-2013 |
| 20130061293 | METHOD AND APPARATUS FOR SECURING THE FULL LIFECYCLE OF A VIRTUAL MACHINE - Systems and methods for securing a virtual machine are disclosed. Various embodiments of the systems and methods disclosed herein allow provisioning a trusted and secure computing environment to a user. Various embodiments enable securing a virtual machine during multiple states, such as during run time, construction time and rest time. In one embodiment, a virtualization infrastructure for securing a virtual machine includes a trusted computing base and a proxy virtual machine running on the virtualization infrastructure as a proxy of the trusted computing base, the trusted computing base being configured to cryptographically verify the proxy virtual machine to be authentic and to prevent unauthorized access to the proxy virtual machine. The proxy virtual machine may be configured to compute an exit state measurement of the virtual machine and to use the exit state measurement to prevent an unauthorized entry of the virtual machine into the virtualization infrastructure. | 03-07-2013 |
| 20130061294 | NETWORK ATTACHED DEVICE WITH DEDICATED FIREWALL SECURITY - Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorised, and only if the request for network access is authorized, providing the network client with network access to the NAD. | 03-07-2013 |
| 20130067538 | Context Aware Recertification - Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement. | 03-14-2013 |
| 20130067539 | ACCESS CONTROL MANAGEMENT - The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found. | 03-14-2013 |
| 20130067540 | TECHNIQUES FOR ACHIEVING STORAGE AND NETWORK ISOLATION IN A CLOUD STORAGE ENVIRONMENT - Techniques for achieving storage and network isolation in a cloud environment are presented. A single Internet Protocol (IP) address is presented to multiple storage tenants that use storage in a cloud environment. When each tenant accesses the IP address, a specific identity of the tenant is resolved and the storage stack for that tenant is sent to the tenant's storage machine having the tenant's storage. The tenant is directly connected to its tenant storage machine thereafter. | 03-14-2013 |
| 20130067541 | IMAGE PROCESSING DEVICE, ACCESS CONTROL METHOD AND COMPUTER READABLE RECORDING MEDIUM - An image processing device, comprises: a display part on which various types of information are displayed; a storage part for storing therein a variety of data; a first browser for accessing an external server and acquiring a web page from the external server, thereby causing the display part to display the acquired web page; a second browser for accessing the external server and acquiring the web page from the external server, thereby causing the display part to display the acquired web page, and that is permitted to access a predetermined storage region in the storage part; a browser boot part for starting up any one of the first and second browsers; and a controller for permitting an access request for the predetermined storage region in response to receipt of the access request from the running browser only when the browser running by the browser boot part is the second browser. | 03-14-2013 |
| 20130067542 | Connection authorization with a privileged access - Disclosed is a connection authorization method with an access privilege transferring algorithm for safely transmitting privilege information between virtual mobile management tool and communication endpoint gateway (CEG) server through embedded stub. Secret Shared Key (SSK) information is shared between the embedded stub and communication endpoint gateway server (namely, session mediation server) through VMM (Virtual Mobile Management) client. A stub that generates access privilege information transfers access privilege information to VMM tool. The stub applies a two-way communication channel between the session mediation server and the VMM tool by joining the generated privilege information and the SSK information to each other, thereby generating protected privilege information with which a third party or hacker who does not know the secret information is not capable of interfering. Exploiting the protected privilege information makes it possible to safely connect authorization with access privileges. | 03-14-2013 |
| 20130067543 | PRINTER SERVER, PRINTER CONTROL METHOD, AND STORAGE MEDIUM - A system in an environment in which WSD is realized by employing SSL includes an authentication server that stores a certificate group which permits printer creation and printing to avoid a risk of spoofing. The system uses a printer having a certificate issued by an official certificate authority. In such a case, if verification on whether the certificate of the printer is included in the certificate group of the authentication server is performed for all printers, there may be a printer which becomes unable to print, or in which the time for performing the verification becomes a waste, depending on the printer. A printer type is thus set when creating the printer, and if the printer has a certificate issued by the official certificate authority, a printer server performs certificate authority (CA) verification with respect to the certificate. | 03-14-2013 |
| 20130067544 | SYSTEM FOR AUTHENTICATION MANAGEMENT OF A SENSOR NODE HAVING A SUBSCRIPTION PROCESSING FUNCTION, AND A METHOD FOR OPERATING THE SYSTEM - The present invention relates to a system for authentication management of a sensor node having a subscription processing function, and a method for operating the system. Upon receiving information about a sensor node allocated with an IP address, the system supports the access of only authorized user equipment to a corresponding sensor node, which blocking any direct access of unauthorized user equipment to the sensor node, thereby strengthening the security of the sensor node. According to the present invention, a relay server receives subscription information from user equipment. The relay server checks permission validity of corresponding user equipment. If the user equipment has a valid permission, the relay server transmits the subscription information to a sensor node, and transmits subscription acceptance information to the user equipment. Then the sensor node transmits the collected and stored information to the user equipment having a valid permission. | 03-14-2013 |
| 20130074158 | METHOD AND APPARATUS FOR DOMAIN-BASED DATA SECURITY - An approach is provided for a data application interface with improved security. The approach further involves processing a request for access to user data items to determine one or more associated domains and/or one or more access rules associated with the user data items. In one embodiment, the access rules specify criteria for determining one or more authorized domains and/or one or more users that have access rights to the user data items. The approach also involves determining whether to grant the access to the user data items based, at least in part, on a comparison of the determined domains against the criteria and/or access rules. | 03-21-2013 |
| 20130074159 | Method and System for Sharing Mobile Security Information - Methods and systems for sharing mobile security information are disclosed. According to an embodiment, a method for sharing mobile security information includes: providing to a user of the mobile device an option to share the mobile security information, extracting content from mobile security information upon receiving the user's selection, and posting the extracted content to a social network service. | 03-21-2013 |
| 20130074160 | METHOD OF CONTROLLING INFORMATION PROCESSING SYSTEM, COMPUTER-READABLE RECORDING MEDIUM STORING PROGRAM FOR CONTROLLING APPARATUS - A method includes generating, by a relay apparatus, association information on the basis of access information such that a plurality of pieces of code included in a received application program are associated with information on permission for executing the plurality of pieces of code, and sending the received application program and the generated association information to a client apparatus configured to execute the received application program, receiving the received application program and the association information from the relay apparatus, and executing, by a client apparatus, a piece of code that is permitted to be executed and not executing a piece of code that is not permitted to be executed with reference to the association information when the client apparatus executes the plurality of pieces of code included in the received application program. | 03-21-2013 |
| 20130074161 | AUTHENTICATION IN HETEROGENEOUS IP NETWORKS - The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device. | 03-21-2013 |
| 20130074162 | METHOD FOR DYNAMICALLY AUTHORIZING A MOBILE COMMUNICATIONS DEVICE - Physically access-protected service access, such as a service flap having a mechanical lock, for example, are used to ensure the secure establishment of security check information. Logical access security to service functions is produced using the security check information via additional, decentralized service interfaces. For this purpose, it is not the mobile service device that is connected to the physically access-protected communications interface, but rather a second authentication module associated with the mobile service device. Security check information is provided by the authentication module for secure service access to the network via additional, decentralized communications interfaces of the network. | 03-21-2013 |
| 20130074163 | USER EQUIPMENT AND CONTROL METHOD THEREFOR - There is provided a User Equipment comprising: a content obtaining unit that obtains a content item that is not reproducible without permission data for enabling reproduction of the content item; a receiving unit that receives the permission data; a detecting unit that detects that the permission data indicates that a subscriber of a predetermined network operator is entitled to reproduce the content item using the permission data; a key obtaining unit that obtains key data from a module managing subscription information for the predetermined network operator by sending, to the module, information representing the predetermined network operator and information representing an authentication server for determining validity of the key data; a determining unit that determines whether or not the key data is valid by communicating with the authentication server; and a reproducing unit that reproduces the content item using the permission data if it is determined that the key data is valid. | 03-21-2013 |
| 20130081109 | Multi-Tenant Agile Database Connector - A module provides an interface between a multi-tenant database and a non-tenant-specific application instance such that the application instance sends data access commands to the module as if it is communicating with a single-tenant database. The module translates the non-tenant-specific data access command from the non-tenant-aware application into a multi-tenant data access command, as needed, without needing to alter the non-tenant specific application instance in any way. In this manner, a single-tenant application could be used by multiple tenants in a multi-tenant environment. | 03-28-2013 |
| 20130081110 | GLOBAL ACCESS CONTROL FOR SEGMENTED STREAMING DELIVERY - Various arrangements for controlling access to streaming media assets are presented. Transmission of segments of a media asset to a first user device may be commenced. During transmission of the media asset to the first user device, beaconing data from the first user device may be received and stored as session information. The first user device may no longer be permitted to receive the media asset at least partially due to the first user device no longer being authenticated. Transmission of a remainder of the plurality of media segments to the first user device may be ceased such that the first user device does not receive the media asset in its entirety. | 03-28-2013 |
| 20130081111 | ENHANCED SECURITY FOR ELECTRONIC COMMUNICATIONS - Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user. | 03-28-2013 |
| 20130081112 | Global Terminal Management Using 2-Factor Authentication - A terminal management system for an enterprise network, having a terminal management server functionally connected to an enterprise network. The terminal management system includes at least one network device and a secure shell client that are also functionally connected to the enterprise network. The secure shell client establishes a temporary direct connection to the network device after being validated as having an approved secure connection module. This validation is accomplished by software modules running on the terminal management server. This temporary connection may be converted to a maintained direct connection if the software modules on the terminal management server determine that the secure shell client connected to the network device is the same one validated as having an approved secure connection module. | 03-28-2013 |
| 20130081113 | METHODS OF AND SYSTEMS FOR REMOTELY CONFIGURING A WIRELESS DEVICE - A particular method includes transmitting a message from a first device to a second device. The message includes first information associated with identification of the first device. The first information enables the second device to obtain access data. The method also includes establishing a first communication link between the first device and the second device based on the access data. The method further includes receiving, via the first communication link, second information associated with establishment of a second communication link between the first device and a third device. The method also includes configuring the first device to establish the second communication link between the first device and the third device based on the second information. | 03-28-2013 |
| 20130086637 | INDIRECT AUTHENTICATION - Techniques are provided for granting authorization to restricted content on a display device from an authorizing device. In one embodiment, the display device may operate in a display mode where only unrestricted content is accessible. To access restricted content, the display device may transmit an authorization request signal to the authorizing device. The authorizing device, having received the authorization request, prompts an authorized user to enter an authentication input, such as a password or gesture, on the authorizing device. Upon verification of the authentication input, the authorizing device is authenticated. An authorization signal is transmitted to the display device, and the display device may operate in an authorized mode, having access to otherwise restricted content or functions. | 04-04-2013 |
| 20130086638 | SYSTEMS, APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM FOR RECORDING IMAGES ON A RECORDING MEDIUM - When authentication information is input via an IC card reader and includes predetermined information. A portable terminal corresponding to the authentication information is identified, and specific identification information that identifies an image-data file associated with the authentication information is extracted. The extracted specific identification information is transmitted to the identified portable terminal, and the portable terminal displays a list of the received specific identification information on its touch panel. The operation of a printing mechanism is controlled, so that the image-data file corresponding to the specific identification information that selected with a touch panel on the portable terminal is accessed, and an image defined by the image-data file defines is printed on a sheet. | 04-04-2013 |
| 20130086639 | MOBILE APPLICATION, IDENTITY INTERFACE - Techniques for managing identities are provided. In some examples, identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more identity management operations associated with an account of a service provider. Based at least in part on the requested operation and/or the particular service provider, an application programming interface (API) may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider. | 04-04-2013 |
| 20130086640 | INFORMATION PROCESSING APPARATUS AND METHOD - A computer determines whether destination information is included in permission target information. The destination information indicates a destination to which a file stored in a storage device is transferred. The permission target information includes information indicating a target permitted to access the file. The computer prompts before the file is transferred, upon determining that the destination information is not included in the permission target information, a user to input whether to permit the transfer. The computer adds the destination information to the permission target information upon receiving, via an input device, a permission input for permitting the transfer. The computer transfers the file upon receiving the permission input. | 04-04-2013 |
| 20130086641 | System and method for validating users using social network or other information from a wed site - A system and method uses any or all of information of a user and/or user's activity at a second web site, information of the user's friends or other connections at the second web site, or registration information of the user, to determine whether to allow the user to communicate with other users of a first web site, prevent the user from communicating with other users of the first web site, or monitor the user's communications and allow or prevent the user from further communication based on the monitored communications at the first web site. | 04-04-2013 |
| 20130086642 | OBTAINING A SIGNED CERTIFICATE FOR A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range. | 04-04-2013 |
| 20130086643 | TAMPER PROOF MUTATING SOFTWARE - System and method is disclosed for protecting client software running on a client computer from tampering using a secure server. Prior to or independent of executing the client software, the system integrates self-protection into the client software; removes functions from the client software for execution on the server; develops client software self-protection updates; and periodically distributes the updates. During execution of the client software, the system receives an initial request from the client computer for execution of the removed function; verifies the initial request; and cooperates with the client computer in execution of the client software if verification is successful. If verification is unsuccessful, the system can attempt to update the client software on the client computer; and require a new initial request. Client software can be updated on occurrence of a triggering event. Communications can be encrypted, and the encryption updated. Authenticating checksums can be used for verification. | 04-04-2013 |
| 20130086644 | METHOD AND APPARATUS FOR COMMUNICATION CONNECTION SERVICE - Methods and apparatus are provided for communication connection service. Identification information of a second device is acquired. An inquiry about whether to register the second device as a favorite device is displayed. A registration request message is sent to a server, when a request to register the second device as the favorite device is inputted in response to the inquiry. The registration request message includes the identification information of the second device. A registration response message is received from the server in response to the registration request message. A user interface of the first device is controlled to provide feedback informing of a success or a failure in registering the second device as the favorite device based on the registration response message. | 04-04-2013 |
| 20130086645 | OAUTH FRAMEWORK - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 04-04-2013 |
| 20130086646 | Method to Safeguard the Authorized Access to a Field Device used in Automation-Technology - A method of safeguarding the authorized access to field a device used in automation-technology, wherein the field device comprises an internet protocol capable interface as well as an interface for near field communication. The method comprises a unique factory installed access code for an authorized field device user is stored in the field device or clearly assigned to the field device; before delivery of the field device from a field device supplier to a field device user The unique factory installed access code for an authorized field device user is read from the field device through the near field communication interface means of a mobile service unit with the use of a Security App, made available by the field device supplier, or through an alternatively made available, and secure, channel of communication; access authorization for the field device is established by means of the Security App for at least one authorized field device user; and operation of the field device is accomplished by the authorized field device user with the established access authorization by means of the mobile service unit or the internet protocol capable interface. | 04-04-2013 |
| 20130086647 | ENCRYPTION SENTINEL SYSTEM AND METHOD - An encryption sentinel system and method protects sensitive data stored on a storage device and includes sentinel software that runs on a client machine, sentinel software that runs on a server machine, and a data storage device. When a client machine requests sensitive data from the data storage device, the data storage device interrogates the sentinel software on the server machine to determine if this client machine has previously been deemed to have proper encryption procedures and authentication. If the sentinel server software has this information stored, it provides an approval or denial to the storage device that releases the data if appropriate. If the sentinel server software does not have this information at hand or the previous information is too old, the sentinel server interrogates the sentinel software that resides on the client machine which scans the client machine and provides an encryption update to the sentinel server software, following which data will be released if appropriate. | 04-04-2013 |
| 20130086648 | UPDATING RESOURCE ACCESS PERMISSIONS IN A VIRTUAL COMPUTING ENVIRONMENT - Methods, systems, and devices are described for updating resource access permissions in a virtual computing environment. In these methods, systems, and devices, a host computer system determines that a user associated with an existing session has moved from a first location associated with a first set of access permissions to a second location associated with a second set of access permissions. The second set of access permissions is applied at the host computer to the existing session based on the determination that the user has moved to the second location. The user is then allowed to access the existing session from the second location according to the second set of access permissions. | 04-04-2013 |
| 20130086649 | METHOD AND DEVICES FOR SECURE COMMUNICATIONS IN A TELECOMMUNICATIONS NETWORK - The invention relates to a method for secure communications in a telecommunications network, said network comprising a group of servers S | 04-04-2013 |
| 20130091547 | Method and System for Enabling Non-Intrusive Multi Tenancy Enablement - A system for enabling non-intrusive multi tenancy enablement in an application may include a processing unit configured to, among other things, identify a data isolation mechanism available in said application, create a centralized multi-tenant database, generate a controlled provisioning layer to manage relationships between a set of consumers and a corresponding entity uniquely developed for said consumers, and generate a multi-tenant wrapper interface for managing relationship(s) between said consumers and instances of the application. The system may further include a memory unit configured to host said centralized customer database to manage users and associated access privileges in said application. | 04-11-2013 |
| 20130091548 | SENDING DIGITAL DATA VISUALLY USING MOBILE DISPLAY AND CAMERA SENSOR - A system for establishing a connection between a first device and a wireless network includes a first control module, located on the first device, that receives encoded digital data. The encoded digital data corresponds to a plurality of images displayed sequentially on a display of a second device. Each of the plurality of images corresponds to a different portion of the encoded digital data. A decoder module, located on the first device, converts the encoded digital data into configuration data. The configuration data includes at least one of an identifier of the wireless network, an encryption key associated with the wireless network, and a password associated with the wireless network. The first control module uses the configuration data to establish the connection with the wireless network. | 04-11-2013 |
| 20130091549 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO CONTENT DISTRIBUTED OVER A NETWORK - A computer-implemented method is provided for controlling use of a file on a user device. The method includes transmitting authentication information to a system and downloading the file from the system over the network upon successful authentication by the system. The method also includes limiting access of the file to a client application of the user device and preventing altering of the file, printing of the file and opening of the file outside of the client application. Notes corresponding to the file can be stored in a local storage area. | 04-11-2013 |
| 20130091550 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO CONTENT DISTRIBUTED OVER A NETWORK - A computer-implemented method is provided for controlling use of a file on a user device. The method includes transmitting authentication information to a system and downloading the file from the system over the network upon successful authentication by the system. The method also includes limiting access of the file to a client application of the user device and preventing altering of the file, printing of the file and opening of the file outside of the client application. Notes corresponding to the file can be stored in a local storage area. | 04-11-2013 |
| 20130091551 | Social Processing Member Offering Fixed and Intelligent Services - A social networking system offers a variety of fixed and intelligent services and social device resources participating as members in a social network (SNET) group. Such members may include, for example, social billing and payment services, digital assistants and artificial intelligence functions, robotic control and training services, media content storage and playback services, data backup services, services that support distributed processes such as distributed research projects, networking elements such as network attached storage (NAS), firewalls, proxies, etc. In various embodiments, such services and resources may become available upon being selectively docked or otherwise associated (e.g., through docking of a supporting device) with a SNET group by a human member or third party via a docked user device. Selection of available services may be supported through a visual menu provided by a member device or support service. | 04-11-2013 |
| 20130091552 | AUTHENTICATION METHOD AND APPARATUS FOR USER EQUIPMENT AND LIPA NETWORK ENTITIES - An authentication method for user equipment (UE) and LIPA network entities is applicable to a cross-LIPA communication environment having an UE end, a visiting LIPA network entity end (LIPA | 04-11-2013 |
| 20130091553 | METHOD AND APPARATUS FOR DETERMINING INPUT - A method and apparatus for determining an input are provided. The method includes authenticating an external device, when the external device approaches in a predetermined range; determining an area approached by the external device and determining whether the determined area is valid; and outputting a predetermined indication to a predetermined area related to the area approached by the external device. | 04-11-2013 |
| 20130091554 | TERMINAL APPARATUS, SERVER APPARATUS, NETWORK SYSTEM, AND COMMUNICATION METHOD - A terminal apparatus according to an embodiment includes: a cookie memory unit that stores an Opt-allow cookie which is data set by a user and is data indicating whether use of user information regarding the user is permitted for each user information; a connecting unit that performs communication connection with a server apparatus that determines content to be delivered based on the user information; and a transmitting unit that transmits the Opt-allow cookie stored in the cookie memory unit to the server apparatus, when the server apparatus connected through the communication connection by the connecting unit receives the cookie. | 04-11-2013 |
| 20130091555 | COMMUNICATION RELAY APPARATUS, COMMUNICATION RELAY SYSTEM, COMMUNICATION RELAY METHOD, AND COMMUNICATION RELAY PROGRAM - This invention is directed to acquisition of a communication path for a mobile communication apparatus in a case of occurrence of communications beyond the capacity of a radio base station due to a communication trouble or the like. | 04-11-2013 |
| 20130091556 | METHOD FOR ESTABLISHING A SECURE AND AUTHORIZED CONNECTION BETWEEN A SMART CARD AND A DEVICE IN A NETWORK - It is provided a method a method for establishing a first secure and authorized connection between a smart card and a first device in a network, wherein the first device comprises a second secure connection to a second device, wherein the method comprises storing a first security data; transferring the first security data between the first device and the second device; providing the first security data at the first device; establishing a binding between the smart card and the first device via the first secure and authorized connection utilizing the first security data; authorizing the binding between the smart card and the first device; and sending a second security data from the smart card to the first device via the first secure and authorized connection whereas the second security data may be usable for authentication of the first device to the network. | 04-11-2013 |
| 20130097673 | SYSTEM AND METHOD FOR ELECTRONIC TRANSACTION AUTHORIZATION - A system and a related method are disclosed for authenticating an electronic transaction. Input behavioral data is captured related to measured interactions with at least one input device. The input data is compared to probability distribution representations for a demographic group and for a wide population, performing the measured interaction(s). The system is configured to authenticate the electronic transaction based on the comparing. | 04-18-2013 |
| 20130097674 | METHODS AND APPARATUSES TO PROVIDE SECURE COMMUNICATION BETWEEN AN UNTRUSTED WIRELESS ACCESS NETWORK AND A TRUSTED CONTROLLED NETWORK - A request for an IP address for a client device having a first identifier information is received from an AP device. The request for the IP address is associated with a first communication protocol. The first identifier information is compared to a second identifier information. The second identifier information is associated with a second communication protocol. The second communication protocol is different from the first communication protocol. The IP address for the client device based on comparing. | 04-18-2013 |
| 20130097675 | POSITIONING SYSTEM FOR SERVER - A server includes a global positioning system (GPS) module, a network port, a baseboard management controller (BMC), and a physical layer (PHY) chip. The GPS module is used to transmit the position information of the server. The BMC is utilized to receive a user message from the network port, and obtain the position information according to the request from the network port when the user is authorized to access the server. The PHY chip is coupled to a network through the network port, and is employed to send the position information to the network port from the BMC. | 04-18-2013 |
| 20130097676 | MOBILE DEVICE MANAGEMENT - A device management method, is disclosed in which available features on a slave mobile device are managed (monitored or controlled) by a slave manager module commanded by a master device through secure messages exchanged between the two devices using respective electronic messaging capabilities on the two devices. Selection of the features of the slave mobile device to be controlled or monitored is facilitated on the master device through a master manager module resident thereon. The features that are controlled or monitored may comprise any user-accessible feature incorporated or installed on the slave mobile device and user access to the feature may be prevented according to at least one criterion, such as date of use, time of day of use, number of times of use, originator and recipient. User access to the feature may be prevented access to the user-accessible feature when usage limitations for the feature have been reached. | 04-18-2013 |
| 20130104197 | AUTHENTICATION SYSTEM - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access to the secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. | 04-25-2013 |
| 20130104198 | TWO-FACTOR AUTHENTICATION SYSTEMS AND METHODS - Systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device), eliminating the need to manually provide a response to future permission requests. Information necessary to determine whether the automation criterion is met is stored locally on the mobile device. | 04-25-2013 |
| 20130104199 | Object and Resource Security System - According to the invention, a method for securing a plaintext object within a content receiver is disclosed. In one step, a secure portion of a secure object and a plaintext remainder of the secure object are received. Which portion of the secure object is the secure portion is determined. The secure portion is decrypted to provide a plaintext portion. The plaintext object that comprises the plaintext portion and the plaintext remainder is formed. The plaintext object is stored including authentication and authorization. | 04-25-2013 |
| 20130104200 | APPARATUS AND METHOD FOR CONTROLLING ACCESS TO MULTIPLE SERVICES - An apparatus and a method are provided for controlling access to a plurality of services. An authentication request is received for requesting authentication about the plurality of services. Service authentication is performed for the plurality of services based on authentication information for the plurality of services provided from a service provider unit according to the authentication request. An access right to the plurality of services is acquired from the service provider unit. | 04-25-2013 |
| 20130111555 | SYSTEM AND METHOD FOR SECURITY USING A SIBLING SMART CARD | 05-02-2013 |
| 20130111556 | METHODS AND APPARATUSES FOR HYBRID DESKTOP ENVIRONMENT DATA USAGE AUTHENTICATION | 05-02-2013 |
| 20130111557 | ACCESS CONTROL IN A HYBRID ENVIRONMENT | 05-02-2013 |
| 20130111558 | SECURE MACHINE ENROLLMENT IN MULTI-TENANT SUBSCRIPTION ENVIRONMENT | 05-02-2013 |
| 20130111559 | Intelligent Caching for Security Trimming | 05-02-2013 |
| 20130111560 | TECHNIQUES FOR DYNAMIC DOMAIN-BASED ISOLATION | 05-02-2013 |
| 20130111561 | SYSTEM AND METHOD FOR PROVIDING PRIVATE SESSION-BASED ACCESS TO A REDIRECTED USB DEVICE OR LOCAL DEVICE | 05-02-2013 |
| 20130111562 | METHOD AND APPARATUS FOR DELIVERING APPLICATION SERVICE USING PRE-CONFIGURED ACCESS CONTROL CORRESPONDING TO ORGANIZATIONAL HIERARCHY | 05-02-2013 |
| 20130111563 | ACCESS CONTROL IN A HYBRID ENVIRONMENT | 05-02-2013 |
| 20130111564 | IMAGE FORMING APPARATUS, LICENSE SERVER, TERMINAL APPARATUS, METHOD FOR INSTALLING APPLICATION, AND METHOD FOR PROVIDING APPLICATION FILE | 05-02-2013 |
| 20130111565 | METHOD AND SYSTEM OF PLUG-IN PRIVILEGE CONTROL | 05-02-2013 |
| 20130111566 | OUT-OF-BAND REMOTE MANAGEMENT STATION | 05-02-2013 |
| 20130111567 | MIDDLEWARE FILTER AGENT BETWEEN SERVER AND PDA | 05-02-2013 |
| 20130111568 | LIMITING RESOURCES CONSUMED BY REJECTED SUBSCRIBER END STATIONS | 05-02-2013 |
| 20130111569 | HARDWARE ACCESS AND MONITORING CONTROL | 05-02-2013 |
| 20130117816 | ACCESSING MULTIPLE CLIENT DOMAINS USING A SINGLE APPLICATION - Methods, computer systems, and computer-readable storage media for using a single application on a mobile device to access a plurality of client domain sites are provided. The single application on the mobile device receives from a user of the mobile device a set of authorization credentials. Based on the set of authorization credentials, the single application receives a first client domain uniform resource locator from a third-party directory service. The first client domain uniform resource locator is used to access a client gateway service; the client gateway service provides a secure access point to a number of different service solutions hosted by a client. Upon the user inputting a set of authentication credentials, the user is able to access information from one or more of the different service solutions. | 05-09-2013 |
| 20130117817 | PREVENTION OF CROSS SITE REQUEST FORGERY ATTACKS BY CONDITIONAL USE COOKIES - To inhibit cross-site forgery attacks, different types/classes of cookies are used. A first cookie and a second cookie are generated by a web server and provided to a client browser during a web session. The first cookie defines a first set of use conditions for when the first cookie is to be used within the web session. The second cookie defines a second set of use conditions for when the second cookie is to be used within the web session. The client browser determines which (if any) of the first cookie or second cookie to send to the web server based on the use conditions defined within each cookie and the operation(s) sought by the client browser. The web server may grant different or the same privileges to operation(s) being sought by the client browser depending on whether the first or second cookie is sent by the client browser. | 05-09-2013 |
| 20130117818 | System and Method for Conveying Object Location Information - An improved system and method for defining an event based upon an object location and a user-defined zone and managing the conveyance of object location event information among computing devices where object location events are defined in terms of a condition based upon a relationship between user-defined zone information and object location information. One or more location information sources are associated with an object to provide the object location information. One or more user-defined zones are defined on a map and one or more object location events are defined. The occurrence of an object location event produces object location event information that is conveyed to users based on user identification codes. Accessibility to object location information, zone information, and object location event information is based upon an object location information access code, a zone information access code, and an object location event information access code, respectively. | 05-09-2013 |
| 20130117819 | COST-EFFECTIVE DEVICE FOR TRANSFERRING DATA UNIDIRECTIONALLY - Unlike excessively complex and extremely expensive methods in the prior art, this invention discloses a highly cost-effective and simple-to-use device for transferring data unidirectionally, allowing small businesses and home users to reap the benefits of advanced network security, which otherwise would have been affordable and attainable exclusively by commercial and federal entities. Because of its cost effectiveness and simplicity, the device of this invention makes it possible for every computer user to protect their internal networks from information thieves. | 05-09-2013 |
| 20130117820 | ENABLING ACCESS TO KEY LIFETIMES FOR WIRELESS LINK SETUP - A particular method includes performing a bootstrapped extensible authentication protocol (EAP) re-authentication protocol (ERP) re-authentication at a mobile device after performing an EAP authentication with the access point prior to expiration of a master session key (MSK) associated with the EAP authentication. Another particular method includes performing, at an access point, a bootstrapped ERP re-authentication of a mobile device without interrupting a flow of data packets with respect to the mobile device. | 05-09-2013 |
| 20130117821 | METHOD AND SYSTEM FOR PROVIDING SECURE ACCESS TO PRIVATE NETWORKS - Improved approaches for providing secure access to resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to at least portions of a private network through a common access point. The solution provided by the invention is not only easily set up and managed, but also able to support many remote users in a cost-effective manner. | 05-09-2013 |
| 20130117822 | METHOD AND SYSTEM FOR SECURE TELETRANSMISSION - A system for secure teletransmission destined for a receiving person includes a secure server comprising a program providing a redemption code and a designation code for designating an object to which the teletransmission pertains. A terminal includes an interface allowing a sending person to indicate the designation code and to take cognizance of the redemption code, and an interface for connection to the secure server to send a request and to receive the redemption code, in response. A terminal includes an interface allowing the receiving person to enter the redemption code and the designation code, an interface for connection to the secure server to receive an authorization from the secure server. The authorization confirms correlation of the redemption code entered with the designation code. A deliverer automatically delivers the object, after receipt of the authorization. | 05-09-2013 |
| 20130117823 | SYSTEM AND METHOD FOR ENFORCING SECURITY POLICIES IN A VIRTUAL ENVIRONMENT - A method in one example implementation includes intercepting a request associated with an execution of an object (e.g., a kernel module or a binary) in a computer configured to operate in a virtual machine environment. The request is associated with a privileged domain of the computer that operates logically below one or more operating systems. The method also includes verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element. The execution of the object is denied if it is not authorized. In other embodiments, the method can include evaluating a plurality of entries within the memory element of the computer, wherein the entries include authorized binaries and kernel modules. In other embodiments, the method can include intercepting an attempt from a remote computer to execute code from a previously authorized binary. | 05-09-2013 |
| 20130117824 | PRIVACY PRESERVING AUTHORISATION IN PERVASIVE ENVIRONMENTS - A method for preserving privacy during authorisation in pervasive environments is described. The method includes an authorisation phase in which the user is provided with a reusable credential associated with verifiable constraints, and an operation phase where the service provider verifies the reusable credential before authorising the user. Third parties cannot link plural uses of the credential to each other, and the service provider cannot link plural uses of said credential to each other. | 05-09-2013 |
| 20130117825 | METHOD AND SYSTEM FOR PROVIDING SECURITY FOR UNIVERSAL PLUG AND PLAY OPERATIONS IN A HOME NETWORK ENVIRONMENT BASED ON OWNERSHIP RIGHTS - A method and system for providing security to Universal Plug and Play (UPnP) operations in a home network environment based on ownership rights where a request is received from a Control Point (CP) to perform an UPnP action associated with an UPnP resource. It is determined whether the CP holds an ownership right to perform the UPnP action based on ownership data associated with the UPnP resource. Accordingly, the CP is authorized to execute the UPnP action on the UPnP resource or an error message is returned to the CP based on the ownership of the UPnP resource. | 05-09-2013 |
| 20130125209 | USER INTERFACE FOR SELECTION OF MULTIPLE ACCOUNTS AND CONNECTION POINTS - Embodiments of the present disclosure provide a user interface that enables a user to more easily identify servers that may be used to set access permissions for content items. The method and system described herein includes receiving user credentials that are associated with a user. In response to receiving the user credentials, one or more servers associated with the user credentials are displayed. The one or more servers are configured to manage information rights for a content item created by the user. Upon receiving a selection of one of the one or more servers, a list of one or more templates supported by the selected server is displayed to the user. The one or more templates identify information rights that may be applied to the content item. | 05-16-2013 |
| 20130125210 | PERMISSION RE-DELEGATION PREVENTION - Methods and systems for preventing permission re-delegation among applications are disclosed herein. The method includes accepting a message requesting access to a user-controlled resource from a requester application at a deputy application and reducing a first permissions list of the deputy application to a second permissions list. The second permissions list includes an overlap of permissions between the deputy application and the requester application. Moreover, the method also includes sending the message from the deputy application to a computing system via an application programming interface (API), wherein the computing system is configured to reject the message if the second permissions list of the deputy application does not permit access to the user-controlled resource. | 05-16-2013 |
| 20130125211 | SYSTEM AND METHOD FOR PROVIDING DYNAMIC INSURANCE PORTAL TRANSACTION AUTHENTICATION AND AUTHORIZATION - Systems and methods are disclosed herein for managing electronic access to a plurality of computerized insurance services. A network interface is configured to receive a user identity provided by a user remote to the system and an access request from the user to access a selected computerized insurance service from the plurality of computerized insurance services. A memory stores computer executable instructions which, when executed by a processor, cause the system to determine a set of access rights for the user based on the user identity and an insurance-related role associated with the user identity and allow the user to access the selected computerized insurance service according to the access request only if the access requested is included in the determined set of access rights. At least two of the computerized insurance services are implemented on substantially different information platforms. | 05-16-2013 |
| 20130125212 | REMOTE DISPLAYING - Technologies are generally described for a remote displaying scheme configured to transmit display data stored in a source device to a target device for displaying the display data on the screen of the target device. In some examples, a method performed under control of a source device may include broadcasting to one or more target devices request information that comprises a request for displaying display data, obtaining permission information generated by a target device of the one or more target devices, the permission information based, at least in part, on the request information, transmitting to the target device an acknowledgement that a communication channel between the source device and the target device is established, the acknowledgement based, at least in part, on the permission information and transmitting to the target device the display data based, at least in part, on the permission information. | 05-16-2013 |
| 20130125213 | CENTRALIZED IDENTITY AUTHENTICATION FOR ELECTRONIC COMMUNICATION NETWORKS - A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user's identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user's identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users. | 05-16-2013 |
| 20130125214 | AUTOMATIC PIN CREATION USING PASSWORD - A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password. | 05-16-2013 |
| 20130125215 | REMOTE APPLICATION PRESENTATION OVER A PUBLIC NETWORK CONNECTION - Web access over a public network for applications that operate on virtual desktops on a plurality of servers is facilitated. Through the web access the user is provided with the information necessary to establish a connection with an application by way of the virtual desktop. Applications that the user is authorized to access are determined and those applications that the user is not authorized to access are filtered out. The applications associated access control list is used for determining the user's access to discover an application. | 05-16-2013 |
| 20130125216 | METHOD AND SYSTEM FOR MODELING OPTIONS FOR OPAQUE MANAGEMENT DATA FOR A USER AND/OR AN OWNER - Distributed Management Task Force (DMTF) management profiles, based on the Common Information Model (CIM) protocol, may be utilized to perform access authentication during opaque management data profile operations based on DMTF/CIM Role Based Authorization (RBA) profile and/or Simple Identity Management (SIM) profiles. Instances of CIM_Identity class may be utilized to enable validation of ownership and/or access rights, via instances of CIM_Role class and/or instances of CIM_Privilege class for a plurality of common users and/or applications. Quota related operations may be performed via “QuotaAffectsElement” associations between instances of CIM_Identity class and instances of the CIM_OpaqueManagementDataService class. The “QuotaAffectsElement” association may comprise “AllocationQuota” and/or “AllocatedBytes” properties to enable tracking and/or validating of quota related information within the opaque management data profile. | 05-16-2013 |
| 20130125217 | Authorization Control - The application describes an attestation system ( | 05-16-2013 |
| 20130133036 | REMOTE CONTROL OF DIALYSIS MACHINES - This disclosure relates to remote control of dialysis machines. In certain aspects, a method includes receiving a request for a network connection from a dialysis machine and establishing the network connection with the dialysis machine. The method also includes receiving, from a client device, a request to access the dialysis machine, authorizing the client device to access the dialysis machine, receiving, from the dialysis machine, information pertaining to an operation of the dialysis machine, and providing, to the client device, the received information. | 05-23-2013 |
| 20130133037 | INSERTING MEDIA CONTENT FROM MULTIPLE REPOSITORIES - Methods and systems for inserting media content from multiple media content repositories are disclosed herein. The method includes displaying indicia corresponding to a number of repositories within a user interface that is authorized to access all of the repositories, wherein the repositories may include a local repository and an online repository, or any combination thereof. The method also includes obtaining media content from any of the repositories via the user interface and inserting the media content into a location via the user interface. | 05-23-2013 |
| 20130133038 | AUTHENTICATION FOR SOCIAL NETWORKING MESSAGES - A tool for verifying that a message received by a social networking service was sent by a bona fide owner of a social networking account who purportedly sent the message. The tool receives a message and it locates in the message a string that was entered into a message text field of the message. The string is compared with a registered authentication string for the bona fide owner of the account. If the string in the message matches the registered authentication string, the string is removed from the message and the message is forwarded to the social networking service. If the string in the message does not match the registered authentication string, the message is blocked from being forwarded to the social networking service. | 05-23-2013 |
| 20130133039 | Method for statistical object identification - The present invention provides a mechanism to communicate an original object ( | 05-23-2013 |
| 20130133040 | SYSTEM AND METHOD FOR MANAGING AUTHORIZATION OF FUNCTIONS OF ELECTRONIC DEVICE - A system includes a base station, a number of electronic devices, and a server. The base station radiates wireless signal including a base station identifier for identifying the base station and an authorization code for setting authorization level for a function of the electronic device. The electronic device detects the wireless signal, determines the existence of a predetermined base station according to the base station identifier, analyzes the authorization code to determine the function and authorization represented by the authorization code, disables the determined function, receives user information in response to an authorization input, transmits the received user information to the server to retrieve the pre-set authorization level of the user of the electronic device, and enables the function in response to the authorization represented by the authorization code being equal or lower than the retrieved pre-set authorization level. | 05-23-2013 |
| 20130133041 | Data Traffic Control in a Communication Network - A method and apparatus for controlling data traffic in a communications network. The server determines that network conditions are suitable for sending delay tolerant data traffic, and as a result of the determination, it transmits a grant message to at least one client device, the grant message informing the client device that it is permitted to send or receive delay tolerant data traffic. | 05-23-2013 |
| 20130133042 | BIOMETRIC AUTHENTICATION - An apparatus, method and program product locally stores biometric data in response to a user accessing a network ( | 05-23-2013 |
| 20130133043 | AUTHENTICATION IN VIRTUAL PRIVATE NETWORKS - Systems and methods are provided for controlling access to a network. An access request is received from a client application running on a computing device for accessing a remote network. The access request is received over a secure virtual private network connection (VPN) connection established by a user-mode VPN client running in non-privileged user space of the computing device. The access request includes contextual information for use in authenticating a user to access a remote network, wherein the contextual information includes contextual information about the client application requesting access to the remote network. An authentication process is performed using the contextual information to authenticate the user, and a secure VPN connection is established between the client application and the remote network, if the user is authenticated. | 05-23-2013 |
| 20130139221 | Web Authentication Support for Proxy Mobile IP - Techniques are provided for performing web authentication of mobile wireless devices that roam from a wireless wide area network to a wireless local area network. A redirect rule is invoked when a request is received from the mobile wireless device for world wide web access in order to obtain authentication for the mobile wireless device before permitting world wide web access. When a world wide web access request is received from the mobile wireless device, it is redirected to an authentication portal to allow a user of the mobile wireless device to enter user credentials to allow for world wide web access using the IP address. | 05-30-2013 |
| 20130139222 | AUTHENTICATION OF MOBILE DEVICE - Disclosed are systems and techniques that generate one-time passwords in a banking server in order to authenticate a mobile device for transactional functions related to a user account. At least two one-time passwords are generated at the banking server and communicated to the mobile device via different communication pathways. A first communication pathway is encrypted and a second pathway is non-encrypted. | 05-30-2013 |
| 20130139223 | SECURE NETWORK SYSTEM REQUEST SUPPORT VIA A PING REQUEST - Methods and systems for secure network system request (sysrq) via Internet Control Message Protocol (ICMP) are described. A remote computing system sends a query over a network to a target computing system and determines whether the target computing system is non-responsive to the query. When the target computing system is non-responsive to the query, the remote computing system sends an ICMP request to the target computing system over the network. The ping request includes a command to be performed by the target computing system and a key to verify authorization to perform the command. | 05-30-2013 |
| 20130139224 | System and Method for Registering Users for Communicating Information on a Web Site - A system and method blocks or removes user accounts or complex information of user accounts that has or have a correspondence with complex information of other accounts or complex information on a blacklist. | 05-30-2013 |
| 20130139225 | COMMUNICATION APPARATUS - A communication apparatus is configured to communicate with a service providing server. The service providing server provides a data upload service and, for each user, associate and stores authentication information for a user and an e-mail address for the user. The communication apparatus includes: a storage control unit storing specific authentication information for a specific user in a memory; an acquisition unit which, when an upload instruction for uploading target data to the service providing server is input from the specific user, uses the specific authentication information in the memory to acquire a specific e-mail address, which is stored in association with the specific authentication information, from the service providing server; and an upload unit that transmits a specific e-mail including the target data and the specific e-mail address as a transmission destination address, for uploading the target data to the service providing server. | 05-30-2013 |
| 20130139226 | Secure Authorization - Various embodiments provide an authorization approach that performs a safe and generally untraceable way that allows a user to complete an authorization securely. Various embodiments utilize a visual presentation that displays items, which can include symbols, letters, characters, numbers, logos, pictures, and the like. Throughout authorization, in at least some embodiments, the visual presentation is modified and the locations of items, such as touch-selectable items, are changed such that a pre-defined authorization sequence of items does not have the same serialized pattern of selection for purposes of authorization. | 05-30-2013 |
| 20130139227 | Security Architecture For A Process Control Platform Executing Applications - A security component within a supervisory process control and manufacturing information system comprising a set of user roles corresponding to different types of users within the information system, a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles, and a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system. The security permissions within the supervisory process control and manufacturing information system are assigned at an object attribute level. | 05-30-2013 |
| 20130145427 | AUTHORIZING APPLICATION ACCESS TO SECURE RESOURCES - An application submits a permission request to a resource server. In response to receiving the request, the resource server generates a user interface that asks the user to grant or deny the requested permissions. If the permissions are granted, data is stored indicating that the application has the requested permissions. When a runtime request for a resource is received, the resource server determines whether the request has been made by a user, by an application, or by an application on behalf of a user. If the request is made by an application only, the request is granted only if the application has permission to access the resource by way of a direct call not on behalf of a user. If the request is made by an application on behalf of a user, the request is granted only if both the user and the application have sufficient permission. | 06-06-2013 |
| 20130145428 | DENIAL OF SERVICE ATTACK RESISTANT INPUT PORT - An input port for a computer system may retain potentially authenticable requests for processing while removing other connection requests from an incoming queue or request pool. The input port may continue to receive new requests even during a denial of service attack, allowing potentially legitimate requests to be processed. In a typical embodiment, a first in, first out buffer may be used to receive and process connection requests. When the buffer is full, any request that comes from a device having a previous connection with the computer system may be retained for authentication, while removing requests that come from unknown devices. Some embodiments may retain a list of known devices associated with administrators or other known users, and the list may be updated as those users are authenticated. | 06-06-2013 |
| 20130145429 | System Utilizing a Secure Element - An electronic device includes a receiver configured to receive, from an entity, a request to perform a function. The electronic device also includes a secure element to verify the request to perform the function. The secure element includes hardware programmed with instructions to verify that a security of the secure element has not been breached. The secure element also includes software including instructions to determine an access right for the entity requesting performance of the function, and to perform the function when the hardware verifies that the security of the secure element has not been breached and the access right indicates that the entity is authorized to request performance of the secure function. | 06-06-2013 |
| 20130145430 | ASSET STREAMING - A device streams assets to network-based storage in cooperation with servers administering the network-based storage. The servers manage and secure access to the stream of assets, on both an account level and an asset level, in accordance with asset metadata registered for the assets during streaming, and in accordance with account data associated with the assets being streamed and the device with which the assets are streamed. The servers operate to notify other authorized devices associated with the device that the assets are available to download, including initiating the download of assets automatically or in response to user input. | 06-06-2013 |
| 20130145431 | INTEGRATED CIRCUITS AS A SERVICE - Technologies are generally described for provisioning and managing access to FPGAs as a service. In some examples, a system for allowing provisioning management for shared FPGA use and access control to enable a user's processes to access their custom programmed FPGA may accept user packages for compilation to an FPGA in communication with datacenter servers. The user packages may be imaged to the FPGA with an added management payload, and a driver and user key may be employed to allow selective access to the FPGA as a service for datacenter virtual machines. Together these elements allow a datacenter to provision rentable integrated circuits as a service (ICaaS). Additional services such as billing tracking, provision management, and access control may be provided to users allowing them to realize lower cost while the datacenter realizes greater return. | 06-06-2013 |
| 20130145432 | TRUST CONFERENCING APPARATUS AND METHODS IN DIGITAL COMMUNICATION - A conferencing application executing on a computerized appliance from a machine-readable medium, the computerized appliance coupled to one or more networks is provided, the application including functionality for responding to requests to join a conference, and for enabling requesters as participants, functionality for receiving and rendering text, voice or video data from each registered participant as text, voice or video data to be transmitted to individual ones of other participants, functionality for controlling which received text, voice or video data is transmitted to which participants, and functionality for receiving and executing instructions from a trust authority. | 06-06-2013 |
| 20130145433 | USING A LOCAL AUTHORIZATION EXTENSION TO PROVIDE ACCESS AUTHORIZATION FOR A MODULE TO ACCESS A COMPUTING SYSTEM - Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system. A memory stores information on a first validity range comprising position coordinates for a module seeking to access the computing system and a second validity range comprising position coordinates for a location authorization extension for a computing system. A determination is made of a first position signal from a first receiver of the module and of a second position signal from a second receiver of the location authorization module. Determinations are made as to whether the first position signal is within the first validity range and whether the second position signal is within the second validity range. The module is granted access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range. | 06-06-2013 |
| 20130145434 | Unattended Authentication in a Secondary Authentication Service for Wireless Carriers - A wireless device initiates a connection by sending an Unsolicited HTTP(s) POST that includes a user identity and credentials, not in response to a form that is provided to the wireless device from a secondary authentication service (2AS), so the 2AS does not have a session with the wireless device. An HTTP(s) session is handled by a home agent or enterprise home agent. The 2AS uses the user identity and credentials from the Unsolicited POST to complete interaction with a downstream identity management server, and takes appropriate action by either indicating to the home agent that authentication was successful and the device is authorized to use the private enterprise network resources protected by the 2AS process; or if the authentication was unsuccessful that the session(s) should be disconnected. In addition, the 2AS may communicate with the agent on the wireless device to send intermediate and final status of the attempt. | 06-06-2013 |
| 20130145435 | METHOD AND APPARATUS FOR PROVIDING ENHANCED SERVICE AUTHORIZATION - An approach is provided for authorizing one or more services from service providers in a communications network. The approach includes receiving a request from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider. Based, at least in part, on the secondary token identifier, a secondary token is identified; and then the secondary token is sent to the first service provider, wherein the first service provider and the second service provider belong to different trust domains and the first service provider can use the secondary token to access resources of the second service provider. | 06-06-2013 |
| 20130145436 | SYSTEM AND METHOD FOR RESTRICTING ACCESS TO NETWORK PERFORMANCE INFORMATION - A system and method for restricting access to network performance information associated with communications over a packet network. A request may be received from a user to access network performance information associated with communications of data packets over a packet network. A determination as to whether the user has permission to access the network performance information may be made. In response to determining that the user has permission to access the network performance information, the user may be enabled to access the network performance information; otherwise, the user may be prevented from accessing the network performance information. The network performance information may include information associated with communications of data packets including real-time content and non-real-time content. | 06-06-2013 |
| 20130145437 | PROTECTION AGAINST MALWARE ON WEB RESOURCES UTILIZING SCRIPTS FOR CONTENT SCANNING - A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications. | 06-06-2013 |
| 20130145438 | MOBILE EQUIPMENT AND SECURITY SETTING METHOD THEREOF - The present invention relates to mobile equipment and a security setting method thereof for improving security of an object accessible by a user and for providing an easy security setting for the user by controlling user rights for the object according to a security setting pattern of the user. To this end, mobile equipment according to an embodiment of the present invention comprises: a mode management unit which determines a security setting mode; a setting management unit which checks a preset security setting in the case that the security setting mode is a first mode, and checks a security setting corresponding to time or location in a security setting pattern in the case that the security setting mode is a second mode; and a right control unit which controls user rights for an object according to the checked security setting, wherein the security setting pattern is changed on the basis of information on the time or location. | 06-06-2013 |
| 20130152168 | WIRELESS CONNECTION METHOD AND DEVICE - A method, a device, and an access point are provided for obtaining network access. A method, comprising: receiving, by an access point device and from wireless device, a request for authorization to access a network through the access point; determining, by the access point, a distance between the access point and the wireless device; determining, by the access point, that the distance is less than a first threshold distance; using, by the access point, a first process to grant access to the network through the access point when the distance is less than the first threshold distance; and using, by the access point, a second process to grant access to the network through the access point when the distance is not less than the first threshold distance, where the first process is a different and less complex for granting access to the network than the second process. | 06-13-2013 |
| 20130152169 | CONTROLLING ACCESS TO RESOURCES ON A NETWORK - Disclosed are various embodiments for controlling access to data on a network. In one embodiment, a proxy service receives a request from a user on a client device to access a quantity of enterprise resources served up by an enterprise device. In response, the proxy service determines whether the user on the client device has been authenticated to access the enterprise resources. The proxy service also determines whether the client device from which the user requested the access is authorized to access the enterprise resources. Responsive to the determination that the user is authentic and that the client device is authorized, the proxy service associates a set of approved enterprise access credentials with the request and facilitates the transmission of the requested enterprise resources to the client device. | 06-13-2013 |
| 20130152170 | Region Access Platform, Mobile Positioning Method and System - A region access platform is disclosed in the present invention. The region access platform is set to: receive a positioning request from a positioning client; authenticate the positioning client; and after the authentication is passed, obtain a positioning result locally or from a Mobile Positioning Center (MPC) and return the positioning result to the positioning client. A mobile positioning method is also disclosed in the present invention and includes: a region access platform receiving a positioning request from a positioning client, authenticating the positioning client, and after the authentication is passed, acquiring positioning result locally or from a MPC and returning the positioning result to the positioning client. A mobile positioning system is also disclosed in the present invention. The present invention can facilitate the management and maintenance and also facilitates the operator to carry out a service. | 06-13-2013 |
| 20130152171 | SYSTEM AND METHOD TO FACILITATE COMPLIANCE WITH COPPA FOR WEBSITE REGISTRATION - Embodiments of the present invention provide a third-party system that allows parents or authorized guardians to continually grant permissions to several websites and online services and provides a one-time-authentication process of the parent-child relationship. Through this system, the need to re-authenticate the parent-child relationship or for each online company to build their own authentication system and COPPA record keeping mechanisms can be reduced or eliminated. In addition, the embodiments provided herein may afford a service for managing COPPA compliance that is relatively easy for online companies to integrate into their online services and websites. | 06-13-2013 |
| 20130152172 | Entitled Data Cache Management - Systems and methods are disclosed for managing an entitled data cache. A data server may generate and send entitled data to a data cache server. The data cache server, a server that may be located nearer to the user within a data provider's computer network, may receive and cache the entitled data. A permission server may store user's permissions and transmit the user's permissions to the data server and the data cache server. Upon receiving a request for data, the data cache server may retrieve the requested data from the cache and send a subset of the cached data which matches the user's permissions to the user, without the need to request the data from the data server. | 06-13-2013 |
| 20130152173 | METHOD, APPARATUS, AND COMPUTER-READABLE MEDIUM FOR CONTENT ACCESS AUTHORIZATION - An apparatus, computer-readable medium, and computer-implemented method for granting access to content are disclosed. An exemplary method includes receiving user credentials associated with a user from a device which has authorization to access content in a first content domain, determining whether the user associated with the user credentials has a license to access content in a second content domain, and granting temporary authorization to the device which allows it to access content in the second content domain based at least in part on the determination that the user associated with the user credentials has a license to access content in the second content domain. | 06-13-2013 |
| 20130152174 | METHOD, APPARATUS, AND COMPUTER-READABLE MEDIUM FOR CONTENT ACCESS AUTHORIZATION - An apparatus, computer-readable medium, and computer-implemented method for obtaining access to content are disclosed. The method includes transmitting user credentials associated with a user of a device, the device having authorization to access content in a first content domain, and receiving temporary authorization for the device to access content in a second content domain based at least in part on a determination that the user associated with the user credentials has a license to access content in the second content domain. | 06-13-2013 |
| 20130160084 | SECURE OPERATING SYSTEM/WEB SERVER SYSTEMS AND METHODS - Systems and methods for securely operating web servers, operating systems, etc. Methods of embodiments include creating virtual roots for executive jails and corresponding administrative jails within parent operating systems. Embodiments also include setting privileges associated with each of the executive jails to disk read-only. Moreover, administrative jails are hidden from executive jails and the parent operating system is hidden from both sets of jails. Also, the methods include cross mounting user configuration information and/or applications from the administrative jails and in to the corresponding executive jails. Methods can include password protecting the administrative jails and/or restricting the executive jails from initiating outbound communications. Methods can also include storing security related syslog data in locations associated with parent file structure of the parent operating systems. Methods can also include storing web log related syslog data in locations associated with the administrative jails thereby providing, as desired, compliance/auditing reporting functions. | 06-20-2013 |
| 20130160085 | HOSTING EDGE APPLICATIONS AT THE EDGE OF A MOBILE DATA NETWORK - Mobile network services are performed in a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A breakout component in the radio access network breaks out data coming from a basestation, and hosts edge applications, including third party edge applications, that perform one or more mobile network services at the edge of the mobile data network based on the broken out data. | 06-20-2013 |
| 20130160086 | SECURE CLIENT AUTHENTICATION AND SERVICE AUTHORIZATION IN A SHARED COMMUNICATION NETWORK - Functionality for secure client authentication and service authorization in a shared communication network are disclosed. A managing network device of a communication network causes a securely connected client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more service providers of the communication network. The managing network device executes the service matching process and securely matches the client network device with one of the service providers. The accounting network device executes the account authorizing process with the client network device and provides a service voucher to the managing network device authorizing one or more of the service providers to service the client network device. The managing network device transmits the service voucher to the matched service provider to prompt the matched service provider to service the client network device. | 06-20-2013 |
| 20130160087 | BEHAVIORAL FINGERPRINTING WITH ADAPTIVE DEVELOPMENT - Disclosed herein are example embodiments for behavioral fingerprinting with adaptive development. For certain example embodiments, one or more devices may: (i) determine at least one indication of utilization for at least one authorized user via at least one user-device interaction; and (ii) incorporate at least one indication of utilization into at least one behavioral fingerprint that is associated with at least one authorized user, with the at least one behavioral fingerprint including one or more indicators of utilization of one or more user devices by the at least one authorized user. However, claimed subject matter is not limited to any particular described embodiments, implementations, examples, or so forth. | 06-20-2013 |
| 20130160088 | Authentication Via Motion of Wireless Device Movement - Motion of a wireless device is pre-registered as authentication credentials, then later matched, to provide motion-based authentication for access to software, service, etc. The wireless device may contain any number of gyroscopic, distance, positional or compass sensors—any or all of which are measured during a physical gesture or motion or the wireless device while the user is holding the wireless device. Recorded measurements of the specific motion then identifies the authorized user. If measurements of an attempted motion suitably matches the pre-registered and valid authentication credentials for the service or device, then the motioned wireless device is authenticated for use by the user. Such motion is difficult, if not impossible, for a user to pass on to another individual—even if they wanted to, making it the ultimate security technique. | 06-20-2013 |
| 20130160089 | Advocate for Facilitating Verification for the Online Presence of an Entity - Some embodiments provide an advocate system to facilitate automated online presence verification for different entities on behalf of the entities. The advocate system places service providers on notice that profiles and information hosted by them and that form the online presence for a particular entity should first be verified with that particular entity. The advocate system further facilitates online presence verification by 1) directly or indirectly connecting the service providers that are placed on notice with the appropriate authoritative entities to facilitate the verification of the profiles and information, 2) selectively targeting service providers hosting profiles and information that are unverified, 3) automatedly verifying hosted profiles and information based on a verified profile lists and verified information that authoritative entities provide to a central repository. In so doing, the advocate system prevents potential damage to the authoritative entity's credibility while also mitigating potential for fraud, identity theft, etc. | 06-20-2013 |
| 20130160090 | COMMUNICATIONS METHODS AND APPLIANCES - Communications methods and appliances are described. According to one embodiment, a communications method includes prior to deployment of an appliance, establishing a trusted association between the appliance and a certificate authority, during deployment of the appliance, associating the appliance with a communications address of a communications medium, using the certificate authority, creating a signed certificate including the communications address of the appliance, announcing the signed certificate using the appliance, after the announcing, extracting the communications address of the appliance from the signed certificate, and after the extracting, verifying the communications address of the appliance. | 06-20-2013 |
| 20130160091 | SYSTEM AND METHOD FOR ASSOCIATING MESSAGE ADDRESSES WITH CERTIFICATES - A system and method for associating message addresses with certificates, in which one or more message addresses are identified and associated with a user-selected certificate that does not contain any e-mail addresses. In certain situations, a message may be encrypted using a certificate that does not contain an e-mail address that matches the e-mail address of the individual to which the message is to be sent, so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device. | 06-20-2013 |
| 20130160092 | Certified Email System and Method - A certified email system for providing a time stamp for a presented file, particularly when the presented file is an email. Preferably a demanding party receives the email; generates a unique HASH; digitally signs the unique HASH; and sends the signed HASH and a time-stamp request call to a web services time-stamp conduit (WSTC). The WSTC receives the request and signed HASH from the demanding party and obtains a time stamp. The WSTC sends the time stamp back to the demanding party, which sends a time-stamp notification to the original sender of the email and, optionally, the recipient(s) of the email. Multiple branded or customized demanding servers can efficiently run using one web services time-stamp conduit. An integrated detailed billing system capable of pass-through client billing, keyword search functionality, a multi-party content management system, and convenient web-based automated verification (file or HASH) services are provided. | 06-20-2013 |
| 20130160093 | METHOD AND NETWORK ENTITY FOR REGISTERING A USER ENTITY WITH A COMMUNICATION NETWORK VIA ANOTHER COMMUNICATION NETWORK - A network entity for registering a user entity with a first communication network, wherein the user entity and the network entity providing access to the first communication network are registered with a second communication network. The network entity has a transceiver for transferring at least one registration message for registering said user entity with the first communication network between the user entity and the network entity over the second communication network. | 06-20-2013 |
| 20130160094 | OTA Bootstrap Method and System - An over-the-air (OTA) bootstrap method and system are described, including: when a connection between a user-registered terminal device and a device management (DM) server is finished, the terminal device sends a bootstrap confirmation message to a service center corresponding to port information of a valid service center pre-stored in the terminal device; the service center analyzes the bootstrap confirmation message to determine a device ID of the terminal device, connects with a DM server authorized by the service center, and searches for an OTA bootstrap record corresponding to the device ID in a database of the authorized DM server; if the service center fails to find the corresponding OTA bootstrap record in the database of the authorized DM server, the service center notifies the user that the terminal device has performed an OTA bootstrap with an unauthorized DM server. The present invention can improve the security of the OTA bootstrap. | 06-20-2013 |
| 20130167198 | Protocol for sequential rights transactions - Methods and apparatus, including computer program products, implement techniques for delivering a rights object granting one or more rights to a media object. The rights object has an associated return address, and the return address is usable to initiate a subsequent rights transaction relating to the rights granted by the rights object. | 06-27-2013 |
| 20130167199 | On-Demand Authorization Management - Methods and apparatus, including computer program products, are provided for authorization management. In one aspect, there is provided a computer-implemented method. The method may include receiving a request to authorize at least one user to at least one module of a system; mapping the received request to a semantic tag; processing, based on the semantic tag, the request to authorize the at least one user to determine whether to grant the at least one user access to the at least one module; and sending a response to the request to authorize the at least one user, wherein the response is in accordance with the result of the processing. Related apparatus, systems, methods, and articles are also described. | 06-27-2013 |
| 20130167200 | TECHNIQUES TO STORE SECRET INFORMATION FOR GLOBAL DATA CENTERS - Techniques to store secret information for global data centers securely are described. Various embodiments may provide a front end service for a back end data store. The front end service may be responsible for deployment, upgrade, and disaster recovery aspects, and so forth, of data center maintenance. Data centers may access data and data-related services from the back end data store through the front end service. Secrets that are needed to access secure data may be stored on behalf of the data centers without providing the secrets to the data centers. Other embodiments are described and claimed. | 06-27-2013 |
| 20130167201 | REMOTE ACCESS TO A DATA STORAGE DEVICE - A method may be performed in a data storage device that stores one or more files and that is operatively coupled to any host device that is accessible to another device via a network. The method includes receiving an access request originating from the other device. The access request is received via a particular host device registered as a recipient of requests for access to the data storage device via the network while the data storage device is operatively coupled to the host device and while the host device is accessible via the network. The method also includes, in response to receiving the access request, sending a response with access information to the other device. The response is provided to the particular host device to be sent to the other device via the network. | 06-27-2013 |
| 20130167202 | IMAGE PROCESSING APPARATUS - An image processing apparatus includes: a first acquisition unit acquiring input information from an outside for starting execution of an image processing function; a determination unit determining whether a specific apparatus connected through a network is logged in based on specific identification information corresponding to the input information; a first request unit requesting input of authentication information from the outside; and a function control unit controlling execution of the image processing function. When it is determined that the specific apparatus is not logged in, the first request unit requests the input of the authentication information from the outside. When it is determined that the specific apparatus is logged in, the function control unit permits the execution of the image processing function without the first request unit requesting the input of the authentication information from the outside. | 06-27-2013 |
| 20130167203 | METHOD AND SYSTEM FOR AUTHORIZING REMOTE ACCESS TO CUSTOMER ACCOUNT INFORMATION - System for authorizing a request for remote access to customer account information includes a server configured to receive the request via a network from a remote computing device, a database storing the customer account information accessible by the server, and memory accessible by the server and storing a customer notification program which, when executed by the server, performs steps for (a) identifying, responsive to the server receiving the request, the remote computing device by a device fingerprint and by a requesting location, (b) determining whether the device fingerprint matches any of a number of device fingerprints authorized to access the customer account information, and (c) sending, responsive to determining a mismatch between the device fingerprint and each of the previously authorized device fingerprints, a notification of the request to a customer-specified address, the notification indicating (i) the request, (ii) identity of the remote computing device, and (iii) the requesting location. | 06-27-2013 |
| 20130167204 | METHOD FOR MANAGING ACCESS TO PROTECTED COMPUTER RESOURCES - A method for controlling access to protected computer resources provided via an Internet Protocol network that includes registering identity data of a subscriber identity module associated with at least one client computer device; storing (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module, and (iii) authorization data regarding the protect computer resources; receiving the identity data of a subscriber identity module, and a request for the protected computer resources; authenticating (i) the identity data of the at least one access server, and (ii) the identity data of a subscriber identity module; authorizing the at least one client computer device to receive at least a portion of the protected computer resources; and permitting access to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device. | 06-27-2013 |
| 20130167205 | CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS - This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead. | 06-27-2013 |
| 20130167206 | STORAGE SYSTEM, METHOD OF CONTROLLING ACCESS TO STORAGE SYSTEM AND COMPUTER SYSTEM - A plurality of servers is connected to a storage system via a network. A control unit in the storage system defines exclusive access groups from an address information of each access interface of the servers, defines logical volumes in which the server is permitted to access for each of the exclusive access groups, and controls the access to the volume of the server by a access list which defines correspondence between the server and the logical volume and the physical volume, which are permitted to access by the server. | 06-27-2013 |
| 20130174223 | SYSTEMS AND METHODS FOR TEMPORARY ASSIGNMENT AND EXCHANGE OF DIGITAL ACCESS RIGHTS - Systems and methods are provided for assignment and exchange of temporary access rights, based on a physical or virtual proximity of user devices. A first user device may receive a temporary access right that enables access on a second user device to a content asset which the first user device is not authorized to access. In response to receiving the temporary access right, the first user device may enable access on the first user device to the content asset. Access to the content asset may be maintained after the first user device leaves the proximity of the second user device until the content asset is played back in its entirety. The proximity may be based on physical location or virtual connections through online services. The temporary access right may be requested from the second user device by the first user device or assigned to the first user device from the second user device and may limit the number of times that the content asset may be accessed on the first user device. | 07-04-2013 |
| 20130174224 | INFORMATION PROCESSING APPARATUS AND UNAUTHORIZED ACCESS PREVENTION METHOD - An information processing apparatus includes nodes having a first node and a second node each of which includes a processor and a memory in which at least a part of area is set as a shared memory area, and an interconnect that connects the nodes. The first node transmits communication data to be transmitted to the second node by attaching identification information used for accessing a memory in the second node. The second node determines whether or not an access to the shared memory area in the memory in the second node is permitted on the basis of the identification information that is attached to the communication data transmitted from the first node and identification information stored in a storing unit and used for controlling permission to access, from another node, the shared memory area in the memory in the second node. | 07-04-2013 |
| 20130174225 | MESSAGING SYSTEMS AND METHODS - A third-party can subscribe to one or more electronic message group lists without joining the group lists by creating a trust relationship between the subscriber and a group list member. In particular, the subscriber can send a trust indicator to the group member, who can then determine whether to accept the trust indicator for all or specific groups that are associated with the group member, as appropriate. In at least one embodiment, the group member can send a trust indicator acceptance message to the subscriber that identifies the group member, and any or all group lists associated with the group member. The subscriber can then receive messages directed to the trusted group member or group lists, and can send group messages to the group lists subject to a receive setting associated with the group lists or group members of the group lists. | 07-04-2013 |
| 20130174226 | LEVERAGING A PERSISTENT CONNECTION TO ACCESS A SECURED SERVICE - Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection. | 07-04-2013 |
| 20130174227 | COMPUTER-READABLE MEDIUM, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING SYSTEM - An example system causes a computer of an information processing device including a restriction unit for restricting use of functions and a handwritten input receiving unit to carry out functions of requesting an input of a handwritten signature, sending, to a server, a result of a handwritten input which has been input in response to the request of the signature input, and receiving the input of authorization information which has been issued by the server that has received the handwritten input result and which shows that the use of the functions is authorized, and moreover cancelling the restriction by the restriction unit when the input of the authorization information is received. | 07-04-2013 |
| 20130174228 | METHOD AND SYSTEM FOR IMPLEMENTING ZONE-RESTRICTED BEHAVIOR OF A COMPUTING DEVICE - A method for implementing zone-restricted behavior of a computing device includes identifying wireless access points using the computing device, determining a number of authorized wireless access points from the wireless access points identified by the computing device, determining that the computing device is located within a restricted access zone when the number of authorized wireless access points identified by the computing device exceeds a predetermined threshold of authorized wireless access points identified, and enabling a zone mode of the computing device when the computing device is determined to be located within the restricted access zone. | 07-04-2013 |
| 20130174229 | Web-Based Collaborative Framework - Embodiments of the present disclosure provide systems and methods for facilitating network communications. Briefly described, one embodiment of the system, among others, includes a server-based application configured to produce web pages for a web site in accordance with input received from a user; and an interface to the server-based application receiving selections of features which are available to be added to the web site in response to user prompts and to set access rights on which features are to be available to different roles of users. Other systems and methods are also provided. | 07-04-2013 |
| 20130174230 | Method and system for secure linking with authentication and authorization in a media exchange network - Certain embodiments of the invention may be found in a method for establishing a communication pathway for subsequent media exchanges between a television display in a first home and storage that contains media in a second home. The method may comprise securely receiving address correlation information associated with the television display in the first home and securely receiving address correlation information associated with the storage in the second home. Affirmative confirmation may be received and/or stored using the received address correlation information associated with at least one of the television display and the storage. The invention may also include verifying that affirmative information has been stored in association with any subsequent media exchanges. | 07-04-2013 |
| 20130179944 | Personal area network (PAN) ID-authenticating systems, apparatus, method - This invention comprises a system, apparatus, and method ensuring device adherence to security requirements for Personal Area Networks (PANs). Provided security services protect data communicated between PAN-hub-attached devices and their resident data. The invention provides cryptographic keys and certificates, to protect communications between PAN-hub-attached devices, and optional external devices. The invention provides cryptographic software complying with established security requirements for PAN networks. Users submit credentials using: (1) ID smartcards inserted into the PAN hub security apparatus, (2) a cellphone/SIM card, and/or (3) a PIN or password. Based on privileges, users securely access the PAN hub and authorized devices. The PAN hub apparatus ensures that communications between PAN network devices, external devices, and data-at-rest are cryptographically protected, complying with network security requirements. Optionally, the invention permits users and/or PAN network device(s) to obtain connectivity to external “non-PAN” devices. The method specifies cryptographically-secured communications between PAN network devices and external devices. This invention comprises a system, apparatus, and method ensuring device adherence to security requirements for Personal Area Networks (PANs). Provided security services protect data communicated between PAN-hub-attached devices and their resident data. The invention provides cryptographic keys and certificates, to protect communications between PAN-hub-attached devices, and optional external devices. The invention provides cryptographic software complying with established security requirements for PAN networks. Users submit credentials using: (1) ID smartcards inserted into the PAN hub security apparatus, (2) a cellphone/SIM card, and/or (3) a PIN or password. Based on privileges, users securely access the PAN hub and authorized devices. The PAN hub apparatus ensures that communications between PAN network devices, external devices, and data-at-rest are cryptographically protected, complying with network security requirements. Optionally, the invention permits users and/or PAN network device(s) to obtain connectivity to external “non-PAN” devices. The method specifies cryptographically-secured communications between PAN network devices and external devices. | 07-11-2013 |
| 20130179945 | Follow Location Handler and Selector Functionality in a Stateless Microkernel Web Server Architecture - A method of serving a resource to a client via a computer network is provided. The method may include providing a follow location handler logically positioned on a WAN side of an HTTP server. At the follow location handler, the method may include receiving a POST request from the client, and forwarding the POST request to the HTTP server. At the HTTP server, the method may include receiving the POST request, creating a modified data object based upon the form data, generating a link to the modified data object, and returning the link. At the follow location handler, the method may include intercepting the link to the modified data object from the server, sending a GET request to the server to retrieve the modified data object, and, in response, receiving the modified data object. The method may further include forwarding the modified data object to the client. | 07-11-2013 |
| 20130179946 | Linking Functionality for Encoding Application State in Linked Resources in a Stateless Microkernel Web Server Architecture - A method of serving a resource to a client via a computer network is provided. The method may include at an HTTP server system having a stateless microkernel architecture, the server system including one or more link resource servers, receiving an HTTP request for a resource from an HTTP client via a computer network, the request being to perform a resource operation, the resource operation being to retrieve the resource and send the resource to the requesting client, wherein the resource is a data object. The method may further include determining if the resource operation is authorized based on the request. If the resource operation is authorized, the method may include sending the resource operation to an object server associated with the resource identified by the request, in response receiving a data object from the object server, providing, via a linking engine, the data object to each link resource server of the one or more link resource servers, in response receiving one or more links from each of the one or more link resource servers, embedding the links in the data object, and sending the data object to the requesting client via the computer network. | 07-11-2013 |
| 20130179947 | SYSTEM AND METHOD FOR DECENTRALIZED ONLINE DATA TRANSFER AND SYNCHRONIZATION - A method of sharing data is disclosed. A request from a client node to access data in a share associated with a server node is received. A communication from a management nexus is received. The communication includes a confirmation of an identity of the client node and a confirmation of an authorization for the client node to access the data in the share associated with the server node. The client node is allowed to access the data in the share associated with the server node based on the communication from the management nexus. However, the data is not sent to the management nexus. | 07-11-2013 |
| 20130179948 | SHARING INFORMATION ON A NETWORK-BASED SOCIAL PLATFORM - A system and method for sharing information on a network-based social platform is provided. An indication is received from a first user to share information regarding an item on a network-based social platform. The network-based social platform is a platform that allows the first user to communicative couple with other users of the network-based social platform. Profile information of the first user is accessed. A determination of whether the first user is authorized to share the information is made. Based on the first user being authorized, an identifier for the item is added to a list of recommended items that is accessible view the network-based social platform. | 07-11-2013 |
| 20130179949 | SECURE EXCHANGE OF DIGITAL CONTENT - The invention includes delivering and monitoring digital content distributed to correctional facility inmates, giving supervisory authorities the ability to screen the incoming digital content. Digital content can include email, and stored and steamed video content, and can be scanned for keywords by supervisory authorities before delivery to an inmate. A computer kiosk can be used by inmates to view and record digital video content. A portable player is provided to inmates which can be used to play, and in some embodiments record, digital content. The player is issued to a particular inmate, and can only be used with respect to that particular inmate's digital content. The kiosk, and in some embodiments, the player, can be used to shop for items available at a store, for example a commissary. | 07-11-2013 |
| 20130179950 | NETWORK CONNECTION APPARATUS - A DLNA-capable network connection apparatus for communicating with other apparatus in a local network area supplied by an access point (AP) includes an AP detecting part for detecting an AP capable of wireless communication in a place in which the network connection apparatus is located, and a public control part for performing public control corresponding to the AP detected by the AP detecting part based on public setting information about publicity of the network connection apparatus set every AP. | 07-11-2013 |
| 20130185767 | CLUSTERED AAA REDUNDANCY SUPPORT WITHIN A RADIUS SERVER - In general, techniques are described for supporting interchassis redundancy (ICR) by a plurality of network access servers (NASes) that are members of an ICR. For example, techniques may be used to associate, within a RADIUS server, multiple NAS identifiers for the NASes with a single NAS identifier alias. The RADIUS server is configured to handle RADIUS protocol messages from any member of the ICR cluster as though the RADIUS protocol messages issued from a single NAS having the NAS identifier alias. | 07-18-2013 |
| 20130185768 | Monetization of a Media Channel Network - The disclosed embodiments relate to a media or communication network or platform that facilitates communication via one or more media or communication channels. Moreover, the disclosed embodiments allow one or more third-party content sources to determine how their content is transmitted or conveyed, when their content is transmitted or conveyed, and/or which channels should be used to transmit or convey their content. One or more third-party content sources may, for instance, target one or more specific channels based on, for example, the one or more channel operators, the audience of the one or more channels, or the like. This allows one or more third-party content sources to leverage their content against channel operators or content from other third-party content sources. One or more third-party content sources may, for example, bid against other third-party content sources for the ability to transmit or convey their content via the one or more channels. | 07-18-2013 |
| 20130185769 | NEAR FIELD COMMUNICATION ELECTRONIC DEVICE, LOGIN SYSTEM USING THE SAME AND METHOD THEREOF - A near field communication (NFC) electronic device, a login system using the same and a method thereof are disclosed. The NFC electronic device includes a reading module, an embedded controller and a matching module. The reading module receives identification information transmitted from a readable component when the readable component approaches. The embedded controller is connected to the reading module and stores the identification information. The matching module is connected to the embedded controller and performs a matching authentication according to the identification information. If the matching authentication is successful, the matching module searches whether required account confidential information exists in a database according to the identification information. If yes, the matching module selects and transmits the required account confidential information to the embedded controller. The embedded controller outputs a hardware signal corresponding to the account confidential information to an application program of a user login screen. | 07-18-2013 |
| 20130185770 | METHODS AND SYSTEMS FOR PROVIDING ACCESS TO AN ONLINE SYSTEM - Methods and systems are provided for enabling access to a secure system from a remote system without directly logging into the secure system for debugging purposes. The secure system and the remote system may login to a host system with a session ID and establish a session. The secure system starts a Hyper Text Transport Protocol (HTTP) enabled debugger to enable debugging of the web browser traffic. The HTTP enabled debugger may be displayed on the remote system via the host system. The remote system may enter debug commands from a web browser on the remote system. The debug commands are then applied on the web browser of the secure system. | 07-18-2013 |
| 20130185771 | NETWORK SYSTEM - A network system includes network relay devices including a master device for administrating the network system, and a member device to be administrated by the master device. When the master device receives an authentication request from an external terminal connected to the network system, the master device performs an authentication processing for authorizing or denying the authentication request. When the authentication request is authorized, one network relay device connected to the external terminal in the network system performs a communication-authorizing processing for authorizing a communication between the external terminal and the one network relay device, and performs a transmission processing for transmitting a communication authorization data to an other network relay device which is not connected to the external terminal in the network system. When the other network relay device receives the communication authorization data, the other network relay device performs the communication-authorizing processing. | 07-18-2013 |
| 20130185772 | DYNAMICALLY UPDATING A SESSION BASED ON LOCATION DATA FROM AN AUTHENTICATION DEVICE - Systems, devices, methods, and software are described for dynamically updating a session based on location data from an access device, such as an access card reader. In one example, a method of managing at least one centrally hosted virtual session may include: associating a user with a virtual session, a first terminal device, and a first location at a central server computer system; receiving a notification at the central server computer system that an access token associated with the user has been received at an access device associated with a second terminal device and a second location; associating the virtual session with the second location in response to the notification; and updating the virtual session at the first terminal device according to at least one location-based rule associated with the second location. | 07-18-2013 |
| 20130185773 | APPARATUS, SYSTEM, AND METHOD FOR MANAGING, SHARING, AND STORING SEISMIC DATA - Implementations described and claimed herein provide a system and methods for managing a flow of and access to proprietary data in a cloud storage array. In one implementation, a plurality of uploads of the proprietary data is received. An association of the proprietary data is maintained across the plurality of uploads. A role is assigned to a party with an interest in the proprietary data. The role is defined by a set of access permissions. The access of the party to the proprietary data is controlled based on the assigned role. The proprietary data may be multi-dimensional data sets, such as raw, processed, and/or interpreted seismic data sets. | 07-18-2013 |
| 20130185774 | Systems and Methods of Managing Access to Remote Resources - A method and system are provided for managing access to resources available remotely from at least one computing device. The resources include at least one software application and at least one hardware component. The method and system involve storing access level indicators for indicating different types of access; storing identifiers for identifying different users with access to the at least one computing device and possible access to the resources; for each resource and each identifier, storing an access level indicator for that resource and that user; and before granting access to a resource for a user seeking access to the resource, operating a processor to: determine an identifier identifying the user; determine the access level indicator stored in the storage module for the identifier and the resource; and if access is consistent with the determined access level indicator, grant access to the resource, otherwise, deny access to the resource. | 07-18-2013 |
| 20130185775 | MULTI FACTOR AUTHENTICATION - In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel. | 07-18-2013 |
| 20130185776 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR MANAGING MEDIA CONTENT BY CAPTURING MEDIA CONTENT AT A CLIENT DEVICE AND STORING THE MEDIA CONTENT AT A NETWORK ACCESSIBLE MEDIA REPOSITORY - Media content is managed by defining a list of authorized recipients in a network accessible security information repository, recording media content at a client device, obtaining the list of authorized recipients at the client device, associating at least one of the authorized recipients with the media content, and transmitting the media content along with information identifying the at least one of the authorized recipients associated therewith from the client device to a network accessible media repository for storage therein. The media content includes audio, video, and/or image content. | 07-18-2013 |
| 20130191882 | ACCESS CONTROL OF REMOTE COMMUNICATION INTERFACES BASED ON SYSTEM-SPECIFIC KEYS - A computer implemented method, computer program product, and computer system is provided for receiving a service request to obtain service from a second application, the service request including a client context and a signed ticket obtained by the first application from a system computer, validating the received signed ticket based on the key associated with the system, determining that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of one or more attributes of the received client context to an access control list associated with the second application, and sending a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application. | 07-25-2013 |
| 20130191883 | DEVICE NETWORK SHARING METHOD AND DEVICE CONTROLLING METHOD THEREOF - A device network sharing method and a device controlling method for sharing and controlling a device with a hardware identifier in a network structure system by connecting the device to the network structure system, letting the device log in a server by the hardware identifier of the device, and completing a verification of the device and announcing connection information of the device in the network structure system. Therefore, a client can complete networking settings of the device without complex networking setting steps. A user can use a controller to log in the server by the hardware identifier of the device, and then acquire connection information of the device, for setting or sharing the device. Thus, a client can search a device desired to be controlled in the network structure system without inputting the URL network address which cannot represent device properties. | 07-25-2013 |
| 20130191884 | IDENTITY MANAGEMENT WITH LOCAL FUNCTIONALITY - A user equipment (UE) may perform functions locally, such as on a trusted module that resides within the UE. For example, a UE may perform functions associated with a single sign-on protocol, such as OpenID Connect for example, via a local identity provider function. For example, a UE may generate identity tokens and access tokens that can be used by a service provider to retrieve user information, such as identity information and/or user attributes. User attributes may be retrieved via a user information endpoint that may reside locally on the UE or on a network entity. A service provider may grant a user access to a service based on the information that it retrieves using the tokens. | 07-25-2013 |
| 20130198807 | Transparent Authentication Process Integration - Systems and techniques to provide transparent authentication integration. In general, in one implementation, the technique includes: receiving a request from a client to take an action with respect to an electronic document, in response to the request, obtaining an authentication process, and sending the authentication process to the client for use in identifying a current user and controlling the action with respect to the electronic document based on the current user and document-permissions information associated with the electronic document. Obtaining the authentication process can involve requesting and receiving the authentication process from a second server. The authentication process can use an existing interface provided by the client to communicate authentication information to the server. | 08-01-2013 |
| 20130198808 | Integrated Security Platform - An integrated security platform that enables a wide variety of network security elements to share security information in a comprehensive manner so as to provide automation of policy and security enforcement based on intelligence gathered by the different network security elements. The integrated security information platform provides the ability to clarify security intelligence by simplifying the collection and indexing of security information so that the information is visible and accessible to systems wanting to make use of the security information, without requiring all of the information to be co-resident with the infrastructure of the security platform or requiring the various systems to have pair-wise relationships with one another. | 08-01-2013 |
| 20130198809 | Authorization and Authentication Based on an Individual's Social Network - In particular embodiments, a method includes receiving a request to transmit content related to a first user to a second user, determining whether transmission of the content is authorized based on a list of unauthorized users, and transmitting the content to the second user if the transmission is authorized based on the list. | 08-01-2013 |
| 20130198810 | Authorization and Authentication Based on an Individual's Social Network - In particular embodiments, a method includes accessing a graph structure comprising a plurality of nodes and edges where each node represents a user, receiving a request from an external service provider identifying a first user who is requesting to access content on the external service provider, accessing a white list comprising a set of users associated with the external service provider, and authenticating the first user to access content on the external service provider if the first user is connected in the graph structure to a user on the white list by a series of nodes and edges that does not comprise an unauthorized node. | 08-01-2013 |
| 20130198811 | Method and Apparatus for Providing a Trust Level to Access a Resource - An approach is provided for providing a trust level to access a resource. A system receives a request at a device, from a first user, to access a resource associated with a second user. The resource is further associated with a predetermined privacy level. The system calculates a trust level between the first user and the second user based, at least in part, on a trust metric. The system then determines whether the trust level meets the predetermined privacy level and grants an access right to the resource based, at least in part, on the determination. | 08-01-2013 |
| 20130198812 | Authentication of Electronic Data - Systems and techniques for transmitting electronic data by receiving, at a communications system host, electronic data transmitted from a sender and addressed to an intended recipient; authenticating the electronic data based on attributes of the electronic data and appending information to the electronic data indicating that the electronic data has been authenticated. | 08-01-2013 |
| 20130198813 | CONFIGURATION METHOD, CONFIGURATION DEVICE, COMPUTER PROGRAM PRODUCT AND CONTROL SYSTEM - According to an aspect of the invention a configuration method for configuring a host device in a control system is conceived, in particular a building control system, wherein an authorized configuration device exchanges confidential configuration data with a radio frequency identification tag coupled to the host device, wherein, after the confidential configuration data have been exchanged and a corresponding configuration operation has been performed, access to the confidential configuration data by an unauthorized configuration device is precluded. According to further aspects of the invention a corresponding configuration device, a corresponding computer program product and a corresponding control system are conceived. | 08-01-2013 |
| 20130198814 | METHOD AND SYSTEM FOR IMPLEMENTING AN ADVANCED MOBILE AUTHENTICATION SOLUTION - Disclosed is an improved method, system, and program product to implement a login interface that collects additional information (in addition to the username and password) to be used in the login process. The additional information may include role and environment information specifying the privileges or resources in an application that the user may access. | 08-01-2013 |
| 20130198815 | Systems and Methods for Universal Enhanced Log-In, Identity Document Verification and Dedicated Survey Participation - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data, A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server. | 08-01-2013 |
| 20130198816 | METHOD AND SYSTEM FOR SECURE PAIRING OF WIRELESS DEVICES - A method and system for securely pairing wireless devices, includes deploying a master device in a network environment, and a new device to be securely integrated into the network environment executes an unauthenticated key exchange with the master device. The master device has a security association with a camera system that monitors an operational area where the new device is placed, based on the exchanged key, the master device and the new device each compute a key confirmation code. The camera system learns the key confirmation code from the master device. The camera system watches for devices transmitting the key confirmation code and provides images of such identified devices to the master device, based on an analysis of an image of a device identified by the camera system, an authorization decision is made with respect to accepting the identified device as new device of the network environment. | 08-01-2013 |
| 20130205371 | Method for Securing Digital Data and Identities in Particular in a Process Using Information and Communication Technologies - A method of securing and controlling data and identities within a communication process between an author and at least one recipient comprises at least: inserting at least one stamp in the computer or communication protocol associated with the data stream by means of a stamping system, the protocol containing the identity of the author, said stamp being a distinctive sign and a sign of recognition and a means of access to a secured account; the author using said secured account, administered by an anonymization authority, and said stamp being used to identify itself with said authority; the data stream comprising at least one instruction; at least one additional instruction having been registered with the anonymization authority and placed in the secured account; reading, at at least one recipient, of said protocol by means of a reading system capable of detecting the presence of said stamp and then in extracting all or part of the additional instruction from the anonymization authority or from the secured account, said extraction being carried out from the secured account by the means of said stamp. | 08-08-2013 |
| 20130205372 | AUTHORIZATION OF DEVICE ACCESS TO NETWORK SERVICES - The invention provides for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and display a User Interface (UI) which prompts the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network. | 08-08-2013 |
| 20130205373 | ADAPTING AUTHENTICATION FLOW BASED ON WORKFLOW EVENTS - Systems, devices, and methods are disclosed for managing virtual sessions. A plurality of workflow events may be received at a central server computer system from a plurality of different terminal devices. A context of a user associated with a virtual session at the central server computer system may be determined, and an authentication flow for the user may be determined based on the context of the user and at least one of the received workflow events. The user may be authenticated for access to the virtual session at a terminal device according to the determined authentication flow. | 08-08-2013 |
| 20130205374 | METHOD AND SYSTEM FOR NETWORK ACCESS CONTROL - A method and a system for network access control are provided, which are based on cipher code mechanism. After a visitor has raised an access request, an access controller in the destination network processes the access request and initiates an authentication request on the visitor identity to an authentication server through the visitor. The access controller in the destination network accomplishes the authentication on the visitor identity according to the public authentication result of the authentication server transferred by the visitor, and performs according to the authorization policy the authorization management on the successfully authenticated visitor. The present invention solves the problem of incapableness of performing the access control when the access controller can not directly use the authentication service provided by the authentication server. The present invention can sufficiently satisfy the real application requirements of access control on visitor. | 08-08-2013 |
| 20130205375 | AUTHORIZING AN ELECTRONIC DEVICE TO CONTROL A MEDIA RENDERING UNIT - A method performed in a media aggregating node and a media aggregating node is provided for authorizing a second electronic device to control a media rendering unit included in a local network environment. The media aggregating node is network environment, e.g. a DLNA network, comprising a gateway, which is the communication interface between the media aggregating node and the media rendering units comprised in the local network environment. The media aggregating node is further connected to first electronic device, which controls a media rendering unit, in the local network environment, and the media rendering upon it. The media aggregating node is further connected to a second electronic device or to a set of second electronic devices, which can be associated with a second user. The media aggregating node receives an instruction, from the first electronic device to authorize a second electronic device to control the media rendering unit. Thereafter, the media aggregating node authorizes the second electronic device to control the media rendering unit. After being authorized by the media aggregating node, the second electronic device can control the media rendering unit and the media rendering upon it. Furthermore, methods for first and second electronic devices, as well as first and second electronic devices are provided. | 08-08-2013 |
| 20130212646 | Usage authentication via intercept and challege for network services - A security broker (SB) that provides network based authorization of secure VoIP services, triggered upon attempted user access. The security broker (SB) intercepts a SIP transaction during session setup to transmit a network based security challenge to a SIP application attempting to access (secure) IP based services. A network based security challenge is transmitted to a participating SIP application on both the origination and termination legs of a SIP transaction. The network based security challenge prompts a SIP application to return subscriber authorization/authentication credentials (e.g. a username/password combination). If credentials returned by the SIP application are valid, the security broker (SB) authorizes the network to permit session completion, and access to secure IP services is granted. Alternatively, if credentials returned by the VoIP application are invalid, the security broker (SB) terminates the corresponding session attempt, hence preventing unauthorized access to (secure) IP based services. | 08-15-2013 |
| 20130212647 | METHOD FOR OPENING A SESSION OF A MACHINE BELONGING TO A MACHINE SET - A method for opening a session of a first machine using a session checking service for a set of machines including the first machine and a second machine, the second machine including a security service, the method including: receiving a request to open a session on the first machine, the request including an item of identification information of a user; verifying that the item of identification information is associated with an item of identification data of the second machine in a repository; checking that the user has the right to open a session on the first machine; if the verification and check are positive, sending a session status modification request of the second machine to the security service of the second machine; and if the session status of the second machine is modified, sending a request to authorize opening of a session to the first machine; and storing the identification information item that is associated with an item of identifying data of the first machine in the repository. | 08-15-2013 |
| 20130212648 | Automatic System Replication and Server Access Using Authentication Credentials and Data Files Supplied by a Local Handheld Device and Common Session Level Software - In certain embodiments, the system of the invention automatically replicates a user's personal computing environment and provides associated remote server access using authentication credentials and data files supplied by a local handheld device as coordinated by session level software common to the handheld device, the replicated system, the system on which the replication occurs, and the remote servers. The application enables a handheld computing device to transfer a user's various online account credentials to a user's other computing devices securely and automatically. Thereafter the other computing device accesses a user's cloud-based storage and various on-line accounts and also pulls selected documents, bookmarks and related information directly from a user's handheld. The other computing device thereby essentially becomes a clone of a user's primary personal computer, complete with bookmarks, email account access, documents in a user's desktop and My Documents folder, pictures, music, and on-line content subscription access. | 08-15-2013 |
| 20130212649 | SECURE MECHANISM FOR OBTAINING AUTHORIZATION FOR A DISCOVERED LOCATION SERVER - Methods and apparatuses are presented for obtaining authorized access from a terminal to a discovered location server. The methods may include switching from a first network that does not support authenticated access from the terminal to a home location server to a second network that does support authenticated access from the terminal to the home location server. Authenticated access to the home location server may be obtained using the second network. Authorization for the discovered location server may then be obtained from the home location server. The terminal may then switch from the second network back to the first network. The terminal may then access the discovered location server using the first network based on the obtained authorization from the home location server. | 08-15-2013 |
| 20130212650 | DISTRIBUTION OF VARIABLY SECURE RESOURCES IN A NETWORKED ENVIRONMENT - A method of receiving a request to access a plurality of resources and determining whether a first resource of the plurality of resources is associated with a different authorization requirement than at least one second resource of the plurality of resources. In response to determining that the first resource of the plurality of resources is associated with a different authorization requirement than the at least one second resource of the plurality of resources, determining whether the request includes the authorization requirement for the first resource and the authorization requirement for the second resource. In response to determining that the request includes the authorization requirement for the first resource and the authorization requirement for the second resource, providing access to the first resource and the at least one second resource. | 08-15-2013 |
| 20130212651 | Double Authentication for Controlling Disruptive Operations on Storage Resources - A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied. | 08-15-2013 |
| 20130212652 | DEVICE AUTHENTICATION WITHIN DEPLOYABLE COMPUTING ENVIRONMENT - A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket). | 08-15-2013 |
| 20130219468 | Connection Leasing for Hosted Services - Aspects herein describe brokering hosted resources in a virtual desktop infrastructure (VDI) using connection leases to reduce demand on connection brokers and to allow hosted services to be maintained even in the event of a broker outage. When a client device desires to connect to a hosted resource (e.g., a hosted desktop or a hosted application), the client device may present a lease token to the session host. The lease token is a self-sustaining package of data from which a session host can determine whether the requesting client device is authorized to access one or more resources hosted by that session host. The lease token may be cryptographically signed to ensure its contents have not been altered, and further that the lease token originated from a trusted source. Lease tokens may be stored independently from a connection broker, thereby still being usable if the connection broker goes offline | 08-22-2013 |
| 20130219469 | MOBILE DEVICE IDENTIFY FACTOR FOR ACCESS CONTROL POLICIES - A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway. | 08-22-2013 |
| 20130219470 | SYSTEMS AND METHODS FOR INTEGRATION OF BUSINESS APPLICATIONS WITH ENTERPRISE CONTENT MANAGEMENT SYSTEMS - Various arrangements for managing access to unstructured data are presented. A plurality of access requests may be received from a plurality of remote computer systems to a plurality of business entities stored by a content management server. In response to receiving a request for access to a business entity of the plurality of business entities stored by a content management server from a remote computer system, an identifier request may be transmitted to the content management server. A response from the content management server may be received in response to the identifier request. A resource locator that comprises the identifier may be created. The resource locator may be transmitted to the remote computer system for use in accessing the business entity. | 08-22-2013 |
| 20130219471 | ESTABLISHING CONNECTIVITY BETWEEN AN ENTERPRISE SECURITY PERIMETER OF A DEVICE AND AN ENTERPRISE - A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device. | 08-22-2013 |
| 20130219472 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND NETWORK STORAGE APPLIANCE - An authentication system, an authentication method, and a network storage appliance are provided. The authentication system includes a client electronic device, the network storage appliance having an authentication proxy, and a directory server having an authentication service module and an account database. The client electronic device selects a data access service and transmits an encrypted data and a user data to the network storage appliance. The authentication proxy packs the encrypted data and the user data into an authentication login information and transmits the authentication login information to the directory server. The authentication service module receives the authentication login information and performs decryption and comparison on the authentication login information according to a corresponding authentication protocol and a corresponding account information in the account database, so as to determine whether the authentication is successful. Then, the authentication service module transmits an authentication response to the network storage appliance. | 08-22-2013 |
| 20130219473 | CONTROLLING ACCESS - To provide access to an account in an apparatus in response to a request to the account, the apparatus creates and forwards a challenge for this request and waits for a token signed by a centralized signing entity for the account, the token comprising access enabling data. When such a token is received, the apparatus validates the token, and only if the validation succeeds, enables access to the account. | 08-22-2013 |
| 20130219474 | METHOD AND SYSTEM FOR PROVIDING SERVICE ACCESS TO A USER - A method and system for providing service access to a user, includes the steps of:
| 08-22-2013 |
| 20130219475 | PORTABLE IDENTITY RATING - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores. | 08-22-2013 |
| 20130219476 | Authentication routing system and method for cloud computing service and authentication router - The disclosure discloses an authentication routing system and method for a cloud computing service and an authentication router. The method comprises the following steps: an authentication router registers a cloud computing service and saves the registration information of a cloud computing service registered successfully ( | 08-22-2013 |
| 20130227651 | METHOD AND SYSTEM FOR MULTI-FACTOR BIOMETRIC AUTHENTICATION - An approach for enabling multi-factor biometric authentication of a user of a mobile device is described. A biometric authenticator captures, via a mobile device, first and second biometric data for a user. The biometric authentication further associates the first biometric data and the second biometric data. The biometric authenticator then initiates a multi-factor authentication procedure that utilizes the first biometric data and the second biometric data to authenticate the user based on the association. | 08-29-2013 |
| 20130227652 | TERMINAL AND METHOD FOR ASSIGNING PERMISSION TO APPLICATION - A terminal to assign permission to an application includes a storage device to store an application list including information of applications authorized to receive manager permission, and an application processor to receive a request for the manager permission from the application and to determine to allow the manager permission to the application in response to a determination that the application is included in the application list. A method that uses a processor to assign permission to an application includes receiving a request for manager permission from the application, determining, using the processor, whether the application is included in an application list including information of applications authorized to receive manager permission, and determining whether to allow the manager permission to the application if the application is included in the application list. | 08-29-2013 |
| 20130227653 | SYSTEM AND METHOD FOR STREAMLINED REGISTRATION OF PRODUCTS OVER A COMMUNICATION NETWORK AND FOR VERIFICATION AND MANAGEMENT OF INFORMATION RELATED THERETO - The system and method of the present invention to provide at least one unique identification code (UID) registration center comprises of plural authorized parties' account. Each account comprises at least one product data file with UID, in which UID is associated with a product, to enable over at least one communication network (such as cloud computing), to access, verify, edit, transfer, transmit, and/or otherwise manage at least one information item, including ownership right related to the product transfer between each party, etc. application corresponding to registered products in the UID registration center. Also enable product to product (machine to machine) data exchange each other, which is part of Internet of Thing application. | 08-29-2013 |
| 20130227654 | SYSTEM AND METHOD FOR CONCURRENT SESSIONS IN A PEER-TO-PEER HYBRID COMMUNICATIONS NETWORK - An improved system and method are disclosed for peer-to-peer communications. In one example, the method provides for concurrent sessions to be maintained by multiple endpoints. | 08-29-2013 |
| 20130227655 | TICKET-BASED CONFIGURATION PARAMETERS VALIDATION - Aspects describe spectrum authorization, access control, and configuration parameters validation. Devices in an ad-hoc or peer-to-peer configuration can utilize a licensed spectrum if the devices are authorized to use the spectrum, which can be determined automatically. Aspects relate to distribution of authorization tickets by an authorization server as a result of validating a device's credentials and services to which the device is entitled. An exchange and verification of authorization tickets can be performed by devices as a condition for enabling a validated wireless link using the spectrum. | 08-29-2013 |
| 20130227656 | METHOD AND APPARATUS FOR ACCESS CREDENTIAL PROVISIONING - A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided. | 08-29-2013 |
| 20130232552 | Automatic Context Sharing with Privacy - The subject disclosure is directed towards a technology by which a computing device user may share context-related information (e.g., including current activity) with other recipient machines. A requestor may request to peek at a user's context, and if the requestor is valid (pre-approved by the user), a response based on context-related information is sent, which may be via a cloud service. The response may be filtered and/or adjusted based upon the identity of the requestor and other information associated with that identity, e.g., filtering criteria set by the user. Also described is notifying the user of the peek request, and logging information corresponding to the request and response. A broadcast message may also be sent by the device to share context without waiting for a peek request. | 09-05-2013 |
| 20130232553 | MANAGED MOBILE MEDIA PLATFORM SYSTEMS AND METHODS - An exemplary system includes 1) a mobile computing device provided by a vertical solution provider for use by a customer of a industry service provider to access one or more services provided by the industry service provider and 2) a mobile media platform provider subsystem operated by the vertical solution provider and configured to communicate with the mobile computing device. The mobile media platform provider subsystem and the mobile computing device are configured to provide a mobile media platform managed by the vertical solution provider and configured to facilitate the use of the mobile computing device by the customer to access the one or more services provided by the industry service provider. Corresponding systems and methods are also disclosed. | 09-05-2013 |
| 20130232554 | System and Method for Connecting Client Devices to a Network - A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation. | 09-05-2013 |
| 20130232555 | SYSTEMS AND METHODS FOR INTER-NETWORK SERVICE SELECTION - Systems, methods, and devices for inter-network service selection are described herein. Through the use of one or more of device identifiers and device classes, information including a randomization metric can be transmitted to networked devices indicating which devices and/or device classes are permitted or denied to access a given network service. Equipment seeking access may alter the selection based on this information. Equipment providing access may enforce access request based on this information. As an example, selection between eHRPD and LTE may be load balanced based on device class or identifiers. | 09-05-2013 |
| 20130232556 | SETTING METHOD, DEVICE AUTHENTICATION METHOD, DEVICE AUTHENTICATION SYSTEM, AND CONTROLLER - A method of setting which includes: obtaining, from a smart meter, an ID of the smart meter; obtaining, from a HEMS-controller, an ID and a certificate of the HEMS-controller and an ID and a certificate of an appliance controlled by the HEMS-controller; generating management information in which the ID of the smart meter, the ID and the certificate of the HEMS-controller, and the ID and the certificate of the appliance are associated with one another; and transmitting, based on the management information, the ID and the certificate of the HEMS-controller and the ID and the certificate of the appliance which are associated with the ID of the smart meter, to the smart meter. | 09-05-2013 |
| 20130232557 | SERVICE USAGE MANAGEMENT METHOD, RECORDING MEDIUM, AND INFORMATION PROCESSING DEVICE - A service usage management method executed by an information processing device, the service usage management method includes receiving, from a terminal device used by a user, a piece of authentication information which authenticates a user's right to use a service provided by a device as an issuing source and includes a number of times of issuing processing for issuing, based on a piece of authentication information, another piece of authentication information and an identifier of the device as the issuing source, generating the authentication information which includes the number of times of addition of adding one to the number of times indicated in the received authentication information and the identifier of the information processing device and authenticates the user's right to use the service provided by the information processing device, and transmitting the generated authentication information to the terminal device. | 09-05-2013 |
| 20130232558 | SYSTEM FOR COMMUNICATING WITH A MOBILE DEVICE SERVER - A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium operating in a mobile device server that has computer instructions to execute a web server application at the mobile device server. The web server application can be operable to detect a media resource center while roaming in a communication zone of the media resource center and to transmit a pairing key to the media resource center responsive to acquiring communication access to the communication zone. The web server application can be further operable to receive from the media resource center an indication that a roaming charge will be applied to a subscriber account associated with the mobile device responsive to the media resource center identifying from the pairing key that the mobile device server is a guest device. Other embodiments are disclosed. | 09-05-2013 |
| 20130232559 | Secure Route Discovery Node and Policing Mechanism - A computer implemented method for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level. | 09-05-2013 |
| 20130232560 | METHOD, DEVICE AND SYSTEM FOR VERIFYING COMMUNICATION SESSIONS - A method, device and a system for verifying a communication session are provided. The method comprises: establishing another session with a user-side device at a network device or at another network device associated with the network device before providing proprietary information of a user in a communication session established between the user-side device and the network device; in the another session, sending private identification information of the user to the user-side device; wherein, the verification can be based on a determination by the user on the consistence between the received private identification information and private identification information previously set by the user. | 09-05-2013 |
| 20130239176 | METHOD AND SYSTEM FOR MULTI-TIERED DISTRIBUTED SECURITY AUTHENTICATION AND FILTERING - Multi-tiered distributed security authentication and filtering. One embodiment comprises managing user access to one or more computing resources, by centrally maintaining user subscription information comprising user authentication information and system authorization information, and providing relevant subscription information from the user subscription information to one or more remote computing systems. Managing user access further includes, in a remote computing system, authenticating a user login to the remote computing system based on user authentication information from said relevant subscription information, and upon user authentication, selectively authorizing user access to computing resources of the remote computing system based on system authorization information from said relevant subscription information. | 09-12-2013 |
| 20130239177 | CONTROLLING ENTERPRISE ACCESS BY MOBILE DEVICES - A system comprising at least one component running on at least one server and receiving vulnerability data and, for each device of a plurality of devices, device data that includes data of at least one device component. The system includes a trust score corresponding to each device of the plurality of devices and representing a level of security applied to the device. The trust score is generated using a severity of the vulnerability data. The system includes an access control component coupled to the at least one component and controlling access of the plurality of devices to an enterprise using the trust score. | 09-12-2013 |
| 20130239178 | SYSTEM AND METHOD FOR EXPANDING, AMALGAMATING, SELECTIVELY UTILIZING AND TRANSFORMING ACCESS TO NETWORKING WEBSITES AND USER INFORMATION THEREIN - Systems and methods of expanding and enhancing the usefulness and accessibility of networking site and member user information therein are disclosed. An e-mailer, instant messenger, text messenger, blogger or other user with accounts at one or more sites (Sender) provides a recipient with access to the site or sites (or Sender's information therein) through a link, software tool, or the like. Alternatively, Recipients are given access to the networking site through an Aggregator site. The Aggregator site may or may not be part of the networking website. Control of access is determined by the Sender or networking site. An amalgamation or best of sites-social networking site can be utilized with embodiments of the disclosure. The amalgamation site is a filtered website that provides information put on other sites. | 09-12-2013 |
| 20130239179 | APPARATUS, SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING PROGRAM - An apparatus with a single function or plural functions includes a user information receiving unit that receives user information about a user; a request unit that requests use permission information from a server; a receiving unit that receives the use permission information transmitted from the server; a memory that stores the received use permission information; a use permission determining unit that performs a first determination process and a second determination process; and an operation controller that, when the use of the function is permitted in the first determination process, performs control such that operations other than a predetermined operation are available before the second determination process is performed and, when it is determined that the function permitted to be used in the first determination process is also permitted to be used in the second determination process, performs control to permit the user to use all operations of the function. | 09-12-2013 |
| 20130239180 | WEB-BASED CONFERENCE COLLABORATION TOOL WITH DYNAMIC CONTENT AND ROLES - A conference collaboration system has a server connected to a network and configured to generate a page view requested by a client device over the network and provide dynamic content associated with the requested page view for display on the device; and a database configured to store the dynamic content, update the dynamic content in response to commands from the server, and provide the dynamic content to the server in response to requests from the server, wherein the dynamic content is associated with a plurality of services, each shown in a page view, and the dynamic content and the services are associated with a conference. The server can determine an authorization level of a user interacting with the client device and provide a page view and dynamic content in response to the authorization level, and the dynamic content is updated or created in response to or for actions during the conference. | 09-12-2013 |
| 20130239181 | SECURE TUNNELING PLATFORM SYSTEM AND METHOD - A system identifies a user, even a user behind a wireless router, and provides a virtual tunnel over the internet for communication with the user. A data center at an Internet Service Provider may work in concert with a central data center to authenticate the user and to provide access, for example using a layer 2 tunneling protocol and a point-to-point data (PPP) link protocol. A layer 2 tunneling protocol network server (LNS) may provide public IP address translation services. | 09-12-2013 |
| 20130239182 | NETWORK SECURITY AND FRAUD DETECTION SYSTEM AND METHOD - A system and method to detect and prevent fraud in a system is provided. The system may uniquely identify physical devices connecting to a network, register unique devices, track end-user logins, associate end-user accounts with specific devices, and share information with multiple network service providers is described. | 09-12-2013 |
| 20130239183 | CONTENT TRANSMITTER, CONTENT TRANSMITTING METHOD AND PROGRAM - A content transmitter transmits content over a network, and includes: an input section configured to obtain the content, a first kind of information indicating, based on at least one of the destination and transmission method of the content, whether transmission of the content is permitted or not, and a second kind of information specifying the destination of the content; a control section configured to determine, by reference to the first and second kinds of information, whether or not to transmit the content to the destination and rewrites the first kind of information; and an output section configured to output the content and the first kind of information that has been rewritten. | 09-12-2013 |
| 20130239184 | Method and System for Controlling a Safe from a Remote Computing Device - Systems and methods for controlling a safe are disclosed. The system includes a safe having one or more networked devices, a mobile computing device, and a virtual safe controller server (VCF). The VCF server is configured to initiate a control session of the safe, determine a role of the user, transmit an instruction to the mobile computing device indicating one or more graphical user interfaces to display based on the role of the user, receive a command from the mobile computing device via the network, and transmit the command to the networked device over the network. The control session provides a user of the mobile computing device control of the networked devices. The role of the user is indicative of actions that the user has permission to perform on the networked devices. The command indicates a commanded action to be performed on a networked device. | 09-12-2013 |
| 20130247149 | Internet protocol address authentication method - A method for secure authentication is provided which includes having a user who wishes to gain access to a computer or computer network have the IP address associated with the device to which the user wishes to gain access be in a whitelist of IP addresses associated with the user computer account. If the IP address is not associated initially with the user's computer account, the user is presented with a contact address, e.g., a telephone number, which a user uses to be presented with secondary authentication questions. Upon the user answering the secondary authentication question(s) correctly, the IP address of the user is added to the whitelist of IP addresses associated with the user's computer account and the user is provided access to the user account. | 09-19-2013 |
| 20130247150 | WIRELESS COMMUNICATION USING CONCURRENT RE-AUTHENTICATION AND CONNECTION SETUP - A method includes generating at least one of a re-authorization request or a re-authentication with an extensible authentication protocol. The method also includes generating an upper layer message. The method further includes bundling the upper layer message and the least one of the re-authorization request or the re-authentication request as an association request. The method further includes transmitting the association request to an access point. | 09-19-2013 |
| 20130247151 | Communication Privacy - An apparatus comprises: one or more terminals coupled to a packet-based network, installed with a first instance of a communication client application of a first user and a second instance of the communication client application of said first user, the communication client application being configured so as when executed to enable the first user to communicate with other users by means of a first communication system implemented over the packet-based network. The apparatus comprises a controller coupled to the packet-based network and arranged to maintain separate privacy settings for each of the first and second instances, and thereby control the privacy of the first user in relation to the other users within the first communication system in dependence on which of the first and second instances is active. | 09-19-2013 |
| 20130247152 | ACCESS DEVICE, ACCESS SYSTEM AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an access device includes a first obtaining unit configured to obtain a first authorization as user authorization; and a second obtaining unit configured to obtain a second authorization as authorization other than the user authorization through communication with a server via an external network. The access device also includes an accessing unit configured to access a function of an access target device via a local network by using the first authorization and the second authorization. | 09-19-2013 |
| 20130247153 | ELECTRONIC APPARATUSES AND METHODS FOR ACCESS CONTROL AND FOR DATA INTEGRITY VERIFICATION - Improved access control systems ( | 09-19-2013 |
| 20130247154 | MANAGING CONNECTIONS IN A DATA STORAGE SYSTEM - Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device. | 09-19-2013 |
| 20130247155 | APPLICATION IDENTITY DESIGN - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. | 09-19-2013 |
| 20130247156 | Method For Setting Up An Access Level For Use Of A Software Sytem, And Computer Program Products And Processor Devices Thereof - A method for setting up an access level for use of a software system including different levels of user accesses. The method includes the steps of: using a first user login to log in to the software system, the first user login having a first access level including a first set of permissions; using a second user login to log in to the software system, the second user login having a second access level including a second set of permissions; and combining the permissions of the first set of permissions and the second set of permissions in the software system, thereby setting up the access level for the use of the software system, the access level including the combined permissions of the first set of permissions and the second set of permissions. The invention also relates to computer program products and processor means. | 09-19-2013 |
| 20130254847 | IDENTITY SERVICES FOR ORGANIZATIONS TRANSPARENTLY HOSTED IN THE CLOUD - Embodiments of the invention are disclosed for establishing single identity/single-sign on (SSO) on a cloud computing platform. In an embodiment, a user is validated to the cloud computing platform, and identifies a domain. After establishing that the user has control of the domain, the cloud computing platform configures a directory service for the domain. The user may then use the directory service on the cloud computing platform to log in to his or her computer, as well as software services hosted on the cloud computing platform. | 09-26-2013 |
| 20130254848 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO A RESOURCE - Methods, devices, and computer-readable storage media are provided. In some embodiments, a server receives from a browser on a client a request to access a first web page. In response to receiving the request, the server sends to the client a second web page including an embedded executable program configured to run within the browser on the client, wherein the embedded executable program, when executed on the client, is operable to obtain a ticket-granting ticket stored on the client and send the ticket-granting ticket to the server. The server receives the ticket-granting ticket from the embedded executable program on the client. Furthermore, the server determines whether a user associated with the ticket-granting ticket is authorized to access the first web page. In response to determining that the user is authorized to access the first web page, the server grants the requested access to the first web page. | 09-26-2013 |
| 20130254849 | Bypass Login for Applications on Mobile Devices - In one embodiment, a social-networking system authenticates a user of a mobile device, receives a request from the mobile device to install a software application, transmits data to the mobile device comprising the software application and an installation identifier (ID), receives another request including the installation ID from the mobile device to authorize the software application, evaluates the installation ID for validity, and transmits yet another response to the mobile device in accordance with the evaluation. | 09-26-2013 |
| 20130254850 | Proxy Bypass Login for Applications on Mobile Devices - In one embodiment, an intermediate server receives a request with a secure ID to authorize a software application, transmits the secure ID to a social-networking system, receives an access token from the social-networking system indicating that the software application has been authorized, evaluates the access token for validity, and transmits a response to the mobile device indicating the software application is authorized. | 09-26-2013 |
| 20130254851 | COMPUTERIZED AUTHORIZATION SYSTEM AND METHOD - A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity. | 09-26-2013 |
| 20130254852 | PROVIDING MULTIPLE AUTHENTICATIONS TO AUTHENTICATE USERS WITH RESPECT TO A SYSTEM AND FILE SYSTEMS OFFERED THROUGH THE SYSTEM - Provided are a method, system, and computer program product for providing multiple authentications to authenticate users with respect to a system and file systems offered through the system. A request is received from a user to access a system, wherein the system provides access to a plurality of file systems. A first authentication of the user with respect to the system is performed. In response to success of the first authentication with respect to the system, a request by the user is received to access a selected one of the file systems. A second authentication is performed of the user with respect to the selected file system. The user is allowed access to the selected file system in response to success of the second authentication. | 09-26-2013 |
| 20130254853 | SYSTEM AND METHOD FOR PEER-TO-PEER HYBRID COMMUNICATIONS - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables two endpoints to directly establish and maintain a communication session after authenticating with an access server. | 09-26-2013 |
| 20130263221 | METHOD AND APPARATUS FOR ENTERPRISE-LEVEL FILTERED SEARCH - A method for a secure search in a computerized system having a storage, comprising searching for objects in the storage of the computerized system according to search criteria provided by a user wherein the criteria comprise at least one attribute of the objects, identifying objects that meet the criteria and displaying representations respective of identified objects that are accessible to the user, and an apparatus for performing the same. | 10-03-2013 |
| 20130263222 | COMPUTER SYSTEM AND SECURITY MANAGEMENT METHOD - With a plurality of computer apparatuses connected to a network, operation log information, including an operation type and an output destination of a file, and acquisition source information indicating an acquisition source of the file are recorded based on a user's input/output operation; the acquisition source information is managed by relating it with an access authority over the acquisition source of the file; when the operation log information for the user's output operation exists in the operation log information, a range of the access authority over the acquisition source of an output target file, which is a target of the user's output operation, and an addressee user who can access an output destination of the output target file are specified; whether or not the addressee user belongs to the range of the access authority over the acquisition source of the output target file is judged; and if a negative judgment result is obtained, risk information indicating that the user's output operation is an output outside the range of the access authority. | 10-03-2013 |
| 20130263223 | SYSTEMS AND METHODS OF PERFORMING LINK SETUP AND AUTHENTICATION - Systems and methods of performing link setup and authentication are disclosed. A first method utilizes an unprotected association request and an association response that includes an access point nonce (ANonce). A second method includes receiving, during a first link setup using a first ANonce, a second ANonce for use in a second link setup. A third method utilizes a temporary key to protect an association request. A fourth method includes generating an ANonce at a mobile device based on an ANonce-seed received from an access point. | 10-03-2013 |
| 20130263224 | System And Method For Checking The Authenticity Of The Identity Of A Person Accessing Data Over A Computer Network - A data processing system ( | 10-03-2013 |
| 20130263225 | SERVER DEVICE, INFORMATION PROVIDING METHOD, AND INFORMATION PROVIDING SYSTEM - A server device includes a memory and a processor coupled to the memory. The processor executes generating a list in which a privilege of which the number of accesses in a specified time period is larger than a predetermined reference value is associated with an attribute of a member who accessed the privilege more times than the predetermined reference value by reference to the memory. The processor executes estimating, when the server device has accepted access to a membership site from a user, an attribute of the user from a time of the access to the membership site or a site that the user accessed before the access to the membership site. The processor executes extracting a privilege associated with the attribute, and notifying the user of the extracted privilege. | 10-03-2013 |
| 20130263226 | False Banking, Credit Card, and Ecommerce System - A false banking, credit card, and ecommerce system provides a family of inter-related computer software programs and processes that can a) generate and distribute seemingly valid false credentials that are made available to be “stolen” by criminals, b) provide an assortment of seemingly valid websites, business servers, or ecommerce sites that will apparently accept the false credentials, and c) track each use and provide trace information for use by law enforcement to apprehend and prosecute cyber offenders. | 10-03-2013 |
| 20130263227 | SECURE COMMUNICATION SYSTEMS AND METHODS - Systems and methods for determining whether a communication session is authorized are provided. In some aspects, a method includes initiating a communication session between a first user and a second user, and obtaining an identity attribute associated with a third user engaged in the communication session. The method also includes determining whether the third user is the first user, the second user, or an unauthorized user based on the obtained identity attribute. The method also includes determining whether the communication session is authorized based on whether the third user is determined to be the first user, the second user, or the unauthorized user. | 10-03-2013 |
| 20130263228 | DOCUMENT BROWSING SYSTEM, CONTROLLING METHOD THEREFOR, AND DATA SERVER - A method (and system and server) in which, when a mobile phone unauthorized by a data server requests an access to a document stored in the data server, the unauthorized mobile phone sends a request for access permit to an authorized mobile phone. The authorized mobile phone sends back information for temporary access to the unauthorized mobile phone. On the basis of the information for temporary access, the unauthorized mobile phone transmits a request for temporary access to the data server, upon which the data server transmits information for judgment to the authorized mobile phone. On the basis of the information for judgment, the authorized mobile phone judges whether the unauthorized mobile phone should be permitted an access to the requested document. The unauthorized mobile phone is granted a temporary access to the requested document if the document is currently displayed on the authorized mobile phone. | 10-03-2013 |
| 20130263229 | CONTROL SYSTEM, CONTROLLED APPARATUS, AND OPERATION CONTROL METHOD - A control system includes a controlled apparatus and a portable terminal apparatus that controls the controlled apparatus. The controlled apparatus includes an authentication code generating unit that generates an authentication code and an authentication code output unit that outputs the generated authentication code. The portable terminal apparatus includes a code input unit that inputs a code and a code transmitting unit that transmits the input code to the controlled apparatus. The controlled apparatus further includes a determining unit that determines whether the code transmitted from the code transmitting unit is the authentication code output from the authentication code output unit and whether a first period has elapsed since generation of the authentication code and a permission unit that permits control using the portable terminal apparatus in response to determination that the transmitted code is the output authentication code and the first period has not elapsed. | 10-03-2013 |
| 20130263230 | METHOD AND SYSTEM FOR STATISTICAL ACCESS CONTROL WITH DATA AGGREGATION - Multiple-choice survey is used to increase probability that action is caused by a human user, not by an automated software script. Survey contains some answers that no human user would select, but also more than one correct answer. The answer selected by the user from many correct answers is used as an indication of interest to related subject and/or to display related advertisement. Multiple multi-choice surveys can be presented to the same user over time, to decrease probability of a robot randomly selecting correct answers. | 10-03-2013 |
| 20130263231 | AUTHENTICATION SYSTEM AND METHOD FOR OPERATING AN AUTHENITICATION SYSTEM - An authentication system for authenticating a human requester requesting a service, wherein the authentication system is configured to establish via a first and a second port of the authentication system an authentication communication channel comprising a first communication channel to the requester and a second communication channel to a human authenticator, such that at least one of an audio stream of a voice of the requester, a video stream of a face of the requester and a 3D-data stream of the face of the requester is transmittable between the end node device of the requester and the end node device of the authenticator; and to record a confirmation message of the authenticator, wherein the confirmation message confirms or rejects at least one of the claimed identity and the requested service. | 10-03-2013 |
| 20130263232 | METHOD AND DEVICE FOR PROXY ACCESS OF OPEN PLATFORM - Disclosed are a method and device for a proxy access of an open platform for solving technical problems that resource occupancy is excessive, a password security is low, and a local file cannot be uploaded. In the present invention, an official application is established in a user terminal, and the official application interacts with the open platform by an SDK provided by the open platform; the official platform is bound by applying for a protocol with the URL format from an operating system of the user terminal, and provides an interaction interface for the third party application through the protocol with the URL format. Therefore, the present invention reduces the system resource which the third party application occupies in the user terminal and the development cost of the third party application, and protects the security of the user's account. | 10-03-2013 |
| 20130268999 | DEVICE PINNING CAPABILITY FOR ENTERPRISE CLOUD SERVICE AND STORAGE ACCOUNTS - Device pinning capabilities for cloud-based services and/or storage accounts are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, for authorizing synchronization of a synchronization client on a device with content associated with an account in the cloud-based service, responsive to determining that the device is on a list of devices that are authorized, and synchronizing the synchronization client on the device with the content associated with the account such that the content is also locally available for access on the device. The list of devices can be specific to and associated with devices for a user in the account and can be limited to an allowable number of devices for the account or a user associated with the account. | 10-10-2013 |
| 20130269000 | Verification in Wireless Local Area Network - A verification method or apparatus applied in a Wireless Local Area Network (WLAN) includes learning an Internet Protocol (IP) address assigned to a station; sending the IP address to a managing device that is managing the access device and receiving, from the managing device, a determination of whether the IP address is used by another station; and verifying a data packet sent by the station by using an IP address that is not used by another station as reported by the managing device. | 10-10-2013 |
| 20130269001 | EVOLVED PACKET SYSTEM NON ACCESS STRATUM DECIPHERING USING REAL-TIME LTE MONITORING - A monitoring system is coupled to interfaces in an LTE network and passively captures packets from the network interfaces. First data packets associated with an authentication and key agreement procedure are captured on a first interface. Second data packets associated with the authentication and key agreement procedure are captured on a second interface. Individual ones of the first data packets are correlated to individual ones of the second data packets based upon a same parameter. An authentication vector table is created comprising information from the correlated first data packets and second data packets, wherein entries in the table comprise authentication data for a plurality of security contexts. A cipher key is identified to decipher additional packets for the user. The cipher key can also be identified in case of Inter Radio Access Technology Handover by the user equipment. | 10-10-2013 |
| 20130269002 | Access Based Internet Protocol Multimedia Service Authorization - The described embodiments of the present invention include a method for controlling authorization of a multimedia service requested by a user device. In one embodiment, the method includes examining an identity of an access network associated with the user device and an identity of the service requested to determine whether the service is supported; authorizing resources in the access network required by the service if the service is supported; rejecting the service if the service is not supported and if a policy associated with the access network requires unsupported services to be rejected; and authorizing a default level of resources in the access network if the service is not supported and if the policy associated with the access network does not require unsupported services to be rejected. | 10-10-2013 |
| 20130269003 | REMOTE AUTHENTICATION SYSTEM - One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message | 10-10-2013 |
| 20130269004 | UNIFIED IDENTITY VERIFICATION - Apparatus, systems, and methods are disclosed that operate to register one time, at a server associated with an authenticating entity, information comprising an identity uniquely associated with an individual account owner and an account held by the authenticating entity. Further activity includes receiving an authentication request at the server from a requesting party to authenticate an unauthenticated individual purporting to be the individual account owner, and authenticating, by the server, the unauthenticated individual as the individual account owner by matching a token presented by the unauthenticated individual, to the identity. Responsive solely to the authenticating, only a selected portion of the information previously authorized by the individual account owner is provided for sharing with the plurality of selected requesting parties. Additional apparatus, systems, and methods are disclosed. | 10-10-2013 |
| 20130269005 | METHOD AND SYSTEM FOR CONTROLLING ESTABLISHMENT OF COMMUNICATION CHANNELS IN A CONTACT CENTER - A method for controlling establishment of a communication channel between a service provider terminal of a contact center and a service request terminal. Receipt of a request to establish the communication channel is responded to by determining whether a license for a media type associated with the communication channel is allocated to the service provider terminal. If a license is determined to be allocated to the service provider terminal, establishment of the communication channel is allowed. If a license is determined not to be allocated to the service provider terminal, availability of a license from a pool of licenses is determined. If a license is determined not to be available, establishment of the communication channel is refused. If a license is determined to be available, the license is allocated to the service provider terminal and establishment of the communication channel is allowed. | 10-10-2013 |
| 20130269006 | FILE VAULT AND CLOUD BASED DOCUMENT NOTARY SERVICE - In one embodiment, a trusted cloud service such as an “electronic vault” may store records of a consumer's electronic data file history. These documents may come from disparate providers and include financial statements and the like. The trusted vault cloud may act as an online notary to certify documents are legitimate and may be trusted. For example, a retailer may dispute whether the consumer paid a debt. To resolve the issue the retailer may access the cloud vault to retrieve a bank statement for the consumer, whereby the bank statement is electronically notorized by the vault cloud and is thus credible to the retailer. The retailer may then see proof the consumer had indeed paid a past debt to the retailer. Other embodiments are described herein. | 10-10-2013 |
| 20130276066 | AUTHORIZATION SHARING - A method relates to access control of shared resources on computer systems that have diverse system policies for access rights to resources. The method includes, on a source computer system with which a target computer system shares a resource, preparing user-authorization data for the shared resource in a flat file format as data tuples, line records or tables. This format makes the user-authorization data usable in computer systems with diverse system policies for access rights to resources. The method further includes authorizing user access to the shared resource on the target computer system based on the user-authorization data prepared in flat file format by the source computer system. | 10-17-2013 |
| 20130276067 | SYSTEM FOR PROVIDING MOBILE DATA SECURITY - A system transfers applications and datasets (files) from a server to a client device and assigns to each file a lease key that will expire at a specified time. A file cannot be accessed unless its lease key is validated. Upon expiration of a lease key, the client device will connect to the server to determine if the lease key may be renewed. If the lease key may be renewed, a new lease key is created and access to the associated application or dataset is restored. If the lease key may not be renewed, the file may be deleted or rendered inaccessible. If rendered inaccessible, the file may be restored in the future without having to re-transmit it from the server to the client device. The server may also revoke a lease key before it expires. | 10-17-2013 |
| 20130276068 | METHODS AND SYSTEMS FOR GENERATION OF AUTHORIZED VIRTUAL APPLIANCES - In one embodiment, a virtual appliance generation system receives from a client via a communications link a selection identifier associated with a capability of a virtual appliance module, accesses an authorization value associated with the capability of the virtual appliance module in response to the receiving, and stores an identifier of the capability of the virtual appliance module within a virtual appliance descriptor. The authorization value is also stored within the virtual appliance descriptor. A digest based on the virtual appliance descriptor is generated and a virtual appliance container including a portion of the virtual appliance module, the virtual appliance descriptor, and the digest is generated. The virtual appliance generation system then provides the virtual appliance container to the client. | 10-17-2013 |
| 20130276069 | INTERNET IDENTITY MANAGEMENT - Provided are systems and methods method for management of identity and relationships and more particularly to methods and systems for establishing and verifying the authority of a point of presence (POP) or another identity on the web to affirm a representation of an entity or individual. | 10-17-2013 |
| 20130276070 | CROSS INSTANCE USER AUTHENTICATION ARCHITECTURE - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing a cross instance user authentication architecture in an on-demand service environment including, for example, means for receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request received at the global VIP address to one of a plurality of datacenters within the host organization; determining the selected datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the home-geo datacenter responsive to the login request received from the computing device; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter, wherein the response specifies a re-direct to the home-geo datacenter for the user. Other related embodiments are disclosed. | 10-17-2013 |
| 20130276071 | METHOD AND SYSTEM FOR PROVIDING INTERNET SERVICES - A service integration platform system for providing Internet services includes: an interface configured to receive a service request message that is initiated by a user of an application provided by an Independent Software Vendor (ISV), the service request message being implemented according to an Application Programming Interface (API) type and including a plurality of platform-level parameters that conform to the API type. The system further includes one or more processors coupled to the interface, configured to: locate a set of authentication checks that are appropriate for the API type, based at least in part on the plurality of platform-level parameters included in the service request message and a mapping of predefined combinations of platform-level parameters and corresponding sets of authentication checks; perform authentication of the service request according to the set of authentication checks; and route the service request to a service address of the Internet Service Provider (ISP) in the event that the service request is authenticated. | 10-17-2013 |
| 20130276072 | Method for Enabling Exchange of User Profiles Between a Visited Network and a Home Network - The invention relates to a method ( | 10-17-2013 |
| 20130283350 | ACCESS AUTHORIZATION - Methods, systems, and computer-readable media with executable instructions stored thereon for managing access authorization to hardware and data resources. A method includes defining a property of a hardware and/or data resource. This example method further includes defining a role such that each defined role can be applied to different users without modification, defining a security domain for the property of the resource in the context of a user-role assignment and assigning a role to a user in a context of the defined security domain. | 10-24-2013 |
| 20130283351 | METHOD AND APPARATUS FOR CONFIGURING SERVICES BASED ON TOUCH SELECTION - An approach is provided for configuring one or more mobile devices to one or more services associated with at least one structure based on various contexts, access criteria, and/or security levels. The access platform determines proximity information of one or more devices with respect to at least a first access point, a second access point, or a combination thereof associated with at least one structure. The access platform next processes and/or facilitates a processing of the proximity information to determine one or more roles, one or more accesses, one or more rights, or a combination thereof. The access platform then determines one or more services to make available based, at least in part, on the one or more roles, the one or more accesses, the one or more rights, or a combination thereof. | 10-24-2013 |
| 20130283352 | METHODS, APPARATUSES AND ARTICLES FOR IDENTIFYING AND AUTHORIZING LOCATION SERVERS AND LOCATION SERVICES USING A PROXY LOCATION SERVER - Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, a location server may comprise a proxy location server for an authorizing location server and may indicate one or more other location servers as being authorized for location service related access by a mobile device. | 10-24-2013 |
| 20130283353 | SECURE ZONE FOR SECURE PURCHASES - An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask. | 10-24-2013 |
| 20130283354 | SELECTIVE CROSS-REALM AUTHENTICATION - A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm. | 10-24-2013 |
| 20130283355 | ELECTRONIC APPARATUS AND COMMUNICATION CONTROL METHOD - According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device. | 10-24-2013 |
| 20130283356 | ROLE-BASED ATTRIBUTE BASED ACCESS CONTROL (RABAC) - Systems and methods are disclosed for receiving an access request from a user device, the access request including an identity claim for a user; evaluating a risk of access based on matching an attribute of the user device with attributes stored in a user information database; authenticating the access request based on the identity claim and the risk evaluation to determine an authentication confidence level; generating a token based on the confidence level and the attribute matched; producing an authorization response based on inputs from the token, a risk based access control, a role based access control, and an attribute based access control, in which the authorization response determines whether to allow access to a system, deny access to the system, or request additional input from the user device. | 10-24-2013 |
| 20130283357 | CONTENT MANAGEMENT SYSTEM, MANAGEMENT SERVER, MEMORY MEDIA DEVICE AND CONTENT MANAGEMENT METHOD - A terminal device | 10-24-2013 |
| 20130291062 | Secure Administration of Virtual Machines - Methods and systems for performing secure administration of virtual domain resource allocation are provided herein. A cloud service provider (CSP) may provide instances of virtual machines to one or more contracting user entities. The cloud service provider may store an authorization database identifying one or more resources (e.g., storage, CPU, etc.) that each of the different contracting user entities is authorized to use on a virtual machine server device. The CSP may subsequently receive a request from an unverified entity to instantiate a virtual machine with access to one or more resources. The request may include security information. The CSP validates the request by verifying the unverified entity using the first security information (e.g., checking a PKI certificate, requiring a login/password, etc.) and, when the request is validated, provides access to the verified entity to a subset of the requested one or more resources based on the authorization database. | 10-31-2013 |
| 20130291063 | Identification of Unauthorized or Misconfigured Wireless Access Point Using Distributed Endpoints - A system for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes multiple network endpoints and multiple agents running on endpoints. The agents are adapted to periodically locate WAPs and to report located WAPs to a central entity. The system further includes a central entity operative to receive information from the agents regarding located WAPs, to determine whether at least a given one of the located WAPs needs to be probed, and to initiate active probing of located WAPs when it is determined that the given one of the located WAPs needs to be probed. | 10-31-2013 |
| 20130291064 | AUTHENTICATION USING LIGHTS-OUT MANAGEMENT CREDENTIALS - A method includes upon receiving a request from a user to perform an operation on a device that is running under an operating system, authenticating the user on the basis of credential data that is retrieved from a data storage unit that is associated with a lights-out management (LOM) capability of the device. If authentication of the user is successful, the user is enabled to perform the operation. | 10-31-2013 |
| 20130291065 | GATHERING GAMIFICATION DATA FROM BUSINESS APPLICATIONS - Methods, computer-readable media, and systems for gathering gamification data from business applications. Common gamification data that describes a user that accesses a business software environment, and specific gamification data that describes the user and is specific to a particular computer system in the business environment are identified at a user interface of a client device in response to a request from a gamification engine. By executing gamification logic in the user interface, the common gamification data and the specific gamification data are collected at the user interface and provided to the gamification engine. For example, the gamification data can be gathered by monitoring interactions between the user and the client device that is connected to the gamification engine at the user interface, and provided to the gamification engine independent of the business computer system to which the client device is connected. | 10-31-2013 |
| 20130291066 | METHOD AND APPARATUS TO KEEP CONSISTENCY OF ACLS AMONG A META DATA SERVER AND DATA SERVERS - Exemplary embodiments may involve a meta-data server that manages data-server access control list (DS ACL) information. Each entry of this DS ACL information may include an address of a data server, an identification or a range address of chunk data on the data server, a file path of the chunk data in the file tree provided by the meta-data server, and addresses of the permitted clients. The meta-data server may determine the addresses of the permitted clients for the chunk data by retrieving the original file path of chunk data from layout information of the meta-data server, and by retrieving the entry containing the directory path that partially matches with the original file path from an access control list of the meta-data server. | 10-31-2013 |
| 20130291067 | Identification of Unauthorized or Misconfigured Wireless Access Point Using Distributed Endpoints - A method for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes the steps of: an agent running on an endpoint in the communication network locating one or more WAPs in the communication network; the agent reporting at least one located WAP to a central entity; and the central entity performing steps of applying prescribed criteria to determine whether the located WAP needs to be probed, and initiating active probing of the located WAP when it is determined that the located WAP needs to be probed to thereby determine whether the located WAP is unauthorized and/or misconfigured. | 10-31-2013 |
| 20130291068 | Managing Cloud Zones - Methods and systems for managing cloud zones are described herein. A management server for a cloud of computing resources may add private zones to the cloud. The private zones may contain computers owned and operated by a user of the cloud, such as a cloud customer, rather than the cloud operator. The management server may manage the computing resources in the private zone by sending commands to an agent, which in turn relays the management server's commands to the individual computing resources. The agent may be authenticated using a token. | 10-31-2013 |
| 20130291069 | SYSTEM AND METHOD OF ACCESSING A NETWORK BY WAY OF DIFFERENT SERVICE PROVIDERS - The present invention comprises a method and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients. | 10-31-2013 |
| 20130291070 | ACTIVATION AND MONETIZATION OF FEATURES BUILT INTO STORAGE SUBSYSTEMS USING A TRUSTED CONNECT SERVICE BACK END INFRASTRUCTURE - Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel. | 10-31-2013 |
| 20130291071 | Method and Apparatus for Authenticating a Communication Device - According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group. | 10-31-2013 |
| 20130291072 | SYSTEM, METHOD, NETWORK ENTITY AND DEVICE FOR CONNECTING A DEVICE TO A COMMUNICATIONS NETWORK - The system includes a device of a plurality of devices and a network entity for connecting the device to a communications network. The device is arranged for attempting to access the network while providing an identification of the device to the network entity. The network entity is arranged for receiving the access attempt from the device, and determining the identification of the device. The network entity determines an identification of a subscription associated with the device from a first database of the system. The network determines whether the identified subscription has the device associated therewith in a second database. The network entity allows the device to connect to the network entity or prevents the device from connecting to the communications network depending on the above determinations. | 10-31-2013 |
| 20130298197 | DEVICE-BASED AUTHENTICATION FOR SECURE ONLINE ACCESS - Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device. | 11-07-2013 |
| 20130298198 | Control of Transmission to a Target Device with a Cloud-Based Architecture - Systems, methods, computer-readable storage mediums including computer-readable instructions and/or circuitry for control of transmission to a target device with a cloud-based architecture may implement operations including, but not limited to: detecting, at least in part via a cloud-based architecture, an elapsed time since a prior authorization of a transmission to a target device; comparing, at least in part via a cloud-based architecture, the elapsed time since a prior authorization of a transmission to a target device against a threshold transmission interval associated with a target device; and authorizing, at least in part via a cloud-based architecture, at least one transmission to a target device in response to the comparison. | 11-07-2013 |
| 20130298199 | Control of Transmission to a Target Device with a Cloud-Based Architecture - Systems, methods, computer-readable storage mediums including computer-readable instructions and/or circuitry for control of transmission to a target device with a cloud-based architecture may implement operations including, but not limited to: computing, at least in part via a cloud architecture, a prospective transmission practicability index based at least in part on localized context information associated with the target device; comparing, at least in part via a cloud architecture, the prospective transmission practicability index against a threshold transmission practicability index associated with the target device; and authorizing, at least in part via a cloud-based architecture, at least one transmission to a target device in response to the comparison. | 11-07-2013 |
| 20130298200 | ACCOUNT SECURITY PROTECTION METHOD AND SYSTEM - Embodiments of the present application relate to an account security protection method, an account security protection system, and a computer program product for account security protection. An account security protection method is provided. The method includes retrieving a current location of a user, and a location where the user's account is being operated, determining whether a distance between the location of the user and the location where the user's account is being operated exceeds a predetermined distance threshold, and in the event that the distance between the location of the user and the location where the user's account is being operated exceeds the predetermined distance threshold, notifying the user. | 11-07-2013 |
| 20130298201 | SYSTEMS AND METHODS FOR NETWORK FILTERING IN VPN - Described are systems and methods for managing network packet traffic between a client device and an enterprise server. A list of enterprise-authorized applications is maintained. Data packets, such as TCP and UDP data packets, communicated from applications running on the device are analyzed to determine an originating application corresponding to each packet. The originating application is compared to the list of authorized applications, and a VPN tunnel is created for the packet to access the enterprise server if the corresponding originating application is an authorized application. | 11-07-2013 |
| 20130298202 | COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR PROVIDING PERMISSIONS TO USERS IN AN ON-DEMAND SERVICE ENVIRONMENT - Disclosed are methods, devices, and computer readable storage media for providing permissions to users in an on-demand service environment. A server receives criteria indicating characteristics of users and/or permission sets. Selected permission sets can be assigned to identified users. Data indicating the assignment of the permission sets can also be stored. | 11-07-2013 |
| 20130298203 | APPARATUS AND METHOD OF PROVIDING SECURITY TO CLOUD DATA TO PREVENT UNAUTHORIZED ACCESS - A method and apparatus for providing security of an electronic apparatus are provided. The method includes identifying an environment of a client to be provided with a cloud service from at least one cloud server, determining one of an address size and an address range of a memory of the client used to execute a cloud process of the cloud service, and executing the cloud process, determining and storing a process state of the cloud process in response to the executing the cloud process in the memory, monitoring the cloud process accessing the at least one cloud server, and preventing an unauthorized access according to a result of the monitoring. | 11-07-2013 |
| 20130298204 | Automatic Detection of Wireless Network Type - Techniques for facilitating automatic detection of a type of wireless network are described. In accordance with one or more embodiments, wireless network client(s) can automatically detect the “type” of a network (e.g., method of authentication and encryption) without requiring input from the user. In accordance with one or more embodiments, a wireless network detection system having a connection component and a detection component is provided. The connection component facilitates connection of a client system to at least one of a plurality of wireless networks. The detection component identifies a type of an available wireless network. Identification can be based, for example, upon information received in an information element and/or iterative probing of the wireless network beacon. | 11-07-2013 |
| 20130298205 | ARCHITECTURE FOR VIRTUAL SECURITY MODULE - A device supports the processing of multiple active applications in a processor through a mapping system that securely identifies and differentiates commands issued by clients. An entity selection signal is generated by the mapping system to signal the processor to process an algorithm and provide services for a specific client using the commands identified for that client and data permitted by a client tracking system for that client. Other data accesses and commands identified for other clients are restricted when processing the algorithm. | 11-07-2013 |
| 20130298206 | APPARATUS AND METHOD FOR MANAGING SOFTWARE APPLICATIONS OF A MOBILE DEVICE SERVER - A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium, which operates in a mobile device server and has instructions to obtain a software application, store a first pairing key in a memory of the mobile device server where the first pairing key is generated by a device of a service provider in response to a review of the software application for compliance with a policy of the service provider, and execute a web server application at the mobile device server that is operable to detect a media resource center operably coupled with a media device, establish communications with the media resource center and transmit the first pairing key to the media resource center to enable at least a portion of services that are associated with the software application and that utilize the media device. Other embodiments are disclosed. | 11-07-2013 |
| 20130298207 | METHODS AND DEVICES FOR DETECTING AN IP ADDRESS - A method for detecting an IP address. An access router releases the routes of a detected IP address via a first interface and a second interface, and sets the priority of the route released via said first interface lower than that of the route released via said second interface. After having received by said access router a WEB request by the user via said first interface, the method comprises searching a session record corresponding to said WEB request; establishing by said access router the session record corresponding to said WEB request when the corresponding session record is not found, and returning a redirecting message taking said detected IP address as the re-directed destination IP address; and after having received by said access router via said second interface the message taking said detected IP address as the destination IP address, determining that the user who sent said message is an illegal user. | 11-07-2013 |
| 20130305315 | MULTI-MEDIA IDENTITY MANAGEMENT SYSTEM - A method for utilizing multi-media identities for access control to a secure area or item can begin with a multi-media identity management system providing a multi-media identity to an entity for use with an access control system. The multi-media identity can be a digital identifier defining multi-media authentication data and security privileges for the entity. The provided multi-media identity and multi-media authentication data can be received in an access request for a secure area or item. The multi-media authentication data can be verified against the multi-media data elements of the multi-media identity. The security privileges of the multi-media identity can be validated for the secure area or item. When the multi-media authentication data, multi-media identity, and security privileges are valid, the entity can be granted access and denied access when at least one item is invalid. | 11-14-2013 |
| 20130305316 | COMMUNICATIONS SECURITY MANAGEMENT - Implementing communications security includes creating levels of permissions for association with inbound communications. The levels of permissions are indicative of components of the communications enabled for transmission to a recipient computer. The communications security also includes creating conditions upon which currently-assigned levels of permissions are adjustable to a next level of the levels of permissions. In response to identifying an inbound communication received from a sender, the communications security evaluates content of the inbound communication, determines a trust value for the inbound communication responsive to the evaluating, applies the conditions to the inbound communication and the sender, determines an assignment of one of the levels of permissions for the inbound communication in response to applying the conditions, and transmits the inbound communication to the recipient computer, including any components enabled for transmission, based on the assignment of the level of permissions. | 11-14-2013 |
| 20130305317 | CREATING FEDERATED ASSOCIATE IDENTIFIERS TO POSITIVELY IDENTIFY ASSOCIATES INTERFACING ACROSS MULTIPLE BUSINESS APPLICATIONS - Methods, apparatus, systems and computer program products are described and claimed that provide for automatically and positively determining that an associate accessing a business domain/application using an application-specific associate identifier is the same associate that is accessing another business domain/application using another application-specific associate identifier. Once the positive determination of same associate is made, a federated identifier key is generated and applied to all of the platforms in which the associate can be positively identified, so as to globally identify the associates across multiple enterprise-wide domains/applications. As such, the present invention eliminates the need to manually analyze associate data to determine if an associate interfacing with one domain/application is the same associate interfacing with another domain/application. | 11-14-2013 |
| 20130305318 | COMMUNICATIONS SECURITY MANAGEMENT - Implementing communications security includes creating levels of permissions for association with inbound communications. The levels of permissions are indicative of components of the communications enabled for transmission to a recipient computer. The communications security also includes creating conditions upon which currently-assigned levels of permissions are adjustable to a next level of the levels of permissions. In response to identifying an inbound communication received from a sender, the communications security evaluates content of the inbound communication, determines a trust value for the inbound communication responsive to the evaluating, applies the conditions to the inbound communication and the sender, determines an assignment of one of the levels of permissions for the inbound communication in response to applying the conditions, and transmits the inbound communication to the recipient computer, including any components enabled for transmission, based on the assignment of the level of permissions. | 11-14-2013 |
| 20130305319 | HUB KEY SERVICE - In embodiments of a hub key service, a device includes a communication interface for communication coordination with one or more associated devices of the device, and the associated devices correspond to hub members. A hub manager is implemented to generate an electronic key that includes access permissions, which are configurable to enable controlled access for the hub members, such as to a building, vehicle, media device, or location. The hub manager can then correlate the electronic key with the device to enable access to the building, vehicle, media device, or location with the device utilized as the electronic key. | 11-14-2013 |
| 20130305320 | AUTOMATIC SERVICE ACTIVATION FOR USER DEVICE UPON DETECTING ITS DEVICE IDENTIFIER ON NETWORK OF HOSPITALITY ESTABLISHMENT - A service controller includes a network interface for coupling to a local area network of a hospitality establishment, and one or more processors coupled to the network interface. The one or more processors are configured to detect a device identifier of a user device on a local area network of a hospitality establishment, determine whether a guest of the hospitality establishment is associated with the device identifier, and automatically activate a service for the user device at the hospitality establishment in response to detecting the device identifier on the local area network when a guest of the hospitality establishment is determined to be associated with the device identifier. | 11-14-2013 |
| 20130305321 | METHODS FOR CONFIRMING USER INTERACTION IN RESPONSE TO A REQUEST FOR A COMPUTER PROVIDED SERVICE AND DEVICES THEREOF - A method, non-transitory computer readable medium, and access manager device includes providing an initial challenge to a client computing device requesting access to a service. The initial challenge includes one or more of one or more objects, one or more indicative answers, and one or more questions based on the one or more objects. At least one challenge response to the initial challenge is received from the client computing device. A determination is when there is a match between the at least one challenge response to the initial challenge and corresponding response data associated with the initial challenge. One or more actions with respect to the request to access the service are performed based on the determination. | 11-14-2013 |
| 20130305322 | System and Method for Providing User Notifications - A method comprising obtaining a credential associated with a first device in a device group, the device group having a shared data allocation available to the device group, the shared data allocation establishing an amount of communication over a first wireless network; determining, based on the credential, that the first device is authorized to set or change an aspect of a policy applicable when a second device in the device group is connected to the first wireless network; obtaining, from the first device, a user preference; and provisioning, based on the user preference and the determination that the first device is authorized to set or change the at least an aspect of the policy for the second device, one or more network elements to at least assist in enforcing or applying the policy when the second device is connected to the first wireless network. | 11-14-2013 |
| 20130305323 | METHODS AND SYSTEMS FOR AUTHENTICATING ONE OR MORE USERS OF A VEHICLE COMMUNICATIONS AND INFORMATION SYSTEM - In at least one embodiment, a system for authorizing use of a vehicle communication and information system may include one or more data processors configured to receive information associating one or more devices with a vehicle computer. The data processor(s) may be also configured to receive information identifying a user requesting authorization to command the vehicle controls from the one or more devices associated with the vehicle computer. The user(s) may be authorized to command the vehicle controls from the one or more devices associated with the vehicle computer based on performing an authentication process for authenticating the user, determining that the user is an authenticated user based on the authentication process, and enabling command of one or more vehicle controls from the one or more remote devices via the associated vehicle computer based on the user being authenticated. | 11-14-2013 |
| 20130312066 | MOBILE DEVICE ACCESS FOR MEDICAL DEVICES - Methods for controlling a medical device using a software application on a mobile device are provided. In one aspect, a method includes receiving a request from the software application on the mobile device to open a communications channel for at least one of audio communication or text-based communication, and sending from the server an instruction to the medical device based on the request. The method also includes providing to the software application on the mobile device for display a result of the instruction. Systems, graphical user interfaces, and machine-readable media are also provided. | 11-21-2013 |
| 20130312067 | DEVICE, METHOD, AND RECORDING MEDIUM - A device includes a memory which stores a program, and a processor which executes, based on the program, a procedure comprising establishing a session with a request source when a request for a service, made to a second providing source, has been received from the request source, the second providing source providing the service based on data stored in a first providing source; and when an inquiry about whether to transmit the data to the second providing source has been received from the first providing source, notifying, so as to encrypt a mask range of the data, the first providing source of session information indicating the session established with the request source and notifying the request source of the session information so as to decrypt the encrypted mask range of data based on the session information. | 11-21-2013 |
| 20130312068 | SYSTEMS AND METHODS FOR ADMINISTRATING ACCESS IN AN ON-DEMAND COMPUTING ENVIRONMENT - A system is provided for managing protected data resources. The system includes a resource server configured to store the protected data resources and an authorization module coupled to the resource server and configured to store access protocols. The authorization module further is configured to receive a service request from a user via a client module, evaluate the service request based on the access protocols, and send an access token to the client module if the user satisfies the access protocols. | 11-21-2013 |
| 20130312069 | MULTIPLE AUTHENTICATION SUPPORT IN A SHARED ENVIRONMENT - An authentication configurator may define a LDAP security group for LDAP authentication, wherein the LDAP security group is associated with rights. It may define a native security group for native authentication users, wherein the native authentication group has at least one right not present in the LDAP security group, and define customer-specified LDAP chains. It may configure an LDAP authentication web application and a native authentication web application, wherein the LDAP authentication web application and the native authentication web application each connect to a service management database, and the LDAP authentication web application uses the customer-specified LDAP chains. A first Uniform Resource Locator (URL) for LDAP authentication to access the LDAP authentication web application and a second URL for native authentication to access the native authentication web application may also be configured. It may assess the authentication requirements of a customer and create a user identifier, responsive to assessing. | 11-21-2013 |
| 20130318569 | Propagating Delegated Authorized Credentials Through Legacy Systems - An approach is provided to access resources at legacy systems. In this approach, a resource request destined to a legacy system is receiving from a requestor with the resource request including an access token and being on behalf of a resource owner. A validation process is performed on the access token. If the access token is valid, the approach identifies the resource owner and one or more legacy access tokens used to access the legacy system. Another request is formed with the new request including the legacy access tokens. The new request is transmitted to the legacy system and a response is received back from the legacy system. The response received from the legacy system is transmitted back to the requestor. | 11-28-2013 |
| 20130318570 | USING NEIGHBOR DISCOVERY TO CREATE TRUST INFORMATION FOR OTHER APPLICATIONS - Neighbor discovery is used to create a generic trust database for other applications. As part of the neighbor discovery, each device performs classification and validation of the credentials of the neighboring devices. The credentials and validation results are stored locally without having to perform a separate authentication step. The trust database is created and maintained as a neighbor table with the results of the validation. The generic trust database may then be consulted by other protocols. The neighbor discovery may use any of various underlying protocols, but the resulting table unifies the results such that other applications or protocols may take advantage of the secured identity without having to implement their own discovery process. Both discovery and validation may be implemented locally without relying on centralized servers. Manual configuration may be avoided. | 11-28-2013 |
| 20130318571 | MANAGING DISTRIBUTED OPERATING SYSTEM PHYSICAL RESOURCES - Providing a uniform security model to heterogeneous devices in a distributed computing environment. A method includes storing information about a plurality of device security models, including device credentials. The method further includes storing information about a uniform security model, including access rights for various principals. The method further includes identifying a principal. Based on the identified principal, access is provided to the principal according to the uniform security model, based on the device security model credentials. | 11-28-2013 |
| 20130318572 | WIRELESS GATEWAY SUPPORTING PUBLIC AND PRIVATE NETWORKS - An interface device may provide a first wireless network and a second wireless network in a user's premise. The interface device may encourage some user devices to connect to the second wireless network without controlling the user devices. For example, the interface device may receive a request from a device to access its first wireless network. The interface device may then determine whether the device is a premise device by, for example, searching a database of device registration information. The interface device may determine that the device is a premise device and deny the request to access the first wireless network. The device may then be available to access the second wireless network. | 11-28-2013 |
| 20130318573 | METHOD AND APPARATUS FOR GUEST ACCESS SHARING - A method, apparatus and computer program product are provided for configuring and controlling guest access sharing. In the context of a method, a method is provided that includes causing a network scan to be initiated and receiving the results of said network scan, the results comprising information regarding an access point and determining, based on the received results, whether the access point comprises two or more network interfaces. The method further includes causing a guest access sharing configuration procedure to be initiated if the access point comprises two or more network interfaces. The guest access sharing configuration procedure includes causing guest access information to be uploaded to a server. Another method is provided that includes receiving and storing guest access information, receiving a request to obtain the guest access information and causing the guest access information to be provided to a device if the device has permission to access it. | 11-28-2013 |
| 20130318574 | SYSTEM AND METHOD FOR GROUP VIDEO MESSAGING SERVICE - A group video messaging method stores user information identifying authorized users of a video messaging system, and provides a user interface to the video messaging system. The user interface permits authorized users to transfer video files to the video messaging system for storage and retrieval, and to identify criteria for other authorized users to access each transferred video file. The method also stores in the video messaging system the video files transferred to the system by the authorized users; stores information identifying the user that transferred each stored video file to the video messaging system, and the criteria for authorized users to access the stored video files; and stores information identifying different groups of the authorized users and which of the stored video files are to be accessible to each of the authorized users or authorized user groups. | 11-28-2013 |
| 20130318575 | METHOD AND APPARATUS FOR DYNAMIC AUTHENTICATION - One embodiment provides a token for dynamically authenticating a user. The token includes a memory for storing secure data; a processor for calculating authentication credentials of the user based on the secure data, and for constructing a server address based on the authentication credentials. Also included is a transmitter for transmitting the server address to a host controller wherein the host controller is configurable to communicate with a remote server locatable at the server address such that the user is dynamically authenticated on the remote server using the authentication credentials. | 11-28-2013 |
| 20130318576 | METHOD, DEVICE, AND SYSTEM FOR MANAGING USER AUTHENTICATION - A method, device, and system for managing user authentication includes receiving authentication constraints of authentication data used to authenticate a user of a first computing device, such as a mobile computing device, to a second computing device, such as a financial data, e-commerce server or cloud-based service server. The first computing device automatically generates authentication data as a function of the authentication constraints. The authentication data may be embodied as a strong password and username. The authentication data may be updated or regenerated periodically or responsively to further increase the security of the authentication data. The user authentication data, authentication constraints, and history of transactions may be performed in a secure execution environment to further increase the security of the method, device and system. | 11-28-2013 |
| 20130326588 | Enabling Host Based RBAC Roles for LDAP Users - Provided are techniques for receiving, from a user, a first Role-Based Access Control (RBAC) request for access to a resource; correlating the first RBAC request to a first originating host device; mapping an ID corresponding to the user, the first originating host device and the resource to a first role; generating, based upon the first role, a first set of permissions corresponding to the resource; and enabling to the user to access the resource from the first originating host device in conformity with the first set of permissions. In addition to ID, host and resource, a communication medium may be factored into the mapping. | 12-05-2013 |
| 20130326589 | Event Centric Network Application - A system and method implementing an event centric network application including software controlled processes on one or more servers, and client applications or user side software processes controlling user hardware to implement social networking capabilities specifically aimed at and around multiuser attended events. A portal or server side software process serves event related communications between, the system hardware that is controlled by event organizers, advertisers, and individuals attending the event from user devices such as phones or other communications enabled computing devices. The system implements a single virtual environment or event centric electronic portal hosted on a system server and communicated to a user device through a communications interface on a user device. | 12-05-2013 |
| 20130326590 | SYSTEM AND METHOD TO CONTROL APPLICATION TO APPLICATION COMMUNICATION OVER A NETWORK - A method is provided to control communication between applications that communicate over a network comprising: designating a different respective application identifier (AppID) for each of a multiplicity of A2A enabled applications suitable to run on endpoint devices coupled to a network suitable for delivery of multimedia information; providing in non-transitory media a registry that indicates authorized AppIDs; receiving over the network a request originating from a first endpoint device for authorization for a media connection; wherein the authorization request includes an AppID; in response to the authorization request, determining whether the AppID within the authorization request matches an authorized AppID indicated within the registry; rejecting the authorization request in response to a determination that the AppID does not match an authorized AppID indicated within the registry. | 12-05-2013 |
| 20130326591 | WIRELESS COMMUNICATION DEVICE AND WIRELESS COMMUNICATION METHOD - According to an embodiment, a wireless communication device includes a wireless communication unit, a control unit and a storage unit. The wireless communication unit is configured to perform close proximity wireless communication or near-distance wireless communication with other wireless communication device. The storage unit is configured to store data and setting parameters associated with the data. The setting parameters include presence or absence of a lock function and transfer-permitting information. The control unit activates the wireless communication unit when a user is the authorized user. After the control unit activates the wireless communication unit, when the lock function is present in the setting parameters, the control unit determines whether a transfer permission is present based on the transfer-permitting information. When determining that the transfer permission is present, the control unit causes the wireless communication unit to transfer the data. | 12-05-2013 |
| 20130326592 | PERSONAL AUTHENTICATION APPARATUS AND PERSONAL AUTHENTICATION METHOD - A personal authentication apparatus that controls an authenticated state of a target device based on the motion of the target device includes a motion sensor that detects motion information indicating the motion of the target device, a carried-state determination unit configured to determine whether or not the target device is being carried by a user based on the detected motion information, and an authentication control unit configured to control the authenticated state of the target device based on a result of the determination by the carried-state determination unit. | 12-05-2013 |
| 20130326593 | WIRELESS DEVICE AND WIRELESS COMMUNICATION METHOD - A wireless device has a first information acquisition part to acquire first information when the wireless device passes through a first gate, a second information generator to generate second information necessary to acquire data, by using the first information, and a data acquisition part to acquire the data transmitted from a data providing apparatus through wireless communication, by using the second information. | 12-05-2013 |
| 20130326594 | WIRELESS DEVICE REGISTRATION, SUCH AS AUTOMATIC REGISTRATION OF A WI-FI ENABLED DEVICE - A system for providing a wireless device with access to a computer network includes an access point that sets up a radio link with the wireless device and couples the wireless device to the network. The system also includes a server that receives data packets from the access point through the computer network. The data packets include at least one data packet that has a first identifier that uniquely identifies the wireless device and a second identifier that corresponds to the wireless device. The system further includes a database that is coupled to the server and stores data for associating a service plan with the first and second identifiers and basing the service plan, at least in part, on the second identifier. Other features and systems are also disclosed. | 12-05-2013 |
| 20130326595 | System and Method for Access Control Via Mobile Device - A system is described for controlling an actuating unit that restricts physical access such as a motorized garage door actuator unit. The system comprises a mobile wireless communication device, an electro-mechanical access control security device, and a receiving unit controlling the electro-mechanical access control security device, the receiving unit paired with the mobile wireless communication device for receiving user input for activating the electro-mechanical access control security device via a peer-to-peer communication directly with the mobile wireless communication device, and a pre-authorization of communication of the receiving unit with the mobile wireless communication device, the mobile wireless communication device receiving the pre-authorization from a central security server. | 12-05-2013 |
| 20130332995 | SYSTEM AND METHOD FOR USING MACHINE READABLE CODE TO COMMISSION DEVICE APPLICATIONS - A system for using machine readable code to commission a device application includes a controller, an image capturing device, and at least one processor. The at least one processor is programmed to receive an image acquired from the image capturing device, wherein the image includes a code, the at least one processor is also programmed to access information from the code, and send the information accessed from the code to the controller, wherein the information enables the controller to commission a device application. | 12-12-2013 |
| 20130332996 | SYSTEM AND PROCESS FOR MANAGING NETWORK COMMUNICATIONS - A communication protocol and system is disclosed for network communications between a data service residing on a client that provides network communications between one or more mobile applications on a source and a network based on a process number. The shared data service communicates with a data service plug-in on the server side associated with the process number, in order to handle requests from the mobile applications that access the network through the data service. Predetermined network connection, priority, and additional rules can be used to control what plug-in can be reached through what type of network connection. | 12-12-2013 |
| 20130332997 | COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS - Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, a managed device receives an address of a management device. The managed device has stored therein a pre-configured unique identifier of an authorized management device and a digital certificate assigned to the managed device prior to installation of the managed device within a network. A tunnel is established between the devices. The management device has stored therein a digital certificate assigned to the management device prior to installation of the management device within the network. The digital certificate of the management device is received by the managed device. Prior to allowing the management device to use the tunnel to perform management functionality in relation to the managed device, a unique identifier included within or associated with the digital certificate of the management device is confirmed with reference to the pre-configured unique identifier. | 12-12-2013 |
| 20130332998 | SERIALIZED AUTHENTICATION AND AUTHORIZATION SERVICES - Requests for User Services on networked computers running on different platforms with different Authentication, Authorization and Auditing (AAA) Security Systems are processed through an AAA Services Manager Server and Web Services Servers. The AAA Services Manager Server communicates requests for User Services to Web Services Servers using corresponding URL Web addresses. Web Services correspond to their respective Authentication Security Systems and Authorization Security Systems through which User Services may be obtained. The Web Services Servers act to access, for User validation, the respective Authentication Security Systems and Authorization Security Systems according to their individual languages and computing platform requirements. | 12-12-2013 |
| 20130332999 | Method for Using Java Servlets as a Stack Based State Machine - A client module downloaded by web browser from a server receives authentication information to open a smart card in a card reader and to initiate a secure network connection to a first server module running on a server. The client module calls a second server module running on the server. And the client module receives a new application for the smart card. Then the client module causes the smart card to delete an old application and load the new application. Each of the operations performed by client module occurs in a single session. | 12-12-2013 |
| 20130333000 | SYSTEM AND METHOD FOR A STORAGE AREA NETWORK VIRTUALIZATION OPTIMIZATION - A method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions. The programming instructions are operable to determine one or more optimal mappings between a server layer and a storage layer through a network layer based on performance metrics of one or more ports of at least one of the server layer, the storage layer and the network layer. | 12-12-2013 |
| 20130333001 | Mobile IPv6 Authentication and Authorization Baseline - Various embodiments describe an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated. A Mobile Node-AAA authenticator option is added to the Binding Update message. The Home Agent generates the Mobile Node-AAA authenticator as a shared secret that it communicates as authentication data to the RADIUS AAA server on the home network. The RADIUS AAA server authenticates the communication and generates an Access-Accept message with a Mobile Node-Home Agent authenticator option. After receipt at the Home Agent, a Binding Update message with the Mobile Node-Home Agent authenticator option is transmitted from the Home Agent to the Mobile Node to use as an authenticator. | 12-12-2013 |
| 20130340043 | Distribution of dynamic structured content - Described is a method of distributing dynamic structured content from a server or a first communication device to another communication device, the method comprising: populating content fields with data elements to define the dynamic structured content; receiving an identification of an authorized subscriber; associating the authorized subscriber with the dynamic structured content; and, transmitting the dynamic structured content to a communication device associated with the authorized subscriber. | 12-19-2013 |
| 20130340044 | TRANSFERRING AN ACCOUNT BETWEEN DEVICES - A method for transferring an account associated with a first device to a second device is disclosed. The method includes: initiating, by the second device, a message intersession with a third party device; receiving, at the second device and from a server, an indication that the second device is using a known identity associated with the first device; and providing, by the second device, an instruction for transferring an account from the first device to the second device. | 12-19-2013 |
| 20130340045 | CREATING A WEB PROXY INSIDE A BROWSER - Systems and methods may provide for receiving a first request from a remote device for access to content on a second remote device, and invoking a proxy server embedded in an HTML5-compliant browser on a local device. Additionally, the first remote device may be provided with access to the content on the second remote device via the proxy server. Moreover, input may be received from a user interface of the local device, wherein a second request may be transmitted to the first remote device for access to content on a third remote device. In one example, the first remote device is unauthorized with respect to the content on the second remote device, and the local device is unauthorized with respect to the content on the third remote device. | 12-19-2013 |
| 20130340046 | WIRELESS NETWORK CLIENT-AUTHENTICATION SYSTEM AND WIRELESS NETWORK CONNECTION METHOD THEREOF - A wireless network client-authentication system and a wireless network connection method thereof are disclosed. The wireless network client-authentication system includes a network service system, a wireless router, and an electronic device. The network service system has an administrator interface module for managing a client list. The wireless router is used for uploading connection information to the network service system. The electronic device is capable of transmitting a signal via a first communication path and a second communication path. A connection module of the electronic device is used for logging in the network service system via the first communication path by a user account. The administrator interface module determines whether the user account is corresponding to the client list. If yes, the administrator interface allows the connection module to connect to the wireless router via the second communication path with the connection information. | 12-19-2013 |
| 20130340047 | SYSTEMS AND METHODS FOR PROTECTION OF A SIP BACK-TO-BACK USER AGENT ON MODEMS - Systems and methods are provided for authenticating Internet Protocol (IP) Multimedia Subsystem (IMS) applications in a User Equipment (UE). A method includes: receiving a first Session Initiation Protocol (SIP) REGISTER message from an IMS application operating on the UE; transmitting a response message to the IMS application based on the received first SIP REGISTER message; receiving a second SIP REGISTER message from the IMS application operating on the UE; determining authentication for the IMS application based on the received second SIP REGISTER message from the IMS application operating on the UE; and based on the step of determining authentication for the IMS application, if the IMS application is authorized, then transmitting information associated with the first and second SIP REGISTER messages toward a SIP node or if the IMS application is unauthorized, then discarding data associated with the first and second SIP REGISTER messages. | 12-19-2013 |
| 20130340048 | MOBILE APPLICATION MANAGEMENT FRAMEWORK - An intermediate gateway is positioned between a client device and a mobile application service provider. The intermediate gateway can assist in securing and managing accesses from a mobile application on the client device to the mobile application service provider. The intermediate gateway can store a client device identification associated with the client device, which can be used to authenticate the client device. Other parameters can also be used in device authentication. | 12-19-2013 |
| 20130340049 | SYSTEM AND METHOD FOR PRIVILEGE MANAGEMENT AND REVOCATION - The present disclosure relates generally to the management of privileges associated with certain applications that are accessible by users of electronic equipment, such as, for example, networked computers, mobile wireless communications devices, and the like. In a broad aspect, a method for managing privileges associated with applications comprises: monitoring a plurality of electronic devices within a system; detecting a change in privileges associated with one or more applications resident on the plurality of electronic devices, wherein one or more privileges that are to be revoked are identified; and in response to a detection of the change in privileges, revoking the one or more privileges, such that each of the one or more applications resident on the plurality of electronic devices no longer has access to the one or more privileges. | 12-19-2013 |
| 20130340050 | ZERO CONFIGURATION COMMUNICATIONS BETWEEN A SANDBOXED PROGRAM AND A NETWORKED SERVICE - A method, apparatus and system related to zero configuration communication between a sandboxed program and a networked service are disclosed. In one aspect a system includes a networked device configured to announce a networked service to a discovery service, and/or perform the discovery service for a private network; and/or a client device configured to execute a sandboxed program in a security sandbox. The system also includes automatically instantiating a connection between the sandboxed program and the networked device and/or the networked service. The discovery agent may be running with the sandboxed program is configured to query the discovery service for a service information associated with of the networked device and/or the networked service. The service information may include a global unique identifier (GUID), an alphanumeric name, a public address pair, and/or a private address pair. | 12-19-2013 |
| 20130340051 | METHOD OF MANAGING USAGE RIGHTS IN A SHARE GROUP OF SERVERS - A share group of servers comprises a first server and a second server. The first server has a server partition and a management processor which is separate from said server partition. Usage rights may be transferred from the first server to the second server by executing machine readable instructions on the management processor which is separate from said server partition. | 12-19-2013 |
| 20130347072 | PRIVATE TUNNEL NETWORK - A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud. | 12-26-2013 |
| 20130347073 | AUTHORIZING SECURED WIRELESS ACCESS AT HOTSPOT HAVING OPEN WIRELESS NETWORK AND SECURE WIRELESS NETWORK - A hotspot provides an open wireless network and a secure wireless network. The open wireless network has no network-level encryption and allows open association therewith. The secure wireless network employs network-level encryption and requires authentication of a received access credential from a client device before allowing association therewith. A system for authorizing the client device for secured access at the hotspot includes an access controller configured to establish an encrypted connection between the client device and a login portal of the hotspot over the open wireless network, and to store a user-specific access credential transmitted via the encrypted connection as a valid access credential in a credential database. The credential database is accessed by wireless access points of the hotspot to authenticate the received access credential from the client device in response to a request from the client device to associate with the secure wireless network. | 12-26-2013 |
| 20130347074 | SYSTEMS AND METHODS FOR PROVIDING A ONE-TIME AUTHORIZATION - Systems and methods for presenting a request are disclosed. The systems and methods may include one or more steps, such as receiving, by an electronic device, request information from an entity. The request information may include a request for approval by a user. The steps may further include transmitting, by the electronic device, data containing the request information to a computing device, receiving, by the electronic device, a symbology corresponding to the request information from the computing device and presenting, by the electronic device, the symbology to the user. | 12-26-2013 |
| 20130347075 | METHOD AND APPARATUS FOR SECURE CONSOLIDATION OF CLOUD SERVICES - Cloud services are provided to mobile devices. Applications access cloud services through a consolidator that consolidates the services. The mobile device may include a secure element and secure memory to which the consolidator may authenticate. Authenticated consolidators can control the lifecycle of applications and data in secure memory. Secure elements and secure memory may be embedded or integrated in the mobile device in non-removable add-on slots, or may be in a removable or remote add-on device. | 12-26-2013 |
| 20130347076 | AUTOMATIC AUTHORIZATION OF USERS AND CONFIGURATION OF SOFTWARE DEVELOPMENT ENVIRONMENT - Automatic authorization of users and configuration of a software development environment can include selecting a task defined within a project plan of a software system under development, wherein the task specifies a development tool and a user, and automatically authorizing, using a centralized data processing system, the user to access the development tool. | 12-26-2013 |
| 20130347077 | AUTOMATIC AUTHORIZATION OF USERS AND CONFIGURATION OF SOFTWARE DEVELOPMENT ENVIRONMENT - Automatic authorization of users and configuration of a software development environment can include selecting a task defined within a project plan of a software system under development, wherein the task specifies a development tool and a user, and automatically authorizing, using a centralized data processing system, the user to access the development tool. | 12-26-2013 |
| 20130347078 | Aggregating Online Activities - The disclosure includes a system and method for automatically authorizing data transfer from a third party service to a user device. The system includes a processor and a memory storing instructions that, when executed, cause the system to: receive a request for data from a user of a user device; receive information associated with the user and information associated with the user device; determine whether the user has previously provided authorization for a particular application available on the third party site; determine whether the user has previously provided authorization for the user device; and if the user has previously provided authorization for a particular application available on the third party site or has previously provided authorization for the user device, send data to the user device. | 12-26-2013 |
| 20130347079 | ACCESSING STORAGE NODES IN AN ON-LINE MEDIA STORAGE SYSTEM - A method begins by a dispersed storage (DS) processing module receiving data objects from a plurality of authorized users and determining a system level storage efficiency preference for a data object. The method continues with the DS processing module selecting a set of storage nodes of an on-line media storage system based on the system level storage efficiency preference and determining dispersed storage error encoding parameters. The method continues with the DS processing module encoding the data object in accordance with the dispersed storage error encoding parameters to produce encoded data slices and generating system addressing information. The method continues with the DS processing module storing the encoded data slices in the set of storage nodes using the system addressing information and updating a user profile for the authorized user to include the system addressing information. | 12-26-2013 |
| 20130347080 | NETWORK SYSTEM AND INFORMATION PROCESSING METHOD - A network system includes first information processing apparatus and a second information processing apparatus that are connected through a network. The first information processing apparatus includes a transmitter that transmits a setting for an application to the second information processing apparatus. The setting includes an attribute indicating whether any change in the setting in the second information processing apparatus is permitted. The second information processing apparatus includes a receiver that receives the setting; and a function executing unit that executes a function of the application in accordance with the setting. | 12-26-2013 |
| 20130347081 | Systems and Methods for Secured Mobile Cellular Communications - The present subject matter relates to secured mobile off-grid or optionally on-grid cellular communications, providing the ability to operationally provide secured 3G/4G (including further generational advancements in cellular communications), UMTS, HSPA, and LTE cellular communications to a private enclave within a 5-50 kilometer range of an antenna, although the exact communication antenna range is not limited. The communications to and from endpoints consisting of but not limited to smartphones, tablet computers, ruggedized computers, personal computers, etc., may be secured audio, video, text based and file transfers. | 12-26-2013 |
| 20130347082 | Unit-of-Use Control of a Computing Resource - A system and method for unit-of-use utilization of a computing resource is described. A user obtains utilization permissions for a computing resource which are recorded in a Unit-of Use (UoU) certificate. These permissions include temporal and/or functional use constraints that are static and/or dynamic. A UoU controller employs these permissions to control access by the user to the computing resource. The unit-of-use controller receives feedback from the computing resource in the form of utilization information regarding actual usage by the user which is recorded in the UoU certificate. The computing resource may include a cloud based service, operable on one or more cloud servers. The computing resource utilization permissions are preferably part of an electronic UoU certificate. This certificate is incorporated into an email, IM or a similar message medium and electronically delivered via communications network, typically from a first, user's device to a second, user's device. | 12-26-2013 |
| 20140007195 | User Authentication of Applications on Third-Party Devices Via User Devices | 01-02-2014 |
| 20140007196 | SUBSCRIBER AUTHENTICATION USING A USER DEVICE-GENERATED SECURITY CODE | 01-02-2014 |
| 20140007197 | DELEGATION WITHIN A COMPUTING ENVIRONMENT | 01-02-2014 |
| 20140007198 | APPLICATION AUTHORIZATION FOR VIDEO SERVICES | 01-02-2014 |
| 20140007199 | RELAY DEVICE, RELAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM | 01-02-2014 |
| 20140007200 | PROVIDING ACCESS OF A USER EQUIPMENT TO A DATA NETWORK | 01-02-2014 |
| 20140007201 | SYSTEMS AND METHODS OF ASSESSING PERMISSIONS IN VIRTUAL WORLDS | 01-02-2014 |
| 20140007202 | BEHAVIOR-BASED TRAFFIC PROFILING BASED ON ACCESS CONTROL INFORMATION | 01-02-2014 |
| 20140013395 | MANAGING DATA TRANSFER ACROSS A NETWORK INTERFACE - Described are systems and methods for managing data transfer from a communication device to a communication network over a wireless connection comprising determining that a requesting process on the communication device is authorized to establish a protected connection to the communication network; and, configuring a network interface on the communication device to allow data packets to be transmitted from the requesting process to the communication network over the protected connection, wherein the network interface is associated with the protected connection. | 01-09-2014 |
| 20140013396 | METHODS AND APPARATUS FOR DELEGATED AUTHENTICATION TOKEN RETRIEVAL - In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to send, from an authorization client on a device to a client authorization module, an indication of multiple applications installed on the device, and receive, at the authorization client and in response to the indication, multiple application tokens from the client authorization module. Each individual application token from the multiple application tokens received by the authorization client is uniquely associated with an application from the multiple applications installed on the device. The authorization client provides each application its associated application token such that each application from the multiple applications can use that application token in order to be authenticated to an application server associated with the application. | 01-09-2014 |
| 20140013397 | COMMUNICATION APPARATUS, COMMUNICATION METHOD, COMMUNICATION SYSTEM, AND COMPUTER PROGRAM - A communication apparatus includes: a communication section transmitting and receiving a packet encapsulating a command or a response; a transmitter confirmation section confirming whether a transmitter transmitting a command is located within a scope limited by a time-to-live value without referencing a header of a received packet; and a control section controlling a process requested by the received command or subsequent communication with the transmitter transmitting the command based on a confirmation result by the transmitter confirmation section. | 01-09-2014 |
| 20140013398 | Method for Data Access Control of Third Parties in a Multitenant System - The invention discloses, inter alia, a computer executable method for controlling user's access to transaction data in the context of a service in a multitenant data management system comprising data of a first organization, a second organization providing at least one service, at least one user representing the second organization, and a transaction associable by its content with the first organization. The method comprises steps for receiving a request for a user representing the second organization to access the transaction associable with the first organization in the context of a service, verifying the secondary stakeholder status of the second organization regarding the transaction, verifying the validity of a chain of trust between the user of the request and the second organization in the context, and conditional to the validity of the secondary stakeholder status and the chain of trust, authorizing the user representing the second organization to access the transaction in the context of the service. | 01-09-2014 |
| 20140013399 | Tagging Email and Providing Tag Clouds - A system and method is provided for tracking and/or organizing email and, in particular, a system and method for tagging email in Web 2.0 applications and using the tags in tag clouds is provided. The system includes a computing system that has first program instructions to generate tag clouds having tags linked to associated emails in a collaborative application. A computer readable media stores the first program instructions and a central processing unit executes the first program instructions. | 01-09-2014 |
| 20140013400 | COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR MANAGING PERMISSION SETS AND VALIDATING USER ASSIGNMENTS - Disclosed are methods, apparatus, systems, and computer-readable storage media for modifying permission sets and validating permission set assignments to users. In some implementations, a computing device receives a request to create a permission set containing one or more permissions and assign the permission set to a first user. The first user is associated with a first user constraint that defines a first group of permissions available to the first user. The computing device may determine that the permission set to be assigned to the first user does not violate the first user constraint, and may assign the permission set to the first user. | 01-09-2014 |
| 20140013401 | MOBILITY PROTOCOL SELECTION BY AN AUTHORIZATION SYSTEM - A wireless network authorization system receives an authorization request for a wireless communication device transmitted from a visited wireless network. A processing system selects one of a simple internet connection and an encrypted internet connection for the wireless communication device in response to the authorization request. The communication interface transfers an authorization response for delivery to the visited wireless network indicating the selected one of the simple internet connection and the encrypted internet connection. | 01-09-2014 |
| 20140013402 | SYSTEM AND METHOD FOR MANAGING ACCESS TO A NETWORK INTERFACE DEVICE - A system and method for managing control of a network interface device. Permissions for management of a NID are established. The permissions enable a user to deny a third party access to one or more portions of the NID. Access for the third party to the one or more portions of the NID are granted in response to receiving an authorized override command from the third party. Activities performed by the third party are logged by the one or more portions of the mid-in response to receiving the authorized override command from the third party. | 01-09-2014 |
| 20140013403 | REDIRECTION METHOD FOR ELECTRONIC CONTENT - Electronic content, for example, a web page, is configured for display by a web browser application to include content that is not included in or referenced by the web page. The web page includes a first locator for first content. A second locator for second content is associated with the first locator in a database or other memory structure. In response to a request for the web page, the second locator is obtained. Access to the second locator may be secured. The second locator may be swapped with the first locator to cause the web browser application to obtain the second content instead of the first content. In the alternative, the second content may be obtained and provided to the web browser instead of, or in addition to, the first content. | 01-09-2014 |
| 20140020064 | Scalable Fine-Grained Multi-Service Authorization - A scalable cross-protocol mechanism is provided for describing, transmitting and checking large lists of authorizations for operations on network resources. At an authorization server, data is stored that represents operations that can be performed on a plurality of resources of a service provider at the request of one or more users. A set of {resource,operations} tuples is generated, wherein a resource describes an endpoint for a network service and operations is a list of operations that are authorized on an endpoint. The set of {resource,operations} tuples is partitioned into one or more subsets. A subset of the set of {resource,operations} tuples is combined into a string according to a predetermined rule. A hash is then computed, according to a hash function, to generate hash results. Hashes are passed instead of the lists themselves to minimize data transfer and latency. | 01-16-2014 |
| 20140020065 | NETWORK APPLIANCE - System, method, and device for providing services on a network. The device comprises a security assessor and a service provider unit. The security assessor is connected to the network and is configured to identify rights of an entity on the network. The service provider unit is connected to the network and the security assessor. The service provider unit comprises a discovery unit, an interaction unit, and an interest unit. The discovery unit identifies content available on the network. The interaction unit identifies interactions of the entity on the network. The interest unit identifies interests of the entity based on the identified interactions and the identified content. The service provider unit provides services to the entity on the network, based on the rights of the entity, and at least one of the identified content and the identified interests of the entity. | 01-16-2014 |
| 20140020066 | SYSTEM AND METHOD FOR SPAMMER HOST DETECTION FROM NETWORK FLOW DATA PROFILES - A system and method for spammer host detection from network flow data profiles comprises constructing one or more cluster profiles and detecting spammer hosts. Construction cluster profiles comprises observing network flow data from one or more hosts; for each host, representing the network flow data associated with the host as a multidimensional vector; clustering the vectors of the hosts into the plurality of cluster profiles; annotating each cluster profile using at least one of black lists and white lists; and calculating a confidence in each cluster profile annotation. Detecting spammer hosts comprises observing the network flow data from a new host; representing the network flow data associated with the new host as a multidimensional vector, and placing the new multidimensional vector of the new host into one cluster profile of the one or more cluster profiles. | 01-16-2014 |
| 20140020067 | APPARATUS AND METHOD FOR CONTROLLING TRAFFIC BASED ON CAPTCHA - An apparatus and method for controlling traffic based on a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) are provided. The traffic control apparatus includes a traffic monitoring unit, a CAPTCHA verification unit, a list management unit, and a traffic control unit. The traffic monitoring unit monitors a packet between an internal network and an external network. The CAPTCHA verification unit, if packet information is not present in an access control list, sends a CAPTCHA request message to a client computer, receives a CAPTCHA response message, and verifies the CAPTCHA response message. The list management unit, if the packet information is present in the access control list, detects an access control policy corresponding to the packet information in the access control list. The traffic control unit controls traffic based the verification of the CAPTCHA response message and the control policy. | 01-16-2014 |
| 20140020068 | LIMITING WIDGET ACCESS OF WALLET, DEVICE, CLIENT APPLICATIONS, AND NETWORK RESOURCES WHILE PROVIDING ACCESS TO ISSUER-SPECIFIC AND/OR WIDGET-SPECIFIC ISSUER SECURITY DOMAINS IN A MULTI-DOMAIN ECOSYSTEM FOR SECURE PERSONALIZED TRANSACTIONS - A platform for performing secure personalized transactions in a multi-domain ecosystem includes a personalization tier that enables service provider personalization for one or more ecosystem elements stored on a mobile device. Further, the platform includes an enabling tier for facilitating interoperation between the personalization tier and a client device. The platform further includes a service tier that may be operating independently of the enabling tier and may enable service delivery for a plurality of services. | 01-16-2014 |
| 20140020069 | Authorization Caching in a Multithreaded Object Server - Systems and methods are included for accessing resource objects in a multi-threaded environment. A request is received from a requester to perform an operation with respect to a resource object, where the requested resource object has multiple associations with other objects. A determination as to whether an authorization cache entry corresponding to the requested resource object contains sufficient permission data for granting or denying the request for access to the requested resource object is made. A grant or deny of access to the requested resource object is returned when the authorization cache entry corresponding to the requested resource object contains sufficient permission data. | 01-16-2014 |
| 20140026191 | SECURITY MODEL FOR A MEMORY OF A NETWORK INFORMATION SYSTEM - Systems and methods for providing information services are disclosed. A method includes passing an instance an object, invoked by a user, to a memory device at a hardware layer of a network information system, the object being hosted for a tenant of a network information service. The method further includes determining by a processing unit of the memory device that storage of the object is not authorized by the tenant based on a security map provided by the tenant and accessible by the processing unit within the hardware layer. The method further includes preventing storage of the instance in the memory device based on the result of the determining. | 01-23-2014 |
| 20140026192 | USER CONTROL OVER WIFI NETWORK ACCESS - A server system transfers display data for presentation to a user who selects multiple geographically-distributed WiFi access systems and a password. The server system receives user data that indicates the user-selected WiFi network access systems and the user-selected password. The server system stores an association between the user-selected WiFi network access systems and the user-selected password. The server system receives an access request for one of the user-selected WiFi network access systems using the user-selected password. The server system transfers a positive response to the access request based on the stored association between the user-selected WiFi network access systems and the user-selected password. | 01-23-2014 |
| 20140026193 | Systems and Methods of Using a Temporary Private Key Between Two Devices - A method executes at a personal user device associated with a user. The method receives a request from a shared user device, the request seeking access to personal information associated with the user. The personal information is stored at a resource server. The method receives access authentication information from the user. The method then sends the access authentication information to an authentication server, and receives an access token. The access token grants access privileges to the personal information. The method sends the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information. The method detects a physical movement of the personal user device, then sends a message to the authentication server to revoke access privileges associated with the access token. | 01-23-2014 |
| 20140026194 | ePHI-COMPLIANT GATEKEEPER SYSTEM & METHODS - An ePHI-compliant gatekeeper system that provides single, controlled access, editable in real-time, to an individual patient's medical information that remains remotely stored within internal network architecture from a variety of disparate healthcare professionals, medical systems, and vendors networks. The ePHI-compliant gatekeeper system is an independent, cloud-based architecture to ensure that inherent infrastructure does not compromise existing privacy requirements and the proprietary interests of partnered platformed networks. The ePHI-compliant gatekeeper system includes user equipment and a cloud-based vetting system. The cloud-based vetting system includes a Software as a Service (SaaS) module and a Platform as a Service (PaaS) module. The SaaS module provides user authentication at login. The PaaS module electronically provides real-time updated, single controlled access to individual patients medical information, accordingly, the cloud-based vetting system provides an infrastructure application that is a plugin component to a plurality of network entities that maintain such medical information. | 01-23-2014 |
| 20140026195 | Enterprise-specific Functionality Watermarking and Management - A method, system and non-transitory computer-readable medium product are provided for enterprise-specific functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device associated with an enterprise and identifying at least one watermark template associated with an enterprise. The method further includes applying the at least one watermark template associated with the enterprise to at least one function of the user device associated with the enterprise and authorizing the request to perform the at least one function of the user device associated with the enterprise. | 01-23-2014 |
| 20140026196 | ANTI-CLONING SYSTEM AND METHOD - A method for authenticating a software application instance, the method includes a user device transmitting a request for access to a server device, wherein the request includes an App ID. The method further includes a server device transmitting a session ID to the user device and transmitting the session ID and the App ID to an anti-clone engine. The method further includes the anti-clone engine generating and transmitting a challenge token to the user device, and receiving and processing a response token to determine whether the user device is an authentic software application instance. The method further includes the anti-clone engine transmitting an authorization message to the server device. | 01-23-2014 |
| 20140026197 | COORDINATION BETWEEN SELF-ORGANIZING NETWORKS - A mechanism to handle conflict situations relating to a situation in which an intended SON operation at or near the domain's boundary (border area) may impact on one or more cells in a neighboring domain comprises a single-domain coordinator that assesses whether there may be an impact on the neighboring domain, and if yes, requests an inter-domain, coordinator to check and assess whether there is a conflict. | 01-23-2014 |
| 20140026198 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - According to one embodiment, a control module detects each of a plurality of events. A management module transmits a determination result indicative of one of permission and prohibition of execution of a specific process to the control module when a second event of requesting execution of the specific process is detected before detection of a first event of requesting a connection to a specific external communication device. When the second event is detected after the detection of the first event, the management module transmits the other of permission and prohibition of the execution of the specific process to the control module. | 01-23-2014 |
| 20140033276 | SCRIPTING ENGINE EXTERNALIZED FUNCTION EXECUTION CONTROL - Various embodiments include at least one of systems, methods, software, and data structures to evaluate function calls within a host, such as a scripting or application programming interface (API) host, prior to execution. Such embodiments may determine if a called function is authorized for execution. When the function is not authorized for execution, the function is not executed. Authorized and unauthorized functions may be set in a representation including one or both of authorized and unauthorized function functions. The representation may be stored external to the host so as to be modifiable. | 01-30-2014 |
| 20140033277 | Program Service Based on Individual Identification - Method, device, and storage medium for providing a program service based on identifying a user at a user level versus at an account level or a device level. The user is identified based on an identifier associated with a mobile device. The program service allows the user to store program session information according to various user settings including location, time of day, user device used during previous session, type of program, and service provider that provides access to the program service. The program service allows the user to share program session information with other users or prevent other users from accessing the program session information. The program service provides digital rights management at the user level. | 01-30-2014 |
| 20140033278 | SYSTEM AND METHOD OF SECURING SHARING OF RESOURCES WHICH REQUIRE CONSENT OF MULTIPLE RESOURCE OWNERS USING GROUP URI'S - In accordance with various embodiments, services gatekeeper systems and methods allow mapping and protecting communication services APIs with OAuth and group access to user information. Such a system can include a plurality of applications, executing on one or more application servers. The services gatekeeper is operable to define a group of members using a group URI, intercept requests for access to communication services APIs, obtain authorization from a group owner for access to a specified communication services API for each member of the group, and enable access to the specified communication services API of each member of the group in accordance with the scope authorized by the group owner. | 01-30-2014 |
| 20140033279 | SYSTEM AND METHOD OF EXTENDING OAUTH SERVER(S) WITH THIRD PARTY AUTHENTICATION/AUTHORIZATION - In accordance with various embodiments, systems and methods that provide for authorization of access to protected resources. Such a system can include a plurality of applications, executing on one or more application servers. The system can also include an authorization server which is operable to interface with one or more remote and/or non-co-located third party authentication servers. Each application can (a) receive a request for authorization to access a controlled resource; (b) redirect the request for authorization to a configurable authentication endpoint identifying a third party authentication server; (c) receive authorization information from the third party authorization server; and (d) issue an authorization code for access to the protected resource. | 01-30-2014 |
| 20140033280 | SYSTEM AND METHOD OF MAPPING AND PROTECTING COMMUNICATION SERVICES WITH OAUTH - In accordance with various embodiments, systems and methods which allow mapping and protecting communication services and granular access to subscriber information. Such a system can include a plurality of applications, executing on one or more application servers. The system can also include a services gatekeeper which is operable to intercept request for access to communication services, obtain scoped authorization from a subscriber for access to a specified communication services, enable access to the specified communication services in accordance with the scope authorized by the subscriber. | 01-30-2014 |
| 20140033281 | USER AUTHENTICATION SYSTEM, USER AUTHENTICATION METHOD AND NETWORK APPARATUS - In a user authentication system which carries out authentication at a user terminal via a network, a password authentication page where permission of authentication is determined based on a consistency between an input password inputted from the user terminal and an authentication password includes: a private page URL key obtained by transforming a private page URL which the user terminal can connect via the network if it is determined that the authentication is permitted and an authentication password, using an encryption algorithm; and a URL recovery processing code to find the private page URL by transforming the private page URL key and the input password through inverse transformation of the encryption algorithm. If it is determined that the authentication is permitted, the private page URL is acquired using the URL recovery processing code. | 01-30-2014 |
| 20140033282 | PUTTING IN PLACE A SECURITY ASSOCIATION OF GBA TYPE FOR A TERMINAL IN A MOBILE TELECOMMUNICATIONS NETWORK - A method is provided for putting in place a security association of GBA type for a terminal. The method includes the following steps, executed in a network access server, following receipt of a request for attachment to the network from the terminal: dispatching a request for association of security to a priming function server; reception of a response comprising security association parameters, from the priming function server and dispatching a message including the security association parameters to the terminal. | 01-30-2014 |
| 20140033283 | APPARATUS, SYSTEMS AND METHODS FOR MEDIA CONTENT DELIVERY - A media content delivery system and method is operable to communicate an authorized single media content stream generated by a local programming provider (LPP) in a domestic market area (DMA) to a client facility, wherein the authorized single media content stream is multiplexed into a multi-media content stream with a plurality of other single media content streams generated by a plurality of other LPPS in the DMA. An exemplary embodiment identifies an authorized single media content stream of interest to a client; accesses the multi-media content stream communicated from a communication network at the client facility, unbundles the authorized single media content stream from the received multi-media content stream, and communicates the authorized single media content stream to a program content generation system operated by the client. | 01-30-2014 |
| 20140040989 | MULTI-DEVICE BEHAVIORAL FINGERPRINTING - Disclosed herein are example embodiments for multi-device behavioral fingerprinting by a user device or a server device. For certain example embodiments, at least one device may obtain at least one behavioral fingerprint that is associated with at least one authorized user, with the at least one behavioral fingerprint including one or more indicators of utilization of two or more user devices by the at least one authorized user. The at least one device may perform at least one authentication-related operation based at least partially on the at least one behavioral fingerprint. | 02-06-2014 |
| 20140040990 | VERIFICATION OF COMPUTER SYSTEM PRIOR TO AND SUBSEQUENT TO COMPUTER PROGRAM INSTALLATION - Embodiments of the present invention provide a method, system, and computer program product apparatus for validating a computer environment. In an embodiment of the invention, a signature file denoting the infrastructure requirements of a computing environment to support a computer program to be installed in the computer environment of multiple different computing devices disposed in multiple different network domains can be loaded. Administrative network privileges to access the multiple different network domains in the computing environment can be acquired. Further, at least one deficiency in the infrastructure requirements corresponding to one of the network domains can be identified and the identified deficiency can be remediated. The identified deficiency can be reported. | 02-06-2014 |
| 20140040991 | METHOD FOR COMMUNICATING BETWEEN A SERVER AND A CLIENT AND CORRESPONDING CLIENT, SERVER AND SYSTEM - The invention relates to a method for communicating between a server and a client. The server and the client access at least one session extension key and/or a key associated with the session extension key, as an associated key. The server authorizes to extend an open communication session with the client until an expiration time only if the client sends to the server authentication data allowing the server to authenticate at least the client on a basis of the session extension key. The expiration time is a time at which the communication session is open completed by a predetermined extension time period. The invention also relates to corresponding client, server and system. | 02-06-2014 |
| 20140040992 | VEHICLE NETWORK SYSTEM - In a vehicle network system, a plurality of ECUs are network-connected. The plurality of ECUs include a first ECU that has set therein a secret key from among the secret key and a public key that form a pair and are set on the basis of initialization processing performed when the vehicle network system is created, and a second ECU that has set therein the public key. The second ECU adds, to a transmission signal, an authentication keyword created from the public key and information capable of specifying the second ECU and transmits the transmission signal with the authentication keyword added thereto to the network. The first ECU acquires the authentication keyword and estimates the reliability of the communication signal on the basis of the acquired authentication keyword and the secret key. | 02-06-2014 |
| 20140040993 | METHOD FOR PROVIDING AUTHORIZED ACCESS TO A SERVICE APPLICATION IN ORDER TO USE A PROTECTED RESOURCE OF AN END USER - The protected resource, typically an API, is exposed by endpoints of a plurality of administrative domains. The endpoints are previously unknown by said service application and the method further comprises:
| 02-06-2014 |
| 20140040994 | SERVICE OPENING METHOD AND SYSTEM, AND SERVICE OPENING SERVER - Embodiments of the present invention relate to a service opening method and system, and a service opening server. The method includes: receiving a service request from a third-party application, where the service request carries type and parameter information of the requested service; querying, according to the type information of the service, a service directory to obtain an access address and authentication type information of the requested service; when it is determined that the invoking of the service needs an authorization of an end user, obtaining an authorization notification message of the end user according to the type information of the service and the parameter information of the service; and forwarding, the service request to a capability server, and forwarding, to the third-party application, a service response message returned by the capability server. The control of the end user on the authorized service is ensured to the greatest extent. | 02-06-2014 |
| 20140040995 | Secure Administration of Virtual Machines - Methods and systems for performing secure administration of virtual domain resource allocation are provided herein. A cloud service provider (CSP) may provide instances of virtual machines to one or more contracting user entities. The cloud service provider may store an authorization database identifying one or more resources (e.g., storage, CPU, etc.) that each of the different contracting user entities is authorized to use on a virtual machine server device. The CSP may subsequently receive a request from an unverified entity to instantiate a virtual machine with access to one or more resources. The request may include security information. The CSP validates the request by verifying the unverified entity using the first security information (e.g., checking a PKI certificate, requiring a login/password, etc.) and, when the request is validated, provides access to the verified entity to a subset of the requested one or more resources based on the authorization database. | 02-06-2014 |
| 20140040996 | RELAY DEVICE - A connector | 02-06-2014 |
| 20140047509 | AUTHORIZING COMPUTING RESOURCE ACCESS BASED ON CALENDAR EVENTS IN A NETWORKED COMPUTING ENVIRONMENT - An approach for authorizing access to computing resources (e.g., electronic files) based on calendar events (e.g., meetings of a user) in a networked computing environment (e.g., a cloud computing environment) is provided. A portion/segment (e.g., private cloud) of the networked computing environment may be designated for storing at least one electronic file to be shared (e.g., as stored in a computer storage device associated with the portion). The portion of the networked computing environment may then be associated (e.g., graphically) with an electronic calendar entry (e.g., a meeting having a set of attendees). Based on the calendar entry, a set of users (e.g., the meeting attendees) authorized to access the at least one electronic file may be determined based on the electronic calendar entry. Thereafter, access (e.g., a related permissions) to the at least one electronic file may be authorized for the set of users. | 02-13-2014 |
| 20140047510 | WIRELESS MULTI-FACTOR AUTHENTICATION WITH CAPTIVE PORTALS - Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others. | 02-13-2014 |
| 20140047511 | NETWORK STORAGE SYSTEM AND METHOD THEREOF - A network storage system includes a user data storage area, a public storage area, and a processor. The user data storage area includes a number of private storage areas for storing private data of users. Each private storage area is designated for a registered account. The public storage area stores a plurality of identifiers (IDs) of the private storage areas and a plurality of deletion codes each of which corresponds to a registered account and comprises a deletion ID and a user ID. The processor identifies the code is a deletion code when one of the deletion IDs is contained in the code, determines the corresponding registered account of the identified deletion code according to the user ID, further determines the corresponding private storage area of the determined registered account, and deletes all the data stored in the determined private storage area. | 02-13-2014 |
| 20140047512 | SYSTEM AND METHOD FOR MONITORING ONLINE ACTIVITY ON ELECTRONIC DEVICES - A system and method of monitoring one or more electronic devices is disclosed which allows the application developer and the first user to collaborate to create monitoring filters to monitor and control the electronic device(s). The monitoring system is able to monitor. The monitoring system further includes a system which allows communication amongst the application developer, first user(s) and/or second user(s). | 02-13-2014 |
| 20140047513 | System and Method for Controlled Decentralized Authorization and Access for Electronic Records - A system and computer-implemented method for providing decentralized access to records. The method is performed on at least one computer system including at least one processor. The method includes the steps of: generating at least one reference for at least one record stored on a source system, the at least one reference comprising authorization information and a pointer to the at least one record; receiving, at the source system from a client system, a request to retrieve the at least one record from the source system, the request initiated using the at least one reference and including at least a portion of the at least one reference; authenticating or authorizing at least one of the client system and a user of the client system; and transmitting the at least one record from the source system to the client system. | 02-13-2014 |
| 20140047514 | ZONE MIGRATION IN NETWORK ACCESS - The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment. | 02-13-2014 |
| 20140047515 | Method and System for Realizing Presence Service, Presence Information Processing Device and Presentity Client - A method for processing presence information is disclosed. Presence information includes different values of a presence element, classes corresponding to the values and presentity information. Authentication configuration information of a presentity is obtained according to the presentity information. A right rule is obtained by resolving the authentication configuration information. The right rule includes a correlation configured by the presentity between a watcher identity and a class of a group that the watcher identity pertains to. A value of the presence element is sent to a corresponding watcher according to a correlation between the class corresponding to the value in the presence information and the class derived from the right rule obtained from the authentication configuration information. | 02-13-2014 |
| 20140053242 | MANAGEMENT OF PRIVATE INFORMATION - A network device is configured to receive a request, from a device, for private information associated with a user of a user device, on behalf of another user device. The network device may authenticate the device, the user device, and the other user device. The network device may request and receive the user's authorization to send the private information to the other user device. The network device may generate and send a token used to request the private information. The network device may receive the token from the device, determine that the token is valid, and send the private information. | 02-20-2014 |
| 20140053243 | SYSTEM FOR PROVIDING TEMPORARY INTERNET ACCESS FROM A RESTRICTED LOCAL AREA NETWORK ENVIRONMENT - The captive portal environment exists where there is only a single available communication service that is available to the user. An example of a captive portal environment is on board an aircraft in flight, where the passengers have no access to any communication services, other than the aircraft resident wireless Local Area Network. The Restricted LAN Internet Access System functions in the aircraft to grant the user a temporary Internet session so they can download a prerequisite application from the Internet to make use of an application/service resident on the Restricted LAN in the aircraft. | 02-20-2014 |
| 20140053244 | ANONYMIZATION AS A SERVICE - One or more network devices receive user criteria for providing anonymization of data from a user device and generate a default workflow for achieving the user criteria. The network devices provide, to the user device, the default workflow and receive user input to the default workflow. The network devices generate and send, based on the user input, final workflow instructions for transmitting data from the user device. The network devices also receive anonymized data transmitted from the user device based on the final workflow instructions. The network devices can provide trend observations of the anonymized data for use by third parties without granting access to the anonymized data. | 02-20-2014 |
| 20140053245 | SECURE COMMUNICATION USING A TRUSTED VIRTUAL MACHINE - A client system, such as a computer or a smartphone, securely exchanges sensitive information with a remote service provider computer system such as a bank or an online retailer. The client system executes a commercially available operating system in an untrusted virtual machine (VM), which may be affected by malware. A hypervisor is configured to launch a trusted, malware-free VM from an authenticated image stored on computer-readable media used by the untrusted VM. The trusted VM executes a thin operating system with minimal functionality, to manage a secure communication channel with the remote server system, wherein sensitive communication is encrypted. Data from the trusted VM is forwarded via the hypervisor to a network interface driver of the untrusted VM for transmission to the remote service provider. The service provider may perform a remote attestation of the client system to determine whether it operates a trusted VM. | 02-20-2014 |
| 20140053246 | SELF-CONFIGURING WIRELESS NETWORK - Methods, systems, and apparatus, are provided for wireless networking In some implementations, a self-configuring wireless system includes at least one wireless network device; and an access point device; wherein the access point device and the at least one wireless network device are preconfigured with a common key so as to enable the access point device to establish a secure wireless network with the at least one network device using the common key upon powering up the access point device and the at least one wireless network device at a user site. | 02-20-2014 |
| 20140053247 | Controlling Access to Resources Based on Affinity Planes and Sectors - A first person (which may be a natural person, organization, brand, or other entity) has one or more affinity planes. Each affinity plane represents a distinct closeness of relationship with the first person. The first person also has one or more sectors, each of which may be associated with a domain. Each of the other people may be associated with zero or more of the first person's affinity planes and zero or more of the first person's sectors. Each of the first person's resources may be associated with zero or more of the first person's affinity planes and zero or more of the first person's sectors. A request by one of the other people to access one of the first person's resources is granted based on the overlap between the affinity planes and sectors associated with the requestor and the affinity planes and sectors associated with the requested resource. | 02-20-2014 |
| 20140053248 | DETECTING AND RESPONDING TO AN ATYPICAL BEHAVIOR - Methods, devices, and systems are provided for optimizing the dissemination of information in various types of systems such as an access control system. More specifically, there are provided herein various mechanisms to provide a modified agent path such that an agent following the modified agent path, may update at least one non-networked reader. The update of the at least one non-networked reader not occurring if the agent follows an unmodified agent path. | 02-20-2014 |
| 20140053249 | METHOD, APPARATUS, AND SYSTEM FOR PREVENTING ABUSE OF AUTHENTICATION VECTOR - A method for preventing abuse of an Authentication Vector (AV) and a system and apparatus for implementing the method are provided. Access network information of a non-3rd Generation Partnership Project (3GPP) access network where a user resides is bound to an AV of the user, so that when the user accesses an Evolved Packet System (EPS) through the non-3GPP access network, even if an entity in the non-3GPP access network is breached, or an Evolved Packet Data Gateway (ePDG) connected to an untrusted non-3GPP access network is breached, the stolen AV cannot be applied to other non-3GPP access networks by an attacker. | 02-20-2014 |
| 20140059650 | DYNAMIC ROUTING OF AUTHENTICATION REQUESTS - Methods, systems, and computer readable media for dynamically routing authentication requests are described. An embodiment can include receiving, at one or more computing devices, a network authentication request. An embodiment can also include creating, at the one or more computing devices, an authentication context based on information in the authentication request. An embodiment can also include dynamically routing, using the one or more computing devices, the authentication request to an authentication server. | 02-27-2014 |
| 20140059651 | Account Elevation Management - Disclosed are various embodiments for elevating a user account by granting administrator permissions to workstations of network users. One embodiment of such a method comprises receiving authorization to provide a user temporary membership to an administrators group for a defined period of time; sending instructions to a workstation of the user to register as a member to the administrators group of the workstation; and in response to the membership having expired, sending instructions to remove the user as a member of the administrators group on the workstation. | 02-27-2014 |
| 20140059652 | APPARATUS FOR UPLOADING CONTENTS, USER TERMINAL APPARATUS FOR DOWNLOADING CONTENTS, SERVER, CONTENTS SHARING SYSTEM AND THEIR CONTENTS SHARING METHOD - A user terminal apparatus for uploading contents, a user terminal apparatus for downloading contents, a server, a content sharing system, and methods thereof are provided. The contents sharing method includes creating contents, uploading the created contents from the user terminal apparatus to a server, receiving, at the user terminal, storage location information corresponding to a location in the server where the uploaded contents are stored and access authorization information for accessing the uploaded contents from the server, and transmitting a message including the storage location information and the access authorization information from the user terminal apparatus to a second user terminal apparatus. | 02-27-2014 |
| 20140059653 | INTEGRATING OPERATING SYSTEMS WITH CONTENT OFFERED BY WEB BASED ENTITIES - Example embodiments are provided for integrating operating systems with content offered by internet based entities. | 02-27-2014 |
| 20140059654 | ACCESS PERMISSIONS ENTITLEMENT REVIEW - A system for operating an enterprise computer network including multiple network objects, said system comprising monitoring and collection functionality for obtaining continuously updated information regarding at least one of access permissions and actual usage of said network objects, and entitlement review by owner functionality operative to present to at least one owner of at least one network object a visually sensible indication of authorization status including a specific indication of users which were not yet authorized by said at least one owner of said at least one network object. | 02-27-2014 |
| 20140059655 | Unauthorized Location Detection and Countermeasures - A location sentry system is provided for use within a mobile device. The sentry system can be configured to detect unauthorized attempts to locate mobile devices by monitoring messages passed between the mobile device and the wireless network and/or messages passed between components of the mobile device, and determining that one or more of the messages is/are indicative of an attempt to locate the mobile device. In response to a determination that an unauthorized attempt has been detected, the location sentry can be configured to take one or more actions. For example, the location sentry system could prevent location information from being sent back to the wireless network and/or the location sentry system could cause incorrect information to be sent to the wireless network. | 02-27-2014 |
| 20140059656 | FUNCTIONAL DEVICE, ACCESS APPARATUS, ACCESS SYSTEM, AND COMMUNICATION ESTABLISHING METHOD - A functional device can communicate with an access apparatus. The functional device includes an access controller that controls an additional device and obtains characteristic information of the additional device at an initialization process of the additional device, a memory that stores the obtained characteristic information, a communication unit that transmits and receives data to and from the access apparatus, and a communication controller that transmits the characteristic information stored in the memory to the access apparatus, when receiving a request for the initialization process from the access apparatus through the communication unit after transferring an exclusive right to the access apparatus, the exclusive right being a right to exclusively control the additional device. | 02-27-2014 |
| 20140059657 | METHOD AND SYSTEM FOR TRANSMITTING AUTHENTICATION CONTEXT INFORMATION - A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider. | 02-27-2014 |
| 20140068718 | FLATTENING PERMISSION TREES IN A VIRTUALIZATION ENVIRONMENT - A virtualization manager receives a permission request indicating a user and an entity in a virtual machine system. The virtualization manager flattens a permissions database to generate a flattened database view. Using the flattened database view, the virtualization manager determines whether the user has permission to access the entity in the virtual machine system and returns an indication of whether the user has permission to access the entity in the virtual machine system. | 03-06-2014 |
| 20140068719 | METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR SHARING WIRELESS NETWORK CONFIGURATIONS - Example method, apparatus, and computer program product embodiments are disclosed to improve user experience and security in sharing wireless network configurations. An embodiment comprises reading, by a guest wireless device, data from a machine readable medium, including accessing information, to enable the guest device to obtain credentials from an access rights server, to access an access point or network, based on the accessing information; transmitting by the guest device, a wireless message to the access rights server, requesting credentials to enable accessing the access point or network, the request including the accessing information addressing a storage partition in a database associated with the access rights server, the storage partition being accessible with the accessing information; and receiving by the guest device from the access rights server, the credentials to enable the guest device to gain access to the access point or network by using the credentials. | 03-06-2014 |
| 20140068720 | SYSTEM AND METHOD FOR PROTECTING DEVICES ON DYNAMICALLY CONFIGURED NETWORK - Provided herein are systems and methods for implementing a more secure network client device in connection with the dynamic host configuration protocol (DHCP). Incoming DHCP Offer packets containing configuration information are temporarily collected. Once all incoming Offers are judged to have been received, offers are scored and a winning offer is selected. The winning offer is used to configure the device's network stack. | 03-06-2014 |
| 20140068721 | ALLOWING GUEST OF HOSPITALITY ESTABLISHMENT TO UTILIZE MULTIPLE GUEST DEVICES TO ACCESS NETWORK SERVICE - Network traffic is received from a guest device on a computer network of a hospitality establishment, and a guest area of the hospitality establishment is accordingly identified. A login database is queried to find an unexpired login for the guest area, the unexpired login specifying a stored guest identifier corresponding to information retrieved from a property management system of the hospitality establishment regarding a guest of the guest area at a time when the unexpired login was created. The stored guest identifier of the unexpired login is compared with a current guest identifier of the guest area retrieved from the property management system regarding a current guest of the guest area. When the stored guest identifier matches the current guest identifier, the guest device is automatically allowed to access the network service for a remaining portion of the allowed access duration of the unexpired login. | 03-06-2014 |
| 20140068722 | PERSONAL IDENTITY CONTROL - Obtaining authorization from a subscriber to an authorization service provided by an authorization provider in a data communications system. The data communications system includes a plurality of relying parties and a plurality of authorization providers. An authorization request including data identifying is subscriber to an authorization service is received from a relying party. An authorization provider is selected from the plurality of authorization providers on the basis of the subscriber-identifying data. An authorization request is transmitted to the selected authorization provider. An authorization response is received from the selected authorization provider. The authorization response indicates that the subscriber has authorized the request on a telecommunications device with which contact has been initiated by the authorization provider in response to the authorization request. An authorization message is transmitted to the relying party based at least in part on the authorization response received from the selected authorization provider. | 03-06-2014 |
| 20140068723 | TWO-FACTOR AUTHENTICATION SYSTEMS AND METHODS - Systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device), eliminating the need to manually provide a response to future permission requests. Information necessary to determine whether the automation criterion is met is stored locally on the mobile device. | 03-06-2014 |
| 20140068724 | DYNAMIC AUTHENTICATION IN SECURED WIRELESS NETWORKS - Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required. | 03-06-2014 |
| 20140075511 | SECURE WIRELESS COMMUNICATION APPARATUS - Aspects of various embodiments are directed to the communication of wireless data. In a particular embodiment, an apparatus includes a master/wireless communication circuit and a slave circuit that carries out a secure function. The master generates session initiation commands, and the slave is responsive to these commands by generating and storing a session ID. In response to the receipt and validation of user-input data, the slave accesses and locally stores the session ID. Upon the initiation of and/or during a wireless communication process, the slave again accesses the session ID and compares the accessed session ID with the locally stored session ID, and facilitates communication based on the comparison (e.g., communication is not permitted if the comparison does not indicate a match). | 03-13-2014 |
| 20140075512 | Dynamic Secure Login Authentication - A system for performing a secured transaction using a network including a server in communication with the network is provided. The server has a processor and a memory to store private account information from registered users and store commands that when executed by the processor cause the server to perform a method including: providing a login configuration to a user, including a matrix of dynamic symbols; determining an expected password for the user based on a trace pattern from the user and the symbols in the matrix; receiving a password from the user; and determining whether the password matches the expected password. A non-transitory machine-readable medium including a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider are adapted to cause the server to perform a method as above is also provided. | 03-13-2014 |
| 20140075513 | DEVICE TOKEN PROTOCOL FOR AUTHORIZATION AND PERSISTENT AUTHENTICATION SHARED ACROSS APPLICATIONS - Various techniques for providing a device token protocol for authorization and persistent authentication shared across applications are disclosed. In some embodiments, a device token protocol for authorization and persistent authentication shared across applications includes sending user credentials to a remote server to authenticate a user on a device for a plurality of applications; and receiving a device token from the remote server for the user to authenticate the user for the plurality of applications on the device, in which the device token facilitates authentication and authorization. | 03-13-2014 |
| 20140075514 | DISTRIBUTED HANDHELD SECURITY SYSTEM AND METHOD OF USE - A handheld security system comprises a set of handheld devices positioned at a group of access points to a secure area. The handheld device comprises a set of input/output devices including a text and graphics display, a camera, a local security database and a set of security devices including an RFID reader, a bar code reader, a magnetic stripe card reader and a biometric scanner. The set of handheld devices are communicatively connected through wireless signaling and protocol to one another and to a server operating a global a global security database. The local security database is synchronized to the global security database. A location stack table is continuously updated with security events and monitored for violation of a set of anti-passback rules. An association table associates a set of assets and a set of personnel, allowing for visitor tracking and asset tracking on a schedule. | 03-13-2014 |
| 20140075515 | SYSTEMS, DEVICES AND METHODS FOR AUTHORIZING ENDPOINTS OF A PUSH PATHWAY - An apparatus, system, and method for authorizing endpoints of a push pathway for push notifications are described herein. In one example embodiment, an identity provider element authenticates a first endpoint of the push pathway, determines an authentication token associated with the first endpoint, and determines a channel identifier in response to a successful validation of the authentication token associated with the first endpoint. In this embodiment, the identity provider element also authenticates a second endpoint of the push pathway, determines an authentication token associated with the second endpoint, and determines a handle for the push pathway in response to a successful validation of both the authentication token associated with the first endpoint and the authentication token associated with the second endpoint. The push pathway is established for transmission of push notifications from the first to the second endpoint upon establishing the handle for the push pathway. | 03-13-2014 |
| 20140075516 | SYSTEM AND METHOD FOR PROVIDING CONTROLLED APPLICATION PROGRAMMING INTERFACE SECURITY - A system and method for providing access to data of a user or services relevant to a user. A customer data key is created by a server that is specific to an application, the user of the application, and the device upon which the application resides. The server may receive an application programming interface call to create the customer data key; however, any call accessing or affecting user-specific data which does not contain a valid and authorized customer data key may be rejected. To authorize access to the offered data or services, the user conducts an entirely separate transaction not mediated by the application. During this separate transaction, the customer data key may be activated, permitting access to the data or services using the activated customer data key. | 03-13-2014 |
| 20140075517 | AUTHORIZATION SCHEME TO ENABLE SPECIAL PRIVILEGE MODE IN A SECURE ELECTRONIC CONTROL UNIT - A system and method for by-passing a security code to allow developmental software to be installed on a production controller without having to authenticate the software. The method includes requesting information from the controller and creating an information ticket in the controller in response to the request that identifies the controller. The information ticket is sent to a secure server that creates an authorization ticket that identifies the controller from the information ticket and creates a security code for the ticket. The authorization ticket is presented to the controller and if the security code is verified by the controller, the controller allows the developmental software to be installed. | 03-13-2014 |
| 20140075518 | OPERATOR PROVISIONING OF A TRUSTWORTHY WORKSPACE TO A SUBSCRIBER - Methods, systems and apparatuses for an operator provisioning a trustworthy workspace to a subscriber are disclosed. One method includes providing the subscriber with the trustworthy workspace, where in the trustworthy workspace comprises a virtualized content repository with trustworthy workflows for storing, sharing and processing a digital content across a plurality of repositories. The method further includes allowing the subscriber authority to sub-provision the trustworthy workspace to one or more authorized parties, wherein only the one or more authorized parties can view or modify at least a portion of the digital content. | 03-13-2014 |
| 20140075519 | SECURITY MEDIATION FOR DYNAMICALLY PROGRAMMABLE NETWORK - A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. A security mediation service permits such dynamic reprogramming as long as the new directives are consistent with the then-current network security policy. The security mediation service evaluates candidate packet disposition directives for conflicts with the currently active security policy, before instantiating the candidate packet disposition directives at the network switches. | 03-13-2014 |
| 20140075520 | SYSTEM AND METHOD FOR PROVIDING WHITELIST FUNCTIONALITY FOR USE WITH A CLOUD COMPUTING ENVIRONMENT - A system and method for providing whitelist functionality for use with a cloud computing environment. In accordance with an embodiment, software applications being deployed to the cloud are restricted from using certain classes or application program interfaces (APIs). During provisioning by, e.g., a Java cloud services (JCS) infrastructure, or another component of the cloud environment, an application's resources, such as its classes or API calls, can be matched against a whitelist of acceptable resources. If the application fails to be validated against the whitelist, it will not be deployed to the cloud, and the customer/user notified accordingly. In accordance with an embodiment, a whitelist functionality can be packaged within a software development kit (SDK), which customers/users can use during development of their applications, to verify that the applications will comply with, or successfully validate against the whitelist, prior to attempting to deploy the applications to the cloud. | 03-13-2014 |
| 20140075521 | SYSTEM AND METHOD FOR SHARING LOGIN STATUS BETWEEN AN APPLICATION PLATFORM AND AN APPLICATION - A method for sharing login status between an application platform and an application, both running on a client device, is performed at a computer. In response to a login request from the client device, the computer analyzes the login request to determine whether the login request is associated with the application platform or the application. If the login request is with the application platform, the computer then establishes a first connection with an application platform server and forwards the login request to the application platform server. Upon receiving a login key from the application platform server, the computer returns the login key to the client device. If not, the computer establishes a second connection with an application server and forwards the login request to the application server. Upon receiving a login key from the application server, the computer then returns the login key to the client device. | 03-13-2014 |
| 20140082699 | SYSTEMS AND METHODS FOR ASSOCIATING A VIRTUAL MACHINE WITH AN ACCESS CONTROL RIGHT - The present invention is related to associating a machine or virtual machine instance with an access control right in a cloud-based computing environment. In one aspect, the present invention relates to an apparatus for or a method of associating a machine or virtual machine instance with an access control right in a cloud-based computing environment. In various embodiments, the apparatus is capable of, and the method includes, the following: receiving, in a cloud-based computing environment, a request to perform an action; using an identifier for the machine or virtual machine instance to determine that the received request was sent by, or on behalf of, the machine or virtual machine instance; and identifying an access control right associated with the machine or virtual machine instance making the request, to determine whether to perform the action on behalf of, or grant access by, the machine or virtual machine instance. | 03-20-2014 |
| 20140082700 | INFORMATION PROCESSING APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND PROGRAM - An information processing apparatus for executing authentication processing, characterized by comprises: storage means for storing, in association with each other, an image, region information indicating a region included in the image, and word information indicating an object linked with the region; determination means for determining an image to be used for the authentication processing among the images stored in the storage means; display means for displaying the image determined by the determination means; specification means for specifying, in a case where a user designates a position within the image displayed by the display means, word information associated with region information of a region including the position; and authentication means for executing authentication processing using the word information specified by the specification means. | 03-20-2014 |
| 20140082701 | DYNAMICALLY CONFIGURABLE ONLINE DATA UPDATE SYSTEM - A data object update system provides a flexible framework that can be used to upgrade, renew, replace or supplement data objects that are provisioned in a large base of network-enabled devices that been deployed in the field to end users. The system has the flexibility to configure, for example, the following items, based on different requirements received from network operators: which device key and/or certificate is to be used to authenticate request messages from network-enabled devices before a specific data object update request is accepted into the system; which device identifier is to be used to authorize data object update requests; which device identifier is to be used for generating device specific data objects; and which protection mechanism is to be used to secure the delivery of data objects to network-enabled devices. | 03-20-2014 |
| 20140082702 | SYSTEMS AND METHODS FOR CONTROLLING AND COMMUNICATING WITH CONNECTED DEVICES - Systems and methods for controlling and communicating with electronic devices (connected devices) remotely through an Internet connection or other networks are disclosed. In some embodiments, a system of connected devices includes appliances, consumer electronics products, sensors, or modules intended to control devices attached to the connected devices, such as, for example, light bulbs or other appliances, through power outlets or other electrical or mechanical connections. A remote server may be able to receive signals directly from a user via input from a user device, or from a third party, and communication from the user or from third parties may be secured such that only the user and the third parties given explicit permission can control and communicate with the connected devices belonging to the user. | 03-20-2014 |
| 20140082703 | AUTHORIZATION METHOD, APPARATUS, AND SYSTEM - The present invention discloses an authorization method, apparatus, and system, and belongs to the field of communication technologies. The method includes: receiving information for accessing a third-party network application platform; generating a two-dimensional code corresponding to the third-party network application platform, and presenting the two-dimensional code in the third-party network application platform; and receiving information of the scanned two-dimensional code, and authorizing, according to the information of the scanned two-dimensional code, the third-party network application platform. After the information for accessing the third-party network application platform is received, authorization is performed on a third-party web site by generating a two-dimensional code corresponding to the third-party web site and according to information of the scanned two-dimensional code. The third-party web site can be authorized by only scanning the corresponding two-dimensional code, which is easy to operate and reduces operation time. | 03-20-2014 |
| 20140082704 | ACCESS MANAGEMENT FOR CONTROLLING ACCESS TO COMPUTER RESOURCES - A computer system to control access to computer resources of a computer data center. The computer system includes processors and program instructions stored on one or more computer-readable storage devices of the computer system. The stored program instructions include: (i) program instructions to determine that a request to access one of the computer resources is in response to a service request pertaining to the one computer resource targeted by the service request; and (ii) program instructions, responsive to the determination, to map the service request to one or more standard operating procedures to enable information embedded in the one or more standard operating procedures to be used to process the service request, assign a user to execute the service request, and grant the user the requested access of the one computer resource to enable the user to execute the service request. | 03-20-2014 |
| 20140082705 | SERVER, A SYSTEM, A METHOD, A COMPUTER PROGRAM AND A COMPUTER PROGRAM PRODUCT FOR ACCESSING A SERVER IN A COMPUTER NETWORK - The invention concerns a first server ( | 03-20-2014 |
| 20140090020 | ATTRIBUTE SCOPING AND HIERARCHY - Downloadable pluggable services and methods of distributing the same are described. The downloadable pluggable services may correspond to communication services that can be downloaded to upgrade a communication system. The downloadable pluggable services may include a number of component parts that can be distributed among various servers in the communication system being upgraded along with instructions that enable the component parts to instruct each server in the communication system to operate in a coordinated fashion so as to provide the downloaded service. | 03-27-2014 |
| 20140090021 | COMPREHENSIVE AUTHENTICATION AND IDENTITY SYSTEM AND METHOD - A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process. | 03-27-2014 |
| 20140090022 | MANAGING AND CONTROLLING ADMINISTRATOR ACCESS TO MANAGED COMPUTER SYSTEMS - A method and computer program product for managing and controlling access of an administrator to a managed computer system. At least one computer program on an access system of the managed computer system receives from the administrator a request for access to the managed computer system and requests a managing computer system to search open tickets for service management. In response to that the open tickets are not found, the at least one computer program redirects the administrator to log onto the managing computer system to obtain a new open ticket for the access. In response to that the open tickets are found, the at least one computer program requests the administrator to choose at least one ticket from the open tickets and grants the administrator the access to the managed computer system in response to determining that the at least one ticket is valid. | 03-27-2014 |
| 20140090023 | Method and Apparatus for Authenticating Location-based Services without Compromising Location Privacy - A method and an apparatus for authenticating location-based services without compromising location privacy, which comprises a comprehensive solution that preserves unconditional location privacy when authenticating either range queries using three authentication schemes for R-tree and grid-file index, together with two optimization techniques, or k-nearest neighbor queries using two authentication schemes for R-tree and Voronoi Diagram index. | 03-27-2014 |
| 20140090024 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - An information processing apparatus includes a processor configured to determine a location in which a terminal is located, and create a folder to which access authority is given to the terminal, the folder being associated with the location. A control method of an information processing apparatus includes determining a location in which a terminal is located, and creating, using a processor, a folder to which access authority is given to the terminal, the folder being associated with the location. | 03-27-2014 |
| 20140090025 | INFORMATION PROCESSING DEVICE AND METHOD - Access restriction is performed on access to a page on which information is posted from a terminal of a subject. It is determined whether positions of terminals used by the subject and a manager, who is associated with the subject in advance, accord with each other. A relaxation operation is received from the terminal of the manager, when it is determined that the positions accord with each other. The access restriction by a restriction unit is relaxed, when the relaxation operation is received. A characteristic word of the page accessed by the terminal of the subject for which the access restriction is relaxed is acquired. The acquired characteristic word is transmitted to the terminal of the manager to display the characteristic word. A recovery operation is received from the terminal of the manager. The access restriction performed by the restriction unit is recovered, when the recovery operation is received. | 03-27-2014 |
| 20140090026 | System and Method for Managing Role Based Access Controls of Users - A method and system for role based access control for a plurality of users in a heterogeneous enterprise environment, comprising: establishing a functional relationship between a plurality of provisioning unit using a provision unit module. The users are mapped with the provisioning unit based on attributes of the users. Events are captured via the provision unit module. The users needed to be re-mapped are determined upon the event completion. Application role defined in context of an application embedded in an application registry module is mapped with the provisioning unit. Call back service is executed for the re-mapped users having entitlement associated with each of the application stored in a roles registry module. An application role is determined and defined for a new user for the plurality of the application enabling managing of the role based access control. | 03-27-2014 |
| 20140090027 | AUTHORIZATION SERVER SYSTEM, CONTROL METHOD THEREOF, AND STORAGE MEDIUM - In response to reception of a request, an authorization server system identifies authorization based on first authorization information received by a reception unit along with the request. The authorization server system gives at least some of the identified authorization to an application, and issues second authorization information for identifying the given authorization. | 03-27-2014 |
| 20140090028 | IMAGE FORMING APPARATUS, METHOD FOR CONTROLLING IMAGE FORMING APPARATUS, AND STORAGE MEDIUM THEREFOR - When a request for acquiring authorization information is received from a resource service application that is a request source, an image forming apparatus transmits a request for further delegating an authorization delegated from a user to the resource service application to an authorization server system together with first authorization information, and acquires second authorization information issued based on the first authorization information from the authorization server system. | 03-27-2014 |
| 20140090029 | NETWORK ACCESS METHOD, AUTHENTICATION METHOD, COMMUNICATIONS SYSTEM AND RELEVANT DEVICES - A network access method, an authentication method, a communications system, and relevant devices are provided to support implicit authentication based on subscriber line information in Internet Protocol version 6 (IPv6). The authentication method includes: receiving a request message sent from an Access Node (AN), wherein the request message carries subscriber line information and a Link-Local Address (LLA); sending an access request to an Authentication, Authorization and Accounting (AAA) server according to the subscriber line information; receiving an authentication result indicating the authentication is successful; determining whether an address matching the LLA carried in the request has been stored in the BNG; and storing the LLA in the BNG, if the address matching the LLA is not stored in the BNG. | 03-27-2014 |
| 20140090030 | CAPTIVE PORTAL THAT MODIFIES CONTENT RETRIEVED FROM DESIGNATED WEB PAGE TO SPECIFY BASE DOMAIN FOR RELATIVE LINK AND SENDS TO CLIENT IN RESPONSE TO REQUEST FROM CLIENT FOR UNAUTHORIZED WEB PAGE - The described captive portal techniques cause client devices to render and display designated web pages. One designated web page may be different than a requested web page such as when a client is not authorized to access the requested page and is instead caused to display a login portal. The captive portal may modify the designated web page to ensure that relative links lacking base domains now have specified base domains pointing to an authorized web server. The modified content is sent from the captive portal to the client device for display. Client web browser security measures related to redirection messages are thereby bypassed and load on the captive portal is minimal. Another designated web page may be the same as the requested web page such as when the requested page is an authorized page even for non-logged in clients. Authorized pages may be modified to add a login link. | 03-27-2014 |
| 20140090031 | Device-Specific Authorization at Distributed Locations - A method includes receiving authentication information for a client device at a server. The authentication information includes a network address of the client device, a geographic location of the client device, and a first result of a one-way hash function based on a combination of the network address, an authentication seed, and a first secret. The method includes computing, with the server, a second result of the one-way hash function based on a combination of the network address, the authentication seed, and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location. | 03-27-2014 |
| 20140096195 | Secure Information Release - An embodiment of the invention provides a responder such as a health care professional with quick and secure access to select information about a user. An embodiment of such quick and secure access to select information may include receiving a user request to authenticate a responder mobile phone from the responder mobile phone, separately sending a common secure data to each of the responder's mobile phone and the user's mobile phone, receiving user authorization to release select data to the responder's mobile phone, the user's authorization received from the responder's mobile phone. Other embodiments are described herein. | 04-03-2014 |
| 20140096196 | SYSTEM AND METHOD FOR ENHANCING SELF-SERVICE SECURITY APPLICATIONS - Embodiments of the present invention may enable a user of an electronic device to setup a game-based environment within the electronic device that can be used as an authentication platform to prevent access by illegitimate or unauthorized users. The communication device may include a display screen, a processor, and a memory coupled to the processor. The memory may include a database and an instruction set. The database may store pre-defined access patterns that can be used in the authentication process. Further, the instruction set may include instructions executable by the processor to monitor inputs made by a new user in the game based environment. Furthermore, the instructions executable by the processor may match the inputs of the new user with the pre-defined access patterns to check the authentication of a new user. | 04-03-2014 |
| 20140096197 | INSTANT MESSAGING VIRTUAL PRIVATE NETWORKS - According to one embodiment, an apparatus may receive a virtual private network (VPN) establishment request communicated over an instant messenger protocol. The apparatus may negotiate a communication tunnel in response to receiving the VPN establishment request and receive a datagram through the communication tunnel. | 04-03-2014 |
| 20140096198 | SECURE CALL INDICATOR MECHANISM FOR ENTERPRISE NETWORKS - The concept of a secure call indicator is introduced. In general, the secure call indicator is capable of inspecting the security of signaling associated with Session Initiation Protocol (SIP) messages and comparing the security with media descriptions of the actual media path of the SIP messages. Furthermore, the secure call indicator may be configured to indicate the security associated with a communication session via a physical or virtual notification system. | 04-03-2014 |
| 20140096199 | DEVICE AND METHODS FOR MANAGEMENT AND ACCESS OF DISTRIBUTED DATA SOURCES - A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed. | 04-03-2014 |
| 20140096200 | Shared Level Networking - A social network server system including a qualitative Social network share level for a post, photo, etc. submitted by a given social network user device. The social network share level is based on actual content sensitivity, permitting each shared post, photo, or other information viewable by other social network user devices based on its own individual social network share level, or “closeness rating.” The closeness rating is inclusive and based on a social network share level set by the poster when making the post, adding the photo or other information. The social network share level establishes individually which connected social network user device(s) to which the poster has an established relationship may have access to the shared post, photo, information, etc. A privacy level is defined for each post, photo, etc. vis-a-vis each other social network user to which a poster has a defined relationship. | 04-03-2014 |
| 20140096201 | SYSTEMS AND METHODS FOR SECURED ENTRY OF USER AUTHENTICATION DATA - Techniques for improving security of transactions requesting user authentication data entry via mobile devices are described herein. The mobile device is configured to wirelessly communicate using a near field communications (NFC) standard used to communicate over very short distances. The mobile device includes a graphical user interface (GUI) configured to display a virtual keypad arranged in a randomly generated pattern, the pattern being configured to be changed in a random manner at each instance of displaying the virtual keypad. Security of transaction is improved by randomly changing positions of virtual keys of the virtual keypad configured to receive the user authentication data. | 04-03-2014 |
| 20140096202 | SYSTEM, SERVER, COMMUNICATION DEVICE AND COMPUTER READABLE MEDIUM THEREFOR - Computer-readable instructions, when executed by a processor of a server, cause the server to receive a request from a terminal device, using a protocol configured to be used by a browser of the terminal device. The computer-readable instructions cause the server to generate, in response to receiving the request, specific data. The specific data comprises first location information for location of a web data configured to display a message screen for transmitting target data from the terminal device to a communication device using a short-range wireless communication, and the target data is stored in a memory of the server associated with authentication information configured to authenticate the communication device to a service providing server. The specific data configured to be in a format for transmission using the protocol. | 04-03-2014 |
| 20140096203 | NETWORK SYSTEM AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM - A network system according to the present invention includes a service providing server that provides an application service, a user terminal used by a user when using the application service, and a proxy server intervening between the service providing server and the user terminal. The user terminal includes a whitelist for an application in which at least a URL of the proxy server is described. The user terminal accesses the service providing server over the network and provides an application service to the user by starting the application program. When an access request to a URL of an access target specified by the application program is made during the provision of the application service, the user terminal compares the URL of the access target with a URL described in the whitelist for the application. | 04-03-2014 |
| 20140096204 | MANAGING SECURITY RESTRICTIONS ON A RESOURCE IN A DEFINED ENVIRONMENT - Approaches described herein manage security restrictions on a resource in a defined environment to provide authorization and access. Specifically, a security system maintains a security restriction on the resource (e.g., an information technology (IT) account of a user, or an apparatus) in a defined environment. The presence of a plurality of users is continuously monitored throughout the defined environment and, based on a detection of a pre-specified set of users from the plurality of users in the defined environment, the security restriction is managed (e.g., removed or maintained). In one embodiment, the system removes the security restriction from the resource to allow at least one of: access to the IT account of the user, and operation of the apparatus. The security restriction on the resource may then be reinstated in the case that the pre-specified set of users from the plurality of users is no longer present in the defined environment. | 04-03-2014 |
| 20140096205 | Login method, open platform identification method, open platform and open platform system - The disclosure provides a login method, an open platform identification method, an open platform and an open platform system. A user terminal is guided to agree to authorize a third party application via a page of the open platform; when the connection of authorization of the user terminal succeeds, the open platform brings a first OpenID and a first OpenKey of the user to the third party application according to a login rebound protocol of the open platform; then the third party application performs user-terminal-based authorized login according to the first OpenID and the first OpenKey; and when the user terminal logging into the open platform initiates the third party application, a prompt message is sent to the user terminal with an open platform account serving as an identification of the open platform, and thus login can be implemented in various forms. A user does not need to register or manage login accounts of a plurality of websites and meanwhile the prompt and push problem of the third party application is solved. | 04-03-2014 |
| 20140096206 | NETWORK ACCESS CONTROL SYSTEM AND METHOD - A system comprising a client that can place a network site access request to a network access server. In use, prior to placing the request, the client accesses the network access server to set up a network access profile relating to personal choices and accesses a trusted site to select options to provide a trusted site profile. When the client places a request, client data is provided along with the request whereby the client is automatically recognized by the server. Upon recognition, the server passes the client data to the trusted site, the trusted site uses the client data to retrieve the client's trusted site profile, which is then transferred to the server. A combining engine in the server then combines the trusted site profile with the network access profile and a filtering engine applies the combined profiles to permit or forbid the network site request to be fulfilled. | 04-03-2014 |
| 20140101722 | Secure Content Access Authorization - A secure content delivery or access method may include coordination among three devices such as servers—a content management server, a delivery server, and an authorization server. A request for content may originate from an authorization server application, and may involve the application obtaining two digitally signed tokens for the request. The first token may be from the authorization server, and may include a content management server identifier for the requested content. The second token may include two identifiers for the content: the first identifier being the content management server identifier, and the second being a delivery server identifier. The first and second tokens may be signed by the authorization server and content management server, respectively, and may be delivered to the delivery server for validation. Successful validation may result in the delivery server providing a content decryption key for the requested content to a device requesting the content. | 04-10-2014 |
| 20140101723 | EXTENSIBLE CONFIGURATION SYSTEM TO ALLOW A WEBSITE TO AUTHENTICATE USERS BASED ON AN AUTHORIZATION PROTOCOL - An extensible configuration system to allow a website to authenticate users based on an authorization protocol is disclosed. In some embodiments, the extensible configuration system includes receiving an identifier for an authentication provider; and automatically configuring a website to use the authentication provider for logging into the website. | 04-10-2014 |
| 20140101724 | NETWORK ATTACK DETECTION AND PREVENTION BASED ON EMULATION OF SERVER RESPONSE AND VIRTUAL SERVER CLONING - Network attacks can be evaluated to determine typical responses provided by networks configured to provide services. Typically, service requests directed to a selected address are associated with data or a data streams responsive to requests to selected addresses. These responses are used to define scripts that can be executed by decoy nodes responsive to service requests at the selected addresses. Receipt of a request for services at an unused IP address and port number can trigger playback of the associated script, typically as a data stream mimicking that produced by an operational network. | 04-10-2014 |
| 20140101725 | COMMUNICATION SYSTEM, CLIENT APPARATUS, RELAY APPARATUS, AND COMPUTER-READABLE MEDIUM - A communication system includes a client apparatus and a relay apparatus. The client apparatus includes an acquisition unit and a request unit. The acquisition unit acquires permission information indicating permission to access a service provider apparatus, from the service provider apparatus. The request unit transmits the permission information and user identification information which has been input, to the relay apparatus so as to request access to the service provider apparatus. The relay apparatus includes a storage controller and an access unit. The storage controller stores the permission information and the user identification information which are received from the client apparatus, in a storage unit in such a manner that the permission information and the user identification information are associated with each other. The access unit accesses the service provider apparatus by using the permission information stored in the storage unit. | 04-10-2014 |
| 20140101726 | TRUSTED WLAN CONNECTIVITY TO 3GPP EVOLVED PACKET CORE - Systems, devices, and configurations to implement trusted connections within wireless networks and associated devices and systems are generally disclosed herein. In some examples, a wireless local area network (WLAN) may be attached to a 3GPP evolved packet core (EPC) as a trusted access network, without use of an evolved packet data gateway (ePDG) and overhead from related tunneling and encryption. Information to create the trusted attachment between a mobile device and a WLAN may be exchanged using Access Network Query Protocol (ANQP) extensions defined by IEEE standard 802.11u-2011, or using other protocols or standards such as DHCP or EAP. A trusted WLAN container with defined data structure fields may be transferred in the ANQP elements to exchange information used in the establishment and operation of the trusted attachment. | 04-10-2014 |
| 20140101727 | COMMUNICATION SYSTEM AND COMMUNICATION METHOD - A communication system includes a transmission terminal and a management device, and when having received contact list information about a second user from the management device while displaying a contact list about a first user or the transmission terminal, the transmission terminal creates the contact list about the second user based on the contact list information about the second user, and displays the contact list of the second user. | 04-10-2014 |
| 20140101728 | METHOD FOR PROTECTION OF DATA SHARED BETWEEN DEVICES CONNECTED IN A NETWORK AND CORRESPONDING APPARATUS - The invention proposes a method and device for protection of data for devices connected in a network such as a local area network or LAN. The method and device can for example be implemented on a gateway, which acts as an interconnecting device between the devices in the LAN network and that can offer these devices an access to an external network such as a wide area network or WAN. The method and device thus offers a protected environment for applications that are executed on the gateway, such as applications downloaded from the WAN. The method and device gives the applications executed on the gateway controlled access to the LAN resources in order to protect the data that the LAN devices share within the LAN, while giving the applications access to the WAN. | 04-10-2014 |
| 20140101729 | Methods, Systems and Computer Program Products for Secure Access to Information - Methods for secure communications are provided. The methods include creating a safe user account on a secure access system, wherein creating an account includes provision of at least one strong authenticator to be associated with a user of the secure access system; providing a unique login and the at least one strong authenticator associated with the user to the secure access system to gain access to information associated with a referring organization, the referring organization being registered with the secure access system; and accessing the information associated with the referring organization based on the unique login and the at least one strong authenticator provided to the secure access system. Related systems and computer program products are also provided. | 04-10-2014 |
| 20140101730 | SYSTEM AND METHOD FOR VERIFYING THE AGE OF AN INTERNET USER - A method of verifying the age of a prospective Internet user comprises establishing an age check account; receiving information about a user, the information including an alleged age of the user; sending the information to be verified; and receiving a notification that the information has been verified. | 04-10-2014 |
| 20140109185 | BREATHALYZER SYSTEM FOR SOCIAL MEDIA - A breathalyzer system for use with a computer consisting of a breathalyzer, computer software and hardware, an interface and method for delaying posts by persons who cannot prove sobriety upon initial posting. The breathalyzer registers the level of sobriety, and the result is sent through an interface to the software. If the alcohol level is below an acceptable threshold, unencumbered access to the social media is granted. If the alcohol level is above an acceptable threshold, access to websites, posting on social media websites, uploading videos, online gambling, or making large purchases is restricted. | 04-17-2014 |
| 20140109186 | Website Access Parental Management - Website access parental management techniques block a user device from accessing websites and permit access to a particular website if the received identification of the user device corresponds to a particular registered protected user identification in the records and the particular website corresponds to an approved website identified in a profile of the user. New websites can be approved by administrators and such approval can result in the approved websites being included in the approved website list of the user profile. Secondary administrators with different authorization rights and different approved website lists can be designated to manage the same or different registered protected users. | 04-17-2014 |
| 20140109187 | SECURE PROVISIONING OF COMMERCIAL OFF-THE-SHELF (COTS) DEVICES - A device receives identification information associated with a mobile commercial off-the-shelf (COTS) device, and receives configuration and security requirements defined for the mobile COTS device. The device creates secure configuration software for the mobile COTS device based on the identification information and the configuration and security requirements, and provides the secure configuration software to the mobile COTS device for installation. | 04-17-2014 |
| 20140109188 | Providing Remote Application Logs for Cloud Applications - Applications and their application components are deployed on a cloud platform. The application components generate application logs on the underlying cloud runtime infrastructure of the cloud platform. In one aspect, the application logs may be stored on a network storage on the cloud platform. In another aspect, the application logs may be stored on the cloud runtime infrastructure. The cloud platform provides a service that exposes an interface to remotely provide the stored application logs. The exposed interface is instantiated to process remote requests for application logs for a specified application component. The remote requests are sent from a client. The requested application logs are retrieved based on the implementation of the interface. The application logs are provided to the client. | 04-17-2014 |
| 20140109189 | MANAGING ACCESS TO CLASS OBJECTS IN A SYSTEM UTILIZING A ROLE-BASED ACCESS CONTROL FRAMEWORK - According to one aspect of the present disclosure a system and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The system includes a memory and a processor coupled to the memory, wherein the processor is configured to: determine, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; create a privilege shell for a user running the application; set the determined privilege on the privilege shell; associate an authorization to the privilege shell; and invoke the privilege shell to run the application by the user. | 04-17-2014 |
| 20140109190 | Policy-Based Control Layer in a Communication Fabric - Presented herein are techniques for adding a secure control layer to a distributed communication fabric that supports publish-subscribe (pub-sub) and direct query (synchronization) communication. The secure control layer is configured to perform policy-based authentication techniques to securely manage the exchange of data/information within the communication fabric and enable registration/discovery of new capabilities. | 04-17-2014 |
| 20140109191 | REMOTE TRUST ATTESTATION AND GEO-LOCATION OF OF SERVERS AND CLIENTS IN CLOUD COMPUTING ENVIRONMENTS - Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent. | 04-17-2014 |
| 20140109192 | METHOD TO SECURE AN APPLICATION EXECUTABLE IN A DISTANT SERVER ACCESSIBLE VIA A PUBLIC COMPUTER NETWORK, AND IMPROVED VIRTUAL SERVER - An object of the invention is to provide a cheap and efficient method to secure an application stored in a distant server accessible via a computer network. | 04-17-2014 |
| 20140109193 | MANAGING ACCESS TO CLASS OBJECTS IN A SYSTEM UTILIZING A ROLE-BASED ACCESS CONTROL FRAMEWORK - According to one aspect of the present disclosure, a method and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The method includes: determining, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; creating a privilege shell for a user running the application; setting the determined privilege on the privilege shell; associating an authorization to the privilege shell; and invoking the privilege shell to run the application by the user. | 04-17-2014 |
| 20140109194 | Authentication Delegation - A computer-readable medium encoded with software for execution. When executed, the software may be operable to send to a remote server, from an agent application, a request for a first access credential. The software may also be operable to receive from the remote server, the first access credential. The software may further be operable to determine, by the agent application monitoring a managed application, that the managed application requires a second access credential. The software may additionally be operable to, in response to the determination that the managed application requires the second access credential, sending to the managed application, from the agent application, the second access credential. | 04-17-2014 |
| 20140109195 | PROPAGATING SECURITY IDENTITY INFORMATION TO COMPONENTS OF A COMPOSITE APPLICATION - Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined The composite application may then continue to be executed for the entity. | 04-17-2014 |
| 20140109196 | PRESERVING AN AUTHENTICATION STATE BY MAINTAINING A VIRTUAL LOCAL AREA NETWORK (VLAN) ASSOCIATION - A method may include detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session threshold; and establishing, based on the notification, a session with the first server device by associating the first server device with a virtual local area network (VLAN), where the associating permits network traffic to be received from or sent to the first server device via the VLAN, and where the network node uses the session threshold received from the second server device, instead of a threshold associated with the VLAN, to determine a duration permitted for the session. | 04-17-2014 |
| 20140109197 | METHOD AND A SYSTEM TO GENERATE AND MANAGE NATIVE APPLICATIONS - The method comprises:
| 04-17-2014 |
| 20140109198 | Method And System For Restricting Access To User Resources - A user's set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS). The client sends a request to the WGPS to access a service provided by a site in the garden. The site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. If the code lacks permission, the shell stops execution. | 04-17-2014 |
| 20140109199 | DETECTING AND MODIFYING SECURITY SETTINGS FOR DEPLOYING WEB APPLICATIONS - Various implementations are described herein for detecting and modifying security settings on a computing device to run a web application using a web browser. A loader application detects security settings on the computing device, determines if the security settings will allow the web application to run and function correctly on the computing device, and if necessary, modifies the security settings to allow the web application to run and operate successfully. Further, described herein are techniques for facilitating communication between components corresponding to a web application running in a web browser and external resources. | 04-17-2014 |
| 20140115668 | Systems and Methods for Controlling Network Access - Disclosed are various embodiments for systems and methods for controlling access of networks. In one embodiment, an access control service receives requests to access network beacons from client devices. In response, the access control service determines whether the client devices satisfy authorization rules associated with the network beacons. If the access control service determines that the client devices satisfy the authorization rules associated with the network beacons, the access control service authorizes the client devices to access the network beacons. Subsequently, if the client devices cease to satisfy the authorization rules associated with the network beacons, the access control service terminates the authorization of the client devices to access the network beacons. | 04-24-2014 |
| 20140115669 | INTEGRATED USER CHALLENGE PRESENTATION FOR DDOS MITIGATION SERVICE - Systems and methods are disclosed for providing distributed denial-of-service (DDoS) mitigation service. The systems and methods may receive a request to access a web server from a user host, generate an integrated user challenge page including a user challenge test and a web page image of the web server, and transmits the integrated user challenge page to the user host. The systems and methods may further receive an answer to the user challenge test from the user host, determine whether the answer to the user challenge test is correct or not. When the answer to the user challenge test is correct, the systems and methods may establish a connection between the user host and the web server. | 04-24-2014 |
| 20140115670 | AUTHENTICATION METHOD OF FIELD CONTENTS BASED CHALLENGE AND ENUMERATED PATTERN OF FIELD POSITIONS BASED RESPONSE IN RANDOM PARTIAL DIGITIZED PATH RECOGNITION SYSTEM - An interactive method for authentication is based on a shared secret which is in the form of an enumerated pattern of fields on a frame of reference. An instance of the frame of reference comprises an array of characters in which the characters are arranged in a random or other irregular pattern on a grid of content fields. An authentication challenge includes characters from the character set, and is delivered in- or out-of-band. The authentication response includes the enumerated position numbers on the enumerated pattern of the field locations on the grid at which the challenge characters are found. | 04-24-2014 |
| 20140115671 | MAP BASED NEIGHBORHOOD SEARCH AND COMMUNITY CONTRIBUTION - A method, apparatus and system of map based neighborhood search and community contribution are disclosed. In one embodiment, a neighborhood communication system is described. This embodiment includes a privacy server to apply an address verification algorithm associated with each user of the online community to verify that each user lives at a residence associated with a claimable residential address of an online community formed through a social community module of the privacy server using a processor and a memory. The privacy server automatically determines a set of access privileges in the online community associated with each user of the online community by constraining access in the online community based on a neighborhood boundary determined using an algorithm of the privacy server. The privacy server may constrain the particular user to communicate through the online community only with a set of neighbors having verified addresses using the privacy server. | 04-24-2014 |
| 20140123228 | Event Reporting and Handling - Particular embodiments may receive and log information related to one or more events occurring on one or more client computing devices associated with a user. An event may comprise a restriction of a user action on a social-networking system, the restriction comprising the social-networking system blocking the user from performing the user action. An event may comprise a login issue associated with logging in to the social-networking system. An event may comprise a system or device error. System errors may comprise events originating from a third-party system. For each event, an indication of the event and at least one user-activatable reference may be provided for display to the user. A control action may then be determined for the event in response to a user selection of the user-activatable reference. An interface may provide third parties with a view of a user's events as well as functionality to effect control actions. | 05-01-2014 |
| 20140123229 | ANTENNA/ACTUATION KEY ASSEMBLY - An apparatus and method for employing a token based arbiter. The apparatus includes a priority provider ( | 05-01-2014 |
| 20140123230 | VIRTUAL RELAY DEVICE FOR PROVIDING A SECURE CONNECTION TO A REMOTE DEVICE - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
| 20140123231 | Extending authentication and authorization capabilities of an application without code changes - A generic approach to extending the authentication and authorization capabilities of a client-server application (e.g., a VPN) without any code changes. To this end, the application is augmented with an authentication mechanism comprising a pair of cooperating components: an authentication agent that is associated with (and hooks into) the client-side of the application, and an authentication server that is associated with the server-side. In operation, the authentication server issues commands to the authentication agent to acquire all required data from the user, device or host environment, and the authentication agent (hooked into the VPN client) scrapes requests originating from the authentication server and injects (e.g., by auto-fill) the appropriate responses into the VPN client UI for transmission back through the VPN server and to the authentication server. The commands and responses are communicated using a challenge-response protocol (e.g., RADIUS) implemented by the VPN client-server. | 05-01-2014 |
| 20140123232 | PROVIDING NETWORK ACCESS TO A DEVICE ASSOCIATED WITH A USER ACCOUNT - A system and method for registering a client device to obtain network access from a provider device. A server receives an authorization request for a user account to provide network access from provider devices associated with the user account to client devices associated with the user account. The server receives a unique identifier for each of the client devices, and provides the unique identifier for each of the client devices to each of the provider devices. The server provides an indication to at least one provider device to monitor for a request for network access from at least one client device, the request from the client device comprising the unique identifier of the client device. The provider device is configured to provide network access information to the client device in response to the request. | 05-01-2014 |
| 20140123233 | VERIFICATION OF NETWORK DEVICE POSITION - In one aspect of the invention, a method for verifying locations of devices is provided. The method is implemented in a system having at least a client device, a network device and a server (collectively the “endpoints”.) At least a first token, a device listing information and an authorization parameter are transmitted in the system via a browser or any web application, to enable endpoints to verify that the client device has logged in to the server and the client device and the network device are in a same network. In another embodiment, a method for verifying locations of devices implemented on a server is provided. In yet another embodiment, a method for verifying locations of devices implemented on a network device is provided. | 05-01-2014 |
| 20140123234 | USER TERMINAL, RELIABILITY MANAGEMENT SERVER, AND METHOD AND PROGRAM FOR PREVENTING UNAUTHORIZED REMOTE OPERATION - It is possible to effectively prevent an unauthorized remote operation of a terminal. A user terminal provides a user with higher precision information related to execution determination of a program to be executed, by detecting, from the program, a command for performing a remote operation with a remote operation terminal, temporarily stopping the execution of the program, and inquiring of a reliability management server about the reliability. | 05-01-2014 |
| 20140123235 | Allocating Memory Access Control Policies - Enabling access control caches for co-processors to be charged using a VMX-nonroot instruction. As a result a transition to VMX-root is not needed, saving the cycles involved in such a transition. | 05-01-2014 |
| 20140123236 | IMAGE FORMING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - An image forming apparatus that communicates with an external apparatus includes receiving local login information regarding a local login to the image forming apparatus, determining, if a request for a URL for authorization without web access authentication is received, whether an internal communication address is used, requesting, if it is determined that the internal communication address is used, authorization request for the external apparatus, and managing an authorization token acquired by requesting the authorization request and the local login information by associating the authorization token with the local login information. | 05-01-2014 |
| 20140123237 | SECURE CONTENT SHARING - Convenient sharing of information among authorized network users may be facilitated by allowing a user to send information originating from multiple applications in aggregate form to another user, e.g., using a secure messaging service. In scenarios where data access is restricted, a server may check the recipient's access privileges prior to forwarding the information to her. | 05-01-2014 |
| 20140123238 | ACCESSING PRIVILEGED OBJECTS IN A SERVER ENVIRONMENT - Accessing privileged objects in a server environment. A privileged object is associated with an application comprising at least one process resource and a corresponding semi-privileged instruction. The association is filed in an entity of an operating system kernel. A central processing unit (CPU) performs an authorization check if the semi-privileged instruction is issued and attempts to access the privileged object. The CPU executes the semi-privileged instruction and grants access to the privileged object if the operating system kernel has issued the semi-privileged instruction; or accesses the entity if a process resource of the application has issued the semi-privileged instruction to determine authorization of the process resource to access the privileged object. Upon positive authorization the CPU executes the semi-privileged instruction and grants access to the privileged object, and upon authorization failure denies execution of the semi-privileged instruction and performs a corresponding authorization check failure handling. | 05-01-2014 |
| 20140123239 | SYSTEM, SERVICE PROVIDING DEVICE, AND SERVICE PROVIDING METHOD - A service providing device includes a requesting unit for receiving, from the device operated by a user, a request for a process of using a service providing system having a different authentication base, and making a request to acquire authorization information for using the service providing system; a substitute authentication unit for acquiring authentication information of the service providing system from a second storage when the authorization information associated with the user is not stored in a first storage, and acquiring the authorization information from the service providing system by using the authentication information; and a providing unit for providing the authorization information stored in the first storage when the authorization information associated with the user is stored in the first storage, and providing the authorization information acquired from the service providing system when the authorization information associated with the user is not stored in the first storage. | 05-01-2014 |
| 20140123240 | SYSTEM AND SERVICE PROVIDING APPARATUS - A disclosed system having a first service providing system providing a service to an apparatus and a second service providing system having an authentication infrastructure different from that of the first service providing system includes a connection destination changing unit receiving a permission request, from an apparatus operated by a first user, of requesting that a second user uses the second service providing system, changes a connection destination of the apparatus to the second service providing system, and causes the second service providing system to perform a permission process; an authority information acquiring unit receiving permission information indicating that the permission request is admitted from the apparatus and acquires post-permission authority information by using the permission information; and an authority information providing unit providing the post-permission authority information associated with the second user based on a request for a process received from another apparatus operated by the second user. | 05-01-2014 |
| 20140123241 | METHOD AND SYSTEM FOR ENABLING AND DISABLING EXECUTION OF COMPUTER INSTRUCTIONS - In a computer implemented method or system, users are enabled to associate usage rights with at least a first entity and a second entity. The first entity and second entity are selected from different ones of the module, a processing circuitry and the one or more files. Execution of the module is only enabled when the associated usage rights allow both use of the first entity by the second entity and use of the second entity by the first entity, i.e. mutual usage rights for at least two entities exist. Execution of the module is disabled when the associated usage rights prevent at least one of use of the first entity by the second entity and use of the second entity by the first entity. | 05-01-2014 |
| 20140123242 | BUSINESS METHOD INCLUDING HANDSHAKE PROTOCOL TO CONTROL ACTORS AND FUNCTIONS TO PROPAGATE ACCEPTANCE OF AN IP LICENSE TO SECURELY AUTHENTICATE SOFTWARE APPLICATION PROGRAM INTERFACES (APIs) - A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes use of a function IPF1. The function e.g. IPF1 is provided through the IP licensing agreement. Other Actors who wish to use software that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1. | 05-01-2014 |
| 20140123243 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR AUTHENTICATING AND AUTHORIZING AN EXTERNAL ENTITY - In accordance with embodiments, there are provided mechanisms and methods for authenticating and authorizing an external entity. These mechanisms and methods for authenticating and authorizing an external entity can enable improved data security, more efficient data transfer, improved data access channels, etc. | 05-01-2014 |
| 20140123244 | AUTHENTICATING A DATA ACCESS REQUEST TO A DISPERSED STORAGE NETWORK - A method begins by a data accessing module of a dispersed storage network (DSN) sending a data access request to a data storage module. The method continues with the data storage module sending an authentication request to an authenticating module. The method continues with the authenticating module outputting a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request. The method continues with the data accessing module outputting a verification response that includes a modified verification code that is generated based on the verification code and a credential. The method continues with the authenticating module outputting an authentication response to the data storage module, wherein the authentication response is generated based on the verification response. The method continues with the data storage module facilitating the data access request when the authentication response is favorable. | 05-01-2014 |
| 20140123245 | Security Configuration - An example embodiment of the present invention provides an apparatus including at least one processor; and at least one memory including executable instructions, the at least one memory and the executable instructions being configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: retrieving, from a reputation server, reputation data of uniform resource locators (URL) of one or more web sites relating to one or more web site features that are available via the web site; and determining executable web site features on the basis of the retrieved reputation data. | 05-01-2014 |
| 20140123246 | MULTI-OCCUPANT STRUCTURE IN A GEO-SPATIAL ENVIRONMENT - A method, apparatus, and system of multi-occupant structure in a geo-spatial environment are disclosed. This embodiment includes a central module of a mapping server to determine, using a processor and a memory, that a marker is colliding with another marker simultaneously displayed in a map based on an overlap area of the marker with another marker, automatically create a group pointer that replaces the marker and another marker on the map, generate a view of the marker and the another marker when a user selects the group pointer, and generate a multiple-structure group pointer when the marker and the another marker are associated with adjacent structures which are not shared by occupants identified through the marker and another marker. | 05-01-2014 |
| 20140123247 | NEXTDOOR NEIGHBOR CONNECT - A method, apparatus and system of authenticating a particular user of a third-party application as being a verified user of a neighborhood communication system having a verified residential address in the neighborhood communication system are disclosed. In one embodiment a verification module of a privacy server authenticates a particular user of a third-party application as being a verified user of the neighborhood communication system having a verified residential address in the neighborhood communication system, communicates a social graph of the particular user based on the personal address privacy preference of the particular user to the third-party application, and provides the verified residential address to the third-party application based on the authentication of the particular user of the third-party application as being the verified user of the neighborhood communication system. | 05-01-2014 |
| 20140130134 | Managing and Providing Access to Applications in an Application-Store Module - According to one embodiment, a system includes an interface and a processor. The interface receives, from a device, a request to access an application-store module, the device being associated with a first user. The processor determines a device type associated with the device; determines an operating system associated with the device; determines a user role associated with the first user; and determines, based on the device type, the operating system, and the user role, one or more applications. The interface communicates, to the device, a first set of information to be displayed on the device, the first set of information being associated with the one or more applications. | 05-08-2014 |
| 20140130135 | INTEGRATED COLLABORATION ENVIRONMENT - Described herein is a technology for facilitating the integration of a collaboration environment. In some implementations, an activity associated with a business object is accessed via a work center. A request to post the activity is sent to a collaboration application. The collaboration application then returns an activity identifier, and the user is redirected to the activity identifier. | 05-08-2014 |
| 20140130136 | ABILITY FOR AN ADMINISTRATOR TO IMPERSONATE A USER WHEN ACCESSING A USER APPLICATION - A method for an administrator to impersonate a user is provided. A portal manager of a server detects an action initiated in the administrator portal pertaining to a user portal during a current session. The portal manager calculate a current user-to-impersonate identifier using a user identifier associated with the user portal, an administrator identifier associated with the administrator portal, and a session identifier associated with the current session. The portal manager compares the current user-to-impersonate identifier with a stored user-to-impersonate identifier. The portal manager permits the action initiated in the administrator portal to be executed in the user portal when the current user-to-impersonate identifier matches the stored user-to-impersonate identifier. | 05-08-2014 |
| 20140130137 | METHOD OF DEVICE-TO-DEVICE DISCOVERY AND APPARATUS THEREOF - Disclosed are a method of device-to-device discovery and an apparatus for the same. A method of device-to-device discovery performed in a discovery terminal may include receiving a discovery identifier of the discovery terminal from a device-to-device server; performing an authorization procedure on performing the restricted discovery of an application located in the discovery terminal with the device-to-device server; and obtaining terminal information of a discoverable terminal as a counterpart terminal with which performs the restricted discovery from the device-to-device server, when the authorization is completed. Thus, the device-to-device discovery may be performed efficiently. | 05-08-2014 |
| 20140130138 | METHOD AND SYSTEM FOR IMPLEMENTING THIRD-PARTY AUTHENTICATION BASED ON GRAY LIST - The present invention relates to a communication method, comprising: receiving a service request from a requesting party; performing a third-party authentication on the service request according to a gray list and obtaining an authentication result; and processing the service request according to the authentication result. The present invention relates to a communication system, comprising: means for receiving a service request from a requesting party; means for performing a third-party authentication on the service request according to a gray list and obtaining an authentication result; and means for processing the service request according to the authentication result. The present invention implements a third-party control of services based on the gray list, and can effectively manage a variety of services in the communication system. | 05-08-2014 |
| 20140130139 | Wireless Local Area Network Access Apparatus and Operating Method Thereof - The present invention pertains to a wireless local area network (WLAN) access apparatus and a WLAN access method, and more particularly, to a WLAN access apparatus for determining approval/denial of an access to a mobile communication terminal when access to a WLAN is requested through the WLAN access apparatus and an operating method thereof. Embodiments of the present invention include: a WLAN access apparatus, which has a unique identification (ID), for connecting a wireless network with a mobile communication terminal according to a wireless data exchange protocol; a social network service (SNS) server for providing an SNS; and an authentication server for determining a WLAN access approval according to whether a user of the mobile communication terminal successfully logs into the SNS server when the mobile communication terminal requests for access to a WLAN through the WLAN access apparatus. | 05-08-2014 |
| 20140130140 | SECURITY IN A GEO-SPATIAL ENVIRONMENT - A method, apparatus, and system of security in a geo-spatial environment are disclosed. In one embodiment a privacy server verifies that each user of the community network lives at a residence associated with a claimable residential address of the community network formed through a social community module of a privacy server using a processor and a memory, to obtain from each user of the community network, using the processor of a computing device, member data associated with each user, the member data including an address, to associate the address with a profile of each user, to determine a location of each user based on the member data, to store the member data in a database, and to obtain a personal address privacy preference from each user, the personal address privacy preference specifying if the address should be displayed to other users. | 05-08-2014 |
| 20140130141 | SYSTEM AND METHOD FOR KEY CHALLENGE VALIDATION - A system and method for providing key challenge validation is provided. In example embodiments, an initiation of a transaction is detected and a challenge comprising a string of characters is generated based on the detection. The string of characters includes transaction specific information indicating a detail of the transaction. The challenge is presented whereby the string of characters includes a challenge key. A response to the challenge is received that includes the challenge key. In various example embodiments, the transaction is validated based on an identification of the key challenge of the string of characters. | 05-08-2014 |
| 20140137202 | INFORMATION SHARING METHOD AND SYSTEM USING THE SAME - An information sharing method and a system using the same are provided. The information sharing method includes establishing a wireless connection between a first device and a second device. The method also includes determining whether a first surface of the first device is in proximity to a second surface of the second device according to an audio-based authorization mechanism, and the audio-based authorization mechanism is activated through an authorization audio message in which an identification message is embedded. If it is determined that the first surface is in proximity to the second surface, the method further includes sharing information by the first device with the second device through the wireless connection. | 05-15-2014 |
| 20140137203 | AUTOMATICALLY GENERATING CHALLENGE QUESTIONS INFERRED FROM USER HISTORY DATA FOR USER AUTHENTICATION - User authentication is provided. At least one of a social network and a business network of each user in a plurality of users is accessed. User history data of each user in the plurality of users is monitored in the at least one of the social network and the business network. Challenge questions requiring a user response are generated based on monitoring the user history data of the users. The user response to a generated challenge question is evaluated. A set of events is triggered based on evaluating the user response. | 05-15-2014 |
| 20140137204 | SYSTEMS AND METHODS FOR PROVIDING MULTIMEDIA CONTENT WITHIN AN APPLICATION AND A SECURITY SOLUTION INTEGRATED THEREIN - A system is provided for downloading, for distribution and for acoustic reproduction of a music album, which includes at least one or several digital music files and/or multimedia content in the form of one or several multimedia files assignable to the music file, wherein the music file and/or multimedia file are provideable as data sets for downloading, wherein the music file and/or multimedia file are as data sets pre-holdable grouped after downloading as a music album in a data memory of an end-user-device, wherein the music file and/or multimedia file is treatable by a treatment means, particularly in dependency to an authorization, and wherein the treated music file and/or multimedia file is transferable to an output device of the end-user-device, especially a speaker device with or without a display device, in such a way, that the music file and/or multimedia file is at least acoustically emittable to one user. | 05-15-2014 |
| 20140137205 | System and Method for Automatic Provisioning of Managed Devices - A method and system for automatic provisioning of communication devices is described herein. The method can include the steps of receiving a pre-authorization request from a communication device and receiving an authorization request based on the pre-authorization request in which the authorization request may be in a first form. The method can also include the steps of converting the authorization request into a second form that may be recognizable by a directory service and obtaining an authorization approval from the directory service. The authorization approval may include a functional indicator that corresponds to a function associated with the operation of the communication device. Based on the authorization approval, the communication device may be established as a managed communication device. In addition, a bundle may be delivered to the managed communication device based on the functional indicator. | 05-15-2014 |
| 20140137206 | PASSWORD-FREE, TOKEN-BASED WIRELESS ACCESS - A method, system, and/or computer program product establish a password-free, token-based wireless network access for a mobile device that is within a wireless communication range of a wireless access point. A wireless connection is established between the mobile device and the wireless access point, where the wireless connection utilizes an extended existing protocol, and where the extension of the existing protocol is based on data stored as content in a data field in a token stored in a memory of the mobile device. The mobile device transmits a portion of the token as part of an initialization message to a verification server that is connected to the wireless access point. The mobile device receives a confirmation message for establishing the wireless connection based on a verification application running on the verification server. | 05-15-2014 |
| 20140137207 | OUT-OF-BAND TOKENS FOR RIGHTS ACCESS - Access to content may be administered by storing content, the content comprising one or more selections, accessing a passive optical out-of-band token associated with the content, determining an access right for the content based on the passive optical out-of-band token, and enabling access to the content in accordance with the access right. | 05-15-2014 |
| 20140137208 | MOBILE COMPUTING DEVICE-BASED SECURE BRIEFING SYSTEM - Systems, methods and computer program products that: convert hard-copy, text-based report delivery mechanism into digital delivery application with modern user interface functionality; provide a secure, reliable back-end infrastructure for report assembly and dissemination within a classified network; and integrate interactive multi-media content and technologies, including real-time interactive content and communication, are disclosed. In an aspect, secure briefs customized for multiple individuals within an entity are created. Such secure briefs replace traditional physical briefing books and are accessible via a secure mobile computing device, such as a tablet computer. | 05-15-2014 |
| 20140137209 | MODULE FOR MANAGING A TRANSACTION BETWEEN A TERMINAL AND AN ELECTRONIC DEVICE - A transaction module can be incorporated in a terminal for authorizing a transaction between a first application resident in the terminal and a second application resident in an electronic device. The module may include code-obtaining means for obtaining a code; an interface with a communications means of the terminal enabling a validation request including the code to be sent to a secure server; means for generating an audio signal from the code; an interface with a module of the terminal suitable for sending the audio signal to a loudspeaker of the terminal in order to play it back; and means for authorizing the transaction on receiving a validation message from the secure server. The validation message may be representative of the secure server receiving the code from the electronic device. | 05-15-2014 |
| 20140137210 | METHOD OF PROCESSING A DATA PACKET ON TRANSMISSION, A METHOD OF PROCESSING A DATA PACKET ON RECEPTION, AND ASSOCIATED DEVICES AND NODES - A method is provided for processing a data packet on reception, where the data packet is transmitted by a first node to a second node over a link of a wireless electronic communications network. The packet includes a header and payload data. The method includes a step of receiving the data packet in two stages, a first stage of receiving the header and a second stage of receiving the payload data. The first stage includes the following steps performed by the second node on receiving a header of the data packet: detecting in the received preamble an authentication preamble for authenticating the link; using the data packet authentication preamble to authenticate the link; and in the event of the authentication having a positive result, deciding to trigger the second stage of receiving the payload data from the data packet. | 05-15-2014 |
| 20140137211 | APPARATUS-SPECIFIC INFORMATION GENERATION DEVICE, APPARATUS-SPECIFIC INFORMATION GENERATION METHOD, TERMINAL APPARATUS, AND AUTHENTICATION SYSTEM - The present invention has: a dynamic random access memory (DRAM); a refresh controller that receives information related to a range of the number of lost bits that are lost by stopping refresh processing of the DRAM, and controls a time to stop the refresh processing to achieve the range of the number of lost bits; and a physical information mapping unit that generates device specific information based on position information of the lost bits generated by stopping the refresh processing. It is preferable that the refresh controller corrects the time to stop the refresh processing based on the number of current lost bits to achieve the range of the number of lost bits set. | 05-15-2014 |
| 20140137212 | SYSTEM AND METHOD FOR USING RESOURCES OF A COMPUTER SYSTEM IN CONJUNCTION WITH A THIN MEDIA CLIENT - A computer system including a processor and a memory for retrieving digital media content, storing the digital media content in the memory, and providing the digital media content to a thin media client is provided. | 05-15-2014 |
| 20140137213 | ACCESS CONTROL OF REMOTE COMMUNICATION INTERFACES BASED ON SYSTEM-SPECIFIC KEYS - A computer implemented method, computer program product, and computer system is provided for receiving a service request to obtain service from a second application, the service request including a client context and a signed ticket obtained by the first application from a system computer, validating the received signed ticket based on the key associated with the system, determining that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of one or more attributes of the received client context to an access control list associated with the second application, and sending a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application. | 05-15-2014 |
| 20140137214 | PROVIDING SECURITY IN A CLOUD STORAGE ENVIRONMENT - A method of providing security as a service in a cloud storage environment includes storing, through a cloud manager of the cloud storage environment, a security level of access of a storage controller associated with a customer of the security as a service, and receiving a request from the customer to access security information of the storage controller associated therewith. The method also includes providing, through the cloud manager, security information of the storage controller associated with the customer in accordance with the request and the stored security level of access of the storage controller associated with the customer. | 05-15-2014 |
| 20140143835 | Web-Based Digital Publishing Platform - A method for providing a digital publication system includes on a first electronic computing device receiving a first document from a second electronic computing device. The first document is in a first format and comprises a plurality of pages. The first document is converted from the first format to a second format. The conversion generates a separate document in the second format for each page of the first document. Each separate document in the second format is stored in separate identifiable areas of memory of the first electronic computing device. A first request is received from the second electronic computing device to edit a first section of a page of the first document. One separate document in the second format is identified corresponding to the page in the first format to be edited. An action type is added to the first section of the identified separate document. | 05-22-2014 |
| 20140143836 | Extended OAuth Architecture - Method, device, and storage medium to receive a request to authorize a release of protected resource data, wherein the request includes one or more indicators that indicate one or more instances of the protected resource data being requested; identify a sensitivity level for each indicator of the protected resource data; determine whether the one or more indicators of the protected resource data require consent from a resource owner of the protected resource data; transmit a request, to a user device associated with the resource owner, for consent from the resource owner in response to a determination that at least one of the one or more indicators require consent from the resource owner; generate an authorization code in response to receiving consent from the resource owner; and transmit, to the sending device of the request, the authorization code. | 05-22-2014 |
| 20140143837 | Extended OAuth Architecture Supporting Multiple Types of Consent Based on Multiple Scopes and Contextual Information - Method, device, and storage medium to receive a request to authorize a release of protected resource data, wherein the request includes a device identifier that identifies a requesting device of the request and one or more indicators that indicate one or more instances of the protected resource data being requested; identify a sensitivity level for each indicator of the protected resource data; identify, based on the device identifier, contextual information that indicates a preferred type of consent of the requesting device in response to a determination that at least one of the one or more indicators require consent from a resource owner of the protected resource data; select a type of consent based on the contextual information and the one or more sensitivity levels; and transmit a request, to a user device associated with the resource owner, for consent from the resource owner according to the type of consent. | 05-22-2014 |
| 20140143838 | Personal Data Management System With Global Data Store - A data vault system allows for centralized storage of personal data about a consumer in a transparent multi-tiered structure including a global data store and multiple vendor or category cards. Data in the category cards describing a subset of the globally stored data to be shared with individual vendors and provide fine resolution sharing control. The data in each structure is synchronized so that vendor or category cards may be auto populated. | 05-22-2014 |
| 20140143839 | ON BOARD VEHICLE REMOTE CONTROL MODULE - The present disclosure describes a microprocessor executable diagnostic module operable to receive, from a vehicle component, a signal regarding a warning and/or error and select a destination for the signal from a plurality of destinations, the plurality of destinations comprising one or more of a vehicle input/output system to present the warning and/or error to a vehicle occupant, an emergency service provider, an emergency responder, a manufacturer of the vehicle, a service facility located in proximity to a current vehicle location, and a remotely located diagnostic service to diagnose a cause of the warning and/or error signal. | 05-22-2014 |
| 20140143840 | APPARATUS AND METHOD FOR MANAGING ACCESS TO DEVICES OF A VISION SYSTEM - The authority of a user seeking access to a vision system is authenticated by a directory server connected to a plurality of cameras. The directory server stores a device directory. When the user requests access to a given camera, a location of an identifier of the given camera in the device directory is determined. From data related to that location, a decision is made whether the user is associated with the given camera. If the user is associated with the given camera, a user access level linked with the user and the given camera is retrieved from the directory server. The user access level identifies a set of privileges corresponding to functions that the user is permitted to perform on the given camera. The user is then permitted to exercise that set of privileges on the given camera. | 05-22-2014 |
| 20140143841 | WIRELESS DEVICE FOR GROUP ACCESS AND MANAGEMENT - A system and method for establishing a group of wireless devices having shared media stored thereupon associates each group member device of the group of wireless devices, communicates with at least some of the group member devices of the group of wireless devices to identify shared media and upon receiving a request transmitted by a group member device of the group of wireless devices, supports access to shared media. The shared media may be stored on a different group member device, upon a managing server computer, or a media server. Upon a successful validation, the group member device that made the request is notified to facilitate the access to the shared media. The notification includes access information. | 05-22-2014 |
| 20140143842 | System and Method for Component Authentication of a Secure Client Hosted Virtualization in an Information Handling System - A client hosted virtualization system (CHVS) includes a processor to execute code, a security processor, a component that includes a certificate, and a non-volatile memory. The non-volatile memory includes BIOS code for the CHVS and virtualization manager code to initialize the CHVS, launch a virtual machine on the CHVS, and authenticate the component with the security processor by determining that the certificate is valid. The CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code. | 05-22-2014 |
| 20140150065 | Methods and Processes for Storing and Utilizing State Information for Service Providers - Methods, computer-readable media, and apparatuses are disclosed for storing and utilizing state information for service providers. In one aspect of the invention, the methods, processes, or apparatus may include one or more of the following steps: 1) storing state information on a vault; 2) requesting state information on the vault from a receiving party and a device and providing identification to the vault; 3) authenticating and certifying the request from the receiving party; 4) providing the state information to the receiving party; 5) using the state information on the device; and 6) returning the state information to the vault. An additional aspect of the invention provides a method and/or process for storing and utilizing web-based cookies on a cloud environment for service providers. | 05-29-2014 |
| 20140150066 | CLIENT BASED RESOURCE ISOLATION WITH DOMAINS - A method may comprise determining, in an operating system instance, that an access control is being attempted to control an object by a user from a first client of a plurality of clients. Domain and client identifiers associated with the user may be determined. Any domain identifiers from a set and any client identifiers from a set may be accessed that may be associated with the object, where the domain identifiers may uniquely identify one or more domains and the client identifiers may uniquely identify one or more clients. One or more domain and client isolation rules may be evaluated to determine whether access control is permitted on the object based on whether a domain identifier is associated with both the object and the user and whether a client identifier is associated with both the object and the client. A permit or deny indication may be returned based on whether or not access control is permitted on the object. | 05-29-2014 |
| 20140150067 | SYSTEM AND METHOD FOR NETWORK CONTROLLED P2P DEVICE DISCOVERY - Embodiments of the present invention provide a system and method that provides a user within a P2P network the ability to discover other devices in their vicinity, but under control of the network operator. | 05-29-2014 |
| 20140150068 | MANAGING SOCIAL NETWORK ACCESSIBILITY BASED ON AGE - When a user having an age less than a threshold age (a child user) attempts to access an online service or perform actions using the online service, the online service obtains parental authorization from an additional user having a parental relationship to the user. The child user may identify the user having the parental relationship and the online service verifies the validity of the identified user's account, the age of the identified user, and/or a connection between the identified user and the child user having a parental relationship type. The online service may make these verifications based in part social and transactional information associated with the identified user's account. Upon successful verification, the online service allows the identified user to authorize account creation for the child user, and/or manage the account and actions of the child user. | 05-29-2014 |
| 20140150069 | METHOD FOR DISTINGUISHING AND BLOCKING OFF NETWORK NODE - The invention provides a method for distinguishing and blocking off a network node. The method includes a packet receiving step and a packet distinguishing processing step. The packet receiving step is provided for receiving an ARP packet from a network node within a network segment. The packet distinguishing processing step is provided for distinguishing whether the network node is authorized or not by having an internet protocol address and a media access control address of the ARP packet to be compared with a permission list, and then for permitting the network node to connect with the network segment or for blocking off the network node. Thereby the network system can be protected and the safety of the network in use increases. | 05-29-2014 |
| 20140150070 | MOBILE DEVICE IDENTIFY FACTOR FOR ACCESS CONTROL POLICIES - A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway. | 05-29-2014 |
| 20140157368 | SOFTWARE AUTHENTICATION - According to an embodiment, a computing system includes a server configured to provide an authentication indicator to least one software application for enabling the software application to provide at least one computing feature. The authentication indicator is generated based on at least two identifiers that are distinct from a hardware identifier of a device on which a software application is running | 06-05-2014 |
| 20140157369 | METHOD, APPARATUS AND COMPUTER PROGRAM FOR CONTROLLING ACCESS TO CONTENT IN A COMMUNICATIONS NETWORK - A method, apparatus and computer program are provided for controlling access to content in a network | 06-05-2014 |
| 20140157370 | Transparent Control of Access Invoking Real-time Analysis of the Query History - The invention relates to a method for granting an inquirer querying a repository access to the repository, a communication protocol between a client and a server, and a system for controlling access of at least one inquirer to a repository. The repository typically stores event data relating to traceable products. The aspects according to teaching disclosed herein may be for example implemented as security extensions for existing repositories providing a finer granularity of access rights and means to prevent an exposure of data sets considered sensitive. The security extensions disclosed herein may be implemented to protect access to any kind of client/server application wherein the server is exposing sensitive data. | 06-05-2014 |
| 20140157371 | Authenticated Access to Accredited Testing Services - A service control system controls access to secured online testing services, such as accredited or standardized tests, examinations in educational courses, tutoring services, and continuing professional development courses or seminars. The secured services may be published by an educational publishing platform and made available to users through online configured browser applications executing on the users' devices. Based on access conditions associated with a secured testing service and the capturing and processing of one or more images, the service control system determines how users are authorized to access the services. When users have been authorized to access a service or a subset of the service, the service may be distributed through the browser applications executing on the users' devices. | 06-05-2014 |
| 20140157372 | IMAGE FORMING APPARATUS, WIRELESS COMMUNICATION SYSTEM, CONTROL METHOD, AND COMPUTER-READABLE MEDIUM - The invention is concerning to an image forming apparatus connected to a mobile terminal via a wireless network includes: an authentication unit configured to perform authentication of the mobile terminal using user authentication information and identification information of the mobile terminal that are registered in advance to the image forming apparatus; a requesting unit configured to request to acquire information stored in the mobile terminal; and an acquiring unit configured to acquire the information from the mobile terminal in response to the request by the requesting unit. | 06-05-2014 |
| 20140157373 | AUTHENTICATION APPARATUS AND METHOD THEREOF, AND COMPUTER PROGRAM - According to one embodiment, there is provided an authentication apparatus, including: a communication unit, a verifier and a connection configuration checker. The communication unit receives a message related to network access authentication on a first communication apparatus, the message including an address of the first communication apparatus and more than zero address of an authentication relay. The verifier verifies an authenticity of the first communication apparatus in response to receipt of the message by the communication unit. The connection configuration checker identifies a first destination to which the first communication apparatus intends to connect, on the basis of the address of the first communication apparatus or the address of the authentication relay included in the message when verification succeeds, and determines whether to authorize connection by the first communication apparatus to the first destination or not. | 06-05-2014 |
| 20140157374 | COMMUNICATION TERMINAL, COMMUNICATION METHOD, PROGRAM, AND COMMUNICATION SYSTEM - There is provided a communication terminal including a transmission controller configured to allow transmission of, to a verification target device, authentication information for authenticating the verification target device based on first information acquired from an information processing device, and a verification unit configured to verify validity of the verification target device based on a response to the authentication information and second information acquired from the information processing device, the second information being associated with the first information. | 06-05-2014 |
| 20140157375 | APPLICANT SCREENING - A method comprising receiving by a screening service, an applicant profile that identifies an applicant and an authorization to provide access to screening results generated by the screening service based on the applicant profile to a screener, associating, using a computer, an identifier with the screening results, and communicating the identifier to the screener. | 06-05-2014 |
| 20140165147 | Session Certificates - A client device requests permission from a network access device to access a network associated with the network access device. The client device sends credentials of a user associated with the client device for authenticating with the network access device. The client device receives from the network access device permission to access the network along with a session certificate and an associated key. The session certificate and the key are associated with the credentials of the user. The client device establishes a network session using the network based on receiving the permission. During the network session, the client device establishes a secure communications channel with a website. The client device authenticates the user to the website by sending the session certificate to the website over the secure communications channel. The client device then receives permission from the website to access contents of the website. | 06-12-2014 |
| 20140165148 | Systems and Methods for Controlling Email Access - Embodiments of the disclosure relate to identifying email resources associated with client devices, identifying resource rules, determining whether the email resources satisfy the resource rules, and modifying the email resources based on the resource rules if the resource rules are not satisfied by the email resources. | 06-12-2014 |
| 20140165149 | BLOCKING NETWORK ACCESS FOR UNAUTHORIZED USER DEVICES - A first server, associated with a first network, may: receive a first query from a network device associated with a second network; determine an identifier associated with the user device; provide, to a second server, a second query including the identifier; receive, from the second server, a response to the second query, the response identifying whether the identifier of the user device is being stored by the second server; and provide to the network device, a response to the first query, the response to first query identifying whether the user device is authorized to access the second network based on determining that the user device is not authorized to access the second network when the identifier is being stored by the second server or based on determining that the user device is authorized to access the second network when the identifier is not being stored by the second server. | 06-12-2014 |
| 20140165150 | CONFIGURING AND MONITORING A SINGLE SIGN-ON SYSTEM - The disclosure generally describes computer-implemented methods, software, and systems for cloud-based single sign-on (SSO) capabilities. A computer-implemented method includes operations for identifying a first system for single sign-on capabilities, identifying a second system disparate from the first system for providing a single sign-on capability with the first system through a cloud-based SSO configuration manager, automatically accessing metadata associated with the sign-on information of the second system, the set of metadata identifying sign-on-related information for sharing at least one credential/certificate for logging in to the second system, using the metadata to obtain an authorization for a single sign-on between the first and second systems, receiving a request from the first system for authorization at the second system, and, in response to the request, providing the authorization and creating a cloud-based SSO system that includes the first and second systems. | 06-12-2014 |
| 20140165151 | Non-Native Device Authentication - Concepts and technologies are described herein that involve non-native device authentication. According to one aspect disclosed herein, a method can include receiving an authentication credential at a computing device from an authorizer. The computing device can be non-native to the authorizer and native to an authorizee that the authorizer is attempting to provide authorization for access to content associated with the authorizer. The method can also include generating an authentication request directed to an authentication system. The authentication request can include the authentication credential. The method can also include sending the authentication request to the authentication system. In response to the authentication request, the computing system can receive an indication that the authorizer is authenticated to authorize the authorizee for access to the content associated with the authorizer. The method can also include accessing, by the computing device, the content associated with the authorizer. | 06-12-2014 |
| 20140165152 | WHITEBOARD RECORDS ACCESSIBILITY - Technologies are generally described for providing whiteboard records accessibility to users interacting with a whiteboard. A whiteboard may enable two or more users to interact with the whiteboard concurrently. The whiteboard may identify the users interacting with the whiteboard and may identify permission settings associated with the users. Based on the identification of the users and detected permission settings, the whiteboard may activate a whiteboard records accessibility mode to provide access to whiteboard records. In a public mode, any user may interact with the whiteboard, and the whiteboard may provide access to a public records data store. In a private mode, the whiteboard may provide access to a separate private records data store associated with an authenticated user interacting with the whiteboard. When two users interact with the whiteboard concurrently, the whiteboard may separate the whiteboard records such that each user can access records corresponding to the detected permission settings. | 06-12-2014 |
| 20140165153 | Systems and Methods for Controlling Email Access - Embodiments of the disclosure relate to proxying at least one email resource in transit to at least one client device from at least one email service, removing at least one URL from the email resources, and adding at least one modified URL to the email resources. | 06-12-2014 |
| 20140165154 | USING DATA ANALYTICS AND CROWDSOURCING TO DETERMINE ROLES FOR A COMPUTER SYSTEM - In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role. | 06-12-2014 |
| 20140165155 | Management of network devices utilizing an authorization token - Aspects of the invention may relate to an apparatus, system, and method for the management of network devices utilizing an authorization token. In one embodiment, an authorization token received from a service provider may be verified using an authorization credential to determine if the service provider is authorized to perform requested operations with the network device. Further, operation privileges may be enforced that are contained in the authorization token. | 06-12-2014 |
| 20140165156 | USING A SESSION CONTINUITY TOKEN TO ACCESS AN ONLINE CONTENT MANAGEMENT SYSTEM - The disclosed embodiments relate to a session continuity feature that allows a user to access an online content management system through different instances of a third-party application located on different computing devices without having to log in to the online content management system separately from each computing device. When the user signs on to the online content management system, the session continuity mechanism provides a session continuity token to the third-party system. When the user subsequently accesses an instance of the third-party application located on another computing device, the third-party system provides the session continuity token to the new instance of the third-party application. This enables the user to access the online content management system through the new instance of the third-party application without having to sign on again. | 06-12-2014 |
| 20140165157 | Service Utilization Control Manager - An apparatus is described for managing mobile network services. The apparatus includes a service authorization and utilization control function (SAUCF) element configured to authorize a mobile network service request by acting as a service manager configured to centrally coordinate service authorizations for multiple network services associated with an individual subscriber account by evaluating a service policy defining user access spanning the multiple network services. The service policy includes (a) communication authorization controls affecting permission for a user associated with the subscriber account to access a mobile network service in accordance with one or more criteria applicable to a bundled service category; and (b) charging controls for determining whether a subscriber account includes sufficient credits to use the mobile network service. A real time utilization interface is configured to transmit messages between the SAUCF element and a subscriber service utilization account. | 06-12-2014 |
| 20140165158 | System and Method for Enterprise Security Through P2P Connection - A method is provided for permitting access to enterprise resources mediated between a first peer device and a second peer device. A shared detection application is installed on both devices. When a second peer device requests access to enterprise resources, the first peer device detects if the devices are within a certain preset distance of each other. The second peer device is permitted to access the enterprise resources while the devices remain within the preset distance of each other. Access is shut-down after a pre-determined time if the first device and the second device are no longer within the preset distance of each other. | 06-12-2014 |
| 20140165159 | METHOD FOR A MOTOR VEHICLE - A method for a motor vehicle in which a communication connection between the vehicle and a server outside the vehicle is provided. In addition, user authentication information for a user of the vehicle is transmitted to the server, and an application is executed on the server as a function of the user authentication information. Output information that is generated by the server is transmitted to the vehicle from the application. | 06-12-2014 |
| 20140165160 | METHOD AND APPARATUS FOR CONTROLLING ACCESS BETWEEN HOME DEVICE AND EXTERNAL SERVER IN HOME NETWORK SYSTEM - A method for controlling access between home devices and servers in a home network system is provided. The method includes determining whether first access of the home devices to each of the servers and second access of the servers to each of the home devices is restricted, and controlling the first access and second access based on respective access rights established according to the determination. | 06-12-2014 |
| 20140165161 | Enterprise-specific Functionality Watermarking and Management - A method, system and non-transitory computer-readable medium product are provided for enterprise-specific functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device associated with an enterprise and identifying at least one watermark template associated with an enterprise. The method further includes applying the at least one watermark template associated with the enterprise to at least one function of the user device associated with the enterprise and authorizing the request to perform the at least one function of the user device associated with the enterprise. | 06-12-2014 |
| 20140165162 | MANAGING ACCESS TO A NETWORK - In a method of managing access to a network, a MAC based authentication operation is implemented in determining whether to grant a user device access to the network. In addition, a user is enabled to self-register a user device into a database of authorized users in response to the user being denied access through the MAC based authentication operation and being listed as a valid user in a directory of active network users. Moreover, the directory of active network users is monitored for modification of information pertaining to the users listed in the directory of active network users and the database of authorized users is modified in response to a determination that user information pertaining to at least one user listed in the directory of active network users that affects the database of authorized users has been modified. | 06-12-2014 |
| 20140173692 | Bring your own device system using a mobile accessory device - A BYOD solution using a combination device is described. This combination device is comprised of an employee owned smart mobile device ( | 06-19-2014 |
| 20140173693 | Cookie Optimization - Disclosed herein is a system and method for optimizing a cookie or token in a web service or other claims based domain system. A user presents an identity token to the domain system which verifies the identity claim as authentic and then determines what accounts the user has access to on the domain. The user is issued an intermediate token by the system which includes the locations of the accounts the user has access to. The user then selects the account they wish to interact with and receives an account token back to the user for the specific account, including any of the privileges the user has on the account. The account token also includes information that the user has multiple accounts on the domain. The user is able to switch accounts on the domain system without having to revalidate their credentials to the domain system. | 06-19-2014 |
| 20140173694 | MULTI-TENANCY GOVERNANCE IN A CLOUD COMPUTING ENVIRONMENT - A cloud computing system includes a plurality of tenants that are permitted to access cloud hosted applications. The system includes an input governance layer associated with each application, and an output governance layer associated with each application. The input governance layer and the output governance layer include an encapsulation of a cloud hosted application. The governance layers receive a request from a tenant-user to access a first application on the cloud computing system, check a governance database to determine if the tenant-user is authorized to access the first application, and allows or denies access accordingly. | 06-19-2014 |
| 20140173695 | TOKEN BASED ACCOUNT ACCESS - A user account may be accessed by a mobile device by transmitting a login token from the mobile device to a server, which can authenticate the login token and grant the mobile device access to the user account. The login token can be generated by accessing the user account on a separate user device, such as a personal computer, and requesting a login token. The request may be sent to a server and a login token can be generated and sent by the server to the separate user device. The login token may then be transmitted to the mobile device and account access on the mobile device can be granted based on the login token. | 06-19-2014 |
| 20140173696 | WEB CONFERENCE OVERSTAY PROTECTION - Embodiments of the present invention disclose a method, computer program product, and system for managing participants of a web conference that follows a first web conference. A computer determines that a second web conference will use a web conference channel continuously following the completion of a first web conference using the web conference channel. The computer determines that a participant of the first web conference that is connected to the web conference channel at the start of the second web conference is not authorized to attend the second web conference and the computer disconnects from the web conference channel the participant that is not authorized to attend the second web conference. | 06-19-2014 |
| 20140173697 | Identity Attribute Exchange and Validation Ecosystem - Methods and systems are described herein for performing attribute authentication for use by a relying party in providing access to a resource as requested by a user. Attribute authentication may be performed entirely by a single identity service provider, or by multiple identity service providers each authenticating a subset of a plurality of user attributes, such as name, address, phone, email, and the like. Each attribute may be authenticated with a level of assurance. Levels of assurance may vary from attribute to attribute. Different levels of assurance may be required for different attributes before the relying party may grant access to the user-desired resource. An authentication broker may act as a registry or broker of identity service providers, and may store information usable by relying parties to establish a trust relationship with a particular identity service provider on demand, as needed by a relying party. | 06-19-2014 |
| 20140173698 | Software publisher and device authentication using customizable multimedia - A process for authentication that gives users a warning against malicious web applications is disclosed. The disclosed process gives the user an audiovisual when viewing the correct web application. The audiovisual is known as a “totem” in this document. The totem can be an image that is shown to the user, audio that is played to the user, or a video or animation (with or without audio) that is played to the user. The user selects their totem as part of the disclosed process. The totem is stored locally using web storage in the user's browser. The totem can only be accessed by the correct web application, and thus cannot be presented to the user by a malicious web application seeking to impersonate the correct web application. The disclosed process thus gives the user, even one not “computer savvy”, a strong warning indication about a malicious web applications. | 06-19-2014 |
| 20140173699 | ASSIGNING PERMISSIONS BASED ON ORGANIZATIONAL STRUCTURE - Permission to access an organization's resources may be automatically assigned based on one or more structures within that organization. In one example, structural maps of an organization are received, where the structural maps indicate the reporting hierarchy of the organization, geographic subdivisions, substantive subdivisions, etc. Templates are received describing how permissions are to be assigned to particular substructures within the organization. The templates are then fitted to the organization, and permissions to access particular resources are assigned to members of the organization based on the templates. An administrator may modify the assigned permissions. Work requests may be routed to people based on which people have permission to access the resources involved in the work request. | 06-19-2014 |
| 20140173700 | SYSTEM AND METHOD FOR APPLICATION USAGE CONTROLS THROUGH POLICY ENFORCEMENT - A method includes a particular user application, without operating system kernel access, performing the operations of: identifying a set of applications that a user has permission to access, receiving a request to a access a particular application of the set of applications, and causing execution of the particular application. | 06-19-2014 |
| 20140173701 | WEB CONFERENCE OVERSTAY PROTECTION - Embodiments of the present invention disclose a method, computer program product, and system for managing participants of a web conference that follows a first web conference. A computer determines that a second web conference will use a web conference channel continuously following the completion of a first web conference using the web conference channel. The computer determines that a participant of the first web conference that is connected to the web conference channel at the start of the second web conference is not authorized to attend the second web conference and the computer disconnects from the web conference channel the participant that is not authorized to attend the second web conference. | 06-19-2014 |
| 20140173702 | SYSTEMS, METHODS, AND APPARATUSES FOR IMPLEMENTING CROSS ORGANIZATIONAL DATA SHARING - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing cross organizational data sharing including, for example, means for storing customer organization data in a database of the host organization; allocating at least a sub-set of the customer organization data to be shared as shared data; configuring a hub to expose the shared data to a proxy user and configuring the proxy user at the hub with access rights to the shared data; configuring one or more spokes with access rights to the shared data of the hub via the proxy user; receiving a request from one of the hubs for access to the shared data of the customer organization via the proxy user at the hub; and returning a response to the hub having made the request. Other related embodiments are disclosed. | 06-19-2014 |
| 20140173703 | Method and Apparatus for Providing Network Security Using Role-Based Access Control - A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field. | 06-19-2014 |
| 20140181908 | Method and Apparatus for Using Sensors on a Portable Electronic Device to Verify Transactions - The present disclosure involves a system. The system includes a computer memory storage module configured to store executable computer programming code. The system includes a computer processor module operatively coupled to the computer memory storage module. The computer processor module is configured to execute the computer programming code to perform the following operations: detecting, from a mobile electronic device, a request to engage in an activity electronically; receiving sensor data gathered by one or more sensors of the mobile electronic device; determining, based on the sensor data received from the mobile electronic device, whether the request to engage in the activity is authorized by a user of the mobile electronic device; and alerting the user if it has been determined that the request to engage in the activity is unauthorized. | 06-26-2014 |
| 20140181909 | SYSTEM AND METHOD FOR SECURED ACCESS MANAGEMENT - A system and method for managing secure access to one or more applications and data provided via the application based on trustworthiness of a client device. The system is configured to establish a level of trustworthiness of the client device based, at least in part, on attributes of the client device and the user of the client device. In the event that the level of trustworthiness meets or exceeds a predefined trust level for a corresponding application, the system is configured to authorize and allow the client device to execute the application and access data provided via the application. Alternatively, in the event that the level of trustworthiness falls below a predefined trust level, the system is configured to restrict execution of the application and/or access to data provided via the application. | 06-26-2014 |
| 20140181910 | SYSTEMS AND METHODS FOR ENABLING PARENTAL CONTROLS BASED ON USER ENGAGEMENT WITH A MEDIA DEVICE - Systems and methods are described for controlling playback of media assets. In some aspects, the systems and methods described detect a first user within proximity of a user equipment device. The systems and methods detect a second user, who is restricted from accessing a media asset on the user equipment device without a first user within proximity of the user equipment device who has a content authorization level higher than the second user. Processing circuitry measures the first user's engagement level with the user equipment device. The processing circuitry retrieves a threshold value from the user equipment's memory and determines whether the measured engagement level of the first user with the user equipment device is above the retrieved threshold. If the measured engagement level of the first user with the user equipment device is above the threshold, processing circuitry enables access to the media asset. | 06-26-2014 |
| 20140181911 | METHOD, SYSTEM AND PROGRAM PRODUCT FOR SECURE AUTHENTICATION - A method, system and program product comprises establishing a communication with a computing system using a first device for communicating with the computing system over a first communication channel. The computing system is in communication with a second device configured for communicating with the computing system over a second communication channel separate from the first communication channel. The first device is paired with the computer system in which the first device and the computer system are mutually authenticated. A code presented by the second device is captured using the first device. The code is communicated to the computing system over the first communication channel in which the computer system uses the code in authorizing the second device to perform a function. The computer system communicates an authorization to the second device using the second communication channel. | 06-26-2014 |
| 20140181912 | Access Reviews at IAM System Implementing IAM Data Model - Systems and methods of conducting access reviews of access rights to logical computing resources are provided. An access reviewer may receive a selection indicating a user having access to one or more logical computing resources of a computer system. The access reviewer may identify a set of current logical computing resources that the user has access to and a set of current logical entitlements associated with the user. The access reviewer may generate an access review summary based on a comparison of the current logical computing resources to one or more of the current logical entitlements. | 06-26-2014 |
| 20140181913 | Verifying Separation-of-Duties at IAM System Implementing IAM Data Model - Systems and methods of verifying separation-of-duties (SoD) for requested access rights to physical computing resources are provided. An SoD verifier may receive and access request and obtain a set of current permissions associated with a requestee specified in the access request. The SoD verifier may also obtain a set of new permissions to provision for the requestee based on the access request. The SoD verifier may determine whether one of the current permissions is incompatible with one of the new permissions. The SoD verifier may provide an indication of whether the access request represents an SoD violation. | 06-26-2014 |
| 20140181914 | Reconciling Access Rights at IAM System Implementing IAM Data Model - Systems and methods for reconciling access rights provisioned for physical computing resources of a computer system are provided. A reconciler may identify current physical computing resources accessible to a user account of the computer system and a physical entitlement specification associated with the user account. The reconciler may determine whether adjustment of access rights is needed based on a comparison of the current physical computing resources to the physical entitlement specification. Access rights to at least one physical computing resource may be adjusted in response to a determination that adjustment of access rights is needed. | 06-26-2014 |
| 20140181915 | METHOD AND SYSTEM FOR NETWORK VALIDATION OF INFORMATION - Embodiments of the present application relate to a method for network validation of information, a system for network validation of information, and a computer program product for network validation of information. A method for network validation of information is provided. The method includes receiving verification information from a user, the verification information including a plurality of verification fields, determining a verification sequence of the plurality of verification fields based on a verification rule configuration and a verification scoring table, verifying a current verification field according to the verification sequence, verifying a next verification field in the event that the verification of the current verification field succeeds, and terminating verification in the event that the verification of the current verification field fails. | 06-26-2014 |
| 20140181916 | ELECTRONIC DEVICE, PERSONAL CLOUD APPARATUS, PERSONAL CLOUD SYSTEM AND METHOD FOR REGISTERING PERSONAL CLOUD APPARATUS IN USER PORTAL SERVER THEREOF - An electronic device, a personal cloud apparatus, a personal cloud system, and a method thereof for registering personal cloud apparatus are provided. The method of the electronic device for registering the personal cloud apparatus includes pairing with the personal cloud apparatus when an application is executed, acquiring information about an access point and transmitting the same to the personal cloud apparatus to connect the personal cloud apparatus to a network, and registering the personal cloud apparatus to a registration server, when the personal cloud apparatus is connected to the network via the access point. As a result, users are able to upload or download various contents using the personal cloud apparatus, inside or outside the house. | 06-26-2014 |
| 20140181917 | COMPUTER TELEPHONY SYSTEM, METHOD AND SERVER - A controller in a computer telephony system records a mapping linking a key and the identifier of a communications terminal previously associated with a user. The key selected by the controller is a parameter associated with the user in a second system external to the computer telephony system. The controller operates to receive a message from the second system comprising a command issued by the user and the key. The controller reads the received key and uses it to retrieve the identifier and then forwards the command together with the identifier to a communications controller for controlling operation of the communications terminal. | 06-26-2014 |
| 20140181918 | SYSTEM AND METHOD FOR PREVENTING ACCESS TO DATA ON A COMPROMISED REMOTE DEVICE - This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified. | 06-26-2014 |
| 20140181919 | SYSTEM FOR SECURE ENROLLMENT AND SECURE VERIFICATION OF NETWORK USERS BY A CENTRALIZED IDENTIFICATION SERVICE - A system and method for providing, as a service over a computer network (especially a packet-switched computer network) to a body of merchants connected to the computer network, verification of consumer identification based on data provided over the computer network by scanning devices attached to the computers operated by consumers. | 06-26-2014 |
| 20140181920 | LOCKED ELEMENT FOR USE IN A GRAPHICAL MODELING ENVIRONMENT - In a graphical modeling environment, a method of providing varying levels of protection relating to functionalities associated with at least some elements of a block diagram model, the method including: receiving a selection of one of the elements; receiving an indication of a desired authorization required to use at least one function of the selected element; implementing the indicated authorization for the use of the at least one function; and preventing, without obtaining of the authorization, an attempted use of the at least one function. | 06-26-2014 |
| 20140181921 | AUDIO BASED HUMAN-INTERACTION PROOF - A method and system for allowing access to computer functions such as websites that utilizes a user's ability to recognize sounds is described. The method presents a user a series of sounds. Some of the sounds presented in the series are labeled as validation sounds. The user is asked to provide an input every time he or she hears the validation sound. The user must identify the sound within a specified length of time. The system disclosed comprises a user interface, a sound database module, a generation module, and a sound database module. The generation module creates the validation test file and expected answer. The answer confirmation module checks the input from the requesting computer and provides access to the computer function if the computer input from the requesting computer meets the required parameters. | 06-26-2014 |
| 20140189797 | AUTHORIZATION MESSAGING WITH INTEGRAL DELEGATION DATA - A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, includes receiving a delegation message from the first server computer system to initiate authorization of the access by the client application, issuing an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data indicative of the user, the client application, the resource, and a timestamp, respectively, receiving a redemption message from the second server computing system comprising the authorization data package, conducting an analysis of the authorization data package, and sending an access token to the second server computing system based on the analysis. | 07-03-2014 |
| 20140189798 | 3D Bot Detection - In one embodiment, a computer method of verifying an operator is human includes automatically selecting a pattern and dividing the pattern into a plurality of textures. The method further includes projecting each texture onto a different respective displayed element in a 3D experience. The method additionally includes randomizing a position and/or an orientation of at least one displayed element of the different respective display elements in the 3D experience. The method also includes receiving operator manipulations of the randomized elements to solve for the pattern and make the pattern appear/reappear. The method further includes granting access to the operator if the pattern is made to appear/reappear. Access is granted upon determining that the operator has made the pattern is appear/reappear, and access is denied if the operator fails to make the pattern appear/reappear. | 07-03-2014 |
| 20140189799 | MULTI-FACTOR AUTHORIZATION FOR AUTHORIZING A THIRD-PARTY APPLICATION TO USE A RESOURCE - Enhanced security for limited access through multi-factor authorization to cloud computing resources. The enhanced security is obtained by utilizing a personal security device to perform certain security operations as part of an authorization protocol such that an authorization grant is confirmed using two independent factors such as evidence of knowledge of a secret plus possession of a personal security device. The personal security device may also store an access token and perform cryptographic operations evidencing possession of the access token. Other systems and methods are disclosed. | 07-03-2014 |
| 20140189800 | Electronic Rendezvous-Based Two Stage Access Control for Private Networks - A method for providing access to a private network resource comprises receiving an indication from an electronic rendezvous service that a client application has passed a first set of authentication and authorization processes. A request to access the private network resource is received from the client application. The client application is allowed to attempt to perform a second set of authentication and authorization processes based at least in part on receiving the indication from the electronic rendezvous service that the client application has passed the first set of authentication and authorization processes. The second set of authentication and authorization processes are performed, and the client application is allowed to access the private network resource based at least in part on a determination that the client application has passed the first and the second sets of authentication and authorization processes. | 07-03-2014 |
| 20140189801 | Method and System for Providing Limited Usage of an Electronic Device - An electronic device ( | 07-03-2014 |
| 20140189802 | METHOD AND APPARATUS FOR LOCATION-BASED AUTHORIZATION TO ACCESS ONLINE USER GROUPS - An approach is provided for determining a request from a user for an access to at least one user group. The at least one user group is associated with at least one reference location. Consequently, the point of interest platform determines location information associated with the user and/or the device associated with the user. Subsequently, the point of interest platform causes, at least in part, a granting of the access to the user group if the location information indicates that the user and/or the device associated with the user is within a predetermined proximity of the reference location. | 07-03-2014 |
| 20140189803 | SELECTING IMAGE OR VIDEO FILES FOR CLOUD STORAGE - A method, apparatus, and computer program product, responsive to receiving a data from a computing device connected to the computer in a cloud computing system or data center, identifies a criteria associated with the computing device, responsive to identifying the criteria, determines whether the data is authorized for transmission to a storage in the cloud computing system or data center, and responsive to determining that the data is authorized for transmission to the storage, forwards the data to the storage. | 07-03-2014 |
| 20140189804 | LOCATION-BASED APPLICATION SECURITY MECHANISM - The present disclosure describes methods, systems, and computer program products for providing a location-based application content security mechanism to a web portal. One computer-implemented method includes receiving a request for portal content from a client device, determining that the requested portal content has an established geo-location permission, requesting a client geo-location from the requesting client device, receiving the client geo-location from the requesting client device, determining, by operation of a computer, that the received client geo-location is within a required geo-location threshold associated with at least one geo-location data point associated with the established geo-location permission, and serving the portal content to the requesting client device. | 07-03-2014 |
| 20140189805 | REVERSE AUTHORIZED SYN COOKIE - Techniques for providing a service to registered users over a network such as the internet are disclosed. The techniques can be used to hide the service from unregistered entities. Further, the techniques can thwart certain types of so-called denial-of-service attacks. | 07-03-2014 |
| 20140189806 | Wireless Network Linking System and Method of Obtaining Access Right of Network Thereof - A wireless network linking system and a method of obtaining access right of network thereof The method includes following steps: sending a wireless access signal by a client with wireless network access function; receiving the wireless access signal and deciding the location of the client according to a signal strength of the wireless access signal by a server; and providing a wireless access point service to the client by the server, thereby providing the client the permission of accessing network resources if the location of the client is corresponding to a specific region. | 07-03-2014 |
| 20140189807 | METHODS, SYSTEMS AND APPARATUS TO FACILITATE CLIENT-BASED AUTHENTICATION - Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider. | 07-03-2014 |
| 20140189808 | MULTI-FACTOR AUTHENTICATION AND COMPREHENSIVE LOGIN SYSTEM FOR CLIENT-SERVER NETWORKS - Embodiments are directed to a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context information related to at least one of the user, the request, and the client computer, and determining a disposition of the request based on the reply and the one or more items of context information. The reply includes a user password and may be provided by an authorizing client device coupled to the client computer over a wireless communications link. | 07-03-2014 |
| 20140189809 | METHOD AND APPARATUS FOR SERVER-SIDE AUTHENTICATION AND AUTHORIZATION FOR MOBILE CLIENTS WITHOUT CLIENT-SIDE APPLICATION MODIFICATION - A method (and structure) for enforcing authentication and authorization includes making a resource access request, by a client application being executed by a processor on a digital device, to invoke authentication and authorization services to evaluate the resource access request by the client application. A security application on the digital device is activated and executed, the security application being separate from the client application, the security application including instructions for processing a challenge-response protocol for the resource access request. The client application communicates outside the digital device using a primary communication channel and the security application uses a secondary communication channel that is out-of-band from the primary communication channel. | 07-03-2014 |
| 20140189810 | NETWORK SECURITY AS A SERVICE USING VIRTUAL SECURE CHANNELS - Disclosed are methods, devices, and systems to provide an end-to-end secure transaction over a network. In one embodiment, a machine-implemented method comprises opening an in-band channel or an out-of-band channel over the network; authenticating, through the control plane of a switch managing the network, a user of a resource over the in-band channel or the out-of-band channel; authorizing the user, through the control plane, access to the resource over the in-band channel or the out-of-band channel; and accounting for a transaction conducted by the user accessing the resource, through the control plane, over the in-band channel or the out-of-band channel. In another embodiment, a switch to manage the network and to implement the method described herein is disclosed. | 07-03-2014 |
| 20140189811 | SECURITY ENCLAVE DEVICE TO EXTEND A VIRTUAL SECURE PROCESSING ENVIRONMENT TO A CLIENT DEVICE - Disclosed are methods and devices to provide a transaction over a network. In one embodiment, a machine-implemented method includes: opening, through an enclave device, an in-band channel or an out-of-band channel over the network; authenticating, through the enclave device, a user of a resource over the in-band channel or the out-of-band channel; facilitating, through the enclave device, an authorization of the user to access the resource over the in-band channel or the out-of-band channel; and accounting for a transaction conducted by the user accessing the resource, through the enclave device, over the in-band channel or the out-of-band channel. | 07-03-2014 |
| 20140189812 | Privileged Activity Monitoring Through Privileged User Password Management and Log Management Systems - A system and method is provided for allowing seamless auditing compliance and investigations of privileged account access and activities. Account access information and privileged activity information may be stored in a central data repository. The central data repository may be queried to determine who was granted access to a privileged account, the timeframe that the access was granted, and/or what actions were performed by the user who was granted access. | 07-03-2014 |
| 20140189813 | METHODS AND APPARATUS FOR TRANSACTING WITH MULTIPLE DOMAINS BASED ON A CREDENTIAL - In one embodiment, a method includes receiving from a credential a credential-owner authentication information associated with an identity of an individual. A issuer validation information associated with an issuer of the credential is also received. The method also includes providing a plurality of options, including a first option associated with a first domain and a second option associated with a second domain mutually exclusive from the first domain. The method also includes sending to a portion of the first domain the credential-owner authentication information and the issuer validation information in response to the first option being selected. | 07-03-2014 |
| 20140189814 | METHOD FOR VEHICLE COMMUNICATION, INTERFACE MODULE, VEHICLE DIAGNOSIS INTERFACE, USER COMMUNICATION TERMINAL, DATA NETWORK SYSTEM AND DIAGNOSIS AND CONTROL NETWORK - The invention relates to a method for vehicle communication, particularly using a vehicle-implemented vehicle diagnosis system ( | 07-03-2014 |
| 20140189815 | INFORMATION INPUT DEVICE, INFORMATION OUTPUT DEVICE, INFORMATION PROCESSING SYSTEM, AND COMPUTER-READABLE RECORDING MEDIUM - The present invention is concerning to an information processing system includes an information input device and an information output device. The information input device includes a communication module that establishes communication with one or more information output devices, an information acquiring module that acquires device information of the respective information output devices including an identification code used only for identifying the information output device and makes a storage module store therein the device information, an input receiving module that receives an entry of an identification code, and a device specifying module that searches the device information acquired from the respective information output devices to specify the information output device to which the information is to be transmitted based on the identification code received and gives instructions to the communication module to transmit the information using the device information of the information output device specified. | 07-03-2014 |
| 20140189816 | EXTENDING SERVER-BASED DESKTOP VIRTUAL MACHINE ARCHITECTURE TO CLIENT MACHINES - A server-based desktop-virtual machines architecture may be extended to a client machine. In one embodiment, a user desktop is remotely accessed from a client system. The remote desktop is generated by a first virtual machine running on a server system, which may comprise one or more server computers. During execution of the first virtual machine, writes to a corresponding virtual disk are directed to a delta disk file or redo log. A copy of the virtual disk is created on the client system. When a user decides to “check out” his or her desktop, the first virtual machine is terminated (if it is running) and a copy of the delta disk is created on the client system. Once the delta disk is present on the client system, a second virtual machine can be started on the client system using the virtual disk and delta disk to provide local access to the user's desktop at the client system. This allows the user to then access his or her desktop without being connected to a network. | 07-03-2014 |
| 20140189817 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING MEDIA MANAGEMENT - Providing media management services includes creating an account record for a first user of the media management services, allocating a first storage space to the first user that is accessible to the first user via user credentials assigned to the first user, creating an account record for a second user of the media management services, and allocating a second storage space to the second user that is accessible to the second user via user credentials assigned to the second user. The media management services also include sharing the second storage space with the first user based on a device identifier of a media recording device that is common to both the first account record and the second account record. | 07-03-2014 |
| 20140189818 | EMAIL EFFECTIVITY FACILTY IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT - In embodiments of the present invention improved capabilities are described for managing access to a secure exchange environment managed by an intermediate business entity through a user email identity, the method comprising establishing a secure exchange server hosted by an intermediate business entity, wherein communications and access to a collection of files established by a first business entity are managed for a second business entity; and establishing an email effectivity facility that allows a user of the first business entity to specify a condition for email-based access to at least one resource in the collection of files, wherein the condition expresses (a) an effective period for using an email providing access to the resource and (b) a condition of email access to the resource by a designated individual of the second business entity, wherein the access permission was assigned using a specific email address of the designated individual. | 07-03-2014 |
| 20140196114 | ELECTRONIC CONTROL DEVICE FOR A VEHICLE - An electronic control device for a vehicle configured to be able to rewrite a program related to vehicle control by connecting an external device with the vehicle and by accessing an in-vehicle LAN includes a portable authentication terminal separated from the external device; an in-vehicle authentication system connected with the in-vehicle LAN, configured to authenticate the portable authentication terminal and to be able to transmit a authentication result to the in-vehicle LAN; a repeater configured to relay communications between the external device and the in-vehicle LAN; and a communication authorization unit connected to the in-vehicle LAN and configured to authorize the communications between the external device and the in-vehicle LAN through the repeater if receiving the authentication result of a successful authentication of the portable authentication terminal by the in-vehicle authentication system. | 07-10-2014 |
| 20140196115 | Monitoring of Authorization-Exceeding Activity in Distributed Networks - A network security layer with a role mapping component with a current role mapping between services and access permissions is provided between a user and the services. A multi-tenancy module with current membership mapping is also provided. The security layer has a network authentication protocol for user authentication at log-in. Snapshots of a baseline role mapping between services and permissions are taken at certain times. The role mapping component verifies snapshots at set intervals, and when the user performs certain actions, the current role mapping is compared with the baseline role mapping. Upon discrepancy, the role mapping component executes a set of rules, including forceful log-out to prevent system intrusion. Comparison of current membership mapping with a baseline membership mapping can also be applied. The security layer can thus monitor authorization-exceeding modifications to baseline policies attempted by logged-in and initially authorized users. | 07-10-2014 |
| 20140196116 | Distance-Dependent or User-Dependent Data Exchange Between Wireless Communication Devices - In one embodiment, a method includes sending, by a first wireless device associated with a first user, first data such that the first data are only available to one or more second wireless devices respectively associated with one or more second users and within a first distance from the first wireless device. The method further includes sending, by the first wireless device associated with the first user, second data such that the second data are only available to one or more third wireless devices respectively associated with one or more third users and within a second distance from the first wireless device. | 07-10-2014 |
| 20140196117 | RECOVERY OR UPGRADE OF A CLOUD CLIENT DEVICE - In one embodiment, a cloud client device sends authentication data to a cloud services system. When the cloud services system determines the cloud client device is authenticated, the cloud client device receives data for configuring the cloud client device from the cloud services system, the data including one or more software modules associated with a communication protocol. When the cloud services system determines the cloud client device is not authenticated, the cloud client device conducts a data wipe of the cloud client device. | 07-10-2014 |
| 20140196118 | APPARATUS, SYSTEM AND METHOD FOR SECURE PAYMENT - Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction. | 07-10-2014 |
| 20140196119 | Method And Computer Program For Providing Authentication To Control Access To A Computer System - The present invention relates to a method and computer program for providing authentication to control access to a computer. system including online services accessed via a portal, cloud based systems and browser accessed systems using for example HTML5, and relates particularly, but not exclusively, to authentication systems for mobile computer and telecommunications devices. | 07-10-2014 |
| 20140196120 | COMMUNICATION DEVICE, COMMUNICATION METHOD, COMMUNICATION SYSTEM AND SERVICE ISSUING METHOD - A communication device includes an antenna for transmitting and receiving signals with a reader/writer of a service issuing terminal; a recording unit recorded with data, and also recorded with a pattern in which information specifying an authentication key and access attribute indicating whether or not a readout process or a write process on the data is possible using the authentication key are corresponded; and a control unit for, when receiving one or plural information specifying a region of the data from the reader/writer of the service issuing terminal via the antenna, holding the received one or plural information specifying the region of the data. | 07-10-2014 |
| 20140196121 | FEDERATION AMONG SERVICES FOR SUPPORTING VIRTUAL-NETWORK OVERLAYS - Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member. | 07-10-2014 |
| 20140196122 | SYSTEMS AND METHODS FOR DEPLOYING RICH INTERNET APPLICATIONS IN A SECURE COMPUTING ENVIRONMENT - Systems and methods for deploying rich internet applications in a secure computing environment. An example distributed computer system may comprise: a first computer system comprising a run-time environment executing one or more rich internet applications; a second computer system communicatively coupled to the first computer system, the second computer system executing an administration server; wherein the run-time environment is configured to query the administration server to perform at least one of: authenticating a user of the first computer system, determining whether an application is allowed to be executed within the run-time environment, or determining whether an application being executed by the run-time environment is allowed to access a certain function exposed by an application-programming interface (API) of the run-time environment. | 07-10-2014 |
| 20140196123 | DOMAIN ISOLATION THROUGH VIRTUAL NETWORK MACHINES - A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains. | 07-10-2014 |
| 20140201813 | ENHANCING DIRECTORY SERVICE AUTHENTICATION AND AUTHORIZATION USING CONTEXTUAL INFORMATION - Systems and methods are provided for authenticating and authorizing network access requests using directory services in which the directory service authentication and authorization procedures are enhanced using contextual information. | 07-17-2014 |
| 20140201814 | ENHANCING DIRECTORY SERVICE AUTHENTICATION AND AUTHORIZATION USING CONTEXTUAL INFORMATION - Systems and methods are provided for authenticating and authorizing network access requests using directory services in which the directory service authentication and authorization procedures are enhanced using contextual information. | 07-17-2014 |
| 20140201815 | ACCESS CONTROL MECHANISM TO A SECURE ELEMENT COUPLED TO AN NFC ROUTER - The invention relates to a method of protecting a security module ( | 07-17-2014 |
| 20140201816 | Securely Authorizing Access to Remote Resources - Securely authorizing access to remote resources may be provided. A method may include receiving a request to determine whether a user device is authorized to access at least one resource hosted by a resource server, determining whether the user device is authorized to access the at least one resource based at least in part on whether the user device has been issued a management identifier, providing a response indicating that the user device is authorized to access the at least one resource in response to a determination that the user device is authorized to access the at least one resource hosted by the resource server, and providing a response indicating that the user device is not authorized to access the at least one resource in response to a determination that the user device is not authorized to access the at least one resource. | 07-17-2014 |
| 20140201817 | AUDITING COMMUNICATIONS - Auditing a communication is disclosed. Credentials are received from a client. It is determined whether the client is authorized to communicate with a remote resource. If it is determined that the communication with the remote resource is allowed, a communication is forwarded from the local resource to the remote resource. | 07-17-2014 |
| 20140201818 | UNAUTHORIZED USE PREVENTING SYSTEM OF PROJECTION-TYPE PROJECTOR - An unauthorized use preventing device includes: a first measuring unit that measures a global position thereof and outputs the global position as first position information; and a first transmission unit that wirelessly transmits the first position information to an outside. The security section includes: a second measuring unit that measures a global position thereof and outputs the global position as second position information; a first receiving unit that receives the first position information; a position comparison unit that determines whether an inter-instrument distance calculated based on the first and second position information is less than a threshold distance or equal to or more than the threshold distance, and outputs a result of the determination as a position comparison result signal; and a logical product calculation unit that calculates and outputs a logical product of the position comparison result signal and a power supply turning-on signal. | 07-17-2014 |
| 20140201819 | METHOD AND SYSTEM FOR MANAGING USER'S REPUTATION INFORMATION FOR A GIVEN SERVICE - A method and a system for managing user's reputation information for a given service. The method includes managing said user's reputation information by means of a global and centralized reputation management unit for a plurality of given services, said managing including generating and storing said reputation information for a user based on context variables and the historic of the activity or experience of said user in specific service fields in which the user generates content or provides an opinion or a recommendation. The system is arranged for implementing the method. | 07-17-2014 |
| 20140201820 | Adapting Federated Web Identity Protocols - A method of performing a Real-Time Communication in Web-browsers (RTCWEB) identity authentication based on an authentication of a non-RTCWEB compliant Identity Provider (IdP) server comprising receiving, by an RTCWEB IdP client, an RTCWEB identity authentication request from a user agent, creating a session resource with a Relying Party (RP) client, wherein the RP client guards the session resource, instructing the user agent to authenticate with the RP client by employing a non-RTCWEB identity protocol to access the session resource, receiving authentication results from the non-RTCWEB compliant IdP server via the RP client, and sending an RTCWEB authentication to the user agent via the session resource. | 07-17-2014 |
| 20140201821 | Resilient Device Authentication System - A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data. | 07-17-2014 |
| 20140201822 | METHOD AND SYSTEM FOR PERMITTING ACCESS TO RESOURCES BASED ON INSTRUCTIONS OF A CODE TAGGED WITH AN IDENTIFIER ASSIGNED TO A DOMAIN - A method including: assigning identifiers to respective domains, where each of the domains is allocated a corresponding set of resources, and where the resources in the sets of resources are accessible at respective physical addresses; storing permissions to access the physical addresses, where each of the permissions indicates which of the physical addresses one or more of the domains are permitted to access. The method also includes: assigning a code to a first domain, where the code includes instructions, and where each of the instructions includes a corresponding one of the physical addresses; tagging each of the instructions by adding the identifier assigned to the first domain to each of the instructions; and during execution of each of the instructions, comparing the identifier included in the corresponding instruction to one of the permissions; and based on the comparison, permitting access to the set of resources allocated to the first domain. | 07-17-2014 |
| 20140208386 | Adaptive Strike Count Policy - An adaptive strike count management is implemented for securing resources. The method authorizes access to a resource if a security credential matches pre-stored security data. However, when the security credential does not match the pre-stored security data, the adaptive strike count management method denies access to the resource; assesses the risk level based on the security credential; increments a strike counter by a predetermined value based on the risk level; and disables further access attempts to the resource if the strike counter exceeds a threshold. The strike counter is incremented by a first value when the risk level is assessed to be a first level, a second value when the risk level is assessed to be a second level, and a third value when the risk level is assessed to be a third level. | 07-24-2014 |
| 20140208387 | Device utilizing an optical signal to access an access point - Disclosed is a device that receives an optical signal having an authorization code that allows the device to utilize an access point to obtain access to the Internet and other networks. The device may include: a modem; a light sensor; and a processor. The light sensor may receive an optical signal from a light source. The processor may execute operations including: processing the received optical signal to identify an authorization code and to connect the device through the modem to the access point based upon the authorization code such that the device may obtain access to the Internet and other networks. | 07-24-2014 |
| 20140208388 | User Notifications During Computing Network Access - A notification is received that a network device in a computing network has blocked a service request directed towards a network resource of the computing network. A determination is made, based on authentication information associated with one or more of a network endpoint that transmitted the service request and a user at the network endpoint, as to whether the user should be notified of a reason that the network device blocked the service request. If it is determined that the user should be notified, a notification summarizing the reason that the network device blocked the service request is transmitted to the network endpoint. | 07-24-2014 |
| 20140208389 | ENROLLMENT OF USER IN DEVICE IDENTIFICATION PROGRAM - Embodiments of the invention are directed to systems, methods and computer program products for enrolling a user in a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, receive user information associated with a user, the user information enabling identification of the user, associate the device identification information with the user information, and create a record based on the device identification information and the user information. | 07-24-2014 |
| 20140208390 | SYSTEM AND METHOD FOR ENHANCED CONTROL SYSTEM SECURITY - A system including a controller having a data repository configured to store a first mapping associating a user to an Application Certificate and a second mapping associating the user to a user privilege. The system further includes an OPC Unified Architecture (UA) server configured to provide server access based on receiving the Application Certificate from an OPC UA client and enforcing the user privilege, in which the user privilege is retrievable based on the first and the second mappings. | 07-24-2014 |
| 20140208391 | SYSTEM FOR MULTI-POINT PUBLICATION SYNDICATION - Embodiments of methods, systems and storage media associated with publication of message content may be described. In embodiments, a content creator may provide content to a message management node. Based on application of one or more business rules, one or more authorized recipients of the message content may be identified, and the message content may be provided to the one or more recipients. In various embodiments, the message content may be reviewed by one or more approvers prior to publication. The message content may not be provided to the authorized recipients without approval from the approvers. Other embodiments may be described and claimed. | 07-24-2014 |
| 20140208392 | INFORMATION PROVIDING APPARATUS, INFORMATION PROVIDING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information providing apparatus includes following components. A storing unit stores marker image identification information, an image feature of a marker placed area, related information, and disclosure limitation information indicating whether the related information is to be disclosed to specific users in an image information memory. A user information memory stores user identification information identifying a user and privilege information indicating a privilege of the user. An obtaining unit obtains, from an information terminal, user identification information and a target image. A search unit searches the image information memory for marker image identification information of a marker image having an image feature similar to that included in the target image. A providing unit provides, if the corresponding disclosure limitation information indicates limited disclosure and the corresponding privilege information indicates that access to the retrieved related information is permitted, the corresponding related information to the information terminal. | 07-24-2014 |
| 20140208393 | METHODS, SERVER AND PROXY AGENT FOR DYNAMICALLY SETTING UP A SESSION BETWEEN A TARGET RESOURCE IN A PRIVATE NETWORK AND AN APPLICATION ON A DEVICE - An object of embodiments of the present invention is to establish a secure connection from a device to a private network, to which the device belongs, when the device may be located remotely from the private network. This is achieved by locating a server in the private network while reusing existing authorization mechanisms in the network. A target resource is in this private network and a device located outside the private network can access the target resource by using the server and a proxy agent which intermediates a request from the device by using a one time session URL. | 07-24-2014 |
| 20140208394 | NETWORK USER IDENTIFICATION AND AUTHENTICATION - A method of identifying and authenticating a network user includes receiving a first network layer packet from a first user entity. The first network layer packet may include first unique identification information unique to the first user entity and independent of a first network address associated with the first network layer packet. The method further includes verifying, at a network layer of a network, that the first network layer packet is from the first user entity based on the first unique identification information. | 07-24-2014 |
| 20140208395 | System and Method for Access of User Accounts on Remote Servers - In certain embodiments, the system of the invention automatically replicates a user's personal computing environment and provides associated remote server access using authentication credentials and data files supplied by a local handheld device as coordinated by session level software common to the handheld device, the replicated system, the system on which the replication occurs, and the remote servers. The application enables a handheld computing device to transfer a user's various online account credentials to a user's other computing devices securely and automatically. Thereafter the other computing device accesses a user's cloud-based storage and various on-line accounts and also pulls selected documents, bookmarks and related information directly from a user's handheld. The other computing device thereby essentially becomes a clone of a user's primary personal computer, complete with bookmarks, email account access, documents in a user's desktop and My Documents folder, pictures, music, and on-line content subscription access. | 07-24-2014 |
| 20140208396 | ACCESS CONTROL IN A DISPERSED STORAGE NETWORK - A method begins dispersed storage error encoding data in accordance with dispersed storage error encoding parameters to produce a plurality of set of encoded data slices. The method continues by determining access control information for the plurality of sets of encoded data slices. The method continues by determining whether one or more encoded data slices of the plurality of sets of encoded data slices has individual access control information. The method continues when the one or more encoded data slices has individual access control information by creating a plurality of sets of appended slices, which is done by appending corresponding individual access control information to each of the one or more encoded data slices and appending a representation of the access control information to remaining encoded data slices of the plurality of sets of encoded data slices. The method continues by outputting the appended slices. | 07-24-2014 |
| 20140208397 | GEOGRAPHICAL RESTRICTIONS FOR APPLICATION USAGE ON A MOBILE DEVICE - Apps are secured or security-wrapped either before they are downloaded onto a device, such as a smart phone or tablet device, or after they are downloaded but before they are allowed to access the device operating system and cause any potential damage to the device. The app is secured before it is allowed to access the operating system of the device, thereby preventing the app from malicious behavior. App object code is substituted with security program object code, thereby creating a security-wrapped app. The app is provisioned with a geo-fencing policy which prevents execution of an app outside a pre-defined geographical area. If the device is within the defined area, the app is allowed to execute. The geographical area, such as a building or company campus, is defined using longitude and latitude coordinates and a location accuracy value. Device location is obtained using location/GPS services on the device. | 07-24-2014 |
| 20140208398 | Resource-Centric Authorization Schemes - A first request to change a permission of a first user for accessing a first resource is received via a service application programming interface (API) of an authorization server. In response to the first request, a first resource-based permission data structure associated with the first resource is accessed to identify an entry associated with the first user, wherein the first resource-based permission data structure has a plurality of entries corresponding to a plurality of users, respectively, each user being associated with one or more permissions for accessing the first resource. Further, one or more permissions in the identified entry associated with the first user are updated. | 07-24-2014 |
| 20140208399 | METHOD AND SYSTEM FOR ACCESSING A COMPUTING RESOURCE - Access to a computing resource or service, to gain access to the computing resource or service is defined by access parameters contained in a certificate accessible by an access controller (which can also be referred to as a Unit-of-Use Controller). Identification data associated with a user is provided by a computer-controlled device to the access controller, which retrieves the certificate related to the identification data. The access controller then obtains the access parameters from the certificate and grants access to the computing resource for the user associated with the certificate as a function of the access parameters. | 07-24-2014 |
| 20140215568 | REQUESTING MODIFICATION RIGHTS TO A LINKED FILE SET - A computer implemented system and method of sharing files between a link sharer and a link recipient over a network. The method comprises generating, in response to a request by a link sharer, a file sharing link to a file set, where the link does not provide a link recipient the ability to modify the contents of the linked file set. In response to receiving an indication that the generated link has been activated by a link recipient, displaying a representation of the linked file set with a display element configured to send a request for modification rights to the linked file set when activated by the link recipient. In response to receiving the request for modification rights, either automatically granting modification rights to the linked file set or sending notice to the link sharer indicating that the link recipient is requesting modification rights to the linked file set. | 07-31-2014 |
| 20140215569 | USER TERMINAL, UNAUTHORIZED SITE INFORMATION MANAGEMENT SERVER, AND METHOD AND PROGRAM FOR BLOCKING UNAUTHORIZED REQUEST - The transmission of an unauthorized request from a terminal is blocked. It is possible to provide a user terminal which blocks an unauthorized request made by malicious content by detecting the transmission of a request generated in a user terminal, investigating whether the request contains an improper word registered in an improper word database, and inhibiting the transmission of the request when it is determined that the request contains the improper word. | 07-31-2014 |
| 20140215570 | Systems and Methods for Collecting and Accruing Labor Activity Data Under Many-to-Many Employment Relation and with Distributed Access - A system and methods enable distributed users to have controlled and distributed access to labor data, and the labor data are produced as the results of monitoring and accruing labor activities with many-to-many employment relation. One method further comprises: (1) a method of importing data as the result of monitoring labor activities, and resolving the employment relation under which a labor activity is performed; (2) a method of accruing labor activities using input data according to the employment relation identified by method (1), and; (3) a method of enabling controlled access to labor and payroll data for distributed users. Labor monitoring software system (a) accrues labor activities from field-collected labor monitoring data, (b) identifies the employment relation, and (c) prepares payroll report based on the terms defined in the employment relation. Authorized users may access the data in raw or processed format from a variety of Internet-connected devices, including smartphones, tablets, and desktop computers. The system may be used in a variety of applications in which an employee has multiple employers, and distributed access to labor data is needed. | 07-31-2014 |
| 20140215571 | E-MAIL AUTHENTICATION - A system and method for determining whether an e-mail originates from a sender authorized by an address provider to send the e-mail to an intended recipient's e-mail address. The e-mail identifies an address provider from which the intended recipient's e-mail address was obtained. The e-mail is delivered to the intended recipient only upon verification that the sender is authorized by the address provider to obtain the intended recipient's e-mail address. The system and method may also provide for determining whether an e-mail originates from a forged source. A server receives data relating to an e-mail, including a purported sender and a verification host. The server queries the verification host with information pertaining to the e-mail and requests confirmation that the e-mail originates from the purported sender. The e-mail is determined to originate from a forged source unless the verification host responds that the e-mail originates from the purported sender. | 07-31-2014 |
| 20140215572 | Authenticating Applications to a Network Service - Authenticating applications to a network service includes authenticating an application with a certificate to access a service provider over a logical connection between the application and the service provider and confirming that the application is using an authorized port of the service provider. | 07-31-2014 |
| 20140215573 | SYSTEM AND METHOD FOR APPLICATION ACCOUNTS - System and methods of controlling computing application interactions with an electronic learning platform are described herein. The systems and methods may involve creating application accounts for computing applications, receiving a request for a computing application to interact with an electronic learning platform, determining whether an application account corresponds to the computing application of the request, and determining whether the requested interaction is permitted based the permissions and the settings of any account for the respective computing application. | 07-31-2014 |
| 20140215574 | ACCESSING OBJECTS IN HOSTED STORAGE - A hosted storage service stores a virtual data object that corresponds to data. The virtual data object includes metadata that enables access to the data in a delegated storage service but does not include the data. A delegate storage service stores the data. The hosted storage service receives a request for access to the virtual object and sends a response that includes metadata to access the data in a delegated storage service. The delegate storage service receives a request for access to the data based on the metadata. In response to receiving the request for access to the data object, the delegate storage service sends the data to the client application. | 07-31-2014 |
| 20140215575 | ESTABLISHMENT OF A TRUST INDEX TO ENABLE CONNECTIONS FROM UNKNOWN DEVICES - A method of controlling access to a remote system includes granting a connecting device full access to the system upon determining the device is registered to a user, upon determining the device is not registered, determining whether the device has connected to the system before, granting the device full access to the system if the device has connected before and a trust index based on a trust level for the device and a trust level of a location the device is currently connecting from exceeds a threshold, and granting the device limited access to the system otherwise. | 07-31-2014 |
| 20140215576 | Image Processing Apparatus and Image Processing System - An image processing apparatus comprising: an image processing unit configured to perform image processing; and a control device configured to perform: transmitting the authentication information received by the input unit to the server; receiving a result of user authentication from server, the result indicating a specific user authenticated by the server; requesting individual restriction information for the specific user when the result received, determining whether the requested individual restriction information for the specific user is obtained; restricting the performance of the image processing based on the requested individual restriction information, when the requested individual restriction information is obtained; requesting common restriction information when the requested individual restriction information is not obtained, obtaining the requested common restriction information; and restricting the performance of the image processing based on the obtained common restriction information. | 07-31-2014 |
| 20140215577 | REMOTE ACCESS OF DIGITAL IDENTITIES - A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced. | 07-31-2014 |
| 20140215578 | Adaptive Audiences For Claims In A Social Networking System - A social graph may be modeled as a collection of claims. Each claim is associated with an author, an audience, and an assertion about a fact. Probabilistic information may be collected from various sources for a claim, enabling a social networking system to evaluate a truthfulness of the assertion made in the claim. User-declared profile information may be evaluated as claims. A user, entity, or application may make claims about any assertions made in the social networking system. Reputation scores may be determined for users based on evaluations of their historical assertions. Claims may be evaluated for truthfulness using a probabilistic prediction model using heuristics analysis, regression analysis, and machine learning methods. A claims-based profile of users may be provided to viewers based on the contexts in which the claims were made. Viewers may view claims made about users, such as the users' biographical information, contact information, expertise, and interests. | 07-31-2014 |
| 20140215579 | METHOD AND DEVICE FOR CONTROLLING DIGITAL LIVING NETWORK ALLIANCE CONTENTS - The present document provides a method and apparatus for controlling digital living network alliance contents. One Media Access Control (MAC) recording unit is extended at the Digital Living Network Alliance (DLNA) device side for recording which MAC addresses are permitted to access or use the service of the DLNA device or prohibited from accessing or using the service of the DLNA device; one service control program is extended at the DLNA device side, and when there is another DLNA device transmitting a request to the DLNA device, the MAC address of the DLNA device is compared with the MAC address recorded by the MAC recording unit; and if the MAC address of the DLNA device is in the permission list or the MAC address of the DLNA device is not in the prohibition list, then the request will be permitted; otherwise the request will be rejected. | 07-31-2014 |
| 20140223512 | CUSTOMIZING SECURITY ROLE IN DEVICE MANAGEMENT SYSTEM, APPARATUS AND METHOD - Systems, apparatuses and methods are provided for managing information technology devices in an information technology environment in which at least some of the devices are connected to a network, and access of each user in the information technology environment is customized in a convenient manner. | 08-07-2014 |
| 20140223513 | Securing Communication over a Network Using Client Integrity Verification - A method for protecting application servers from network-based attacks and verifying the security posture of end client systems is disclosed. A trust broker system receives a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker. The trust broker system verifies the integrity of the client system and verifies the identity of a user of the client system. The trust broker system then determines the access level permitted to the identified user and based on the access level. The trust broker system establishes a connection with the user agent and transmits session information to the server system. The trust broker system sends the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system. | 08-07-2014 |
| 20140223514 | Network Client Software and System Validation - A method for validating a client system is disclosed. A trust broker system receives a request to connect to a server system from a previously authorized client system, wherein the client system has an associated user agent. The trust broker system determines the machine fingerprint associated with the client system, wherein the fingerprint is a digital value that represents all software installed on the client system. Based on the machine finger print, the trust broker determines whether the client system has software installed since the previous authorization. In accordance with a determination that the client system does have newly installed software, the trust broker system transmits instructions to evaluate the newly installed software and receives the results of the evaluation from the client system establishes an encrypted connection with the first client system. | 08-07-2014 |
| 20140223515 | Securing Organizational Computing Assets over a Network Using Virtual Domains - A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information. The electronic device determines whether the first client system is permitted to access the requested first virtual domain. | 08-07-2014 |
| 20140223516 | AUTHORIZATION FLOW INITIATION USING SHORT-TERM WIRELESS COMMUNICATION - In general, aspects of the disclosure are directed towards techniques for initiating an authorization flow with a user to enable a user interface-limited client computing device to obtain access to protected resources hosted by a resource service. In some aspects, a computing device comprises at least one processor. The computing device also comprises a short-range wireless communication module operable by the at least one processor to receive, using short-range wireless communication, an authentication request from a client device. The computing device also comprises an authorization module operable by the at least one processor to receive authorization to provide at least one security credential to the client device, wherein the authorization module is further configured to, responsive to receiving the authorization, send an indication of the authorization to an authentication service. | 08-07-2014 |
| 20140223517 | DATA PROCESSING AND STORAGE DEVICE - A device for processing and storing data is disclosed, which comprises a primary controller, a primary memory, a security element (SE), and at least one universal port, wherein the device for processing and storing data further includes a first additional port, via which the security element (SE) can directly interacts with a second external device to complete the processing and access of the data. The security element (SE) in the device for processing and storing data disclosed herein can work independently without being effected by the condition whether the primary memory is performing the data read/write process, and supports the single wire protocol (SWP). | 08-07-2014 |
| 20140223518 | AUTHENTICATION AND AUTHORIZATION METHOD AND SYSTEM - An authentication and authorization method and system are provided. The method includes: receiving an authentication request transmitted from a first device; transmitting the authentication request to an authentication and authorization server subsystem; authenticating the authentication request and generating authentication information; generating an authorization request used to request a second device for authorization according to the authentication information; and authenticating the authorization request, generating an authorization information and transmitting the authorization information to the first device through an authentication and authorization client subsystem so that the first device communicates with the second device directly according to the authorization information. | 08-07-2014 |
| 20140223519 | Platform for Providing a Social Context to Software Applications - The present invention provides a system and method for providing a social context to software applications. According to one embodiment of the invention, a user of a social network authorizes access by an external software application to information available in the social network. At some time later, the user of the social network uses an application designed by a third-party software developer. The application contacts the social network provider for permission to access the information available in the social network. If access has been authorized, the application incorporates the information from the social network into its interaction with the user, providing a social context to the user's interaction with the application. | 08-07-2014 |
| 20140223520 | GUARDIAN CONTROL OVER ELECTRONIC ACTIONS - A method for guardian control over an electronic action includes registering one or more guardians and at least one mobile communication device associated with each guardian with an authorization module hosted on an authorization server. Each mobile communication device is identified by a unique hardware identification number. An authentication request for a supervised client that is attempting to perform the electronic action at a site is received by the authorization server from a site. A confirmation request is sent from the authorization server to the mobile communication device requesting the guardian to confirm the action. The action is authorized upon receiving confirmation from the mobile communication device. | 08-07-2014 |
| 20140237553 | SECURELY UPDATING INFORMATION IDENTIFYING SERVICES ACCESSIBLE VIA KEYS - A first device may receive a service authorization instruction from a second device. The service authorization instruction may include one or more authorization parameters and an instruction to associate or disassociate a key, with a service, to permit or prevent the service to be accessed using the key. The key may be embedded in an application used to provide an application instruction corresponding to a request for the service. The first device may validate the service authorization instruction based on the one or more authorization parameters; and update, based on validating the service authorization instruction, information identifying services that are accessible using the key to permit or prevent the service to be accessed using the key without modifying the key embedded in the application. | 08-21-2014 |
| 20140237554 | UNIFIED PLATFORM FOR BIG DATA PROCESSING - This technology relate to methods and systems for big data processing. The system includes extraction modules for extracting data from the data sources. The system also includes means for defining rules to be applied on the data and means for applying the rules on the data in conjunction with the extraction modules. The means for applying the rules is capable of applying pre-defined set of rules and the rules defined by means of defining the rules. The system also has controllers for defining access control restrictions on the data in conjunction with the extraction modules, display for displaying visual representations of the data processing in conjunction with the extraction modules and memory to store the extracted data in indexed form. | 08-21-2014 |
| 20140237555 | SYSTEM AND METHOD FOR SECURE REMOTE ACCESS - System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services. | 08-21-2014 |
| 20140237556 | METHOD FOR COMMUNICATION AND COMPONENTS IN A COMMUNICATIONS NETWORK - With a method for communication in a communication network, a subscriber is assigned an authorization level depending on the respective applicable scenario at the time when the authorization level is assigned for that subscriber in that communication network. | 08-21-2014 |
| 20140237557 | DATA PLAN ACTIVATION - A method, implemented by a router device, for guiding a user in establishing access privileges for a data exchanger includes causing the data exchanger to establish a remote link with a data service provider. Access content is obtained from the data service provider and presented to a client device. Access data provided in response to the presenting of the access content is received. The access content when presented by the client device enables a user to supply the access data. The access data is useable by the data service provider to set access privileges associated with the data exchanger that enable the data exchanger to be utilized to perform a desired function. The access data is returned to the data service provider via the remote link. The data exchanger is utilized to implement the desired function. | 08-21-2014 |
| 20140237558 | DEVICE FOR GENERATING A VIRTUAL NETWORK USER - A device for generating a virtual network user that can be used, for data protection purposes, as a pseudonym by which a physical person or legal entity can gain access to the Internet and engage services that can be implemented via the network. The network user is defined by a freely specifiable combination of real and/or arbitrarily specifiable attributes. The input of these attributes into the network access device (PC) of the user activates a transformation system which facilitates the generation of the data flows that implement the virtual network user and that can be saved with the temporal sequence of the data flow in a storage device of the transformation system. An access system allocated to an independent authority is provided, which upon activation can initiate the readout of such data from a memory allocated to the storage device of the transformation system. | 08-21-2014 |
| 20140237559 | METHOD AND RELATED DEVICE FOR GENERATING GROUP KEY - A method and a related device for generating a group key are provided. A group ID of a group to which an MTC device belongs and a group communication root key related to a security key are received from an MME, where the security key is corresponding to the group ID; a group key corresponding to the group ID is generated according to the group communication root key; and a generating parameter used to generate the group key is sent to the MTC device, so that the MTC device generates the group key according to the group key generating parameter and a security key saved in the MTC device. Therefore, a base station only needs to maintain a same group key for a same group, thereby reducing the operation complexity of the base station. | 08-21-2014 |
| 20140237560 | SECURITY CONTEXT PASSING FOR STATELESS SYSTEM MANAGEMENT - Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user. | 08-21-2014 |
| 20140245392 | Systems, Methods, and Computer Program Products for Authenticating Human Users of a Computer System - A computer program product having a computer readable medium tangibly recording computer program logic for use in a secure computer system with a first human user and a second human user being authorized users of the secure computer system, the computer program product including code to receive input from the first human user to select the second human user for authentication, code to electronically generate a secure code in response to the input from the first human user, code to display the secure code to the first human user, code to allow the second human user access to the secure computer system after the second human user has been verified by the secure computer system, and code to display the secure code to the second human user as the second human user accesses the secure computer system. | 08-28-2014 |
| 20140245393 | METHODS AND SYSTEMS FOR CONTENT AVAILABILITY BASED ON LOCATION - Access to protected content is based on a client device being within a region. The region may be a mobile or movable region, and/or a region that is in motion. In some embodiments, the region may be determined based on a distance from a position within the region, or based on a boundary about the position that need not be symmetrical. In some embodiments, the region is a three dimensional region. In some embodiments, being within the region is further based on the region being above a defined altitude. In further embodiments, a determination for access is based on whether the client device is detected to be in motion relative to the region. | 08-28-2014 |
| 20140245394 | TRUST-BASED COMPUTING RESOURCE AUTHORIZATION IN A NETWORKED COMPUTING ENVIRONMENT - A trust-based approach for authorizing computing resources in a networked computing environment is provided. Specifically, in a typical embodiment, a candidate computing resource (e.g., a virtual machine) will submit a request to join a network computing environment (“environment”). Based on the request, a message will be communicated to previously authorized/joined computing resources to poll/solicit their votes as to whether the candidate computing resource should be trusted/authorized in the environment. Based on the responses submitted by the polled computing resources, the candidate computing resource may be authorized or denied membership in the environment. If authorized, a permission level may be set (e.g., as recommended by the polled computing resources). | 08-28-2014 |
| 20140245395 | OFF-SITE USER ACCESS CONTROL - Systems and methods are described for off-site user access control to communications services via a site-based communications network. Embodiments operate in context of sites, each having one or more site-based networks in communication with external networks via one or more on-site routers. User devices are provided with controlled access to those external networks via wired or wireless connections between those user devices and the site based networks. In some embodiments, on-site routers maintain route maps that indicate which user devices are authorized. Standard routing functions are used so that traffic from authorized devices is routed normally, while traffic from unauthorized devices is automatically forwarded to an off-site (e.g., cloud-based) authentication system. As devices become remotely authenticated, the off-site authentication system can remotely update route maps of the on-site routers to add those devices. | 08-28-2014 |
| 20140245396 | SYSTEM AND METHOD FOR INTEGRATING TWO-FACTOR AUTHENTICATION IN A DEVICE - A system and method for providing secondary-factor authentication with a third party application that can include enrolling a device application instance of an account into a secondary-factor authentication service on behalf of a service provider that includes at the secondary-factor authentication service, receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider, transmitting an activation code, and pairing the device application instance with the account through the activation code; receiving an authentication request identifying the account; transmitting an authentication request to the device application instance paired with the account; validating a response to the application request; and transmitting an assessment to the service provider. | 08-28-2014 |
| 20140245397 | TERMINAL AND SERVER FOR APPLYING SECURITY POLICY, AND METHOD OF CONTROLLING THE SAME - A method of operating a terminal using Mobile Device Management (MDM) solution includes: installing an application, requesting for registration by a license key received from an Enterprise License Management (ELM) server, receiving a Right Object (R/O) that corresponds to the license key and comprises a permission list, setting at least one permission based on the permission list comprised in the received R/O, and performing the set permission. A terminal using MDM comprises an MDM application configured to control an installed application to acquire a required permission, a ELM agent configured to request for registration by a license key from an ELM server, and receive a R/O that corresponds to the license key and comprises a permission list, and an ELM permission enforcer configured to set at least one permission based on the permission list comprised in the received R/O. | 08-28-2014 |
| 20140245398 | M2M DATA MANAGEMENT - Described embodiments provide managing data collected from machine 2 machine (M2M) devices. A plurality of M2M devices may be grouped based on a common interest and the same group authorization key may be assigned to M2M devices in the same device group. A data collecting terminal having a group authorization key may be allowed to collect data in M2M devices when the M2M devices have the same group authorization key. | 08-28-2014 |
| 20140245399 | INFORMATION MANAGEMENT SYSTEM AND INFORMATION MANAGEMENT METHOD - In the present invention, a control section of a CRM server performs editing processing for TPO (the time, the place, and the occasion) requirements. Next, a control section of a TPO server registers the TPO requirements in order to convert the same to TPO definitions. Then, the control section performs setting processing for the TPO definitions. A portable terminal identifies the current location and the current time. Then, a control section verifies TPO definition state transitioning. If transitioning of the TPO definition state is detected, the control section performs TPO definition state transition notification processing. The control section of the portable terminal performs individual control processing on the basis of the TPO definitions. | 08-28-2014 |
| 20140245400 | PROGRESSIVE DOWNLOAD OR STREAMING OF DIGITAL MEDIA SECURELY THROUGH A LOCALIZED CONTAINER AND COMMUNICATION PROTOCOL PROXY - Various embodiments are directed towards employing a container and communication protocol proxy component within a client device to receive securely real-time streamed, progressively downloaded, or adaptively streamed container over a network using one container and communication protocol, and to securely decrypt the container and provide it to a media player using a different container and communications protocol. In one embodiment, the container is in Flash Video (FLV) file format. A browser or the media player on the client device may be used to request the container. The requested container is sent over one communication protocol and intercepted by the container and communication protocol proxy component. The container may be received as selectively encrypted container. The container and communication protocol proxy component then may enable decryption of the container and providing of it to the media player using another container and communication protocol combination. | 08-28-2014 |
| 20140245401 | SECURE AND EFFICIENT LOGIN AND TRANSACTION AUTHENTICATION USING IPHONES.TM. AND OTHER SMART MOBILE COMMUNICATION DEVICES - To authenticate a user of a mobile communication device for login or transaction authorization, a first application on the device directs transmission of a request for authentication of the user to a security server. A second application on the device receives the request for authentication from the security server and directs presentation of the received request for authentication to the user by the device. The second application receives a user input to the device indicating that the requested authentication should proceed and in response directs transmission of an indication that the requested authorization should proceed, to the security server. In response to this latter transmission, the second application receives a PIN from the authentication server. The first application directs transmission of the PIN received by the second application to the network site, which validates the transmitted PIN, in order to authenticate the user or the transaction to the network site. | 08-28-2014 |
| 20140245402 | AUTHORITY TRANSFER SYSTEM, AUTHORITY TRANSFER METHOD, INFORMATION PROCESSING APPARATUS, AND RECORDING MEDIUM - To prevent a transfer of an authority from being useless as much as possible, an authority transfer unit includes a decision unit for making a decision that an authority of a user with respect to a management unit is transferred to a processing request unit. | 08-28-2014 |
| 20140245403 | METHOD AND DEVICE FOR PROCESSING DATA SECURITY CHANNEL - Embodiments of the present invention provide a method and a device for processing a data security channel of a tunnel, where the method includes: receiving an authentication and authorization request of an access side, and determining a trust relationship of access of a user equipment; and when an S6b interface session of the user equipment exists, sending a message including information about the trust relationship of the access of the user equipment to a packet data gateway, so that the packet data gateway establishes or updates a data security channel of an S2c tunnel according to the information about the trust relationship. | 08-28-2014 |
| 20140245404 | METHOD AND APPARATUS FOR TRANSFERRING USAGE RIGHTS AND DIGITAL WORK HAVING TRANSFERABLE USAGE RIGHTS - A method, system and computer program product for transferring a digital work, including receiving by a first device a first digital work including digital content which is associated with usage rights and transfer permission information; sending to a server a request to transfer the digital content to a second device, the request indicating an identification of the second device; receiving from the server permission to transfer the digital content, the permission being generated based on the identification indicated by the request and the permission indicating new usage rights associated with the digital content; and transferring the digital content associated with the new usage rights to the second device. | 08-28-2014 |
| 20140245405 | METHOD FOR TRANSFERRING AUTHORIZATION INFORMATION, RELAY DEVICE, AND SERVER - Embodiments of the present application provide a method for transferring authorization information, a relay device, and a server. The method includes: receiving, by a DHCPv6 relay device, authorization information delivered by an AAA server; and inserting an option into a DHCPv6 Relay-Forward message, encapsulating the authorization information in the option, and sending the option to a DHCPv6 server. By using the technical solutions of the present application, a DHCPv6 relay device sends authorization information delivered by an AAA server to a DHCPv6 server, so that the DHCPv6 server can provide a correct configuration for a DHCPv6 client according to the authorization information delivered by the AAA server. | 08-28-2014 |
| 20140250498 | VISIBLE LIGHT COMMUNICATION SYSTEM, COMMUNICATION TERMINAL AND SERVER - A communication module of a communication terminal is configured not to output to a control module, service information provided from a second server whose server ID is not registered in a first server. The communication module is configured to receive an authentication code from the first server, and to transmit ID information and terminal identification information to the second server. When the terminal identification information received from the communication module matches the terminal identification information received from the first server, the second server is configured to reply the authentication code and the service information to the communication module. When the authentication code received from the first server matches the authentication code received from the second server, the communication module is configured to output the service information to the control module. | 09-04-2014 |
| 20140250499 | PASSWORD BASED SECURITY METHOD, SYSTEMS AND DEVICES - The invention relates to a method for secure operation of a plurality of devices, the devices suited for use in such method and the entire arrangement of such devices, and further computer program products and related machine readable signal storage media, governing said method or parts thereof, executed on or for configuring to prepare for execution on one or more of said devices, particularly the invention provides for authorization and permissions when logging into and off from a computer network from a computing device. The methods comprise of when executing a logoff procedure, storing the secret information on a second server by use of first credentials generated by a first server and when executing a logon procedure retrieving the secret information from the server by use of second credentials generated by a first server. | 09-04-2014 |
| 20140250500 | SECURITY-ENHANCED CLOUD SYSTEM AND SECURITY MANAGEMENT METHOD THEREOF - Disclosed is a cloud system for enhancing security of a private virtualized cloud server and a security management method thereof. To this end, the present invention provides a security-enhanced cloud system comprising: a control system for performing user authentication using fingerprint recognition and face recognition or biometric recognition and creating a wake-on command; a mobile terminal for creating fingerprint recognition information and face recognition information or biometric recognition information by recognizing a fingerprint and a face or a body of a user, and, if an authentication request is received from the control system after connecting to the control system, completing the user authentication by transmitting the created fingerprint recognition information and face recognition information or biometric recognition information to the control system in response to the authentication request; a private virtualized cloud server allowing use of first class document data of a high security level and second class document data of a low security level by permitting only connection of a computer of the user after being activated in response to the wake-on command transmitted from the control system, and automatically shut down when the user of the computer requests or two or more users are connected; and the computer using the data in the private virtualized cloud server after acquiring a right to connect to the private virtualized cloud server by permission of the private virtualized cloud server. | 09-04-2014 |
| 20140250501 | SECURE ELEMENT COMPRISING SEPARATED CONTAINERS AND CORRESPONDING METHOD - The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode. | 09-04-2014 |
| 20140259113 | SYSTEM AND METHOD FOR TARGETED MESSAGING, WORKFLOW MANAGEMENT, AND DIGITAL RIGHTS MANAGEMENT FOR GEOFEEDS - The disclosure relates to systems and methods for targeted messaging, workflow management, and digital rights management for geofeeds, including content that is related to geographically definable locations and aggregated from a plurality of social media or other content providers. The system may facilitate targeted messaging to users who create content. The targeted messaging may be based on the content (or location related to the content) such as a request for additional information or a promotional message. The system may generate workflows that allow management of the content with respect to operational processes of an entity that wishes to use the content and facilitates the management of usage rights related to the content as well as payments related to such usage rights. For example, the system may store whether content requires permission to use the content and/or whether such permission was obtained and facilitates payment. | 09-11-2014 |
| 20140259114 | SYSTEM AND METHOD FOR MONITORING A THREAT - A method and a system for monitoring a threat are described. The system has a gateway, a web server, and a client device. The gateway detects, identifies, and tracks a threat at a location associated with the gateway. The gateway is coupled to a security device. The web server has a management application configured to communicate with the gateway. The client device communicates with the gateway identified by the web server. The gateway aggregates monitoring data from the security device and from other security devices respectively coupled to other gateways correlated with the gateway. The client device receives the aggregated monitoring data and controls the security device coupled to the respective gateway from a web-based user interface at the client device. | 09-11-2014 |
| 20140259115 | AUTHENTICATION FOR NETWORK ACCESS RELATED APPLICATIONS - In one embodiment a controller comprises logic to receive, via a near field communication link, an identification packet generated by a remote authentication provider, associate an electronic signature with the identification packet, transmit the identification packet to a remote authentication provider, receive an authorization from the remote authentication provider, receive login information associated with the identification packet, and initiate a login procedure using the login information. Other embodiments may be described. | 09-11-2014 |
| 20140259116 | SECURE USER AUTHENTICATION WITH IMPROVED ONE-TIME-PASSCODE VERIFICATION - Generally, this disclosure provides systems, devices, methods and computer readable media for secure user authentication with improved OTP verification. The device may include an attribute collection module configured to collect attributes associated with the device; a client trust module configured to identify a user of the device, associate a user ID with the user and transmit the user ID and the collected attributes to a trust broker system; the client trust module further configured to receive a device ID from the trust broker system, the device ID associated with a pairing of the user ID and the attributes; and a client OTP generation module configured to generate an OTP and further configured to transmit the OTP and the device ID to an authentication server. | 09-11-2014 |
| 20140259117 | TRUSTED EXECUTION THREAD IN AN EMBEDDED MULTITHREADED SYSTEM - A multithreaded system includes a processor core having a plurality of hardware threads. One or more of the hardware threads is dedicated to execute only trusted code and the remaining hardware threads are configured to execute untrusted code. The multithreaded system further includes a DLNA (Digital Living Network Alliance) server configured to communicate secure requests to one or more of the hardware threads dedicated to execute only trusted code and communicate other requests to one or more of the remaining hardware threads configured to execute untrusted code. | 09-11-2014 |
| 20140259118 | Domain Name Hijack Protection - A domain name registering entity (such as a domain registry, registrar, or reseller) or an independent proxy registration service may offer a domain name hijack protection to their actual or potential customers. When a domain name transfer request or notice is received, the domain name registering entity or the proxy registration service may ignore or decline it. Customers may be given an ability to turn the domain name hijack protection service on and off, as well as an ability to adjust a variety of settings associated with the service. | 09-11-2014 |
| 20140259119 | Controlling Access to Web Content - A method of controlling access to web content at a client computer. The method includes registering an access control status at the client computer, and detecting an attempt to access a website having an access control mechanism. In response to such detection, the access attempt is suspended and said access control status registered at the client computer compared with an access control status currently registered at the website. If these do not correspond, then the access control status registered at the website is changed to correspond with that registered at the client computer. | 09-11-2014 |
| 20140259120 | Authentication Entity Device, Verification Device and Authentication Request Device - A verification device transmits challenge information to a first entity device, and for each authentication context received in return, verifies that challenge information identical to the challenge information transmitted in advance is described, to thereby confirm that the authentication context is the current one. As a result, a repetitive attack in which the past authentication context is repeatedly used is prevented and the security against repetitive attacks is improved. | 09-11-2014 |
| 20140259121 | System And Method For Providing A One-Time Key For Identification - A server includes a key generator and an authenticator. The key generator is configured to receive a request for a first key from a worker device, to create the first key that is associated with a worker, and to transmit the first key to the worker device. The authenticator is in communication with the key generator, the authenticator is configured to receive a second key and identification details from a customer device, to transmit the identification details to the worker device, to receive acknowledgment of the identification details from the worker device, and to authenticate the second key and the identification details with the customer device. | 09-11-2014 |
| 20140259122 | JUBISM: Judgement Based Information Sharing with Monitoring - A new system for information sharing is described which uses human judgement to accelerate the flow of information, while simultaneously applying brakes to restrict the velocity. This combination results in a system where information is shared judiciously while minimizing the likelihood of information leakage or information overload. A built in monitor allows for the detection over time of sharing characteristics. Information in this system is stored on a server, however, is optionally encrypted in a fashion that makes it impossible for the server to actually see the information. Further innovations are also described including the ability to overlay incentive mechanisms to facilitate appropriate information sharing, and the notion of introducing automated bots into the system to augment human filter based information sharing. | 09-11-2014 |
| 20140259123 | ALIASING OF EXPORTED PATHS IN A STORAGE SYSTEM - A request is received, by a storage server, to access a resource based on a filehandle for the resource. A determination is made of whether an entry of a plurality of entries in an exports table has a filehandle that matches the filehandle for the resource. The entry includes a physical path of the resource that is different than an advertised path of the resource, in response to the filehandle in the entry retrieved using the physical path. In response to determining that the filehandle in the entry matches the filehandle for the resource, a determination is made of whether a pathname in the entry matches a pathname for the resource. In response to determining that the pathname in the entry matches the pathname for the resource, a determination is made of whether the client has permission to access the resource. The request to access the resource is executed. | 09-11-2014 |
| 20140259124 | SECURE WIRELESS NETWORK CONNECTION METHOD - A method of connecting a user computing device to a wireless network comprises establishing a wireless connection between the user computing device and a first wireless network. The user provides identifying information to a server via the first wireless network. In response to the server authenticating the user and upon successful authorisation of the user having the appropriate rights, the user receives access information for a second wireless network from the server. The user computing device establishes a wireless connection to the second wireless network using the received access information. The method has the advantage that the first wireless network can be easily discoverable, whereas the second wireless network can have an enhanced level of security. | 09-11-2014 |
| 20140282880 | System and Method for Common On-Behalf Authorization Protocol Infrastructure - A centralized authorization client, in a secure system, that references service provider specific on-behalf authorization protocol implementation records for generating access request messages for accessing user resources hosted by multiple service providers, is disclosed. The service provider-specific authorization implementation records include parameters for requesting user resources associated with a requesting user provided by a specific service provider. Applications running in the secure system can send access request messages through the authorization client to obtain authorization or access to user resources in multiple external service providers so the resources can be displayed, or otherwise manipulated, from application within the secure system. Once authorization is obtained for accessing the resources, the authorization client can store authorization tokens for use in persistent authorized access to multiple external service providers for resources owned by particular users. | 09-18-2014 |
| 20140282881 | Mechanism and Protocol to Authorize Bilateral Sessions Between Websites Based on Open Authorization - An apparatus for authorizing a bilateral session between two websites, comprising a processor configured to grant authorization for a first website to access a first resource located on a second website, grant authorization for the second website to access a second resource located on the first website, and establish the bilateral session between the first website and the second website when authorization is granted for the first website to access the first resource and authorization is granted for the second website to access the second resource, wherein the bilateral session supports the transfer of the first resource to the first website and the transfer of the second resource to the second website. | 09-18-2014 |
| 20140282882 | INDENTIFICATION DELEGATION FOR DEVICES - A first communication session is conducted between a media device and a mobile device. The first communication session includes requesting an authorization code from the mobile device and receiving the authorization code from the mobile device. The mobile device acts as an intermediary for obtaining authentication from a content server. The mobile device initiates a second communication session with a provider authorization service of the content server. The second communication session includes obtaining a token from the provider authorization service using the authorization code. The media device initiates a third communication session with the content server. The third communication session includes utilizing the token to obtain content from the content server. The system automatically attempts to renew the token in response to an expiration of the token. | 09-18-2014 |
| 20140282883 | SYSTEM AND METHOD FOR DISTRIBUTING, MONITORING AND CONTROLLING INFORMATION - A system and method for distributing, monitoring and controlling information is taught. The system and method allows for access to, and distribution of, information to be tightly controlled and yet, by the use of user and location classes and classifications, allows for the relatively simple definition of that access. The system and method permit the tracking of the activities within the system, including the distribution and use of the information by users, when they accessed the information and how frequently it was accessed, etc. The system and method is designed for the managed widespread distribution of information to a variety of types of users and yet can operate with relatively inexpensive computing equipment at user locations. | 09-18-2014 |
| 20140282884 | INSTANT PERSONALIZATION SECURITY - A method and system for instant personalization security are provided. The system includes a platform on a user to open applications and/or access web sites. When an application is integrated with the platform, the identification of the application can be combined with the ID of the user and encrypted into a hashed ID. The application does not have access to the user's fully identifying profile (e.g., UID or other public information). Instead, the application only has access to pseudonymous profile (e.g., the hashed ID, first name, last initial, small profile pictures and/or other non-fully identifying profile information) of the user. One or more options are then provided for the user to authorize or reject the application to access the user's fully identifying profile. Upon the user's authorization, an access token is provided to the application to access a subset of the user's fully identifying profile. | 09-18-2014 |
| 20140282885 | SYSTEM AND METHOD FOR COMPUTER AUTHENTICATION USING AUTOMATIC IMAGE MODIFICATION - Computers can be authenticated using automatically combined images. During an authentication process, a server transmits an image to a client. The transmitted image is combined with a stored image using a randomly selected logical operator to generate a combined image. The combined image is transmitted back to the server. The server has a copy of the transmitted image and the stored image and generates a series of template combined images using different logical operators selected from a set of logical operators to determine whether any of the template combined images match the received combined image. If the received combined image matches one of the template combined images, the user is authenticated. | 09-18-2014 |
| 20140282886 | CONTENT LIST SHARING - In embodiments, a server may receive an indication of a content list to be transferred from a first user equipment to a second user equipment. The content list may include information related to content such as books, music, movies, physical items, software, games, or other physical or non-physical goods or media. The server may identify the content in the content list, and then determine what rights, if any, the user of the second user equipment has to access the content in the content list. In some embodiments, the server may then accept a purchase request from one or both of the first user or the second user, and alter the permissions of the second user in response to the purchase request. Finally, the server may facilitate the transfer of the content list, and the content associated with the content list and accessible to the second user, to the second user equipment. Other embodiments may be described and/or claimed. | 09-18-2014 |
| 20140282887 | METHOD AND SYSTEM FOR USER AUTHENTICATION USING DNSSEC - This invention leverages DNSSEC to makes post-password technologies work against endpoints across the globe, rather than solely within company walls. It describes a system by which DS records are encoded in NS names, which traverse well from the customer to the registry. This invention also proposes a series of steps through which DNSSEC can be explored as a useful solution to real world problems. By creating and further developing a mirror of the real DNS, which grows by combination of true DNS record information with specially synthesized authentication keys, DNSSEC scales, providing greater security and less risk of corrupting or erroneous online material. This same technology also evaluates user activity to create a database of statistics regarding automated activity, as compared to human activity. This database assists in identification and prevention, or at least mitigation, of potential future attacks on any given client by automated bot-driven activity. | 09-18-2014 |
| 20140282888 | METHODS, DEVICES, AND SYSTEMS FOR REMOTELY CONTROLLING A PLURALITY OF COMMUNICATION DEVICES - Systems and methods for controlling communication systems for the hearing impaired are disclosed. A portable communication device requests control over a plurality of communication devices. The portable communication device connects to and controls the plurality of communication devices. The portable communication device includes a user interface that enables a user to transfer a call from a first communication device to a second communication device. | 09-18-2014 |
| 20140282889 | Method and System for Identity-Based Authentication of Virtual Machines - A cloud computing system configured to run virtual machine instances is disclosed. The cloud computing system assigns an identity to each virtual machine instance. When the virtual machine instance accesses initial configuration resources, it provides this identity to the resources to authenticate itself. This allows for flexible and extensible initial configuration of virtual machine instances. | 09-18-2014 |
| 20140282890 | DIFFERENTIATED CONTAINERIZATION AND EXECUTION OF WEB CONTENT BASED ON TRUST LEVEL AND OTHER ATTRIBUTES - Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container. | 09-18-2014 |
| 20140282891 | METHOD AND SYSTEM FOR UNIQUE COMPUTER USER IDENTIFICATION FOR THE DEFENSE AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS - The improvement invention is a means to prevent successful Distributed Denial of Service attacks via a decentralized user Internet Protocol (IP) validation method. The invention is an improvement on a method and system for the validation that a unique computer user is in control of a computer that is capable of performing a non-trivial amount of calculations on command. By ensuring a user is in command of a computer that requests a service, and that the computer will perform a non-trivial task on-demand, a cost is incurred by that client computer, and thus decreases the likelihood of large-scale successful DDoS attacks by swarms of botnets. | 09-18-2014 |
| 20140282892 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - A system for integrating access to separate and physically partitioned networks from a single client device is described. The system is interposed between the client device and the networks to allow communication between the client device and the networks, such that data remains partitioned between networks. The system includes a scrambler configured to mix portions of data of variable bit lengths. Typically, the scrambler receives the portions of data from each of the plurality of networks, intermixes the portions of data from the networks, then selects different paths for transporting the intermixed portions of data to the client device. Each of the different paths for transporting the intermixed portions of data are physically and/or logically partitioned from each other. Only when the data arrives on the client device is it able to be reassembled, and then only in particular partitioned locations on the client device corresponding to the particular network from which the data originated. | 09-18-2014 |
| 20140282893 | REDUCING AUTHENTICATION CONFIDENCE OVER TIME BASED ON USER HISTORY - Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes. | 09-18-2014 |
| 20140282894 | DELEGATING AUTHORIZATION TO APPLICATIONS ON A CLIENT DEVICE IN A NETWORKED ENVIRONMENT - A computer-readable medium encoded with software for execution. When executed, the software may be operable to send to a remote server, from an agent application, a request for a first access credential. The software may also be operable to receive from the remote server, the first access credential. The software may further be operable to determine, by the agent application monitoring a managed application, that the managed application requires a second access credential. The software may additionally be operable to, in response to the determination that the managed application requires the second access credential, sending to the managed application, from the agent application, the second access credential. | 09-18-2014 |
| 20140282895 | SECONDARY DEVICE AS KEY FOR AUTHORIZING ACCESS TO RESOURCES - In a networked environment, a client side application executed on a chant device may transmit a request to an authorization service for access to a resource. The authorization service may authenticate the user of client device and/or the client device based on user credentials and/or a device identifier. The authorization service may require that the client device comply with a distribution rule associated with the resource, where the distribution rule requires a specified secondary client device to be in communication with the client device as a prerequisite to accessing the resource. The client side application may determine that the client device complies with the distribution rule and may thereafter access the resources. In some cases, the secondary chant device facilitates access to the resource, which may involve receiving from the secondary client device an authorization credential to be used for receiving authorization to access the resource. | 09-18-2014 |
| 20140282896 | COMMUNICATIONS SYSTEM FOR RESIDENTS OF SECURE FACILITY - A system and a method are provided for two-way communications, automated request handling, and push notifications, via SMS, MMS, IM, email, and other electronic messaging systems, between (1) residents confined to a secure facility, such as a jail or a prison, and (2) persons located outside the secure facility who have friendly or family relationships with the confined residents. | 09-18-2014 |
| 20140282897 | APPLICATION PROGRAM AS KEY FOR AUTHORIZING ACCESS TO RESOURCES - In a networked environment, a client side application executed on a client device may transmit a request to an authorization service for access to a resource. The authorization service may authenticate the user of client device and/or the client device based on user credentials and/or a device identifier. In response to authenticating the user and/or the client device, the authorization service may send to the client side application a request for confirmation that the client device complies with a distribution rule associated with the resource, where the distribution rule requires a specific application or specific type of application to be installed, enabled and/or executing on the client device as a prerequisite to accessing the resource. If the client device complies with the distribution rule, the client side application accesses the resource. Accessing the resource may include receiving an authorization credential required for access to the resource. | 09-18-2014 |
| 20140282898 | METHOD AND SYSTEM FOR MEDIA CATALOGING FOR EXCHANGE IN CONTROLLED FACILITIES - In general, in one aspect, the invention relates to a method for reviewing a posting to a secure social network (SSN). The method includes receiving a first media item from a SSN member, evaluating the first media item to identify a first media attribute, and receiving a request to access the first media item from an inmate of a controlled facility. The method further includes retrieving a set of restricted attributes corresponding to the inmate, and determining whether the inmate is allowed to access the media item based on comparing the first media attribute to the set of restricted attributes. When the inmate is allowed to access the media item, granting the inmate access to the media item based on the first determination. When the inmate is not allowed to access the media item, denying the inmate access to the media item based on the first determination. | 09-18-2014 |
| 20140282899 | APPROVAL OF CONTENT UPDATES - A method, computer program product, and system is described. An indication of a problem regarding a content item is received, the content item being subject to a workflow including an approval protocol. A request for an emergency exception to the workflow with respect to an update to the content item is received, the update being associated with the problem. Permission for circumvention of one or more aspects of the approval protocol with respect to the update is provided, in response to receiving the request for the emergency exception. | 09-18-2014 |
| 20140282900 | METHODS AND SYSTEMS FOR PROVIDING SECURE TRANSACTIONS - Methods and systems to provide secure electronic document transactions are described. In one embodiment, a processor creates a first data storage container capable of being nested as a component file of a second data storage container. In one embodiment, the first data storage container comprises: a unique first data storage container identifier; at least one unique component file identifier to identify at least one component file of the first data storage container, and the component file is an electronic document or another data storage container. In one embodiment, the first data storage container further comprises: at least one component file hash value for the at least one component file; a first attribute set; and a first data storage container hash value calculated based on features including the at least one unique component file identifier, the at least one component file hash value, and the first attribute set. | 09-18-2014 |
| 20140282901 | MANAGING SHARED CONTENT WITH A CONTENT MANAGEMENT SYSTEM - Embodiments are provided for managing shared content with a content management system. In some embodiments, a request is received for a history of content shares for an authenticated account, at least one content share is retrieved for the authenticated account, the at least one content share having at least one shared item and at least one recipient identifier, information on the at least one content share on a user interface is displayed, and a request is received to modify the at least one content share and updating the at least one content share in response to the request. | 09-18-2014 |
| 20140282902 | SPLIT AUTHENTICATION NETWORK SYSTEMS AND METHODS - Disclosed is a system comprising: an authentication datastore; a device presence engine; a traffic monitor engine; an authentication presence monitor engine; an authentication server selection engine; and a traffic routing engine. In operation: the device presence engine is configured to detect presence of a user device on a trusted network; the traffic monitor engine is configured to monitor, in response to the detection, traffic on the trusted network from the device; the authentication presence monitor engine is configured to evaluate onboarding characteristics of the user device in response to the monitoring; the authentication server selection engine is configured to select one of a plurality of authentication servers to authenticate the user device to the trusted network, the selecting based on the onboarding characteristics; and the traffic routing engine is configured to route traffic from the user device to the selected authentication server. | 09-18-2014 |
| 20140282903 | MANAGING IDENTITY PROVIDER (IdP) IDENTIFIERS FOR WEB REAL-TIME COMMUNICATIONS (WebRTC) INTERACTIVE FLOWS, AND RELATED METHODS, SYSTEMS, AND COMPUTER-READABLE MEDIA - Embodiments include managing Identity Provider (IdP) identifiers for Web Real-Time Communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media. In one embodiment, a method for managing IdPs comprises selecting, by a WebRTC client executing on a computing device, one or more preferred IdP identifiers indicated by one or more preferences from a plurality of IdP identifiers corresponding to a plurality of IdPs for providing identity assertions during an establishment of a WebRTC interactive flow. The method further comprises obtaining one or more identity assertions from respective ones of the plurality of IdPs corresponding to the one or more preferred IdP identifiers. The method also comprises providing, during the establishment of the WebRTC interactive flow, the one or more identity assertions. In this manner, an entity may specify the IdP used for identity authentication, and the number of identity assertions provided during initiation of the WebRTC interactive flow. | 09-18-2014 |
| 20140282904 | DELIVERING AUTHOR SPECIFIC CONTENT - Delivering author specific content includes identifying author specific content with tags inserted into its metadata across multiple online resources and delivering updates about the author specific content to a user specified activity stream. | 09-18-2014 |
| 20140282905 | SYSTEM AND METHOD FOR THE AUTOMATED CONTAINMENT OF AN UNAUTHORIZED ACCESS POINT IN A COMPUTING NETWORK - A method and apparatus for automatic containment of unauthorized access points in a computing network is described. The method may include receiving data indicative of at least a device identifier corresponding to an unauthorized access point. The method may also include, in response to locating the received device identifier in a listing of device identifiers that are associated with data transmissions through the network device, identifying a port of a network device as the port to which the unauthorized access point is connected. | 09-18-2014 |
| 20140282906 | SYSTEMS, METHODS AND APPARATUSES FOR DEVICE ATTESTATION BASED ON SPEED OF COMPUTATION - The systems, methods and apparatuses described herein provide a computing device that is configured to attest itself to a communication partner. In one aspect, the computing device may comprise a communication port configured to receive an attestation request from the communication partner, and an application-specific integrated circuit (ASIC). The ASIC may be configured to receive the attestation request from the communication port. The attestation request may include a nonce generated at the communication partner. The ASIC may be further generate a verification value and send the verification value to the communication port to be transmitted back to the communication partner. The verification value may be a computation result of a predefined function taking the nonce as an initial value. In another aspect, the communication partner is configured to attest the computing device using speed of computation attestation. | 09-18-2014 |
| 20140282907 | SYSTEMS, METHODS AND APPARATUSES FOR DEVICE ATTESTATION BASED ON SPEED OF COMPUTATION - The systems, methods and apparatuses described herein provide a computing device that is configured to attest itself to a communication partner. In one aspect, the computing device may comprise a communication port configured to receive an attestation request from the communication partner, and an application-specific integrated circuit (ASIC). The ASIC may be configured to receive the attestation request, which may include a nonce. The ASIC may be further configured to generate a verification value, capture data representing a state of computation of the ASIC when the verification value is being generated, and send the verification value and captured data to the communication port to be transmitted back to the communication partner. The verification value may be a computation result of a predefined function taking the nonce as an initial value. In another aspect, the communication partner may be configured to attest the computing device using speed of computation attestation. | 09-18-2014 |
| 20140282908 | INTELLIGENT AGENT FOR PRIVACY AND SECURITY - A system and method are provided for use with a mobile device. The system is configurable to detect unauthorized access to onboard sensors or information developed by the sensors or configured by the user. Upon detection, access may be denied or limited according to pre-set rules or user intervention. The rules may consider prior access attempts, time-of-day or current location in the denial or limitation of access. Access limitation can include limiting access to only dithered data or spoofed data in accordance to the rules or user instructions. | 09-18-2014 |
| 20140282909 | AUTHENTICATION FOR RELAY DEPLOYMENT - Techniques for proving enterprise mode security for relays are disclosed. For example, enterprise mode security based on IEEE 802.1x is provided for relays or other similar devices to extend the coverage of access point hotspots or other similar access point use cases. According to one aspect, a relay incorporates an authentication client associated with an authentication server. According to another aspect, a four address format is employed for tunneling messages via a relay between a station and an access point. According to another aspect, a cryptographic master key associated with an access point and a station is provided to a relay to enable the relay to be an authenticator for the station. | 09-18-2014 |
| 20140282910 | SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS FOR INFORMATION INTEGRATION ACROSS DISPARATE INFORMATION SYSTEMS - An information integration system may include a set of integration services embodied on one or more server machines in a computing environment. The set of integration services may include connectors communicatively connected to disparate information systems. The connectors may be configured for integrating data stored in the disparate information systems utilizing a common model employed by the set of integration services. The common model may overlay, augment, integrate, or otherwise utilize a content management interoperability services data model and may include common property definitions and a common security model. The common security model may include permissions particularly defined for use by the set of integration services. These common property definitions and permissions may be uniquely defined and utilized by the information integration system. | 09-18-2014 |
| 20140282911 | System and Method for Providing Secure Data for Display Using Augmented Reality - A system for authorizing secure data transmission is provided. The system comprises at least one wearable device comprising a head-mounted display configured to receive and display data to a user wearing the head-mounted display. At least one security mechanism associated with each of the at least one wearable device is configured to collect authorization data associated with the user when the user is wearing the head-mounted display. A central processor is in communication with the at least one wearable device via a network. The central processor is configured to receive the authorization data over the network, determine a level of authorization for the user based at least in part on the authorization data, and transmit to the user secure data commensurate with the level of authorization for the user. | 09-18-2014 |
| 20140282912 | Methods and Systems for Analyzing Public Data - Methods, systems and non-transitory computer-readable media comprising executable instructions are provided for analyzing public data. Public data is formatted according to a first taxonomy and stored in a public data store, and user data is formatted according to a second taxonomy and stored in a user data store. Permissions are established for a user to selectively access public and private data stored in the respective data stores. The first and second taxonomies may have a common key that can be used to analyze public and private data, and public and private data may be analyzed based on criteria within a public data analytics system, criteria defined by a user, and using calculated metrics. | 09-18-2014 |
| 20140282913 | PROCESS FOR CAPTURING, STORING, AND ACCESSING A PERSONAL LEGACY IN A DIGITAL MULTIMEDIA DATA STORAGE SYSTEM - Some embodiments of the invention include a novel digital multimedia data storage system to store personal legacies of individuals which include stories, life experiences, memories, videos, audio clips, pictures, advice (in text and in audio/video form), and other such items associated with the individual's life. Some embodiments of the invention keep a digital journal of the individual that can be accessed by future generations. Some embodiments of the invention include a novel process for saving the personal legacy of the individual in the digital multimedia data storage system as a way for the individual to leave a legacy that is not limited to memory but is accessible for future generations to review. | 09-18-2014 |
| 20140282914 | SYSTEM AND METHOD FOR SECURE APPLICATION COMMUNICATION BETWEEN NETWORKED PROCESSORS - A system and method is disclosed for transporting application data through a communications tunnel between a host device and a guest device that each includes networked processors. The application data may be transported between the host device and the guest device through an allowed port of the host device, the communications tunnel, and a port of the guest device. Based on logon credentials, the guest device can be authenticated by a security server and a role may be determined. The role can include allowed ports and associated applications on the host that the guest is allowed to access. Remote access from the guest device to host devices or remote devices may be enabled without needing prior knowledge of their configurations. Secure access may be facilitated to remote host devices or remote devices, according to security policies that can vary on a per-session basis and takes into account various factors. | 09-18-2014 |
| 20140282915 | CONTEXT-BASED ANALYTICS AND INTELLIGENCE - According to some implementations, context-based information is provided. The method can establish a first context for a user to start a process of correlation of information from multiple sources. The method can then authorize the user to access information from one or more sources of information. The method can request the first information from the one or more sources of information based on the first context. Based on the first information received from the one or more sources of information, the method can revise the first context to generate a second context. The method can use the second context to correlate second information from the one or more sources of information. The method can filter the second information for the user to determine a relevant subset of information. Eventually, the method can send the relevant subset of information to a client device associated with the user. | 09-18-2014 |
| 20140282916 | ACCESS AUTHORIZATION THROUGH CERTIFICATE VALIDATION - Managing access for a client device to services or data provided through a network using a certificate received from a client device that is either an employee owned device or an employer owned device. User information of a user of the client device and device information of the client device is determined from the certificate. Access rights for the client device are determined based on the user information and the device information. Access to services or data provided through a network for the client device are managed using the determined access rights. | 09-18-2014 |
| 20140282917 | System, Method and Apparatus for Increasing Website Relevance While Protecting Privacy - The present invention provides a system, method and apparatus for increasing relevance of a content provided to a visitor by a content provider by providing one or more server computers and at least one data storage communicably coupled to the one or more server computers, receiving at least a portion of a visitor token and at least a portion of a content provider token at the one or more server computers from a content provider device, determining whether a release of an anonymous unfilled demand for the visitor is authorized based on the visitor token, the content provider token and one or more preferences stored in the at least one data storage, and sending at least a portion of the anonymous unfilled demand for the visitor to the content provider device when the release is authorized. | 09-18-2014 |
| 20140282918 | FEDERATED SERVICES - Aspects of the disclosure relates to managed access to content and/or services. In certain aspects, tokens or other artifacts can be utilized for authentication and authorization. | 09-18-2014 |
| 20140282919 | CONTROLLED ACCESS - User access to a protected resource is controlled by: intercepting a request from a client browser ( | 09-18-2014 |
| 20140282920 | DYNAMICALLY SELECTING A DHCP SERVER FOR A CLIENT TERMINAL - Dynamically selecting a DHCP server for a DHCP client terminal device, according to an example, includes: triggering, by a network device with a DHCP relay function, an authentication performed by an authentication server on a DHCP client terminal device user when receiving a DHCP packet for requesting a configuration parameter sent from a DHCP client terminal device; receiving, by the network device, an identity of a DHCP server designated by the authentication server for the DHCP client terminal device user when the DHCP client terminal device user passes the authentication, and establishing an entry for user information of the DHCP client terminal device user and the identity of the designated DHCP server; and matching, by the network device, the user information carried in a packet with established entries when receiving the packet subsequently sent from the DHCP client terminal device, and forwarding the packet using the identity of the DHCP server in the entry matching the user information. | 09-18-2014 |
| 20140289803 | CDR FILTERING FOR VIRTUAL OPERATORS - Systems and methods that filter Charging Data Records (CDRs) before sending the CDRs to a virtual operator, such as a Network Unaffiliated Virtual Operator (NUVO). In one embodiment, a communication network provides services to subscribers of a virtual operator. The communication network includes a reporting entity comprising a CDR database configured to store CDRs for subscribers of the virtual operator. The reporting entity also includes a filtering node configured to filter the CDRs to remove fields that are not authorized to be shared with the virtual operator, and to report the filtered CDRs to the virtual operator. | 09-25-2014 |
| 20140289804 | SEGMENTED ACCESS OF REMOTELY STORED BIOGRAPHICAL DATA TO A CLIENT DEVICE - Methods and systems of segmented access of remotely stored biographical data to a client device are disclosed. In one embodiment, a biographical information is obtained from a vocational collateral such as a business card. In this embodiment, a method and system includes extracting a biographical data from a digital identifier of the vocational collateral. The method and system includes assigning at least one of an access privilege and a security privilege to the biographical data extracted from the digital identifier. The method and system further includes storing the biographical data comprising at least one of the access privilege and the security privilege in a repository of a cloud computing environment accessible to a number of client devices through a network connection. Finally, the method and system includes permitting the number of client devices access to the biographical data based on the access privilege and/or the security privilege. | 09-25-2014 |
| 20140289805 | METHODS AND SYSTEMS FOR MANAGING USER PRIVILEGES - A method and system for managing user privileges are disclosed. The method includes the steps of receiving a first user's request to publish information and receiving groups of users defined by the first user, the groups of users having access to the to be published information. The method further includes the step of submitting the first user's request to a server, the request including an identity of the first user, information to be published, and the definition of the groups of users having access to the information. The method and system consistent with the present disclosure may improve the information dissemination process by enabling a user to proactively manage user privileges. | 09-25-2014 |
| 20140289806 | METHOD, APPARATUS AND ELECTRONIC DEVICE FOR ENABLING PRIVATE BROWSING - The present disclosure discloses a method, apparatus, browser, electronic device and computer readable storage medium for enabling private browsing, and belongs to the field of computer technology. The method includes receiving user identification information for enabling a private browsing mode of the browser; checking whether the user identification information is matched with the prestored user identification information; and enabling the private browsing mode of the browser if the checking result is that the user identification information is matched with a prestored user identification information. By setting the user identification information for the private browsing mode of the browser, the private browsing mode of the browser can be used only when a legitimate user inputs the correct user identification information, thereby it is avoided that other users perform operations which infringe on the legitimate user's rights and interests or privacy, so that security risks are greatly reduced. | 09-25-2014 |
| 20140289807 | RESOURCE MANAGEMENT IN A PROCESSOR - A processor system is arranged to execute user selected applications. A manager module is configured to detect a user selection of an application and configured to initiate a launch process. A supervisor module is configured to intercept the launch process initiated by the manager module and detect whether the application is a trusted application or an untrusted application. Trusted applications have a privilege to access resources without authorization, and untrusted applications do not have the privilege. The supervisor module has the privilege to access the resources. When the application is untrusted, the application is launched in a container, and at least one of the resources is delivered to the untrusted application in the container. | 09-25-2014 |
| 20140289808 | SYSTEM AND METHOD FOR COLLECTING AND UTILIZING CLIENT DATA FOR RISK ASSESSMENT DURING AUTHENTICATION - A system, apparatus, method, and machine readable medium are described for performing client risk assessment for authentication. For example, one embodiment of an apparatus comprises: a client risk assessment agent to perform an assessment of client configuration data to determine a risk level associated with a client device; and an authentication engine to performing authentication for a particular transaction in accordance with the risk level. | 09-25-2014 |
| 20140289809 | Cell-Phone-and Watermark-Dependent Authentication - An improved authentication system is disclosed. In one class of embodiments, the system utilizes the distance between a user's cell phone and client's computer as an authenticating factor in an access control mechanism. Users attempting to log on to a system without their cell phone being nearby are granted low or zero usage rights, while users attempting to log on to a system when their cell phone is nearby are granted high or full rights. In some embodiments, an image that contains encoded information unique to that company's website is served to the user for use in verifying the authenticity of a website. In a class of embodiments, the system is programmed to restrict access if a correct response to a cryptographic authentication challenge is not provided. A non-binary authentication system is also disclosed. This non-binary system allows users to have partial access to a system. | 09-25-2014 |
| 20140289810 | SHARABLE CONTENT ITEM LINKS WITH USE RESTRICTIONS - Sharable content item links with use restrictions. In one embodiment, for example, a method comprises: receiving, from a client computing device used by an authenticated link submitter, a first request to access a server-stored content item at a sharable link; wherein the link submitter is authenticated according to a first authentication factor; responsive to receiving the first request, prompting the link submitter to enter/submit a second authentication factor; and providing access to the server-stored content item at the shareable link responsive to receiving the second authentication factor from the link submitter. | 09-25-2014 |
| 20140289811 | ELECTRONIC MEDIA CREATION AND DISTRIBUTION - An aspect of electronic media creation and distribution includes receiving an electronic media collection including pre-assembled media content generated by a service provider computer, modified pre-assembled media content generated by a subscriber entity, and custom generated media content from end user computers associated with the subscriber entity. A further aspect includes receiving a media content item, as the custom generated media content, from one of the end user computers, receiving a request from the end user computer to publish the media content item, determining a content channel selected by the subscriber entity, and determining a frame associated with the content channel. A further aspect includes integrating the media content item with the pre-assembled media content and the modified pre-assembled media content, and distributing the electronic media collection to at least one other end user computer for presentation on a display device. | 09-25-2014 |
| 20140289812 | REMOTE CONTROL OF DIALYSIS MACHINES - This disclosure relates to remote control of dialysis machines. In certain aspects, a method includes receiving a request for a network connection from a dialysis machine and establishing the network connection with the dialysis machine. The method also includes receiving, from a client device, a request to access the dialysis machine, authorizing the client device to access the dialysis machine, receiving, from the dialysis machine, information pertaining to an operation of the dialysis machine, and providing, to the client device, the received information. | 09-25-2014 |
| 20140289813 | System and Method for Controlling Multicast Geographic Distribution - A content distribution network includes first and second controllers, and multicast enabled routers. The first controller is configured to select a multicast channel for distributing content, to determine that the content has a geographic restriction associated with a restricted area in the content distribution network, to link an exclusion policy for the content to the multicast channel while the multicast channel provides the content, and to deny a request for the content from a client system within the restricted area based on the exclusion policy. The second controller is configured to distribute the exclusion policy to the multicast enabled routers including a first router configured to store the exclusion policy, and to ignore a multicast join message from the client system within the restricted area based on the exclusion policy. | 09-25-2014 |
| 20140289814 | PERSONAL VIDEO CHANNELS - Systems and methods provide personal channels from a network-capable user terminal. A first user terminal may receive a request from a second user terminal for access to a personal channel created by a user and stored on the first user terminal in association with media content. In response to the request, the first user terminal may access the media content associated with the requested personal channel and provide the media content to the first user terminal over the network. A data center accessible by both the first and second user terminals may facilitate the access to the personal channel by storing information associated with the personal channel, including terminal identifiers and metadata, and providing a searchable catalog interface to identify personal channels to view. | 09-25-2014 |
| 20140289815 | Authorization and Authentication Based on an Individual's Social Network - In particular embodiments, a method includes receiving a request for a first user to access a loan from a lender, the request identifying a user identifier (ID) of the first user; determining whether the first user is authorized to access the loan based at least in part on a gray list comprising user IDs of the users who are not authorized to access loans, wherein the gray list is based on a black list; and permitting the loan to be accessed by the first user if the first user is authorized to access the loan based on the gray list. | 09-25-2014 |
| 20140289816 | Mediating Resource Access Based on a Physical Location of a Mobile Device - One or more techniques are provided for causing a location of a screen image associated with a resource to be adjusted on a display device. The adjustment may be based at least in part on determining that a control element receives focus. The resource may be associated with an application, such as an email application that may be hosted remotely from a client device. Access to one or more resources may be controlled or mediated. Access rights may be based at least in part on a determination of a geographic location of a client device. When the client device is located in a safe area, the client device may be provided access to the resource. When the client device is not located in a safe area, the client device might not be provided access to the resource or might not be provided full access to the resource. | 09-25-2014 |
| 20140289817 | IMAGE DISPLAY APPARATUS, IMAGE DISPLAY SYSTEM, AND IMAGE DISPLAY METHOD - An image display apparatus includes a location information generating unit that generates location information of index information stored in the server apparatus and location information of image data stored in the server apparatus; an index obtaining unit that obtains the index information from the server apparatus using the location information of the index information; a list screen generating unit that generates a list screen including information on the image data stored in the server apparatus using the index information and displays the list screen on a display unit; an image data obtaining unit that obtains the image data from the server apparatus using the location information of the image data that is selected by an operator from the list screen; and a display screen generating unit that generates a display screen of the obtained image data and displays the display screen on the display unit. | 09-25-2014 |
| 20140289818 | VIDEO MANAGEMENT METHOD AND VIDEO MANAGEMENT SYSTEM - A video management method includes: associating video information to be uploaded to a moving image distribution server by a user with user information indicating the user; storing the video information uploaded via the Internet into a storage unit; authorizing a different user to view the video information stored in the storage unit; and causing the user to select one process to be executed, at withdrawal of the user from a group, on the video information that the different user belonging to the group is authorized to view, the process being selected from among (i) deleting the video information; (ii) associating the video information with user information indicating the different user belonging to the group; and (iii) associating the video information with administrator information indicating a virtual administrator of the group. | 09-25-2014 |
| 20140298418 | APPARATUS AND METHODS FOR CONTENT DELIVERY AND MESSAGE EXCHANGE ACROSS MULTIPLE CONTENT DELIVERY NETWORKS - Methods and apparatus for providing protected content to subscribers of a managed (e.g., MSO) network via a content source accessible via an internetwork such as the Internet. In one embodiment, a user accesses a programmer website, and requests content. The programmer determines whether the requesting user is permitted to access the content, and what rights or restrictions are associated with the user. This includes authenticating the user as a subscriber of the MSO, and determining the subscriber's subscription level. In another embodiment, a user's account with the MSO and programmer may be federated, thus a given user will have MSO-specific information regarding its identity (such as login information, GUID, etc.) and/or information regarding subscription level and service details, stored at the programmer. Messages received from the MSO representing permission for the user to access content may also be stored at the programmer site for later reference. | 10-02-2014 |
| 20140298419 | SYSTEM AND METHOD FOR BRIDGING IDENTITIES IN A SERVICE ORIENTED ARCHITECTUREPROFILING - A system for bridging user identities between at least a first and a second security domain, comprising a bridge associated with the first security domain for intercepting messages for service in the second domain from users in the first domain. The bridge authenticates the user identities against a local authentication source by using an established key relationship and binds a security token with the message. A gateway is associated with the second domain for gating inbound access and outbound communication with a service in the second domain and for receiving the authenticated message and verifying the authenticity of the security token by using a certificate of the trusted authentication source and authorising access to the service upon confirmation of the authorisation, such that the authorisation is independent of the identity of the user. | 10-02-2014 |
| 20140298420 | Validating the Identity of a Mobile Application for Mobile Application Management - A method of managing access to enterprise resources is provided. An access manager may operate at a mobile device to validate a mobile application installed at that mobile device. If the access manager does not successfully validate the mobile application, the access manager may prevent the mobile application from accessing computing resource. If the access manager does successfully validate the mobile application, then the access manager may identify the mobile application as a trusted mobile application. The access manager may thus permit the trusted mobile application to access the computing resource. | 10-02-2014 |
| 20140298421 | MULTI-FACTOR AUTHENTICATION USING AN AUTHENTICATION DEVICE - Systems and methods of authenticating users using a possession factor communicate a first authentication code to the user device and a second authentication code to an authentication device that is assumed to be the user's possession. Both authentication codes are presented to the user via their respective devices. An authentication application on the authentication device asks the user to compare the authentication codes and respond, via the authentication device, if these two authentication codes match. Authentication codes may be identical or different and match based on a user association. If a message from the authentication device indicates that the two codes match, then it is confirmed that the user possesses the authentication device and has authorized the authentication to proceed. For enhanced security, the authentication application may optionally be installed and executed on a Subscriber Identity Module (SIM) installed in the authentication device. | 10-02-2014 |
| 20140298422 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM - An information processing apparatus includes a first receiving unit that receives a registration instruction to register a second information processing apparatus from a first information processing apparatus, a key generating unit that generates key information when the first receiving unit has received the registration instruction, an associating unit that associates, with the key information, registration instructing user identification information, an instruction generating unit that generates an instruction, including the key information, to cause the second information processing apparatus to communicate with the information processing apparatus, a transmitting unit that transmits the instruction to the first information processing apparatus, a second receiving unit that receives the key information and information related to registration of the second information processing apparatus, and a memory unit that stores the registration instructing user identification information in association with the information related to the registration of the second information apparatus. | 10-02-2014 |
| 20140298423 | FACILITATING SEPARATION-OF-DUTIES WHEN PROVISIONING ACCESS RIGHTS IN A COMPUTING SYSTEM - Systems and methods for managing risk management rules are provided. A risk management rule may be configured at a rule configuration interface are described. The rule configuration interface may include a list of access rights available for selection. Based on input received, one of the access rights may be identified as a base access right and one of the access rights may be identified as a conflicting access right for the risk management rule. The access rights provisioned at the computing system may be monitored to determine whether a user is provisioned with both the base access right and the conflicting access right. If so, a violation review may be created and presented at a violation review interface at which a decision for the violation review is receivable. An exception to the risk management rule may also be configured at an exception configuration interface. | 10-02-2014 |
| 20140298424 | ELECTRONIC APPARATUS AND COMMUNICATION CONTROL METHOD - According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device. | 10-02-2014 |
| 20140298425 | IMAGE-DISPLAY METHOD, PROJECTOR, IMAGE-DISPLAY SYSTEM, PROJECTOR-CONTROL METHOD, IMAGE-DISPLAY PROGRAM, AND PROJECTOR-CONTROL PROGRAM - With a conventional image-display system, a presenter sometimes has difficulty in providing every viewer with an easy-to-see picture. When projecting an image transmitted from a computer operated by the presenter and enabling the viewer to watch the image projected by the projector, the projector receives image data transmitted through two-way communication from the computer operated by the presenter, projects an image represented by the received image data and transmits the received image data to a client computer operated by the viewer through the two-way communication, and the client computer receives the image data transmitted through the two-way communication and displays the image represented by the received image data on its display. | 10-02-2014 |
| 20140298426 | METHODS AND SYSTEMS FOR ESTABLISHING SECURE COMMUNICATIONS - A method for providing a bit string on at least two electronic devices is provided. A sensor input is received by sensors in the electronic devices and recorded by the electronic devices. Data points are generated from the sensor input by each of the electronic devices. Each device samples its generated data points at a sampling frequency. A bit string is then generated by each device based on the sampled data points. The bit string of each device substantially matches one another, thereby allowing the electronic devices to share a secret, which may be used to allow secure communications between the at least two electronic devices. | 10-02-2014 |
| 20140298427 | METHOD AND NETWORK NODE DEVICE FOR RUNNING PUSH-BUTTON CONFIGURATION SESSIONS WITHIN HETEROGENEOUS NETWORK AND HETEROGENEOUS NETWORK - A heterogeneous home network (with possibly multiple hops between devices) uses a push button configuration mechanism that ensures only one single new network node device is registered for a single push button key press event and overlapping Push-Button Configuration sessions within the heterogeneous network are prevented by an enhanced mechanism for running Push Button Configuration sessions based on a Push-Button Configuration handshake procedure triggered and initiated by a virtual or physical Push-Button-Event on a new device, which wants to join the heterogeneous network for a user friendly security bootstrapping, in which multiple network node devices in the heterogeneous network belonging already to the heterogeneous network are involved in registering the new device. The Push-Button Configuration handshake procedure is initiated to get a permission information to join the network or to proceed with the Push-Button Configuration or to get a rejection information not to join the network. | 10-02-2014 |
| 20140304778 | DIGITAL CLOUD ACCESS (PDMAS PART III) - The invention is an apparatus that facilitates access to a data source to accept verification and authentication from an enabler using at least one token and at least one reference. The at least one reference could be a device serial number, a networking MAC address, or a membership ID reference from a web service. Access to the data source is also managed with a plurality of secondary enablers. | 10-09-2014 |
| 20140304779 | DESKTOP SHARING SYSTEM AND METHOD - A server remotely share files in a desktop to one or more clients. The server assigns a meeting desktop to a client according to the assignment request, and receives login requests from other clients for logging in the meeting desktop. The server authorizes a control privilege to a shared client that needs to share files. The server receives the files from the shared client. Then the server opens and shares the files in the meeting desktop to share with all clients in the meeting desktop. | 10-09-2014 |
| 20140304780 | SYSTEM AND METHOD FOR SECURE REMOTE ACCESS TO A SERVICE ON A SERVER COMPUTER - System and method for providing access to remote computing services in an application server are described, where the authentication and authorization processes are separated, excluding service access privileges from the authenticating process and transferring the privileges to the authorization process. A client device and a user are authenticated, and upon successful authentication, the authorization process is performed, including establishing an authorization connection between the client device and the server computer; at the server computer, detecting and verifying the authorization connection; and upon successful verification, allowing access of the client device to the service on the server computer. In one embodiment, upon detecting the authorization connection, a blocking process is created to block access to the service; and, upon successful verification of the authorization connection, the blocking process on the server computer is terminated, prior to the allowing the access of the client device to the service on the server computer. | 10-09-2014 |
| 20140304781 | INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM AND PROGRAM - The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner. | 10-09-2014 |
| 20140304782 | APPLICATION PLATFORM WITH FLEXIBLE PERMISSIONING - Systems and methods are provided for an application platform with flexible permissioning according to one or more embodiments. In one embodiment, an application platform with flexible permissioning comprises: a service provider server adapted to interact with an application development server and a client device over a network, wherein the service provider server is adapted to implement at least one application programming interface (API); one or more processors; and one or more memories adapted to store a plurality of machine-readable instructions which when executed by the one or more processors are adapted to cause the application platform with flexible permissioning to: maintain, at the service provider server, a profile associated with at least one application developer using the application development server; receive an API call from the application developer; authenticate the application developer and authorize the API call; assign an access level to the application developer based on the profile associated with the application developer; and control permissions given to the application developer to perform operations available based on the assigned access level. | 10-09-2014 |
| 20140304783 | Monitoring Unauthorized Access Point - A monitoring system, monitoring server, method, and program that, when an unauthorized access point is installed, effectively block wireless communications performed by the unauthorized access point, a monitoring system including a monitoring server for monitoring an unauthorized access point and multiple terminals connected to the monitoring server via a network is provided. The terminals acquire radio wave information from radio waves transmitted by an access point, and transmit the radio wave information to the monitoring server. The monitoring server detects an unauthorized access point using terminal information including the radio wave information received from the terminals, designates a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point, and instructs the terminal to transmit radio waves. The terminal transmits radio waves in accordance with the instruction from the monitoring server. | 10-09-2014 |
| 20140310777 | METHODS AND SYSTEMS FOR SERVER-INITIATED ACTIVATION OF DEVICE FOR OPERATION WITH SERVER - Methods and systems for enabling activation of a wireless communication device to operate with a server on a wireless communication network. An activation request is pushed from the server to the device, the activation request being authenticated with a signature signed with a server certificate. After the device verifies the activation request using server certificate and signature, a mutually authenticated communication session is established between the device and the server for activation of the device on the server. | 10-16-2014 |
| 20140310778 | METHOD AND SYSTEM FOR THIRD-PARTY SERVICE PLATFORM LOGIN - A third-party service platform login method is provided for a public platform containing information of a plurality of third-party service platforms. The method includes accepting a user logging onto the public platform from a client terminal, obtaining a third-party service platform selected by the user on the public platform, and obtaining a user identification number (UIN) of the user and a UIN of the selected third-party service platform. The user's UIN corresponds to a user account of the user on the public platform and the selected third-party service platform's UIN corresponds to a public account of the third-party service platform on the public platform. Further, the method includes combining the UIN of the user and the UIN of the selected third-party service platform to generate a new combined user account for the user to log onto the selected third-party service platform, and logging onto the selected third-party service platform. | 10-16-2014 |
| 20140310779 | SYSTEMS AND METHODS FOR EFFICIENT AND SECURE TEMPORARY ANONYMOUS ACCESS TO MEDIA CONTENT - A method for providing access to media content is performed at a device with a processor and memory storing instructions for execution by the processor. The method includes receiving, from a client device, a request for access to a media item. The method further includes obtaining user information associated with a user identifier corresponding to the request. Obtaining the user information includes, if the user identifier corresponds to a first type of user identifier, retrieving the user information from a database; and if the user identifier corresponds to a second type of user identifier different from the first type of user identifier, extracting the user information from the user identifier. The method further includes performing a media access operation based on the request and the user information associated with the user identifier. | 10-16-2014 |
| 20140310780 | COMMUNICATION SYSTEM - A system may include a computing device configured to receive a selection of an electronic item and receive a selection of a recipient. The computing device may associate at least one security option with the electronic item. The computing device may transmit the electronic item and the associated security option to a recipient device associated with the recipient. | 10-16-2014 |
| 20140310781 | METHODS FOR MANAGING AUTHORITY DESIGNATION OF GRAPHICAL USER INTERFACES - According to one aspect, a graphics management system receives a first message from a first process for granting one or more rights to a second process for accessing a GUI element owned by the first process. In response, the graphics management system transmits a second message to the second process, the second message offering the one or more rights to the second process. The graphics management system receives a third message from the second process indicating an acceptance of the offer. Thereafter, the graphics management system restricts access of the GUI element by the second process based on the one or more rights accepted by the second process. | 10-16-2014 |
| 20140310782 | TICKET-BASED SPECTRUM AUTHORIZATION AND ACCESS CONTROL - Aspects describe spectrum authorization, access control, and configuration parameters validation. Devices in an ad-hoc or peer-to-peer configuration can utilize a licensed spectrum if the devices are authorized to use the spectrum, which can be determined automatically. Aspects relate to distribution of authorization tickets by an authorization server as a result of validating a device's credentials and services to which the device is entitled. An exchange and verification of authorization tickets can be performed by devices as a condition for enabling a validated wireless link using the spectrum. | 10-16-2014 |
| 20140310783 | MESSAGING GATEWAY FOR DIRECTORY AND ANONYMOUS SERVICES - A subscriber who seeks to block access to contact information may receive identifying information for people attempting to access the subscriber's contact information. The subscriber also may be provided interfaces to enable the attempting person to contact the subscriber, in a variety of escalating forms, without revealing the subscriber's contact information. In a particular implementation, a request is received from an information seeker for contact information for a subscriber. A data structure is accessed that includes an indication that the subscriber should be provided with information relating to requests received for the subscriber's contact information. A message address for the subscriber is accessed, and a message is sent to the subscriber indicating the request for the subscriber's contact information. The requested contact information for the subscriber is withheld from the information seeker absent an indication from the subscriber that the requested contact information may be provided to the information seeker. | 10-16-2014 |
| 20140310784 | METHOD AND DEVICE FOR AUTHORIZING USER EQUIPMENT IN A WIRELESS COMMUNICATION SYSTEM - The present invention relates to a method and device for authorizing user equipment (UE) in a wireless communication system. The present invention also relates to a method and device for authorizing authorized true user equipment if an abnormal power down report is transmitted from a fake user equipment. The real user equipment checks the abnormal power down from a base station, receives an assignment A-MAP 1E, and transmits an authorized message to the base station if power is not abnormally down. Alternatively, user equipment transmits, to the base station, an abnormal power down signaling header that includes authorization parameters, such as COUNTER_TEK or a cipher-based message authentication code (CMAC). | 10-16-2014 |
| 20140317689 | System and Method for Verifying the Identity of an Internet User - A system and method for verifying the identity of an Internet user are disclosed. In at least one embodiment, a central computing system is configured for receiving and processing data related to the user. Using a computing device in communication with the computing system, a user account is created containing the user's basic information, including an email address belonging to the user. Upon validating the user's email address, the system obtains the user's name, address and last four digits of their social security number and, using that information, attempts to gather additional information related to the user from an at least one consumer records database in communication with the computing system. The user is then presented with an at least one identity verification question based on the additional information gathered. Upon the user correctly answering an acceptable percentage of the verification questions, the user's identity is considered to be verified. | 10-23-2014 |
| 20140317690 | Method and System for Allowing Access to a Protected Part of a Web Application - The present invention relates to a system and method for allowing access to a protected part of a web application, comprising providing a data carrier with a unique stored carrier-ID and a stored personal property, providing a reader for the data carrier and a reader for reading a personal property, visiting a web application, the web application which can be identified by a web application-ID, issuing a session-ID for the visit, reading the personal property by means of the reader, comparing the read personal property with the stored personal property, sending the combination of the session-ID and the web application-ID to the validating authority when the personal properties match, sending an access permission notification back to the web application by the validating authority when the session-ID and web application-ID properties match and allowing access to the protected part of the website based on the access permission notification. | 10-23-2014 |
| 20140317691 | Dynamic Client Authorization in Network Management Systems - There is provided a method of operating a telecommunications network management system. The management system comprises an authorisation service defining authorisations of client applications that each user of the management system is permitted to execute. The telecommunications network comprises managed resources in the form of network elements, which are targets of the management system to which the authorised client applications relate. The method comprises: making a change involving a change to one or more authorisations; generating an unsolicited notification of the authorisation change; and propagating the unsolicited notification to the authorised client applications in real time. | 10-23-2014 |
| 20140317692 | INFORMATION PROCESSING UNIT, CLIENT TERMINAL DEVICE, INFORMATION PROCESSING SYSTEM, AND AUTHENTICATION PROCESSING METHOD - An information processing unit includes a communication circuit configured to communicate with a client terminal device, a memory configured to store a program used for executing given processing, and a processor coupled to the memory, configured to issue, when the given processing includes processing of requesting authentication in accordance with a use request received from the client terminal device related to use of the program, an acquisition request of authentication information used for performing the authentication to the client terminal device, and determine, when the processor acquires an authentication result in accordance with the authentication information, whether or not the given processing that is to be performed by the program is executed, based on the authentication result. | 10-23-2014 |
| 20140317693 | System and Method for Conveying Event Information Based on Varying Levels of Administrative Privilege under Multiple Levels of Access Controls - An improved system and method for defining an event based upon an object location and a user-defined zone and managing the conveyance of object location event information among computing devices where object location events are defined in terms of a condition based upon a relationship between user-defined zone information and object location information. One or more location information sources are associated with an object to provide the object location information. One or more user-defined zones are defined on a map and one or more object location events are defined. The occurrence of an object location event produces object location event information that is conveyed to users based on user identification codes. Accessibility to object location information, zone information, and object location event information is based upon an object location information access code, a zone information access code, and an object location event information access code, respectively. | 10-23-2014 |
| 20140317694 | DIGITAL CONTENT RETRIEVAL UTILIZING DISPERSED STORAGE - A method begins by a DS processing module, when operable within a computing device, causing the computing device to receive a request for retrieval of a set of encoded content data slices from a dispersed storage network (DSN) memory, wherein the request includes at least the identity of the set of encoded content data slices. The method continues by determining user access rights based on a content timestamp. The method continues by determining the current timestamp and whether user access rights compare favorably to the content timestamp and current timestamp or can be modified to be favorable. The method continues by retrieving encoded data slices from the DSN memory and decoding the encoded data slices utilizing an error coding dispersed storage function and in accordance with the read operational parameters producing the content and sending the content and/or the encoded data slices to the requester. | 10-23-2014 |
| 20140317695 | LEVERAGING A PERSISTENT CONNECTION TO ACCESS A SECURED SERVICE - Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection. | 10-23-2014 |
| 20140317696 | NEXTDOOR NEIGHBORHOOD SOCIAL NETWORK METHOD, APPARATUS, AND SYSTEM - A method and system an online neighborhood social network designed to create private websites to facilitate communication among neighbors and build stronger neighborhoods. The private websites are embodied in a website having a domain name of nextdoor.com. In one embodiment, a method verifies that a user lives at a residence associated with a residential address claimed by the user of an online neighborhood social network. The method restricts access to a particular neighborhood to the user and to neighboring users living within the neighborhood boundary of the residence. A social network page of the user is created once verified and access privileges are determined. A message is distributed to neighboring users that are verified to live within a neighborhood boundary of the residence. The method may designate the user (e.g., as a lead user) with an additional privilege based on a participation level of the user in the online community. | 10-23-2014 |
| 20140317697 | SYSTEM AND METHOD OF SECURE SHARING OF RESOURCES WHICH REQUIRE CONSENT OF MULTIPLE RESOURCE OWNERS USING GROUP URI'S - In accordance with various embodiments, services gatekeeper systems and methods allow mapping and protecting communication services APIs with OAuth and group access to user information. Such a system can include a plurality of applications, executing on one or more application servers. The services gatekeeper is operable to define a group of members using a group URI, intercept requests for access to communication services APIs, obtain authorization from a group owner for access to a specified communication services API for each member of the group, and enable access to the specified communication services API of each member of the group in accordance with the scope authorized by the group owner. | 10-23-2014 |
| 20140317698 | INTELLIGENT TASK ASSIGNMENT AND AUTHORIZATION SYSTEMS & METHODS - The present disclosure relates to computer-implemented methods and systems for intelligent task management. An example method may include identifying one or more authorized entities. The method may further include broadcasting at least one task associated with a user to one or more devices associated with the one or more authorized entities. The method may further include receiving from the one or more authorized entities, via the one or more devices, an indication of acceptance of the at least one task. The method may further include selecting at least one trusted entity among the one or more authorized entities. The method may further include issuing at least one digital certificate to the at least one trusted entity to perform the at least one task. | 10-23-2014 |
| 20140325599 | Status Transfer Within a Group of Computing Entities - A system and method for designating and administering authority in a trusted environment is provided. In some embodiments, a determination is made that a transfer of the authority to a second computing entity is warranted. The second computing entity is opportunistically contacted, and during the opportunistic contact, the authority is passed from the first computing entity to the second computing entity. The passing of the authority from the first computing entity to the second computing entity tasks the second computing entity with updating members of the group of the passing of the authority. The passing of authority may include providing an outstanding group update to the second computing entity and may also include tasking the second computing entity with completing the outstanding group update. | 10-30-2014 |
| 20140325600 | INFORMATION LEVEL AGREEMENTS FOR ENTERPRISE CLOUD DATA - In some example implementations, a method may include receiving, at a broker, authorization to access at least one cloud service provider; receiving, at the broker, a message representative of at least one of a submission of data to or a request for data from the at least one cloud service provider; determining, by the broker based on a classification of the data, whether to authorize the at least one of the submission of data to or the request for data from the at least one cloud service provider; and forwarding, by the broker based on the determining, the at least one of the submission of data to or the request for data from the at least one cloud service provider, wherein the receiving authorization, the receiving the message, the determining, and the forwarding are implemented by at least one processor. Related systems, methods, and articles of manufacture are also provided. | 10-30-2014 |
| 20140325601 | MANAGING PRIVATE INFORMATION IN INSTANT MESSAGING - A computer-implemented method for managing private information in instant messaging is provided in accordance with an aspect of the present disclosure. In the method, first private information including details of a first instant messaging user is stored. Further, access authority of the first private information is maintained. When a second instant messaging user initiating a private information request has the access authority, provide the first private information to the second instant messaging user. | 10-30-2014 |
| 20140325602 | ACCESSING SYSTEM FOR VEHICLE NETWORK AND METHOD OF CONTROLLING THE SAME - A system for accessing to vehicle network includes a gateway extracting requested information from an in-vehicle network to transfer to an external device when an information request of the external device is a pre-registered inspect request and outputting a selection signal for a sector which an authenticated external device requested after performing an authentication for the external device when the information request is not the pre-registered inspect request. The system further includes a signal transmitter connecting the external device with the in-vehicle network corresponding to the sector that the external device requests when the selection signal is received from the gateway. | 10-30-2014 |
| 20140325603 | PROCESSING DATA - At a network node separate from a subscriber configuration network node configured to store subscriber configuration data for a plurality of subscriber devices, a request to access configuration data associated with a subscriber stored at the subscriber configuration network node is received. In response to the received access request comprising a private user identity for the subscriber, but not a public user identity for the subscriber, the network node retrieves, from a user identity database configured to store user identity data for identifying subscribers in the network, a public user identity for the subscriber, the retrieval being carried out on the basis of the private user identity for the subscriber comprised in the received access request, and transmits an authorization request to the subscriber configuration network node comprising the public user identity retrieved from the user identity database and the private user identity comprised in the received access request. | 10-30-2014 |
| 20140325604 | Image Processing Apparatus Automatically Requesting Permission to Use Server - An image processing apparatus may include a communication device, an image processing device, a reception device, at least one processor, and a memory. The communication device may be configured to communicate with a server. The reception device may be configured to receive first authentication data and a request for using the server. The memory may store computer executable instructions that, when executed by the at least one processor, cause the image processing apparatus to: allow a user to login when the first authentication data satisfies a prescribed authentication condition; automatically request, to the server, permission to use the server regardless of whether the reception device receives the request, once the user has logged in; and execute an image process using both the image processing device and the server. | 10-30-2014 |
| 20140325605 | SYSTEM FOR STORAGE SECURITY OF CLOUD SERVER IN CLOUD COMPUTING ENVIRONMENT AND METHOD THEREOF - The present invention relates to an apparatus for providing storage security of a cloud server in a cloud computing environment in which a client terminal is connected to the cloud server over a communication network. The apparatus includes a monitor configured to monitor which file data is requested for writing or transferring among file data stored in a storage of the cloud server and a controller configured to detect whether the file data monitored by the monitor is the file data belonging to a predetermined secure space and to block or hold the writing or transfer for the file data when the detected file data belongs to the predetermined secure space. | 10-30-2014 |
| 20140325606 | SERVICE ACTIVATION USING ALGORITHMICALLY DEFINED KEY - Systems and methods for service activation using algorithmically defined keys are disclosed. A consumer who has a relationship with a first party may wish to enroll in a service provided by a third party. The first party can maintain control of such enrollments through the use of algorithmically defined keys. The algorithmically defined keys also allow the third party service provider to verify data provided by the consumer as matching data stored by the first party. The verification provides for data synchronization without requiring the third party to have access to the first parties data systems. | 10-30-2014 |
| 20140325607 | PROGRAMMATICALLY ENABLING USER ACCESS TO CRM SECURED FIELD INSTANCES BASED ON SECURED FIELD INSTANCE SETTINGS - Access to customer relationship management (CRM) secured field instances is enabled based on field settings. A requester's identity determines action paths to be executed in order to enable access to fields. A client application's user privileges are inherited to enable access to secured fields. Such access through a granted privilege is provided through an API intermediating inheritance of user's privileges from client application. | 10-30-2014 |
| 20140325608 | Method and System for Multi-Factor Remote Data Access - A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices. | 10-30-2014 |
| 20140325609 | Method and System for Secure Mobile Messaging - A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices. | 10-30-2014 |
| 20140325610 | RULE-BASED APPLICATION ACCESS MANAGEMENT - A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules. | 10-30-2014 |
| 20140325611 | Systems and Methods for Automatic Discovery of Systems and Accounts - In various embodiments, a method comprises scanning a directory structure to generate a scan result comprising a plurality of discovered systems, identifying one or more accounts associated with at least one of the plurality of discovered systems, configuring a security appliance to change one or more old passwords to one or more new passwords for the one or more accounts, and changing, with the configured security appliance, the one or more old passwords to the one or more new passwords. | 10-30-2014 |
| 20140325612 | USING SOCIAL NETWORKING THRESHOLDS IN ACCESS CONTROL DECISIONS - A method, program product and apparatus for controlling access to profile information, multi-media resources or social network functions of a first user by a second user not listed on a friend or group listing of the first user. An application retrieves a threshold criteria for access control and social network statistics in response to an attempted access by an entity without an appropriate privilege. The application compares the statistics to the threshold. Then, if the statistics meet the threshold criteria, the application allows access. | 10-30-2014 |
| 20140325613 | METHOD FOR MODIFYING RIGHTS TO SECURITY DOMAIN FOR SMARTCARD, AND SERVER, SMARTCARD, AND TERMINAL FOR SAME - The present invention relates to modifying rights to a security domain for a smartcard, and more specifically, to a server for managing modification of rights to a security domain, a smartcard for modifying the rights to the security domain, a terminal which is loaded with the smartcard, and to a method for modifying the rights. | 10-30-2014 |
| 20140325614 | SYSTEM FOR PAIRING A TERMINAL WITH AN EGO ELEMENT WORN ON THE WRIST OR HAND OF A USER, AND CORRESPONDING METHOD - The invention relates to a system for pairing a terminal with an element worn on the wrist or hand of a user, the element comprising a secure element for communicating with the terminal. According to the invention: the element contains an accelerometer; the terminal includes a means for recording the movements of the element; the system comprises a means for comparing the signature of the accelerometer with that of the recording means of the terminal in order to authorize, if the signatures are similar, the pairing of the terminal with the secure element. | 10-30-2014 |
| 20140325615 | ROGUE ACCESS POINT DETECTION - A public wireless access point network includes authorised access points sharing the same SSID and connected to a network core which implements centralised authentication so that wireless client devices can roam between authorised access points. Each authorised access point is adapted to detect the presence of unauthorised rogue access points posing as authorised access points. The authorised access points inspect data packets received from wireless client devices which have roamed into range and from the addressing information in the MAC layer and IP layer can determine whether the wireless device has previously connected to a rogue access point. If such a determination is made, the user of the device is alerted that their confidential information may have been compromised. | 10-30-2014 |
| 20140331284 | INTEGRATION OF HOME SECURITY INTO EXISTING INFRASTRUCTURE - Embodiments relate to administering access to a wireless network by detecting a connective proximity of a device to the network, determining that the device is an authorized device based on information, connecting the authorized device to the network, and causing the connection of the authorized device to the network to be provided as an output status. | 11-06-2014 |
| 20140331285 | Mobile Device Locking with Context - A method and system for locking a mobile device on an interface are described. A user logs on to a mobile device with a user name. The mobile device then determines a context for the mobile device based on one or more operational parameters and/or the user name. For example, a context for the mobile device may be a current location of the device. Based on the context and user name, the mobile device may run in locked mode. In locked mode, applications are selected to be presented on the mobile device based on the user name and context. The mobile device is locked on a springboard that presents only the selected applications to the user for launching. A user may switch between launched applications on the mobile device, but the user may only switch between launched applications that are presented on the springboard. | 11-06-2014 |
| 20140331286 | EVENT DRIVEN SECOND FACTOR CREDENTIAL AUTHENTICATION - A reader configured to perform dual-factor authentication is provided. The reader is configured to analyze credential data as well as event-based user inputs. The event-based user inputs are received in response to the reader presenting one or more events to a user and monitoring the user's reaction thereto. Utilization of an event-based user input enables the reader to perform dual-factor authentication without necessarily being provided with a keyboard or other advanced user input device. | 11-06-2014 |
| 20140331287 | AUTHENTICATION POLICY ENFORCEMENT - A method of operating a network message interceptor for enforcing an authentication policy for communication over a network between first and second network endpoints, the interceptor being in communication with the network and external to the first and second endpoints, the network including transport layer security, the method comprising the steps of: intercepting a handshake message transmitted over the network between the first and second endpoints; extracting a certificate for an authenticating one of the endpoints from the handshake message; determining a validity status of the certificate for confirming an identity of the authenticating endpoint; and preventing communication between the first and second endpoints based on a negatively determined validity status of the certificate. | 11-06-2014 |
| 20140331288 | ACCESS GATING OF NOISY PHYSICAL FUNCTIONS - A system and methods are disclosed that limiting the number of challenge/response pairs available to an adversary. In accordance with the various aspects of the present invention, gate the access to an authentication module with a gatekeeper. The system can create a challenge/response protocol whereby the amount of challenge/response information leaked is controlled by the server. The device cannot leak challenge/response pairs when the device is in the possession of or being queried by an adversary or false device. | 11-06-2014 |
| 20140331289 | METHOD AND DEVICE FOR PLAYING A VIDEO AND COMPUTER-READABLE STORAGE MEDIUM - A method and device for playing a video are disclosed. The method includes: receiving video information of a video to be shared, playing progress information of the video to be shared, and an identification of a terminal corresponding to a friend invited by a user, which are transmitted by a user terminal; obtaining a video stream of the video to be shared according to the video information of the video to be shared and the playing progress information of the video to be shared; and transmitting the video stream of the video to be shared to the user terminal and the terminal corresponding to the friend. With the method and the device, the respective terminals are enabled to watch the same video together simultaneously and synchronously, thereby improving interactivity among the users when sharing the video. | 11-06-2014 |
| 20140331290 | Managing Secure Sharing of Private Information Across Security Domains by Individuals Having a Service Authorization - A system and method of granting a service authorization to a service provider in a regulating or funding agency of a first organization to access one or more individual's information in a second organization, where a service authorization comprises an authorization to access information and to provide specific services from said regulating or funding agency, the request for service authorization coming from an organization from an individual, patent or guardian of the individual, or regulating or funding organization, for service to be provided to an individual whose private information is stored within the second organization. A system for approving or rejecting the service authorization requests is provided based on authorization of the service provider, as well as a system and method for recording and sharing the outcomes of all decisions with the organization. If a service authorization is approved, it may be integrated into the organization's own workflow. | 11-06-2014 |
| 20140331291 | METHOD FOR GENERATING AND CHECK-CONTROLLING NETWORK IDENTITY INDENTIFICATION CODE IN NETWORK ELECTRONIC IDENTIFICATION CARD - The present invention relates to a method for generating and check-controlling a network identity identification code in a network electronic identity. The method comprises: a server performing initialization and performing generation and distribution of random numbers; receiving and auditing a request to generate the network identity identification code from a client; if the auditing is passed, performing encryption coding and generating a network identity identification code, and then sending the network identity identification code to a network electronic identification card through the client; the network electronic identification card performing the check processing of a network identity identification code, and feeding back a result to the server; the server storing the network identity identification code into a database, and informing the user. By means of the method for generating and check-controlling a network identity identification code in a network electronic identification card, the purposes of network identity management and privacy protection are both achieved, thereby effectively protecting the network application security and identity information privacy of citizens. The method is convenient and quick in use, has stable and reliable working performance, and has a wide application range, thereby laying a strong foundation for establishment of unified network identity management and service ecosystem. | 11-06-2014 |
| 20140337923 | Efficient Automatic Sharing of Network Access Among Devices - An access point device is configured to improve usability of tethering, while improving battery life and managing data usage among and by the tethered devices. Both access point devices and client devices can remain in a low power state without a high power radio being powered until a shared network connection is to be used. To establish a connection to a network for the client device, the client device communicates with the access point device over a lower power communication device, such as a low power radio. The access point device activates its higher power radio. The two devices then connect over the high power radio, allowing the client device to then to use the access point device as a router to connect to a computer network. | 11-13-2014 |
| 20140337924 | METHODS AND SYSTEMS FOR DYNAMIC LICENSE MANAGEMENT - Methods and systems for management of licenses for licensed features activatable on a server. In response to receipt of a request for activation of a requested feature on the server, a license count and a feature usage count are determined. It is determined whether the license count is sufficient to satisfy the request. When the license count is sufficient to cover the request, activation of the requested feature on the server is allowed. Otherwise, the request is refused. | 11-13-2014 |
| 20140337925 | Secure Application Leveraging of Web Filter Proxy Services - Secure application leveraging of a filter proxy service may be provided. In response to receiving a request to access a resource, a filter proxy service may be used to determine whether the request to access the resource is approved. If the request to access the resource is approved, the access to the resource may be allowed to continue. | 11-13-2014 |
| 20140337926 | SYSTEMS AND METHODS FOR ON-DEMAND PROVISIONING OF USER ACCESS TO NETWORK-BASED COMPUTER APPLICATIONS AND PROGRAMS - Provided are systems and methods for on-demand provisioning and de-provisioning of user access to network-based computer programs and applications, which provide on-demand user access provisioning when one or more programs or applications demand that role-based access be granted, in whole or part, to an application program by an approving authority, on an as needed basis. | 11-13-2014 |
| 20140337927 | AUTHORIZATION OF MEDIA CONTENT TRANSFER BETWEEN HOME MEDIA SERVER AND CLIENT DEVICE - A method for authorizing media content transfer between a home media server and a client device and provisioning DRM credentials on the client device, the method comprising receiving a service authorization credential at a client authorization server from a PKI provisioning server, wherein the service authorization credential is associated with a client device, and sending a validation response from the client authorization server to the PKI provisioning server if the client authorization server determines that the service authorization credential was previously provided by the client authorization server to the client device, wherein the validation response releases the PKI provisioning server to send DRM credentials to the client device. | 11-13-2014 |
| 20140337928 | INFORMATION PROCESSING DEVICE, INFORMATION MANAGEMENT METHOD, AND INFORMATION PROCESSING SYSTEM - An information processing device for managing information saved in a save location, including an authentication unit configured to manage first authentication information and second authentication information in association with each other, said first authentication information required to authenticate a client device requesting an operation relevant to the information, and said second authentication information required for authentication at said save location that saves the information; a save location monitor unit configured to monitor the information saved in the save location by using the second authentication information, and update index information of the information saved in the save location; and an information management unit configured to create a list of the information saved in the save location by using the index information of the information saved in the save location, and provide the list to the client device. | 11-13-2014 |
| 20140337929 | METHOD FOR PROVIDING DRM SERVICE AND ELECTRONIC DEVICE THEREOF - Provided is an electronic device. The electronic device includes at least one processor for executing a plurality of operating systems; and a mobile high-definition link (MHL) module. The operating systems include a normal operating system for controlling a content service and a secure operating system for receiving information for controlling digital rights management (DRM) content from the MHL module and controlling a DRM service. | 11-13-2014 |
| 20140337930 | SYSTEM AND METHOD FOR AUTHORIZING ACCESS TO ACCESS-CONTROLLED ENVIRONMENTS - Systems and methods are provided for authorizing a user to access an access-controlled environment. The system includes a system server platform that communicates with fixed PC's, servers and mobile devices (e.g., smartphones) operated by users. The systems and methods described herein enable a series of operations whereby a user attempting to access an access-controlled environment is prompted to biometrically authenticate using the user's preregistered mobile device. Biometric authentication can include capturing images of the user's biometric features, encoding the features as a biometric identifier, comparing the biometric identifier to a previously generated biometric identifier and determining liveness. In addition, the authentication system can further authorize the user and electronically grant access to the access-controlled environment. In this manner the secure authentication system can, based on biometric authentication, authorize a user's access to devices, online services, physical locations or any networked environment that require user authorization. | 11-13-2014 |
| 20140337931 | INDIRECT AUTHENTICATION - Techniques are provided for granting authorization to restricted content on a display device from an authorizing device. In one embodiment, the display device may operate in a display mode where only unrestricted content is accessible. To access restricted content, the display device may transmit an authorization request signal to the authorizing device. The authorizing device, having received the authorization request, prompts an authorized user to enter an authentication input, such as a password or gesture, on the authorizing device. Upon verification of the authentication input, the authorizing device is authenticated. An authorization signal is transmitted to the display device, and the display device may operate in an authorized mode, having access to otherwise restricted content or functions. | 11-13-2014 |
| 20140337932 | DISPERSED STORAGE NETWORK WITH ACCESS CONTROL AND METHODS FOR USE THEREWITH - In a dispersed storage network where slices of secure user data are stored on geographically separated storage units ( | 11-13-2014 |
| 20140337933 | SYSTEM AND METHOD FOR SECURE RECIPROCAL EXCHANGE OF DATA - A system for transmission of data from a first device operated by a first user includes a wireless device and a database. The wireless device is used by a second user and includes a memory for storage of data. The database is in network communication with the first device and the wireless device. The database receives and stores data from the first device. The database can synchronize a portion of the data from the first device with the memory of the wireless device on a periodic basis that is determined by the second user. The wireless device can include a mobile phone. Data from the first device can include a current mode of access of the first user. The database can synchronize a portion of the data from the first device with the memory of the wireless device automatically according to a predetermined time determined by the second user. Further, the database can synchronize a portion of the data from the first device with the memory of the wireless device whenever the data received by the database from the first device changes. In certain embodiments, the portion of the data from the first device that is synchronized between the database and the memory of the wireless device can be determined by the second user using the second device. | 11-13-2014 |
| 20140337934 | SYSTEM AND METHODS FOR ACCESS CONTROL BASED ON A USER IDENTITY - System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list. | 11-13-2014 |
| 20140337935 | FAST-ACCESSING METHOD AND APPARATUS - A fast-accessing method may comprise: establishing a first security connection between a first network node and a user equipment; obtaining first information from a second network node, wherein the first information comprises at least one of system information of the second network node and an identifier of a security algorithm selected by the second network node for the user equipment; providing second information to the second network node, in response to an indication of the second network node from the user equipment, wherein the second information comprises security information related to the user equipment; and sending the first information to the user equipment for establishing a second security connection between the user equipment and the second network node. | 11-13-2014 |
| 20140337936 | Relationship-Based Authorization - Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access. | 11-13-2014 |
| 20140344893 | Remote Access to Streaming Video - A method of granting a client device remote access to a media server after receiving a remote access request at a remote access control server from a remote client device over a wide area network by receiving an opened port list at the remote access control server from the media server over the wide area network, the opened port list describing one or more wide area network ports opened at a residential gateway operating a local area network to which the media server is connected, and transmitting the opened port list and a network address of the residential gateway to the remote client device from the remote access control server, such that the remote client device can communicate with the media server on the local area network through the one or more wide area network ports opened at the residential gateway. | 11-20-2014 |
| 20140344894 | Restriction Lists for Remote Video Transfer - A method of granting a client device remote access to a media server after receiving a port request from a remote client device at a residential gateway through an intermediate remote access control server by opening one or more wide area network ports temporarily mapped to local area network ports, such that the remote client device can communicate with the media server through the wide area network ports, transmitting a list of the one or more wide area network ports to the remote client device through the remote access control server, receiving a media content request from the remote client device and passing the media content request to the media server through the one or more wide area network ports, and passing media content from the media server to the remote client device through the one or more wide area network ports according to one or more restriction lists. | 11-20-2014 |
| 20140344895 | VERTICAL SOCIAL NETWORK - A method is provided to manage access to a social network from a mobile device, which has a user ID. The method is executed by a server, which manages accesses for a plurality of social networks, each social network being associated with a location and a time window. The method includes: receiving a request from the mobile device to join a social network, the request comprising at least information on the location of the mobile device and the user ID; gathering a timestamp associated with the received request; retrieving at least one social network associated with the location of the mobile device and a time window comprising the time indicated by the timestamp and registering the user ID in association to the at least one social network. | 11-20-2014 |
| 20140344896 | METHOD AND APPARATUS FOR USING ELECTRONIC DEVICE - A method of using an electronic device is provided. The method includes comparing, when a request for an access to a resource of the electronic device is identified, a reliability level of a user and a security level of the resource and permitting the access to the resource when the reliability level is equal to or higher than the security level of the resource. | 11-20-2014 |
| 20140344897 | METHODS AND APPARATUS FOR PREMISES CONTENT DISTRIBUTION - Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) LAN, and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implement a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE. | 11-20-2014 |
| 20140344898 | STAND-IN AUTHORIZATION SYSTEM AND STAND-IN AUTHORIZATION METHOD - The invention provides an entrusted-authorization system and an entrusted-authorization method. The entrusted-authorization system comprises an accounting system, a switch module and an entrusted-authorization module, wherein the entrusted-authorization module stores entrusted-authorization parameters determined by the accounting system, the switch module is connected with the accounting system and the entrusted-authorization module for transmitting transaction request messages from the client terminal to the entrusted-authorization module for processing in case that the accounting system is unavailable, wherein the entrusted-authorization module verifies the transaction request messages according to the entrusted-authorization parameters; otherwise, the messages are sent to the accounting system for processing. The transaction request messages comprise financial account information, financial mechanism information, transaction initiation mechanism information and transaction amount. With the entrusted-authorization system and entrusted-authorization method of the invention, a normal processing of transaction request can be ensured when the accounting system is unavailable. | 11-20-2014 |
| 20140344899 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO APPLET - A system and method for controlling access to an applet is provided. According to the applet access control method, when an application requests a management program for access to an applet stored in an SE, the management program controls access of the application to the requested applet. Accordingly, since an application that has no access right is prohibited from accessing an applet, security for information stored in the applets can be increased. | 11-20-2014 |
| 20140344900 | Project Resource Access Control - Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. An amount of indexed data accessible to a user may be based on an index storage limit selected by the user, such that data that exceeds the index storage limit may continue to be indexed. Also, one or more projects can be elastically scaled for a user to provide resources that may meet the specific needs of each project. | 11-20-2014 |
| 20140344901 | Method And System For Sharing A File - A method and system for sharing a file. The method includes: receiving a download request comprising a download address sent by a user terminal provider; according to the download request, downloading a file from the download address, storing the file, and sending a link address where the file is stored to the user terminal provider; receiving a sharing request comprising a link address sent by a user terminal requester, and sending a file corresponding to the link address to the user terminal requester. | 11-20-2014 |
| 20140344902 | MANAGED VIRTUAL POINT TO POINT COMMUNICATION SERVICE HAVING VERIFIED DIRECTORY, SECURE TRANSMISSION AND CONTROLLED DELIVERY - A system for providing a managed virtual point to point communication service having a verified directory and providing secure transmission and controlled delivery of electronic document images may include a memory, an interface, and a processor. The memory may store a verified directory of users. The interface may communicate with devices of sending and receiving users in the verified directory. The processor may be operative to receive a request to deliver an electronic document image from a sending user to a receiving user. The processor may provide secure access to the electronic document image to the receiving user. The processor may provide a delivery confirmation to the sending device of the sending user upon determining that the electronic document image was securely accessed by the receiving user. The delivery confirmation may indicate that the electronic document image was securely transmitted to the receiving user. | 11-20-2014 |
| 20140344903 | AUTHORIZATION FRAMEWORK - Embodiments disclosed herein provide an authorization framework. An apparatus may include a data storage to store a first plurality of authorization plugin modules and a server coupled to the data storage. The server may receive a request to access a resource, identify a second plurality of authorization plugin modules that is a proper subset of the first plurality of authorization plugin modules, execute each of the second plurality of authorization plugin modules to generate a plurality of authorization decisions and determine whether to grant the request in view of plurality of authorization decisions. | 11-20-2014 |
| 20140351895 | METHOD AND APPARATUS FOR PROCESS ENFORCED CONFIGURATION MANAGEMENT - A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems. | 11-27-2014 |
| 20140351896 | HEAD-MOUNTED DISPLAY APPARATUS WITH ENHANCED SECURITY AND METHOD FOR ACCESSING ENCRYPTED INFORMATION BY THE APPARATUS - There are provided a head-mounted display (HMD) apparatus and a method for accessing encrypted information by the apparatus, in which the head-mounted display apparatus with enhanced security according to an embodiment of the present invention includes a biometric information input unit that receives biometric information of a user; a communication module that transmits or receives information to or from a server; a memory that stores encrypted information; a processor that transmits the biometric information received through the biometric information input unit to a user authentication server through the communication module, receives access privilege information from the user authentication server, and decrypts the encrypted information stored in the memory based on the received access privilege information; and a display unit that displays the decrypted information through the processor. By decrypting information encrypted by a head-mounted display apparatus with enhanced security, even though the encrypted information is exposed, it is possible to prevent the information from being decrypted. | 11-27-2014 |
| 20140351897 | APPARATUS AND METHODS FOR DEVICE AUTHORIZATION IN A PREMISES NETWORK - Apparatus and methods for enabling protected premises networking capabilities. In one embodiment, a white list of devices authorized to access a premises network and a black list of device not authorized to access a premises network are utilized. The black and white lists may be stored at a database in communication with an authorization manager or may be stored at the manager itself. When a client device is connected to a premise, the manager determines, based on the premises and/or device identity, whether the device is entitled to access. The authorization manager makes this determination based on whether the device is on the white or black list. If the device is on neither list, the manager may add the device to the white list upon appropriate verification. The manager may also facilitate removal of a device from the white list to the black list upon request or automatically. | 11-27-2014 |
| 20140351898 | METHOD AND APPARATUS FOR IDENTITY FEDERATION GATEWAY - Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified. | 11-27-2014 |
| 20140351899 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER OF A COMPUTER APPLICATION, NETWORK, OR DEVICE USING A WIRELESS DEVICE - A method and system for authenticating a user includes providing an invocation element capable of being activated by a single user action, receiving an indication that the invocation element has been activated, obtaining a location of a wireless device associated with the user, determining whether the wireless device is associated with an authorized user, approving the user to use the application based on a predetermined location criterion, and producing an indication that the user has been authenticated. | 11-27-2014 |
| 20140351900 | LOCAL PROXY SYSTEM AND METHOD - A local proxy system includes a storage device having a local proxy and a physical port connection. The local proxy is part of a split proxy configuration having a local proxy and a remote proxy. The physical port connection is operative to receive commands from a host via an internet application protocol; and to transmit commands to the host via a modem control protocol, to thereby function as a gateway for conveying these commands to a remote proxy, via the host. Also provided is a method of optimizing communication over a network; and a local proxy system that includes a storage device having a local proxy. The storage device is in connection with a host via a physical port connection complying with a standard storage device interface. | 11-27-2014 |
| 20140351901 | SYSTEMS AND METHODS FOR PAIRING BLUETOOTH DEVICES - Embodiments of software-supervised pairing processes are provided. The processes enable a user to pair a mouse and keyboard with a Bluetooth transceiver without having to use a second mouse and keyboard. At least two separate processes are provided, including a long transition for initial pairing or re-pairing and a short transition for re-establishing a connection after devices have already been paired. | 11-27-2014 |
| 20140359705 | Granting Permission to Use an Object Remotely with a Context Preserving Mechanism - Granting permission to use an object remotely with a context preserving mechanism includes selecting an object stored at a first electronic location based on user input, granting permission to a subject to use the object remotely by selecting the subject based on the user input, and visually depicting a sharing relationship with the subject in response to using the object based on the user input. | 12-04-2014 |
| 20140359706 | Restricted Transmogrifying Driver Platform - A restricted transmogrifying driver platform is described herein. In one or more implementations, a platform is provided that enables a restricted execution environment for virtual private network (VPN) drivers and other transmogrifying drivers. The platform may be implemented as an operating system component that exposes an interface through which drivers may register with the platform and be invoked to perform functions supported by the platform. The restricted execution environment places one or more restrictions upon transmogrifying drivers that operate via the platform. For instance, execution may occur in user mode on a per-user basis and within a sandbox. Further, the platform causes associated drivers to run as background processes with relatively low privileges. Further, the platform may suspend the drivers and control operations of the driver by scheduling of background tasks. Accordingly, exposure of the transmogrifying drivers to the system is controlled and limited through the platform. | 12-04-2014 |
| 20140359707 | PROTECTING END POINT DEVICES - An approach is provided for protecting endpoint devices against unauthorized network connections. An endpoint device to be protected initiates a security test by requesting that a security detection service attempt to establish a network connection with the endpoint device. The endpoint device receives, from the security detection service, a response to the request sent to the security detection service. The security detection service attempts to establish a connection with the endpoint device. If a new network connection is received between the security detection service and the endpoint, then one or more actions are performed to secure network communications with the endpoint device. | 12-04-2014 |
| 20140359708 | HONEYPORT ACTIVE NETWORK SECURITY - A device comprises a processor. The processor is configured to generate a first signal using a first communication protocol. The first signal corresponds to data received by the processor. The processor is configured to generate a second signal using a second communication protocol. The second signal comprises fabricated data generated by the processor. Additionally, the processor is configured to transmit the first signal. The processor is also configured to transmit the second signal. | 12-04-2014 |
| 20140359709 | Maintaining Video Conference Session Continuity During Transfer of Session to Alternative Device - Implementations of the present disclosure provide systems and methods for seamlessly transferring a communication session from a first client to a second client via a close-range communication connection. Implementations contemplate serializing a set of unique identifiers pertaining to a communication session and transmitting the set of serialized identifiers from the first client to the second client via a close-range communication connection. The second client de-serializes the set of unique identifiers and transmits a request to a communication session server to assume control of the communication session from the first client. A communication session server may perform an authentication of the second client that requires the second client to provide credentials associated with a user account. In some implementations, the present disclosure provides for the creation of a temporary use token that enables a client to temporarily acquire credentials associated with a user account. | 12-04-2014 |
| 20140359710 | METHOD OF AND APPARATUS FOR PROVIDING AN INDICATION OF DATA CONSUMPTION - A method and apparatus providing an indication of data consumption by an application, which is executable on an electronic device and operable to consume data, via a network, from at least one remote content provider server. The method includes: providing, on the electronic device, an iconic representation for the application, the iconic representation having an indication of previous data consumption by the application from the at least one remote content provider server during previous execution of the application; executing the application in response to selection of the iconic representation; receiving, from the network, data representative of new data consumption with the at least one remote content provider server during the execution of the application; and providing an updated iconic representation for the application. The updated iconic representation includes an indication of updated data consumption based on the received data representative of the new data consumption and the previous data consumption. | 12-04-2014 |
| 20140359711 | DIGITAL DATA PROCESSING SYSTEM AND METHOD - A digital data processing method obtains an authorization level of a connected client device. The method further searches for available digital data to be browsed corresponding to the obtained authorization level and transmits parameters of the available digital data to the connected client device. The method further determines whether the connected client device has authorization to process specified digital data selected from the available digital data when a processing command is received. If the connected client device has authorization to process the specified digital data, the method transmits the specified digital data to the connected client device. | 12-04-2014 |
| 20140359712 | ELECTRONIC APPARATUS AND CONTROL METHOD - According to one embodiment, an electronic apparatus is configured to execute an environment selected from a plurality of environments comprising a first environment corresponding to a first account and a second environment corresponding to a second account different from the first account. The apparatus includes a first communication controller and a controller. The first communication controller communicates with an external device. The controller permits an execution of the second environment when the first communication controller communicates with the external device when the environment is selected from the plurality of environments. | 12-04-2014 |
| 20140359713 | METHOD, DEVICE, CLIENT AND SERVER FOR INTERACTION - An interaction method, device, client and server are provided. The method includes that: a client scans a target two-dimensional code (for example, a Quick Response code) to acquire a URL of the target two-dimensional code; the client sends the URL to an associated third-party server; the client receives multifunction information returned from the third-party server according to the URL, wherein each piece of the multifunction interaction information includes interaction type information; the client interacts with the third-party server according to the multifunction information. The present disclosure makes it possible that: during scanning a two-dimensional code, a client can directly interact with a third-party server, the interaction applications can simply be acquired via scanning, instead of pre-scanning and manually initiating an interaction with the scanned contents, such that the operations are simple and convenient. | 12-04-2014 |
| 20140359714 | MOBILE ELECTRONIC DEVICE WITH TRANSCEIVER FOR WIRELESS DATA EXCHANGE - A mobile electronic device ( | 12-04-2014 |
| 20140359715 | MEDICAL SYSTEM AND METHOD FOR AUTHORIZING A USER TO USE A MEDICAL DEVICE OF A MEDICAL SYSTEM - The present invention relates to a medical system which comprises a server having a user database that contains information about users of the medical system, and a medical device configured to communicate with the server through a communications network. In the medical system the server comprises a test database containing at least one test, the passing of a test being configured to generate an authorization for a user to use the medical device, the server is configured to register authorizations on the user database, and the medical device is configured to obtain authorizations from the user database. The invention also relates to an authorization method. | 12-04-2014 |
| 20140359716 | WEB PAGE SECURITY SYSTEM - A security application for granting different access rights to web pages and objects on each web page is disclosed. A data table assigns one or more function identifiers (FIDs) to users. A second data table assigns a different object identifier (OID) to each web page, and to assign a different OID for each object on each web page. A third data table assigns an FID to each OID. When a user attempts to access a web page or an object on the web page, a web server compares each of the user's FIDs to the FID assigned to the web page or object. The web server grants access to the web page or object if one of the user's FIDs matches the FID assigned to the web page or object, the user is granted access to the web page or object according to the function of the matched FID. | 12-04-2014 |
| 20140359717 | SOCIAL NETWORKING SYSTEM CAPABLE OF PROVIDING LOCATION-BASED NOTIFICATIONS - A networked computer system provides various services for assisting users in locating, and establishing contact relationships with, other users. For example, in one embodiment, users can identify other users based on their affiliations with particular schools or other organizations. The system also provides a mechanism for a user to selectively establish contact relationships or connections with other users, and to grant permissions for such other users to view personal information of the user. The system may also be capable of detecting, and notifying a user of, an event in which the user and a contact of the user are in a common location. | 12-04-2014 |
| 20140359718 | SYSTEM FOR MANAGING THE USE OF PREMISES - The system has monitoring devices, a control unit, a personal identifier for each user, and a remote server which includes a premises-management software stored in a memory device. At least some of the monitoring devices are provided with a router. Monitoring devices are connected to the control unit, and monitoring devices provided with a router are further connected to each other. The control unit is connected to the remote server via the internet. A user may log in as the user of a workstation with the help of the identifier in the monitoring device. With the help of the terminal, the user may also sign in to the management software, from which he can see the state of the workstations and reserve a vacant workstation for himself. | 12-04-2014 |
| 20140359719 | CONTENT MANAGEMENT DEVICE, CONTENT MANAGEMENT METHOD, AND INTEGRATED CIRCUIT - An address generation section ( | 12-04-2014 |
| 20140359720 | AUTHORIZATION CACHE - Example embodiments disclosed herein relate to implementing an authorization cache. An authorization fact is determined based on a grant. The authorization fact is cached. The grant is revoked. The authorization fact is revoked based on a grant index. | 12-04-2014 |
| 20140366097 | SECURITY ACCESS FOR A SWITCH DEVICE - A method for providing user access to a network switch appliance, includes: receiving from a user a request to access configuration item for the network switch appliance, the network switch appliance configured to pass packets received from a network to network monitoring instruments; and determining, using a processing unit, whether to allow the user to access the configuration item for the network switch appliance based on information regarding the user. | 12-11-2014 |
| 20140366098 | CUSTOMIZED INFORMATION SETUP, ACCESS AND SHARING DURING A LIVE CONFERENCE - A user device may access a remote conference management application and setup a conference customized for the user. For example, one method of operation may include transmitting a notification to a user device of an upcoming scheduled meeting time and receiving a confirmation that the scheduled meeting is a valid meeting time. The method may also include receiving at least one instruction from the user device regarding the meeting time, loading a data file sequence stored in a user account, and transmitting the data file sequence to a presentation management device. | 12-11-2014 |
| 20140366099 | METHOD OF ACCESS BY A TELECOMMUNICATIONS TERMINAL TO A DATABASE HOSTED BY A SERVICE PLATFORM THAT IS ACCESSIBLE VIA A TELECOMMUNICATIONS NETWORK - A method enabling a telecommunications terminal to access a database hosted by a service platform that can be accessed via a telecommunications network. The method includes: transmitting, to a second terminal associated with a mobile identifier of a second telecommunications network, information representing a request for the first terminal to access the database; in the second terminal, sending a response to the access request to an authentication server of the platform; in the authentication server, when a response to the access request is received, verifying the mobile identifier of the second network, and optionally validating the access of the first terminal to the database depending on the outcome of the verification. | 12-11-2014 |
| 20140366100 | CONTROL METHOD, SYSTEM AND METHOD - A computer-implemented control method for a rented device, comprises providing identification data to identify the device at a server, receiving a permission data file for the device from the server on the basis of the identification data, and including data representing a set of operating permissions associated with the device, executing a device specific operation on the basis of the permission data file to restrict or enable a function of the device. | 12-11-2014 |
| 20140366101 | INFORMATON PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, AND COMMUNICATION CONNECTION METHOD - The present invention provides, for a connection from an unspecified communication device, an information processing system, information processing device configuring the information processing system, and communication connection method for between the communication device and the information processing device which are capable of securing communication security while simplifying operation in the communication device. | 12-11-2014 |
| 20140366102 | AUTOMATED ACCOUNTS FOR MEDIA PLAYBACK - Content stored on a server may be selected using a user device and enabled on a central device. The identity of the central device may be authenticated without transmitting user credentials corresponding to the user, user device, user account, etc. A central device identifier can be sent to the server via the user device. An encrypted version of the central device identifier may be returned to the user device and to the central device. The central device can send the encrypted and unencrypted version of the identifier to the server, and the server can transmit the desired content to the remote device based on a comparison of the encrypted and unencrypted identifier. | 12-11-2014 |
| 20140373096 | Roaming Internet-Accessible Application State Across Trusted and Untrusted Platforms - In one embodiment, a user device may store state data for an application at an internet-accessible data storage | 12-18-2014 |
| 20140373097 | SYSTEM FOR DOMAIN CONTROL VALIDATION - A system and method for domain control validation is presented. At a certificate authority a request is received. The request includes a certificate signing request and a first Internet protocol address. The certificate signing request identifies a domain and a certificate. A second Internet protocol address for the domain is retrieved from a domain name system. When the first Internet protocol address is the same as the second Internet protocol address, the certificate is signed, and the signed certificate is transmitted to a requester of the request. When the first Internet protocol address is not the same as the second Internet protocol address, the certificate signing request is rejected. | 12-18-2014 |
| 20140373098 | RUNTIME API FRAMEWORK FOR CLIENT-SERVER COMMUNICATION - In particular embodiments, a method includes receiving, by a computing device including an import/export framework, encoded client data. The client data may be encoded by a generic transcoding service. The method includes performing load-balancing based at least in part on the client data, authorizing the client's access of a remote application, and exporting the encoded client data to the remote application. | 12-18-2014 |
| 20140373099 | ASYNCHRONOUS USER PERMISSION MODEL FOR APPLICATIONS - Use of an application to engage services on behalf of a third party is contemplated. The services may be engaged one behalf of the third party with delivery of a third party permission to a Web service, optionally with the third party permission being recognized in the form of an access token (accessToken) provided from the application to the Web service without requiring the application to interact with an user-agent used to obtain the third party permission. | 12-18-2014 |
| 20140373100 | NFC Triggered Two Factor Protected Parental Controls - Disclosed is a two-factor method for protecting access to content, device functionality accounts and the like through portable devices. A master device may facilitate a subordinate device's access to the on-line account by situating the master device in close proximity to the unauthorized user's portable device. Once within close proximity of one another, the devices may exchange information that may eventually allow the subordinate device to access an account, an application or the like. | 12-18-2014 |
| 20140373101 | SENDING SESSION TOKENS THROUGH PASSIVE CLIENTS - A session token can be requested to be sent to a first computing service from a second computing service, and a first computing service can receive the requested session token from the second computing service. The first computing service can send a message that includes the session token through a passive client to the second computing service. The second computing service can receive the message that includes the session token from the passive client, and the second computing service can verify that the message is valid. This verification of the validity of the message can include verifying that the session token received back from the passive client matches the session token the second computing service sent to the first computing service. | 12-18-2014 |
| 20140373102 | SERVER DEVICE, CONTENT DISTRIBUTION CONTROL DEVICE, AND CONTENT DISTRIBUTION SYSTEM - A smartphone provides a content to a client device that displays the contents on a screen. The smartphone includes a gyro sensor and a control unit. The gyro sensor detects a direction that the smartphone is facing. The control unit stops transmission of a predetermined content for which confidentiality is to be preserved when the gyro sensor detects that the smartphone is facing a predetermined direction. | 12-18-2014 |
| 20140373103 | AUTHENTICATION SYSTEM, CONTROL METHOD THEREOF, SERVICE PROVISION DEVICE, AND STORAGE MEDIUM - An authentication system registers, in a service provision device, identification information for an information processing device that cooperates with the authentication system, associates the identification information for the information processing device with authorization information in accordance with an issuance of the authorization information corresponding to the information processing device, and saves them in the authorization service device, queries the authorization service device for the identification information for the information processing device associated with the authorization information in response to a request for obtaining the service and the issued authorization information from the information processing device, and provides, according to the request, the service with the information processing device in response to a correspondence between the identification information for the information processing device acquired as a result of the query and the identification information for the information processing device registered. | 12-18-2014 |
| 20140373104 | DATA SENSITIVITY BASED AUTHENTICATION AND AUTHORIZATION - Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item. | 12-18-2014 |
| 20140373105 | ENTERPRISE SECURITY MANAGEMENT SYSTEM USING HIERARCHICAL ORGANIZATION AND MULTIPLE OWNERSHIP STRUCTURE - A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user's group. All users within a group inherit the rights and restrictions of the group. | 12-18-2014 |
| 20140373106 | Handling Emails - Disclosed are various methods for handling emails. They involve including email addresses in envelope recipient and envelope sender fields that are different to the addresses that would normally be included. One method comprises: receiving an email message at a service provider, the email message having in an envelope sender field a sender's email address relating to an unprotected sending contact entity and in an envelope recipient field a receiving alias email address relating to a protected receiving contact entity; wherein the recipient's email address includes a domain that is controlled by the service provider such that the email message is addressed to the protected receiving contact entity via the service provider, identifying a database record containing the recipient's email address; extracting from the database record a protected entity delivery email address for the protected receiving contact entity; substituting the recipient's email address in the envelope recipient field of the email message with the protected entity delivery email address; and providing the email message with the substituted envelope recipient email address. | 12-18-2014 |
| 20140373107 | SYSTEM AND METHOD FOR CONTROLLING A DNS REQUEST - A system and method of controlling communication. An appliance is provided with a program suitable for issuing a DNS request and a control program enabling the DNS request to be intercepted. The control program includes communications elements for communicating with a DNS server to which the DNS request is transmitted, and for communicating with another server for authorization. An authorization request, distinct from the DNS request, including an identifier of the user of the appliance and the domain name, is transmitted to the DNS server. The authorization server returns to the DNS server a response established as a function of the identifier of the user of the appliance and as a function of the domain name contained in the authorization request. The communications elements for communicating with the issuing program transmit to the issuing program an IP address defined as a function of the response from the authorization server. | 12-18-2014 |
| 20140373108 | COLLABORATIVE AUTHORING MODES - A collaborative authoring application provides an authoring environment in which two or more users can edit a document concurrently. Each user edits a copy of the document, sends updates to a master copy of the document, and receives updates from the master copy of the document. The authoring environment may be configured into a public mode of operation, in which content and metadata are synchronized automatically, or into a private mode of operation, in which metadata is synchronized automatically and content is synchronized only at the request of the user. The authoring application may edit documents offline in public or private mode. | 12-18-2014 |
| 20140373109 | Cartridges in a Multi-Tenant Platform-as-a-Service (PaaS) System Implemented in a Cloud Computing Environment - Implementations for providing cartridges in a multi-tenant PaaS system of a cloud computing environment is disclosed. An example method includes maintaining a repository of a plurality of packages that provide functionality for multi-tenant applications executed by a node, each package of the plurality of packages comprising a software and a configuration information specifying a plurality of hooks, receiving a request to configure a first package from the plurality of packages, wherein the first package is to provide functionality for one of the multi-tenant applications, establishing a container to provide process space for the functionality of the first package, calling a configure hook from the plurality of hooks specified in the configuration information of the first package, and in response to calling the configure hook, embedding an instance of the software of the first package in the container, the instance of the software of the first package copied from the repository. | 12-18-2014 |
| 20140373110 | MOBILE DEVICE IDENTIFY FACTOR FOR ACCESS CONTROL POLICIES - A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway. | 12-18-2014 |
| 20140380420 | METHOD AND APPARATUS FOR EXPANDED CONTENT TAG SHARING - Techniques for expanded content tag sharing include determining that a first user is associated with content provided by a different second user. Data is recorded that indicates the first user is authorized to associate a different third user with the content provided by the second user, without further input by the second user. In some embodiments, the data that indicates the content provided by the second user includes data that indicates a plurality of contents. Some techniques include determining a message received from a first user indicates a portion of content associated with the first user, and a second user. The portion of the content is rendered on an apparatus of the second user. The second user is prompted for associating, with the portion of the content, an item identifier, such as text or another user, for the portion of the content. | 12-25-2014 |
| 20140380421 | Insecure Connection Prohibition - A server system may be configured to receive a request for a connection from a client application. The server system may also be configured to determine if the client application is permitted to connect with the server. The connection with the client application may be prohibited if the server determines that the client application is not permitted to connect with the server. A secure connection with the client application may be permitted if the server determines that the client application is permitted to connect with the server. The secure connection may be established with the security protocol settings specified by a process on the server or shared security protocol settings specified by on a server system-wide basis. | 12-25-2014 |
| 20140380422 | RISK PREDICTIVE ENGINE - A method, a device, and a storage medium provide a risk engine that calculates a level of risk stemming from a communication to access a service or an asset. The risk engine operates as a fuzzy logic neural network. The risk engine obtains parameters from the communication and applies rules to calculate the level of risk. | 12-25-2014 |
| 20140380423 | SYSTEM AND METHOD FOR DYNAMICALLY AWARDING PERMISSIONS - An authorization system for dynamically awarding permissions to a requestor for performing an action, based on real-time monitored statistics of the requestor. The authorization system comprises a processor and a memory. The memory further comprises a status database for storing real-time information corresponding to the requestor, and a rules database for storing rules to enable the authorization system in determining permissions for various requestors' requests to perform the action. Additionally, the memory includes a status determining module for determining status-data related to the requestor, and a permission awarding module to evaluate the status-data with a dynamically selected set of rules for awarding permission to a requestor's request. The memory further includes a risk estimation module for calculating risk associated in awarding the permission, and an action triggering module for triggering an associated action based on the calculated risk. | 12-25-2014 |
| 20140380424 | LOCATION DETERMINATION FOR USER AUTHENTICATION - User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process. | 12-25-2014 |
| 20140380425 | POLYMORPHIC COMPUTING ARCHITECTURES - Polymorphic computing architectures can support and control separate, independently executable domains and other components on a computing platform. In some embodiments, the architectures may control the different domains and/or components according to different purposes. In some embodiments, the architectures can control domains and/or components to enforce a desired “purpose” of a domain/component while simultaneously denying a corresponding “anti-purpose.” | 12-25-2014 |
| 20140380426 | METHOD, DEVICE AND SYSTEM FOR LOGGING IN THROUGH A BROWSER APPLICATION AT A CLIENT TERMINAL - The current invention discloses methods, devices and systems for logging in a third party server through a browser application at a client terminal. After receiving a validation request from a third party server, the main server for the browser application may choose to grant or deny the request. The validation request, which may include a third party identifier, a user identifier, and a session key, can be triggered by a data access request from the browser application. If there is an active communication session between the client terminal and the server, the server may send an authorization request to the third party so that the third party server allows the client terminal to access non-sensitive data associated with the user identifier through the browser application without further validation of the data access request. The current invention provides additional convenience and security for third party login operations. | 12-25-2014 |
| 20140380427 | METHODS FOR DETERMINING AUTHENTICATION REQUIREMENTS OF INFORMATION CENTRIC NETWORK BASED SERVICES AND DEVICES THEREOF - A method, device, and non-transitory computer readable medium for determining and representing one or more authentication requirements for at least one valid service flow of one or more information centric network (ICN) based services. This technique involves capturing service specification and storing it in a repository. Then, one or more possible service flows are generated and represented based on the nature of contents, delivery options and preferred architecture. This representation is again modified based on the trust level among functional entities and authentication scope which are inferred from the service specification. The final representation of the service flow shows only the valid inter-connections and operations among functional entities and the service flow is constrained by authentication requirement. | 12-25-2014 |
| 20140380428 | AUTHORIZATION SERVER SYSTEM, CONTROL METHOD THEREOF, AND NON-TRANSITORY COMPUTER-READABLE MEDIUM - An authorization server system that manages authorization information configured to enable providing of a service without requiring input of authentication information, comprises: a management unit which manages the authorization information; a providing unit which provides a deletion screen that includes the authorization information generated when an authorization operation of a user is performed but not the authorization information generated without performing the authorization operation of the user in accordance with reception of a request of the deletion screen configured to delete the authorization information managed by the management unit; and a deletion unit which deletes the authorization information managed by the management unit, in accordance with reception of a deletion instruction via the deletion screen. | 12-25-2014 |
| 20140380429 | AUTHORITY DELEGATE SYSTEM, AUTHORIZATION SERVER SYSTEM, CONTROL METHOD, AND PROGRAM - An authority delegate system, including a server system which provides a service to a device having an application, and an authorization server system which performs authorization processing to delegate user authority in the service to a usage source of the service, includes a management unit, and a providing unit. The management unit identifies authority of the application, in accordance with having received a request to register the application as the usage source, and manages the identified authority, and an identifier of the application, in an associated manner. The providing unit provides the service, in a case where an authorization operation has been performed to permit delegating of the user authority to the application transmitting a request to use the service, and an authority which the application uses is included in authorities associated with the identifier of the application. | 12-25-2014 |
| 20140380430 | IMAGE FORMING APPARATUS HAVING TRANSMISSION FUNCTION, AND CONTROL METHOD AND STORAGE MEDIUM THEREFOR - An image forming apparatus capable of maintaining user's convenience in performing transmission while utilizing a transmission setting even when destinations usable for the transmission according to the transmission setting are restricted to a predetermined destination such as an authenticated user's address in order to enhance security. In a case where destinations usable for the transmission according to the transmission setting are restricted to an authenticated user's address and where at least one transmission destination registered in the transmission setting differs from the user's address, the at least one transmission destination registered in the transmission setting is rewritten to the authenticated user's address. | 12-25-2014 |
| 20140380431 | COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST AUTHORIZATION SYSTEMS AND COMPUTER PROGRAMS PRODUCTS THEREOF - A computer implemented method and computer program products to prevent attacks against authorization systems | 12-25-2014 |
| 20140380432 | METHOD, DEVICE AND SYSTEM FOR DATA DOWNLOADING - A method for data downloading is provided, including: sending a download request, and sending a security check request according to the download request; receiving network data returned according to the download request, and receiving a check result returned according to the security check request; and determining whether the check result indicates that the network data is secure; if yes, then continue receiving the returned network data, and if no, interrupt receiving the returned network data. In addition, a device and a system for data downloading are provided, which improve the security of data download. | 12-25-2014 |
| 20140380433 | Transport Communication Management - Methods and systems for communicating information are disclosed. An example method can comprise receiving information at a first device based on a first protocol. The information can be translated, at the first device, for communication to a second device based on a second protocol. A determination can be made as to whether the information matches a criterion associated with a transportation device. The information can be provided to the second device based on the second protocol and a determination that the information matches the criterion. | 12-25-2014 |
| 20140380434 | METHOD AND TRUSTED GATEWAY FOR WIFI TERMINAL ACCESSING TO PACKET DATA PS SERVICE DOMAIN - The embodiments of the present invention provide a method and a trusted gateway for a WiFi terminal to access a PS service domain. The method comprises: receiving an accounting request message sent by an authentication, authorization and accounting AAA server or a dynamic host configuration protocol DHCP request message sent by the WiFi terminal; establishing, by a trusted gateway, a first packet data protocol PDP context connection or a first packet data network PDN connection with the PS service domain according to attribute information of the WiFi terminal after receiving the accounting request message or the DHCP request message, so that the WiFi terminal accesses the PS service domain via the wireless local area network, the trusted gateway, and the established first PDP context connection or the first PDN connection. | 12-25-2014 |
| 20140380435 | DEVICE-SPECIFIC AUTHORIZATION AT DISTRIBUTED LOCATIONS - A method includes receiving authentication information for a client device at a server. The authentication information includes a geographic location of the client device and a first result of a one-way hash function based on a combination including an authentication seed and a first secret. The method includes computing, at the server, a second result of the one-way hash function based on a combination including the authentication seed and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location. | 12-25-2014 |
| 20140380436 | DIGITAL RIGHTS MANAGEMENT OF CONTENT WHEN CONTENT IS A FUTURE LIVE EVENT - A method and system for managing use of items having usage rights associated therewith including a point of capture system adapted to generate content of a future event when the event occurs, a content distributor adapted to generate a rights label having usage rights associated with content of the future event before the content is created, the rights label having a distribution key for encrypting the content as the content is generated, the distribution key being encrypted with a public key. The system also includes a license server adapted to generate a license associate with the content from the rights label before the content is generated, the license including the distribution key encrypted with the public key, and a content distributor adapted to distribute the license before the content is generated. | 12-25-2014 |
| 20150020164 | AUTOMATIC MANAGEMENT OF SECURE CONNECTIONS - In an example embodiment, on-premise systems have access to a cloud connector located on-premise. When the on-premise cloud connector is started, it may establish a secure connection to a notification service residing in the cloud. Applications running on the cloud have access to a connectivity agent. Cloud applications wishing to communicate with the on-premise systems send the communications through the connectivity agent. If a secure connection between the connectivity agent and the cloud connector does not exist, the connectivity agent sends a request to open a secure connection to the notification service. The notification service forwards the request to the cloud connector over its secure connection. The cloud connector may check the requested connection, and if authorized, open a secure connection to the connectivity agent. The connectivity agent then forwards the communication to the cloud connector, which then forwards it to the on-premise system. | 01-15-2015 |
| 20150020165 | SYSTEM OF EXECUTING APPLICATION AND METHOD THEREOF - An application executing system and a method thereof are provided. When an application in an electronic device is executed, identification information is received for identification, and physiological characteristic information is further gathered. User access permission is given when the identification information and default identification information are compared to be in consistency. User edit permission is given when the physiological characteristic information and default physiological characteristic information are compared to be in consistency. When the application is executed, functions of the application are provided to be used according to the access permission or the edit permission. Therefore, providing different functions of the application according to different permissions may be achieved. | 01-15-2015 |
| 20150020166 | SYSTEM AND METHOD FOR MANAGING RELATIONSHIPS BETWEEN BROKERS AND TRADERS - According to one embodiment, a method of managing access to a trading network is provided. A first network login request for a first user is received from a client application. The first network login request includes first authentication information. Based at least on the first authentication information, the first network login request is approved, which authorizes the first user to access the trading network. One or more associated users for which the first user is authorized to act as a proxy is identifying from a plurality of users. User profile information for one of the associated users is obtained and communicated to the client application. The user profile information includes information regarding the second user that can be used to allow the first user to engage in trading activity via the trading network on behalf of the second user. | 01-15-2015 |
| 20150020167 | SYSTEM AND METHOD FOR MANAGING FILES - A method is provided for managing files among a cloud server and at least one terminal device. The terminal device stores preprocessed files. The method includes steps of determining a type of one preprocessed file when the terminal device receives a request for opening the preprocessed file. Determining a corresponding software to open the preprocessed file. Generating a control signal including information of the preprocessed file needed to be opened and the determined software, and transmitting the control signal to the cloud server. Determining an authorization status of the terminal device in response to the control signal. Storing a copy of the preprocessed file in a buffer of the cloud server if the terminal device is authorized. Obtaining the determined software in the cloud server according to the control signal. Controlling the determined software to open the copy of the preprocessed file. | 01-15-2015 |
| 20150020168 | TRUSTED WIRELESS LOCAL AREA NETWORK (WLAN) ACCESS SCENARIOS - A method to support two scenarios in trusted wireless local area network (WLAN) access is provided herein. The method may be performed, for example, by a user equipment (UE). The method generally includes requesting a nonseamless wireless offload (NSWO) connection to a network during an extensible authentication protocol (EAP) procedure and receiving, after successful authentication, at least one of an internet protocol (IP) address or a reason code from a network entity indicating NSWO is not allowed. | 01-15-2015 |
| 20150020169 | Information Device and Network System - A program when executed by a computer for controlling a registration server configured to be connected to a first network, causing the computer to execute: receiving user identification information; receiving device identification information from a communication terminal connected to a second network different from the first network, the device identification information being for identifying, on the second network, an information device connected to the second network; transmitting the received user identification information to a management server connected to the first network; receiving, from the management server, authentication information transmitted from the management server as a response to the transmitted user identification information; generating registration information which has a format in which the authentication information is allowed to be registered in the information device, the registration information including the authentication information and the device identification information; and transmitting the generated registration information to the communication terminal. | 01-15-2015 |
| 20150020170 | Multimedia Personal Historical Information System and Method - Disclosed is a mobile and web-based personal history capture-store-retrieval process and system intended to be used by individuals or groups (including companies and educational institutions) to record personal historical information in multimedia file format from any source, such as the individual's smartphone, tablet, or personal computer. The system will assist individuals in the recording and storage and retrieval of the individual's (or group's) personal histories. The system employs an artificial intelligence engine to analyze user content (e.g., information, data, metadata, and historical content associated with such user) and design prompts to the user to input additional information. The system also provides a method for creating an e-book from the content, either by a single user or by collaboration among multiple users. Disclosed also is a computer implemented method and system and related computer program product for capturing, storing, retrieving and disseminating personal and/or group legacy and history information. | 01-15-2015 |
| 20150020171 | NON-INVASIVE METHOD AND SYSTEM FOR AUTOMATED ADMINISTRATION OF DIVERSE SECURITY CONSTRAINED SERVERS - A method of automatically administering servers is disclosed. The method includes automatically transmitting commands to at least one of the servers. Administrator level access is non-invasively obtained on the at least one of the servers utilizing the automatically transmitted commands. The at least one of the servers is administered using the administrator level access and the automatically transmitted commands. | 01-15-2015 |
| 20150026772 | MEDIA BASED AUTHENTICATION AND AUTHORIZATION FOR SECURE SERVICES - A method requests authentication of an electronic device by a service provider in response to a request for service by the electronic device. An authentication element is provided to the service provider via a secure media of the electronic device. In response to the request for service, an authorization server provides proxy authorization for the service provider by receiving an authorization element from the service provider and installing the authorization element on the secure media. Upon authenticating and authorizing the electronic device using the secure media, accessing the requested service. | 01-22-2015 |
| 20150026773 | Application and Permission Integration - Systems, methods and apparatuses of integrating applications in an application integration system are provided. In some examples, work-based applications may be integrated with personal applications, such as in an application region. One or more rules for accessing the applications within the application region may be determined or defined. In some examples, accessing the application region (e.g., via login or other authentication process) may provide access to all applications within the application region, without requiring additional login or authentication for each particular application being accessed. Further, the system may determine one or more rules for providing communication and/or data sharing between the one or more applications within the application region, between applications within the application region and outside the application region, between two or more applications regions, and the like. | 01-22-2015 |
| 20150026774 | ACCESS AUTHENTICATION METHOD AND DEVICE FOR WIRELESS LOCAL AREA NETWORK HOTSPOT - Disclosed are an access authentication method and device for a WLAN hotspot. The method comprises: an access password of a WLAN hotspot is updated according to a preset update time interval; and access for a wireless workstation which is accessing to the WLAN hotspot through a soft AP is authenticated according to the updated access password. The disclosure can solve the problem in the related art that other users can use traffic without limitation once they have stolen the password which causes great damage to users who pay the bill because the access password of the WLAN hotspot can only be manually updated. | 01-22-2015 |
| 20150026775 | ACCESS MODE SELECTION BASED ON USER EQUIPMENT SELECTED ACCESS NETWORK IDENTITY - Access mode selection based on user equipment selected access network identity may be useful, for example, with respect to the authentication in third generation partnership project (3GPP) networks of subscribers attaching to a trusted wireless local area network (WLAN) access network (TWAN). A method of access mode selection can include informing, in a request, an authentication server regarding at least one access mode for a user equipment. The method can also include selecting a mode of the at least one access mode to use with respect to the user equipment based on a response received from the authentication server in response to the request. | 01-22-2015 |
| 20150026776 | ANONYMOUS SUBJECT IDENTIFICATION SYSTEM - A computerized method and apparatus are established to identify a subject of common interest among multiple parties without releasing the true identity of any subject. Furthermore, a computerized network provides different parties at different locations with a mechanism to conduct cooperative activities concerning such a subject of common interest without exposing that subject to possible identity theft. | 01-22-2015 |
| 20150026777 | Connection Leasing for Hosted Services - Aspects herein describe brokering hosted resources in a virtual desktop infrastructure (VDI) using connection leases to reduce demand on connection brokers and to allow hosted services to be maintained even in the event of a broker outage. When a client device desires to connect to a hosted resource (e.g., a hosted desktop or a hosted application), the client device may present a lease token to the session host. The lease token is a self-sustaining package of data from which a session host can determine whether the requesting client device is authorized to access one or more resources hosted by that session host. The lease token may be cryptographically signed to ensure its contents have not been altered, and further that the lease token originated from a trusted source. Lease tokens may be stored independently from a connection broker, thereby still being usable if the connection broker goes offline. | 01-22-2015 |
| 20150026778 | ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD - In a hierarchical access permissions environment, a method for enabling efficient management of project-wise permissions including maintaining project-wise lists of network objects, access permissions to which cannot be managed together via a hierarchical folder structure and employing the project-wise lists of network objects to make project-wise changes in access permissions to the network objects without the need to individually modify access permissions to individual ones of the network objects. | 01-22-2015 |
| 20150033292 | Method and System for Sharing and Distributing Content - A system for distributing content to at least one client device is disclosed. A content host has a processor and a content store, a client device has a processor and a content cache and a permissions store has a computer storage device configured to store permissions data corresponding to a recipient of content. The content host processor is configured to receive a content identifier corresponding to a recipient request for permission to cache an item of content. The content host processor will then parse the permissions data to determine if the recipient has available permissions to cache the requested content. If the user has available permissions, the content host processor modifies the permissions data to include permission to cache the content. The recipient may additionally request for permission to cache a given item of content to be removed in order to increase an amount of permissions available to the recipient. | 01-29-2015 |
| 20150033293 | INFORMATION PROCESSING SYSTEM, METHOD OF PROCESSING INFORMATION, PROGRAM, AND RECORDING MEDIUM - An information processing system including at least one computer and connected to an apparatus through a network includes a receiving unit that receives a request in which address information related to data is designated to a predetermined destination; a generating unit that generates authority identifying information for identifying operation authority of the apparatus in response to the request; a first memory unit that stores the authority identifying information and the address information by associating the authority identifying information with the address information; and a sending unit that sends the authority identifying information to a transmission source of the request, wherein the apparatus performs a process using the data related to the address information stored in the first memory unit in association with the authority identifying information when the authority identifying information is input. | 01-29-2015 |
| 20150033294 | NETWORK MANAGEMENT SYSTEM ARCHITECTURE OF A TELECOMMUNICATIONS NETWORK - Network management of a telecommunications network. An external system, such as a cloud computing environment, receives network element data from the network management system of the telecommunications network over a channel that may be encrypted. The network element data are parameter samples that the network management system has collected from one or more network elements within the telecommunications network. The external system then processes at least some of the received network element data. The external system might also receive network element data from other network management systems of other telecommunications networks also. Furthermore, the external system might also have external information not received from the network management system. The external system may perform processing on all of this information in conjunction with the received network element data in order to perform sophisticated analytics. | 01-29-2015 |
| 20150033295 | Hospital Bed Compatibility With Third Party Application Software - A system includes a remote computer device and a patient bed in communication with the remote computer device. The patient bed has circuitry operable by a user to obtain at least one software application from the remote computer device. The system also has an authentication software module that verifies that the at least one software application is authorized for use on the patient bed. | 01-29-2015 |
| 20150040192 | GRADUATED ACCESS MULTI-PASSWORD AUTHENTICATION - Methods and systems for accessing computer data and systems require different sequential and serial passwords to drive a user into a tiered set of sub-accounts of graduated access. At the same time, the tiered hierarchy of access acts as a honey pot system where remote intruders would statistically tend to break through the slightly less secure passwords first, triggering the notification system upon entry into the restricted or firewalled honey pot or virtual systems. With this system, the system administrator can manage multiple sessions for each user where the passwords are of a different level of security based on commercially available password strength tools. The system administrator creates the less secure passwords and lower access sub-accounts and optionally allows users to have such lower levels. | 02-05-2015 |
| 20150040193 | Physical Interaction Style Based User Authentication for Mobile Computing Devices - System and method for performing multi-factor authentication of a mobile computing device. Information identifying a mobile computing device may be received over a network, where the mobile computing device has requested access to a resource, and where the mobile computing device has a registered user. The mobile computing device may be identified based on the information identifying the mobile computing device. Information regarding a current physical interaction style with respect to the mobile computing device may be received over the network. A confidence level may be determined based on the current physical interaction style, where the confidence level indicates a degree of confidence that mobile computing device is currently being operated by the registered user of the mobile computing device. The mobile computing device may be granted access to the resource in response to the confidence level meeting or exceeding a specified threshold value. | 02-05-2015 |
| 20150040194 | MONITORING OF SMART MOBILE DEVICES IN THE WIRELESS ACCESS NETWORKS - A method for smart mobile devices monitoring in wireless local area networks. The method includes installing a wireless security monitoring system or a wireless access system in a local area network. The method includes configuring the wireless security monitoring system or the wireless access system to communicate with a mobile device management (MDM) system. The method includes detecting a wireless client connecting to the wireless local area network and identifying the wireless client to be a smart mobile device. Moreover, the method includes receiving an indication at the wireless security monitoring system or the wireless access system from the MDM system regarding whether the wireless client is a managed device or not. The method also includes classifying the wireless client as approved or unapproved smart mobile device based at least upon the indication received from the MDM system. | 02-05-2015 |
| 20150040195 | METHOD AND APPARATUS FOR ASSOCIATING STATION (STA) WITH ACCESS POINT (AP) - The present invention relates to a method and apparatus for associating a station (STA) with an access point (AP). The method for associating a first AP with an STA in a wireless LAN includes the steps of: a first AP receiving an association request frame from the STA; the first AP requesting authentication information on the STA from a second AP with which the STA was previously associated; the first AP receiving authentication information on the STA from the second AP, wherein the first and second AP's are linked by a distribution system, the association request frame includes identification information on the second AP, and the authentication information on the STA can include at least one of a paired main key (PMK) and a recertification main session key (rMSK). Accordingly, fast association between the STA and the AP can be achieved by a simplified authentication procedure without repeating a full authentication procedure. | 02-05-2015 |
| 20150040196 | NETWORK CONNECTING DEVICE, SYSTEM AND METHOD FOR SAME - A network connecting device communicates with a network providing device and a terminal device. The network providing device can send authorization information for providing a network. The terminal device can send a request for sharing the network. The network connecting device obtains the authorization information sent by the network providing device and the request sent by the terminal device. The network connecting device connects the terminal device to the network provided by the network providing device according to the authorization information. A network connecting system and method are also provided. | 02-05-2015 |
| 20150040197 | SYSTEM FOR MANAGING RESOURCES ACCESSIBLE TO A MOBILE DEVICE SERVER - A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium operating in a mobile device server having computer instructions to execute a web server application in the mobile device server. The web server application can be operable to detect a resource control manager while roaming in a communication zone of the resource control manager, and to transmit a pairing key to the resource control manager. The web server application can also be operable to receive from the resource control manager authorization to pair with one or more resources selected by the resource control manager according to the pairing key, and to establish communications with the one or more resources selected by the resource control manager. Other embodiments are disclosed. | 02-05-2015 |
| 20150046982 | Determining Response Signature Commonalities - An analyzer can obtain data regarding signal characteristics in each of multiple communication channels within an access network. The analyzer can use that data to create signatures corresponding to each of the multiple channels. Based on similarities between signatures, the analyzer may then identify clusters of signatures associated with devices that share channels or portions of channels. | 02-12-2015 |
| 20150046983 | Method and Apparatus for Providing An Adaptable Security Level in An Electronic Communication - A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient. | 02-12-2015 |
| 20150046984 | DYNAMIC AUTHENTICATION IN ALTERNATE OPERATING ENVIRONMENT - Systems and methods that employ dynamic credentials across distinct authentication standards can be used to reduce the burden associated with repeated re-authentication. A utility can be employed during logon in an alternate operating environment that stores information from the logon dynamically and generates a credential file that is employed to grant access to a resource without repeating the earlier logon procedure, even if the device changes its user state. After processes requiring resource access are complete, or when an allowed time expires, the granted access is revoked and the device returns to a default or standard authentication technique. | 02-12-2015 |
| 20150046985 | USER ADMINISTERING A TRUSTWORTHY WORKSPACE - Methods, systems and apparatuses for an operator provisioning a trustworthy workspace to a subscriber are disclosed. One method includes providing the subscriber with the trustworthy workspace, where in the trustworthy workspace comprises a virtualized content repository with trustworthy workflows for storing, sharing and processing a digital content across a plurality of repositories. The method further includes allowing the subscriber authority to sub-provision the trustworthy workspace to one or more authorized parties, wherein only the one or more authorized parties can view or modify at least a portion of the digital content. | 02-12-2015 |
| 20150046986 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR RECOVERING A PASSWORD USING USER-SELECTED THIRD PARTY AUTHORIZATION - A password recovery technique for access to a system includes receiving a request from a first party to recover the first party's password to access the system, receiving a selection of a second party from the first party, sending a message to the second party requesting that the second party authorize the request to recover the first party's password, receiving authorization from the second party for the request to recover the first party's password, and resetting the first party's password responsive to receiving authorization from the second party. | 02-12-2015 |
| 20150052584 | Access Control System - There is provided a method for delivering web resources to user devices, the method comprising: receiving a plurality of resource requests for a web resource, each resource request being received from a respective user device; and, for each resource request for the web resource, sending an authorisation request to an access server, the authorisation request including authorisation data comprising user identification information. Further, there is provided method for authorising delivery of web resources, the method comprising: receiving an authorisation request from a content delivery network, the request including authorisation data comprising user identification information; authorising the authorisation request based on the authorisation data; and, returning a response to the content delivery network based on the authorisation, wherein if the authorisation is negative the response includes an address of an alternative web resource different from the requested web resource. A content delivery network, access server, system and computer readable medium are also provided. | 02-19-2015 |
| 20150052585 | Systems and Methods for Managing Digital Content Entitlements - Systems and methods for managing digital content entitlements in distributed computer systems. An example method may comprise: receiving, by a processor, a request comprising an identity certificate and a digital content identifier; validating an entitlement of a requestor identified by the identity certificate to consume, over an entitlement period of time, the digital content identified by the digital content identifier; determining that a pre-defined authorization period of time does not exceed the entitlement period of time; and transmitting, to the requestor, a response comprising at least one of: a status code and a content certificate authorizing to consume the digital content for the pre-defined authorization period of time. | 02-19-2015 |
| 20150052586 | ENHANCING NETWORK SECURITY - Briefly, embodiments of methods or systems for providing enhancements to network security are disclosed. | 02-19-2015 |
| 20150052587 | SYSTEM AND METHOD FOR GRADUATED SECURITY IN USER AUTHENTICATION - A computer system for authenticating user access to at least one computer application of a plurality of computer applications is provided. The computer system includes a memory device and a processor. The computer system is programmed to identify a security level from a plurality of security levels for each computer application within the plurality of computer applications. The plurality of security levels include at least a first-tier security level and a second-tier security level. The second-tier security level requires additional authentication information as compared to the first-tier security level. The computer system is also programmed to create a user account for a user within the memory device with the first-tier security level, and to determine that the user account requires the second-tier security level, and prompt the user to enter the additional authentication information. The computer system is also programmed to promote the user account to the second-tier security level. | 02-19-2015 |
| 20150052588 | SERIALIZED AUTHENTICATION AND AUTHORIZATION SERVICES - Requests for User Services on networked computers running on different platforms with different Authentication, Authorization and Auditing (AAA) Security Systems are processed through an AAA Services Manager Server and Web Services Servers. The AAA Services Manager Server communicates requests for User Services to Web Services Servers using corresponding URL Web addresses. Web Services correspond to their respective Authentication Security Systems and Authorization Security Systems through which User Services may be obtained. The Web Services Servers act to access, for User validation, the respective Authentication Security Systems and Authorization Security Systems according to their individual languages and computing platform requirements. | 02-19-2015 |
| 20150052589 | APPARATUS FOR PROCESSING IMAGE, METHOD FOR PROVIDING PERSONALIZATION SERVICE, AND COMPUTER-READABLE MEDIUM - The disclosure relates to an image processing apparatus, a method for providing personalization service, and a computer-readable medium. An image processing apparatus according to an exemplary embodiment may include a data parsing unit configured to, by using an apparatus information and a user information obtained from a peripheral user apparatus, parse a security information requiring security from among the user information to a plurality of security information; an interface configured to divide and provide the plurality of parsed security information to at least one apparatus among the user apparatus and an external apparatus; and a personalization service unit configured to, when a personalization service of the user apparatus is requested, perform authorization of the user apparatus by receiving the security information divided and provided from the at least one apparatus, and provide the personalization service to the user apparatus according to an authorization result. | 02-19-2015 |
| 20150052590 | COMPUTERIZED AUTHORIZATION SYSTEM AND METHOD - A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity. | 02-19-2015 |
| 20150052591 | DATA COMMUNICATION SYSTEM FOR WORKING MACHINE - A management server includes a user management database in which mobile terminal identification information on the mobile terminal and working machine identification information on a sold working machine are registered in association with each other, a user registration determination unit adapted to determine whether or not the mobile terminal and the working machine are registered in association with each other on the basis of the mobile terminal identification information and the working machine identification information outputted from the mobile terminal and the mobile terminal identification information and the working machine identification information stored in the user management database, and an authorization information output unit adapted to output an authorization key necessary for wireless communication between the mobile terminal and the working machine in the case where the user registration determination unit determines that the mobile terminal and the working machine are registered in association with each other. | 02-19-2015 |
| 20150052592 | Methods and Systems for Using Derived User Accounts - Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA. | 02-19-2015 |
| 20150058935 | Out-of-Path, Content-Addressed Writes with Untrusted Clients - A method in data storage involves receiving at a metadata server from a client device a BEGIN_WRITE request identifying data to be written by hashes, consulting, by the metadata server a deduplication table to determine historical nature of the data determined to be written, determining that the data was never previously written, was previously written by another client, or was previously written but failed a verification, sending to the client device write locations with tokens for the data, starting an authentication timer, and authorizing the client device to write directly to the data server using the authentication tokens and the authenticated write locations, determining that the data was previously written by the same client, or that the data was previously written and passed the verification test, notifying the client of this circumstance, and receiving from the client device an END_WRITE request. | 02-26-2015 |
| 20150058936 | SYSTEM, APPARATUS, AND METHOD FOR SHARING ELECTRONIC DEVICE - A system, apparatus, and method for sharing content in an electronic device behaving as a cloud electronic device are provided. An electronic device behaving as a guest electronic device includes a controller to detect an input of account information associated with a manager electronic device. The controller of the guest electronic device transmits account information associated with the manager electronic device and accesses the cloud electronic device when the manager electronic device acknowledges the request. | 02-26-2015 |
| 20150058937 | STREAMING VIDEO TO CELLULAR PHONES - A method, system, and computer program product for deploying data to a web server for streaming video to a mobile device. The method can include receiving a request for streaming video from a mobile device upon the resolving of the request by a DNS. The method can further include simultaneously sending both a request to a database for the video requested and a playlist for the video to the mobile device. The method can then include receiving the video from the database. The video received is sent as a sequence of blocks, where each block can further be comprised of a sequence of chunks. The method can even further include decompressing each block and storing each chunk on a web server. The method can further include an exchange of a security credential. | 02-26-2015 |
| 20150067784 | COMPUTER NETWORK SECURITY MANAGEMENT SYSTEM AND METHOD - A computer network security management system is provided, in which a corporate computer network can be substantially separated from an external network because the external exposure of the corporate computer network is minimized, and a possibility that a hacker may get into a relay server or a central server can be fundamentally cut off. The computer network security management system is expected to further enhance the security level of a corporate computer network. | 03-05-2015 |
| 20150067785 | METHOD AND APPARATUS FOR A DEVICE MANAGEMENT APPLICATION - An approach for implementing a local device management application for deterring misuse, loss, or theft of mobile devices includes determining that a use of a first device at least substantially satisfies one or more use criteria. The approach also includes generating a notification message regarding the use. Further, the approach includes initiating a transmission of the notification message from the first device to a second device. | 03-05-2015 |
| 20150067786 | VISUAL IMAGE AUTHENTICATION AND TRANSACTION AUTHORIZATION USING NON-DETERMINISM - Methods and systems described herein perform a secure transaction. A display presents images that are difficult for malware to recognize but a person can recognize. In at least one embodiment, a person communicates transaction information using visual images received from the service provider system. In at least one embodiment, a universal identifier is represented by images recognizable by a person, but difficult for malware to recognize. | 03-05-2015 |
| 20150067787 | MECHANISM FOR FACILITATING DYNAMIC ADJUSTMENTS TO COMPUTING DEVICE CHARACTERISTICS IN RESPONSE TO CHANGES IN USER VIEWING PATTERNS - A mechanism is described for facilitating dynamic adjustments to features of computing devices according to one embodiment. A method of embodiments, as described herein, includes automatically monitoring usage patterns relating to a user of computing device. The usage patterns may be based on audio user characteristic or visual user characteristics relating to usage of the computing device. The method may further include automatically monitoring environment patterns relating to the usage of the computing device. The environment patterns may be based on surrounding environment having the user and the computing device. The method may further include facilitating dynamic adjustment of one or more features of the computing device based on one or more of the usage patterns, environment patterns, and user preferences. | 03-05-2015 |
| 20150067788 | CONNECTION MANAGEMENT METHOD AND SYSTEM FOR RELAYING CLIENT AND BACKEND OF SERVER ON SERVER SIDE - Provided is a connection management method and system for relaying a client and a backend module of a server on a server side. A connection management method performed by a connection management system may include receiving a request message from a client device, adding an authentication tag and a service tag for a connection to the request message, verifying a right of the authentication tag and a right of the service tag using a uniform resource identifier (URI) of the request message, searching for a service corresponding to the request message using the URI, and transferring the request message to the found service. | 03-05-2015 |
| 20150067789 | METHOD AND APPARATUS TO PROVIDE A NETWORK SOFTWARE DEFINED CLOUD WITH CAPACITY TO PREVENT TENANT ACCESS TO NETWORK CONTROL PLANE THROUGH SOFTWARE DEFINED NETWORKS - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 03-05-2015 |
| 20150067790 | Methods, Circuits, Devices, Systems and Associated Computer Executable Code for Discovering and Providing Digital Content - Disclosed are methods, circuits, devices, systems and computer executable code for discovering and providing digital content. Identifier of a wireless communication signal source may be associated with a specific store or collection of digital content. | 03-05-2015 |
| 20150067791 | CONTEXTUAL DEVICE LOCKING/UNLOCKING - Particular embodiments of a computing device associated with a user may detect an event using a sensor of the computing device. The event may be a lock-triggering event or an unlock-triggering event. The computing device may assess a state of the device. The computing device may also access further information associated with the user. The computing device may also monitor activity on the computing device to detect further events if such further monitoring is warranted. Based on the gathered information, the computing device may update a lock status of the device to lock or unlock access interfaces of the computing device, functionality of the computing device, or content accessible from the computing device. If the event comprised the computing device detecting an attempt by a third party to use the device, the device may attempt to identify the third party to determine if they are authorized to use the device. | 03-05-2015 |
| 20150074762 | MOBILE DEVICE AND INFORMATION PROTECTION METHOD THEREOF - A mobile device and an information protection method are presented. The mobile device includes a sensor, a storage and a processor that is electrically connected with the sensor and the storage. The sensor is configured to sense at least one electronic device. The processor is configured to determine an authority of the at least one electronic device and define a protection state for at least one part of the information stored in the storage according to the authority. The information protection method is applied to the mobile device to implement the aforesaid operations. | 03-12-2015 |
| 20150074763 | PROXIMITY AND BEHAVIOR-BASED ENTERPRISE SECURITY USING A MOBILE DEVICE - A system and method for facilitating configuring software security functionality. An example method includes employing a first computing device to collect information associated with a user of enterprise software, resulting in collected information; and dynamically adjusting one or more security features of enterprise software running on or accessible via a second device based on the collected information. The software running on the second device may include or represent the enterprise software that includes software security functionality. The collected information may include contextual information. An administrator user option facilitates adjusting the one or more rules. | 03-12-2015 |
| 20150074764 | METHOD OF AUTHORIZING AN OPERATION TO BE PERFORMED ON A TARGETED COMPUTING DEVICE - A method of authorizing an operation to be performed on a targeted computing device is provided. The method includes generating a request to perform an operation on the targeted computing device, signing the request with a private key of a first private, public key pair, transmitting the request to an authentication server, receiving an authorization response from the authentication server that includes the request and an authorization token, and transmitting the authorization response to the targeted computing device. | 03-12-2015 |
| 20150074765 | REGISTRATION AND CONFIGURATION OF POINT-OF-SERVICE DEVICES - A method, apparatus, and computer readable storage medium are disclosed for registration and configuration of point-of-service (POS) devices. The method includes using a device identifier in determining whether a device is authorized to access a retail point-of-service application. In response to a determination that the device is authorized, the method includes allowing the device access to the POS application and providing the device with application profile information for the POS application. The apparatus includes a processor, a network interface configured for communication with a POS device, and a POS interface application configured to use a device identifier in determining whether a device is authorized to access a retail POS application. The non-transitory computer readable storage medium is configured to store program instructions that when executed are configured to cause a processor to perform the method. | 03-12-2015 |
| 20150074766 | INFORMATION PROCESSING METHOD AND APPARATUS - An information processing method and apparatus are provided. The method is applicable to a first electronic device, where information about a first preset relationship between the first electronic device and a second electronic device is recorded upon detection of the first preset relationship. If it is judged from the recorded information on the first preset relationship that the first preset relationship between the second electronic device and the first electronic device satisfies a first preset condition, then the second electronic device is authorized for a data access privilege so that the second electronic device has a privilege to access data in the first electronic device. This method can lower the complexity of the data access and improve the convenience of the data access between the electronic devices. | 03-12-2015 |
| 20150074767 | SYSTEM AND METHOD FOR SECURE COMMUNICATION BETWEEN - A system and method of executing secure communications between first and second domains includes a first logical unit and a second logical unit. The first logical unit periodically calculates timestamps and hashes. The first logical unit also transmits a web form to a node of a first domain responsive to a request and the web form is displayed to a user. The first logical unit receives data input to said web form by the user and enhances the data by adding one or more security services. The first logical unit translates the received data from a first network application level protocol to a target network application level protocol while preserving said data security enhancements and transmits the translated data across a public network. A second logical unit de-enhances the translated data and filters the translated data data. The second logical unit further authorizes the filtered data and transmits the filtered data to a node of the second domain for use in an application. | 03-12-2015 |
| 20150074768 | METHOD AND SYSTEM FOR OPERATING A WIRELESS ACCESS POINT FOR PROVIDING ACCESS TO A NETWORK - A method is described for operating a single network adapter for use on two different sub-networks of the same type, and a corresponding apparatus. The method comprises setting up a first network address and routing table in the network adapter for use in the first sub-network; setting up a second network address and routing table in the network adapter for use in the second sub-network; receiving data for one of the first and second sub networks, and re-transmitting the data to the other of the first and second sub-network, using the network addresses and routing tables. | 03-12-2015 |
| 20150074769 | METHOD OF ACCESSING A NETWORK SECURELY FROM A PERSONAL DEVICE, A PERSONAL DEVICE, A NETWORK SERVER AND AN ACCESS POINT - A method of accessing a network securely using a personal device which can only access the network via one or more authorized access points, the method including establishing a connection between the network and the personal device via an access point; checking in the network whether the access point is on a white list of authorized access points for use with the network; if the access point is on the white list, allowing the personal device to access the network securely via the access point; and if the access point is not on the white list, not allowing the personal device to access the network securely. | 03-12-2015 |
| 20150074770 | SECURE AUTHORIZATION OF MODULES RUNNING ON VIRTUALIZED HARDWARE - A method is described that includes securing authorization for a control module to conduct a test using a plurality of test modules running on a plurality of virtual machines. The method further includes registering the plurality of test modules with the control module to conduct the test. Authorization of the control module is extended to the test modules by securely communicating authorization and instructions to a first set of the registered test modules to send test stimulus to a device under test. Similarly, the authorization is extended to the test modules by securely communicating authorization to and receiving test result data from a second set of the registered test modules, wherein the test result data is responsive to the test stimulus sent to the device under test. The first and second sets of registered test modules can overlap or be the same test modules. | 03-12-2015 |
| 20150074771 | METHODS FOR RAPID ENROLLMENT OF USERS OF A SECURE, SHARED COMPUTER SYSTEM VIA SOCIAL NETWORKING AMONG PEOPLE ON A SELECTIVE LIST - The present invention is directed to a system for rapid enrollment of users of a secure, shared computer system comprising: (a) a secure shared computer system accessible only by approved users; (b) a plurality of approved users of the secure shared computer system; (c) a system manager that operates the secure shared computer system; (d) a plurality of member organizations, wherein the member organizations purchase a right to allow employees or members of the member organizations to be approved users of the shared computer system from the system manager; (e) at least one email system operated by each member organization which the employees or members of the member organizations use to receive and send email, where access to email sent to each individual employee or member is securely limited to that individual; (f) at least one accrediting organization, wherein the at least one accrediting organization registers member organizations and grants rights for employees or members of the member organizations, individuals holding such rights being people who are eligible to use the shared computer system; and (g) a selective list of eligible organizations and individuals; wherein an organization must be registered by the accrediting organization to be eligible to be a member organization; wherein a person must be an employee or member of a member organization and hold rights granted by at least one of the accrediting organizations to be eligible to be a user of the shared computer system; wherein the system manager organizes the shared computer system to enforce registration by an organization and holding of rights by an individual; and wherein the selective list enumerates the individuals who hold such rights and are eligible to become approved users of the shared computer system. | 03-12-2015 |
| 20150074772 | SYSTEM AND METHOD FOR IMPROVED COMMUNICATION ON A WIRELESS NETWORK - Systems and methods for wireless communication are disclosed. In one aspect an access point (AP) includes a processor configured to generate a frame with an information element (IE) assigning a restricted access window (RAW) and to determine whether or not to include a field in the IE indicating a group of one or more devices allowed to transmit during the RAW based on a type of the RAW. The processing system further includes an interface to output the generated frame for transmission. According to aspects, at least one option type (e.g., Omni) of the RAW type (e.g., Simplex) is accessible by devices regardless of their device type. Accordingly, the AP may not include the field in the IE indicating the group of one or more devices allowed to transmit during the RAW for the at least one option type of RAW. | 03-12-2015 |
| 20150074773 | Method and System for Remote Data Access Using a Mobile Device - A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices. | 03-12-2015 |
| 20150082386 | METHOD AND SYSTEM FOR SHARING CONTENT FILES USING A COMPUTER SYSTEM AND DATA NETWORK - A system for distributing digital content obtained from a variety of sources in a variety of formats is described that utilizes a content distribution system configured to receive and store the content files, convert the content file both into a standardized format file and into a thumbnail file, and associate the content with one or more tags that can signify characteristics or relevant facts about the content file. Users of the system select one or more tags on their remote devices in order that the content distribution system automatically transmit to the remote device thumbnail images of those content files that match the selected tags. Users can then select the thumbnail image in order to cause the system to transmit to the remote device the standardized format version of the content. | 03-19-2015 |
| 20150082387 | SYSTEM AND METHOD FOR SECURE DISTRIBUTION OF COMMUNICATIONS - A method for building and managing send jobs with restricted information, the method comprising constructing at least one email with at least one reference to a restricted information and injecting each of the at least one emails to one or more send centers, wherein each of the one or more send centers is authorized to receive the restricted information, | 03-19-2015 |
| 20150082388 | SERVICE ACCESS CONTROL - Embodiments of the present invention provide a service access control system having a service object ( | 03-19-2015 |
| 20150082389 | INFORMATION PROCESSING SYSTEM, DEVICE, AND INFORMATION PROCESSING METHOD - A first obtaining unit obtains authentication information. A first sending unit sends the authentication information. A generating unit generates an execution request. A second sending unit sends the execution request. A device includes a first holding unit holding authentication information registered in advance; an authenticating unit performing an authentication operation by determining whether one or more sets of authentication information held by the first holding unit include authentication information matching with authentication information received by a first receiving unit; a second holding unit holding identification information of the authenticated user; and a control unit performing, when identification information included in the execution request received by a second receiving unit matches with identification information held by the second holding unit, control to perform operations based on the execution request, and, when the two sets of identification information do not match, control to request the information processing terminal for the authentication information. | 03-19-2015 |
| 20150082390 | METHOD AND A SYSTEM FOR SECURE LOGIN TO A COMPUTER, COMPUTER NETWORK, AND COMPUTER WEBSITE USING BIOMETRICS AND A MOBILE COMPUTING WIRELESS ELECTRONIC COMMUNICATION DEVICE - A method of authenticating and certifying that the conducting party that is conducting at least one of: (i) secure login to a computer; (ii) secure login to a computer network; (iii) secure login to a computer website, is (i) the authorized conducting party authorized to login and (ii) using the conducting party's authorized mobile computing wireless electronic communication device to login. More particularly, the conducting party that conducts a login is not required to know or type in the conducting party's User Names and Passwords or required to remember or know a Username or Password. The authentication and certification of a conducting party is performed by using biometric technology means and a mobile computing wireless electronic communication device. | 03-19-2015 |
| 20150082391 | Secure Messaging - Systems and methods are disclosed for secure messaging and content sharing. In one implementation, a processor receives a message associated with a recipient, provides, to the recipient, a notification pertaining to the message, and, based on a determination of a performance of one or more authentication actions with respect to the message, provides the recipient with access to the message. In another implementation, a processor receives a message including one or more content segments, receives inputs in relation to at least one of the content segments, processes the inputs to determine that an authentication action is being performed with respect to the one of the one or more content segments, and based on a determination that the authentication action is being performed with respect to the one of the one or more content segments, presents the at least one of the one or more content segments. | 03-19-2015 |
| 20150082392 | METHOD FOR MANAGING ACCESS TO PROTECTED COMPUTER RESOURCES - A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification. | 03-19-2015 |
| 20150082393 | SECURE ESTABLISHMENT METHOD, SYSTEM AND DEVICE OF WIRELESS LOCAL AREA NETWORK - The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network to which the UE is accessed when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE. | 03-19-2015 |
| 20150082394 | TELECOMMUNICATIONS APPARATUS AND METHOD, STORAGE MEDIUM, AND PROGRAM - The present invention relates to a telecommunications apparatus and a method, a storage medium, and a program for determining whether or not an other side communicating apparatus is near in a network. In a transmitting apparatus, a transmitting unit transmits a sending-message, and a control unit receives a response message to the sending-message, which includes acknowledgement information based on shared data and transmission information in the sending-message. The transmitting apparatus also includes a first judging unit that judges whether a response time of the acknowledgement message is less than a predetermined time. A receiving apparatus includes a generating unit that generates the acknowledgment information and transmits the response message to the transmitting apparatus. | 03-19-2015 |
| 20150082395 | Method and Apparatus for Media Information Access Control, and Digital Home Multimedia System - The present invention is applicable to the field of digital home networks and provides a method and apparatus for media information access control, and a digital home multimedia system. The method includes aggregating media information and access rights information of the media information on a first media server. The method also includes returning, to a control device that sends a media access request, a media information list which the control device has rights to access. The media information list is returned according to the aggregated media information and the aggregated access rights information of the media information. The present invention ensures security of the media information in the digital home multimedia system when the media information in the digital home multimedia system is aggregated for browsing. | 03-19-2015 |
| 20150089591 | HANDLING ENCODED INFORMATION - A method comprises a portable device obtaining a graphical encoded information item which is displayed on a display of a computing apparatus, decoding the encoded information from the encoded information item, and transmitting a first message to first server apparatus, the first message including the decoded information and a first identifier identifying the device or a user of the device, wherein the decoded information includes an apparatus identification information item for allowing identification of the computing apparatus, and the first server apparatus receiving the first message from the device, establishing the identity of the user of the device, wherein establishing the identity of the user comprises using the first identifier to determine if the user is registered with the first server apparatus in response to establishing the identity of the user, authorising the user to access a service, and providing the service to the user via the computing apparatus using the apparatus identification information item or sending a second message to a second server apparatus, the second message including the apparatus identification information item and indicating that the user is authorised to access the service provided by the second server apparatus, the second server apparatus responding to receipt of the second message by providing the service to the user via the computing apparatus using the apparatus identification information item. | 03-26-2015 |
| 20150089592 | CAPTIVE PORTAL SYSTEMS, METHODS, AND DEVICES - Embodiments of the present technology provide out-of-band captive portal devices, networks, and methods. An example of a method includes executing a redirection of a client request for network access to a captive portal login, initiating an association between the wireless controller and the client, receiving authentication credentials of client from the captive portal login, negotiating a change of authorization with a wireless controller in accordance with RFC 5176 protocol, wherein the controller includes a mapping to a captive portal Internet Protocol (IP) address, and redirecting the client to a URL specified in the client request for network access. | 03-26-2015 |
| 20150089593 | METHOD AND SYSTEM FOR USING A VIBRATION SIGNATURE AS AN AUTHENTICATION KEY - A method and computer program product for using a vibration signature as an authentication key to authorize access of a user computer to a network. A vibration device generates a vibration signal of the vibration signature. In one embodiment, a router detects and validates the vibration signal, and then the router starts a session of connecting the user computer to the network. In another embodiment, the user computer decodes the vibration signal of the vibration signature to a security set identifier and a security key, and then sends to a router. In response to validating the security set identifier and the security key, the router starts a session of connecting the user computer to the network. | 03-26-2015 |
| 20150089594 | RESIDENTIAL GATEWAY BASED POLICY - Various exemplary embodiments relate to a method performed by a policy server in a communication network. The method includes receiving an access request message including a residential gateway identifier and a subscriber identifier; evaluating a policy rule based on the residential gateway identifier, the policy rule including a condition referencing the residential gateway identifier; and responding to the access request message based on evaluation of the policy rule and the subscriber identifier. The method may further include: receiving an IP address of the residential gateway; storing the IP address in association with the residential gateway identifier; receiving, from a service portal, a request for identification of a residential gateway associated with an IP address; sending the stored residential gateway identifier to the portal; receiving new subscriber information; and changing the authorization of the residential gateway based on the new subscriber information. | 03-26-2015 |
| 20150089595 | METHOD AND SYSTEM FOR FACILITATING ONLINE GAMING - One embodiment provides a system that facilitating location verification of a wireless access point and associated user devices. During operation, the access point establishes a secure communication channel with a location verification server. The access point then transmits to the location verification server an identifier of the access point, an external IP address of the access point, and location information for the access point via the secure communication channel. Next, the access point receives a packet from a user device, replaces the packet's source IP address with the access point's external IP address, and transmits the packet, thereby allowing the user device's physical location to be verified. | 03-26-2015 |
| 20150089596 | USING REPRESENTATIONAL STATE TRANSFER (REST) FOR CONSENT MANAGEMENT - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 03-26-2015 |
| 20150089597 | MULTIPLE RESOURCE SERVERS INTERACTING WITH SINGLE OAUTH SERVER - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 03-26-2015 |
| 20150089598 | ENTITY SECURITY IMPLIED BY AN ASSET IN A REPOSITORY SYSTEM - Techniques are described for managing access to a repository system storing information (e.g., metadata) about objects (e.g., an application, a process, or a service) in a computing environment. The repository system can store a data structure (an “entity”) that includes information about an object. An entity can have an association with one or more collections of entities (“assets”) that classify a collection of entities. Access to perform actions (e.g., create, read, update, or delete) an entity can be managed based on an entitlement, which grants a right to access information in the entity and/or at least one asset having an association with the entity. The repository system can manage access to one or more entities based on rights implied by an entitlement to access one or more assets associated with those entities. | 03-26-2015 |
| 20150089599 | METHOD AND APPARATUS FOR CUSTODIAL MONITORING, FILTERING, AND APPROVING OF CONTENT - The system provides a method and apparatus for a parent or other custodian or guardian to monitor, filter, and approve of content to be accessed by a child or children on a network. In one embodiment, the system logs all activity on a network by a child and sends regular historical reports to the parent for review. The parent can set certain triggers that will provide more immediate feedback when certain events occur or when certain types of data are accessed, or an attempt is made by the child for such access. The system allows the parent to control the filters and options from a variety of sources, including via the child's computer, texting, instant messaging, cell phone, other web enabled computers, PDA's, etc. | 03-26-2015 |
| 20150089600 | METHODS, DEVICES AND SYSTEMS FOR ROUTER ACCESS CONTROL - A method for controlling access to a router is provided. The method includes: transmitting a first connection request for establishing a connection using a visitor identity to a router, wherein the first connection request comprises a user identification of a first terminal device; receiving indication information which is transmitted from a second terminal device, the indication information indicating that access to the router is permitted; and transmitting a second connection request for establishing a connection to the router, wherein the second connection request comprises the received indication information. | 03-26-2015 |
| 20150089601 | AUTOMATIC AUTHORIZATION OF USERS AND CONFIGURATION OF SOFTWARE DEVELOPMENT ENVIRONMENT - Automatic authorization of users and configuration of a software development environment can include selecting a task defined within a project plan of a software system under development, wherein the task specifies a development tool and a user, and automatically authorizing, using a centralized data processing system, the user to access the development tool. | 03-26-2015 |
| 20150089602 | System and method for controlling electronic communications - The approved email generation system described is capable of producing email communications between user and customer by using approved email templates, content and call to action items that have been aligned with customer information. Once the approved email has been generated, the content and call to action items may be verified again for accuracy and validity before being delivered to the customer. When the customer accesses delivered content, the approved email generation system again verifies the content and allows the customer access to only the most current version of the content available. The system provides for control of the content of electronic communications to customers. | 03-26-2015 |
| 20150089603 | USING A LOCAL AUTHORIZATION EXTENSION TO PROVIDE ACCESS AUTHORIZATION FOR A MODULE TO ACCESS A COMPUTING SYSTEM - Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system. A memory stores information on a first validity range comprising position coordinates for a module seeking to access the computing system and a second validity range comprising position coordinates for a location authorization extension for a computing system. A determination is made of a first position signal from a first receiver of the module and of a second position signal from a second receiver of the location authorization module. Determinations are made as to whether the first position signal is within the first validity range and whether the second position signal is within the second validity range. The module is granted access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range. | 03-26-2015 |
| 20150095984 | METHOD AND SYSTEM FOR SYSTEM FOR CONTROLLING ONLINE USER ACCOUNT USING A MOBILE DEVICE - A method and system for controlling online user account using a mobile device. The method includes receiving an option to lock an online account of a user from a service provider. The computer-implemented method also includes locking the online user account by using a mobile device. Further, the computer-implemented method includes initiating a user action at a later point of time. Furthermore, the computer-implemented method includes receiving an alert to unlock the online user account in order to perform the user action and obtaining an unlock password from the service provider. Moreover, the computer-implemented method includes unlocking the online user account with the unlock password by using the mobile device and performing the user action subsequent to the unlocking, thereby controlling the online user account using the mobile device. The system includes a computing device, a web browser, a service provider and a mobile device. | 04-02-2015 |
| 20150095985 | Parental Control System For Controlling Access To Online Store Contents - A parental control system for controlling child access to objectionable or age-inappropriate online content is disclosed, implemented in one embodiment within a service platform associated with an online media store. The service platform maintains a parental control menu, accessible by responsible authorities (e.g., parents/guardians and store administrators) to identify child users, to specify allowed or objectionable content items or categories and to specify allowed or blocked transactions relating to those items or categories for certain ages of children or for individual children. When a child user accesses the online media store, the service platform consults the parental control menu to determine which content and which types of transactions (e.g., browsing, previews, downloads) should be enabled or blocked. | 04-02-2015 |
| 20150095986 | Identification, Verification, and Authentication Scoring - Systems and methods are provided for responding to a communication received from an individual. An identification score may be obtained for the communication that indicates the likelihood that a claimed identity of the individual is the actual identity of the individual. A verification score for the communication may also be obtained that indicates the likelihood a purported source of the communication is the actual source of the communication. An authentication score for the communication may additionally be obtained that indicates the likelihood the individual has been authenticated. An overall score for the communication may be generated and based on the identification score, verification score, and authentication score. A response to the communication may thus be determined based on the overall score. The response may be a grant or denial of access to one or more services requested by the individual through the communication. | 04-02-2015 |
| 20150095987 | SYSTEMS AND METHODS OF VERIFYING AN AUTHENTICATION USING DYNAMIC SCORING - Systems and methods of verifying an authentication based on dynamic scoring are disclosed in which a base verification score associated with a user is generated based on at least one identification input, the identification input comprising an identification feature, a feature validity rating, a source where the identification feature is received, and a source validity rating. A request to access a service is received, and the base verification score is compared with a service authorization threshold associated with the service. When the base verification score meets the service authorization threshold, access is granted to the service. | 04-02-2015 |
| 20150095988 | INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING METHOD - An information processing device includes a storage area creation unit that creates a storage area containing a search condition for searching for data items in response to an input operation, a search unit that searches for, when the storage area containing the search condition is created, data items which match the search condition contained in the storage area from among data items stored in a database, a link information creation unit that creates link information for accessing the matching data items searched for by the search unit, and an arranging unit that arranges the link information created by the link information creation unit into the created storage area. | 04-02-2015 |
| 20150095989 | MANAGING SHARING OF WIRELESS NETWORK LOGIN PASSWORDS - Managing sharing of wireless network login passwords is disclosed, including: receiving from a terminal an authentication request to authenticate a wireless network, wherein the authentication request includes a first identifying information; sending an authentication code to the terminal, wherein the authentication code is to be configured as a newly configured login password associated with the wireless network; receiving a feedback response from the terminal, wherein the feedback response includes a second identifying information and the newly configured login password associated with the wireless network; in the event that the first identifying information matches the second identifying information and the authentication code matches the newly configured login password, determining that the terminal is an administrative terminal associated with the wireless network; and storing at least one of the first identifying information and the second identifying information as authentication identifying information with the newly configured login password. | 04-02-2015 |
| 20150095990 | DEVICE REPUTATION - A user device is associated with a dynamic trust score that may be updated as needed, where the trust score and the updates are based on various activities and information associated with the mobile device. The trust score is based on both parameters of the device, such as device type, registered device location, device phone number, device ID, the last time the device has been accessed, etc. and activities the device engages in, such as amount of transactions, dollar amount of transactions, amount of denied requests, amount of approved requests, location of requests, etc. Based on a transaction request from the user device, the trust score and a network reputation score is used to determine an overall trust/fraud score associated with the transaction request. | 04-02-2015 |
| 20150095991 | Network Access Method, Authentication Method, Communications System and Relevant Devices - A network access method, an authentication method, a communications system, and relevant devices are provided. The authentication method includes: receiving a request message sent from an Access Node (AN), wherein the request message carries subscriber line information and a Link-Local Address (LLA); sending an access request to an Authentication, Authorization and Accounting (AAA) server according to the subscriber line information; receiving an authentication result indicating the authentication is successful; determining whether an address matching the LLA carried in the request has been stored in the BNG; and storing the LLA in the BNG, if the address matching the LLA is not stored in the BNG. | 04-02-2015 |
| 20150101018 | Communication Devices, Computer Readable Storage Devices, and Methods for Secure Multi-Path Communication - A message is divided into multiple message segments, and a network interface is selected from among a plurality of different types of network interfaces included within a communication device for transmitting each message segment. Each network interface is dedicated to a different type of communication protocol using a different encryption technique, and a network interface is selected for transmitting each message segment according to a pattern of the network interfaces. Secure transmission of the multiple message segments is initiated via the network interfaces according to the pattern. | 04-09-2015 |
| 20150101019 | Method and System to Communicate between Host System and Network of Remote Client Computers linked to Wireless Mobile Communication Devices - Embodiments of a system and method allowing a host system to select among a plurality of Remote Client Computers (RCC) the one RCC that is wirelessly coupled to and closest to a specific Wireless Mobile Communication Device (WMCD) to communicate with are described. The coupling between the RCC and the WMCD is for the purpose of determining which RCC in the network the server should send the data to and receive from. The process is executed on a host server computer coupled to a plurality of RCC over either a wireless or wired network. The server computer detects the presence and precise location of a WMCD using a system of wireless sensors. Once the precise location of the WMCD is determined, the server system selects among a plurality of RCC the one RCC that is wirelessly coupled to and closest to a specific WMCD to communicate with. | 04-09-2015 |
| 20150101020 | METHOD AND APPARATUS FOR CREATING CONDITIONAL WINDOWS PROCESS TOKENS - A system and method for taking control of process token creation in the Windows operating system to create conditional process tokens that define access to system resources for process running on a Windows computer. The system includes an LSA shim layer that intercepts standard Windows requests for authentication and authorization and an authentication agent that determines context for each request. A custom authentication and authorization (A&A) store determines authentication success and the amount of authorization based on context and supplied credentials. Once the custom A&A store determines a successful log-on and defines authorization for the user, it passes the elements of authorization through the authentication agent to the LSA shim layer, which passes them on to the LSA module, which in turn uses them to request a Windows process token from the Windows kernel. The Windows kernel assigns the token to a user's session on the computer, defining the level of resource access available to processes the user launches. | 04-09-2015 |
| 20150101021 | HYBRID SYNCHRONIZATION BETWEEN CLOUD AND ON-PREMISE SYSTEMS IN A CONTENT MANAGEMENT SYSTEM - Content maintained in a first repository of a first installation (which can optionally be an on-premise installation) of a content management system, as well as metadata associated with the content, can be shared via an approach in which content items maintained in the first repository are synchronized with a copy of the content items maintained in a second repository of a second installation (which can optionally be a cloud-based installation). The first installation can be optionally firewall protected. The copy of the content items can be accessed by collaborative users both within and external to a firewall. Related systems, methods, products, etc. are described. | 04-09-2015 |
| 20150101022 | Interaction Privacy in a Default Network - A system and a method are disclosed for controlling access to content in a default network computing system. The method includes receiving a request for a data item from a user, retrieving privacy settings associated with the data item, and retrieving groups associated with the requesting user's user profile. An access level is determined based on the groups associated with the requesting user profile and the retrieved privacy setting. The data item is redacted based on the determined access level and then provided for display to the requesting user. | 04-09-2015 |
| 20150101023 | RELAY APPARATUS, RELAY SYSTEM, RELAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A relay apparatus includes a memory that stores right information indicating a right to access a service providing apparatus, a first retrieval unit that retrieves, from a client apparatus, identification information of a user registered in the service providing apparatus that is a target of an access request from the client apparatus, and an access unit that accesses the service providing apparatus as the target using the identification information retrieved by the first retrieval unit instead of the right information stored on the memory if the right information to access the service providing apparatus as the target is not valid. | 04-09-2015 |
| 20150101024 | DISPERSED STORAGE SYSTEM WITH IDENTITY UNIT SELECTION AND METHODS FOR USE THEREWITH - A method for execution by one or more processing modules of a dispersed storage network (DSN) includes receiving a data access request for at least one data segment stored in the DSN. One of a plurality of identity units is selected, based on the data access request. The method determines, via the selected one of the plurality of identity units, whether to allow the data access request. The data access request is processed, when the data access request is allowed via the selected one of the plurality of identity units. | 04-09-2015 |
| 20150101025 | IMAGE FORMING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - An image forming apparatus, and a method of controlling the apparatus, capable of executing a Web browser application and a cooperation application for cooperating with a server, determines whether a license of the Web browser application is valid and whether the cooperation application for cooperating with the server is valid, and in accordance with the determinations, displays a screen of the Web browser application in which a display item is restricted. | 04-09-2015 |
| 20150101026 | DEVICE, SYSTEM, AND METHOD OF SOCIAL NETWORKING - Device, system, and method of social networking and for creating and managing an online social network, which focuses on deceased persons and their remembrance and memorialization. A living person may create a memorial social network page for a deceased person; and other living users may continuously contribute content items to that memorial page on the social network. Additionally, a living person may create a personal page on the social network; the system may subsequently estimate or determine that the living person passed away, and may automatically convert the personal page into a memorial page, which may be continuously updated and augmented with content items that other users may submit with regard to the user who passed away. | 04-09-2015 |
| 20150101027 | METHOD AND SYSTEM FOR MANAGING DATA IN A COMMUNICATION NETWORK - A method for managing a plurality of files in a communication network having a plurality of clients includes a server receiving ( | 04-09-2015 |
| 20150101028 | SECURE CAPABILITY NEGOTIATION BETWEEN A CLIENT AND SERVER - Embodiments of the present disclosure provide for establishing an authenticated session between a client computing device and a remote computing device. In certain embodiments, a connection is established between the client computing device and the remote computing device. Once the connection is established, the client computing device sends a number of requests to the client computing device including a negotiate request, a setup request, and a validation request. In response to the requests, the client computing device receives a number of responses from the remote computing device including a negotiate response, setup response and a validation response. Once the responses have been received, a determination is made as to whether information contained in the validation response matches information contained in the negotiate response. If the information matches, an authenticated session is established between the remote computing device and the client computing device. | 04-09-2015 |
| 20150101029 | METHODS AND APPARATUS FOR SECURITY OVER FIBRE CHANNEL - Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented. | 04-09-2015 |
| 20150106880 | Authorized Document Distribution and Transmission Control By Groups of Categorized Clauses Apparatus and Method - A document is categorized according to clauses and groups of clauses. A distribution and transmission control system determines from a user login credential if the document may be stored to removable, transportable media or transmitted to an external server through network connections. A scoring system determines the level of sensitivity of the document according to its component clauses and resulting document category. Even if headers and footers are removed from a sensitive document, its component clauses flag the category and sensitivity. | 04-16-2015 |
| 20150106881 | SECURITY MANAGEMENT FOR CLOUD SERVICES - A cloud management node ( | 04-16-2015 |
| 20150106882 | METHOD AND DEVICE FOR IDENTITY AUTHENTICATION - Embodiments of the present invention provide a method and a device for identity authentication. The method for identity authentication includes: according to a selected user digital certificate, generating, by a browser kernel unit, a login request carrying a selected user digital certificate according to the selected user digital certificate, and sending the login request to an application server; receiving, by the browser kernel unit, a response indicating authentication success which is returned by the application server after performing identity authentication according to the selected digital certificate, extracting a webpage file from the response, parsing the webpage file, generating a webpage and sending the webpage to a browser interface unit; and displaying, by the browser interface unit, the webpage. The method and the device for identity authentication provided by embodiments of the present invention improve the convenience and security of identity authentication. | 04-16-2015 |
| 20150106883 | SYSTEM AND METHOD FOR RESEARCHING AND ACCESSING DOCUMENTS ONLINE - Implementations of the present disclosure disclose a system and method for researching and accessing document online comprising, an online system allowing a consumer to search for documents in various online locations, a method of allowing a consumer to purchase and retrieve those documents from the various location through one system, and a method and system of granting the consumer instant access to the documents. | 04-16-2015 |
| 20150106884 | MEMCACHED MULTI-TENANCY OFFLOAD - The present disclosure provides one or network devices having a shared resource that can be remotely accessed by multiple users, also referred to as tenants. The shared resource can be located within one network device or can be spread throughout multiple network devices. One or more resources from among the shared resource can be allocated to one or more corresponding tenants from among the multiple tenants. The one or more corresponding tenants can access their respective resources using one or more commands. The one or network devices can implement an authorization procedure to ensure that the one or more tenants can only access their respective resources. The authorization procedure represents an access control mechanism to grant access to the one or more tenants to only their respective resources. | 04-16-2015 |
| 20150106885 | SYSTEM AND METHOD FOR TRACKING THE COVERSION OF NON DESTRUCTIVE EVALUATION (NDE) DATA TO ELECTRONIC FORMAT - Systems and methods are disclosed for tracking the conversion of data from a hardcopy or physical format such as radiograph film to electronic format such as DICONDE format. The method provides the capability of automatic consistency checks of image quality generated by the digitizer as well as allows for process quality checks by users. Authentication and authorization is built into the digitization process to allow access to authorized users for a particular task. The system provides the capability to generate statistical process control (SPC) curves and reports of the consistency checks. Disaster recovery capability is built into the system. | 04-16-2015 |
| 20150106886 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR GATHERING AND DELIVERING PERSONALIZED USER INFORMATION - A system, method and computer program product for providing a secure data channel between a user and associates. The method may receive pushed information from an associate, including, e.g., an update to the user profile information, related information, or personalized content for the user. The method can convey to the user, personal information including a selectable union of the user profile information, the related information, and/or the personalized content. The method can further share access to the personal information to a family, where the family can include another user, users, or multiple related users. The pushed information can include textual, digitized audio, digitized video, graphical image, or other data, and can include prescription, automobile service, or purchased product information, or voicemail messages. | 04-16-2015 |
| 20150113599 | REGISTRY APPARATUS, AGENT DEVICE, APPLICATION PROVIDING APPARATUS AND CORRESPONDING METHODS - A registry apparatus is provided for maintaining a device registry of agent devices for communicating with application providing apparatus. The registry comprises authentication information for uniquely authenticating at least one trusted agent device. In response to an authentication request from an agent device, the authentication information for that device is obtained from the registry, and authentication of the agent device is performed. If the authentication is successful, then application key information is transmitted to at least one of the agent device and the application providing apparatus. | 04-23-2015 |
| 20150113600 | METHOD AND SYSTEM FOR DETECTING UNAUTHORIZED ACCESS TO AND USE OF NETWORK RESOURCES - Methods and systems are disclosed for detecting unauthorized actions associated with network resources, the actions including access to the resource and activity associated with the resource. The unauthorized actions are detected by analyzing action data of a client action associated with the network resource against credential retrieval data including records of authorized actions and/or procedures for performing an action associated with the network resource. | 04-23-2015 |
| 20150113601 | ESTABLISHING TRUST BETWEEN PROCESSOR AND SERVER - Systems, methods, and machine-readable and executable instructions are provided for establishing trust between a management processor and a management server. Establishing trust between a management processor and a management server can include establishing trust between a scanning device and the management server by scanning a server code on a management server using a scanning device. Establishing trust between a management processor and a management server can include establishing trust between the scanning device and the management processor by scanning a processor code on a management processor using the scanning device. Establishing trust between a management processor and a management server can include creating a secure channel between the management server and the management processor through the scanning device. Establishing trust between a management processor and a management server can include establishing trust between the management server and the management processor through the secure channel. | 04-23-2015 |
| 20150113602 | METHOD AND SYSTEM FOR AUTHENTICATION OF COMMUNICATION AND OPERATION - The subject matter discloses at a first electronic entity, a method for authenticating the first electronic entity by a second electronic entity, the method comprising: receiving, from the second electronic entity, a request for authenticating the first electronic entity; partitioning an at least one resource as a result of the receiving the request; wherein the at least one resource being one member of a group consisting of a memory partition, a disk partition, a chip partition, a control resource and a hardware logic; and providing to the second electronic entity an access permission to the at least one resource; wherein the access permission being for the authenticating; wherein the authenticating being by utilizing the at least one resource; thereby enabling the second electronic entity the authenticating of the first electronic entity by utilizing the at least one resource. | 04-23-2015 |
| 20150113603 | SYSTEM AND METHOD FOR DATA AND REQUEST FILTERING - Data and data requests of users of applications are filtered using a client-resident agent. A user profile may contain data pertaining to restrictions on content the user is permitted to view or types of requests the user is permitted to make. within one or more applications. Data in the user profile may be used to grant or deny access to applications, filter particular content from the user's view, or filter particular data requests made by the user. | 04-23-2015 |
| 20150113604 | CONTENT ACCESS AUTHENTICATION FOR DYNAMIC ADAPTIVE STREAMING OVER HYPERTEXT TRANSFER PROTOCOL - A technology that is operable to authenticate content access for dynamic adaptive streaming over hypertext transfer protocol (HTTP) (DASH) is disclosed. In one embodiment, a client device is configured with circuitry to communicate, to a content server, a request for a media presentation description (MPD). An MPD message is received from the content server indicating one or more content authorization elements to access content at the content server. A request for authorization of the client device to access content at the content server is communicated to an authorization server, when the client device is configured to perform the content authorization elements in the MPD message. An authorization message is received from the authorization server. A content request message requesting one or more DASH segments is communicated to the content server. | 04-23-2015 |
| 20150113605 | COMMUNICATION AND ACTION APPROVAL SYSTEM AND METHOD - A computer-based method for real-time communication authorization includes receiving, from a first communication device, a communication request, verifying, with a verification engine, a pre-approval status of the communication request, storing the communication request in an approval queue if the communication authorization the pre-approval status is set to false, issuing an alert to the authorization device, and receiving one or more authorization parameters from an authorization device. | 04-23-2015 |
| 20150113606 | SYSTEMS AND METHODS FOR CONTROLLING EMAIL ACCESS - Embodiments of the disclosure relate to controlling access to email content. According to various embodiments as described herein, an email message may be accessed by a computing device to identify a uniform resource locator (URL) within the email message, wherein the URL corresponds to a resource residing in a protected location that is not accessible by a native browser application of the client device. The computing device may determine whether the client device is permitted to access the URL and request access to the resource via the secure browser application of the client device upon a determination that the client device is permitted to access the resource in accordance with the at least one resource rule. | 04-23-2015 |
| 20150113607 | METHODS AND SYSTEMS FOR CONTENT AVAILABILITY BASED ON LOCATION - Access to protected content is based on a client device being within a region. The region may be a mobile or movable region, and/or a region that is in motion. In some embodiments, the region may be determined based on a distance from a position within the region, or based on a boundary about the position that need not be symmetrical. In some embodiments, the region is a three dimensional region. In some embodiments, being within the region is further based on the region being above a defined altitude. In further embodiments, a determination for access is based on whether the client device is detected to be in motion relative to the region. | 04-23-2015 |
| 20150113608 | SYSTEM AND METHOD FOR PROVIDING CONTROLLED APPLICATION PROGRAMMING INTERFACE SECURITY - A system and method for providing access to data of a user or services relevant to a user. A customer data key is created by a server that is specific to an application, the user of the application, and the device upon which the application resides. The server may receive an application programming interface call to create the customer data key; however, any call accessing or affecting user-specific data which does not contain a valid and authorized customer data key may be rejected. To authorize the access to the offered data or services, the user conducts an entirely separate transaction not mediated by the application. During this separate transaction, the customer data key may be activated, permitting access to the data or services using the activated customer data key. | 04-23-2015 |
| 20150113609 | ENHANCED COMMUNICATION PLATFORM AND RELATED COMMUNICATION METHOD USING THE PLATFORM - Pre-authorized communication services and/or transactions are provided via a plurality of networks in response to a request received from a user to provide at least one of a communication service, a transaction and user account information via a plurality of networks of different types. Prior to processing the request, there is verification of the users authorization to receive the at least one of the communication service, the transaction, and the user account information, and that an account associated with the user has a sufficient amount currently available for payment of the at least one of the communication service and the transaction. After verification, an authorized account associated with the user is charged in real time as the at least one of the communication service and the transaction is provided. | 04-23-2015 |
| 20150113610 | SYSTEM AND METHOD FOR CENTRALIZEDLY CONTROLLING SERVER USER RIGHTS - Methods and systems for centralizedly controlling server user rights are provided herein. In an exemplary method, a first verification server can receive an instruction sent by a control server. The instruction can include a user-right-processing instruction or a user-right-adding instruction. The first verification server can process stored information of user rights in response to the user-right-processing instruction sent by the control server to generate processed information of the user rights, or the first verification server can store newly added information of the user rights in response to the user-right-adding instruction sent by the control server. The first verification server can then synchronize the processed information of the user rights or the newly added information of the user rights with a second verification server. The second verification server can be in a communication connection with the first verification server. | 04-23-2015 |
| 20150113611 | LEVERAGING A PERSISTENT CONNECTION TO ACCESS A SECURED SERVICE - Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection. | 04-23-2015 |
| 20150113612 | AUTHENTICATION WITHIN OPENFLOW NETWORK - An OpenFlow network controller controls an OpenFlow network. A networking connection is established between the OpenFlow network controller and an OpenFlow network device attempting to become part of the OpenFlow network. After establishing the networking connection with the OpenFlow network device, the OpenFlow network controller attempts to authenticate the OpenFlow network device. Where authentication of the OpenFlow network device is successful, the OpenFlow network controller sends a message to the OpenFlow network device to indicate that the authentication was successful and permits the OpenFlow network device to join and perform OpenFlow messaging. | 04-23-2015 |
| 20150113613 | APPARATUS AND METHOD FOR PROVIDING AUTHORIZATION BASED ENHANCED ADDRESS BOOK SERVICE IN MOBILE COMMUNICATION SYSTEM - Method and apparatus are provided for transmitting information to share to an external device, without using a presence server. The method includes determining, by an electronic device, that information to share is updated; identifying a recipient to receive the information to share, based at least in part on a list of one or more authorized entities stored in the electronic device; and transmitting the information to share to an external device corresponding to the recipient, without using a presence server. | 04-23-2015 |
| 20150121461 | METHOD AND SYSTEM FOR DETECTING UNAUTHORIZED ACCESS TO AND USE OF NETWORK RESOURCES WITH TARGETED ANALYTICS - Methods and systems are disclosed for detecting improper, and otherwise unauthorized actions, associated with network resources, the actions including access to the resource and activity associated with the resource. The unauthorized actions are detected by analyzing action data of user actions employing accounts managed by a privileged access management system and associated with a network resource against profiles and rules to discover anomalies and/or deviations from rules associated with the network resource or accounts. | 04-30-2015 |
| 20150121462 | IDENTITY APPLICATION PROGRAMMING INTERFACE - A method includes receiving a packaged application's request for access to a user's cloud- or network-based account. The packaged application runs outside a web browser on a computing device. If there is an outstanding user consent to access by the packaged application to the user's cloud- or network-based account, the method includes returning an access token to the packaged application. The access token gives the packaged application access to the user's cloud- or network-based account. If there is no outstanding user consent to access by the packaged application to the user's cloud- or network-based account, the method includes presenting a web-based user consent dialog in a webview container in an identity component application installed on the computing device. | 04-30-2015 |
| 20150121463 | AUTHORIZING A CHANGE WITHIN A COMPUTER SYSTEM - Program code generates on a first computer within a computer system a unique key for a computer software application, wherein the computer software application is on a second computer within the computer system. The program code generates on the first computer an authorization code that grants a designated end user access to implement a change to a configuration item on a second computer during a configurable time period. The program code verifies the authorization code inputted into the second computer to determine if the end user has authority to implement the change on second computer, wherein the authorization code is separated into a first string and a second string each having a fixed number of bits. The program code grants access to the end user to implement the change to the configuration item on the second computer if the end user has the authority to implement the change. | 04-30-2015 |
| 20150121464 | SYSTEMS AND METHODS FOR GEOLOCATION-BASED AUTHENTICATION AND AUTHORIZATION - Systems and methods are provided for controlling the authentication or authorization of a mobile device user for enabling access to the resources or functionality associated with an application or service executable at the user's mobile device. The user or user's mobile device may be automatically authenticated or authorized to access application or system resources at the device when the current geographic location of the user's mobile device is determined to be within a preauthorized zone, e.g., based on a predetermined geo-fence corresponding to the preauthorized zone. A security level or amount of authorization credentials required to authorize a user for data access may be varied according any of a plurality of security levels, when the current or last known geographic location of the user's mobile device is determined to be outside the preauthorized zone. | 04-30-2015 |
| 20150121465 | LOCATION BASED ACCESS - A non-transitory computer readable medium for location based access includes instructions which, when executed by one or more devices, causes performance of operations including identifying a physical location of a client device, determining that the physical location of the client device meets a criterion for allowing access through an entryway, identifying a permission level associated with the client device, determining that the permission level associated with the client device meets a criterion for allowing access through the entryway, and, responsive at least to determining that the criterion have been met, allowing access through the entryway. | 04-30-2015 |
| 20150121466 | ELECTRONIC TOOL AND METHODS FOR MEETINGS - An electronic meeting tool and method for communicating arbitrary media content from users at a meeting. These can include a node configuration device adapted to operate a display node of a communications network, the display node being coupled to a first display. The node configuration device is adapted to receive user selected arbitrary media content and to control display of the user selected arbitrary media content on the first display. At least one peripheral device adapted to communicate the user selected arbitrary media content via the communications network is provided, where the peripheral device is a connection unit including: (e) a connector adapted to couple to a port of a processing device having a second display, a memory and an operating system; and (f) a transmitter for communicating with the communications network. | 04-30-2015 |
| 20150121467 | Method and System for Protecting a Password During an Authentication Process - A system for providing security for a personal password during an authentication process. The system combines the use of representative characters to disguise the characters of the password and the use of a separate verification code sent to the user for use in the authentication process. A server generates and sends both a set of representative characters and a verification code to a client device. The user then inputs a mixed string having the password and verification code interspersed in order using the representative characters in place of the characters of the password and verification code. The server then receives the input and determines whether the string of representative characters includes the password and verification code characters in the proper order. | 04-30-2015 |
| 20150121468 | PHYSICAL LAYER SECURITY METHOD IN WIRELESS LAN AND WIRELESS COMMUNICATION SYSTEM USING THE SAME - A security method in a physical layer and a wireless communication system using the same are provided. A wireless communication Access Point (AP) whose security has been enhanced in the physical layer includes a storage unit that manages channel bandwidth pattern data, a controller for sequentially acquiring channel bandwidth data from the channel bandwidth pattern data, a PLL controller for changing a channel bandwidth based on the acquired channel bandwidth data, and a wireless interface unit for performing wireless communication with a wireless communication terminal using the changed channel bandwidth. The channel bandwidth pattern data is identical to channel bandwidth pattern data stored in the wireless communication terminal, and the wireless communication terminal and the wireless communication AP are synchronized with each other such that the wireless communication terminal and the wireless communication AP perform wireless communication using the same channel bandwidth. | 04-30-2015 |
| 20150121469 | METHOD AND DEVICE FOR INFORMATION TRANSMISSION - A method and device for transmitting product information using ultrasonic signals are disclosed. The device detects local availability of ultrasound-encoded product information while the device is at a location in proximity to an ultrasound transmitter. In response to detecting the local availability of the ultrasound-encoded product information, the device requests a user permission from a user of the device to capture the ultrasound-encoded product information. Upon obtaining the user permission to capture the ultrasound-encoded product information, the device receives, from the ultrasound transmitter, an ultrasonic signal encoded with a message containing respective information associated with a respective product. The device decodes the ultrasonic signal to obtain the message in a human-perceivable form. | 04-30-2015 |
| 20150121470 | PEER-TO-PEER ONBOARDING OF INTERNET OF THINGS (IOT) DEVICES OVER VARIOUS COMMUNICATION INTERFACES - The disclosure generally relates to apparatus and method for setting up or onboarding a first Internet of Things (IoT) device that has limited or no interfacing capability itself to connect to a network through a second IoT device in communication with the network, by sending a request to a second device in communication with the network and receiving permission to initiate communication with the network. | 04-30-2015 |
| 20150121471 | System and Method for Providing Access to a Proximate Accessory Device for a Mobile Device - Systems and methods are shown for providing access to proximate accessory devices for a mobile client. The mobile client directly physically scans a physical device identifier of a proximate accessory device to obtain a device identifier value. In one approach, a message is transmitted to an accessory access service that includes the scanned device identifier value and a task to be performed by the proximate accessory device and the service sends the task to the proximate accessory device. In another approach, a message that includes the scanned device identifier value is sent to an accessory access service, which obtains a network address corresponding to the scanned device identifier value and returns the network address to the mobile client, and the mobile client sends a task to the proximate accessory identifier value. | 04-30-2015 |
| 20150121472 | NAVIGATION SERVER AND NAVIGATION CLIENT - Provided is a navigation server and a navigation client capable of protecting information specific to each user that is transmitted from the navigation client to the navigation server securely without degrading user-friendliness. A navigation server | 04-30-2015 |
| 20150121473 | METHOD AND SYSTEM FOR PROVIDING MULTIPATH TCP PROXY SERVICES - In the method an Access Point comprises aggregating spare bandwidth of at least another Access Point and capturing data traffic from at least one user computing device, said user computing device taking benefit of said aggregated spare bandwidth. The method: requesting, by said Access Point admission to a MPTcp server including proxy control functions or services, to make use of the latter; checking, by a control module of said MPTcp server, credentials information of said Access Point to allow the latter said admission; and upon said admission being authorized, checking, by said MPTcp server through a connection with a service subscription repository module, if at least one origin server is authorized for accessing said proxy control functions or services. | 04-30-2015 |
| 20150121474 | PROCESSOR SECURITY AUTHENTICATION AREA - Disclosed herein are a method and electronic device for enhancing the security of sensitive operations. Control is switched from a first driving area to a second driving area of at least one processor. Security authentication is performed by the second driving area and a result of the authentication is output. | 04-30-2015 |
| 20150121475 | SYSTEM FOR PROVIDING DYNAMIC PORTAL TRANSACTION AUTHENTICATION AND AUTHORIZATION - Systems and methods are disclosed herein for managing electronic access from remote devices to a plurality of computer platforms. The system includes a processor, a network interface, and a memory. The network interface is configured to receive a user identity provided by a device remote to the system and an access request from the device to access a selected computer platform from the plurality of computerized platforms. The memory stores computer executable instructions which, when executed by the processor, cause the system to determine a set of access rights for the device based on the user identity and a role associated with the user identity, as related to the selected computerized platform. The computer executable instructions, when executed by the processor, further cause the system to allow the user to access the selected platforms according to the access request only if the access requested is included in the determined set of access rights. | 04-30-2015 |
| 20150121476 | Service Processing Method, Device, and System - Embodiments of the present invention relate to the field of communications technologies and provide a service processing method, device, and system, where service expansion can be performed without changing an original device of an operator. The embodiments of the present invention include: acquiring business service information corresponding to a to-be-processed service flow, where the business service information includes a service flow identifier of the to-be-processed service flow and a service label corresponding to the service flow identifier; and sending the business service information corresponding to the to-be-processed service flow to a service router, so that the service router processes, according to the business service information, the to-be-processed service flow. | 04-30-2015 |
| 20150121477 | TEXT SUGGESTIONS FOR IMAGES - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving image data corresponding to an image, processing the image data to identify one or more features within the image, generating one or more keywords based on each of the one or more features, transmitting the one or more keywords to a computing device for displaying a list of the one or more keywords to a user, receiving text, the text comprising at least one keyword of the one or more keywords, that at least one keyword having been selected by the user from the list, and transmitting the image and the text for display, the text being associated with the image. | 04-30-2015 |
| 20150121478 | Permission Management Method, Apparatus, and Terminal - A permission management method, apparatus, and terminal. The permission management method includes obtaining an installation package of a first application program, where the installation package carries a first certificate and permission request information of the first application program; next, determining, according to the permission request information, a first permission that the first application program requires during running, where the first permission is a system administrator permission of a system; and then, granting the first permission to the first application program according to the first certificate of the first application program. In this way, the first permission that the first application program requires during running is granted to the first application program. | 04-30-2015 |
| 20150121479 | IDENTITY MANAGEMENT VIA CLOUD - A system and method of maintaining a user profile for a handheld computer in a shared, scalable computing resource is described. The method includes receiving user profile data from the handheld computer at the shared, scalable computing resource, the user profile data comprising a user security factor. The user profile data is received via a secure wireless communication protocol having authentication of an identity of the handheld computer. The method includes storing the user profile data on the shared, scalable computing resource as a portion of a user profile, the user profile further comprising user preference data. The method further includes receiving the user security factor from a second computing device. The user security factor is received via a secure wireless communication protocol having authentication of an identity of the second computing device. The method further includes downloading user preference data to the second computing device. | 04-30-2015 |
| 20150128218 | SYSTEM AND METHOD FOR RESTRICTING INTERNET ACCESS - A system and method for controlling access to the Internet is presented. By reserving a selected generic top-level domain, controlling content placed on subdomains within the selected generic top-level domain, and utilizing an Internet browser program that is specially modified to limit browsing to within the selected generic top-level domain, access to a sharply-defined and controlled subset of the Internet is achieved. | 05-07-2015 |
| 20150128219 | SHARED WI-FI USAGE - Various technologies described herein pertain to utilization of shared Wi-Fi. For instance, network access rights of a Wi-Fi network can be controlled by a mobile device of a point of contact for the Wi-Fi network. Moreover, utilization of a Wi-Fi network can be tracked and usage data indicative of historic utilization of the Wi-Fi network can be retained. Further, groups of users between whom Wi-Fi credentials are shared can be created. | 05-07-2015 |
| 20150128220 | LOCATION BASED AUTHENTICATION OF USERS TO A VIRTUAL MACHINE IN A COMPUTER SYSTEM - An apparatus and method uses location based authentication of a user accessing a virtual machine (VM) by using the physical location of the virtual machine as a criteria for the authentication. When a user requires a logical partition to run in a known, specified physical location, the user specifies the physical location when the VM is created. The specified physical location is then incorporated into the user authentication process. Users are challenged and must know the physical location in order to be authenticated to the system. When a “disruptive event” in the cloud environment occurs that necessitates moving the VM to another location, the original physical location is stored so the virtualization manager later can automatically relocate the VM back to its original physical location. | 05-07-2015 |
| 20150128221 | LOCATION BASED AUTHENTICATION OF USERS TO A VIRTUAL MACHINE IN A COMPUTER SYSTEM - An apparatus and method uses location based authentication of a user accessing a virtual machine (VM) by using the physical location of the virtual machine as a criteria for the authentication. When a user requires a logical partition to run in a known, specified physical location, the user specifies the physical location when the VM is created. The specified physical location is then incorporated into the user authentication process. Users are challenged and must know the physical location in order to be authenticated to the system. When a “disruptive event” in the cloud environment occurs that necessitates moving the VM to another location, the original physical location is stored so the virtualization manager later can automatically relocate the VM back to its original physical location. | 05-07-2015 |
| 20150128222 | SYSTEMS AND METHODS FOR SOCIAL MEDIA USER VERIFICATION - Embodiments of the present disclosure provide an effective, user-friendly approach to help prevent the abuse of social networks by users who misrepresent their age, identity, and/or other information. | 05-07-2015 |
| 20150128223 | Using Security Levels in Optical Network - Path computation through nodes of a communications network to meet a desired security level against unauthorised physical access to the path, involves receiving a request ( | 05-07-2015 |
| 20150128224 | METHOD AND SYSTEM FOR EVALUATING ACCESS GRANTED TO USERS MOVING DYNAMICALLY ACROSS ENDPOINTS IN A NETWORK - A network analysis tool is provided in support of a data communication network having user devices at indeterminate endpoints wherein user identities, namely, the collection of meta-data about a user device of a network (beyond the conventional networking concept of an endpoint address), is modeled as fixed endpoints for purposes of tracking. More specifically, users at indeterminate endpoints are identified by modeling using user roles as models of the user devices. | 05-07-2015 |
| 20150128225 | APPARATUS AND METHOD FOR ACCESS VALIDATION - One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided. | 05-07-2015 |
| 20150128226 | INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM - The inventive data processing system and method enable verifiable secure transfer of information between two or more parties, each having access to at least one identity verification system, utilizing a platform-independent architecture to enable verification of identities of parties sending and receiving secured information, and ensuring that only an authorized receiving party gains access to the secured information, regardless of the type, model, ownership and/or quantity of biometric identity verification (BIV) systems being utilized by each party. Parties desiring to securely transfer information between one another register at a central security management system, and each provide at least one biometric enrollment to their unique record configured for storing multiple BIV system enrollments for each party. The inventive system and method also provide an adaptive enrollment feature which enables the system to function automatically and transparently with new BIV systems that have not been previously enrolled by the user. | 05-07-2015 |
| 20150128227 | SYSTEMS AND METHODS FOR USING AN HTTP-AWARE CLIENT AGENT - Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described. | 05-07-2015 |
| 20150128228 | CHECKING FOR PERMISSION TO RECORD VOIP MESSAGES - Methods and arrangements to check for permission to record Voice over Internet Protocol (VoIP) messages and to respond to requests for permission are contemplated. Embodiments include transformations, code, state machines or other logic to check for permission to record VoIP messages and to respond to requests by transmitting an inquiry on permission to record a VoIP message of a participant in a VoIP call session comprising the VoIP message, receiving a response to the inquiry, determining by a processor whether the response to the inquiry grants permission to record the VoIP message, and recording the VoIP message based upon the response to the inquiry granting permission to record the VoIP message. Some embodiments may involve querying a participant in a VoIP call session comprising a VoIP message for permission to record the VoIP message through a user interface mechanism for checking for permission to record VoIP messages. | 05-07-2015 |
| 20150135270 | Context Analysis at an Information Handling System to Manage Authentication Cycles - Context captured with sensors of an information handling system is applied to selectively lock access to currently unlocked information, with conditions for locking access based upon the context. Nervous states enforce locking of selected information based upon the confidence of the security of the information under sensed external conditions. Increased sensitivity for locking access includes reduced timeouts to a lock command, increased response to sensed conditions, and more rapid response where unlocked access is to sensitive information. | 05-14-2015 |
| 20150135271 | DEVICE AND METHOD TO ENFORCE SECURITY TAGGING OF EMBEDDED NETWORK COMMUNICATIONS - A method for managing communications from a device onboard a vehicle is provided. The method accesses a message transmitted from the device; determines whether the message is permitted; and, when the determining step determines that the message is not permitted, prevents the message from further transmission to an intended recipient device. | 05-14-2015 |
| 20150135272 | IDENTITY POOL BRIDGING FOR MANAGED DIRECTORY SERVICES - A customer of a computing resource service provider may utilize a set of credentials to request creation of an identity pool within a managed directory service. Accordingly, the managed directory service may create the identity pool. Instead of having the customer create a separate account within this identity pool, the managed directory service may create a shadow administrator account within the identity pool, which may be used to manage other users and resources in the identity pool within the managed directory service. The managed directory service further exposes an application programming interface command that may be used to obtain a set of credentials for accessing the shadow administrator account. The customer may use this command to receive the set of credentials and access the shadow administrator account. Accordingly, the customer can manage users and resources in the identity pool within the managed directory service. | 05-14-2015 |
| 20150135273 | METHOD AND SYSTEM FOR ESTABLISHING A COMMUNICATIONS PIPE BETWEEN A PERSONAL SECURITY DEVICE AND A REMOTE COMPUTER SYSTEM - A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected. | 05-14-2015 |
| 20150135274 | METHOD AND SYSTEM FOR DATA COMMUNICATION OVER NETWORK - Embodiments of the present application relate to a method for data communication, a system for data communication, and a computer program product for data communication. A method for data communication is provided. The method includes identifying one or more first users located within a present range of a location of a second user, comparing an authorization code with one or more exchange codes pre-allocated to the one or more first users, and verifying validity of the authorization code, and in the event that, among the one or more exchange codes of the one or more first users within a definite range of the second user location, an exchange code matching the authorization code of the second user exists, and the authorization code of the second user is determined to be valid, performing a data exchange between the second user and the first user. | 05-14-2015 |
| 20150135275 | AUTHORIZATION SERVER SYSTEM, CONTROL METHOD THEREFOR, AND STORAGE MEDIUM - An authorization server system configured to restrict the usage of a service provided via a network includes an authorization processing unit, a verification processing unit, a determination unit, and a restriction unit. The determination unit is configured to determine whether the number of uses of the mathematical function called by the client to use the service is greater than the upper limit when the authorization information is issued by the authorization processing unit and when the authorization information is verified by the verification processing unit. | 05-14-2015 |
| 20150135276 | APPARATUS AND METHOD FOR PROCESSING SECURITY PACKET IN ELECTRONIC DEVICE - An electronic device that may process a security packet is provided. The electronic device includes a first processor configured to transmit a security context and a second processor configured to process a packet to which security is applied using the security context. | 05-14-2015 |
| 20150135277 | Methods for Generating and Using Trust Blueprints in Security Architectures - Reputation-based trust attributes provided by network devices can be used by a truster device to gauge the trust-worthiness of a trustee device. The reputation-based attributes gathered from network devices may indicate a level of trust between those network devices and a trustee device. The truster device may then use those reputation-based attributes to determine a trust level between the truster device and the trustee device without relying on a dedicated authenticator, such as an authorization, authentication, and accounting (AAA) server. The truster device may permit the trustee device to access (or provide) a service when the determined trust level exceeds a threshold associated with that service. Reputation-based attributes may be exchanged between peers of a federated network or federated trust domain. Reputation-based attributes may also be exchanged between brokers in different federated networks/trust-domains. | 05-14-2015 |
| 20150135278 | Method of Accessing Applications in a Secure Mobile Environment - A method of accessing, in a mobile communication device, an application issued by a Service Provider from a trusted application, also known as a wallet. A secure element, such as a SmartMX device, comprises a service manager that manages the application and a link between the application and an application-codec issued by the Service Provider, wherein the application-codec is designed for interfacing between the service manager and the application, for processing an access request requesting access to the application received from the service manager and, triggered by the wallet, accessing the application via the service manager by means of the link between the application and the application-codec, such that the application-codec linked with the respective application performs accessing the application under control of the service manager. | 05-14-2015 |
| 20150135279 | PERSONAL IDENTITY CONTROL - Obtaining authorization from a subscriber to an authorization service provided by an authorization provider in a data communications system. The data communications system includes a plurality of relying parties and a plurality of authorization providers. An authorization request including data identifying a subscriber to an authorization service is received from a relying party. An authorization provider is selected from the plurality of authorization providers on the basis of the subscriber-identifying data. An authorization request is transmitted to the selected authorization provider. An authorization response is received from the selected authorization provider. The authorization response indicates that the subscriber has authorized the request on a telecommunications device with which contact has been initiated by the authorization provider in response to the authorization request. An authorization message is transmitted to the relying party based at least in part on the authorization response received from the selected authorization provider. | 05-14-2015 |
| 20150135280 | Managing Social Network Accessibility Based on Age - When a user having an age less than a threshold age (a child user) attempts to access an online service or perform actions using the online service, the online service obtains parental authorization from an additional user having a parental relationship to the user. The child user may identify the user having the parental relationship and the online service verifies the validity of the identified user's account, the age of the identified user, and/or a connection between the identified user and the child user having a parental relationship type. The online service may make these verifications based in part social and transactional information associated with the identified user's account. Upon successful verification, the online service allows the identified user to authorize account creation for the child user, and/or manage the account and actions of the child user. | 05-14-2015 |
| 20150135281 | PROVISIONING ACCESS TO CUSTOMER ORGANIZATION DATA IN A MULTI-TENANT SYSTEM - Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system. | 05-14-2015 |
| 20150135282 | METHODS AND SYSTEMS FOR SECURE INTERNET ACCESS AND SERVICES - A method and system for providing secure internet access and services are disclosed. The method includes receiving a request for services from a user terminal, the request including user terminal data; sending the user terminal data to a security server; and receiving a security level of the user terminal from the security server. The security server determines the security level of the user terminal based on historical user data related to the user terminal. The method further includes initiating a verification process based on the security level of the user terminal. | 05-14-2015 |
| 20150143466 | DISABLING PROHIBITED CONTENT AND IDENTIFYING REPEAT OFFENDERS IN SERVICE PROVIDER STORAGE SYSTEMS - Objects in a shared storage system can be marked as including prohibited content. Incidents that result in objects being so marked can be stored in an incident history associated with a user responsible for those objects. The incident history can be processed to identify repeat offenders and modify access privileges of those users. However, when objects are shared by one user with another user, prohibited content is blocked from being shared, while the remainder of the shared objects can be accessed by the other user. Functions that allow sharing of content are implemented so as prevent sharing of prohibited content with another user, while allowing other content to be shared. If a group of files or objects is shared, then the presence of prohibited content in one object in the group results in that prohibited content not being shared, but the remaining files or objects are still shared. | 05-21-2015 |
| 20150143467 | SYSTEM AND METHOD FOR FACILITATING COMMUNICATION BETWEEN A WEB APPLICATION AND A LOCAL PERIPHERAL DEVICE THROUGH A NATIVE SERVICE - The disclosure relates to systems and methods for facilitating communication between a web application and a local peripheral device through a native service where the local peripheral device is locally connected to a computer having the native service. To access data associated with the local peripheral device, a browser may make a cross-domain request to the native service that resides in a domain that is different from the domain that served the web application. Prior to sending the actual cross-domain request, the browser may send a pre-flight cross-domain request to the native service. The native service may send a response to the pre-flight request to the browser. The response may comprise information related to whether the cross-domain request can be serviced by the native service. The browser may send the cross-domain request to the native service, which may comprise functions to be executed on the local peripheral device. | 05-21-2015 |
| 20150143468 | SYSTEM AND METHOD FOR FACILITATING FEDERATED USER PROVISIONING THROUGH A CLOUD-BASED SYSTEM - The disclosure relates to systems and methods for provisioning a new user to a cloud-based system through a pre-registration process where the cloud-based system generates a tokenized resource identifier based on the user's registration information provided by an external service provider and through a registration process where the user accesses the cloud-based system using the tokenized resource identifier and the cloud-based system completes the registration of the user when the user's registration information in the cloud-based system is verified against the corresponding registration information maintained by the external service provider. Once the registration is complete, data related to the registered user may be synchronized between the cloud-based system and the external service provider. | 05-21-2015 |
| 20150143469 | SECURE DATA TRANSMISSION - A system may include a first network in which user device(s) and a HIP server are communicably coupled. The first network may include a secure data administrator, such as a medical data system, that stores secure data. In some implementations, at least one of the user devices may include a web module and communicate with a web server through a second network. At least one of the user device may be restricted from communicating with the secure data administrator, so the user device may request data stored in the secure data administrator through the HIP server. The user device may base the requests for the data on information received from the web server. | 05-21-2015 |
| 20150143470 | MANAGING AN INTERFACE BETWEEN AN APPLICATION AND A NETWORK - According to an implementation, an interface between an application and a network is managed, for instance, by an interface manager. The interface manager is to receive a request from the application for access to the network, determine privileges assigned to the application, and provide the application with a level of access to the network that corresponds to the determined privileges assigned to the application. | 05-21-2015 |
| 20150143471 | METHOD FOR ESTABLISHING RESOURCE ACCESS AUTHORIZATION IN M2M COMMUNICATION - A method for establishing a resource access authorization in M2M communication is provided. When an entity including a terminal, a gateway and an end user as client in a first M2M service provider domain attempts to access resource located in terminal or gateway in second M2M service provider domain, the method includes receiving client credential allocated from M2M Authentication Server (MAS1) in first M2M service provider domain by performing client registration to Network Service Capabilities Layer (NSCL1) in first M2M service provider domain by client, requesting an authorization to access resource to resource owner through NSCL (NSCL2) in second M2M service provider domain based on information about Universal Resource Identifier (URI) of resource by client, verifying client through MAS1 by the resource owner, authorizing client to access the resource by the resource owner, and issuing access token to the client by MAS (MAS2) in second M2M service provider domain. | 05-21-2015 |
| 20150143472 | METHOD FOR ESTABLISHING RESOURCE ACCESS AUTHORIZATION IN M2M COMMUNICATION - A method for establishing a resource access authorization in M2M communication is provided. When an entity including a terminal, a gateway and an end user as client in a first M2M service provider domain attempts to access resource located in terminal or gateway in second M2M service provider domain, the method includes receiving client credential allocated from M2M Authentication Server (MAS1) in first M2M service provider domain by performing client registration to Network Service Capabilities Layer (NSCL1) in first M2M service provider domain by client, requesting an authorization to access resource to resource owner through NSCL (NSCL2) in second M2M service provider domain based on information about Universal Resource Identifier (URI) of resource by client, verifying client through MAS1 by the resource owner, authorizing client to access the resource by the resource owner, and issuing access token to the client by MAS (MAS2) in second M2M service provider domain. | 05-21-2015 |
| 20150143473 | ELECTRONIC DEVICE AND METHOD FOR UPDATING AUTHENTICATION INFORMATION IN THE ELECTRONIC DEVICE - An electronic device and method for updating authentication information in the electronic device is provided. The electronic device includes a short-range communication unit configured to provide a short-range communication and a controller configured to update information for authentication information from advertisement service information received from an Access Point (AP) identified through the short-range communication unit, download authentication information using the update information for authentication information, and connect the electronic device to the AP based on the authentication information. | 05-21-2015 |
| 20150143474 | PROCEDE ET DISPOSITIFS D'AUTHENTIFICATION POUR ACCEDER A UN COMPTE UTILISATEUR D'UN SERVICE SUR UN RESEAU DE DONNEES - An authentication method for accessing a user account of a service ( | 05-21-2015 |
| 20150143475 | Operation Processing Method and Device - A method and a device are provided in the field of network technology. In the method, a first server receives an operation request including a second server identifier and second account information. According to the second server identifier and the second account information, the first server determines whether associated account information is available in a predetermined three-party associating relationship. Upon determining that the associated account information is available, the first server obtains the associated account information for use as first account information. Based on the first account information, the first server responds to the operation request. During the process of providing services for a terminal by the second server, the first server obtains the first account information according to the second server identifier, the second account information, and the predetermined three-party associating relationship. The first server responds to the operations of the terminal based on the first account information. | 05-21-2015 |
| 20150143476 | SYSTEM AND METHOD FOR ADDING CONTEXT TO PREVENT DATA LEAKAGE OVER A COMPUTER NETWORK - Systems and methods for adding context to prevent data leakage over a computer network are disclosed. Data is classified and contextual information of the data is determined. A transmission policy is determined in response to the classification and contextual information. The data is either transmitted or blocked in response to the classification and the contextual information | 05-21-2015 |
| 20150143477 | MAJOR MANAGEMENT APPARATUS, AUTHORIZED MANAGEMENT APPARATUS, ELECTRONIC APPARATUS FOR DELEGATION MANAGEMENT, AND DELEGATION MANAGEMENT METHODS THEREOF - A major management apparatus, an authorized management apparatus, an electronic apparatus for delegation management, and delegation management methods thereof are provided. The major management apparatus generates a first and a second delegation deployment messages and respectively transmits them to the authorized management apparatus and the electronic apparatus. The authorized management apparatus encrypts an original authorized operation message into an authorized operation message by an authorization key included in the first delegation deployment message and transmits the authorized operation message to the electronic apparatus. The original authorized operation message includes an operation task message and a right level. The electronic apparatus decrypts the authorized operation message into the original authorized operation message by the authorization key included in the second delegation deployment message and performs an operation according to the operation task message and the right level. | 05-21-2015 |
| 20150143478 | WIRELESS SERVER ACCESS CONTROL SYSTEM AND METHOD - A wireless server access control system comprising a wireless server generating a local wireless communications network, the wireless server having a processor and a plurality of redundant data memory devices. A first wireless device coupled to the wireless server through the local wireless communications network. An access control system operating on the wireless server, the access control system configured to generate a user control on a user interface of the first wireless device to allow a user to permit or deny access to the processor and the data memory devices of the wireless server by a second wireless device through the local wireless communications network. | 05-21-2015 |
| 20150143479 | Strong Identity Management and Cyber Security Software - A security software comprises administrative module for configuring access levels and creating types of accounts and application server for domain filtering by checking against friendly and unfriendly inbound, outbound and exception lists. Hard filtering either approves, terminates requests or re-routes request without the user's knowledge. Soft filtering passes disapproved requests and sends an e-mail alert to authorized recipients. Content filtering includes checking a content of a requested document against a friendly, unfriendly list and exception list. Hard filtering passes or rejects the requested document. Soft filtering passes the requested document or rejects or approves by highlighting its content. Options include e-mail filtering that checks subject, sender's address and domain against an unfriendly, friendly and exception list. e-mail alert for hard filtering, inbound privacy shield, a pop up blocker, the application server acts as proxy server with proxy chaining capabilities. | 05-21-2015 |
| 20150143480 | METHOD AND SYSTEM FOR MAINTAINING DATA IN A SUBSTANTIATED STATE - A method for substantiating a data message for use in a system includes adding discovery information to the data message related to the origin of the data message, validating the data message to comply with an industry standard, authenticating the data message to determine who transmitted the data message, and authorizing the transmission of the data message based on access rights. A method for generating a substantiated system is also described. | 05-21-2015 |
| 20150150091 | ENABLING CONTENT PROTECTION AND MANAGEMENT OF ELECTRONIC MAIL - A content portion within an electronic mail (email) message can be identified. The email message can include a message envelope, a header and a body. The body can be a text and/or a binary data. The header can specify an email recipient. The email can be persisted within a data store of a computing device. A content container enclosing the content portion can be established within the email. The container can include an access control list (ACL) and/or a protection mask. The ACL can include recipients allowed/disallowed to access the content portion. The mask can declare an allowed and a disallowed action associated with the content portion. The email can be transmitted to a mail transfer/submission agent. The email can include the header and the body, where the body includes the container and the content portion. | 05-28-2015 |
| 20150150092 | CROSS-ENTERPRISE WORKFLOW - Example systems, methods and storage media to provide a cross-enterprise workflow among clinical systems are disclosed. An example cross-enterprise enabled clinical information system includes a workflow manager to coordinate user workflows with respect to the system and associated content. The system includes an image services manager configured to manage images and associated services for the system and associated content. The workflow manager and image services manager are configured for cross-enterprise content sharing such that the system is to locally authenticate a user at the system and the system is to locally authorize a remote request for access to content at the system from a remote user that has been authenticated remotely. The system is arranged to provide content in response to the remote request after the remote authentication has been received and the system has verified the remote user's authorization for access. | 05-28-2015 |
| 20150150093 | METHOD AND DEVICE FOR PROCESSING SOCIAL NETWORK MESSAGES - A method for processing social network messages includes the following steps. Receive a specified web page request signal through a network from a client device. Acquire identification information of a first user account. Embed the identification information into an address of the specified web page to generate a first sharing linking address corresponding to the first user account. Post a sharing message on the personal-message-posting web page. Record operating information and corresponding operating time for at least one second user account when linking to the first sharing linking address. When the operation is sharing operation, embed identification information corresponding to the at least one second user account into the first sharing linking address, generate a second sharing linking address corresponding to the at least one second user account, and post the sharing message on the personal-message-posting web page of the at least one second user account. | 05-28-2015 |
| 20150150094 | SECURITY FOR DEBUGGING OF DATABASE SESSIONS - A system includes reception of authorization information associated with one or more database server sessions of a first user, the authorization information associating the first user, a second user, and an authorization period, establishment of a first database server session of the first user, establishment of a second database server session of the second user, reception, from the second user, of a request to debug the first database server session, determination, based on the authorization information, that the second user is authorized to debug the first database server session, and, in response to the determination, attachment of the second database server session to the first database server session, and transmission of debugging information of the first database server session to the second user. | 05-28-2015 |
| 20150150095 | DATA MANAGEMENT SYSTEM OF AN AIRCRAFT - A system to manage transmissions of data between a flight management system (e.g., of an avionics type) of an aircraft and a portable electronic (e.g., of an open world type) is proposed. The data management system may be implemented in flight management system architecture with core and supplementary modules that are distinct from each other. The core module may implement a set of generic functionalities related to a flight management of the aircraft, and the supplementary module may implement supplementary functionalities specific to an entity to which the aircraft belongs. The data management system may comprise a data securing module that monitors data to be transmitted between the flight management system and the portable electronic device, and allows or prevents the data transmission based on the monitoring results. | 05-28-2015 |
| 20150150096 | IMAGE FORMING APPARATUS, IMAGE FORMING SYSTEM, AND METHOD - An image forming apparatus is connectable to an external storage device and includes an authentication data generating section and a writing section. Upon occurrence of a prescribed event, the authentication data generating section generates authentication data and transmits the generated authentication data to a server. Once the external storage device is connected, the writing section obtains first data relating the event according to whether or not the authentication data transmitted to the server is stored in the external storage device and writes the obtained first data into the external storage device. | 05-28-2015 |
| 20150150097 | AUTOMATION SYSTEM ACCESS CONTROL SYSTEM AND METHOD - An improved system and method for controlling access of components to industrial automation system resources by reference to the various operational states of the industrial automation system. A central access control system includes a processing circuitry, interface circuitry configured to receive information pertaining to the operational state of an automation system, memory circuitry, and a display and user interface. In operation, access to automation components are either allowed or denied based on the designation of an operational state of an automation system. | 05-28-2015 |
| 20150150098 | System and method for controlling electronic communications - The approved email generation system described is capable of producing email communications between user and customer by using approved email templates and content that have been aligned with customer information regarding access to such content. The approved email template comprises data pulled from a record for a medical inquiry and a window for receiving free text responding to the medical inquiry. Once the approved email has been generated, the content may be verified again for accuracy and validity and the free text may be checked for any unapproved word before being delivered to the customer. | 05-28-2015 |
| 20150295763 | Capability open platform, method and gateway for implementing PNP management of terminal device - A capability open platform, a device identification method and a gateway for implementing PNP management of a terminal device are provided, wherein the capability open platform is used to identify a terminal device which has not been connected to a gateway according to the label information uploaded by the gateway, thus implementing the PNP of the terminal device which is not supported. The method includes that the gateway acquires the label information of a terminal device by a terminal authorization mechanism, calls the device identification service of the capability open platform to identify the terminal device that has not been connected to the gateway. The disclosure enables the gateway to identify the terminal device which is not under the protocols supported by the gateway but needed to be connected, so as to be compatible with PNP management and service of all a terminal device. | 10-15-2015 |
| 20150295905 | IDENTITY MANAGEMENT WITH GENERIC BOOTSTRAPPING ARCHITECTURE - A method and composition for treating a meningioma in a subject are disclosed. The method includes the step of administering to the subject a therapeutically effective amount of a composition including a cytotoxic agent associated with a phenylbenzothiazole derivative or a stilbene derivative or a biphenylalkyne derivative that accumulates within meningiomas. In one version of the method, the phenylbenzothiazole derivative is a compound of formula (V). | 10-15-2015 |
| 20150295911 | APPARATUS AND METHOD FOR CONTROLLING AUTHORIZATION TO ACCESS RESOURCES IN A COMMUNICATION NETWORK - An apparatus transmits, to a management apparatus, an access-request for accessing access-target information stored in an external apparatus by adding first state-information indicating a state of the apparatus to the access-request, receives a transmission request for requesting transmission of second state-information indicating state information that is required for accessing the access-target information and currently insufficient for the management apparatus, and executes an acquisition process of acquiring the second state-information. When the second state-information indicated by the transmission request is able to be acquired from plural acquisition sources, the apparatus executes the acquisition process on the plural acquisition sources, by giving priority to an acquisition source that requires a relatively smaller load for acquiring the second state-information in accordance with an acquisition load required for acquiring the second state-information from each of the plural acquisition sources, and transmits the acquired second state-information to the management apparatus. | 10-15-2015 |
| 20150295931 | LOCKOUT PREVENTION SYSTEM - A lockout prevention system includes a management Information Handling System (IHS) that is coupled through a network to network interface on a networking device. The networking device receives a configuration instruction through the network interface from the management IHS. The networking device then determines that the application of the configuration instruction will inhibit the communication between the management IHS and the networking device through the network interface. The networking device then provide a warning message for display on the management IHS in response to determining that the application of the configuration instruction will inhibit the communication between the management IHS and the networking device through the network interface. | 10-15-2015 |
| 20150295932 | ACCESS CONTROL LIST LOCKOUT PREVENTION SYSTEM - An access control list lockout prevention system includes a network. A first administrator Information Handling System (IHS) is coupled to the network. A networking device is communicatively connected to the first administrator IHS through the network. The networking device is configured to receive an access control list instruction from the first administrator IHS. The networking device then determines that at least one administrator IHS that is communicatively connected to the networking device will lose access to the networking device in response to execution of the access control list instruction. In response to determining that the at least one administrator IHS will lose access to the networking device in response to execution of the access control list instruction, the networking device provides a warning message for display on the first administrator IHS. | 10-15-2015 |
| 20150295935 | VOUCHER AUTHORIZATION FOR CLOUD SERVER - A cloud server and corresponding method for granting access from the cloud server to a client device are disclosed. The method includes steps of authorizing a first device, receiving an authorization voucher request from the first device, generating an authorization voucher for accessing the cloud server, providing the authorization voucher to the first device, receiving the authorization voucher from a second device, granting access to the second device based on the authorization voucher. A method for requesting access to the cloud server includes steps of authorizing a first device, sending an authorization voucher request from the first device to the cloud server, receiving an authorization voucher for accessing the cloud server at the first device, transmitting the authorization voucher from the first device to a second device, transmitting the authorization voucher from the second device to the cloud server, and accessing the cloud server from the second device. | 10-15-2015 |
| 20150296381 | ELECTRONIC CIRCUIT CHIP FOR AN RFID TAG WITH A READ-ONLY-ONCE FUNCTIONALITY - It is described an electronic circuit chip for an RFID tag. The electronic circuit chip comprises (a) an access circuit configured for coupling the electronic circuit chip to an antenna element of the RFID tag, and (b) a memory device being connected to the access circuit. The memory device is configured for storing a secret value, for making retrievable the secret value, and for deleting the secret value. Deleting the secret value is accomplished if the secret value has been retrieved by means of a first attempt procedure for retrieving the stored secret value. It is further described an RFID tag comprising such an electronic circuit chip and a method for managing the use of a read-only-once secret value by an RFID tag with such an electronic circuit chip. | 10-15-2015 |
| 20150304279 | Peripheral Interface for Residential laaS - A physical peripheral device is connected to a remote virtual appliance provided by a cloud service using a peripheral interface device. A cloud service user is authenticated through the peripheral interface device using a user identifier. Physical peripheral devices connected to the peripheral interface device are detected, and connection parameters to the remote virtual appliance are negotiated to establish a network tunnel. The remote virtual appliance is activated, and the physical peripheral devices are connected to the remote virtual appliance. | 10-22-2015 |
| 20150304294 | ENTITY TO AUTHORIZE DELEGATION OF PERMISSIONS - Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile. | 10-22-2015 |
| 20150304295 | INFORMATION PROCESSING DEVICE AND METHOD FOR CONTROLLING INFORMATION PROCESSING DEVICE - A provider server ( | 10-22-2015 |
| 20150304300 | METHOD FOR AT LEAST ONE SUBMITTER TO COMMUNICATE SENSITIVE INCIDENT INFORMATION AND LOCATIONS TO RECEIVERS - The present invention relates to a method for sending, receiving, reporting and/or responding to mood related, time-sensitive, live situation, and/or secretive matter messages, through a one-step submission, and/or Smart Button activation anonymous submit process and/or targeted authorized receipt process, having the generating, assigning, and utilizing of unique identifiers and corresponding actionable and searchable administrative report generating process. More specifically, the invention relates to a method for permitting submitter(s) to choose the degree of anonymity and/or submit information/content and/or location and send that information/content and/or location, by means of a user interface, Smart Button, or other computer, mobile device, mobile phone, smart pad, electronic device, input device, communication device, touchscreen computing device, smart device, or tablet to provide an activated application and open a log-in screen to authorized receiver(s) who may access such information/content, which can be encrypted, in whole or in part, and act, report, forward or respond accordingly. | 10-22-2015 |
| 20150304326 | APPARATUS AND METHOD FOR DELEGATING MULTIMEDIA CONTENT IN COMMUNICATION SYSTEM - Methods and apparatuses are provided for delegating content in a communication system. A terminal detects an event for delegating authority to use the content. The terminal selects at least one other terminal to which the authority can be delegated. The terminal transmits, to a server, a message requesting to delegate the authority to the selected at least one other terminal. The server delegates the authority to the at least one other terminal. The server transmits, to the terminal, a result indicating whether the authority is successfully delegated or not. | 10-22-2015 |
| 20150304330 | SYSTEM AND METHOD FOR MANAGING SEVERAL MOBILE DEVICES SIMULTANEOUSLY - A learning management system and method. Controllable devices, generally intended for students of a smart classroom, are each operable in a locked configuration and in an unlocked configuration. A controller device, generally intended for a teacher of a smart classroom, is configured to send command signals over a communication network. A server system interprets and handles communications between the controllable devices and the controller device such that when a locking signal is sent from the teacher's controller device, the server system sets each of the controllable devices to the locked configuration in which the user interface of each controllable device is controlled by the controller device, and when an unlocking signal is received from the teacher's controller device, the server system sets each of the controllable devices from the locked configuration to the unlocked configuration in which the user interface is operable independently of the controller device. | 10-22-2015 |
| 20150304335 | ACCESS PERMISSIONS ENTITLEMENT REVIEW - A system for operating an enterprise computer network including multiple network objects, said system comprising monitoring and collection functionality for obtaining continuously updated information regarding at least one of access permissions and actual usage of said network objects, and entitlement review by owner functionality operative to present to at least one owner of at least one network object a visually sensible indication of authorization status including a specific indication of users which were not yet authorized by said at least one owner of said at least one network object. | 10-22-2015 |
| 20150304336 | MULTI-SCREEN INTERACTION METHOD OF MULTIMEDIA RESOURCE AND TERMINAL DEVICE - A multi-screen interaction method of a multimedia resource and a terminal device are disclosed. With the method, security grades of multimedia resources to be shared and a security grade authorization threshold are set for a terminal device, and a display device plays a multimedia resource stored on the terminal device according to the security grade authorization threshold. | 10-22-2015 |
| 20150304341 | PROXIMITY SERVICE SECURITY SYSTEM AND METHOD USING BEACON - Provided are a system and method for securing security for a proximity service using a beacon signal transmitted by a beacon. A proximity service security system using a beacon includes the beacon configured to transmit a beacon signal while periodically changing identification information of the beacon signal and a server configured to verify validity of the beacon signal by receiving a validity check request signal for the beacon signal from a beacon receiver receiving the beacon signal and transmit a verification result to the beacon receiver. | 10-22-2015 |
| 20150304842 | AFFILIATION AND DISAFFILIATION OF COMPUTING DEVICES - Techniques described herein may provide for affiliation and disaffiliation of devices, such as office communication devices, associated with a user. The affiliation/disaffiliation may be performed using a mobile device (e.g., a smart phone). In one implementation, a method may include receiving a request to affiliate a user with one or more office devices; and receiving context data, from a mobile device, relating to a current context of the mobile device. The method may further include determining, based on the context data, to authorize the affiliation of the user with the one or more office devices; and provisioning, based on the determination to authorize the affiliation, the one or more office devices to customize the one or more office devices for the user. | 10-22-2015 |
| 20150312235 | METHODS FOR GENERATING AND PUBLISHING A WEB SITE BASED ON SELECTED ITEMS AND DEVICES THEREOF - A method, non-transitory computer readable medium, and web content management server computing device that receives, from a client device, requested data comprising at least a template identifier, information for a custom attribute, and a unique item identifier for an item. A public identifier and a uniform resource locator (URL) comprising at least the public identifier are generated. The public identifier is stored in a requested sites database as associated with the requested data. A preview panel comprising a selectable application indication is generated and sent to the client device. The URL is sent to the client device in response to receiving a selection of the selectable application indication from the client device. | 10-29-2015 |
| 20150312236 | AUTHENTICATION MECHANISM - A system and method including: receiving, from a client device, an authorization request originating from an authorization module of an application executing on the client device, where the authorization request includes an identifier identifying the client device; causing transmission, based on the identifier, of a verification message to the client device, where the verification message includes a verification code; receiving a confirmation of the verification code from the authorization module of the application executing on the client device; authenticating the application based on the receiving the confirmation of the verification code; determining that the client device identified by the identifier corresponds to a user account including secure user data associated with a user; and transmitting a unique token verifying that the application is authorized to sign into the user account, where: the unique token uniquely identifies the user account to the application, and the secure user data is not shared with the application. | 10-29-2015 |
| 20150312244 | INFORMATION INPUT DEVICE, INFORMATION OUTPUT DEVICE, INFORMATION PROCESSING SYSTEM, AND COMPUTER-READABLE RECORDING MEDIUM - The present invention is concerning to an information processing system includes an information input device and an information output device. The information input device includes a communication module that establishes communication with one or more information output devices, an information acquiring module that acquires device information of the respective information output devices including an identification code used only for identifying the information output device and makes a storage module store therein the device information, an input receiving module that receives an entry of an identification code, and a device specifying module that searches the device information acquired from the respective information output devices to specify the information output device to which the information is to be transmitted based on the identification code received and gives instructions to the communication module to transmit the information using the device information of the information output device specified. | 10-29-2015 |
| 20150312258 | ACCESS RIGHT SETTING METHOD AND ACCESS RIGHT SETTING SYSTEM FOR USE IN AREA NETWORK - An access right setting method for use in an area network is provided. During the process of establishing a network connection between an active control device and a server-side device, a media access control address information of the active control device is retrieved, and the identity of the active control device is recognized according to the media access control address information. Subsequently, the access right information corresponding to the active control device is set. According to an operating request from the active control device, the server-side device judges whether the operating request complies with the predetermined access right information. Consequently, the server-side device is operated in a corresponding access right operation mode according to the access right information. | 10-29-2015 |
| 20150312259 | Searching Private Content and Public Content - A method performed by one or more processing devices includes receiving, from a client device controlled by a user, a search query including one or more search terms and user information of the user; accessing, by a server device based on receipt of the search query, a private content index for indexing private content of users; wherein the private content index includes access control lists; identifying, based on a comparison of the access control lists to the user information received, private content that is accessible to the user; identifying private content that is responsive to the one or more search terms and that is accessible to the user; identifying, based on a search of public content by the server device, public content that is responsive to the one or more search terms; and sending, to the client device, search results for the identified private and public content. | 10-29-2015 |
| 20150312261 | VISUALLY REPRESENTING AND MANAGING ACCESS CONTROL OF RESOURCES - An approach is provided for controlling access to a resource. Visual representations of the resource and an entity and a second entity are included in a display. In the display, a movement of the entity visual representation (EVR) to a position proximate to a boundary of the resource visual representation (RVR) is detected. Based on an attribute assigned to the EVR being determined to satisfy an access control requirement (ACR) assigned to the RVR, the EVR is permitted to move across and be placed within the boundary of the RVR. A movement of the second entity visual representation (SEVR) to another position proximate to the boundary of the RVR is detected. Based on an attribute assigned to the SEVR being determined to not satisfy the ACR, the SEVR is prevented from moving across and being placed within the boundary of the RVR. | 10-29-2015 |
| 20150312264 | METHOD, SYSTEM AND SERVER FOR AUTHORIZING COMPUTING DEVICES FOR RECEIPT OF VENUE-BASED DATA BASED ON THE GEOGRAPHIC LOCATION OF A USER - Methods, systems and servers are disclosed for authorizing access by a user of a service associated with an event at a venue and provided via a computer network based on a determined geographic location of the user. The location of the user can be determined, via a server, based on location information obtained from the held device utilized by the user. The computing device can be authorized to receive the service (e.g., video, concession information, advertisements, statistical information, etc.) based on the location information obtained from the hand held device. | 10-29-2015 |
| 20150312286 | SOCIAL SHARING OF CONTACTS INFORMATION - Sharing contact information among one or more communities or individuals in a social media environment, in one aspect, may comprise creating contact information associated with contact as social media content based on input from a first user. At least a portion of the contact information may be shared with a plurality of second users via a social media like application. | 10-29-2015 |
| 20150319152 | APPARATUS AND METHOD FOR MANAGING SECURITY DOMAINS FOR A UNIVERSAL INTEGRATED CIRCUIT CARD - A device that incorporates the subject disclosure may perform, for example, generating a security domain root structure for a universal integrated circuit card of an end user device, where the security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, where the link provider operator security domain enables transport management by a link provider operator, and where the mobile network operator trusted security domain enables card content management and subscription eligibility verification by a mobile network operator trusted service manager. Other embodiments are disclosed. | 11-05-2015 |
| 20150319153 | SENSORY OUTPUT FOR IMAGE ASSOCIATION - Methods, systems, computer-readable media, and apparatuses for authenticating users using the haptic, aural, and/or olfactory association processing channels that are unique to humans are presented. In some embodiments, a computer-implemented method includes displaying a plurality of images and generating a sensory output, wherein the sensory output includes a tactile sensation that corresponds to one of the plurality of images. The method further includes receiving input corresponding to a selection of an image of the plurality of images and determining whether the selected image matches the one of the plurality of images for which the sensory output corresponds. | 11-05-2015 |
| 20150319161 | Data Verification Using Access Device - An embodiment of the invention is directed to a method comprising receiving, at a server computer, information for a portable device that includes a mobile device identifier and storing, by the server computer, the information for the portable device that includes the mobile device identifier in a database associated with the server computer. The method further comprising receiving, by the server computer, transaction data from an access device for a transaction conducted at the access device, determining, by the server computer, from the transaction data that the transaction is associated with the portable device, determining, by the server computer, a location of the access device, determining, by the server computer, a location of a mobile device associated with the mobile device identifier, determining, by the server computer, that the location of the mobile device matches the location of the access device, and marking, by the server computer, the stored information for the portable device as authentication verified. | 11-05-2015 |
| 20150319173 | CO-VERIFICATION METHOD, TWO DIMENSIONAL CODE GENERATION METHOD, AND DEVICE AND SYSTEM THEREFOR - A co-verification method, a two-dimensional code generation method, and a device and system therefor are provided. The method includes: performing first-type verification and second-type verification with a verification server, the first-type verification including at least one of user information verification, dynamic verification code verification, network shield verification, and token verification, and the second-type verification including two-dimensional verification; and receiving feedback information from the verification server, the feedback information being information sent by the verification server when the first-type verification and the second-type verification are both successful. By introducing two-dimensional code verification into the existing co-verification method, the problem that a user may encounter great loss once others take advantages of a terminal to complete identity verification with a verification server if the terminal is implanted with Trojan virus or lost is solved, thereby achieving more secure verification. | 11-05-2015 |
| 20150319615 | Control Method and Apparatus for Network Admission - A control method and an apparatus for network admission, which can control network admission of a wireless termination point (WTP) in a condition that a live network is not upgraded. In the method, an access controller (AC) that has a network admission control function receives a join request packet from a WTP and establishes a Control and Provisioning of Wireless Access Points (CAPWAP) connection with the WTP. If the CAPWAP connection between the AC and the WTP is successfully established, the AC enables permission of the WTP. In another control method for network admission disclosed in the present application, an AC receives a join request packet from a WTP and establishes a CAPWAP connection with the WTP. A network admission end enables permission of the WTP according to a result from the AC that the connection between the AC and the WTP is successfully established. | 11-05-2015 |
| 20150326548 | MANAGEMENT OF DIGITAL ASSETS - An asset management system can enable a primary user to designate one or more inheriting users that will be authorized to access the primary user's digital assets in the event that the primary user passes away. The primary user can designate specific digital assets that an inheriting user is to inherit in the event that the primary user passes away. Upon a determination that the primary user has passed away, the asset management system can authorize the inheriting user to access the digital assets designated to the inheriting user by the primary user. Further, the asset management system can also enable creation of a memorial to the deceased individual where users can post homage tokens, such as digital candles, digital flowers, etc. | 11-12-2015 |
| 20150326551 | SESSION MANAGER FOR SECURED REMOTE COMPUTING - A method for managing a session between a local computing device and a remote computing device, in which a session is established between a local computing device and a remote computing device, a lock session signal is transmitted from the remote computing device to the local computing device, a lock session signal is received at the local computing device, and the session is locked, at the local computing device. Furthermore, the user is prompted for identification information at the remote computing device, and the identification information is transmitted from the remote computing device to the local computing device. Moreover, the identification information is received at the local computing device, the identification information is authenticated at the local computing device, and the session is unlocked, at the local computing device. | 11-12-2015 |
| 20150326555 | METHOD OF MANAGING FILES IN WEBDAV SERVER-EMBEDDED IMAGE FORMING APPARATUS, AND IMAGE FORMING SYSTEM THAT PERFORMS THE METHOD - A method of managing files in a Web-based Distributed Authoring and Versioning (WebDAV)-embedded image forming apparatus and an image forming apparatus that performs the method. The method includes receiving a connection request from the WebDAV client to manage at least one of a file and a directory stored in a storage unit of the image forming apparatus; receiving login information from the WebDAV client, authenticating the received login information of the WebDAV client, receiving a WebDAV command to control the at least one of the file and the directory from the authenticated WebDAV client, and executing a process with respect to the at least one of the file and the directory with reference to the received WebDAV command. | 11-12-2015 |
| 20150326556 | UNIVERSAL LOGIN AUTHENTICATION SERVICE - A system and method enables secure login at linked sites with a universal ID (UID) and possibly different or same password to linked identities. In such logins, a user stays at the linked login page, and the login name and password are sent to a UID provider for authentication. A UID provider may perform optional multi-factored authentication. A UID user is able to manage all his accounts, which are linked to his UID service, by changing the login names, passwords, security requirements, privacy requirements, and authentication requirements, with group-wise control. Successful or failed logins to linked accounts may be reported to a UID user. A UID user may disable logins at a group of linked accounts. | 11-12-2015 |
| 20150326562 | FACILITATING SINGLE SIGN-ON TO SOFTWARE APPLICATIONS - After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider. | 11-12-2015 |
| 20150326565 | METHOD AND SYSTEM FOR AUTHORIZING SECURE ELECTRONIC TRANSACTIONS USING A SECURITY DEVICE HAVING A QUICK RESPONSE CODE SCANNER - Methods and systems for authenticating a security device for providing a secure access and transaction authorization to a remote network location are provided. The security device is authenticated by installing private security software on the security device. In order to authorize a transaction, a transaction authorization is performed using the security device by display a QR (Quick Response) code from an authorization server on a user terminal and scanning the QR code into the security device. After scanning the QR code, an OTA (One-Time-Authorization) code is sent from the security device to the authorization server for verifying the transaction. Embodiments of the present invention provide increased security and privacy. A corresponding system for authenticating a security device and preforming secure and private transactions is also provided. | 11-12-2015 |
| 20150326570 | SYSTEMS AND METHODS FOR DISCERNING EYE SIGNALS AND CONTINUOUS BIOMETRIC IDENTIFICATION - Apparatus, systems, and methods are provided for substantially continuous biometric identification (CBID) of an individual using eye signals in real time. The apparatus is included within a wearable computing device with identification of the device wearer based on iris recognition within one or more cameras directed at one or both eyes, and/or other physiological, anatomical and/or behavioral measures. Verification of device user identity can be used to enable or disable the display of secure information. Identity verification can also be included within information that is transmitted from the device in order to determine appropriate security measures by remote processing units. The apparatus may be incorporated within wearable computing that performs other functions including vision correction, head-mounted display, viewing the surrounding environment using scene camera(s), recording audio data via a microphone, and/or other sensing equipment. | 11-12-2015 |
| 20150326572 | DASH-AWARE NETWORK APPLICATION FUNCTION (D-NAF) - Technology for a dynamic adaptive streaming over hypertext transfer protocol (HTTP) aware (DASH-aware) network application function (D-NAF) on a server is disclosed. In an example, the D-NAF can include a network application function (NAF) for authenticating a client and a DASH proxy for delivering DASH content and authentication information for the client. | 11-12-2015 |
| 20150326580 | SYSTEMS AND METHODS FOR PROVIDING AN INTEGRATED IDENTIFIER - Embodiments described herein provide systems and methods to streamline the mechanism by which data users access differently regulated data through the use of one or more integrated identifiers. The integrated identifiers lessen or eliminate the need to separately maintain one set of identifiers for regulated data and another set for non-regulated data. The methods and systems may be applicable in various credit and healthcare contexts where regulations over data use are prevalent. In one or more embodiments, a data user receives a unique integrated identifier for each of the data user's current or prospective customers, and the integrated identifiers can be used to persistently identify and track the customers over time and across applications that access regulated and/or non-regulated data. In the healthcare context, a healthcare provider may utilize a patient ID as the integrated identifier. To protect privacy, the integrated identifier may not include social security numbers or birthdates. | 11-12-2015 |
| 20150326581 | ASCCESSING MULTIPLE CLIENT DOMAINS USING A SINGLE APPLICATION - Methods, computer systems, and computer-readable storage media for using a single application on a mobile device to access a plurality of client domain sites are provided. The single application on the mobile device receives from a user of the mobile device a set of authorization credentials. Based on the set of authorization credentials, the single application receives a first client domain uniform resource locator from a third-party directory service. The first client domain uniform resource locator is used to access a client gateway service; the client gateway service provides a secure access point to a number of different service solutions hosted by a client. Upon the user inputting a set of authentication credentials, the user is able to access information from one or more of the different service solutions. | 11-12-2015 |
| 20150326582 | Apparatus, Systems, Platforms, and Methods For Securing Communication Data Exchanges Between Multiple Networks for Industrial and Non-Industrial Applications - Apparatus, systems, network platforms, and methods of providing secure communication between multiple networks, and program product for managing heat exchanger energy efficiency and retrofit for an industrial facility, are provided. According to an exemplary apparatus, the apparatus can include provisions for preventing uninterrupted application-to-application layer communications between the one or more secured networked members and the one or more networked enterprise members to thereby eliminate active files from being communicated, preventing communication of active files or other vulnerable files, and preventing establishment of active links or sessions, between the one or more secured networked members and the one or more networked enterprise members. | 11-12-2015 |
| 20150326641 | MOBILE TO MOBILE REMOTE CONTROL - In various example embodiments, systems and methods for mobile to mobile remote control are presented. A control request may be received at a client device from a control device. The control device and the client device may be in communication with a network. The client device may determine an authorization for the control device in response to receiving the control request. Based on the determined authorization, a data link may be established between the client device and the control device using a control device identifier. The data link may allow the exchange of information between the client device and the control device without an intermediate network node. The client device may receive a command request from the control device via the data link. The command request may be initiated by a control user of the control device. | 11-12-2015 |
| 20150327068 | DISTRIBUTING CONTENT IN MANAGED WIRELESS DISTRIBUTION NETWORKS - Multiple portions of protected content to host on a device are identified by the device, the multiple portions including one or more portions of each of one or more pieces of protected content. The multiple portions are obtained and stored on the device. The device is one of multiple devices in a managed wireless distribution network that allows portions of protected content to be transferred among the multiple devices via multiple wireless networks hosted by various ones of the multiple devices, and the device is configured to store portions of protected content that can be consumed by a user of the device only if the user of the device has permission to consume the protected content. Participation of the device in the managed wireless distribution network can also be identified, and a reward generated based on the participation of the device in the managed wireless distribution network. | 11-12-2015 |
| 20150334104 | NAVIGATION BRIDGE - Described herein is a system that can link multiple electronic media production and/or publication applications. The linking of the multiple applications may be facilitated through a browser. Also, a toolbar included in the browser may facilitate the links between applications and assist a user in controlling one or more workflows that use the linked applications. | 11-19-2015 |
| 20150334106 | Method And Apparatus For Access Credential Provisioning - A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided. | 11-19-2015 |
| 20150334569 | Rogue Wireless Beacon Device Detection - Techniques are presented for detecting rogue wireless beacon devices. Wireless transmissions from beacon devices are received at a plurality of receiver devices. The wireless transmissions of the beacon devices comprise packets that carry information used for location-based services for mobile wireless devices. Content of one or more fields of the packets transmitted by the beacon devices and received by one or more of the receiver devices is obtained. The content of one or more fields of the packets is analyzed to detect an unauthorized beacon device. The analyzing operation may involve comparing the content of the one or more fields of the packets against a list that contains one or more identifiers for authorized beacon devices. In another form, analyzing may involve analyzing the content of the one or more fields of the packets with pattern information related to advertising content or advertising source. | 11-19-2015 |
| 20150334632 | DETECTING AND DISABLING ROGUE ACCESS POINTS IN A NETWORK - A rogue access point in a wireless local-area network can be disabled by an authorized access point wirelessly transmitting a layer-2 broadcast packet. If a rogue access point receives this broadcast packet, it will forward a copy to the switch to which it is connected. The switch then determines whether the port on which the copy of the broadcast packet is received is associated an authorized access point port. If the switch determines the port is not an authorized access point port, the switch shuts down the port. | 11-19-2015 |
| 20150339463 | System and Method for Granting Permission for a Machine Action - A system and method for granting permission for a machine action may receive a machine generated request, associated with a source, where the machine generated request comprises request parameters that include a requested machine action, a target recipient of the requested machine action, and the source of the requested machine action. Accessing a stored set of capabilities where each of the one or more capabilities comprises permission parameters that include a permissible action, a specified recipient of the permissible action, and a specified source of the permissible action. Examining the one or more capabilities in the stored set of capabilities and determining whether the request parameters associated with the machine generated request match the permission parameters associated with a capability of the one or more capabilities. Granting permission to apply the machine generated request to the target recipient when a match is determined. | 11-26-2015 |
| 20150341330 | METHODS AND APPARATUS FOR DELEGATED AUTHENTICATION TOKEN RETRIEVAL - In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to send, from an authorization client on a device to a client authorization module, an indication of multiple applications installed on the device, and receive, at the authorization client and in response to the indication, multiple application tokens from the client authorization module. Each individual application token from the multiple application tokens received by the authorization client is uniquely associated with an application from the multiple applications installed on the device. The authorization client provides each application its associated application token such that each application from the multiple applications can use that application token in order to be authenticated to an application server associated with the application. | 11-26-2015 |
| 20150341331 | SECURING A WIRELESS MESH NETWORK VIA A CHAIN OF TRUST - A master beacon device emits a data packet that is received and retransmitted by servant beacon devices in a wireless mesh network that enables the beacon devices to detect the received signal strength indicator (“RSSI”) of beacon devices in proximity. Each servant beacon device transmits survey data packets comprising the RSSIs and hardware identifiers of proximate beacon devices to the master beacon device, which constructs a first virtual map of the mesh network. At a later time, each servant beacon device transmits authentication data packets, which are retransmitted, each retransmitting beacon inserting an RSSI and hardware identifier of the beacon device from which the authentication data packet was received, until they reach the master beacon device, which constructs a second virtual map of the mesh network. The master beacon device compares the first virtual map to the second virtual map to determine if the network is secure. | 11-26-2015 |
| 20150341334 | SYNCHRONIZING AUTHENTICATION SESSIONS BETWEEN APPLICATIONS - Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider. | 11-26-2015 |
| 20150341338 | SERIALIZED AUTHENTICATION AND AUTHORIZATION SERVICES - Requests for User Services on networked computers running on different platforms with different Authentication, Authorization and Auditing (AAA) Security Systems are processed through an AAA Services Manager Server and Web Services Servers. The AAA Services Manager Server communicates requests for User Services to Web Services Servers using corresponding URL Web addresses. Web Services correspond to their respective Authentication Security Systems and Authorization Security Systems through which User Services may be obtained. The Web Services Servers act to access, for User validation, the respective Authentication Security Systems and Authorization Security Systems according to their individual languages and computing platform requirements. | 11-26-2015 |
| 20150341347 | METHODS AND SYSTEMS OF ISSUING, TRANSMITTING AND MANAGING TOKENS USING A LOW-LATENCY SESSION SYNDICATION FRAMEWORK - A method of implementing session syndication using a low-latency session syndication framework may include receiving, by an inline frame associated with an authorization provider, a request from a client application for an access token. The inline frame may be embedded in the client application. The method may include sending, by the inline frame, a request for the access token to a computing device associated with the authorization provider, receiving, by the inline frame from the authorization provider, an access token associated with one or more resources of the authorization provider, and providing the access token to the client application. | 11-26-2015 |
| 20150341363 | SYSTEM AND METHOD FOR USING RESOURCES OF A COMPUTER SYSTEM IN CONJUNCTION WITH A THIN MEDIA CLIENT - A computer system including a processor and a memory for retrieving digital media content, storing the digital media content in the memory, and providing the digital media content to a thin media client is provided. | 11-26-2015 |
| 20150341366 | SPECIALIZED NETWORK FILESERVER - A method and apparatus of a portable storage device that provides a specialized network fileserver is described. In an exemplary method, the portable storage device retrieves a list of applications on the portable storage device, where each of the applications has a private filesystem. For each of the applications, the portable storage device determines if that application will share the corresponding private filesystem and adds that private filesystem to a shared filesystem of the portable storage device is that is shareable. The portable storage device further advertises the shared filesystem to a host that is coupled to the portable storage device. | 11-26-2015 |
| 20150341368 | AUTHORIZED DELEGATION OF PERMISSIONS - Systems and methods are described for delegating permissions to enable account access to entities not directly associated with the account. The systems determine a delegation profile associated with a secured account of at least one customer. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile. | 11-26-2015 |
| 20150341369 | Location Aware Shared Spaces - In one embodiment, a geo-social networking system maintains a data store of shared space, wherein each shared space comprises one or more content objects, a location, and one or more privacy settings. The geo-social networking system allows a user read-access to a shared space based on privacy settings associated with the shared space. The geo-social networking system allows a user write-access to a shared space if the user is at the location associated with the shared space. | 11-26-2015 |
| 20150347487 | System and Method for Capturing Data Sent by a Mobile Device - Systems and methods for providing capture, archival, and analysis of data sent by mobile devices over a carrier network, with the systems and methods not requiring the installation of any additional software on the mobile devices, the systems and methods also providing for alerts to be generated based on the content of the data. | 12-03-2015 |
| 20150347740 | STEGANOGRAPHIC ACCESS CONTROLS - Various features described herein may allow an authorized user to provide a guest with access to a secured location through use of an encoded image containing steganographically encoded access information. The encoded access information may be recognizable by a security system, and the security system may grant access to the secured location when the encoded image is presented to the security system. The authorized user may request the generation of the encoded image on an authorized computing device, and the encoded image may be provided to the guest on a guest computing device. When a monitoring device associated with the security system captures the encoded access information, the security system may, for example, open a door at the secured location. | 12-03-2015 |
| 20150350175 | Multi-factor secure appliance decommissioning - A network-based appliance includes a mechanism to erase data on the appliance's local storage. The appliance's normal system reset operation is overridden to enable a local user to place the appliance into a safe mode during which remote erasure of the storage is permitted, provided that mode is entered within a first time period following initiation of a system reset. If the appliance is placed in the mode within the time period, it can then receive commands to wipe the local storage. Once the safe mode is entered by detecting one or more actions of a local user, preferably the appliance data itself is wiped by another person or entity that is remote from the device. Thus, physical (local) presence to the appliance is necessary to place the device in the safe mode, while non-physical (remote) presence with respect to the appliance enables actual wiping of the storage device. | 12-03-2015 |
| 20150350179 | AUTHORITY TRANSFER SYSTEM, METHOD, AND AUTHENTICATION SERVER SYSTEM - An authority transfer system includes a determination unit configured to determine whether a domain of a service and a domain of an endpoint for allowing a client to acquire authority information are a same domain. An issue unit issues the authority information indicating that an authority of a user with respect to the service is transferred to the client without receiving an instruction to permit a transfer of the authority of the user with respect to the service to the client, if the two domains are determined to be the same domain by the determination unit. | 12-03-2015 |
| 20150350217 | METHOD AND SYSTEM FOR ALLOWING ACCESS TO ELECTRONIC DEVICES - Various aspects of a method and a system for allowing access to electronic devices are disclosed herein. The method, in an online application server communicably coupled to a first electronic device and a second electronic device, comprises receiving a progress status from the first electronic device. The received progress status corresponds to a user activity performed by a user of the first electronic device. Based on the received progress status, an access to the second electronic device is allowed. | 12-03-2015 |
| 20150350218 | Multi-factor secure appliance decommissioning - A network-based appliance includes a mechanism to erase data on the appliance's local storage. The appliance's normal system reset operation is overridden to enable a local user to place the appliance into a safe mode during which remote erasure of the storage is permitted, provided that mode is entered within a first time period following initiation of a system reset. If the appliance is placed in the mode within the time period, it can then receive commands to wipe the local storage. Once the safe mode is entered by detecting one or more actions of a local user, preferably the appliance data itself is wiped by another person or entity that is remote from the device. Thus, physical (local) presence to the appliance is necessary to place the device in the safe mode, while non-physical (remote) presence with respect to the appliance enables actual wiping of the storage device. | 12-03-2015 |
| 20150350223 | SYSTEM AND METHOD FOR FACILITATING USER INTERACTION WITH A SIMULATED OBJECT ASSOCIATED WITH A PHYSICAL LOCATION - Systems and methods for facilitating user interaction with a simulated object that is associated with a physical location in the real world environment is herein disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, of identifying the simulated object that is available for access based on location data. The location data can include a location of a device in a time period, the device for use by a user to access the simulated object. One embodiment includes, verifying an identity of the user; and in response to determining that the user is authorized to access the simulated object, providing the simulated object for presentation to the user via the device. | 12-03-2015 |
| 20150350225 | ATTENDANCE AUTHENTICATION AND MANAGEMENT IN CONNECTION WITH MOBILE DEVICES - System and method for single-action time and attendance record generation and processing via computing devices. The record is generated via a computing device (“Client System”) and received by a server system or other computing device (“Server System”). The user utilizes the Client System to execute a simultaneous or near-simultaneous process of authenticating his or her identity, recording time data and location data, and then sending this data to the server system. | 12-03-2015 |
| 20150350912 | RESIDENTIAL SERVICE DELIVERY BASED ON UNIQUE RESIDENTIAL APN - A method, in a network device, of delivering a residential service to an electronic device of a user over a network. The method comprises receiving a request from the electronic device of the user to access a residential service associated with the user; and retrieving a unique Access Point Name (APN) identifier associated with the residential service of the user. The method continues with determining that the electronic device is authorized to access the requested residential service based on the unique APN identifier associated with the residential service of the user; and responsive to the determination, transmitting an access authorization for the electronic device of the user to access the requested residential service. | 12-03-2015 |
| 20150358293 | Systems And Methods For Application-Specific Access to Virtual Private Networks - Described herein are systems and methods utilizing application-specific access to a virtual private network (“VPN”). A method may comprise receiving, from an application executing on a device, a request for a network data flow to a private network, comparing identification information associated with the application against a set of rules stored on a memory of the device, wherein the set of rules identifies conditions for the application to be authorized to access the private network, and establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the private network. | 12-10-2015 |
| 20150358303 | COMBINING FEED ITEMS ASSOCIATED WITH A DATABASE RECORD FOR PRESENTATION IN A FEED - Disclosed are techniques for combining feed items for presentation in a feed. For example, two feed items having different timestamps are processed. When the feed items are associated with the same database record and when a difference between the timestamps is less than or equal to a threshold, the feed items can be combined to produce a representative feed item. The representative feed item is configured to present information characterizing updates of the feed items outside of a chronological sequence of feed items in a feed when displayed on a display device. | 12-10-2015 |
| 20150358304 | Cloud Queue Access Control - An example implementation may involve a media playback system obtaining an authorization token corresponding to a particular queue of media items at a remote server. The media playback system may send to the remote server, (i) the obtained authorization token, and (ii) a request for access to one or more media items of the particular queue. The media playback system may receive, from the remote server, an indication that the media playback system may access the one or more media items. | 12-10-2015 |
| 20150358308 | COMPUTERIZED METHOD AND SYSTEM FOR MANAGING AN EMAIL INPUT FACILITY IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT - In embodiments of the present invention improved capabilities are described for managing an email input facility in a networked secure collaborative computer data exchange environment, wherein a secure email input facility for accepting non-secure email from outside the exchange into the secure collaborative computer data exchange environment, wherein the non-secure email is received and the non-secure email and/or the content delivered thereby is stored as secure content in a location of the secure exchange server related to at least one of the sender of the email, the subject line of the non-secure email, the destination address of the email within the exchange, and the content of the email. | 12-10-2015 |
| 20150358310 | Cloud Queue Access Control - An example implementation may involve a computing system receiving a request from a first media playback system for access to a queue of media items, and a request from a second media playback system for access to the queue of media items. The computing system may grant a first type of access to the first media playback system and a second type of access to the second media playback system. The first type of access and the second type of access may authorize a first set of operations and a second set of operations on the queue of media items, respectively. The computing system may provide an indication that the first media playback system may access the queue as authorized by the first type of access, and an indication that the second media playback system may access the queue as authorized by the second type of access. | 12-10-2015 |
| 20150358323 | SYSTEM AND METHOD FOR MODULAR AND CONTINUOUS DATA ASSURANCE - A system for assuring the integrity of information files includes a first server, a manifest transfer engine and a second server. The first server stores information files and an associated manifest file containing a manifest entry for each stored information file. The manifest transfer engine receives the manifest file and the information files from the first server on a predetermined basis. The manifest transfer engine compares an identifying characteristic of each received information file with the manifest entries in the manifest file and, when there is a match, transfers the associated information file on the output as an authenticated information file. The second server receives the authenticated information file from the manifest transfer engine, optionally segments the authenticated information file, and then generates an associated manifest entry for the received authenticated information file (or segmented information files) and stores the associated manifest entry (or entries) in an updated manifest file. | 12-10-2015 |
| 20150358326 | SECURED DATA EXCHANGE WITH EXTERNAL USERS - A method for controlling access to enterprise objects for an external user. The method includes receiving a search request from an external SRM for access to an enterprise object in an enterprise system, evaluating an enterprise rule tree to determine access and editing privileges granted to an external user accessor for the enterprise object, granting the access and editing privileges to the external user accessor based upon the enterprise rule tree, and sending the enterprise object as external user data to the SRM when the enterprise rule tree authenticates the external user accessor. | 12-10-2015 |
| 20150358329 | ACCESS RESTRICTION DEVICE, ON-BOARD COMMUNICATION SYSTEM AND METHOD FOR COMMUNICATION RESTRICTION - An access restriction device as well as an on-board communication system and a method for communication restriction, which prevent outside leakage of information caused by unauthorized access of malicious programs to an in-car network. The communication between the in-car network of the vehicle and an external device is performed by a security controller. The security controller can perform addition or update of a program involving processing for transmission and reception of the information. The security controller performs processing for restricting access to information of the in-car network performed by program execution according to an access authorization level of each program and an access permission level of each type of information. The security controller restricts the transmission depending on the access authorization level of each program and the access permission level of each type of information in case of transmitting the information to the in-car network by the program execution. | 12-10-2015 |
| 20150358332 | DETERMINING TRUST LEVELS ON A DEVICE RECEIVING AUTHORIZATION - Methods and systems for receiving an offer from an entrusting device to access one or more devices are disclosed. A trust model module of a first device receives the offer from the entrusting device to provide the first device with permission to access the one or more devices, and determines whether or not to accept the offer from the entrusting device to provide the permission to access the one or more devices, wherein the first device determines whether or not to accept the permission to access the one or more devices based on a relationship between the first device and the entrusting device and/or a relationship between the first device and the one or more devices. | 12-10-2015 |
| 20150358818 | SYSTEM AND METHOD FOR BROADCASTING DECOY SIGNALS AND AN AUTHENTIC SIGNAL IN A LOCATION OF INTEREST - A system and method for broadcasting decoy signals and an authentic signal in a location of interest are disclosed. A particular embodiment includes: initiating a local broadcast of decoy signals from a plurality of mobile devices in a location of interest, the local broadcast of decoy signals extending beyond the location of interest; initiating a local broadcast of an authentic signal from a first mobile device of the plurality of mobile devices in the location of interest; enabling the plurality of mobile devices to receive and retransmit the decoy signals and the authentic signal; and authorizing a second mobile device of the plurality of mobile devices and enabling the second mobile device to differentiate the decoy signals from the authentic signal. | 12-10-2015 |
| 20150358824 | METHOD AND APPARATUS FOR CONTROLLING ACCESS IN WIRELESS COMMUNICATION SYSTEM - Provided is a method for processing a specific object instance associated with a server due to a server account deletion in a wireless communication system, according to one embodiment of the present invention, wherein the method is performed by a terminal and comprises the steps of: receiving from a first server an action command for deleting an account of a specific server; deleting the specific object instance and an access control object instance associated with same when the specific object instance is an object instance accessible only to the specific server, and deleting access authorization information of the specific server from the access control object instance associated with the specific object instance when the specific object instance is an object instance accessible by a plurality of servers including the specific server; and changing the server having the largest sum of values granted to an access authorization of each of the plurality of servers, with the exception of the specific server as the access control owner, when the specific server is the only access control owner of the access control object instance. | 12-10-2015 |
| 20150365368 | DATA GOVERNANCE FOR EMAIL SYSTEMS - An enterprise email governance system including an enterprise-wide email communication item events monitoring subsystem providing at least near real time indications of email communication item events and an enterprise-wide email communication item events storage subsystem receiving inputs from the monitoring subsystem and providing at least near real time user accessibility to the email communication item events. | 12-17-2015 |
| 20150365391 | METHODS AND SYSTEMS FOR AUTOMATIC CONTENT RETRIEVAL AND ORGANIZATION - Methods and systems for automated retrieval of content embedded in or referred to in a message received in a user account are provided. A UCM and/or a UCR may access a user account and retrieve a message from the account. The message may be then analyzed to extract information related to the content that may be included in the message. The content associated with the extracted information is accessed and retrieved. The retrieved content is presented to the user. | 12-17-2015 |
| 20150365393 | PROVISIONING FOR SMART NAVIGATION SERVICES - Techniques for provisioning a smart navigation service are presented. The provisioning can be performed by a name owner, by the smart navigation service itself, or by a third-party keyword service. The provisioned information can include an entity name, a keyword, and possibly other data correlated to at least one network locator. The navigation service electronically stores in navigation service persistent memory a rule correlating the entity name, the keyword, and, if used, the other data, to the at least one network locator, such that when the navigation service receives, from a client computer communicatively coupled to the navigation service, command data that includes the entity name, the keyword, and possibly other data, the navigation service responds to the client computer with the at least one network locator. | 12-17-2015 |
| 20150365397 | WEB AUTHENTICATION METHOD AND SYSTEM - In a web authentication method for launching a webpage, a HTTP GET request is sent to a server and verified for the existence therein of an authorization field. If no, an affirming message and a source code for generating a login page are sent. A piece of authorization data is inputted to the login page, at least part of which is generated based on the source code by a scripting engine of a browser. Contents required by the authorization field are generated based on the input information and sent along with the authorization field to the server by the web browser as instructed by the scripting engine through an API. The webpage is selectively launched. | 12-17-2015 |
| 20150365419 | SECURING PARTNER-ENABLED WEB SERVICE - The claimed subject matter provides a method for securing a partner service. The method can include receiving a request, wherein the request comprises a unique value, to access the partner service, wherein the request is received from a browser client for a partner application and determining that a user is authorized to access the partner application, the partner application generating a token that associates the user with the partner application. The method can also include generating a signature for the token, the signature to enable the partner service to independently regenerate the signature, the token comprising an identifier for the partner application enabling the partner service to detect which partner application generates the token and sending the token with the signature to the browser client. | 12-17-2015 |
| 20150365421 | AUTOMATIC INTERNET ACTIVATION FOR REGISTERED USER DEVICE UPON DETECTING ITS DEVICE IDENTIFIER ON NETWORK OF HOSPITALITY ESTABLISHMENT DURING ACTIVE RESERVATION - A service controller includes a network interface for coupling to a local area network of a hospitality establishment, and one or more processors coupled to the network interface. The one or more processors are configured to detect a device identifier of a user device on a local area network of a hospitality establishment, determine whether a guest of the hospitality establishment is associated with the device identifier, and automatically activate a service for the user device at the hospitality establishment in response to detecting the device identifier on the local area network when a guest of the hospitality establishment is determined to be associated with the device identifier. | 12-17-2015 |
| 20150371010 | Multi-Media Authentication Infrastructure - Methods, apparatuses, and systems facilitating search, discovery, submission and/or distribution of digital objects over networks. In one implementation, the system allows users to search, discover, submit and exchange authenticated digitally encoded multi-media objects in any number of different formats and direct that content to any device or devices. | 12-24-2015 |
| 20150371031 | METHOD, SYSTEM, AND AUTHENTICATION DEVICE - A method includes: receiving a request for processing, the processing having to be preceded by an authorization process for a source of the request, the authorization process being performed based on authorization information which a term of validity is set; storing historical information indicative of a history of a request for the processing from the source; and setting, by a processor, the term of validity of the authorization information based on the historical information. | 12-24-2015 |
| 20150372999 | METHODS AND APPARATUS FOR USING SMART ENVIRONMENT DEVICES VIA APPLICATION PROGRAM INTERFACES - In one embodiments, a method for authorizing access for an application programming interface (API) client or API client device to data of one or more data models of one or more smart devices includes retrieving a number of access tokens from an authorization server, and providing, via a single connection, the number of access tokens in a request made by the API client or the API client device to the API, wherein the number of access tokens are used to verify access rights of the API client or the API client device to read data for a number of users associated with the one or more data models of the one or more smart devices. | 12-24-2015 |
| 20150373002 | Participation Thresholding for Extending Communication Security Functionality - Systems and methods can support change management thresholds within human machine interfaces. An operation or feature may be introduced into a multi-user information system where a benefit is conveyed to specific benefited instances of events. A user indication associated with the specific benefited instances may be initially disabled. A quantity of the specific benefited instances may be calculated or counted. The calculated quantity may be compared to a threshold quantity. The user indication associated with the specific benefited instances may be enabled in response to the comparison indicating that the threshold has been exceeded. The user indication may be presented via a user interface mechanism associated with the multi-user information system. According to certain examples, sender authentication may be added to an email system such that instances of authentication are not displayed until a certain number or percentage of messages is being authenticated. | 12-24-2015 |
| 20150373009 | Proxy Bypass Login for Applications on Mobile Devices - In one embodiment, an intermediate server receives a request with a secure ID to authorize a software application, transmits the secure ID to a system, receives an access token from the system indicating that the software application has been authorized, evaluates the access token for validity, and transmits a response to the mobile device indicating the software application is authorized. | 12-24-2015 |
| 20150373024 | METHODS, DEVICES AND SYSTEMS FOR MANAGING AUTHORITY - A method for a device to connect to a wireless network is provided. The method includes: acquiring authority use data of a user; processing the authority use data to obtain an authority result; and sending the authority result to a terminal device. | 12-24-2015 |
| 20150373026 | PERMISSION MANAGEMENT METHOD, DEVICE AND SYSTEM FOR CLOUD PLATFORM SERVICE - A permission management method, a permission management device, and a permission management system for a cloud platform service are disclosed. The method includes: obtaining an operation/access request of a calling party, wherein the operation/access request includes operation information, target information and session information of the calling party, and the target information of the calling party includes an ongoing session information; determining that the session information includes an initial session information of the calling party and the initial session information is valid; and conducting an permission check for the operation/access request. Thus, the legitimacy of an operation/access request for a cloud platform service can be ensured, and the security of a cloud platform service can be guaranteed. | 12-24-2015 |
| 20150373027 | MANAGING ACCESS TO A NETWORK - An example method for managing access to a network includes presenting, in a user interface of a computer on the network, options to designate by device class, one or more classes of device to which network access will be allowed; and, with a dynamic host configuration protocol (DHCP) server on the network, allowing or denying access to the network based, at least in part, on whether a device requesting access belongs to the one or more classes designated. | 12-24-2015 |
| 20150373028 | Entitlement Predictions - Systems, methods, and devices for predicting entitlements to computing resources are described. An entitlement associated with a user of a computer system may be identified. The entitlement may indicate a computing resource of the computer system that is accessible to the user. A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained. The entitlement probability value may be based on the set of attributes and indicate a probability that the user is authorized to have the entitlement. The entitlement probability value may be used to determine whether to include the entitlement in an access review. Depending on the entitlement probability value the entitlement may be included in the access review or excluded from the access review. | 12-24-2015 |
| 20150373051 | Dynamic authentication using distributed mobile sensors - Systems and techniques are provided for dynamic authentication using distributed mobile sensors. According to an embodiment of the disclosed subject matter, signals may be received from sensors. Some of the sensors may be located on a remote computing device. Heuristics, mathematical optimization, decisions trees, machine learning systems, or artificial intelligence systems may be applied to the signals from sensors to determine a trust outcome. The trust outcome may be sent to be implemented by the enabling, disabling, or relaxing of a security measure based on the trust outcome. | 12-24-2015 |
| 20150373537 | AUTHORIZATION OF NETWORK ADDRESS TRACKING - Various embodiments are disclosed for enabling a user to physically acknowledge monitoring of their mobile device's network address (e.g., upon entering a store to track the user's movement through the store based upon the mobile device's MAC address). An Access Point coupled with a network system may identify the user device's MAC address, but the network system may defer retention and use of the MAC address until the user provides a physical authorization to do so. The user may provide such a physical authorization by placing their mobile device in physical proximity to a kiosk. The kiosk may emit a signal via, e.g., a magnetic field, radiation, sonification, imaging, etc. An application running on the user device may receive this signal. For example, the kiosk may emit a magnetic field to manipulate the user device's compass hardware. The application may monitor and derive a kiosk identifier from these manipulations. The application may then provide the kiosk identifier (and the device MAC address in some embodiments) to the network system to verify the user's willingness for their MAC address to be monitored. | 12-24-2015 |
| 20150373540 | SECURE MECHANISM FOR OBTAINING AUTHORIZATION FOR A DISCOVERED LOCATION SERVER - Methods and apparatuses are presented for use in a terminal to access a discovered location server. The methods may include in response to a determination that a first network does not support authenticated access from the terminal to a home location server, obtaining authenticated access to the home location server using a second network that does support authenticated access to the home location server by the terminal. In response to obtaining authorization for the discovered location server from the home location server, the terminal may access the discovered location server using the first network. | 12-24-2015 |
| 20150373543 | PROVIDING ACCESS TO AND ENABLING FUNCTIONALITY OF FIRST DEVICE BASED ON COMMUNICATION WITH SECOND DEVICE - In one aspect, a device includes a processor and a memory accessible to the processor. The memory bears instructions executable by the processor to receive at least a first Bluetooth low energy (BLE) signal from a BLE beacon and enable a first function of the first device at least in part in based on receipt of the first BLE signal. | 12-24-2015 |
| 20150379256 | Authentication Method using Liveness Verification - An authentication method requires receiving an order from a server to perform an act which is then verified by the server for liveness. The act may comprise shining a color on an object such as the face of the user, holding a flash at a particular location or a combination of these and other similar acts. | 12-31-2015 |
| 20150381574 | AUTHORIZATION OF JOINING OF TRANSFORMATION CHAIN INSTANCES - The authorizing of transformation chain instances of different transformation chain classes to join so as to act as a compound transformation chain instance. Class-level authorized dependencies are identified between transformation chain classes. Then, instance-level authorization is performed in accordance with one or more joining criteria, presuming that the instances are of appropriate classes that may be joined. The joining allows the instances to act as a single compound transformation chain whereby data is permitted to flow across the boundaries of the constituent transformation chain instances. New transformation chain instances may be joined to the compound transformation chain instances, and transformation chain instances may be removed from the compound transformation chain instance, thereby dynamically changing the compound application. | 12-31-2015 |
| 20150381602 | AUTOMATED AUTHORIZATION RESPONSE TECHNIQUES - Techniques are disclosed relating to automating permission requests, e.g., in the context of multi-factor authentication. In some embodiments a mobile device receives permission requests that specify sets of one or more automation criteria. In some embodiments, the mobile device prompts a user for a response to permission requests when the criteria are not met and automatically responds to permission requests (e.g., without requiring user input) when the criteria are met. Disclosed techniques may increase authorization security while reducing user interaction for multi-factor authentication, in some embodiments. | 12-31-2015 |
| 20150381606 | Sharing Between CPE and Companion Device - In one embodiment, a method and system for a companion device to share an application context and authorization context with a consumer premises equipment (CPE) device is described. The method and system includes transmitting a search request by a search request transmitter using a service discovery protocol, receiving a response to the search request from the CPE device, creating an authorization context at an authorization context creating processor, the authorization context including metadata that grants access to a resource, transmitting, by an authorization context transmitter, the authorization context to an application resident on the CPE device, establishing a trusted session between the application resident on the CPE and a device application, the establishing a session by the device application including requesting a digital certificate from the CPE, receiving the digital certificate from the CPE, and validating the digital certificate, creating, at an application context data creating processor, application context data, and transmitting the application context data created to the CPE device, wherein the application context data enables the CPE device to request access to an authorized resource from a resource provider. Related methods, systems, and apparatus are also described. | 12-31-2015 |
| 20150381623 | SUBSCRIBER MANAGEMENT USING A RESTFUL INTERFACE - A controller provides authentication, authorization, and accounting (AAA) services for a network, the controller comprising a control unit having one or more processors and a Representational State Transfer (REST) interface executed by the control unit to receive application data that specifies an interface method and a resource identifier for a resource, the resource identifier conforming to a subscriber management resource model. The REST interface determines, based on the resource identifier, a record for a subscriber management construct corresponding to the resource. The REST interface applies, to the record, an action corresponding to the interface method to modify access to the network by a subscriber. | 12-31-2015 |
| 20150381627 | IDENTIFICATION OF PATTERNS IN STATEFUL TRANSACTIONS - A system for the identification of patterns in stateful transactions may include a message interceptor, a message pattern processor, a message handler, and a memory. The message interceptor may be operative to intercept messages transmitted by a first device over a network to a recipient. The message interceptor may be operative to intercept the messages before the messages are received by the recipient. The message pattern processor may be operative to add the message to a message pattern and store the message pattern in a memory. The message pattern processor may compare the message pattern to a plurality of exemplary message patterns and identify when the message pattern matches at least one of the exemplary message patterns. The message handler may be operative to determine an action to take with respect to the message based on the at least one matching exemplary message pattern identified by the message pattern processor. | 12-31-2015 |
| 20150381628 | SYSTEMS AND METHODS FOR SECURING SOCIAL MEDIA FOR USERS AND BUSINESSES AND REWARDING FOR ENHANCING SECURITY - The disclosed system and method enhances security of people, organizations, and other entities that use what has been termed “social media.” Recent trends have shown that information posted to social media may cause tremendous damage to individuals and other entities. This includes information that was posted deliberately or unintentionally, including social security numbers, financial data and other sensitive information. Further, information that previously may have been viewed as innocuous, such as location data, has caused harm on certain occasions and may need to be protected. The disclosed system provides a novel method of screening, identifying, and preventing certain information from being posted on social media and other public locations. In addition, the disclosed system and method improves security by motivating people to use security software by offering rewards for its use. | 12-31-2015 |
| 20150381629 | Crowd Sourced Access Approvals - An approach is provided in which a crowd source access manager receives a user request from a requestor to access a resource and determines a set of candidate approvers of the resource. The crowd source access manager identifies a crowd sourced set of users corresponding to the requestor and identifies preferred approvers from the crowd sourced set of users that are also included in the set of candidate approvers. In turn, the crowd source access manager notifies the preferred approvers of the user request. | 12-31-2015 |
| 20150381630 | INFORMATION PROCESSING SYSTEM, ACCESS METHOD, AND TERMINAL DEVICE - An system comprises: a first storage that stores access destination information, characteristic information, and first identification information in a manner associated with one another; a transmitter that transmits a captured image of a medium; a first-acquiring-unit that extracts the characteristic information and acquires the access destination information and the first identification information associated with the characteristic information, access based on the access destination information being controlled by an authentication device comprising a second storage that stores second identification information allocated to each medium, third identification information corresponding to the first identification information, and collation information indicating an access source in a manner associated with one another; a second-acquiring-unit that acquires fourth identification information allocated to each medium from the captured image; and an access unit that transmits the first identification information, the fourth identification information, and the collation information when accessing an access destination indicated by the access destination information. | 12-31-2015 |
| 20150381631 | SENSORS FOR A RESOURCE - A system may include first sensor to monitor first information relating a volume of information searched by a user, a second sensor to monitor second information relating to a number of requests, made by the user, to access a resource, a third sensor to monitor third information relating to a number of requests, made by the user, from different geographic locations, and a device to receive the first information, the second information, and the third information, and process the first information, the second information, and the third information in connection with the resource. | 12-31-2015 |
| 20150381633 | AUTOMATED AUTHORIZATION RESPONSE TECHNIQUES - Techniques are disclosed relating to automating permission requests, e.g., in the context of multi-factor authentication. A mobile device may display an option to allow a user to automate responses to future permission requests to perform an action. The mobile device may automatically respond to subsequent permission requests based on at least one automation criterion. The action may include login, transaction approval, physical access, vehicle ignition, account recovery, etc. The automation criteria may include location, acceleration, velocity, wireless connectivity, proximity to another device, temperature, lighting, noise, time, biometrics, altitude, pressure, image characteristics, etc. Disclosed techniques may increase authorization security while reducing user interaction for multi-factor authentication, in some embodiments. | 12-31-2015 |
| 20150382190 | ENHANCED SECURE IDENTITY GENERATION - An authentication system includes a first authentication key associated with a first device, the first authentication key having a corresponding authentication level, a second authentication key associated with a second device, the second authentication key having a corresponding authentication level, and an enhanced authentication key generated when the first and second authentication keys are combined, the enhanced authentication key having an authentication level that represents a higher authentication level than the authentication level of the first authentication key and the authentication level of the second authentication key. | 12-31-2015 |
| 20150382195 | PREEMPTIVE AUTHORIZATION AUTOMATION - Techniques are disclosed relating to automating permission requests, e.g., in the context of multi-factor authentication. In some embodiments, based on a change in one or more automation criteria (e.g., based on a mobile device entering a particular geographic region) a mobile device is configured to preemptively indicate to an authorization system to automatically authorize a subsequent attempt to perform an action, without transmitting the permission request to the mobile device. The mobile device may later revoke the preemptive permission request, e.g., based on another change in automation criteria. Disclosed techniques may increase authorization security while reducing user interaction for multi-factor authentication, in some embodiments. | 12-31-2015 |
| 20160006714 | PROTECTED MEDIA PIPELINE - A system for processing a media content comprising an application space, a media control mechanism operating in the application space, the media control mechanism controlling the operation of the system, a user interface adapted to provide input to the media control mechanism, a protected space distinct from the application space, and a protected media pipeline operating in the protected space, the protected media pipeline coupled to the media control mechanism, the protected media pipeline adapted to access the media content, process the media content, and output the media content. | 01-07-2016 |
| 20160006734 | DUAL CHANNEL IDENTITY AUTHENTICATION - Identity authentication comprises: determining, in response to a request from a first device operated by a source user, that an identity authentication is to be performed for the source user; identifying a target user who is deemed to satisfy at least a preset condition, the target user being a user other than the source user; generating validation information to authenticate identity of the source user; sending the validation information to a second device operated by the target user; receiving a validation response from the first device operated by the source user; and performing identity authentication, including verifying whether the validation response received from the first device operated by the source user matches the validation information sent to the second device. | 01-07-2016 |
| 20160006736 | Method and system for implementing authentication and accounting in interaction between wireless local area network and fixed network - Disclosed is a method for implementing authentication and accounting in the interaction between a wireless local area network (WLAN) and a fixed network. The method comprises: after a user equipment (UE) accesses a network, by means of a proxy function of an authentication, authorization and accounting server (AAA) of an access controller (AC), performing interaction between a broadband network gateway (BNG) and the AAA, and implementing authentication and accounting on the UE in sequence. Also disclosed at the same time is a system for implementing authentication and accounting in the interaction between a WLAN and a fixed network. By adopting the method and system of the present disclosure, authentication and accounting on a UE can be effectively implemented in the interaction between a WLAN and a fixed network. | 01-07-2016 |
| 20160006742 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREOF - An information processing apparatus which manages identification information of a first user and device identification information of a device of the first user in association with each other, manages identification information of a second user and device identification information of a plurality of devices of the second user in association with each other, and controls data transmission and reception between the devices of the first user and the second user. The apparatus receives a request to the second user from the first user, transmits the request from the first user to the plurality of devices of the second user, and notifies a device other than the device that transmitted the permission information among the plurality of devices of the second user of cancellation of the request. | 01-07-2016 |
| 20160006743 | Bidirectional authorization system, client and method - Disclosed is a bidirectional authorization system, including a first service provision subsystem configured to acquire a first temporary credential of the first service provision subsystem and a second temporary credential of a second service provision subsystem, respectively, send the second and the first temporary credential to the user terminal and the second service provision subsystem, respectively, send the second authorization credential returned by the user terminal to the second service provision subsystem to exchange for a second access token and acquire the second service resources; a second service provision subsystem configured to modify the first temporary credential and send it to the user terminal, send the first authorization credential returned by the user terminal to the first service provision subsystem to exchange for a first access token, and acquire the first service resources; and a user terminal configured to authorize the received second and first temporary credentials, respectively, and return the second and first authorization credentials to the first and second service provision subsystems, respectively. A bidirectional authorization client and a method are also disclosed. The present disclosure can be used to enable clients on both sides to simultaneously access resources of the opposite side. | 01-07-2016 |
| 20160006744 | SENSOR-BASED HUMAN AUTHORIZATION EVALUATION - A resource-access management system detects whether a user is authorized to access resources. The system may include a user device being configured to include a sensor that detects sensor data associated with the user. Further, the system includes a client qualification engine that determines whether or not a client is authorized to access the resources by comparing the sensor data with a plurality of patterns for evaluating whether or not the user is an authorized user. User scores are generated based on the compared sensor data and the plurality of patterns. Further, a composite score corresponding to the user is generated using the sensor data, plurality of patterns, and one or more additional criteria. Whether the user is granted access to the resources, presented with unauthorized user tests, or blocked from access to the resources depends on the composite score and threshold values. | 01-07-2016 |
| 20160006746 | PRIORITY BASED RADIUS AUTHENTICATION - An apparatus, method and machine readable storage medium, for an authentication server such as a RADIUS server, for authenticating a subscriber are disclosed. The method comprises: receiving at the authentication server, a request message including a plurality of attributes having respective attribute names and respective attribute values; retrieving from a profile storage, an authentication profile object; identifying a plurality of authentication attributes to use for authentication, including a respective associated priority value, from the authentication profile object; extracting attribute values from the request message, corresponding to each authentication attribute; and attempting to authenticate the request message based on each of the extracted attribute value in order of a respective associated priority value until the authentication attempt is successful. | 01-07-2016 |
| 20160012248 | ACCESS PERMISSION SYSTEM AND ACCESS PERMISSION DETERMINATION METHOD | 01-14-2016 |
| 20160013985 | ON-DEMAND BANDWIDTH PROVISIONING IN A NETWORK ENVIRONMENT | 01-14-2016 |
| 20160014093 | AUTOMATIC GENERATION AND REGISTRATION OF ALTER-EGO WEB SERVICE ACCOUNTS | 01-14-2016 |
| 20160014106 | Method, apparatus and system for implementing third party application in micro-blogging service | 01-14-2016 |
| 20160014108 | PORTABLE HOME DEVICE MANAGING SYSTEMS AND DEVICES THEREOF | 01-14-2016 |
| 20160014118 | ACCESS CONTROL METHOD, AUTHENTICATION METHOD, AND AUTHENTICATION DEVICE | 01-14-2016 |
| 20160014121 | AUTHORIZATION OF A FINANCIAL TRANSACTION | 01-14-2016 |
| 20160014122 | Secure transfer of web application client persistent state information into a new domain | 01-14-2016 |
| 20160014130 | APPARATUS AND METHOD FOR USING AUDIO CONNECTORS TO ENABLE A WEB PAGE TO ACCESSPERIPHERALS NOT SUPPORTED BY A WEB BROWSER | 01-14-2016 |
| 20160014133 | IMAGE MANAGEMENT SYSTEM | 01-14-2016 |
| 20160014134 | MAINTAINING A LIMITED USER PROFILE FOR SOCIAL NETWORKING SYSTEM USERS UNABLE TO ESTABLISH A USER PROFILE | 01-14-2016 |
| 20160014136 | PROVISIONAL ADMINISTRATOR PRIVILEGES | 01-14-2016 |
| 20160014137 | Systems, Methods and Programs for Detecting Unauthorized Use of Text Based Communications Services | 01-14-2016 |
| 20160014138 | ENCODING LDAP ROLE AND DOMAIN INFORMATION IN A FIXED FORMAT | 01-14-2016 |
| 20160014142 | LINK DISCOVERY METHOD AND APPARATUS | 01-14-2016 |
| 20160014153 | Secure transfer of web application client persistent state information into a new domain | 01-14-2016 |
| 20160014602 | Method, Device and Terminal for Binding NFC Application and Operator | 01-14-2016 |
| 20160021070 | SYSTEM AND METHOD FOR DATA-PROTECTION-COMPLIANT CAPTURE AND FORWARDING OF TELEMETRY DATA - System for automated capture of telemetry data consisting of motion data and existing sensor data in transport means currently involved in the traffic for use to provide both services that benefit the public and services that are individual to single road users, comprising a data centre and a respective data capture/transmission device in the involved transport means, which communicate with one another via a wireless transmission path consisting of existing mobile radio networks and a secured internet protocol, characterized in that the data centre is situated in an organization that is independent of the integration point of the data capture/transmission devices and the service provider, has sole control over the captured telemetry data from the transport means and does not know the identity of the individual road users. | 01-21-2016 |
| 20160021082 | METHOD AND APPARATUS FOR PREVENTING ILLEGITIMATE OUTFLOW OF ELECTRONIC DOCUMENT - An apparatus and method for preventing illegitimate outflow of an electronic document. The apparatus includes a taking-out control unit, a taking-out management server unit, and a self-response agent unit. The taking-out control unit generates a virtual disk for storing an electronic document to be controlled, and controls the taking-out of the electronic document. The taking-out management server unit authenticates whether the taking-out of the electronic document is legitimate taking-out. The self-response agent unit performs self-extinction when a result indicating illegitimate outflow is received from the taking-out management server unit. | 01-21-2016 |
| 20160021083 | AUTOMATED IDENTITY ASSESSMENT METHOD AND SYSTEM - A method, system and software for assessing an entity ( | 01-21-2016 |
| 20160021116 | CONTROLLING DEVICES BY SOCIAL NETWORKING - In one embodiment, a method includes analyzing information received from a first network-enabled device to identify instructions for a second network-enabled device associated with a second user of a social-networking system, the first network-enabled device being associated with a first user of the social-networking system. The method also includes determining (1) that the first user is connected to the second user with respect to a social graph of the social-networking system and (2) that the first user has authorization to provide instructions to the second network-enabled device, where the authorization is based on social-networking information. The method further includes providing the instructions to the second network-enabled device. | 01-21-2016 |
| 20160021118 | PARAMETER BASED KEY DERIVATION - A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential. | 01-21-2016 |
| 20160021537 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER OF A COMPUTER APPLICATION, NETWORK, OR DEVICE USING A WIRELESS DEVICE - A method and system for authenticating a user includes providing an invocation element capable of being activated by a single user action, receiving an indication that the invocation element has been activated, obtaining a location of a wireless device associated with the user, determining whether the wireless device is associated with an authorized user, approving the user to use the application based on a predetermined location criterion, and producing an indication that the user has been authenticated. | 01-21-2016 |
| 20160026779 | DETERMINING USER AUTHENTICATION REQUIREMENTS BASED ON THE CURRENT LOCATION OF THE USER IN COMPARISON TO THE USERS'S NORMAL BOUNDARY OF LOCATION - Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to known boundaries of location associated with the user, such as patterns of movement or the like. As such, the present invention serves to expedite the process for authenticating a user who desires to gain access to a network service, such as a banking application or the like. | 01-28-2016 |
| 20160026809 | NETWORK BASED COLLABORATIVE INTERACTIVE DEVICES - There is disclosed a method of establishing a communication network for connecting a plurality of computing devices, comprising: establishing a network under the control of one of the computing devices; running an application on at least one of the computing devices; and controlling access to an application running on a device by at least one other device by defining an access setting for each application running on device. | 01-28-2016 |
| 20160028705 | COMMUNICATION SYSTEM AND ROUTER - A communication system includes an authentication apparatus, a router and a second apparatus. The authentication apparatus includes a first acquisition unit that acquires first authentication information of a user of a first apparatus, an authentication unit that performs authentication using the first authentication information, and a first transmission unit that transmits an address of a second apparatus to the first apparatus and transmits an address of the router to the second apparatus. The router includes a second transmission unit that acquires the address of the second apparatus and second authentication information of the user, and transmits the address of the router and the second authentication information. The second apparatus includes a second acquisition unit that acquires the address transmitted by the first transmission unit, a third acquisition unit that acquires the second authentication information and the address, and a connection unit that establishes connection to the router. | 01-28-2016 |
| 20160028710 | SYSTEMS AND METHODS FOR RFID SECURITY - An RFID system includes an RFID tag, an RFID reader, and a server. The RFID tag communicates to the server via encrypted information. The information may be encrypted with synchronized encryption keys. In this manner, the reader need not decrypt the information from the RFID tag. The effectiveness of malicious readers is thereby reduced, resulting in improved RFID tag security. | 01-28-2016 |
| 20160028713 | Universal Serial Bus (USB) Flash Drive Security System And Method - A universal serial bus (USB) flash drive security system includes a smart phone | 01-28-2016 |
| 20160028718 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus includes a reception unit, an operation control unit, and an invalidation unit. The reception unit receives an operation on data. The operation control unit performs control of permitting, from among received operations, a first operation which is associated with authorization information for a case where authorization information indicating authorization for an operation is valid, and rejecting the first operation for a case where the authorization information is invalid and a second operation which is different from the first operation. The invalidation unit invalidates the authorization information when the second operation is rejected. | 01-28-2016 |
| 20160028733 | OFF-SITE USER ACCESS CONTROL - Systems and methods are described for off-site user access control to communications services via a site-based communications network. Embodiments operate in context of sites, each having one or more site-based networks in communication with external networks via one or more on-site routers. User devices are provided with controlled access to those external networks via wired or wireless connections between those user devices and the site based networks. In some embodiments, on-site routers maintain route maps that indicate which user devices are authorized. Standard routing functions are used so that traffic from authorized devices is routed normally, while traffic from unauthorized devices is automatically forwarded to an off-site (e.g., cloud-based) authentication system. As devices become remotely authenticated, the off-site authentication system can remotely update route maps of the on-site routers to add those devices. | 01-28-2016 |
| 20160028735 | PRIVATE ANALYTICS WITH CONTROLLED INFORMATION DISCLOSURE - A cloak server is used to analyze and control disclosure of user data by authenticating at least one of a user, an at least one client associated with the user, a source, a sink, and a third party. The cloak server receives user data transmitted by at least one of the at least one client and a source and associates the received user data with the user. The cloak server stores, seals, and unseals the received user data and is hardened such that the stored user data is not readable from outside the cloak server. The cloak server further generates, based at least in part on a first permissions indicator, a result by executing a computation on the stored user data, and transmits, based at least in part on a second permissions indicator, the result to at least one of the at least one client, and a sink. | 01-28-2016 |
| 20160028736 | AGGREGATED DATA IN A MOBILE DEVICE FOR DISPLAYING CLUSTER SESSIONS - A method, a device and a system for providing access on a mobile device to aggregated data for interactively displaying a session for a candidate token are provided. The method includes populating data records of a data repository of a data management system from an external data system; generating first information in the data records stored in the data repository; caching the first information on a caching server; creating an application link to be displayed in a mobile device, wherein the application link enables the access to the cached first information that is stored in the data repository; providing an access authorization to the mobile device; retrieving the cached first information from the caching server; displaying the cached first information in a user interface; generating second information dynamically; displaying the second information in the user interface of the mobile device; and deactivating the application link after the session takes place. | 01-28-2016 |
| 20160028738 | VALIDITY VERIFICATION METHOD AND INTERMEDIATE SERVER - A validity verification method and an intermediate server are provided. The method through the intermediate server includes receiving a request from one or more external platforms for accessing an operation server; connecting the one or more external platforms with the operation server; verifying validity of the request according to an external platform and an operation which the external platform is one of the one or more external platforms and identifies where the request is from, and the operation is requested to be accessed by the external platform; and after the request is verified, sending the request to the operation server. | 01-28-2016 |
| 20160029217 | SECURING WIRELESS CONNECTIONS USING LOCATION-SPECIFIC CONTEXTUAL INFORMATION - A mobile wireless device detects a first wireless device that seems to be a known access point. Location-specific contextual information for the first wireless device is identified. A wireless connection with the first wireless device is established if it is determined that the location-specific contextual information for the first wireless device matches known location-specific contextual information for the access point. A wireless connection with the first wireless device is not established, or is only established after receiving user confirmation, if it is determined that the location-specific contextual information for the first wireless device does not match the known location-specific contextual information for the access point. | 01-28-2016 |
| 20160034677 | METHOD AND SYSTEM FOR VERIFICATION OF HUMAN PRESENCE AT A MOBILE DEVICE - A method and system is provided for verifying human presence at a mobile device. The method includes receiving a request for verification. Further, the method includes sending a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenge to the mobile device. Further, the method includes receiving a response to the CAPTCHA challenge. Finally, the method includes verifying the human presence by matching the response received to the CAPTCHA challenge sent. | 02-04-2016 |
| 20160036794 | DETERMINING WHETHER TO USE A LOCAL AUTHENTICATION SERVER - The present disclosure discloses a method and a system for determining whether to use a local authentication server. Specifically, a first network device executing a first authentication server receives a request for authentication from a client device. The first network device determines whether the client device was previously successfully authenticated by a second authentication server executing on a second network device within a particular period of time. If so, the first network device attempts to authenticate the client device using the first authentication server. Otherwise, the first network device declines the request for authentication from the client device. | 02-04-2016 |
| 20160036795 | METHOD AND SYSTEM FOR PROVIDING A VIRTUAL ASSET PERIMETER - A system and method provides a virtual perimeter by maintaining a data structure for identifying a first plurality of assets, according to one embodiment. The system and method provides services to a second of the first plurality of assets, at least partially based on identifiers for the first plurality of assets and at least partially based on a first role assigned to a first of the first plurality of assets, according to one embodiment. The system and method include admitting one of a second plurality of assets into the virtual perimeter if characteristics of the one of the second plurality of assets satisfy criteria for admission to the virtual perimeter, according to on embodiment. | 02-04-2016 |
| 20160036809 | PASSWORDLESS STRONG AUTHENTICATION USING TRUSTED DEVICES - A code for accessing a resource having a customer account associated therewith is presented via a secondary device, and authentication data indicative of the code that was presented is received from a primary device. The primary device is identified as a trusted device associated with the customer account responsive to receiving the authentication data therefrom, and the secondary device is authenticated for access to the resource responsive to identification of the primary device as the trusted device associated with the customer account. | 02-04-2016 |
| 20160036819 | ON-BOARDING A DEVICE TO A SECURE LOCAL NETWORK - In an embodiment, a control device that is configured to onboard a target device to a secure local network by discovering a set of devices over a bootstrapping interface, establishing a bootstrap connection to at least one device from the set of devices in response to the discovery without authorizing the at least one device to access the secure local network, instructing the at least one device via the bootstrap connection to activate an observable function that is configured to be observable to one or more observation entities that are separate from the control device and are in proximity to the at least one device, determining whether an operator of the control device verifies that the observable function has been successfully detected as performed by the target device and selectively authorizing the at least one device to access the secure local network based on the determination. | 02-04-2016 |
| 20160036821 | Method Of Advertising Using An Electronic Processor Authorization Challenge - A method of advertising using an electronic processor authorization challenge. An advertisement is combined with an authorization key to form an image. An electronic processor disassembles the image and presents the disassembled image to a user by a graphical user interface as an authorization challenge. The authorization challenge can be successfully overcome by a human user reassembling the divided image, then recognizing the authorization key, and then responding to the authorization key. The authorization key is data configured to be inputted into an electronic processor by a human user or data corresponding to a command configured to be performed by a human user. The authorization key can be an advertisement, a feature of an advertisement, a coupon, a CAPTCHA, a Reverse Turing Test, a command, an image, a string of text, a number, a letter, a symbol, a combination of a number, a letter, or a symbol. | 02-04-2016 |
| 20160036822 | METHOD AND APPARATUS FOR SHARING DATA - A relay server includes a storage configured to store first access right information of a first cloud storage service to which a first user is subscribed and second access right information of a second cloud storage service to which a second user is subscribed. The relay server further includes a communication interface configured to request, from the first cloud storage service, first data that is stored in the first cloud storage service, based on the first access right information, and receive the requested first data from the first cloud storage. The relay server further includes a controller configured to control the communication interface to store the received first data in the second cloud storage service, based on the second access right information. | 02-04-2016 |
| 20160036823 | ACCESSING PRIVILEGED OBJECTS IN A SERVER ENVIRONMENT - Accessing privileged objects in a server environment. A privileged object is associated with an application comprising at least one process resource and a corresponding semi-privileged instruction. The association is filed in an entity of an operating system kernel. A central processing unit (CPU) performs an authorization check if the semi-privileged instruction is issued and attempts to access the privileged object. The CPU executes the semi-privileged instruction and grants access to the privileged object if the operating system kernel has issued the semi-privileged instruction; or accesses the entity if a process resource of the application has issued the semi-privileged instruction to determine authorization of the process resource to access the privileged object. Upon positive authorization the CPU executes the semi-privileged instruction and grants access to the privileged object, and upon authorization failure denies execution of the semi-privileged instruction and performs a corresponding authorization check failure handling. | 02-04-2016 |
| 20160036824 | CONTROL AND VERIFICATION OF PERMISSIONS - A verification method includes configuring a reference system, running on a computer, to have the same set of executables and customizations as an e-business system to be verified. The reference system is configured with one or more roles that have permissions to execute all transactions in a scope of a planned verification. One or more business processes that are implemented in the e-business system and are in the scope of the planned verification are mapped and are executed using the reference system. Logs of permission checks conducted in the business processes are saved in a repository. Reference data is created by merging records from the logs of the permission checks with respect to at least one role in the scope of the verification. Permission settings for the at least one role in the e-business system are compared with corresponding permission values in the reference data for the at least one role. Based on comparing the permission settings, an indication is displayed to a user of whether the permission settings match the corresponding permission values. | 02-04-2016 |
| 20160036842 | APPARATUS AND METHOD FOR CHECKING MESSAGE AND USER TERMINAL - A message checking apparatus comprising one or more processors, the message checking apparatus includes: a uniform resource locator(URL) extracting unit to check, when a message is received, whether a URL is included in the message and extract the URL from the message; a communication unit to download an application using the URL; and an authorization/application program interface(API) verifying unit to check whether an authorization or API having a security risk is included in the application to be downloaded through the communication unit and then determine whether the URL is malicious based thereon. | 02-04-2016 |
| 20160036921 | ACCESSING ENTERPRISE COMMUNICATION SYSTEMS FROM EXTERNAL NETWORKS - A computer system implements a plurality of modules, including a tenant administration proxy that receives session credentials from a tenant application in the private communication system and authenticates the tenant application in response to the session credentials, a connector service that receives a bridge setup request from the tenant application and establishes a bridge connection with the tenant application in response to the bridge setup request; and a configuration manager that stores service information regarding a cloud-based service that is accessible through the computer system. The tenant administration proxy retrieves the service information from the configuration manager and provides the service information to the tenant application in response to a request from the tenant application, and wherein the connector service facilitates communication between the cloud-based service and an enterprise service in the private communication system over the bridge connection. | 02-04-2016 |
| 20160037338 | PRIVATE WIRELESS COMMUNICATION NETWORK FOR GUEST USERS - A system and technique to provide a private wireless communication network for guest users includes providing a guest user profile, including at least a defined service set identification and pre-shared key of a home wireless network of the guest user. A next step includes creating a private wireless communication network with a unique identifier. A next step includes broadcasting the defined service set identification of the guest user home wireless network that is in the guest user profile by the private wireless communication network. A next step includes automatically connecting a non-browser-equipped guest user device to the private wireless communication network using the defined service set identification and pre-shared key of the guest user home wireless network, which have been preconfigured on that non-browser-equipped guest user device. | 02-04-2016 |
| 20160044013 | INTELLIGENT SYSTEM FOR ENABLING AUTOMATED SECONDARY AUTHORIZATION FOR SERVICE REQUESTS IN AN AGILE INFORMATION TECHNOLOGY ENVIRONMENT - A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision. | 02-11-2016 |
| 20160044015 | Secure Challenge System for Verifying Access Rights to Media Content - Described is a technique for securely verifying access rights to a media file stored on a user device. By verifying the access rights to the media file, a server may provide access to a licensed version of the media from a media library in a remote location such as server for a cloud-based service. When a media file is confirmed to be available in a media library, a cryptographic a hash function that incorporates a random value or “salt” is used to verify that a user is in possession of an entire media file. Accordingly, the techniques described herein improve the security for verifying that a user is in possession of a media file by preventing the use of pre-calculated hashes. | 02-11-2016 |
| 20160044028 | MESSAGE AUTHENTICATION - The disclosure is related authenticating a digital message exchanged among communication devices. A device may perform, for authenticating a digital message, transmitting an authentication request message to a messaging server when a message is received, receiving an authentication result from the messaging server, and displaying the authentication result with the received message. A server may perform, for authenticating a message, receiving an authentication request message for requesting authentication of a target message from a device that received the target message, performing an authentication procedure in response to the received authentication request message, and transmitting an authentication result message to the device. | 02-11-2016 |
| 20160044035 | Systems and Apparatuses for a Secure Mobile Cloud Framework for Mobile Computing and Communication - Systems and apparatuses for a secure mobile cloud framework (referred to as MobiCloud) for mobile computing and communication are disclosed. Embodiments of MobiCloud transfer each mobile node from a traditional strictly layer-structured communication node into a service node (SN). Each SN may be used as a service provider or a service broker according its capability. Each SN may be incorporated as a virtualized component of the MobiCloud. In some embodiments, MobiCloud mirrors an SN to one or multiple virtual images in the Cloud for addressing communication and computation deficiencies of mobile devices. Virtual images can create a visualized MANET routing and communication layer that can maximally assist the mobile nodes to enable pervasive computing services for each mobile device owner. A secure data processing framework is disclosed for the MobiCloud. | 02-11-2016 |
| 20160044036 | MANAGING PRIVATE AND PUBLIC SERVICE SET UTILIZATION - Methods, systems, and computer readable media may be operable to facilitate the management of connections between one or more client devices and an access point over one or more service sets. An access point may maintain a list of client devices that have successfully associated with a private service set broadcast from the access point, and when a client device from the list attempts to connect to a public service set broadcast from the access point, the access point may deny the client device's attempt to connect to the public service set. Attempts by the client device to join the public service set may be denied for a predetermined number of attempts or a predetermined period of time. Denying an attempt to connect to a public service set may provide a client device with more opportunities to connect to a private service set broadcast from a corresponding access point. | 02-11-2016 |
| 20160044037 | NODE AND A METHOD FOR ENABLING NETWORK ACCESS AUTHORIZATION - The embodiments herein relate to a method in an AAA server ( | 02-11-2016 |
| 20160044040 | Environment-Aware Security Tokens - The technology described in this document can be embodied in a computer implemented method that includes receiving, at a processing device, information about one or more assets associated with a network of devices. The method also includes generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset. The security token can be configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset. The method further includes storing, in a storage device, information about the security token and information linking the security token to the corresponding asset, and initiating integration of the security token with the corresponding asset. | 02-11-2016 |
| 20160044041 | VERIFYING CALLER AUTHORIZATION USING SECRET DATA EMBEDDED IN CODE - In a computer system operable at more than one privilege level, confidential code is securely customized to use secret data to establish a code protection domain without disclosing the secret data to a managing operating system. In operation, a security module executes at a higher privilege level than both the managing operating system and the confidential code. After the managing operating system loads the executable of the confidential code, the security module injects the secret data directly into an authorization instruction and a verification instruction included in the confidential code and then sets both the authorization instruction and the verification instruction as executable-only. As the confidential code executes at the assigned privilege level, the authorization instruction and the verification instruction use the secret data to distinguish between unauthorized and authorized execution of the confidential code. | 02-11-2016 |
| 20160044042 | DIGITAL SOCIAL NETWORK TRUST PROPAGATION - A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications. | 02-11-2016 |
| 20160044087 | USER CONTACT INFORMATION PRIVACY PROTECTION IN COMPUTER NETWORKS - A method and a device are disclosed including software components that are executed on a computing device to enable finding, adding, and sending messages to users within a social network. In various embodiments, a requesting user may request finding, adding, and/or sending messages to one or more other users in a social network, the other users presently being on one or more contact lists associated with the requesting user. The requesting user's contact list may be used to verify that he knows the other users and respond to the requesting user's request based on the requesting user's own contact list, without supplying additional information from the other users. In various embodiments, the requesting user's contact list may be partitioned into two sections, one section including the other users who are also in the social network and the other including the other users who are not in the social network. | 02-11-2016 |
| 20160044511 | DEVICE IDENTIFICATION IN SERVICE AUTHORIZATION - Techniques to authorize access to a service are disclosed. In various embodiments, a token that includes data comprising or otherwise associated with a device identifier of a device on which an application configured to access a service is installed is provided to the application. A service access authorization request that includes the token is received. The token is used to determine device information associated with the service access authorization request. | 02-11-2016 |
| 20160050191 | INTELLIGENT DELIVERY SYSTEM - An access control system includes a plurality of containers. Each container comprises a container identification feature, an interior space, a locking device which can be selectively released to access the interior space, and a security module. The security module comprises an authorization module, and a security key generator which generates a security key. An authorization key supply device comprises a storage device and a communication module which directly or indirectly supplies an authorization key to the authorization module. A remote computer system comprises an authorization key generator. The remote computer system communicates with the authorization key supply device to transmit the authorization key thereto. The authorization module compares the security key with the authorization key and generates a signal to release the locking device if the security key matches the authorization key. | 02-18-2016 |
| 20160050194 | WEB-BASED GOVERNANCE OF MESSAGING SERVICES - A system for messaging application governance including an application server computer configured to provide an application service, an administration module, and a communication module. The application service accesses data indicative of user-specific rules for a user account. The user-specific rules govern usage of a messaging application by a messaging user associated with the user account. The administration module is configured to provide an administration interface. The administration interface is configured to allow an administrator user associated with the user account to specify the user-specific rules for the user account. The communication module is configured to support messaging services between client instances of the messaging application. The communication module is communicatively coupled to the application service to provide the messaging services for the user account in accordance with the user-specific rules. | 02-18-2016 |
| 20160050201 | METHOD FOR AUTHENTICATING USERS AND DEVICES ON A COMPUTING NETWORK - A method for authenticating users and devices on a computing network is disclosed. The method includes authenticating a user and a user's device with a computing network based upon received authentication data from the user's device. A session-associated security code having an end-of-session expiration and a task-associated security code having an end-of-task expiration are required for executing task-based requests over the network. The task-based request required to be transmitted in a predefined protocol. In operation, the computing network receives a computing task request for a user's device as a string having a predetermined sequence commensurate with the predefined protocol. The computing network executes the computing task. The method further includes terminating the task-associated security code upon concluding the executing, generating a second task-associated security code and a second session-associated security code based upon usage metrics. | 02-18-2016 |
| 20160050204 | TECHNIQUES AND SYSTEM FOR EXTENDED AUTHENTICATION - An apparatus may include a memory to store authentication information for authenticating to a device group and a wearable device identifier for an unauthenticated device, a communications interface to transmit a probe signal over a local communication path and receive a reply message to the probe signal, and a device authentication module. The device authentication module may be to monitor the reply message, and schedule transmission of the authentication information over the local communication path when the reply message comprises the device identifier and a proximity indicator that identifies a local origin of the reply message. | 02-18-2016 |
| 20160050205 | PREVENTING UNAUTHORIZED ACCESS TO AN APPLICATION SERVER - A method and platform for preventing unauthorized access to an application server comprises collecting access data associated with an organization, anonymizing the access data, creating identifying keys which allow the anonymized access data to be matched to its associated users, storing the identifying keys at a secure location associated with the organization, transferring the anonymized access data to an access data warehouse, and performing an analysis on the anonymized access data. The access data warehouse can be maintained in a cloud computing environment, and may aggregate anonymized access data from a plurality of organizations. An organization may detect abnormal usage patterns by analyzing its usage data and the anonymized usage data of further organizations, and may use the abnormal usage patterns to predict future events, for example intrusion attempts. An organization can automatically generate protective measures against potential threats associated with abnormal usage patterns. | 02-18-2016 |
| 20160050210 | METHOD AND SYSTEM FOR MAINTAINING PRIVACY IN A MACHINE DIRECTED WORKFLOW FOR THE PURPOSE OF CREATING A SET OF AUTHORIZED USERS - Various of the disclosed embodiments concern methods and systems for maintaining privacy in a machine directed workflow for the purpose of creating a set of authorized users. According to one embodiment, the system maintains privacy by dividing information associated with a user into three privacy tiers. First privacy tier is configured to authorize access to all users. Second and third privacy tiers are configured to limit access to a subset of users. Once the system matches the users and receives authorization from the users, the system creates a set of authorized users, which can freely send messages to each other, and share first, second and third privacy tiers of information with each other. | 02-18-2016 |
| 20160050211 | ACCESS MANAGEMENT USING ELECTRONIC IMAGES - Techniques are described for an access management system to manage access to a service (e.g., a message management service). A client can receive a message including an electronic image from a messaging service. The electronic image can include access information for obtaining access to a message management service. Input is received that indicates interaction with the electronic image in an interface. The client can send, to the access management system, the electronic image to request access to the message management service based on the access information. Authorization is received from the access management system indicating that the account can access the message management service. The client displays an interface to provide access to the message management service. The access to the message management service can be based on the authorization. | 02-18-2016 |
| 20160050217 | System, Method And Authorization Device For Biometric Access Control To Digital Devices - A system and method for authenticating and continuously verifying authorized users of a digital device includes an authentication device attached to an arm or wrist of authorized users. The authentication device has an accelerometer, digital radio, a processor configured to provide identity information over the radio, and to transmit motion data. The motion data is received by the digital device and the identity transmitted is verified as an identity associated with an authorized user. Input at a touchscreen, touchpad, mouse, trackball, or keyboard of the digital device is detected, and correlated with the motion data. Access to the digital device is allowed if the detected input and the detected motion data correlate, and disallowed otherwise. | 02-18-2016 |
| 20160050218 | Anonymous Server Based User Settings Protection - Systems and methods for verifying an application data modification are described herein. In one example, a method includes detecting modified application data in a computing device and determining the modified application data did not originate from an automatic program. The method also includes sending an identifier and the modified application data to a signing server. Furthermore, the method includes receiving encrypted data comprising the identifier and the modified application data from the signing server. Additionally, the method includes storing the encrypted data in the computing device. | 02-18-2016 |
| 20160050560 | METHOD FOR TRANSPORTING LOCATION INFORMATION VIA AN AUTHENTICATION - A method for transporting location information via an authentication. The invention concerns a method for attaching a user terminal to an operator access network, comprising: a step of transmitting a request for attachment to the access network, by the terminal, a step of receiving an authentication request from an authentication server of the operator, a step of generating an authentication response message, a step of obtaining an item of location information, a step of inserting the item of location information into the authentication response message, a step of transmitting the authentication response message. | 02-18-2016 |
| 20160055064 | USER AUTHORIZATION FOR FILE LEVEL RESTORATION FROM IMAGE LEVEL BACKUPS - Embodiments provide systems, methods, and computer program products for enabling user authorization to perform a file level recovery from an image level backup of a virtual machine without the need for access control by an administrator. Specifically, embodiments enable an access control mechanism for controlling access to stored image level backups of a virtual machine. In an embodiment, the virtual machine includes a backup application user interface that can be used to send a restoration request to a backup server. The restoration request can include a machine identifier and a user identifier of the user logged onto the virtual machine. The backup server includes a backup application that determines whether or not the machine identifier contained in the restoration request can be matched to a machine identifier of a virtual machine present in one of the virtual machine backups stored on the backup server. | 02-25-2016 |
| 20160057023 | INTERNET ACCESS AUTHORIZATION AND REGULATION SYSTEMS AND METHODS FOR CONTROLLED ENVIRONMENT OF AN INSTITUTIONAL FACILITY - Access and regulations systems to facilitate safe and secure access of web content by residents of an institutional facility such as a correctional facility includes an administrator workstation to define authorized and prohibited web content, a resident workstation displaying on a predetermined list of web content, and a server receiving and processing the authorized and prohibited web content and requests made by institutional residents. | 02-25-2016 |
| 20160057128 | STRENGTH-BASED PASSWORD EXPIRATION - A password application system receives a credential for a first privilege of a plurality of privileges whereby the first privilege corresponds to a first set of credential requirements and the plurality of privileges have a second privilege that corresponds to a different set of credential requirements. The system determines whether the credential for the first privilege satisfies the first set of credential requirements. If the credential satisfies this set of credential requirements, the system enables the credential to be used for access in accordance with the first privilege. | 02-25-2016 |
| 20160057140 | MULTIDEVICE AUTHENTICATION - Aspects of the invention can log a user into a primary device in a more efficient manner. For example, aspects of the invention may eliminate the need for the user to supply user credentials directly to a primary device. Instead, the companion device recognizes relevant primary devices located proximate to the companion device and automatically initiates a user login to the primary device without user intervention. Aspects of the invention can automatically login a user to known and unknown primary devices. | 02-25-2016 |
| 20160057147 | MODIFYING PERMISSION TREES IN A VIRTUALIZATION ENVIRONMENT - A processing device receives a permission request indicating a user and an entity. The processing device modifies a permissions database to generate a modified database view. Using the modified database view, the processing device determines whether the user has permission to access the entity and returns an indication of whether the user has permission to access the entity. | 02-25-2016 |
| 20160057149 | Device-Based Authentication For Secure Online Access - Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device. | 02-25-2016 |
| 20160057151 | MANAGING USER PERMISSIONS IN RELATION TO SYSTEM EVENTS OCCURRING IN A DATABASE SYSTEM - Disclosed are examples of systems, apparatus, methods and computer program products for managing user permissions in relation to system events occurring in a database system. In some implementations, a server can listen for system events. Based on at least one system event criterion, a system event can be determined to occur. A user can be identified as matching a user criterion. A permission set can be identified as matching a permission criterion. Based on a permission set, a permission may be added, updated, or removed from a user. | 02-25-2016 |
| 20160057152 | Enhanced Security and Safety in Telerobotic Systems - Methods and systems for securing remotely-operable devices are provided. A security device can receive a plurality of commands to control a remotely-operable device in a remote environment. At least one command in the plurality of commands can include command data that is related to the remotely-operable device. The security device can receive a plurality of responses to the plurality of commands. The security device can process the plurality of commands and the plurality of responses to determine a signature related to an operator that issued the plurality of commands for the remotely-operable device. The security device can determine an identity of the operator based on the signature. The security device can generate an identity report that includes the identity of the operator. | 02-25-2016 |
| 20160057153 | SECURE ACCESS TO MOBILE APPLICATIONS - Securing access to one or more applications in an enterprise zone (e.g., a set of protected applications) is disclosed. A last activity time associated with a use of at least one mobile application in the protected subset may be retrieved from a shared storage location associated with a protected subset of two or more protected mobile applications. It may be determined that the last activity time is within a session expiration time period associated with the protected subset. Access to one or more applications in the protected subset may be allowed without credential verification based at least in part on the determination. | 02-25-2016 |
| 20160057626 | USING A WIRELESS BEACON TO PROVIDE ACCESS CREDENTIALS TO A SECURE NETWORK - There are provided systems and methods for using a wireless beacon to provide access credentials to a secure network. A network access device, such as a WiFi router, may provide a secure wireless network requiring access credentials to access the network. For example, the network may be password protected to prevent unauthorized used. Additionally, the network may have various levels of use, such as access depending on a security clearance for a user or data transfer and usage rates. Each of the various levels of use may require a separate access credential. A wireless beacon may be configured to connect to user devices that are near or within an area covered by the network. The connection between a user device and the beacon may be utilized to determine the proper access credential for the user device and push the access credential to the user device. | 02-25-2016 |
| 20160063277 | METHOD, APPARATUS, AND MEDIA FOR CREATING SOCIAL MEDIA CHANNELS - A method, apparatus, and computer-readable media for creating a private social network (PSN). Channels in the PSN can be created based on connections in existing social networks and based on other interactions between the users. Channels can be dynamically managed based on various interactions and attributes. Channels of the PSN are defined by a data structure indicating the users and relationships therebetween. The data structure can be manipulated to change the attributes of the channels. A user interface can be provided to facilitate aggregation of existing channels. | 03-03-2016 |
| 20160065431 | VERIFICATION OF CONFIGURATION USING AN ENCODED VISUAL REPRESENTATION - Aspects of the present disclosure relate to a method, system, and computer program product for verifying a parameter on a computing node. The method can include accessing a first dynamically generated encoded visual representation from a computing node. The method can also include identifying one or more parameters of the computing node from the first dynamically generated encoded visual representation. The method can also include determining whether the computing node has a first parameter from the one or more parameters. The method can also include displaying the first parameter in response to the computing node having the first parameter. | 03-03-2016 |
| 20160065560 | REDIRECTION METHOD FOR ELECTRONIC CONTENT - Electronic content, for example, a web page, is configured for display by a web browser application to include content that is not included in or referenced by the web page. The web page includes a first locator for first content. A second locator for second content is associated with the first locator in a database or other memory structure. In response to a request for the web page, the second locator is obtained. Access to the second locator may be secured. The second locator may be swapped with the first locator to cause the web browser application to obtain the second content instead of the first content. In the alternative, the second content may be obtained and provided to the web browser instead of, or in addition to, the first content. | 03-03-2016 |
| 20160065561 | Local, Paperless Document Sharing, Editing, and Marking System - Embodiments are directed to a local, paperless document sharing, editing, and marking system which allows users connected to a local network to share, view, edit, mark, and save documents without needing to download them from an internet-based cloud server. A router is used to create a secure, local network to which all participants connect. A user selects documents from a drive connected to the router and shares those documents with other attendees, allowing the attendees to edit, save, and share the documents, mark the documents as exhibits to a legal proceeding, save the documents to a drive, and/or email the documents. | 03-03-2016 |
| 20160065568 | Just In Time Polymorphic Authentication - Methods, systems, apparatuses, and computer-readable media for utilizing just-in-time polymorphic authentication techniques to secure information are presented. In one or more embodiments, a computing platform may receive, from a computing device, a request to access a user account. In response to receiving the request to access the user account, the computing platform may dynamically select, based on one or more polymorphic authentication factors, an authentication method for authenticating a user of the computing device, and the authentication method may be selected from a plurality of predefined authentication methods. Subsequently, the computing platform may generate one or more authentication prompts based on the selected authentication method. The computing platform then may provide the one or more authentication prompts to the user of the computing device. The authentication prompts that are selected for and presented to a particular user during a given access attempt may vary across different attempts. | 03-03-2016 |
| 20160065578 | Method and System for Controlling Access to Shared Devices - A non-transitory computer readable medium includes computer readable program code including instructions for snooping a message from a client device addressed to a particular IP address corresponding to a shared device; determining whether the client device has authorization to access the shared device; responsive to determining that the client device does not have authorization to access the shared device, refraining from forwarding the message to the particular IP address; and responsive to determining that the client device has authorization to access the shared device, forwarding the message to the particular IP address. | 03-03-2016 |
| 20160065579 | METHOD AND SYSTEM FOR INTEROPERABLE IDENTITY AND INTEROPERABLE CREDENTIALS - The present teaching relates to identity management. In one example, a trusted connector is instantiated in the enterprise system behind a security. The trusted connector is configured to communicate with the private resource via a communication protocol. Upon being triggered by the external system, a secure communication channel is established between the external system and the trusted connector. A request is received from the external source at the trusted connector through the secure communication channel. The request is interpreted for communicating with the private resource. The interpreted request is sent to the private resource. A response is received from the private resource. The response from the private resource is interpreted for communicating with the external system. The interpreted response is sent to the external system through the secure communication channel. | 03-03-2016 |
| 20160065581 | METHOD AND SYSTEM FOR EXCHANGING INFORMATION - Exchanging information includes receiving an authorization request provided by a data request terminal, generating an authorization information updating instruction based on the authorization request, updating, based on the authorization information updating instruction, authorization information of the data request terminal that is stored on the request processing server, the authorization information indicating that the data request terminal has authorization request processing authority, and causing the data request terminal to acquire a data request result corresponding to data request information. | 03-03-2016 |
| 20160065582 | METHOD AND APPARATUS FOR PROVIDING A HIGH SECURITY MODE IN A NETWORK - Systems and methods systems and methods for efficiently and securely forming a communication network. As a non-limiting example, various aspects of the present disclosure provide systems and methods, for example utilizing a plurality of different security modes, for forming a premises-based network (e.g., a MoCA network). | 03-03-2016 |
| 20160065583 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING COMMUNICATIONS SERVICES - An aspect of providing communications services to Internet Protocol-enabled devices includes storing, in an account of the subscriber, a globally unique identifier for each of a plurality of the devices associated with the subscriber. For each of the devices, the globally unique identifier is appended to a network address of the subscriber in the account, where each of the devices is uniquely addressable via the appended globally unique identifier and network address. An aspect also includes provisioning a subscriber-selected communications service for the account, and assigning to the account subscriber-selected permissions for defining access to features of the communications service for individuals specified in the account with respect to a corresponding device. The permissions are assigned based on a combined user identifier and corresponding globally unique identifier. An aspect further includes providing the communications service to the individuals associated with the account subject to the permissions. | 03-03-2016 |
| 20160065584 | PROTECTING DELIVERED WEB DISTRIBUTED CONTENT FROM UNAUTHORIZED MODIFICATIONS - A method of delivering web distributed content is disclosed. A set of web distributed content is received by a proxy server. The set of web distributed content is divided by the proxy server into a plurality of portions. Additional security code is added to the plurality of portions to form a modified set of web distributed content. The additional security code detects unauthorized modification of the modified set of web distributed content, wherein at least a portion of the modified set of web distributed content is different for different intended users of the set of web distributed content. The modified set of web distributed content is delivered by the proxy server to an intended user. | 03-03-2016 |
| 20160065585 | TEMPORARY AUTHORIZATIONS TO ACCESS A COMPUTING SYSTEM BASED ON USER SKILLS - Controlling access to a computing system. An escalation request is received for performing a protected activity on the computing system by a user not authorized to perform the protected activity. At least one activity indicator being indicative of a skill required to perform the protected activity is retrieved. At least one user indicator being indicative of the skill possessed by the user is retrieved. An indication of a capability of the user to perform the protected activity according to a comparison between the at least one activity indicator and the at least one user indicator is determined. A temporary authorization for performing the protected activity to the user according to the capability thereof is granted or denied. The temporary authorization lasts for a limited time window. | 03-03-2016 |
| 20160065589 | SYSTEMS AND METHODS FOR SECURELY PROVISIONING THE GEOGRAPHIC LOCATION OF PHYSICAL INFRASTRUCTURE ELEMENTS IN CLOUD COMPUTING ENVIRONMENTS - Systems and methods relating to improved security in cloud computing environments are disclosed. According to one illustrative implementation, a method for provisioning physical geographic location of a physical infrastructure device associated with a hypervisor host is provided. Further, the method may include performing processing to obtain initial geo location data of the device, determining verified geo location data of the device by performing validation, via an attestation service component, of the initial geo location data to provide verified geo location data, and writing the verified geo location data into HSM or TPM space of the hypervisor host. | 03-03-2016 |
| 20160065654 | VERIFICATION OF CONFIGURATION USING AN ENCODED VISUAL REPRESENTATION - Aspects of the present disclosure relate to a method, system, and computer program product for verifying a parameter on a computing node. The method can include accessing a first dynamically generated encoded visual representation from a computing node. The method can also include identifying one or more parameters of the computing node from the first dynamically generated encoded visual representation. The method can also include determining whether the computing node has a first parameter from the one or more parameters. The method can also include displaying the first parameter in response to the computing node having the first parameter. | 03-03-2016 |
| 20160066185 | SPATIALLY AWARE COMMUNICATIONS USING RADIO FREQUENCY (RF) COMMUNICATIONS STANDARDS - Technology is described for proximity based communications. A proximity boundary can be defined with dimensions defined, in part, by a communication range of one of a first Short Range Communication (SRC) device and a second SRC device. A security permission can be provided to enable selected data to be communicated from one or more of the first SRC device or the second SRC device. The selected data can be communicated from one or more of the first SRC device or the second SRC device using a radio frequency (RF) communication standard. An RF link can be established between the first SRC device and the second SRC device to enable selected data communications to continue between the first SRC device and the second SRC device even after one or more of the first SRC device or the second SRC device exits the proximity boundary. | 03-03-2016 |
| 20160066188 | EHF Secure Communication Device - A communication device employs a contactless secure communication interface to transmit and receive data with a computing device using close proximity extremely high frequency (EHF) communication. The communication device and the computing device periodically initiate a discovery operation mode, whereby the devices periodically transmit identifying information about the respective devices and listen for identifying information from the other device. Upon completion of the discovery mode operation, the devices enter a link-training operation mode and exchange capability information about the respective devices. During transport mode operation the communication device employs methods to manage access to data stored on the communication device by encrypting the data using one or a combination of training information or capability information as a basis for generating an encryption key. | 03-03-2016 |
| 20160071142 | EXPORTER - A method, apparatus, and computer program product are disclosed for self-service design, scheduling, and delivery of user-defined reports regarding promotions. The method includes receiving, from a user device, a report type and report delivery information. Based on the report type, relevant data regarding the one or more promotions is collected, using which a report is generated. The method then outputs the generated report based on the report delivery information. Optionally, analytical insights, such as trends within the data, sample size, suitability of control data, and indications of statistical significance, are generated and included in the report. A corresponding apparatus and computer program product are also provided. | 03-10-2016 |
| 20160072781 | SUPPORTING DIFFERENTIATED SECURE COMMUNICATIONS AMONG HETEROGENEOUS ELECTRONIC DEVICES - A gateway apparatus supports differentiated secure communications among heterogeneous electronic devices. A communication port communicates via communication networks of different types with two or more associated devices having diverse secure communication capabilities. The gateway logic selectively authenticates the associated devices for group membership into a Secure Communication Group (SCG), and selectively communicates Secure Communication Group Keys (SCGKs) to the devices having the diverse secure communication capabilities for selectively generating session keys locally by the associated devices for mutual secure communication in accordance with the group membership of the associated devices in the SCG. | 03-10-2016 |
| 20160072784 | Client, server, radius capability negotiation method and system between client and server - Disclosed are a client, a server, an RADIUS capability negotiation method and system, and the method includes: a client transmits to a server a first message carrying RADIUS capability parameters of the client; the server captures the RADIUS capability parameters in the first message, matches the RADIUS capability parameters in the first message with RADIUS capability parameters of the server to obtain a matching result, and transmits the matching result to the client through a second message; and the client determines whether to establish effective communication with the server according to the matching result in the second message. By means of the technical solutions of the disclosure, it is possible to extend the RADIUS protocol, and to solve the problem existing in the current RADIUS protocol that both sides in communication cannot perform RADIUS capability negotiation. | 03-10-2016 |
| 20160072786 | METHOD AND SYSTEM FOR ENABLING DATA USAGE ACCOUNTING THROUGH A RELAY - A method and system for enabling data usage accounting is described herein. The method can be practiced on a computing device that has secure applications and unsecure applications installed thereon. Initially, a request for a data session that includes a final endpoint can be received through a secure application. The request for the data session can be intercepted and modified to cause the request to be re-directed back to the secure application. A connection with a relay server can be initiated instead of the final endpoint such that data usage accounting for the data session is to be conducted at a remote location. | 03-10-2016 |
| 20160072790 | APPLICATION PROGRAM AS KEY FOR AUTHORIZING ACCESS TO RESOURCES - In a networked environment, a client side application executed on a client device may transmit a request to an authorization service for access to a resource. The authorization service may authenticate the user of client device and/or the client device based on user credentials and/or a device identifier. In response to authenticating the user and/or the client device, the authorization service may send to the client side application a request for confirmation that the client device complies with a distribution rule associated with the resource, where the distribution rule requires a specific application or specific type of application to be installed, enabled and/or executing on the client device as a prerequisite to accessing the resource. If the client device complies with the distribution rule, the client side application accesses the resource. Accessing the resource may include receiving an authorization credential required for access to the resource. | 03-10-2016 |
| 20160072794 | CLIENT AUTHENTICATION - A client authentication system receives authentication requests associated with a web page in response to a client computing system requesting access to the web page. The authentication system determines whether a storage device contains configurations for the authentication requests. The authentication system configures client authentication for the client authentication requests in view of whether the storage device includes the configurations for the authentication requests. The GUI allows control to change the client authentication configuration for at least one of the authentication requests. | 03-10-2016 |
| 20160072804 | SYSTEM AND METHOD TO SHARE A RESOURCE OR A CAPABILITY OF A DEVICE - A method includes transmitting, from a first device, a message indicating that the first device is available to share a resource. The method includes receiving, at the first device, a request to use the resource. The request is received from a second device and includes authentication information. The method includes, based on a determination that the second device is unknown to the first device, determining whether the second device is authenticated based on the authentication information. The method also includes, based on determining that the second device is authenticated, sharing the resource of the first device with the second device. | 03-10-2016 |
| 20160072819 | DETERMINATION METHOD FOR IDENTIFYING USER AUTHORITY BASED ON FINGERPRINTS IN A MOBILE TERMINAL AND SYSTEM EMPLOYING THE SAME - A determination method for identifying the user authority based on the fingerprints in a mobile terminal and a system employing the same are described. The method comprises the steps of collecting a user fingerprint to match the user fingerprint with fingerprint data pre-stored in a database; and acquiring user authority information correlated with the fingerprint data which is matched with the user fingerprint for providing a plurality of user authorities corresponding to the user fingerprint. The present invention employs the fingerprint identification to acquire the user authorities in order to reduce the improper operations, which increases the stability, is easier to be realized and decrease the cost. | 03-10-2016 |
| 20160072820 | Methods and Systems for Connecting Physical Objects to Digital Communications - Disclosed is a system which uses a unique code, for example a QR code, on a physical product. The code is conveniently readable, for example by a smartphone or tablet, and connects the reader to a specific network address. Dynamically variable content is provided at the network address, which may be provided by the product vendor or manufacturer, by the purchaser, or by other parties. The content may vary depending upon which party is accessing the code. | 03-10-2016 |
| 20160072821 | SYSTEM AND METHOD FOR CONTROLLING MUTUAL ACCESS OF SMART DEVICES - The present invention discloses a system and method for controlling mutual access of smart devices. The method includes creating a home account on a cloud server, and adding smart devices and device information corresponding to the smart devices to a device list under the home account; acquiring, for each of the smart devices, authentication by using the home account and device information corresponding to the smart device; and establishing, for each of the smart devices, a Transmission Control Protocol (TCP) long connection to the cloud server. In the present invention, a unique home account is created on a cloud server, so that smart devices log in to the cloud server by using the unified home account, and the smart devices under the unified home account allow mutual access when being authorized. Therefore, when smart devices in a home access each other, the workload is greatly reduced. Moreover, a permission management module is established on the cloud server, which limits permissions of sending messages between smart devices under a same home account or different home accounts, thereby improving the reliability and security of mutual access of the smart devices. | 03-10-2016 |
| 20160072822 | INFORMATION PROCESSING APPARATUS, ACCESS CONTROL METHOD, AND COMMUNICATION SYSTEM - An information processing apparatus includes one or more processors, the processor including a reception unit configured to receive an access request transmitted from a terminal and addressed to a resource accessing of which is managed; an authority judgment unit configured to determine whether the access request has authority to access the resource based on an access token included in the access request and used to access the resource; and an access processing unit configured to permit the accessing of the resource when the authority judgment unit determines that the access request has the authority to access the resource, wherein the authority judgment unit determines whether the access request has the authority to access the resource based on a source apparatus having issued the access token and being included in the access token. | 03-10-2016 |
| 20160072826 | SIGNED RESPONSE TO AN ABUSIVE EMAIL ACCOUNT OWNER AND PROVIDER SYSTEMS AND METHODS - Systems and methods for abusive email account detection and transmission of a signed response to an abusive email account owner and provider. The methods include receiving an email from a first email account on a second email account, wherein the email contains malicious content, determining if a trust relationship exists between a first email server corresponding to the first email account and a second email server corresponding to the second email account, and transmitting, using a hardware processor of the second email server, an alert email to the first email account corresponding to the trust relationship, wherein the alert email includes a digital signature and a secure field having an abusive category descriptor in an email header. The secure field may include an abusive category descriptor, for example transmitting spam, transmitting malware, transmitting phishing attempts, and committing fraud. | 03-10-2016 |
| 20160073263 | CLIENT, COMPUTING PLATFORM, AND METHODS FOR CONDUCTING SECURE TRANSACTIONS - The present invention is generally related to client and computing platforms that may be used for conducting secure transactions. | 03-10-2016 |
| 20160078214 | USER DEVICE SECURITY MANAGER - Techniques for authentication and authorization of a user, an application, or a user device for access to web resources are described. For example, a machine identifies an access request to access a remote resource associated with a web service. The access request may be received from an application executing at a user device. The machine retrieves at least one user artifact from a security manager identifier received from the web service. The machine performs fingerprinting of the user device based on the at least one user artifact. The machine transmits the access request to the web service based on the performing of the fingerprinting of the user device. The machine, in response to the transmitting of the access request to the web service, receives a resource access authorization from the web service for the application executing at the user device. | 03-17-2016 |
| 20160080320 | Trusted Execution Environment Extensible Computing Device Interface - Constructs to define a Trusted Execution Environment Driver that can implement a standard communication interface in a first environment for discovering and/or exchanging messages with secure applications/services executed in a Trusted Execution Environment (TrEE). The first environment can represent an environment with a different security policy from the TrEE. The TrEE driver can include a standard interface and/or mechanism by which applications/services and drivers within a first environment can access secure applications/services in the TrEE, a standard interface and/or mechanism by which third-party vendors can expose their TrEE applications/services to a first environment, a standard interface and/or mechanism by which a TrEE can request applications/services, on its own behalf, from the first environment, and a standard interface and/or mechanism to facilitate the management of secure application/services and/or provide I/O prioritization and security protection for individual secure applications/services. | 03-17-2016 |
| 20160080343 | METHOD, APPARATUS, AND SYSTEM FOR MOBILE PROVISIONING OF NFC CREDENTIALS - A mobile provisioning system, method, and apparatus are provided. The mobile provisioning method is disclosed to enable a first mobile device to provision or write one or more guest identification objects to a second mobile device. The guest identification objects may be written only if the first mobile device has the appropriate permissions and may further be limited in their use as compared to non-guest identification objects. | 03-17-2016 |
| 20160080344 | ASSEMBLY MANAGER - An assembly management system allows a software service provider (SSP) to compile and upload client-specific client application code into a repository. The SSP deploys a client application comprising non-client-specific code to various clients. When a user logs in, a call is made to a web service, which queries the repository for code specific to the requesting client. If available, the web service sends a response with the name and version of the assembly to which the client is subscribed. If the locally-saved version does not match the version of the assembly in the repository, and if the SSP has permission to write to the client's disk, the web service retrieves the assembly and commits it to the disk. If the SSP does not have permission, the assembly is streamed to the client device and retained and executed in memory for the duration of the login. | 03-17-2016 |
| 20160080348 | TWO-FACTOR AUTHENTICATION SYSTEMS AND METHODS - Systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device), eliminating the need to manually provide a response to future permission requests. Information necessary to determine whether the automation criterion is met is stored locally on the mobile device. | 03-17-2016 |
| 20160080350 | SYSTEM AND METHOD FOR PROVIDING A VIRTUAL PEER-TO-PEER ENVIRONMENT - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables the creation of a virtual endpoint that may operate within a peer-to-peer network to represent a device that is unable to operate as an endpoint. | 03-17-2016 |
| 20160080365 | MEDICAL DEVICE WIRELESS ADAPTER - The invention relates generally to a medical device wireless adapter, and more particularly, to a module that adapts an existing legacy or newly designed medical device to a healthcare provider's wireless infrastructure. | 03-17-2016 |
| 20160080374 | OUTPUT SYSTEM, OUTPUT METHOD, OUTPUT DATA STORAGE APPARATUS, AND OUTPUT DATA RELAY APPARATUS - An output system includes a first system that performs authentication using user information including first authentication information and outputs from an output apparatus output data specified using the first authentication information, and a second system that provides the output data to the first system. The second system includes a storage unit that stores output data in association with pre-authentication information, a unit that provides the pre-authentication information to the first system, and a unit that provides the output data to the first system. The first system includes a storage unit that stores the first authentication information, an authentication unit that performs authentication with respect to the pre-authentication information provided by the second system, a cooperation unit that specifies the output data associated with the pre-authentication information that has been successfully authenticated, and a storage unit that stores the specified output data in association with the first authentication information. | 03-17-2016 |
| 20160080388 | MANAGING SECURITY RESTRICTIONS ON A RESOURCE IN A DEFINED ENVIRONMENT - Approaches described herein manage security restrictions on a resource in a defined environment to provide authorization and access. Specifically, a security system maintains a security restriction on the resource (e.g., an information technology (IT) account of a user, or an apparatus) in a defined environment. The presence of a plurality of users is continuously monitored throughout the defined environment and, based on a detection of a pre-specified set of users from the plurality of users in the defined environment, the security restriction is managed (e.g., removed or maintained). In one embodiment, the system removes the security restriction from the resource to allow at least one of: access to the IT account of the user, and operation of the apparatus. The security restriction on the resource may be reinstated in the case that the pre-specified set of users from the plurality of users is no longer present in the defined environment. | 03-17-2016 |
| 20160080389 | Using Connections Between Users In A Social Networking System To Regulate Operation Of A Machine Associated With A Social Networking System User - A social networking system includes information identifying a machine (e.g., a robot, a drone, a computer, a thermostat, etc.) and a connection between the machine and an owner of the machine, which is a user of the social networking system capable of authorizing an action by the machine. The owner of the machine associates permissions associated with various actions by the machine, where a permission associated with an action identifies one or more criteria for performing the action. Permissions may specify types of connections between social networking system users and the owner of the machine via the social networking system to allow social networking system users with specific types of connections to the owner of the machine to perform certain actions using the machine. | 03-17-2016 |
| 20160080390 | METHOD AND APPARATUS FOR NETWORK CONTROLLED TICKET ACCESS - The system provides a method and apparatus for providing controlled access to events, premises, transportation, and the like. In one embodiment, the system provides a ticket that is tied to a user and/or a device. The ticket in one embodiment comprises a dynamic link whose privileges and permissions can be controlled by a system controller so that use, re-use, and re-sale of the ticket can be controlled by the issuer and not by a purchaser or user. The system in one embodiment uses a reader/scanner associated with a controlled entrance that can receive tickets via scanning or some other form of electronic communication. In one embodiment, the system uses radio signals, such as Wi-Fi, Bluetooth, NFC (Near Field Communication) from a mobile device to determine if access should be granted. | 03-17-2016 |
| 20160080391 | SYSTEM FOR MONITORING ACCESS TO NETWORK WITHIN SECURED SITE - A controller is provided which monitors/manages information terminals' access to a network within a secured site. A controller of the present invention includes: a storage device for storing security information about at least one or more information terminals received from the information terminals before accessing a network; and a processor for determining whether to permit access of an information terminal to the network based on the security information read from the storage device and access permission criteria on the security information, and generating a control signal for permitting or blocking the access of the information terminal to the network according to the determination result. | 03-17-2016 |
| 20160080521 | PROFILE MANAGEMENT METHOD - Most computer operating systems are able to automatically configure the coupled computer peripheral device for use with the computer operating system without the need for installation of a specific driver. However, when these peripheral devices are detected by the computing system, a generic UI control configuration is often assigned to them and whatever customised settings previously configured by the user will be lost and replaced with a new set of unfamiliar setting. This poses much inconvenience and hassle to gamers when they use a different computing system or machine. Described according to an embodiment of the invention is a profile management method, operating on a computing cloud, comprising steps for receiving client data provided by a computing system detecting coupling of a user-interface (UI) thereto and for retrieving configuration data corresponding to the client data for use in configuring the UI by the computing system. | 03-17-2016 |
| 20160087942 | VPN ACCESS CONTROL SYSTEM, OPERATING METHOD THEREOF, PROGRAM, VPN ROUTER, AND SERVER - To provide a VPN access control system, an operating method thereof, a non-transitory computer-readable recording medium having a program recorded thereon, a VPN router, and a server capable of reducing the effort of work of an administrator and quickly permitting remote access. A VPN access control system includes a VPN router and an image server. The VPN router executes a router authentication process based on router authentication information, and the image server executes a server authentication process based on server authentication information. The image server receives an access right granting request from a portable terminal of a registered user to which the access right has been granted and executes a first user registration process. The VPN router executes a second user registration process based on a command from the image server, and transmits an authentication information notification to a user who is an access right granting target. | 03-24-2016 |
| 20160087964 | CREDENTIAL MANAGEMENT - A credential management system is described that provides a way to disable and/or rotate credentials, such as when a credential is suspected to have been compromised, while minimizing potential impact to various systems that may depend on such credentials. The credentials may be disabled temporarily at first and the availability of various resources is monitored for changes. If no significant drop of availability in the resources has occurred, the credential may be disabled for a longer period of time. In this manner, the credentials may be disabled and re-enabled for increasingly longer time intervals until it is determined with sufficient confidence/certainty that disabling the credential will not adversely impact critical systems, at which point the credential can be rotated and/or permanently disabled. This process also enables the system to determine which systems are affected by a credential in cases where such information is not known. | 03-24-2016 |
| 20160087966 | Systems and Methods of Using a Temporary Private Key Between Two Devices - A method executes at an authentication server. The method receives a request from a shared user device. The request seeks access to personal information that is associated with a user and stored at a resource server. The method receives access authentication information from a personal user device and creates an access token that grants access privileges to the personal information associated with the user. The method provides the access token to the shared user device. The method receives from the personal user device a command to revoke access privileges associated with the access token. When the method receives a validation request from the resource server, including the access token, the method determines that access privileges associated with the access token have been revoked. The method then notifies the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device. | 03-24-2016 |
| 20160087980 | SYSTEM AND METHOD FOR LIMITING LINKAGE BETWEEN DEVICES USING COMPARISON BETWEEN SERVICE IDENTIFIERS - A method for limiting linkage between devices may limit linkage between items that do not coincide with each other among items of service identifiers of a first device and a second device by comparing the service identifier of the first device and the service identifier of applications of the second device to each other is provided. The method includes receiving, by a second device, a service identifier transmitted by a first device, comparing, by the second device, the service identifier received from the first device to a service identifier of the second device and requesting, by the second device, to the first device to transmit information determined to be the same item. The method also includes receiving, by the second device, the requested information from the first device, including the item allowing the information provision. Further, the method includes configuring, by the second device, a screen using the requested information and transmitting, by the second device, the configured screen to the first device. | 03-24-2016 |
| 20160087984 | METHOD AND APPARATUS FOR PRESENCE BASED RESOURCE MANAGEMENT - Methods and apparatus provide resource authorization based on a computer's presence information. Presence information may include information relating to a computer's operating environment. In some implementations, a presence detector on a computer determines presence information and provides the information to a resource manager. The computer may then generate a resource access request. A resource manager may then determine whether the resource request is authorized based, at least in part, on the presence information. The resource manager then responds to the resource access request, either granting or denying the request for resources. | 03-24-2016 |
| 20160087987 | SYSTEMS AND METHODS FOR CONTROLLING NETWORK ACCESS - A computing device obtains a request from a user device to access a network beacon. The computing device obtains a device profile for the user device. The computing device determines whether the user device satisfies an authorization rule based on the state of the user device as indicated by the device profile. The computing device authorizes the user device to access the network beacon responsive to determining that the user device satisfies the authorization rule. | 03-24-2016 |
| 20160087989 | Assignment of Security Contexts to Define Access Permissions for File System Objects - A system and method are provided for restricting various operations in a file system based on security contexts. An object security context including permissible roles and defining a set of access permissions associated with each of the permissible roles is assigned to a file system object. A user security context is assigned to a user based on authentication information from the user, and the user security context identifies a user role for the user. An executable security context is assigned to an executable program. When the user has launched the executable program, a process is created and assigned the user security context and the executable security context. Responsive to the process attempting to access the file system object, at least one of the user security context and executable security context is verified against the object security context to determine if the attempted access should be allowed. | 03-24-2016 |
| 20160087991 | LOGIN TO A COMPUTING DEVICE BASED ON FACIAL RECOGNITION - An image of a second user is captured by a camera of a computing device currently providing access to a first set of resources to a first user. In response to identifying an account of the first user, a prompt is provided at the computing device to confirm authorization of the second user. On receiving a valid response to the prompt, the second user is provided access to a second set of resources provided by the computing device. | 03-24-2016 |
| 20160087996 | CLOUD COMPUTING SECURE DATA STORAGE - Technologies to provide a secure data storage service in a cloud computing environment are generally disclosed. In some examples, a method comprises: partitioning a data resource into data particles, assigning logic groups to the data particles, assigning physical storage groups to the data particles, and/or storing each physical storage group at corresponding storage resource, receiving a request for the data resource, determining whether the request for the data resource is valid, and if the request is valid, transmitting the data particles of the data resource to the client. The method enables improved security for accessing data, and also improves the user experience in cloud computing environments. | 03-24-2016 |
| 20160092668 | METHODS AND DEVICES FOR AUTHORIZING OPERATION - A system for authorizing an operation is provided. The system may acquire motion data collected by a wearable device. A mobile terminal may determine whether the motion data matches with a physical motion for verification. If the motion data matches with the physical motion for verification, the mobile terminal may be authorized to perform a predetermined operation corresponding to the physical motion for verification. Thus, a user's identity may be verified based on the wearable device that collects motion data. | 03-31-2016 |
| 20160094502 | SERVICE COMPATIBILITY CHECK FOR MESSAGES - Systems, apparatuses, and methods are provided that can reduce problems associated with updates of various applications on various devices, including addition of new services for communicating with another device. A compatibility version (e.g., a minimum compatibility) for a first communication service on a first device can be checked against a compatibility version for communication service on a second device. A comparison of the compatibility versions can determine whether a message can be sent using the first communication service to the second device. | 03-31-2016 |
| 20160094532 | METHOD AND SYSTEM FOR COMMUNICATION CONTROL - The present disclosure relates to a method for communication control, comprising: receiving, from a second user, a request for communicating with a first user, the request including a first identification specific to the first user, the first identification being different from an account used by the first user in the communication; determining, based on a communication mapping associated with the first user, whether the second user is allowed to communicate with the first user using the first identification, the communication mapping indicating authorized users allowed to communicate with the first user and respective identifications allowed to be used by the authorized users; and obtaining, in response to determining that the second user is allowed to communicate with the first user using the first identification, the account used by the first user in the communication to initiate the communication with the first user. | 03-31-2016 |
| 20160094534 | SERVICE PROVIDING APPARATUS, STORAGE MEDIUM AND SERVICE PROVIDING METHOD - A service providing apparatus configured to acquire a resource request from a terminal apparatus, specify destination information, which is associated with authentication information stored in a storage and coinciding with authentication information included in the acquired resource request, from the storage, determine whether domain information included in the acquired resource request and the specified destination information coincide with each other, and transmit a first response including information indicating that authentication is required and the domain information to the terminal apparatus when the domain information and the destination information coincide with each other, and transmit a second response not including the domain information to the terminal apparatus when the domain information and the destination information do not coincide with each other. | 03-31-2016 |
| 20160094536 | SYSTEM AND METHOD FOR PORTABLE SOCIAL DATA IN A WEBPUBLISHING APPLICATION - A system and method is described for managing permissions for a system that organizes shared electronic media using a card/deck/project schema. A permissions manager allows a user to share a card, deck or project with another user and further provides the option of requiring the receiving user to log in to access the shared media using the receiving user's system password. Advantageously, the receiving user does not need to remember another password, but merely enters his/her system user ID and system password to access the shared media. The sharing user can turn off all permissions to a single user with a single action. | 03-31-2016 |
| 20160094554 | Teleconference System and Storage Medium Storing Program for Teleconference - In a teleconference system, it is determined whether address information of a terminal apparatus operated by a conference participant is included in a particular range. When the address information of the terminal apparatus is within the particular range, first authentication information corresponding to the conference participant is transmitted from a first communicator of the security server to an authentication server. The first authentication information is acquired from the terminal apparatus through the first communicator. The authentication server authenticates usage of a function through a network corresponding to the particular range. When the address information of the terminal apparatus is outside the particular range, second authentication information corresponding to the conference participant is transmitted from the first communicator to the conference management server. The second authentication information is acquired from the terminal apparatus through the first communicator. The conference management server authenticates connection to a conference server that controls the teleconference. | 03-31-2016 |
| 20160094559 | Auto Configuration For Auto-Enrolled Access Controller Systems - Disclosed is a system for a facility supporting an access controller, at least one ingress card reader and an auto-enrollment type controller including a front panel having a single button, a controller board, a terminal block for connecting at least the one ingress card reader to the auto-enrollment type controller board and to connect the auto-enrollment type controller to door locks, and a mounting plate, with the auto-enrollment type controller being configured by a user according to operational requirements of the facility by the user asserting the button for a defined period of time. | 03-31-2016 |
| 20160094563 | SELECTIVELY PERMITTING OR DENYING USAGE OF WEARABLE DEVICE SERVICES - Selectively permitting or denying usage of a service available on a device is provided. Usage restrictions on usage of services available on the device are maintained, the usage restrictions including customizable restrictions on usage of the services available on the device. A usage restriction for a service indicates usage parameter(s) of the device under which the service is usable or is unusable to users of the device. Based on detecting an event associated with the device, current usage parameter(s) of the device are identified and compared to usage parameter(s) indicated by a usage restriction to determine whether the service is to be usable or unusable. Usage of the service by a user of the device is then permitted or denied based the comparison. | 03-31-2016 |
| 20160094992 | System and Method for Rapid Authentication in Wireless Communications - Various methods and communications devices to improve association and handoff performance of a wireless network are provided. By way of example, a modified state machine that permits reduced security requirements for authentication in order to achieve fast authentication is employed. The modified state machine providing fast authentication remains compatible with the classic state machine implementing the wireless fidelity (WiFi) standard. | 03-31-2016 |
| 20160098548 | SETTING AN AUTHORIZATION LEVEL AT ENROLLMENT - Systems, methods, and other embodiments associated with setting an authorization level at enrollment. According to one embodiment, a method includes a accessing an interface on a device. Initiation information for a user of the device is provided to an authorizer. The authorizer is associated with a class. Verification data is received from the authorizer. An enrollment token is then generated based on the verification data. The enrollment token includes an authorization level that defines security parameters for the device. | 04-07-2016 |
| 20160099928 | SYSTEMS AND METHODS FOR MANAGING CONNECTIONS FOR UNIVERSAL PLUG-AND-PLAY DEVICES - Systems and methods of managing network connections are disclosed. The method includes receiving a communication from a media device that requests permission to allow a connection between the media device and a client device, processing the communication by querying at least one database with the identifying information for the client device, if a unique identifier for the client device is received from the database, comparing the unique identifier for the client device with a unique identifier for the media device, in the event that the unique identifier for the client device matches the unique identifier for the media device, returning a result to the media device that allows the connection between the media device and the client device, and in the event that the unique identifier for the client device does not match the unique identifier for the media device, returning a result to the media device that does not allow the connection between the media device and the client device. | 04-07-2016 |
| 20160099932 | PROCESSING APPARATUS, AUTHORITY SETTING METHOD, AND STORAGE MEDIUM STORING PROGRAM - A processing apparatus performs: in response to reception of first information by one of the network interface and the user interface, identifying, as a first function, a function corresponding to the first information out of a plurality of functions relating to image data; setting a first authority corresponding to the first information, the first authority being authority to use the first function; after setting the first authority, when one of the network interface and the user interface receives second information different from the first information and when functions identified by the second information out of the plurality of functions include at least part of the first function and a function other than the first function, identifying the function other than the first function as a second function; and setting a second authority corresponding to the second information, the second authority being authority to use the second function. | 04-07-2016 |
| 20160099941 | AUTHENTICATING A LIMITED INPUT DEVICE VIA AN AUTHENTICATED APPLICATION - A limited input device, such as a camera, is authenticated based on a request received from an authenticated application. The application can request an application server to provide the application with a one-time authorization code. The request includes the device identifier associated with the camera. The server stores an association between the one-time authorization code and the device identifier of the camera, and provides the application with the one-time authorization code. The application provides the camera with the one-time authorization code. The camera transmits a request for an access token to the server, the request for the access token including the one-time authorization code and the device identifier associated with the camera. The server verifies the device identifier associated with the camera with that associated with the one-time authorization code, and upon a positive verification authenticates the camera by providing the camera with the access token. | 04-07-2016 |
| 20160099944 | Digital Rights Domain Management for Secure Content Distribution in a Local Network - Systems and methods for secure content distribution to playback devices connected to a local network via a residential gateway using secure links are disclosed. One embodiment of the invention includes a content server, a rights management server, a residential gateway configured to communicate with the content server and the rights management server via a network, and a playback device configured to communicate with the residential gateway via a local network. In addition, the residential gateway is configured to receive protected content from the content server, the playback device is configured to request access to the protected content from the residential gateway, the residential gateway is configured to request access to the protected content from the rights management server and the request includes information uniquely identifying the playback device, the rights management server is configured to provide access information to the residential gateway when the information uniquely identifying the playback device satisfies at least one predetermined criterion with respect to playback devices associated with the residential gateway, the residential gateway and the playback device are configured to create a secure link between the residential gateway and the playback device via the local network, and the residential gateway is configured to decrypt the protected content using the access information provided by the rights management server and to encrypt the decrypted content for distribution to the playback device via the secure link. | 04-07-2016 |
| 20160099946 | CONTROLLING OPERATION OF A MACHINE AND DESCRIBING ACTIONS PERFORMED BY THE MACHINE THROUGH A SOCIAL NETWORKING SYSTEM - A social networking system includes information identifying a machine (e.g., a robot, a drone, a computer, a thermostat, etc.) and a connection between the machine and an owner of the machine, which is a user of the social networking system capable of authorizing an action by the machine. The owner of the machine associates permissions associated with various actions by the machine, where a permission associated with an action identifies one or more criteria for performing the action. Permissions may specify types of connections between social networking system users and the owner of the machine via the social networking system to allow social networking system users with specific types of connections to the owner of the machine to perform certain actions using the machine. Information describing an action performed by the machine may be communicated to other users of the social networking system via any suitable communication channel. | 04-07-2016 |
| 20160100315 | DETECTING AND DISABLING ROGUE ACCESS POINTS IN A NETWORK - A rogue access point in a wireless local-area network can be disabled by an authorized access point wirelessly transmitting a layer-2 broadcast packet. If a rogue access point receives this broadcast packet, it will forward a copy to the switch to which it is connected. The switch then shuts down the port on which it received the forwarded copy of the broadcast packet. | 04-07-2016 |
| 20160105314 | SERVICE PROVISIONING PROFILE FOR A FABRIC NETWORK - Methods and systems for pairing a device to an account managed by a remote service include connecting to a commissioning device. The commissioning device is a device that manages pairing of devices to a remote service. Pairing the device to the fabric in a remote service also includes receiving service configuration details from the commissioning device. The commissioning device has previously retrieved the service configuration details that contain details configured to enable the joining device to connect to the remote service. Using the service configuration details, a device connects to the remote service using the received service configuration details. | 04-14-2016 |
| 20160105412 | NETWORK CONNECTION METHOD, APPLICATION AUTHENTICATION SERVER, TERMINAL AND ROUTER - The present disclosure relates to the field of network technologies and discloses a network connection method, an application authentication server, a terminal and a router. The method includes: acquiring a first application account corresponding to a terminal and first router identification information received by the terminal; determining, according to the first application account and the first router identification information, whether the terminal has permission to connect to a network through a router; and returning, to the terminal if the terminal has permission to connect to the network through the router, authentication information of connecting to the network through the router, so that the terminal connects to the network through the router according to the authentication information. | 04-14-2016 |
| 20160105416 | SMART ROUTER - An example router device disclosed herein functions as a transport level proxy and application level proxy, is able to host both authenticated user and device sessions with stored session state and access control to resources for enhanced performance and ease of use. The device is able to function as a protocol proxy for improved performance and security. The device may be configured to implement a captive portal login mechanism, and may programmatically force unsecure LAN-side client requests to secure WAN-side connections. The device may execute an API for remote applications to utilize. The router device may pre-fetch content for client devices, and may communicate with other servers and peer routers to ascertain congestion on the WAN, and perform intelligent routing of WAN traffic based on the detected congestion. The device may also employ techniques to enhance privacy, virtualized address spaces, cookie filters, and traffic modification. | 04-14-2016 |
| 20160105437 | DEVICE AND AUTHENTICATION SYSTEM - A device includes a storage unit that stores generated challenges which are challenges previously generated, a determination unit that determines whether a newly generated challenge matches any of the generated challenges or not, an output unit that outputs the newly generated challenge as an unused challenge when the determination unit determines that the newly generated challenge does not match any of the generated challenges, and a registration unit that stores the newly generated challenge as a new generated challenge in the storage unit when the determination unit determines that the newly generated challenge does not match any of the generated challenges. | 04-14-2016 |
| 20160105438 | SYSTEM, METHOD, AND APPARATUS FOR AUTHENTICATION - An authentication apparatus updates a first execution information entry corresponding to a first identification information entry of an authentication target having undergone authentication processing, and transmits the first identification and execution information entries to a management apparatus. The management apparatus updates an execution information entry corresponding to the first identification information entry, and stores a first sequence information entry indicating a sequence number. The management apparatus transmits the first sequence and identification information entries to the authentication apparatus. The authentication apparatus then stores the first sequence information entry, and further acquires, from the management apparatus, second execution and sequence information entries corresponding to a second identification information entry identified by comparing the first sequence information entry against a different one received before the reception of the first sequence information entry and stores the acquired information in association with the second identification information entry. | 04-14-2016 |
| 20160105439 | Anti-Hacking System for Quantum Communication - A method and apparatus for reducing unauthorized access of an information stream. The information stream is received at a node along a path to a destination node. The information stream comprises information bits and quantum bits that are interspersed with each other. A portion of the quantum bits are examined at the node along the path. An occurrence of unauthorized access to the information stream is indicated when an original entangled state of the portion of the quantum bits is absent. | 04-14-2016 |
| 20160105440 | METHOD AND SYSTEM FOR DATA SESSION ESTABLISHMENT - A method and system for data session establishment from a mobile device in a multiple networks scenario, the method including, checking whether an identifier for an first network is on a blacklist on the mobile device; if the first network identifier is not on the blacklist, attempting to establish a data connection with the first network; and if the first network identifier is on the blacklist, establishing a data connection with a second network. The method and system for data session establishment include deriving and maintaining the blacklist. | 04-14-2016 |
| 20160105445 | COMMUNICATIONS SYSTEM, MANAGEMENT SERVER, AND COMMUNICATIONS METHOD - A communications system includes communications terminals connected to a management server. The management server includes a terminal manager managing data center identification information-acquiring identification information items for acquiring identification information items of data centers available to a predetermined one of the communications terminals in association with the identification information items of the data centers, a service manager managing services available to the predetermined communications terminal in association with the identification information items of the data centers, and an access authorization verification processor managing access to the services, based on the identification information items of the data centers available to the predetermined communications terminal in association with the data center identification information-acquiring identification information items, and the identification information items of the data centers in association with the services available to the predetermined communications terminal when an inquiry about the services available is received from the predetermined communications terminal. | 04-14-2016 |
| 20160105447 | TIME-BASED CONFIGURATION PROFILE TOGGLING - Time-based configuration profile toggling of a client device can be provided. A computing device in data communication with a client device over a network can be configured to identify an enterprise configuration profile associated with a client device stored in a memory. Further, the computing device can determine whether a current time associated with the client device complies with a compliance rule that specifies at least one time period during which the client device is authorized to enable the enterprise configuration profile. In response to the current time associated with the client device complying with the compliance rule, the computing device can remotely enable the enterprise configuration profile on the client device. | 04-14-2016 |
| 20160105514 | METHOD AND APPARATUS FOR COMMUNICATION CONNECTION SERVICE - Methods and apparatus are provided for communication connection service. Identification information of a second device is acquired. An inquiry about whether to register the second device as a favorite device is displayed. A registration request message is sent to a server, when a request to register the second device as the favorite device is inputted in response to the inquiry. The registration request message includes the identification information of the second device. A registration response message is received from the server in response to the registration request message. A user interface of the first device is controlled to provide feedback informing of a success or a failure in registering the second device as the favorite device based on the registration response message. | 04-14-2016 |
| 20160110530 | METHOD AND A SYSTEM FOR AUTHENTICATING A USER IN TERMS OF A CLOUD BASED ACCESS CONTROL SYSTEM - Aspects extend to methods and systems for authenticating a user in terms of a cloud based access control system. | 04-21-2016 |
| 20160110532 | User Authorization And Presence Detection In Isolation From Interference From And Control By Host Central Processing Unit And Operating System - An embodiment may include circuitry to be included, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute, at least in part, at least one host operating system (OS). The circuitry may perform, at least in part, at least one operation in isolation both from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may include user authorization determination and user presence determination. The authorization determination may be in response, at least in part, to indication of physical presence of at least one user in proximity to the host. The user presence determination may determine, at least in part, whether, after the indication has been provided, the physical presence of the at least one user in the proximity to the host has ceased. | 04-21-2016 |
| 20160112391 | Collection and Storage of a Personalized, Searchable, Unstructured Corpora - An approach is provided for utilizing unstructured corpora in a Question and Answer (QA) system. A question is received at the QA system. A private corpora is generated with the private corpora being associated with the user. The private corpora is generated from private data stores associated with the user as well as private data stores associated with other users. Access to the other user's private data sources is provided to the user by the other users. The system retrieves data responsive to the question from the private corpora. The responsive data is ranked based on its relevance to the question. Likely answers are identified based on the ranked responsive data and the likely answers are provided back to the user. | 04-21-2016 |
| 20160112392 | METHOD AND APPARATUS FOR SHARING OF CONTENT - A device comprising: a display; a communication interface; and at least one processor configured to: receive from an external device, via the communication interface, authentication information associated with a user of the external device; transmit the authentication information to a server; transmit a request for content to the server when the device is successfully authenticated by the server based on the authentication information; receive the content from the server; and control the display to display the content. | 04-21-2016 |
| 20160112420 | RUNTIME API FRAMEWORK FOR CLIENT-SERVER COMMUNICATION - In particular embodiments, a method includes receiving, by a computing device including an import/export framework, encoded client data. The client data may be encoded by a generic transcoding service. The method includes performing load-balancing based at least in part on the client data, authorizing the client's access of a remote application, and exporting the encoded client data to the remote application. | 04-21-2016 |
| 20160112424 | COMMUNICATIONS SYSTEM FOR RESIDENTS OF SECURE FACILITY - A system and a method are provide for two-way communications, automated request handling, and push notifications, via SMS, MMS, IM, email, and other electronic messaging systems, between (1) residents confined to a secure facility, such as a jail or a prison, and (2) persons located outside the secure facility who have friendly or family relationships with the confined residents. | 04-21-2016 |
| 20160112426 | PRE-AUTHORIZING A CLIENT APPLICATION TO ACCESS A USER ACCOUNT ON A CONTENT MANAGEMENT SYSTEM - A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past. | 04-21-2016 |
| 20160112427 | COMMUNICATION MODEL BASED ON USER ROLE - A non-transitory computer readable medium includes instructions which, when executed by one or more hardware processors, causes performance of operations. The operations include receiving, by a network device from a first user device, a first message addressed to a second user device and identifying a first user role associated with the first user device and a second user role associated with the second user device. The operations further include determining whether a set of predefined user role relationships authorizes a communication between user devices having the first user role and user devices having the second user role. In response to determining that the set of predefined user role relationships do not authorize the communication between user devices having the first user role and user devices having the second user role, the operations refrain forwarding the first message from the first user device to the second user device. | 04-21-2016 |
| 20160112428 | CONTENT ACCESS CONTROL IN A SOCIAL NETWORK - Disclosed are systems and methods associated with a social network application. A plurality of posts associated with a client system user is displayed. First and second posts in the plurality of posts are respectively associated with first and second recipient groups. While the posts are displayed, a content item area is displayed. An input, comprising a content item, is received from the user in the content item area. An affordance is presented that enables the user to designate access control information corresponding distribution entities. The content item and the access control information are transmitted to a system whereupon access to the content item is restricted in accordance with the access control information. | 04-21-2016 |
| 20160112429 | ROLE BASED ACCESS CONTROL FOR CONNECTED CONSUMER DEVICES - A processing device authenticates a computing device of a user to a user account. The processing device determines a role associated with the user account, and additionally determines access permissions to one or more resources based on the role. The processing device then grants to the computing device access to the one or more resources to be protected in an internet of things (IoT) solution. | 04-21-2016 |
| 20160112433 | TERMINAL FOR INTERNET OF THINGS AND OPERATION METHOD OF THE SAME - An example terminal includes a communication circuitry configured to communicate with a server; and a data processor configured to request the server to include a second user in a relationship group of a first user and to extend, to the relationship group, a range of authorization for an Internet of Things (IoT) apparatus registered as an apparatus of the first user. | 04-21-2016 |
| 20160112434 | TERMINAL FOR INTERNET OF THINGS AND OPERATION METHOD OF THE SAME - An example terminal includes a communication circuitry configured to communicate with a server; and a data processor configured to request the server to include a second user in a relationship group of a first user and to extend, to the relationship group, a range of authorization for an Internet of Things (IoT) apparatus registered as an apparatus of the first user. | 04-21-2016 |
| 20160112438 | SECURE MESSAGING IN MESSAGE-ORIENTED SYSTEMS - Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing secure messaging in message-oriented systems. Actions can include: receiving, by the one or more processors, one or more subscribe requests from one or more subscriber devices; receiving, by the one or more processors, at least one publish request from at least one publisher device, the publisher and subscriber devices being loosely coupled through the broker device on a shared cloud platform; validating, by the one or more processors, the at least one publish request and the one or more subscribe requests to provide validation results; and determining, by the one or more processors, a message routing schedule based at least in part on the validation results. | 04-21-2016 |
| 20160112439 | HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS - Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, network security application includes a network traffic control module, a human user test engine and a risk management module. The network traffic control module identifies a high-risk network access initiated by a device associated with a private network protected by the network security appliance. The human user test engine (i) sends a human user test message to the human user of the device to verify that the high-risk network access was initiated by or is otherwise authorized by the human user of the device; receives a response to the human user test message; and (iii) determines whether the response is a correct response to the human user test message. The risk management module allows the high-risk network access when the response is correct. | 04-21-2016 |
| 20160112870 | SIMPLIFICATION OF ATTACHING DEVICES TO SECURED WIRELESS NETWORKS - Described herein are systems and methods for connecting devices to secured networks, such as secured wireless networks, by storing credentials for the network and passing the credentials to a new device, such as, for example, when the new device is attempting to connect to the secured network for the first time. | 04-21-2016 |
| 20160112871 | Method and Systems for Placing Physical Boundaries on Information Access/Storage, Transmission and Computation of Mobile Devices - A system and method for restricting access to information using short range wireless communications, the system is provided. The system and method include a short range wireless network serving a predetermined enabled location. The network is configured to provide authentication data to a computing device. The authentication data specific may be specific to an enabled location and may further include a unique identifier. The network is configured to receive from authentication data from the computing device. The network is further configured to verify the authentication data received from the computing device and, upon verification, the network permits communication between the computing device and the network for the enabled location. | 04-21-2016 |
| 20160112876 | PROVIDING A MASKED SHORT MESSAGE SERVICE IN A WIRELESS NETWORK - A method and apparatus for providing a masked short message service in a wireless network are disclosed. For example, the method receives a message from a first endpoint device directed to a second endpoint device, wherein the message indicates that the message is a masked short message service message, and forwards the masked short message service message with a code towards the second endpoint device. In one example, the second endpoint device parses the message and executes instructions contained therein, e.g., for sending a regular SMS with content derived from masked SMS, making a call, playing music, finding location by invoking an API, sending a file or a picture and any other functions that the second endpoint device may be capable of doing. The masked short message service provides a method for remotely controlling a 2G/3G mobile device through a computer or another mobile device. | 04-21-2016 |
| 20160117486 | OUT-OF-BAND TOKENS FOR RIGHTS ACCESS - Access to content may be administered by storing content, the content comprising one or more selections, accessing a passive optical out-of-band token associated with the content, determining an access right for the content based on the passive optical out-of-band token, and enabling access to the content in accordance with the access right. | 04-28-2016 |
| 20160117515 | Establishing and Maintaining an Authenticated Connection Between a Smart Pen and a Computing Device - A system and method establishes a connection between a smart pen and a computing device, and establishes a privilege level that regulates data requests for specific data from the smart pen. The smart pen determines whether a connection should be established between the smart pen and a computing device, based on device information received from the computing device. If a connection is established, a privilege level is established for an application executing on the computing device based on the device information, which determines whether a request from the application for specific data from the smart pen is allowed or denied. | 04-28-2016 |
| 20160119056 | Security Monitoring for Optical Network - Apparatus ( | 04-28-2016 |
| 20160119307 | FAILURE RECOVERY MECHANISM TO RE-ESTABLISH SECURED COMMUNICATIONS - Embodiments of the present invention include techniques for reestablishing a secure communication channel between a client machine and a server machine. A client machine receives, from a server machine, a first message generated in connection with a first master token. The client machine detects an error condition associated with the first message. The client machine transmits, to the server machine, a second message generated in connection with a pre-provisioned key that includes a request for a new master token. The client machine receives, from the server machine, a third message that includes a second master token. The client machine transmits, to the server machine, a fourth message generated in connection with the second master token. | 04-28-2016 |
| 20160119308 | INFORMATION MANAGING SERVER AND METHOD - An information managing server includes: a memory; and a processor configured to execute a procedure, the procedure comprising: registering, in the memory, stored doctor information including information on doctors, registrant information indicating a registrant who provides a registration request, and registration information indicating a state of registration, in accordance with the registration request, possible states of registration including at least provisional registration and definitive registration, and outputting, in accordance with a doctor information request from a user, associated doctor information that is associated with both the registration information indicating the provisional registration and the registrant information indicating the user, among the stored doctor information in the memory. | 04-28-2016 |
| 20160119309 | METHOD AND APPARATUS FOR PROTECTING REGIONS OF AN ELECTRONIC DOCUMENT - A method and apparatus for protecting regions of an electronic document are provided. According to the method, the entire electronic document is protected. The selection of a region within the electronic document is received along with identity of one or more users authorized to freely edit the selected region. The identified users are authorized to freely edit only the selected region of the electronic document. A request is then received to edit a region of the electronic document from a current user. In response to the request, a determination is made as to whether the current user is authorized to edit the region. If the user is not authorized to edit the region, the request is denied. | 04-28-2016 |
| 20160119336 | SYSTEM AND METHOD FOR HARDWARE-BASED TRUST CONTROL MANAGEMENT - A trust control management method for security, operable on a computer system generates a unique Trust ID value by combining user-defined values with hardware-specific values associated with the user's computer system and storing the Trust ID value in a memory register physically associated with the hardware of the computer system. A Trust Control Suite (TCS) operable with a server OS/hypervisor maintains a database of user-defined values and hardware-specific values for computer systems clustered in a trusted computing pool. An attestation procedure is performed by the trust control server combining the user-defined values with the hardware-specific values from its database and comparing it to the user-stored Trust ID value stored in the memory register associated with a user's computer system. Depending on whether it is a match or mismatch, the TCS can determine if it is a trusted computer or not, and can take appropriate alerts and policy actions. | 04-28-2016 |
| 20160119338 | DEVICE ACCESS USING VOICE AUTHENTICATION - A device can be configured to receive speech input from a user. The speech input can include a command for accessing a restricted feature of the device. The speech input can be compared to a voiceprint (e.g., text-independent voiceprint) of the user's voice to authenticate the user to the device. Responsive to successful authentication of the user to the device, the user is allowed access to the restricted feature without the user having to perform additional authentication steps or speaking the command again. If the user is not successfully authenticated to the device, additional authentication steps can be request by the device (e.g., request a password). | 04-28-2016 |
| 20160119350 | DATA COUNTER MEASURES - Techniques to block unwanted third party calls are disclosed. In various embodiments, an indication is received that third party code included on a web page is attempting to write to the web page content associated with an unauthorized third party call. The unauthorized third party call is blocked. In some embodiments, the unauthorized third party call is blocked by blocking the web page content associated with the unauthorized third party call from being written to the web page. | 04-28-2016 |
| 20160119351 | AUTHORITY TRANSFER SYSTEM, METHOD THAT IS EXECUTED BY AUTHORITY TRANSFER SYSTEM, AND STORAGE MEDIUM - An authority transfer system enables omitting authorization of a user belonging to a tenant based on an authorization operation being performed at least once on a terminal associated with the tenant. | 04-28-2016 |
| 20160119355 | CONTROLLING ADMINISTRATION RIGHTS - A computer in a network has an operating system. The operating system is configured to prevent running of software not identified in a list of approved software referred to as a white list. Software absent from the list is prevented from running by the operating system. The network has a server which determines, for each item of software on the white list, the administration rights of the users of computers having that item of software. If a white listed software item is present on one or more computers used by users without admin rights, then the admin rights of any user of other computers having the same white listed software item are withdrawn by instructions sent by the server to the computer. | 04-28-2016 |
| 20160119356 | REMOTE MONITORING SYSTEM AND REMOTE MONITORING APPARATUS - In one embodiment, a remote monitoring system includes a monitoring apparatus displaying a screen for monitoring a power plant, a remote monitoring apparatus displaying the screen transferred from the monitoring apparatus, and a management server managing information regarding the remote monitoring apparatus. The management server includes an activation management module to acquire apparatus identification information for identifying the remote monitoring apparatus, and to return activation permission to the remote monitoring apparatus if the apparatus identification information matches apparatus identification information registered previously. The remote monitoring apparatus includes a secret information storing region to store the apparatus identification information, and to limit software accessible to the secret information storing region to BIOS software of the remote monitoring apparatus, and an activation module to acquire the activation permission from the activation management module by providing the apparatus identification information in the secret information storing region to the activation management module. | 04-28-2016 |
| 20160119359 | SYSTEM AND METHOD FOR PROVIDING A SECURE ACCESS IN AN ORGANIZATION SYSTEM - The present invention integrates user, application and server level security with standard operating procedures, thus providing an end to end security blanket over the organization's network and information security. The invention provides step by step directions for processing accurate transactions, which are free from deviations, transactional errors and security breaches. The invention intelligently & instantly analyzes the commands that are being fed into the organization system/application, and then decides to either accept or reject the direction given by the user versus a predefined protocol. As such, although the words are being keyed through a keyboard, the present invention intelligence interacts with the external device to understand the command or input, suggesting alterations or lets it through. The instructions provided through the mouse or the mouse pad, are also prescreened before letting the instructions getting into or out of the system. | 04-28-2016 |
| 20160119781 | SYSTEM FOR DELEGATING THE PRIORITIZATION OF INCOMING COMMUNICATIONS TO TRUSTED USERS - A computer-implemented method for prioritizing an incoming communication directed to a recipient by an originator includes creating a privacy/trust relationship between a recipient and an originator in response to user input, and determining a disposition of an incoming communication by reference to the privacy/trust relationship. | 04-28-2016 |
| 20160125411 | SECURE PASSCODE ENTRY USING MOBILE DEVICE WITH AUGMENTED REALITY CAPABILITY - Secure passcode entry using a mobile device having augmented reality capability. The mobile device is registered with an authorization server to register an agreed input display algorithm with an initialization seed, and a user passcode is registered with the authorization server. A superset of options is obtained from an input interface device at which a user passcode is to be entered. The superset of options is processed using the input display algorithm and initialization seed to result in an arrangement of characters including the characters of a registered user passcode. The arrangement of characters is overlaid using the augmented reality capability of the mobile device in relation to an input interface of the input interface device. | 05-05-2016 |
| 20160127321 | METHOD AND SYSTEM FOR VPN ISOLATION USING NETWORK NAMESPACES - One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. | 05-05-2016 |
| 20160127347 | AGGREGATE SERVICE WITH USER INTERFACE - One embodiment provides a method, including: receiving authentication input, at a device, that is sent to an aggregate service device; requesting file system data, retrieved by the aggregate service device, analogous to data stored on a remote device and data stored on a cloud storage device; receiving at the device, after providing the authentication input to the aggregate service device, the file system data from the aggregate service device; and displaying, on the device, a user interface in the form of a file manager application generated from the requested file system data. | 05-05-2016 |
| 20160127363 | Method and System for Verifying the Identity of a User of an Online Service - A method for verifying the identity of a user of an online service, with the steps of: when a user is connected (A | 05-05-2016 |
| 20160127364 | Apparatus and Method for Host Abstracted Networked Authorization - An information handling system includes a host processing system and an authentication processing system. The authentication processing system authenticates to the host processing system based upon a shared secret. An authentication module of the authentication processing system operates as a master authentication module to establish an authentication area, determine that a first device is a first trusted device of the authentication module, determine that the first device is within the authentication area, authenticate the first device on the authentication area based upon the determination that the first device is within the authentication area, determine that a second device is a second trusted device of the authentication module, determine that the second device is not within the authentication area, and prevent the second device from authenticating on the authentication area based upon the determination that the second device is not within the authentication area. | 05-05-2016 |
| 20160127368 | Method, Apparatus, and System for Controlling Access of User Terminal - A method, an apparatus, and a system for controlling access of a user terminal, where the method includes receiving, by a controller, an authentication packet sent by an access switching node through an established data tunnel; obtaining, by the controller, a source media access control (MAC) address of the authentication packet; after access authentication implemented on a user terminal, determining, from a maintained correspondence between MAC addresses of user terminals and interface identifiers, an interface identifier corresponding to the MAC address of the successfully-authenticated user terminal, where the interface identifier identifies an interface connected to the user terminal; and sending, by the controller, the determined interface identifier to the access switching node through an established control tunnel, and instructing the access switching node to enable the interface corresponding to the interface identifier. | 05-05-2016 |
| 20160127371 | SYSTEM AND METHOD FOR PROVIDING ERROR HANDLING IN AN UNTRUSTED NETWORK ENVIRONMENT - An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience. | 05-05-2016 |
| 20160127372 | HIERARCHICAL AUTHENTICATION AND AUTHORIZATION SYSTEM - A method for controlling access to a system for supporting home control activities includes hierarchical authorization of the user. Access in an online mode, in which there is a connection between a central platform and a home control device, is granted by the central platform, in particular user rights are derived, and the user only has the right of access to the home control device if the right of access to the central platform is in place. In an offline mode, rights stored locally on the home control device control access. Access to the applications is granted by the home control device, in particular application-specific user rights are derived, and a user only has the right of access to the applications if the right of access to both the home control device and also to the central platform is in place. | 05-05-2016 |
| 20160127373 | AUTOMATIC CONNECTED VEHICLE DEMONSTRATION PROCESS - The present invention is directed toward an automatic connected vehicle demonstration method and system for automatically designating any registered vehicle as a demonstrator vehicle, and further allowing for the demonstrator vehicle to also have one or more subscription-based events based on demonstrator vehicle status. In one more embodiments, a computer implemented method provides for registering, deregistering, and managing a dealer's inventory of demonstration vehicles. | 05-05-2016 |
| 20160127374 | Using Third Party Information To Improve Predictive Strength for Authentications - Embodiments of the present invention are directed to methods and systems for utilizing the history of previous authentications and authorizations related to third party computers, as factors in determining whether a current request for accessing a resource should be authorized. A processor server computer, in determining whether to authorize access to the resource, may generate and send a query message to one or more of the third party computers to obtain authorization activity that the third party computers may have regarding a user and/or a device associated with the request. The processor server computer may use the authorization activity from the third party computers in determining whether the request is an authentic request and that the request should be authorized. | 05-05-2016 |
| 20160127378 | INTERNET ACCESS AUTHORIZATION AND REGULATION SYSTEMS AND METHODS FOR CONTROLLED ENVIRONMENT OF AN INSTITUTIONAL FACILITY - Access and regulations systems to facilitate safe and secure access of web content by residents of an institutional facility such as a correctional facility includes an administrator workstation to define authorized and prohibited web content and associated secondary restrictions, a resident workstation displaying on a predetermined list of web content, and a server receiving and processing the authorized and prohibited web content and requests made by institutional residents. | 05-05-2016 |
| 20160127381 | NETWORK CONNECTION METHOD, HOTSPOT TERMINAL AND MANAGEMENT TERMINAL - Embodiments of the disclosure provide a network connection method, a hotspot terminal, and a management terminal. A hotspot terminal receives an Internet access request sent by a mobile terminal. The hotspot terminal sends an input request to the mobile terminal according to the received Internet access request. The hotspot terminal receives user identity information sent by the mobile terminal. The hotspot terminal receives a permission confirmation instruction that is entered by an administrator according to the user identity information. The hotspot terminal determines Internet access permission of the mobile terminal according to the received permission confirmation instruction. According to the network connection method provided in the embodiments of the disclosure, a problem where a process in which a mobile terminal logs in to a remote network by using a hotspot terminal becomes tedious and complex is resolved. | 05-05-2016 |
| 20160127382 | DETERMINING VARIABLE WAIT TIME IN AN ASYNCHRONOUS CALL-BACK SYSTEM BASED ON CALCULATED AVERAGE SUB-QUEUE WAIT TIME - A method includes a workload management (WLM) server that receives a first CHECK WORKLOAD command for a workload in a queue of the WLM server. It may be determined whether the workload is ready to run on a WLM client. If the workload is not ready to run, a wait time for the workload with the WLM server is dynamically estimated. The wait time is sent to the WLM client. If the workload is ready to run, then a response is sent to the WLM client that workload is ready to run. | 05-05-2016 |
| 20160132358 | PERIPHERAL DEVICE SHARING ACROSS VIRTUAL MACHINES RUNNING ON DIFFERENT HOST COMPUTING SYSTEMS - Techniques for sharing a peripheral device connected to a first host computing system in a cluster are disclosed. In one embodiment, a request to access the peripheral device connected to the first host computing system is received from a virtual machine running on a second host computing system. Further, a bandwidth requirement associated with the peripheral device is determined. Furthermore, one of enabling the virtual machine to remotely access the peripheral device over a network and recommending migration of the virtual machine to the first host computing system to locally access the peripheral device is performed based on the bandwidth requirement of the peripheral device. | 05-12-2016 |
| 20160134488 | METHODS AND APPARATUS FOR PROVISIONING SERVICES WHICH REQUIRE A DEVICE TO BE SECURELY ASSOCIATED WITH AN ACCOUNT - Methods and apparatus for provisioning and providing services to devices on a local network are described. The methods and apparatus allow for the provisioning of services to customer owned and managed devices on a local network on which another device, e.g., a first device, has already been authenticated and authorized to receive services corresponding to a customer account. After a first device on a local network is authenticated and associated with a customer account it detects the addition of new devices on the local network and assists in the registration of the new device by acting as an intermediary with a service provider device during the registration process. The security and registration established by the first device is leveraged allowing other devices on the network to be registered and authenticated for services corresponding to the same account as the first device without requiring user input of authentication and/or other information. | 05-12-2016 |
| 20160134592 | SECURE NETWORK REQUEST ANONYMIZATION - Network request anonymizing nodes (“NRANs”) may be described herein. The NRANs may act as anonymizing proxies by generating additional anonymizing network requests to help anonymize a network request sent by a requesting computing node. By generating the additional anonymizing network request, the NRANs may cause a relatively large number of similar network requests to be transmitted in an approximately contemporaneous fashion with the transmission of the network request. The NRANs may receive indication of network requests via a secure anonymization proxy tunnel, which may be established through transmission of an anonymizing proxy request from the requesting computing node to the NRANs. The secure anonymization proxy tunnel may be established between a secure enclave of the requesting computing node and secure enclaves of the NRANs. Other embodiments may be described and/or claimed. | 05-12-2016 |
| 20160134624 | MOBILE AUTHENTICATION IN MOBILE VIRTUAL NETWORK - Systems, methods, and non-transitory computer-readable storage media for using mobile network authentication factors to authenticate a mobile device. | 05-12-2016 |
| 20160134633 | MECHANISM FOR REPUTATION FEEDBACK BASED ON REAL TIME INTERACTION - A method for confirming that a user interacted with a resource provider before allowing the user to submit feedback associated with the resource provider is disclosed. A social network provider can query entities that are aware of the user's interaction history before activating a feedback function. Also, non-sensitive information can be used to identify the user. | 05-12-2016 |
| 20160134634 | METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE - A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system, the method comprising: a) receiving, from a first user system via a computer network, user authentication information and a network address identifying the first user system within the computer network; b) obtaining at least one data item of contextual information indicative of a property of an environment of a wireless communications device associated with the user authentication information; c) authenticating the user based on at least the user authentication information; and d) subject to successful authentication, granting access to the target component and storing a data record comprising the received network address and the received contextual information. | 05-12-2016 |
| 20160134636 | Remote trust attestation and geo-location of servers and clients in cloud computing environments - Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent. | 05-12-2016 |
| 20160134637 | SYSTEMS AND METHODS FOR ENABLING COLLABORATION AND COORDINATION OF SUPPORT - The present invention relates to systems and methods for enabling collaboration and coordination of support within a controlled electronic environment. In particular, embodiments of the present invention relate to a dynamic, collaborative, and online support system that integrates assessment functionality, data reporting, communication tools, calendaring, and specific curriculum, with the power of an online community support system devoted specifically to helping an individual maintain and/or improve from a current level of functioning to a higher level of functioning. Further, embodiments of the present invention embrace systems and methods for selectively distributing sensitive information in a timely and controlled manner to key people, organizations, and professionals, who are in positions to support a particular individual, family, or group, and wherein the information is provided based on the positive impact/influence each can provide based on given circumstances. | 05-12-2016 |
| 20160134638 | SYSTEMS AND METHODS FOR CONSUMER DIGITAL PRIVILEGES - Systems and methods are described for limiting access to digital content based on a privileged access model. In one implementation, a consumer identification is received based on a request by the consumer for content from a first content provider. The content includes a plurality of content portions, with each content portion having an associated minimum privilege level. A privilege level for the consumer is determined, where the privilege level is based at least in part on certain actions of the consumer taken with respect to content previously consumed by the consumer. Content portions can then be provided to the consumer based on the minimum privilege levels of the content portions and the privilege level of the consumer. Additional actions of the consumer can be identified and used to modify the privilege level of the consumer. | 05-12-2016 |
| 20160134662 | Lawful Interception and Security Based Admission Control for Proximity Service - There are provided measures for lawful interception and security based admission control for proximity service. Such measures could include detecting a requirement for control in relation to setting up or securing a connection of a proximity service between at least two devices, determining availability of at least one lawful interception and security agent capable of performing an operation relating to lawful interception and/or security in relation to the connection of the proximity service, and performing control in relation to setting up or securing the connection of the proximity service when availability of the at least one lawful interception and security agent is determined. | 05-12-2016 |
| 20160134675 | METHODS, DEVICES, AND MEDIA FOR SECURELY UTILIZING A NON-SECURED, DISTRIBUTED, VIRTUALIZED NETWORK RESOURCE WITH APPLICATIONS TO CLOUD-COMPUTING SECURITY AND MANAGEMENT - The present invention discloses methods for securing information by transforming the information into individually-unintelligible parts, methods include: dividing an original data stream into a set of split data streams; applying a first invertible transformation function to the split data streams, the step of applying producing an intermediate set of data streams; and extracting a final set of data streams from the intermediate set by applying a selection rule which produces the final set, thereby transforming the original data stream into individually-unintelligible parts in the final set. Preferably, the method further includes: applying a second invertible transformation function to the final set to produce the intermediate set, wherein the second invertible transformation is an inverse function of the first invertible transformation; extracting the split streams from the intermediate set by applying a selection rule which produces the split data streams; and reconstructing the original data stream from the split data streams. | 05-12-2016 |
| 20160142389 | Short-Range Device Interactions for Facilitating Partial Uses of Clustered Access Rights - Systems and methods are provided for communication networks and network operations for processing partial uses of clustered access rights. The communication networks may include channels such as short-range communication channels, such as Bluetooth, BTLE, and/or near-field communication (NFC) channels. | 05-19-2016 |
| 20160142391 | ELECTRONIC DEVICE, SERVER, ELECTRONIC DEVICE CONTROLLING METHOD, INFORMATION PROCESSING METHOD AND RECORDING MEDIUM - An information processing device includes an interface configured to receive authentication information from an electronic device. The device also includes circuitry configured to identify an execution range of an association operation program executed by the electronic device, the execution range being indicative of an authentication of an association between the electronic device and another electronic device. | 05-19-2016 |
| 20160142399 | IDENTITY INFRASTRUCTURE AS A SERVICE - A method and system of an identity service to provide a single point of access for a plurality of applications for an authentication of a user identity. An authentication request is received from an application via an application program interface (API), wherein the authentication request includes logon information. The authentication request is translated to one or more identity providers. Upon authentication, serially executing one or more programmatic extension scripts associated with the user. Privileges are granted to the user based on at least one of the programmatic extension scripts associated with the user. | 05-19-2016 |
| 20160142402 | METHOD AND APPARATUS FOR REGISTERING A DEVICE FOR USE - A server and method for supporting device registration by the server are provided. The present disclosure relates to a sensor network, Machine Type Communication (MTC), Machine-to-Machine (M2M) communication, and technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. | 05-19-2016 |
| 20160142410 | ELECTRONIC CONTROL UNIT NETWORK SECURITY - A system and method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network. The method carried out by the system operates a network of ECUs that include at least first and second ECUs in communication with each other over the network. The first ECU may be an external access point which can establish communication with an external device. The first ECU provides the external device with limited privilege access to the network. The method further includes detecting unauthorized escalated privilege access of the first ECU, and in response to the detection, at least partially restricting use of the first ECU as the external access point, thereby preventing external devices from using the first ECU for the limited privilege access to the network. | 05-19-2016 |
| 20160142413 | EPHEMERAL APPLICATIONS - A method of executing an application in a direct launch mode includes receiving a user input to download an application from a remote server to a client computing device and to launch the application on the client computing device. Permissions requested by the application to utilize local resources of the client computing device during execution of the application by the client computing device are determined, and the determined permissions are compared to a list of predetermined permissions requiring modification of the execution of the application when the application is executed in a direct launch mode. The application is launched without additional input from the user, and the application is executed on the client computing device with at least one of the requested permissions not being granted in its entirety. | 05-19-2016 |
| 20160142414 | METHOD, APPARATUS, AND SYSTEM FOR ACHIEVING PRIVILEGE SEPARATION - Methods, apparatus, and systems for achieving privilege separation are provided herein. In an exemplary method, an operation-applying instruction sent by a first-type client can be received. According to the operation-applying instruction, it can be determined whether an operation corresponding to the operation-applying instruction is able to be executed. When the operation corresponding to the operation-applying instruction is able to be executed, an operation-executing instruction can be sent to a second-type client, such that the second-type client can obtain a privilege for executing the operation, according to the operation-executing instruction. A notifying instruction can be sent to a third-type client, such that the third-type client can obtain a notification that the second-type client has obtained the privilege for executing the operation. | 05-19-2016 |
| 20160142415 | Securing Communication over a Network using Client Integrity Verification - A method for protecting application servers from network-based attacks and verifying the security posture of end client systems is disclosed. A trust broker system receives a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker. The trust broker system verifies the integrity of the client system and verifies the identity of a user of the client system. The trust broker system then determines the access level permitted to the identified user and based on the access level. The trust broker system establishes a connection with the user agent and transmits session information to the server system. The trust broker system sends the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system. | 05-19-2016 |
| 20160142418 | Validating the Identity of an Application for Application Management - A method of managing access to enterprise resources is provided. An access manager may operate at a mobile device to validate a mobile application installed at that mobile device. If the access manager does not successfully validate the mobile application, the access manager may prevent the mobile application from accessing computing resource. If the access manager does successfully validate the mobile application, then the access manager may identify the mobile application as a trusted mobile application. The access manager may thus permit the trusted mobile application to access the computing resource. | 05-19-2016 |
| 20160142421 | VALIDITY CONTROL SYSTEM, TERMINAL DEVICE, AND METHOD - The validity/invalidity of a credit card, an IC card storing electronic money, or the like is appropriately determined based on a blacklist. A terminal device includes a list storage means and an invalidity recording means. The list storage means stores an identifier, validity information indicating validity or invalidity, and a blacklist that relates the identifier to an invalidity count specification value for a recording medium storing a set value. The invalidity recording means reads from the blacklist, the invalidity count specification value related to the identifier read from the recording medium, and compares the invalidity count specification value with the set value read from the recording medium. The invalidity recording means executes predetermined processing based on the validity information for the recording medium when the set value is equal to the invalidity count specification value. | 05-19-2016 |
| 20160142915 | ENHANCEMENTS TO ENABLE FAST SECURITY SETUP - WTRUs, ARSs, APs, WLG/AAA proxies, networks, and methods thereon are disclosed for fast security setup on a multi-RAT WTRU. Methods of sharing security associations between RATs on a multi-RAT WTRU are disclosed. Methods of caching security associations are disclosed. Methods are disclosed for alerting an ANDSF server of an AP that should be considered for association. Enhancements to advertisements from an AP are disclosed where the advertisements may include SSID with a FQDN, a HESSID type information, or TAI type information. Methods of resolving AP identities to a reachable address are disclosed. An address resolution protocol is disclosed for resolving AP identities. ARSs are disclosed that may resolve a BSSID to a network routable address. Protocols for carrying AP identities and security parameters are disclosed. Methods are disclosed of using ANDSF to provide the WTRU with security information and parameters of an AP. An RSN may indicate security capabilities. | 05-19-2016 |
| 20160148022 | IMPLEMENTING BLOCK DEVICE EXTENT GRANULARITY AUTHORIZATION MODEL PROCESSING IN CAPI ADAPTERS - A method, system and computer program product are provided for implementing block extent granularity authorization model processing in Coherent Accelerator Processor Interface (CAPI) adapters. The CAPI adapter includes an authorization table and a file system authorization function to authenticate data access for a client at an extent granularity and to prevent an application from accessing unauthorized data in the CAPI adapter. Each authorization table entry provides for the CAPI client, a CAPI client identification (ID), a CAPI server register space assigning resource ownership to the CAPI client with a CAPI set of allowed functions. | 05-26-2016 |
| 20160149872 | SECURE CONNECTION BETWEEN A DATA REPOSITORY AND AN INTELLIGENCE APPLICATION - Embodiments of the invention are directed to systems, methods and computer program products for establishing a secure connection between a data repository and an intelligence application. In one embodiment, a method includes receiving, from a user device and using a processing device, a request from the intelligence application, the request communicated from the intelligence application through a data virtualization application and for obtaining access to the data repository; responding, using the processing device, to the request comprising preparing and sending an authentication request through the data virtualization application to the intelligence application; receiving authentication credentials from the intelligence application through the data virtualization application, the authentication credentials associated with one or more users of a plurality of users authorized to access the data repository; determining that the authentication credentials are valid; and providing device, access to the data repository in response to validating the authentication credentials. | 05-26-2016 |
| 20160149876 | SECURITY FOR PROSE GROUP COMMUNICATION - A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device ( | 05-26-2016 |
| 20160149880 | SECURE COMMUNICATION PATHS IN DATA NETWORKS WITH TETHERED DEVICES - A communication network processes intermediate security data from intermediate access nodes on a communication path between a network access node and an end-point device to determine if the intermediate access nodes are authorized. If the intermediate access nodes are authorized, then the network processes end-point security data from the end-point device to determine if the end-point device is authorized. If the end-point device is authorized, then the network processes end-point tethering data from the end-point device to determine if any tethered communication devices are coupled to the end-point device. If the end-point device is not coupled to any tethered communication devices, then the network authorizes a data transfer session for the end-point device over the communication path. If the end-point device is coupled to a tethered communication device, then the network denies authorization for the data transfer session over the communication path for the end-point device. | 05-26-2016 |
| 20160149882 | MULTI-TENANCY SUPPORT IN A CLOUD BASED DATA GRID - A system with a tenant aware in-memory data grid includes a data grid configured to store data in memory. A request manager is configured to receive a data grid label and a tenant identifier and to request a data grid entry based on the data grid label and tenant identifier. A data grid controller is configured to receive a request for data from the data grid based on a combined data grid label and tenant identifier. A security provider is configured to authenticate and authorize the request for data. | 05-26-2016 |
| 20160149888 | Systems and Methods for Facilitating Access to Private Files Using a Cloud Storage System - A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private. | 05-26-2016 |
| 20160149909 | IMPLEMENTING BLOCK DEVICE EXTENT GRANULARITY AUTHORIZATION MODEL PROCESSING IN CAPI ADAPTERS - A method, system and computer program product are provided for implementing block extent granularity authorization model processing in Coherent Accelerator Processor Interface (CAPI) adapters. The CAPI adapter includes an authorization table and a file system authorization function to authenticate data access for a client at an extent granularity and to prevent an application from accessing unauthorized data in the CAPI adapter. Each authorization table entry provides for the CAPI client, a CAPI client identification (ID), a CAPI server register space assigning resource ownership to the CAPI client with a CAPI set of allowed functions. | 05-26-2016 |
| 20160149916 | Method and Nodes for Authorizing Network Access - The embodiments herein relate to a method performed by an AAA server ( | 05-26-2016 |
| 20160149917 | SECURITY PROFILE MANAGEMENT IN A MACHINE-TO-MACHINE MESSAGING SYSTEM - Techniques and systems for managing security profiles in a machine-to-machine messaging system are provided. For example, computing device, a method, and a computer-program product may be provided for maintaining one or more security profiles, and may include registering one or more IoT devices with a messaging system, generating one or more security profiles for an IoT device, and assigning the one or more security profiles to one or more other IoT devices. A security profile includes a permissions record and one or more sets of restrictions. | 05-26-2016 |
| 20160149918 | SECURE INFORMATION INTERACTION METHOD FOR ELECTRONIC RESOURCES TRANSFER - The invention proposes a security information interaction method. In the method, a first security information interaction terminal executes a security information interaction procedure based on a direct data communication with a second security information interaction terminal in the form of near field communication so as to realize the transfer of electronic resources. The security information interaction method disclosed by the invention can achieve a direct transfer of electronic resources between security information interaction terminals and has a high safety and reliability. | 05-26-2016 |
| 20160149923 | KEY MANAGEMENT SYSTEM FOR TOLL-FREE DATA SERVICE - A system may receive a network address to be validated to determine whether the network address is associated with a toll-free data service. The system may perform a validation operation to validate that the network address is associated with the toll-free data service. The validation operation may be based on a key identifier associated with the network address or a network address signature associated with the network address. The key identifier may correspond to a security key used to create the network address signature. The network address signature may be created using the security key. The system may determine whether to bill a first party or a second party for data usage associated with the toll-free data service based on the validation operation. The system may provide information that identifies whether to bill the first party or the second party for the data usage associated with the toll-free data service. | 05-26-2016 |
| 20160149924 | Systems and Methods for Automatic Discovery of Systems and Accounts - In various embodiments, a method comprises scanning a directory structure to generate a scan result comprising a plurality of discovered systems, identifying one or more accounts associated with at least one of the plurality of discovered systems, configuring a security appliance to change one or more old passwords to one or more new passwords for the one or more accounts, and changing, with the configured security appliance, the one or more old passwords to the one or more new passwords. | 05-26-2016 |
| 20160149929 | Methods, Systems, and Products for Identity Verification - Methods, systems, and products verify an identity claimed by a person. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. Should the signature favorably compare to the reference signature, then the identity is verified. | 05-26-2016 |
| 20160150411 | AUTHENTICATION SYSTEM, AND TRANSMIT TERMINAL, RECEIVE TERMINAL, AND RIGHT AUTHENTICATION METHOD OF SAME - The present application discloses an authentication system, and a transmit terminal, a receive terminal, and a right authentication method of same. The receiver externally propagates, by using the information transmit module, an identification code information set corresponding to the receiver. After receiving the identification code information set, the transmitter firstly performs a first right authentication on rights of the transmitter. The transmitter allows itself to transmit a light signal of an identification code of the transmitter only after the authentication is passed, thereby reducing a security risk caused by uncontrolled transmission of the light signal of the identification code of the transmitter by the transmitter. After the transmitter transmits the light signal of the identification code of the transmitter, the receiver performs a second right authentication on the received light signal. In this way, security of the authentication system is further improved. | 05-26-2016 |
| 20160154972 | TIERED APPLICATION PERMISSIONS | 06-02-2016 |
| 20160156590 | METHOD AND SYSTEM FOR CONFIGURING AND SECURING A DEVICE OR APPARATUS, A DEVICE OR APPARATUS, AND A COMPUTER PROGRAM PRODUCT | 06-02-2016 |
| 20160156593 | Method and Apparatus for Anonymous Authentication on Trust in Social Networking | 06-02-2016 |
| 20160156604 | METHOD AND CLOUD SERVER FOR MANAGING DEVICE | 06-02-2016 |
| 20160156615 | Storage Medium Storing Conference Setting Program and Conference Setting Method | 06-02-2016 |
| 20160156617 | SYSTEMS AND METHODS FOR PROVIDING A COVERT PASSWORD MANAGER | 06-02-2016 |
| 20160156624 | USER MODE CONTROL METHOD AND SYSTEM BASED ON IRIS RECOGNITION FOR MOBILE TERMINAL | 06-02-2016 |
| 20160156628 | AUTOMATIC SHARING OF EVENT CONTENT BY LINKING DEVICES | 06-02-2016 |
| 20160156629 | INFORMATION PROCESSING METHOD, INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM | 06-02-2016 |
| 20160156630 | Cross-Enterprise Workflow | 06-02-2016 |
| 20160156635 | METHOD AND SYSTEM FOR FACILITATING WIRELESS NETWORK ACCESS | 06-02-2016 |
| 20160156636 | METHOD AND SYSTEM FOR CONTROLLING ACCESS TO WIRELESS APPARATUSES | 06-02-2016 |
| 20160156637 | Methods and Systems for Secured Authentication of Applications on a Network | 06-02-2016 |
| 20160156639 | METHOD FOR EXCHANGING DATA AND ELECTRONIC DEVICE FOR THE SAME | 06-02-2016 |
| 20160156651 | SMART POWER BACKGROUND TO VALIDATE USER | 06-02-2016 |
| 20160156719 | PROXY CAPTIVE PORTAL TRAFFIC FOR INPUT-LIMITED DEVICES | 06-02-2016 |
| 20160162670 | MANAGING AND TRACKING COMMANDS ASSOCIATED WITH A CHANGE ON A COMPUTER SYSTEM - A method, computer program product, and computer system for managing and tracking commands associated with a change on a managed computer system. The managed computer system receives a log-on of an administrator onto the managed computer system, determines the lockdown level of the managed computer system by querying a managing computer system, and retrieves a list of authorized commands under the lockdown level from the managing computer system. The managed computer system determines, by querying the managing computer system, whether an authorized change on the managed computer system exists. The managed computer system removes the lockdown level to receive from the managing computer system authorization of commands that have been locked down, in response to determining that the authorized change exists. The managed computer system sets the lockdown level with the authorized commands on the managed computer system, in response to determining that the authorized change does not exist. | 06-09-2016 |
| 20160162701 | Stack Fusion Architecture Including Distributed Software Clusters to Enable Software Communication Services - A stack fusion architecture enables a cloud provider to provide Software-as-a-Service (SaaS) offerings to multiple organizations. Each organization operates a Infrastructure-as-a-Service (IaaS) platform and is associated with an organization domain. A cluster of software/communication services is deployed to each platform. Users registered to an organization domain have access limited to the cluster uniquely associated with that domain. The architecture includes a globally accessible domain-to-cluster map used to map each cluster to the associated domain. A locally accessible user-to-cluster map is stored in each cluster to map that cluster to each user registered to the domain uniquely associated with that cluster. The architecture enables communication between users provisioned on different clusters and registered to different domains without exposing private information to the cloud provider. | 06-09-2016 |
| 20160162702 | MANAGING ACCESS PERMISSIONS TO CLASS NOTEBOOKS AND THEIR SECTION GROUPS IN A NOTEBOOK APPLICATION - A method of adding a co-teacher to an original teacher's class notebook can include, in response to receiving a request, at a client device, to add a co-teacher to a class notebook managed by a classroom notebook application, assigning the co-teacher full read/write permissions to the teacher's class notebook including any section groups having connected role inheritances. The co-teacher is also assigned full read/write permissions to the student-specific section groups and the collaboration space section group, which are all in the class notebook and which have broken permission inheritance. To protect the teacher's personal folder, which is a parent folder to the teacher's class notebook, the classroom notebook application removes the co-teacher's permissions to the teacher's personal folder. | 06-09-2016 |
| 20160164731 | Configuration Responsive to a Device - Various features described herein may include updating settings on a device in response to a themed cover being placed on a device (e.g., a remote control) associated with the device. The settings may be updated to correspond to a theme of the themed cover. Alternatively or additionally, the device may receive access to different content based on the theme. For example, a device may receive filtered content in response to a child-themed cover. In another example, the device may receive additional football-related content in response to a football-themed cover. The device may revert to its original settings and content access in response to the remote control being removed from the themed cover. In some embodiments, a device may update settings or content access in response to other themed devices (e.g., wearable devices) being within a threshold distance of the device. | 06-09-2016 |
| 20160164846 | METHOD OF DIGITAL IMAGES MANAGEMENT AND A DIGITAL IMAGES MANAGEMENT SYSTEM - A method of digital image management is described for a mobile device having both a camera capable of taking digital images and an ability to communicate with the internet. There is an internet schema resident on the Internet and a mobile device schema resident in the mobile device. The data fields of the mobile device schema are updated to correspond with the internet schema whenever the mobile device connects with the internet schema. A graphical user interface resident in the mobile device allows a user to input, into the mobile device schema, metadata descriptive of the subject of a digital image contemporaneously with taking of the digital image. This metadata is independent of the digital image, but linked to the digital image for future recall. The graphical user interface resident in the mobile device also allows the user to upload to the internet schema and grant permission for viewing access. | 06-09-2016 |
| 20160164854 | SECURE CONTENT MESSAGING - Systems and methods are disclosed for secure messaging and content sharing. In one implementation, a processor receives a content item in a first format, the content item being associated with an intended recipient, converts the content item into a second format, provides the content item, as converted into the second format, to a device associated with the intended recipient, receives, from the device associated with the intended recipient, one or more inputs in relation to a segment of the content item, processes the one or more inputs to determine that an authentication action is being performed with respect to the segment of the content item, and based on a determination that the authentication action is being performed with respect to the segment of the content item, provides an instruction to present the segment of the content item at the device associated with the intended recipient. | 06-09-2016 |
| 20160164865 | CONFIGURABLE ELECTRONIC-DEVICE SECURITY LOCKING - An interface of an electronic device may be locked in accordance with an authorization confidence level indicating a likelihood that the electronic device is in the possession of an authorized user of the electronic device. Multiple signals may be detected using one or more sensors of an electronic device. The authorization confidence level may be automatically determined using the detected signals. The electronic device may be configured to have a security timeout based at least in part on the authorization confidence level. In some examples, collection(s) of signals may be detected using one or more sensors of an electronic device. A confidence history may be updated using the collection(s) of signals. In response to a match of the confidence history to a stored locking condition, a user interface of the electronic device may be locked. | 06-09-2016 |
| 20160164872 | SECURE COMMUNICATION NETWORK - The present invention is directed to a secure communication network that enables multi-point to multi-point proxy communication over the network. The network employs a smart server that establishes a secure communication link with each of a plurality of smart client devices deployed on local client networks. Each smart client device is in communication with a plurality of agent devices. A plurality of remote devices can access the smart server directly and communicate with an agent device via the secure communication link between the smart server and one of the smart client devices. | 06-09-2016 |
| 20160164874 | MANAGEMENT OF DRONE OPERATIONS AND SECURITY IN A PERVASIVE COMPUTING ENVIRONMENT - A method to provide negotiation control to data such that a person or entity can negotiate the use of data gathered beyond what is needed for a particular use by a third party transaction. The method also provides negotiation for the control and operation of autonomous vehicles such as drones operating in non-public space. | 06-09-2016 |
| 20160164875 | SECURE SYSTEM AND METHOD OF MAKING SECURE COMMUNICATION - A secure system 1 includes a requesting device (L | 06-09-2016 |
| 20160164876 | REMOTE PROFILE SECURITY SYSTEM - A method comprises storing, at the server computer system, user profile information for the remote user. The user profile information for the remote user (or a link to the user profile information) is encrypted using authentication information. The user profile information is associated with user identification information, at the server computer system, using the authentication information, which is selectively made available by the remote user via the network to the server computer system in order to enable the server computer system to associate the user profile information with the user identification information. | 06-09-2016 |
| 20160164878 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD FOR INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND COMPUTER PROGRAM - An information processing apparatus that communicates with a client that accesses a storage server and a server different from the storage server includes receiving means that receives information about a first access right from the client, where the client uses the information about the first access right to access the first server, generating means that generates information, based on the information about the first access right, about a second access right, where the client uses the information about the second access right to access the storage server, and transmitting means that transmits the information about the second access right to the client. | 06-09-2016 |
| 20160164879 | METHOD FOR ACCESSING A PLURALITY OF SERVICES BY A MOBILE TERMINAL USER, AND RELATED SECURE DEVICE - The invention relates to a method for enabling the user of at least one mobile terminal to access a plurality of services, said method consisting of: creating (E | 06-09-2016 |
| 20160164881 | REMOTE VEHICLE APPLICATION PERMISSION CONTROL AND MONITORING - A vehicle may identify an application identifier of a mobile application executed by a mobile device paired with the vehicle; query a local policy table for application permissions associated with the application identifier, the application permissions defining which user interface features, vehicle information elements, and vehicle functions are accessible to the mobile application; and provide the mobile application with vehicle access in accordance with the application permissions. The vehicle may also identify the application permissions additionally according to a mobile device identifier of the mobile device paired with the vehicle. A mobile device paired with the vehicle may send, to a vehicle, a policy table update received from a server and including a local policy table including application permissions defining which user interface features, information elements, and functions of the vehicle are accessible to a mobile application; and execute the mobile application in accordance with the application permissions. | 06-09-2016 |
| 20160164936 | PERSONAL AUDIO DELIVERY SYSTEM - The personal audio delivery system executed in part on a personal communication device to facilitate an enhanced audio experience for a user to select one or more audio streams to be delivered based on personal preferences and which may include related streams. | 06-09-2016 |
| 20160165442 | METHOD FOR UNLOCKING ADMINISTRATION AUTHORITY AND DEVICE FOR AUTHENTICATION - The embodiments of the present disclosure relate to a method for unlocking administration authority and a device for performing authentication, and pertain to the technical field of computer information security. In the method, the authentication device receives authentication information sent by a plurality of member devices. The member devices include a mobile terminal or a wearable device. The authentication device performs a matching authentication of the authentication information by matching authentication information sent from a member device with authentication information prestored in an authorized authentication information list, and determines a distance between an authenticated member device and the authentication device. Then, the authentication device unlocks local administration authority if the number of authenticated member devices that are located within a predetermined distance threshold from the authentication device reaches a predetermined number threshold. | 06-09-2016 |
| 20160165448 | APPARATUS AND METHOD OF AUTOMATICALLY PROVISIONING A FEMTOCELL - A system that incorporates teachings of the present disclosure may include, for example, identifying a request from a femtocell located at a customer premises to receive a requested service of subscribed services related to a subscriber account that identifies an availability of the requested service to the femtocell. Authentication information is determined, provided by way of the femtocell and a message is provided to a server including the authentication information and an identifier of a customer premises device located at the customer premises. An authentication process to authenticate the femtocell is initiated responsive to the request, wherein the server identifies the subscriber account based on the identifier of the customer premises device, and wherein the femtocell is authenticated based on information associated with the subscriber account. Other embodiments are disclosed. | 06-09-2016 |
| 20160165449 | NOTIFICATION OF UNAUTHORIZED WIRELESS NETWORK DEVICES - Apparatuses, methods, and computer-readable media relating to an unauthorized wireless network device notification system (“WNS”) are described. The WNS may be configured to notify the presence of an authorized wireless network device. (“WND”) The WNS may include an unauthorized network device identification service (“UNIS”) as well as one or more detect/notify devices (“DNDs”). The DNDs may be placed in multiple locations around a monitored space and may be configured to detect wireless network signals from a WND in their vicinity. The DNDs may then send information identifying the WND to the UNIS to determine whether the WND is authorized. If the UNIS determines that the WND is unauthorized, it may determine a location for the WND and send commands to the DNDs to notify persons in the area. This notification may include use of lighting or sound. Other embodiments may be described and/or claimed. | 06-09-2016 |
| 20160173448 | ZONE MIGRATION IN NETWORK ACCESS | 06-16-2016 |
| 20160173469 | WIRELESS NETWORK SERVICE PROVISION METHOD AND SYSTEM | 06-16-2016 |
| 20160173471 | TRANSMISSION SYSTEM, MANAGEMENT SYSTEM, TERMINAL, METHOD OF TRANSMISSION AND PROGRAM | 06-16-2016 |
| 20160173474 | Method, Device And System For Network-Based Remote Control Over Contactless Secure Storages | 06-16-2016 |
| 20160173491 | METHOD AND SYSTEM FOR SHARING TWO-FACTOR AUTHENTICATORS TO ACCESS ELECTRONIC SYSTEMS | 06-16-2016 |
| 20160173496 | APPARATUS MANAGEMENT SYSTEM, INFORMATION TERMINAL, APPARATUS MANAGEMENT APPARATUS, AND APPARATUS MANAGEMENT METHOD | 06-16-2016 |
| 20160173501 | MANAGING ELECTRONIC ACCOUNT ACCESS CONTROL | 06-16-2016 |
| 20160173502 | JURISDICTIONAL CLOUD DATA ACCESS | 06-16-2016 |
| 20160180110 | USING A LOCAL AUTHORIZATION EXTENSION TO PROVIDE ACCESS AUTHORIZATION FOR A MODULE TO ACCESS A COMPUTING SYSTEM | 06-23-2016 |
| 20160182480 | SYSTEMS AND METHODS OF GEO-LOCATION BASED COMMUNITY OF INTEREST | 06-23-2016 |
| 20160182485 | METHOD AND DEVICE FOR CONTROLLING WEB PAGE TO INVOKE SYSTEM FUNCTION, AND STORAGE MEDIUM THEREOF | 06-23-2016 |
| 20160182488 | Pass-Thru for Client Authentication | 06-23-2016 |
| 20160182505 | SYSTEM AND METHOD FOR DETERMINING LIVENESS | 06-23-2016 |
| 20160182508 | IDENTITY ATTESTATION OF A MINOR VIA A PARENT | 06-23-2016 |
| 20160182510 | APPARATUS MANAGEMENT SYSTEM, APPARATUS MANAGEMENT METHOD, AND PROGRAM | 06-23-2016 |
| 20160182514 | WLAN AUTHENTICATION ACCESS CONTROL | 06-23-2016 |
| 20160182515 | MULTI-SOURCE CONTENT GENERATION | 06-23-2016 |
| 20160182519 | METHOD AND SYSTEM RELATED TO AUTHENTICATION OF USERS FOR ACCESSING DATA NETWORKS | 06-23-2016 |
| 20160182520 | METHOD, APPARATUS AND SYSTEM FOR CLIENT ACCESSING AUTHENTICATED WEB ADDRESS | 06-23-2016 |
| 20160182521 | System and Method for Associating a Universal User Identification and a Domain Specific User Identification | 06-23-2016 |
| 20160182522 | CLOUD-BASED DATA PROVIDING METHOD AND SYSTEM | 06-23-2016 |
| 20160182523 | UNIFIED IDENTITY VERIFICATION | 06-23-2016 |
| 20160183084 | Predictive Pairwise Master Key Caching | 06-23-2016 |
| 20160188898 | METHODS AND SYSTEMS FOR ROLE BASED ACCESS CONTROL IN NETWORKED STORAGE ENVIRONMENT - Methods and systems for role based access control (RBAC)) by a management device are provided. The management device communicates with a plurality of application plugins executed by one or more host computing devices through a management interface layer for managing backup, restore and clone operations involving objects that are stored on behalf of the plurality of applications by a storage system. The plurality of applications and the storage system have different RBAC requirements. The management device generates a token and the same token is used for RBAC across any of the applications and the storage system. | 06-30-2016 |
| 20160191485 | SYSTEMS AND METHODS FOR SITE DATA COLLECTION - A system and method for collecting, storing, maintaining and presenting data to optimize and make more efficient the installation of a communication system. A mobile device running a field application, a remote server running a server side application and data storage are employed in the system. A subset of these systems can be used in some use cases. The disclosed system may display, generate reports and download the collected data to facilitate installation of the communications system. The system may also provide an API to retrieve the collected data. | 06-30-2016 |
| 20160191489 | METHOD FOR ASSIGNING AN AGENT DEVICE FROM A FIRST DEVICE REGISTRY TO A SECOND DEVICE REGISTRY - An agent device is registered in a first device registry maintained by a first registry apparatus for authenticating agent devices for communicating with application providing apparatuses. The agent device can be assigned to a second device registry maintained by second registry apparatus. The method of assignment comprises the first registry apparatus receiving from a requestor device a device assignment request. In response to the device assignment request, the first registry apparatus checks whether the agent device is allowed to be assigned to the second device registry, and if so, the agent device transmits second authentication information for authenticating the identity of the agent device to the second registry apparatus which registers this in the second device registry. | 06-30-2016 |
| 20160191490 | IDENTIFY A RADIO FREQUENCY EMITTING DEVICE BY MAC ADDRESS - A computer system reports “logical usage pattern data” and location information in a Device Report; in addition, another computer system reports MAC addresses associated with mobile device in Network Device reports; the Device Reports and Networks Reports are correlated based on various factors; if a set of Device Reports and Network Reports correlate, then a Device Identifier is created and sent to the corresponding mobile device; the Device Identifier may then be used to identify the mobile device, such as when the MAC address is inaccessible. The Device Identifier may be associated with other devices used by the user of the mobile device. | 06-30-2016 |
| 20160191491 | SINGLE LOGIN PROCEDURE FOR ACCESSING SCOIAL NETWORK INFORMATION ACROSS MULTIPLE EXTERNAL SYSTEMS - A social networking system contains information describing users of the social network and various connections among the users. A user can access multiple external systems that communicate with the social networking system to access information about the users of the social networking system. Login status of the user account on the social networking system is maintained. If the login status of the user account on the social networking system indicates that the user is not logged in, the user is required to provide authentication information. If the login status of the user account indicates that the user is logged in, social network information is provided to the user via an external system, subject to the privacy settings of users of the social networking system. If the user logs out from an external system, the user is also logged out from the social networking system. | 06-30-2016 |
| 20160191514 | SECURE TRANSACTION AND ACCESS USING INSECURE DEVICE - The present invention enables secure transactions or access using insecure endpoint devices, such as computers, tablets and smart-phones. These insecure devices are potentially compromised with malicious software that may attack the user in every possible way. The present invention does not pretend to prevent malware. Instead, malware attacks against secure transactions and access are made obsolete. The present invention includes data, directly connected to transaction or access request to Relying-Party-Service-Provider, into authentication process of Identity-as-a-Service Provider. The present invention includes user authentication using mobile phone vs. Identity-Management-as-a-Service provider. The present invention also includes entering request for secure transaction or access to Relying-Party-Service-Provider, using insecure device. The present invention also includes two-way communication between Relying-Party-Service-Provider and Identity-Management-as-a-Service. The advantages of the present invention include, without limitation, that it is resilient to malware attack. | 06-30-2016 |
| 20160191523 | SERVICE AUTHORITY DETERMINATION METHOD AND DEVICE - Provided are a service authority determination method and device. The method comprises: receiving a web (Web) application identifier sent by access equipment; and sending the Web application identifier to an application server (AS), so that according to a service authority policy corresponding to the Web application identifier and service subscription data of a user equipment (UE), the AS determines a service authority of the UE. | 06-30-2016 |
| 20160191525 | PROTECTING SUPERVISOR MODE INFORMATION - Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode. | 06-30-2016 |
| 20160191527 | Method for Operating a Security Element - A method for operating a security element, preferably in the form of a chip card, having a processor, and a memory. stores an operating system comprising an operating-system kernel and at least one additional operating-system module for supplying optional operating-system functionalities, and at least one access permission associated with the operating-system module and determining whether the operating-system module can be accessed during operation of the security element. The method comprises the step of changing the access permission for the operating-system module for supplying optional operating-system functionalities in reaction to the receiving of a message from a server. The message from the server may be an OTA message sent from the server to the security element via a mobile radio network. | 06-30-2016 |
| 20160191528 | REQUEST-SPECIFIC AUTHENTICATION FOR ACCESSING WEB SERVICE RESOURCES - Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource. | 06-30-2016 |
| 20160191530 | TECHNOLOGIES FOR ACCESS CONTROL - Technologies for performing access control include a computing device that parses a network packet received by the computing device to identify an n-tuple of a header of the network packet, wherein the n-tuple is associated with one or more access control rules. The computing devices determines a bitmask associated with an access control rule of a virtual machine of the computing device and applies the determined bitmask to the n-tuple of the network packet to generate a masked n-tuple. Further, the computing device generates a hash of the masked n-tuple and compares the generated hash to a reference hash associated with the access control rule to identify a match. The computing device performs an access control action in response to identifying a match between the generated hash and the reference hash. | 06-30-2016 |
| 20160191532 | SYSTEMS FOR NETWORK RISK ASSESSMENT INCLUDING PROCESSING OF USER ACCESS RIGHTS ASSOCIATED WITH A NETWORK OF DEVICES - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network risk assessment. One of the methods includes obtaining information describing network traffic between a plurality of network devices within a network. A network topology of the network is determined based on the information describing network traffic, with the network topology including nodes connected by an edge to one or more other nodes, and with each node being associated with one or more network devices. Indications of user access rights of users are associated to respective nodes included in the network topology. User interface data associated with the network topology is generated. | 06-30-2016 |
| 20160191533 | METHOD, APPARATUS, AND SYSTEM FOR RESTRICTING ACCESS - Techniques for restricting access to sensitive application(s) or data to a limited physical area are disclosed. Various embodiments are described in which a tethering station and a wireless storage controller communicate with each other over a radio link. The tethering station can be secured such that the tethering station's location restricts the range within which the wireless storage controller is allowed to enable access to a mobile storage controlled by the wireless storage controller. This restricts access to the application and/or the application stored in the mobile storage to a limited area through radio tethering. | 06-30-2016 |
| 20160191534 | Methods and Systems for Managing Permissions to Access Mobile Device Resources - In an electronic device, a first application sends a request to a second application for access by the first application to a resource of the electronic device, wherein the first and second applications run on an operating system of the electronic device. In response to the first request, the second application is used to ask a user of the electronic device for permission for the first application to access the resource. A first user input is received, providing permission for the first application to access the resource. In response to the first user input, the second application is used to grant permission to the first application to access the resource. | 06-30-2016 |
| 20160191536 | Access Requests at IAM System Implementing IAM Data Model - Systems and methods are provided for provisioning access rights to physical computing resources using an IAM system implementing an IAM data model. The IAM data model may identify logical and physical computing resources. An access request handler may receive an access request and identify a set of logical permissions based on the access request. The access request handler may derive a set of logical entitlements based on the set of logical permissions. An entitlement translator may translate the set of logical entitlements to a physical entitlement specification based on a set of physical permission specifications associated with the set of logical permissions. A physical permission specification may be obtained by mapping a logical permission to one or more physical permissions. An access control manager may then provision access rights to at least one physical computing resource indicated in the physical entitlement specification. | 06-30-2016 |
| 20160191538 | CROSS PLATFORM SOCIAL NETWORKING AUTHENTICATION SYSTEM - Disclosed in one example is a method of authenticating with multiple social network services. The method may include storing first authentication information associated with a user for a first social networking service using at least one computer processor, receiving second authentication information associated with the user for a second social networking service from a social networking application, and sending to the social networking application the first authentication information. The first authentication information may enable the social networking application to utilize a protected application programming interface call for the first social networking service and the second authentication information may enable the social networking application to utilize a protected application programming interface call for the second social networking service. | 06-30-2016 |
| 20160191540 | AUTHENTICATION BASED ON PROXIMATE DEVICES - In one embodiment, a computer-implemented method includes, in response to an attempt by a user to perform a transaction using a computing device, accessing a communication device connected to the computing device. A presence of one or more nearby devices, with respect to the computing device, is detected through use of the communication device connected to the computing device. A mapping of nearby devices to trust levels may be applied to the one or more nearby devices. In the mapping, each group of one or more nearby devices maps to a trust level of two or more trust levels. An assigned trust level for the transaction is determined, by a computer processor, based on applying the mapping of nearby devices to trust levels. The mapping of nearby devices to trust levels is modified based on the one or more nearby devices detected. The modified mapping is used for future transactions. | 06-30-2016 |
| 20160191541 | METHOD AND SYSTEM FOR NETWORK VALIDATION OF INFORMATION - Embodiments of the present application relate to a method for network validation of information, a system for network validation of information, and a computer program product for network validation of information. A method for network validation of information is provided. The method includes receiving verification information from a user, the verification information including a plurality of verification fields, determining a verification sequence of the plurality of verification fields based on a verification rule configuration and a verification scoring table, verifying a current verification field according to the verification sequence, verifying a next verification field in the event that the verification of the current verification field succeeds, and terminating verification in the event that the verification of the current verification field fails. | 06-30-2016 |
| 20160191590 | Methods and Systems for Dynamic Creation of Hotspots for Media Control - Methods, systems, and/or devices for controlling media presentation at a shared media presentation system are described herein. In one aspect, a first electronic device detects user input requesting to indicate availability of a media presentation system for use by one or more other electronic devices. In response to detecting the user input, the first electronic device transmits an indication of availability of the media presentation system for use by the one or more other electronic devices. The first electronic device also receives, from a second electronic device of the one or more other electronic devices, a request for access to the media presentation system. In response to receiving the request, the first electronic device transmits, to the second electronic device, an authentication token that allows the second electronic device to access the media presentation system through submission of media control requests that include the authentication token. | 06-30-2016 |
| 20160191969 | SYSTEM AND METHOD FOR DELEGATED AUTHENTICATION AND AUTHORIZATION - The present invention provides a method for providing services to a presentation device. The method comprises detecting a service delivery module in a communication system using a communication device and performing an authentication and authorization session between the service delivery module and the communication device, wherein user authentication and authorization is created. The method further comprises connecting to a service information module in said communication system to access services; providing a service request from said communication device to said service information module and initiating a service delivery session with said service information module using said user authentication and authorization information and said service request. Moreover, the method comprises delivering at least one service to said presentation device based on said service request. The present invention further provides a communication system for providing at least one service to a presentation device. | 06-30-2016 |
| 20160192195 | OFFLINE ACCESS NETWORK DISCOVERY AND SELECTION FUNCTION (ANDSF) PROVISIONING USING NEAR FIELD COMMUNICATIONS (NFC) - Described herein are architectures, platforms and methods for obtaining a subscriber policy by a no-data-connectivity portable device to have wireless connectivity using a non-3GPP network. | 06-30-2016 |
| 20160192197 | MULTIMEDIA MESSAGE SERVICE METHOD AND SYSTEM - Disclosed is a method of sharing multimedia contents, by a server, including storing the multimedia contents, receiving an establishment request configured to establish one of a plurality of access modes for the multimedia contents from a first terminal, establishing an access mode according to the establishment request for the multimedia contents, receiving an access request for the multimedia contents stored in the server from at least one second terminal, determining whether the at least one second terminal is allowed to access the multimedia message based on the access mode, and transmitting the multimedia contents, wherein the access mode includes at least one of a private mode for access by only the first terminal, a restricted mode for access by the at least one second terminal, and a public mode for access by all terminals. | 06-30-2016 |
| 20160197904 | ACCOUNT ASSOCIATION SYSTEMS AND METHODS | 07-07-2016 |
| 20160197910 | ROLE-BASED ACCESS TOOL | 07-07-2016 |
| 20160197911 | SINGLE SIGN ON WITH MULTIPLE AUTHENTICATION FACTORS | 07-07-2016 |
| 20160197916 | METHOD AND APPARATUS FOR A WEARABLE BASED AUTHENTICATION FOR IMPROVED USER EXPERIENCE | 07-07-2016 |
| 20160197918 | DEVICE, SYSTEM, AND METHOD OF PASSWORD-LESS USER AUTHENTICATION AND PASSWORD-LESS DETECTION OF USER IDENTITY | 07-07-2016 |
| 20160197923 | SECURE, UNINTERRUPTED OPERATION OF MOBILE DEVICES | 07-07-2016 |
| 20160197926 | MULTI-TENANCY GOVERNANCE IN A CLOUD COMPUTING ENVIRONMENT | 07-07-2016 |
| 20160197927 | NETWORK ACCESS METHOD, PROXIMITY COMMUNICATIONS SERVER, RELAY TERMINAL AND TERMINAL | 07-07-2016 |
| 20160197929 | AUTHENTICATED INFORMATION EXCHANGE | 07-07-2016 |
| 20160197930 | CENTRALIZED SELECTIVE APPLICATION APPROVAL FOR MOBILE DEVICES | 07-07-2016 |
| 20160197932 | VEHICLE MODULE UPDATE, PROTECTION AND DIAGNOSTICS | 07-07-2016 |
| 20160197939 | Segment Authentication for Dynamic Adaptive Streaming | 07-07-2016 |
| 20160203157 | SHARING INFORMATION BETWEEN TENANTS OF A MULTI-TENANT DATABASE | 07-14-2016 |
| 20160203315 | SYSTEM AND METHOD FOR GRANTING ACCESS TO SECURED ENVIRONMENTS | 07-14-2016 |
| 20160205035 | SERVER RATING SYSTEM FOR AUTHORIZING AND ENTITLING SERVERS TO TRASFER DATA | 07-14-2016 |
| 20160205083 | SYSTEM AND METHOD FOR PREVENTING UNAUTHORIZED ACCESS TO RESTRICTED COMPUTER SYSTEMS THROUGH THE USE OF A WIRELESS TRANSMITTER AND RECEIVER | 07-14-2016 |
| 20160205100 | SECURELY AUTHORIZING ACCESS TO REMOTE RESOURCES | 07-14-2016 |
| 20160205102 | Secure Remote Authentication of Local Machine Services Using a Self Discovery Network Protocol | 07-14-2016 |
| 20160205104 | RELATIONSHIP-BASED AUTHORIZATION | 07-14-2016 |
| 20160205108 | IDENTITY MANAGEMENT AND AUTHENTICATION SYSTEM FOR RESOURCE ACCESS | 07-14-2016 |
| 20160205111 | SHAREABLE CONTENT ITEM LINKS WITH USE RESTRICTIONS | 07-14-2016 |
| 20160205113 | Method For Sharing A Media Collection In A Network Environment | 07-14-2016 |
| 20160205547 | METHOD AND SYSTEM TO ENABLE SECURE COMMUNICATION FOR INTER-ENB TRANSMISSION | 07-14-2016 |
| 20160205552 | Authentication Via Motion of Wireless Device Movement | 07-14-2016 |
| 20160253511 | Identities and Permissions | 09-01-2016 |
| 20160253521 | SECURE AND PRIVATE DATA STORAGE | 09-01-2016 |
| 20160255066 | METHOD AND APPARATUS FOR DETERMINING INTEGRITY OF DATA FEED FOR INTERNET OF THINGS | 09-01-2016 |
| 20160255071 | COMPUTERIZED METHOD AND SYSTEM FOR MANAGING AN EMAIL INPUT FACILITY IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT | 09-01-2016 |
| 20160255072 | INSTRUCTION INFORMATION TRANSMISSION AND RECEPTION METHODS AND DEVICES THEREOF | 09-01-2016 |
| 20160255078 | METHOD AND SYSTEM FOR VERIFYING AN ACCOUNT OPERATION | 09-01-2016 |
| 20160255081 | System, Device And Method For Network Authorization Based On No Password Or Random Password | 09-01-2016 |
| 20160255083 | Internet Of Things Security | 09-01-2016 |
| 20160255085 | RULE-BASED APPLICATION ACCESS MANAGEMENT | 09-01-2016 |
| 20160255086 | ACCESS CONTROL THROUGH DYNAMIC GROUPING | 09-01-2016 |
| 20160255089 | METHODS OF ENABLING INTER-ORGANIZATIONAL AND PUBLIC SOCIAL COLLABORATION | 09-01-2016 |
| 20160255090 | Method and system for securely updating a website | 09-01-2016 |
| 20160255091 | SHARING CONTENT IN SOCIAL NETWORKS | 09-01-2016 |
| 20160255096 | RESOURCE-CENTRIC AUTHORIZATION SCHEMES | 09-01-2016 |
| 20160255102 | SYSTEMS, METHODS, AND APPARATUS FOR SECURING USER DOCUMENTS | 09-01-2016 |
| 20160255106 | DYNAMIC AND SELECTIVE RESPONSE TO CYBER ATTACK FOR TELECOMMUNICATIONS CARRIER NETWORKS | 09-01-2016 |
| 20160378880 | METHOD AND APPARATUS TO PERFORM ONLINE CREDENTIAL REPORTING - Embodiments of the invention provide a process for displaying a graphical indicator on an Internet enabled device which conveys relationships between an entity associated with a website and third party entities with respect to the website entity. One example method may include obtaining the relationship data from a credential service provider, using a portion of a uniform resource identifier as a key to access the relationship data on the credential service provider, and rendering a representation of the relationship data, wherein the rendering of the relationship data is performed in a graphical user interface of a web browser, and wherein the web browser displays a rendering of the representation of the relationship data such that there is a relationship between an entity associated with the uniform resource identifier and a third party entity. | 12-29-2016 |
| 20160378940 | CLOUD COMPUTING ENVIRONMENT FOR BIOLOGICAL DATA - The present invention provides a novel approach for storing, analyzing, and/or accessing biological data in a cloud computing environment. Sequence data generated by a particular sequencing device may be uploaded to the cloud computing environment during a sequencing run, which reduces the on-site storage needs for the sequence data. Analysis of the data may also be performed in the cloud computing environment, and the instructions for such analysis may be set at the originating sequencing device. The sequence data in the cloud computing environment may be shared according to permissions. Further, the sequence data may be modified or annotated by authorized secondary users. | 12-29-2016 |
| 20160379001 | Role Analyzer and Optimizer in Database Systems - Particular embodiments provide a system that analyzes and optimizes roles and authorizations for users of a customer. The system determines which executables have been used by users in the system over a certain time period. Thereafter, the system analyzes and optimizes authorizations within the assigned roles for the users. The authorizations for the roles assigned to the user are then analyzed. The vendor roles typically have redundant authorizations, some of which may be used and some not used. The system can then generate a new customer role for the user with the used authorizations combined into the new role. For example, the authorizations used by the user are combined into the new customer role. This reduces the number of roles the user has assigned to him/her, and also the number of authorizations. Also, the new customer role may be added to other users with the same role at the customer. | 12-29-2016 |
| 20160379006 | UICCs EMBEDDED IN TERMINALS OR REMOVABLE THEREFROM - The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications. | 12-29-2016 |
| 20160380976 | Single Solution for User Asset Control - A system provides a way for a person to control access to digital assets, including financial accounts, through a common gateway that can interact on the person's behalf with service providers that manage the digital assets. Brokers may act as intermediaries between the gateway and the service providers, providing a common interface to the gateway and a specific interface to a service provider. Trigger events can cause the gateway to interact with the service providers, causing the service providers to take a desired action. The trigger events may include notification sent by the person, timed events, and other detected events. | 12-29-2016 |
| 20160380996 | METHOD AND SYSTEM FOR DETERMINING VALUE OF AN ACCOUNT - A method for protecting stored account data from unauthorized access includes receiving data elements corresponding to an account of a user, identifying a plurality of signals in the data elements, and determining a signal value for each of the signals. The signals correspond to various characteristics of the account. The method also includes assigning a plurality of weights (according to various criteria) to at least a subset of the signal values to yield a set of weighted signal values, and using the set of weighted signal values to assign an account value to the account. The method further includes using the account value to select a security-related action or a storage-related action that corresponds to the account value, and instructing data storage facilities from which the data elements were received to automatically implement the selected security related action or the selected storage-related action. | 12-29-2016 |
| 20160381000 | SESSION ACTIVITY TRACKING FOR SESSION ADOPTION ACROSS MULTIPLE DATA CENTERS - Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers. | 12-29-2016 |
| 20160381013 | METHODS AND APPARATUS FOR ALLOWING USERS TO CONTROL USE AND/OR SHARING OF IMAGES AND/OR BIOMETRIC DATA - Methods and apparatus for allowing an individual to preserve his/her privacy and control the use of the individual's images and/or personal information by other, without disclosing the identity of the individual to others, are described. In various embodiments the individual seeking privacy provides his/her identifying information, images, and sharing preferences indicating desired level of privacy to a control device which is then stored in a customer record. The control device can be queried to determine if an image or other information corresponds to a user who has restricted use of his/her image or other information in a public manner. Upon receiving a query the control device determines using the stored customer record whether an individual has authorized use of his or her image. Based upon the determination a response is sent to the querying device indicating whether the use of the image and/or individual's information is authorized. | 12-29-2016 |
| 20160381019 | Diameter Redirect Between Client and Server - A technique redirects a Diameter client command from a first server that has become unavailable to a second server consistent with a Diameter protocol. A method includes identifying a first authentication server as unavailable based on a redirect indication received from a second authentication server via a routing agent in response to a request for authentication of a user to the first authentication server. The method includes authenticating the user by the second authentication server in response to a subsequent request for authentication of the user to the second authentication server. The subsequent request for authentication includes an indication of a failure of the first authentication server. The method may include establishing a first service session in response to authenticating the user by the first authentication server and maintaining the first service session using the IP address of the first service session while the second authentication server authenticates the user. | 12-29-2016 |
| 20160381024 | TEMPORARY PROCESS DEPRIVILEGING - There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource;determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine. | 12-29-2016 |
| 20160381025 | AD HOC END-TO-END AUTHENTICATION AND AUTHORIZATION OF LOGISTICS NETWORK SERVICES - Using a mobile solution as described, external logistics providers can be readily on-boarded into a logistics network and identified as trusted providers at a customer or other transport participant site. For example, an electronic authentication token can be provided to a first mobile device of an external logistics provider operator to authorize the external logistics provider operator for a specific transport assignment. When a request for verification is received from an other transport participant in the transport assignment a server can verify that the external logistics provider operator is registered and authenticated for the transport assignment, and notify the other transport participant via a confirmation message to a second mobile device used by the transport participant. | 12-29-2016 |
| 20160381026 | METHOD FOR PROVIDNG A SECURE MODE FOR MOBILE DEVICE APPLICATIONS - Method for providing a secure mode for mobile applications including: configuring which applications should be available in secure mode; defining in the mobile operating system kernel, rules and privileges for applications defined for the secure mode; checking continuously if the secure mode is enabled by the user; if the security mode is enabled by the user, then the operating system kernel searches all processes and applications running on the operating system, suspend) the system applications not configured to be available in secure mode, hides the protected application, restricts inter-process communications and enforce privilege escalation events and enables access to application files protected by the protected application user Id; and if the security mode is disabled by the user, then the kernel releases all processes and applications that were stopped by the secure mode and denies any access to the protected application files. | 12-29-2016 |
| 20160381029 | OFF-SITE USER ACCESS CONTROL - Systems and methods are described for off-site user access control to communications services via a site-based communications network. Embodiments operate in context of sites, each having one or more site-based networks in communication with external networks via one or more on-site routers. User devices are provided with controlled access to those external networks via wired or wireless connections between those user devices and the site based networks. In some embodiments, on-site routers maintain route maps that indicate which user devices are authorized. Standard routing functions are used so that traffic from authorized devices is routed normally, while traffic from unauthorized devices is automatically forwarded to an off-site (e.g., cloud-based) authentication system. As devices become remotely authenticated, the off-site authentication system can remotely update route maps of the on-site routers to add those devices. | 12-29-2016 |
| 20160381032 | CONTROLLING USER ACCESS TO COMMAND EXECUTION - Techniques are described for providing users with access to perform commands on network-accessible computing resources. In some situations, permissions are established for user(s) to execute command(s) on computing node(s) provided by an online service, such as by maintaining various permission information externally to those provided computing nodes for use in controlling users' ability to access, use, and/or modify the provided computing nodes. An interface component may use such external permissions information to determine if a particular user is authorized to execute one or more particular commands on one or more particular computing nodes, and to initiate simultaneous and independent execution of the command(s) on the computing node(s) when authorized. The interface component may further aggregate results from each computing node that executed the command(s), prior to providing the results to the user. | 12-29-2016 |
| 20160381035 | Management of data of user groups and maintenance of communication thereof - Methods and devices for management of group user data and/or maintenance of instant messaging groups. The methods may include receiving, by a computing device, a request for searching data of a first group user. For example, the request is initialized by a second group user via an instant messaging application. The computing device may determine a data search permission of the second group user on the data of the first group user, select a data item of the first group user in accordance with the data search permission, and return the data item to the second group user. Using techniques described herein, the implementations may enable users to view group contacts and perform access control to improve security of the group data and to avoid leakage of communication information of group users. | 12-29-2016 |
| 20160381036 | RESOURCE RESTRICTION - In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a restriction associated with a resource of the environment, a monitor engine to maintain resource utilization information, and a control engine to limit execution of the procedure based on the restriction and the resource utilization information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a restriction associated with a resource of the environment, receiving a procedure to access the set of data, ascertaining resource utilization information, and providing a view of the set of data based on the restriction and the resource utilization information. | 12-29-2016 |
| 20160381037 | DATA LOSS PREVENTION FOR MOBILE COMPUTING DEVICES - System calls to a kernel of a mobile computing device are monitored. A particular system call is intercepted relating to input/output (I/O) functionality of the mobile computing device. A data loss prevention (DLP) policy is identified that is applicable to the particular system call. An action is performed on the particular system call based at least in part on the DLP policy. | 12-29-2016 |
| 20160381219 | Multifunction Wireless Device - A communication device and system are disclosed for providing communication and data services to residents of a controlled facility. The device can be restricted to communicating only using an interact protocol so as to restrict the device communication to an internal intranet. Wireless access points may be disposed throughout the environment to route calls and data between the device and a central processing center. By converting a protocol of the communications received from the device to a protocol used by the central processing center, minimal modifications to the central processing center are needed to support a wireless communication infrastructure. Many restrictions and safeguards may be implemented within the phone and system in order to prevent improper use. | 12-29-2016 |
| 20160381557 | CONTROLLING MOBILE DEVICE ACCESS WITH A PAIRED DEVICE - Embodiments of the disclosure relate to controlling access to a mobile device with a paired device. Aspects include pairing the paired device with the mobile device and defining a security profile for the mobile device. Aspects also include receiving a user access request for a desired action via the mobile device and determining signal strength between the paired device and the mobile device. Aspects further include executing the desired action based on a determination that the signal strength is greater than a threshold in the security profile for the desired action. | 12-29-2016 |
| 20160381560 | SYSTEMS AND METHODS FOR DERIVATIVE FRAUD DETECTION CHALLENGES IN MOBILE DEVICE TRANSACTIONS - The disclosed embodiments include systems, methods, and computer-readable media configured to provide mobile device transaction security. The techniques described in the disclosed embodiments may be used to verify a mobile device user by providing derivative fraud protection challenges. Thus, the techniques may be used to improve identification and verification of users during mobile transactions. As a result, the disclosed embodiments improve mobile security and user experience as well as enhance access control. | 12-29-2016 |
| 20170235924 | System and Network for Controlling Content and Accessibility | 08-17-2017 |
| 20170237724 | SYSTEM AND METHOD FOR TRAVERSING A NAT DEVICE WITH IPSEC AH AUTHENTICATION | 08-17-2017 |
| 20170237727 | SYSTEM AND METHOD FOR A SINGLE FIELD BASED AUTHENTICATION | 08-17-2017 |
| 20170237733 | APPARATUS AND METHOD TO CONTROL TRANSFER APPARATUSES DEPENDING ON A TYPE OF AN UNAUTHORIZED COMMUNICATION OCCURRING IN A NETWORK | 08-17-2017 |
| 20170237736 | PRIVATE INFORMATION MANAGEMENT SYSTEM AND METHODS | 08-17-2017 |
| 20170237738 | METHOD AND APPARATUS FOR TRACKING DATA ACCESS ROUTE | 08-17-2017 |
| 20170237741 | DYNAMIC RECORD IDENTIFICATION AND ANALYSIS COMPUTER SYSTEM WITH EVENT MONITORING COMPONENTS | 08-17-2017 |
| 20170237742 | Methods, Devices and Management Terminals For Establishing a Secure Session With a Service | 08-17-2017 |
| 20170237743 | Managing Private and Public Service Set Utilization | 08-17-2017 |
| 20170237748 | Geographic Filter For Regulating Inbound and Outbound Network Communications | 08-17-2017 |
| 20170237765 | METHODS AND SYSTEMS FOR IMPLEMENTING A PHISHING ASSESSMENT | 08-17-2017 |
| 20170237774 | PROTECTION AGAINST REROUTING A COMMUNICATION CHANNEL OF A TELECOMMUNICATION DEVICE HAVING AN NFC CIRCUIT AND A SECURE DATA CIRCUIT | 08-17-2017 |
| 20170237775 | METHOD FOR IMPLEMENTING ONLINE ANTI-PHISHING | 08-17-2017 |
| 20180025145 | COMPUTER-IMPLEMENTED METHOD FOR CONTROLLING ACCESS | 01-25-2018 |
| 20180025147 | SYSTEMS AND METHODS FOR SENSOR-BASED LAYER VARIATION ON MOBILE DEVICES | 01-25-2018 |
| 20180025173 | ENTITY SECURITY IMPLIED BY AN ASSET IN A REPOSITORY SYSTEM | 01-25-2018 |
| 20180025176 | MEMBER INFORMATION MANAGEMENT SYSTEM AND MEMBER INFORMATION MANAGEMENT PROGRAM | 01-25-2018 |
| 20180025304 | FLEET MANAGEMENT SYSTEM FOR PORTABLE MAINTENANCE TOOLS | 01-25-2018 |
| 20180026679 | METHOD FOR PROCESSING DATA BY MEANS OF AN ELECTRONIC DATA-ACQUISITION DEVICE, CORRESPONDING DEVICE AND PROGRAM | 01-25-2018 |
| 20180026804 | APPLYING USER-SPECIFIED PERMISSIONS TO DISTRIBUTION OF CONTENT ITEMS TO SOCIAL NETWORKING SYSTEM USERS | 01-25-2018 |
| 20180026944 | ASSESSING RISK ASSOCIATED WITH FIREWALL RULES | 01-25-2018 |
| 20180026954 | TWO-FACTOR AUTHENTICATION FOR USER INTERFACE DEVICES IN A PROCESS PLANT | 01-25-2018 |
| 20180026955 | DETECTION OF AUTHORIZATION ACROSS SYSTEMS | 01-25-2018 |
| 20180026956 | Environment-Aware Security Tokens | 01-25-2018 |
| 20180026957 | Securely Authorizing Access to Remote Resources | 01-25-2018 |
| 20180026958 | FAST-ACCESSING METHOD AND APPARATUS | 01-25-2018 |
| 20180026982 | UNIFIED AUTHENTICATION METHOD FOR APPLICATION IN TRUNKING SYSTEM, SERVER AND TERMINAL | 01-25-2018 |
| 20180026984 | ACCESS AUTHENTICATION FOR CLOUD-BASED SHARED CONTENT | 01-25-2018 |
| 20180026986 | DATA LOSS PREVENTION SYSTEM AND DATA LOSS PREVENTION METHOD | 01-25-2018 |
| 20180026989 | SYSTEMS AND METHODS FOR PROCESSING ACCESS PERMISSION TYPE-SPECIFIC ACCESS PERMISSION REQUESTS IN AN ENTERPRISE | 01-25-2018 |
| 20180026992 | VIRTUAL NETWORK FUNCTION (VNF) HARDWARE TRUST IN A NETWORK FUNCTION VIRTUALIZATION (NFV) SOFTWARE DEFINED NETWORK (SDN) | 01-25-2018 |
| 20180027012 | TECHNOLOGIES FOR PREVENTING MAN-IN-THE-MIDDLE ATTACKS IN SOFTWARE DEFINED NETWORKS | 01-25-2018 |
| 20190147181 | User Programmatic Interface for Supporting Data Access Control in a Database System | 05-16-2019 |
| 20190147183 | User Programmatic Interface for Supporting Data Access Control in a Database System | 05-16-2019 |
| 20190149453 | SYSTEM FOR REROUTING ELECTRONIC DATA TRANSMISSIONS BASED ON GENERATED SOLUTION DATA MODELS | 05-16-2019 |
| 20190149499 | Authenticating and confidence marking e-mail messages | 05-16-2019 |
| 20190149519 | METHOD AND APPARATUS FOR PHYSICAL LAYER SECURITY IN LOW POWER WIRELESS SENSOR NETWORKS | 05-16-2019 |
| 20190149533 | LICENSING AUTHENTICATION VIA INTERMEDIARY | 05-16-2019 |
| 20190149534 | AUTOMATED IDENTITY ASSESSMENT METHOD AND SYSTEM | 05-16-2019 |
| 20190149540 | SERVICE PROVISION SYSTEM, SERVICE PROVISION METHOD, VERIFICATION DEVICE, VERIFICATION METHOD, AND COMPUTER PROGRAM | 05-16-2019 |
| 20190149546 | ENHANCED PERMISSIONS FOR ENABLING RE-PURPOSING OF RESOURCES WHILE MAINTAINING INTEGRITY | 05-16-2019 |
| 20190149547 | Dual Binding | 05-16-2019 |
| 20190149548 | SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS FOR INFORMATION INTEGRATION ACROSS DISPARATE INFORMATION SYSTEMS | 05-16-2019 |
| 20190149549 | COLLABORATION BASED ACCESS CONTROL LIST (ACL) | 05-16-2019 |
| 20190149551 | METHOD FOR CONTROLLING AN ELECTRONIC DISPLAY | 05-16-2019 |
| 20190149592 | Security Tokens for a Multi-Tenant Identity and Data Security Management Cloud Service | 05-16-2019 |
| 20190149601 | DEVICE LIST SYNCHRONIZING METHOD AND APPARATUS, DEVICE, AND COMPUTER STORAGE MEDIUM | 05-16-2019 |
| 20190149994 | Methods and Systems to Detect Rogue Hotspots | 05-16-2019 |
| 20220141035 | SECURE MULTI-PARTY COMPUTATION ATTRIBUTION - Secure multi-party computations may be used to get attribution results without compromising user privacy. A content provider and an advertiser may each sign a calculation indicating that they wish to share data using a secure multi-party computation. A measurement company may sign the calculation indicating that the measurement company has evaluated the computation and that the computation will protect user privacy. A user device may confirm with the verification service that all parties have signed the calculation. The user device may transmit one-time identifiers to the measurement company, which allows impression data and conversion data stored by the content provider and the advertiser to be linked. The content provider, the advertiser, and the measurement company may perform the secure multi-party computation, which allows the advertiser to evaluate attribution results without accessing the user data stored by the content provider. | 05-05-2022 |
| 20220141204 | NETWORK ENCRYPTION METHOD - This invention involves an encryption method that is mainly applied to network. The network could be both wireless or wired, the former is connected through a wireless router, and the latter is connected through a router. When the network receives a message requesting connection from at least one new networking device, it can authenticate and authorize the message through the key to form a fixed connection with the network, and at the same time, at least one connected device to the network can update the password connected to the network synchronously, or at least one connected device connected to the network can update the password connected to the network at any time, so as to improve the performance of network security and avoid hacking. | 05-05-2022 |
| 20220141229 | GENERATED STORY BASED AUTHENTICATION UTILIZING EVENT DATA - A method for a story fill authentication process includes, responsive to receiving a first authentication request to authenticate a user, displaying a first generated story with one or more obfuscated portions, where the first generated story is based on event data associated with a first previously captured event and additional data utilized to enrich the event data for the first previously captured event. The method also includes, responsive to determining text provided for the one or more obfuscated portions of the first generated story at least meets a comparison threshold level to a first complete generated story based on a semantic comparison, granting the user access to a resource associated with the first authentication request. | 05-05-2022 |
| 20220141231 | Blockchain-Based Commercial Inventory Systems And Methods - A blockchain of block entries that can be requested by users from user devices is maintained in a distributed network of nodes. Block entries include a plurality of data portions that are each associated with an access level. A request from an auditor to view one or more data portions of a block entry can includes an access code associated with at least one access level can be evaluated to identify one or more data portions associated with the access level. A customized view of the block entry which includes the one or more data portions associated with the access level can be generated. An artificial intelligence engine can review entries within the distributed ledger, identify earnings information associated with the sales of the commercial inventory, determine tax based on earning information, and pay the tax via fiat or cryptocurrency to government authorities based on earnings information. | 05-05-2022 |
| 20220141665 | OPENROAMING AUGMENTATION METHOD FOR EAP FAILURES - The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device. | 05-05-2022 |
| 20220141755 | Wireless Gateway Supporting Public and Private Networks - An interface device may provide a first wireless network and a second wireless network in a user's premise. The interface device may encourage some user devices to connect to the second wireless network without controlling the user devices. For example, the interface device may receive a request from a device to access its first wireless network. The interface device may then determine whether the device is a premise device by, for example, searching a database of device registration information. The interface device may determine that the device is a premise device and deny the request to access the first wireless network. The device may then be available to access the second wireless network. | 05-05-2022 |
