| 10th week of 2015 patent applcation highlights part 88 |
| Patent application number | Title | Published |
|---|
| 20150067757 | Moving image viewing apparatus - A moving image viewing apparatus or system automatically records all available broadcast programs simultaneously on air even if power a switch off. A list of the broadcast programs simultaneously on air is displayed for selection with the power switch on. The system retrieves a selected broadcast program during the preceding part of the same broadcast program is being recorded. Such a broadcast program as has started to record on the way or given up in midstream is disposed not to be retrieved. The system allows the memory to automatically overwrite the recorded broadcast program with a new one after the recorded broadcast program has been retrieved to the end. Also unselected broadcast program is allowed to be automatically overwritten with a new one after the on air of the broadcast program is over. The overwritten can be inhibited if a user wants to save the broadcast program. | 2015-03-05 |
| 20150067758 | METHODS FOR CONTENT SHARING UTILIZING A COMPATIBILITY NOTIFICATION TO A DISPLAY FORWARDING FUNCTION AND ASSOCIATED DEVICES - Method in an audiovisual programme receiver-decoder client device, the method using a function for providing notification of capability specific to a standardised display forwarding function to inform a remote item of equipment of the capability of the device to transmit an item of content. The method comprises a step of insertion of information elements into a link layer of a communication interface of the device, a step of reception of an item of information from a second remote device connected to the interface by a direct point-to-point link, a step of configuration of the control of the reception and/or reproduction of an item of audiovisual content received by the device using the item of information representative of a remote command and a step of insertion of data adapted to the insertion of a coded, received item of audiovisual content into frames inserted into a data stream transmitted at the MAC link layer of the interface to the remote device connected via the intermediary of the link. | 2015-03-05 |
| 20150067759 | SYSTEM AND METHOD FOR IMPLEMENTING DATA MIGRATION WHILE PRESERVING SECURITY POLICIES OF A SOURCE FILER - A data migration system in which security policies of a source file system are preserved, in an environment in which clients actively issue communications for the source filer while data is migrated to a destination file system. | 2015-03-05 |
| 20150067760 | CONFORMING PASSWORDS TO A PASSWORD POLICY - An apparatus, program product, and method are disclosed for receiving a password entered by a user, the password not conforming to one or more requirements of a password policy, manipulating the password to create one or more compliant passwords conforming to the one or more requirements of the password policy, and presenting a list of the one or more compliant passwords to the user wherein a compliant password is selectable by the user. | 2015-03-05 |
| 20150067761 | MANAGING SECURITY AND COMPLIANCE OF VOLATILE SYSTEMS - An inventory manager optimizes the security and maintenance of a plurality of virtual machines and their workloads in a cloud environment and has: an inventory database, a workload compliance history of scanning workloads database, and a workload category database including security rules and compliance policies relating to workload category in a repository. The inventory manager identifies changes to characteristics of the workload of the plurality of virtual machines; alters the inventory database stored in the repository and maintained by the inventory manager, based on the identified changes to the characteristics of the workload of the plurality of virtual machines; and initiates security rules and compliance policies of the workload category database based on the identified changes to the characteristics of the workload of the plurality of virtual machines through a security tools program. | 2015-03-05 |
| 20150067762 | METHOD AND SYSTEM FOR CONFIGURING SMART HOME GATEWAY FIREWALL - A secured smart home system having (a) a smart-home gateway with a firewall protection; (b) plurality of appliances connected to the gateway and located at a secured side of the firewall; and (c) a remote environment classification server located at a non-secured side of the firewall, for providing a firewall policy to the gateway. The gateway submits a list of the appliances to the remote environment classification server, and the classification server provides in response the firewall policy to the gateway. | 2015-03-05 |
| 20150067763 | HARDWARE AND SOFTWARE EXECUTION PROFILING - Technologies for assembling an execution profile of an event are disclosed. The technologies may include monitoring the event for a branch instruction, generating a callback to a security module upon execution of the branch instruction, filtering the callback according to a plurality of event identifiers, and validating a code segment associated with the branch instruction, the code segment including code executed before the branch instruction and code executed after the branch instruction. | 2015-03-05 |
| 20150067764 | WHITELIST-BASED NETWORK SWITCH - A whitelist-based network switch defines a whitelist and a handling rule based on an access control list, security policies, etc., and monitors and blocks network traffic based on the whitelist and the handling rule. The whitelist-based network switch includes a whitelist monitoring unit for storing a whitelist including permitted communication rules, monitoring one or more packets input through a plurality of switch interfaces based on the whitelist, and permitting communication of each packet conforming to the whitelist, and a whitelist management unit for updating the whitelist and transmitting an updated whitelist to the whitelist monitoring unit. | 2015-03-05 |
| 20150067765 | METHOD AND SYSTEM FOR UPDATING MEDIA LISTS IN PORTABLE MEDIA DEVICES - A method and apparatus for updating a media list or a media list collection of a portable media player device is disclosed herein. In various embodiments, the updates are generated by a proxy or a third party server, based at least in part on data gathered for media preferences for a user of the portable media play device and one or more other users of one or more portable media player devices. In various embodiments, the method is practiced respecting the access rights of the media files (if access rights are required). Other embodiments may also be described and claimed. | 2015-03-05 |
| 20150067766 | APPLICATION SERVICE MANAGEMENT DEVICE AND APPLICATION SERVICE MANAGEMENT METHOD - An application service management method includes: assigning permission of the application service items comprised in an application cluster to the users of the user group. Verifying an identity of the user in response to a login operation of the user via a terminal device, and determining the user group that the user belonged to, the corresponding application cluster, and application service items that the user with the permission to use, after verifying the user is a legal user. Requesting an application service provider to execute an application service item when one permitted user of the user group generates an execution operation on the application service item. In addition, obtaining an application execution interface from the application service provider and displaying the obtained application execution interface on the terminal device of the user. | 2015-03-05 |
| 20150067767 | INFORMATION PROCESSING APPARATUS THAT DISTRIBUTES SETTINGS COMPLIANT WITH SECURITY POLICY AND CONTROL METHOD THEREFOR, IMAGE PROCESSING APPARATUS AND CONTROL METHOD THEREFOR, INFORMATION PROCESSING SYSTEM AND CONTROL METHOD THEREFOR, AND STORAGE MEDIUM - An information processing apparatus that makes it possible to save time and effort expended by an administrator on distribution of settings compliant with a security policy. Whether or not an application installed in the image processing apparatus to which setting values compliant with a security policy are to be distributed can be set to the settings is determined. When it is determined that the application cannot be set to the settings, whether or not the application can be set to the settings by updating thereof is determined. When the determination result indicates that the settings can be set by updating the application, the application is updated, and the settings are distributed to the image processing apparatus. | 2015-03-05 |
| 20150067768 | ZONE POLICY ADMINISTRATION FOR ENTITY TRACKING AND PRIVACY ASSURANCE - The present invention includes entity tracking, privacy assurance, and zone policy administration technologies allowing for the creation of zone policies, including the definition of zones and managed entities, the zone policies including rules that apply to the managed entities within or in relation to the zones, and privacy policies assuring privacy of sensitive data. The technologies also provide for the definition of sensors, rule event objects, and default event objects, and for the establishment of associations between rules and managed entities, sensors, and rule event objects so as to create zone policies. Event objects may generate zone policy events or actions upon compliance with or violation of various rules of zone policy. Managed entities are defined as entities associated with mobile devices capable of location tracking and communication with zone policy servers. Entities may be persons, vehicles, animals, or any other object for which tracking and zone policy administration is of value. Zone policy may include privacy policy that may restrict access to or set access conditions for data or information. Privacy policies may be used to ensure individual managed entities and their data remain anonymous to a desired degree and that sensitive data is appropriately protected. | 2015-03-05 |
| 20150067769 | Providing Virtualized Private Network Tunnels - Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects. | 2015-03-05 |
| 20150067770 | INTER-DOMAIN REPLICATION OF SERVICE INFORMATION - An automated conversion of service information that includes endpoint addresses of service providers and security policies between independent enterprise information technology (IT) management domains is performed using a federated gateway within each of the independent enterprise IT management domains that bridges the independent enterprise IT management domains. The automated conversion of the service information allows at least one service consumer application executing within a first independent enterprise IT management domain to use a local service definition format to access at least one remote service provider application with a remote service interface defined using a different remote service definition format for execution in a second independent enterprise IT management domain. Service provider application endpoint translation is dynamically performed, in response to at least one service request for the at least one remote service provider application, using the federated gateway within each of the independent enterprise IT management domains that bridges the independent enterprise IT management domains. | 2015-03-05 |
| 20150067771 | Access Enablement Security Circuit - A system-on-chip (SoC) is provided that includes a centralized access enablement circuit for controlling access to a plurality of security features for multiple hardware modules of the system. Progressive security states corresponding to different stages in a chip's design, manufacture and delivery are utilized to enable different access control settings for security features as a part moves from design to end-use. The access enablement circuit for a SoC implementing different security states provides individual access control settings for security features in the different security states. One-time programmable memory and register controls are provided in one embodiment that allow different access control settings for an individual security feature in the same or different security states of the system. | 2015-03-05 |
| 20150067772 | APPARATUS, METHOD AND COMPUTER-READABLE STORAGE MEDIUM FOR PROVIDING NOTIFICATION OF LOGIN FROM NEW DEVICE - An apparatus for providing a notification of a login to a user account from a device includes an information analysis unit for determining whether the device is a new device, in response to a login request received from the device, and a login notification unit for providing a notification of a login from the new device using a preset notification method, based on results of determination by the information analysis unit. A login notification is provided when a user logs in via a new device other than devices usually used thereby, thus allowing the user to promptly cope with an illegal login so that the illegal use of the user's account can be prevented if an illegal login is performed. | 2015-03-05 |
| 20150067773 | SYSTEM FOR MANAGING SECURE AND NONSECURE APPLICATIONS ON ONE AND THE SAME MICROCONTROLLER - An electronic microcontroller system including: plural processors; at least one interface for exchange with at least one peripheral, the peripheral being user master of the electronic microcontroller system; a mechanism for access to a shared memory space; an interconnection matrix for interconnecting the exchange interface, the processors and the mechanism for access to a shared memory space; a mechanism managing applications involving a guaranteed level of security and integrity and of applications exhibiting a nonguaranteed level of security and integrity. The exchange interface cooperates with a secure isolation cell of the memory situated between the user master peripheral and the interconnection matrix. | 2015-03-05 |
| 20150067774 | AUTOMATED METHOD FOR INCREASING AND MAINTAINING THE NUMBER OF SOCIAL MEDIA FOLLOWERS - An automated method, which acts on increasing and maintaining the number of social media followers of a particular identification (ID) on social media, is proposed. The proposed method may operate without the presence of a unique IP per user, and requires no local or central database for user information. User information is generated, encrypted, and saved on user web browser as a cookie. | 2015-03-05 |
| 20150067775 | System and Method of Secure Logon for Shared Devices - A system includes a sensor to determine a user is proximate to the system and a logon module to receive information from the sensor that a user is proximate to the system, receive logon information from the user and identification information associated with the user, authenticate the user to use the system based on the logon information, store the identification information, receive second information from the sensor that the user is not proximate to the system, suspend an operating system session, receive information from the sensor that the user is again proximate to the system, receive second identification information associated with the user, determine that the first and second identification information matches, and resume the OS session in response to determining that the first and second identification information matches. | 2015-03-05 |
| 20150067776 | METHOD AND APPARATUS FOR COMPILATION OF FINITE AUTOMATA - A method and corresponding apparatus are provided implementing run time processing using Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic and a unified deterministic finite automata (DFA) may be generated using the subpatterns selected from all patterns in the set, and at least one non-deterministic finite automata (NFA) may be generated for at least one pattern in the set, optimizing run time performance of the run time processing. | 2015-03-05 |
| 20150067777 | SYSTEMS AND METHODS FOR AUTHENTICATING NODES - To authenticate nodes, a connection between a first node and a second node may be identified. A first set of nodes having connections with the first node and assigned to a first plurality of clusters may be identified. A second set of nodes having connections with the second node and assigned to a second plurality of clusters may be identified. A first distribution of clusters may be generated based on the first set of nodes. A second distribution of clusters may be generated based on the second set of nodes. The first distribution and the second distribution may be analyzed. An authenticity metric for at least one of the first node and the second node may be generated based on the analyzing the first distribution and the second distribution. | 2015-03-05 |
| 20150067778 | INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING METHOD - An information processing device includes a reception unit and a control unit. The reception unit receives an access request including identification information of a transmission source from a terminal. The control unit acquires user information that is information about a user using the terminal based on the identification information included in the access request. | 2015-03-05 |
| 20150067779 | SERVER APPARATUS, LOGIN MANAGEMENT SYSTEM, AND NON-TRANSITORY STORAGE MEDIUM - The present invention is provided with the page responding unit | 2015-03-05 |
| 20150067780 | Mobile Terminal Detection Method And Mobile Terminal - A mobile terminal detection method and a mobile terminal. The method includes: reading a first international mobile equipment identity (IMEI) stored in a flash; comparing the first IMEI with a backup IMEI stored in a one-time programmable data (OTP) region which is prohibited from being modified; and disabling the mobile terminal when the first IMEI and the backup IMEI are inconsistent. In the present invention, the IMEI plaintext is directly backed up to the OTP region of the mobile terminal, and the value of the IMEI stored in the flash and the value of the backup IMEI are dynamically compared, so as to conveniently detect the legitimacy of the IMEI of the mobile terminal, effectively protect the IMEI number of the mobile terminal from being arbitrarily modified, and ensure the legitimate interests of users and operators. | 2015-03-05 |
| 20150067781 | Data Processing Based on Two-Dimensional Code - The present disclosure provides example methods and apparatuses of data processing based on a two-dimensional code. The two-dimensional code is generated upon receiving a data processing request from a user of a first communication device. Information relating to the data processing request obtained through scanning the two-dimensional code by a second communication device is received. A user interface for data processing is generated at the second communication device based on the information relating to the data processing request. The present techniques for data processing based on the two-dimensional code use the two-dimensional code to complete logging-in and avoid the tedious logging-in process, thereby conveniently, efficiently, and securely implements data output processing. | 2015-03-05 |
| 20150067782 | METHOD FOR CONNECTING TO NETWORK AND ELECTRONIC DEVICE THEREOF - A method and electronic device for network connection and authentication is disclosed herein. A control unit is configured to detect authentication information necessary to access a communication network, and detect whether the authentication information corresponding to the communication network is stored in a profile storing at least the authentication information for at least the communication network. A radio frequency (RF) processing unit configured to couple to the communication network in response to detecting that the authentication information is authenticated by an authentication server for the communication network. | 2015-03-05 |
| 20150067783 | SYSTEM AND METHOD FOR A CLOUD COMPUTING ABSTRACTION LAYER - According to one system of the invention, the system provides a cloud-computing service from a cloud-computing environment comprising a plurality of cloud-computing resources. The system may comprise: a management module configured to manage a cloud-computing resource of the plurality of cloud-computing resources as a cloud-computing service, wherein the cloud-computing service performs a computer workload; an adapter configured to connect to the cloud-computing resource to the system and translate a management instruction received from the management module into a proprietary cloud application program interface call for the cloud-computing resource; a cloud service bus configured to route the management instruction from the management module to the adapter; a consumption module configured to allow a user to subscribe the cloud-computing service; a planning module configured to plan the cloud-computing service; and a build module configured to build the cloud-computing service from the cloud-computing resource and publish the cloud-computing service to the consumption module. | 2015-03-05 |
| 20150067784 | COMPUTER NETWORK SECURITY MANAGEMENT SYSTEM AND METHOD - A computer network security management system is provided, in which a corporate computer network can be substantially separated from an external network because the external exposure of the corporate computer network is minimized, and a possibility that a hacker may get into a relay server or a central server can be fundamentally cut off. The computer network security management system is expected to further enhance the security level of a corporate computer network. | 2015-03-05 |
| 20150067785 | METHOD AND APPARATUS FOR A DEVICE MANAGEMENT APPLICATION - An approach for implementing a local device management application for deterring misuse, loss, or theft of mobile devices includes determining that a use of a first device at least substantially satisfies one or more use criteria. The approach also includes generating a notification message regarding the use. Further, the approach includes initiating a transmission of the notification message from the first device to a second device. | 2015-03-05 |
| 20150067786 | VISUAL IMAGE AUTHENTICATION AND TRANSACTION AUTHORIZATION USING NON-DETERMINISM - Methods and systems described herein perform a secure transaction. A display presents images that are difficult for malware to recognize but a person can recognize. In at least one embodiment, a person communicates transaction information using visual images received from the service provider system. In at least one embodiment, a universal identifier is represented by images recognizable by a person, but difficult for malware to recognize. | 2015-03-05 |
| 20150067787 | MECHANISM FOR FACILITATING DYNAMIC ADJUSTMENTS TO COMPUTING DEVICE CHARACTERISTICS IN RESPONSE TO CHANGES IN USER VIEWING PATTERNS - A mechanism is described for facilitating dynamic adjustments to features of computing devices according to one embodiment. A method of embodiments, as described herein, includes automatically monitoring usage patterns relating to a user of computing device. The usage patterns may be based on audio user characteristic or visual user characteristics relating to usage of the computing device. The method may further include automatically monitoring environment patterns relating to the usage of the computing device. The environment patterns may be based on surrounding environment having the user and the computing device. The method may further include facilitating dynamic adjustment of one or more features of the computing device based on one or more of the usage patterns, environment patterns, and user preferences. | 2015-03-05 |
| 20150067788 | CONNECTION MANAGEMENT METHOD AND SYSTEM FOR RELAYING CLIENT AND BACKEND OF SERVER ON SERVER SIDE - Provided is a connection management method and system for relaying a client and a backend module of a server on a server side. A connection management method performed by a connection management system may include receiving a request message from a client device, adding an authentication tag and a service tag for a connection to the request message, verifying a right of the authentication tag and a right of the service tag using a uniform resource identifier (URI) of the request message, searching for a service corresponding to the request message using the URI, and transferring the request message to the found service. | 2015-03-05 |
| 20150067789 | METHOD AND APPARATUS TO PROVIDE A NETWORK SOFTWARE DEFINED CLOUD WITH CAPACITY TO PREVENT TENANT ACCESS TO NETWORK CONTROL PLANE THROUGH SOFTWARE DEFINED NETWORKS - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 2015-03-05 |
| 20150067790 | Methods, Circuits, Devices, Systems and Associated Computer Executable Code for Discovering and Providing Digital Content - Disclosed are methods, circuits, devices, systems and computer executable code for discovering and providing digital content. Identifier of a wireless communication signal source may be associated with a specific store or collection of digital content. | 2015-03-05 |
| 20150067791 | CONTEXTUAL DEVICE LOCKING/UNLOCKING - Particular embodiments of a computing device associated with a user may detect an event using a sensor of the computing device. The event may be a lock-triggering event or an unlock-triggering event. The computing device may assess a state of the device. The computing device may also access further information associated with the user. The computing device may also monitor activity on the computing device to detect further events if such further monitoring is warranted. Based on the gathered information, the computing device may update a lock status of the device to lock or unlock access interfaces of the computing device, functionality of the computing device, or content accessible from the computing device. If the event comprised the computing device detecting an attempt by a third party to use the device, the device may attempt to identify the third party to determine if they are authorized to use the device. | 2015-03-05 |
| 20150067792 | OWNER ACCESS POINT TO CONTROL THE UNLOCKING OF AN ENTRY - Disclosed is a method, apparatus, and system to control the unlocking of an entry for a guest having a wireless device by an owner access point. A virtual key for a wireless device and an access control rule associated with the virtual key may be stored at the owner access point. The owner access point may determine whether a virtual key received from a wireless device matches the stored virtual key and whether the access control rule for the stored virtual key is satisfied. If the virtual key matches, and the access control rule for the stored virtual key is satisfied, the owner access point may transmit an open command to the entry. | 2015-03-05 |
| 20150067793 | Method for Secure, Entryless Login Using Internet Connected Device - A system, method, and computer-readable medium are disclosed for using an entryless One-Time Password (OTP) in an active tag environment. Authentication credentials associated with a user and an active tag device are submitted with an access request to an authentication server, where they are processed to generate an OTP credential, which is then stored in a directory service. Encryption operations are then performed on the OTP credential to generate an encrypted OTP credential, which is then provided to the active tag device, which in turn provides it to an active tag terminal. The active tag terminal then submits a request to the authentication server to verify the validity of the encrypted OTP credential. In response, the authentication server verifies its validity and then destroys the OTP credential stored in the directory service. The OTP credential is then decrypted by the active tag terminal and subsequently used to login the user. | 2015-03-05 |
| 20150067794 | SYNCHRONOUS TIMESTAMP COMPUTER AUTHENTICATION SYSTEM AND METHOD - A method and system for authenticating computer nodes on a network, including providing a synchronized clock system, at a predetermined clock frequency, for use with an electronic system with a plurality of system nodes. Matching counters are connected to each of the plurality of system nodes, each of the counters being incremented in accordance with the clock frequency experienced by the system nodes to which the counters are connected. A difference is calculated between a count number at the end of a certain interval and the count number for the same counter at the beginning of the interval, to arrive at a count difference for each counter. The count difference of a particular counter is compared with the count difference of at least two other counters and, in the event that the count difference of the particular counter does not match, that node is noticed as an imposter. | 2015-03-05 |
| 20150067795 | Control method and device for mobile terminal, and mobile terminal - The present invention relates to the field of mobile communications, and provides a control method and device of a mobile terminal, and the mobile terminal. The control method of a mobile terminal comprises: a control device of a mobile terminal receiving a first switching instruction that instructs switching the mobile terminal to a security mode; and the control device of the mobile terminal performing control processing on the mobile terminal according to the first switching instruction, and switching the mobile terminal to the security mode, so that the mobile terminal does not send service data to a base station. The technical solution of the present invention can effectively protect the information security of the mobile terminal. | 2015-03-05 |
| 20150067796 | Method for statistical object identification - The present invention provides a mechanism to activate an original object ( | 2015-03-05 |
| 20150067797 | AUTOMATICALLY GENERATING CERTIFICATION DOCUMENTS - A certification application automatically generates a certification document associated with a service. A transformation module retrieves a component information associated with a status of a service from a data store maintaining the component information. The component security data and component metadata is included within the component information. The component information is transformed for insertion into a certification information. Risk analysis, phraseology, and localization data is used to transform the component information. The certification document is generated based on the certification template by inserting the component information into the certification template. | 2015-03-05 |
| 20150067798 | SELECTIVE COMPLEX DATA ENTRY FROM ONE TIME PASSWORDS FOR AUTHENTICATION - A one time password (OTP) associated with a client device, and a padding rule, of a plurality of possible padding rules, associated with the client device may be determined. A padded OTP that include the OTP and additional data may be formed based on the padding rule. The padding rule may be associated with at least one of a position of the OTP within the padded OTP, a characteristic of the additional data, or a characteristic of the padded OTP. The padded OTP may be provided to the client device. A selection of a portion of the padded OTP may be received from the client device, and the client device may be authenticated when the selected portion of the padded OTP corresponds to the OTP. If the selected portion of the padded OTP does not correspond to the OTP, other actions may be performed based on the selected portion. | 2015-03-05 |
| 20150067799 | ELECTRONIC PASSWORD GENERATING METHOD, ELECTRONIC PASSWORD GENERATING APPARATUS AND ELECTRONIC PASSWORD AUTHENTICATION SYSTEM - An electronic password generating method, an electronic password generating apparatus and an electronic password authentication system are provided. The electronic password generating method includes steps of: prompting a user to input a challenge code by a prompting information, wherein the prompting information is an information containing a meaning represented by the challenge code to be input, the prompting information at least comprises a first prompting information and a second prompting information, and the challenge code at least comprises a first information of the challenge code and a second information of the challenge code; receiving the challenge code input by the user; and generating a dynamic electronic password according to the input challenge code and a current time parameter. | 2015-03-05 |
| 20150067800 | INFORMATION PROCESSING APPARATUS AND METHOD OF CONTROLLING THE SAME - An information processing apparatus capable of receiving an authentication request in accordance with a protocol of a plurality of protocols and a method of controlling the same are provided. The information processing apparatus stores a user identifier and a password for each user and a calculation method for each protocol, and when the apparatus receives an authentication request including authentication data from a remote computer in accordance with a protocol of the plurality of protocols, the apparatus obtains stored password corresponding to the authentication data which is included in the authentication request, obtains, stored calculation method corresponding to the protocol, converts the obtained password into a hash in accordance with the obtained calculation method, and verifies the authentication data with the hash. | 2015-03-05 |
| 20150067801 | MULTIPLE USER AUTHENTICATIONS ON A COMMUNICATIONS DEVICE - A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user. | 2015-03-05 |
| 20150067802 | METHOD AND SYSTEM FOR PROVIDING ACCESS TO ENCRYPTED DATA FILES FOR MULTIPLE FEDERATED AUTHENTICATION PROVIDERS AND VERIFIED IDENTITIES - The embodiments herein disclose a method and system for providing access to an encrypted data tile by separating the concerns of Authentication, Identity Resolution and Authorization from Encryption thereby allowing for multiple federated authentication providers and verified identities. The method comprises of creating an encrypted data file, embedding a file usage policy to the data file, sharing the encrypted data file with an identity of an intended content recipient and an allowed authentication provider specified in the file usage policy, activating a client application installed in a user device to open the encrypted data file, fetching and updating the data file usage policy from an application server, prompting the user to authenticate with the allowed authentication provider, authenticating the user with a specified authentication provider, verifying if the authenticated user is allowed to open the data file, opening the data file on successful verification and enforcing the file usage policy. | 2015-03-05 |
| 20150067803 | COMPUTER DEVICE, A METHOD FOR CONTROLLING A LOGIN STATUS OF A COMPUTER DEVICE AND A SERVER - A computer device that can login to a personal account located on a server via the internet, the computer device includes communication circuitry that is configured to access the internet, a user interface to receive a request to login to the personal account, a memory that stores information, and processing circuitry that controls the communication circuitry to transmit to the server a request to login to the personal account, analyzes a type of the personal account, calculates a distance between the computer device and another computer device, controls the communication circuitry to transmit a notification to the another computer device in response to the processing circuitry determining that the type of personal account is a specific personal account and the distance being greater than a first predetermined distance, and transmits a request to the server to logoff the personal account when a permission is received. | 2015-03-05 |
| 20150067804 | SYSTEMS AND METHODS FOR MANAGING RESETTING OF USER ONLINE IDENTITIES OR ACCOUNTS - Systems and methods are disclosed for managing the resetting of online identities or accounts of users of Internet web pages. One method includes: receiving, through an electronic device, a request to reset login information to access a web page associated with the user's online account; determining that an IP address associated with the request is not identified as being suspicious; receiving user data intrinsic to the user's request; automatically verifying two or more values of the data intrinsic to the user's request as being indicative of a level of trust of the identity of the user; and transmitting, to the user over the Internet, a subset of options to reset the login information, the subset being selected based on the level of trust. | 2015-03-05 |
| 20150067805 | MAKING A USER'S DATA, SETTINGS, AND LICENSED CONTENT AVAILABLE IN THE CLOUD - A cloud-based computer system changes the modern paradigm from being device-centric to being person-centric. The system makes all user data, software settings, device settings, and licensed content for a user available in the cloud. The system includes a conversion mechanism that can convert information intended for one device type to a different device type. Thus, a user changing smart phone platforms can convert their current smart phone settings to equivalent settings on the new phone platform, and their new phone can then be configured using the user's converted settings stored in the cloud. By storing all the user's relevant information in the cloud, this information may be accessed anywhere and may be used to configure a large number of different devices according to the user's settings. | 2015-03-05 |
| 20150067806 | AUTHENTICATION DEVICE, AND NON-TRANSITORY COMPUTER-READABLE DEVICE STORING AUTHENTICATION PROGRAM - There is provided an authentication device configured to: store, as an authentication information database, authentication information in which a preset authentication identifier including a plurality of identifiers is associated with a pattern of a relative input position of the plurality of identifiers; acquire as input information a piece of information indicating the identifier input from a user and the input position of the identifier; and grant authentication when the identifier included in the input information corresponds with the identifier in the authentication information and when a pattern of a relative input position of the identifier included in the input information corresponds with the pattern of the relative input position of the identifier in the authentication information. | 2015-03-05 |
| 20150067807 | OPERATING A USER DEVICE - Measures for operating a user device in a telecommunications network. In a browser on the user device, a password associated with a given telephony service identifier is stored in a browser cache associated with the browser. A user of the user device has one or more telephony service identifiers, including the given telephony service identifier, allocated by a service provider for conducting communication services in the network. In the browser on the user device, in response to receipt of user input via the browser indicative of a request to conduct communications using the given telephony service identifier, the stored password is retrieved from the browser cache and used to authenticate the user device for at least one communication service in the network using the given telephony service identifier. | 2015-03-05 |
| 20150067808 | Client Identification System Using Video Conferencing Technology - An aspect of the preset invention relates to a system for identifying a client, comprising a client device having a video camera and a voice transmitting and receiving device capable of transmitting a client's image and voice via a communication carrier system and a communications network to a user terminal, whereby the client is authenticated in real time, wherein, real-time dialogue between the client and a live person authenticates the client, wherein said dialogue authentication does not rely on information obtained from a public or government database. A further aspect of the present invention relates to a method of identifying a client, comprising the steps of using a client device having a video camera and voice transmitting and receiving device to initiate an authentication of a client's identity, transmitting a client's image and voice over a communication carrier system and a communications network to a user terminal, and authenticating the client's image and voice in real time, wherein, real-time dialogue between the client and a live person authenticates the client, wherein said dialogue, authentication does not rely on information obtained from a public or government database. A further aspect of the present invention relates to a method of identifying a fraudster, comprising the steps of using a client device having a video camera and voice transmitting and receiving device to initiate an authentication of a client's identity, transmitting the fraudster's image and voice over a communication carrier system and a communications network to a user terminal, comparing the fraudster's image and voice to the client; and storing the fraudster data, wherein, real-time dialogue between the fraudster and the live advisor authenticates the client, wherein said dialogue authentication does not rely on information obtained from a public or government database. | 2015-03-05 |
| 20150067809 | USER IDENTITY AUTHENTICATION AND SINGLE SIGN ON FOR MULTITENANT ENVIRONMENT - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 2015-03-05 |
| 20150067810 | SYSTEM AND METHOD FOR PROTECTING SPECIFIED DATA COMBINATIONS - A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter. | 2015-03-05 |
| 20150067811 | CONDUCTING SESSIONS WITH CAPTURED IMAGE DATA OF PHYSICAL ACTIVITY AND UPLOADING USING TOKEN-VERIFIABLE PROXY UPLOADER - A token-verifiable proxy uploader is disclosed. A token request may be transmitted from an end-user communication device for requesting an upload token from a hosted services server that is configured to authorize transmission of a first media file to a hosted proxy server. The upload token may be transmitted to the end-user communication device. Validation of the user of the end-user communication device may be conducted without the end-user device providing any credentials to the media sharing site and in which the end-user device is does not transmit any credentials specific to the media sharing site as part of the validation. The token validation call may be in response to the hosted proxy server receiving the upload token and either: (1) the first media file from the end-user communication device; or (2) a request from the end-user communication device to upload the first media file to the hosted proxy server. | 2015-03-05 |
| 20150067812 | LOCAL STREAMING PROXY SERVER - A local application streaming proxy can create a virtual image of storage media, which allows cloud operators to rapidly deliver applications, or deliver any operating system remotely, while providing better security, network utilization, low power requirements, and consistent performance for streamed applications and operating systems. A station using its WiFi/LAN provides QoS guarantees (or priority) for application streaming network communications to create a consistent user experience regardless of other application bandwidth utilization. “HTTP demand paging” is also possible. | 2015-03-05 |
| 20150067813 | Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization - Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value. | 2015-03-05 |
| 20150067814 | Methods And Systems For Providing Controlled Access To The Internet - Novel, Internet-related architectures, methods and devices are proposed that are based on a fundamentally different philosophy: hosts (e.g., source and destination nodes) are given the ability to specify their access control policies to the network they are a part of, and the network enforces these policies. The architecture proposed is mobility friendly to the ever increasing number of mobile hosts and is scalable as well. | 2015-03-05 |
| 20150067815 | CONFIGURATION OF ENERGY SAVINGS - According to one example embodiment, a modem or other network device include an energy module configured to enter a low-power, low-bandwidth state when not in active use by a user. The low-power state may be maintained under certain conditions where network activity is not present, and or when only non-bandwidth-critical traffic is present. The network device may include a user interface for configuring firewall rules, and the user may be able to concurrently designate particular types of traffic as important or unimportant. The energy module may also be integrated with a firewall, and power saving rules may be inferred from firewall rules. | 2015-03-05 |
| 20150067816 | AUTOMATED SECURITY GATEWAY - A security device may be configured to receive information regarding traffic that has been outputted by a particular user device; and compare the information regarding the traffic to security information. The security information may include device behavior information, traffic policy information, or device policy information. The security device may determine, based on the comparing, that a security threat exists with regard to the traffic; and take, based on determining that the security threat exists, remedial action with respect to the traffic. Taking the remedial action may include preventing the traffic from being forwarded to an intended destination associated with the traffic, providing an alert, regarding the security threat, to the particular user device, or providing an alert, regarding to the security threat, to another device. | 2015-03-05 |
| 20150067817 | FIREWALL TRAVERSAL DRIVEN BY PROXIMITY - Disclosed is a system and method enabling a mobile device to establish a communication channel with a device residing in the corporate network and in close physical proximity, without the requirement for a direct high speed network connection between the mobile and corporate devices. The system and method allow the mobile device tot maintain its existing network connection, with no special user/network credential access. The system and method enable an improved security control over the traffic that is transferred between the devices as these are filtered and controlled through a Firewall Traversal pairing server and not directly between devices. | 2015-03-05 |
| 20150067818 | BOOKMARKING SUPPORT OF TUNNELED ENDPOINTS - Methods and systems for managing tunneled endpoints are provided. One method includes preventing a user from accessing an endpoint that was previously accessed by the user via a first URL including an address with a first port designation, creating a constructive bookmark to the previously accessed endpoint, and establishing a tunnel to the previously accessed endpoint based on the constructive bookmark. Another method includes preventing a user from bookmarking a URL to an endpoint. A system includes a processor coupled to a memory a module for managing tunneled endpoints that, when executed by the processor, cause the processor to perform one or more of the above methods. | 2015-03-05 |
| 20150067819 | System and Method for Improving Internet Communication by Using Intermediate Nodes - A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device access an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both. The partition into slices may be overlapping or non-overlapping, and the same slice (or the whole content) may be fetched via multiple tunnel devices. | 2015-03-05 |
| 20150067820 | SECURITY GATEWAY COMMUNICATION - A gateway device and methods performed therein to prevent unauthorized client devices from connecting to the host network of the gateway device is described. The gateway device does not respond right away to an individual client message sent to the gateway device. Instead, the gateway device only responds to a predetermined sequence of the client messages, which is only known to the gateway device and authorized client devices. Because the gateway device will not respond to random client messages and the likelihood that an unauthorized client device can correctly guess the predetermined sequence of the client messages is low, the risk of a malicious party being able to hack into the host network, for example, by using port scanning techniques, can be mitigated. | 2015-03-05 |
| 20150067821 | METHOD FOR UNLOCKING ELECTRONIC DEVICE - An electronic device includes an acceleration sensor and a rotation sensor, both being independently powered, in providing a method of unlocking when locked. An acceleration of the electronic device is detected using the acceleration sensor and a rotation angle of the electronic device is then detected using the rotation sensor. The electronic device is unlocked only if the acceleration of the electronic device exceeds the predetermined value and the electronic device is additionally rotated a predetermined angle within a predetermined time. | 2015-03-05 |
| 20150067822 | Biometric Verification Using Predicted Signatures - A computer-implemented biometric identity verification method including the steps of storing a database of registered users, including data identifying profile attributes of each registered user and a respective plurality of stored biometric signatures, each stored biometric signature associated with a corresponding one or more of the profile attributes. A predicted biometric signature is derived for a requesting user when it is determined that a period of time has elapsed since the requesting user's stored biometric signature was last updated, by adapting the stored biometric signature based on biometric variances derived from a biometric peer group of registered users with at least one profile attribute in common with the requesting user. The predicted biometric signature is used to verify the identity of the requesting user. | 2015-03-05 |
| 20150067823 | MOTION-BASED CREDENTIALS USING MAGNIFIED MOTION - Systems and methods are provided which allow for motion-based authentication of a user using magnified motion. Very small or imperceptible motions of a user may be captured and magnified to determine characteristics of the motions that may be used as a motion-based credential for user authentication. The motions, which may be very small and imperceptible to an observer, may be difficult for potential attackers to observe and copy, but may be useful when magnified. | 2015-03-05 |
| 20150067824 | WEARABLE USER DEVICE AUTHENTICATION SYSTEM - Systems and methods for authenticating a user include a wearable user device receiving a first request to access a secure system. A plurality of authentication elements are then displayed on a display device to a user eye in a first authentication orientation about a perimeter of an authentication element input area. A user hand located opposite the display device from the user eye is then detected selecting a sequence of the plurality of authentication elements. For each selected authentication element in the sequence, the wearable user device moves the selected authentication element based on a detected movement of the user hand and records the selected authentication element as a portion of an authentication input in response to the user hand moving the selected authentication element to the authentication element input area. The user is authenticated for the secure system if the authentication input matches stored user authentication information. | 2015-03-05 |
| 20150067825 | VISUAL AUTHENTICATION TO A COMPUTING DEVICE - For visually authenticating to a computing device, a method is disclosed that includes receiving an authentication request at a computing device, displaying a dynamic visual signal in response to the authentication request, wherein the visual signal suggests an authentication token. The method also includes receiving the authentication token in response to displaying the dynamic visual signal, and determining if the authentication token satisfies authentication requirements at the computing device. | 2015-03-05 |
| 20150067826 | RECORDING MEDIUM, AUTHENTICATION DEVICE, AND AUTHENTICATION METHOD - An electronic device includes a touch panel, a time information obtaining section, and an authentication section. The time information obtaining section obtains time information for user authentication. The authentication section executes user authentication based on the time information obtained by the time information obtaining section. The time information obtaining section changes the time information according to a user's touch duration on the touch panel and changes an amount of change in time that the time information indicates according to a user's manner of touching the touch panel. | 2015-03-05 |
| 20150067827 | APPARATUS AND METHOD FOR SETTING A USER-DEFINED PATTERN FOR AN APPLICATION - Provided is a terminal with a fingerprint reader and method of operating the same. The terminal includes a fingerprint reader to scan and read a fingerprint of a user and a user verification module. The user verification module calculates a matching value between the fingerprint read by the fingerprint reader and a previously registered fingerprint of the user, and identifies the matching value and a security level of a requested application to determine whether to execute the requested application. The security level is variable; for example, the security level may vary according to a type of application or may be arbitrarily set by the user. | 2015-03-05 |
| 20150067828 | INDUSTRIAL AUTOMATION AND CONTROL DEVICE USER ACCESS - Solutions are disclosed for simplified user access to IEDs in industrial or utility operating environments such as those compatible with IEC 62351-8, having an LHMI with a restricted IED key set. A central Access Enabler assigns a short and temporary session secret to a previously authenticated user, and forwards the session secret to an IED for subsequent local user validation by the IED. A user session at the IED is remotely initiated by the Access Enabler, with the IED screen being instantaneously locked by the session secret. | 2015-03-05 |
| 20150067829 | Electronic Device and Method for Unlocking Screen of Electronic Device - An electronic device and a method for unlocking a screen of the electronic device are provided. The electronic device includes a screen and a storage unit. The method includes detecting, in a locked state, intent of a user to unlock the screen, extracting multiple pieces of contact information from the storage unit of the electronic device when it is detected that the user intends to unlock the screen, where each piece of the extracted contact information includes a first attribute value and a second attribute value, displaying, on the screen, first attribute values and second attribute values that are of the extracted contact information, detecting an action of matching the contact attribute values by the user, and unlocking the screen when it is detected that the user correctly matches a first attribute value and a second attribute value that are of the contact information, and otherwise maintaining the locked state. | 2015-03-05 |
| 20150067830 | DYNAMIC APPLICATION SECURITY VERIFICATION - Disclosed are various embodiments for performing security verifications for dynamic applications. An instance of an application is executed. During runtime, it is determined whether the application is accessing dynamically loaded code from a network site. In one embodiment, the access may be detected via the use of a particular application programming interface (API). In another embodiment, the access may be detected via the loading of downloaded data into an executable portion of memory. A security evaluation is performed on the dynamically loaded code, and an action is initiated responsive to the security evaluation. | 2015-03-05 |
| 20150067831 | SYSTEMS AND METHODS FOR IDENTIFYING PRIVATE KEYS THAT HAVE BEEN COMPROMISED - A computer-implemented method for identifying private keys that have been compromised may include (1) identifying a private key that enables a signatory to digitally sign applications, (2) collecting information about the private key from at least one public source, (3) determining, based on the information collected from the public source, that the private key has been compromised and is accessible to unauthorized signatories, and (4) performing a security action in response to determining that the private key has been compromised and is accessible to the unauthorized signatories. Various other methods, systems, and computer-readable media are also disclosed. | 2015-03-05 |
| 20150067832 | Client Side Phishing Avoidance - In one implementation, a phishing scam involves a communication sent to a user by an impersonator. Rather than detect the communication and verify the identity of the sender, the data entry of the user is monitored. For example, an example embodiment scans data entry from a user for a security word and queries a list of authorized terms for the security word. In response to the security word being included in the list of authorized terms, a destination address associated with the security word is identified. A list of authorized destination addresses is queried with the destination address associated with the security word. | 2015-03-05 |
| 20150067833 | AUTOMATIC PHISHING EMAIL DETECTION BASED ON NATURAL LANGUAGE PROCESSING TECHNIQUES - A comprehensive scheme to detect phishing emails using features that are invariant and fundamentally characterize phishing. Multiple embodiments are described herein based on combinations of text analysis, header analysis, and link analysis, and these embodiments operate between a user's mail transfer agent (MTA) and mail user agent (MUA). The inventive embodiment, PhishNet-NLP™, utilizes natural language techniques along with all information present in an email, namely the header, links, and text in the body. The inventive embodiment, PhishSnag™, uses information extracted form the embedded links in the email and the email headers to detect phishing. The inventive embodiment, Phish-Sem™ uses natural language processing and statistical analysis on the body of labeled phishing and non-phishing emails to design four variants of an email-body-text only classifier. The inventive scheme is designed to detect phishing at the email level. | 2015-03-05 |
| 20150067834 | Building Reusable Function Summaries for Frequently Visited Methods to Optimize Data-Flow Analysis - A method includes inspecting function summaries generated during a static analysis of a program and identifying a set of function summaries for a same method that have structural similarities. The method includes replacing the set of structurally similar summaries with a coarse summary. The method further includes using the coarse summary in subsequent static analysis operations. Apparatus and program products are also disclosed. | 2015-03-05 |
| 20150067835 | Detecting Anomalous User Behavior Using Generative Models of User Actions - An apparatus for detecting abnormal behavior of users is disclosed. The apparatus identifies from a log of user activity, a first number of actions performed by a user over a first time period that match a pattern of user activity for a task associated with one or more roles of the users. The apparatus also identifies from the log of user activity, a second number of actions performed by the user over a second time period that match the pattern of user activity. The apparatus calculates an amount of deviation between the first number of actions and the second number of actions. The deviation identifies a difference between amounts of time spent in the one or more roles. The apparatus then determines whether the amount of deviation between the first number of actions and the second number of actions exceeds a threshold for abnormal behavior. | 2015-03-05 |
| 20150067836 | System and Method to Traverse a Non-Deterministic Finite Automata (NFA) Graph Generated for Regular Expression Patterns with Advanced Features - In one embodiment, a method of walking an non-deterministic finite automata (NFA) graph representing a pattern includes extracting a node type and an element from a node of the NFA graph. The method further includes matching a segment of a payload for the element by matching the payload for the element at least zero times, the number of times based on the node type. | 2015-03-05 |
| 20150067837 | SOFTWARE SELF-CHECKING SYSTEMS AND METHODS - Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques. | 2015-03-05 |
| 20150067838 | TRUSTED EXECUTION OF BINARIES AND MODULES - A computer system mechanism is provided that restricts execution of binaries, such as applications, kernel modules, shared libraries, on the computing system to only those that have been installed by an approved mechanism. The approved mechanism acts as a single entry point on the computing for installing new binaries. Any change in file content or metadata taints an executable file and prevents execution by the kernel. Files copied over and not installed via, the approved mechanism will not be executed. | 2015-03-05 |
| 20150067839 | Syntactical Fingerprinting - A method for identifying phishing websites and illustrating the provenance of each website through the structural components that compose the websites. The method includes identifying newly observed phishing websites and using the method as a distance metric for clustering phishing websites. Varying the threshold value within method demonstrates the potential capability for phishing investigators to identify the source of many phishing websites as well as individual phishers. | 2015-03-05 |
| 20150067840 | METHOD FOR PACKET PROCESSING, ELECTRONIC DEVICE AND STORAGE MEDIUM - A method for processing packets, an electronic device and a storage medium are proposed. The present invention presets a defense module preventing DoS in the mobile terminal. A connection requesting side establishes connection with the defense module according to three-handshake principle of TCP, and a defense module sends a SYN packet to a mobile terminal as the connection requesting side. When the defense module successfully handshakes with the mobile terminal, connection between the connection requesting side and the mobile terminal is created, so that DoS attack, especially SYN attack can be effectively prevented. When mobile terminals, especially mobile phones are network hotspot, attack on internal mobile terminal from external network can be effectively prevented. | 2015-03-05 |
| 20150067841 | METHOD FOR HIDING SOURCE OF WIRELESS SENSOR NETWORK AND NODE - A method for hiding a source of a wireless sensor network and a node are provided. The method comprises: determining a first node having a shortest distance from the source; sending a real data packet via a shortest path between the first node and a base station, wherein the real data packet is generated by the first node according to the source; selecting a second node satisfying a preset condition on the shortest path as an initial false source node; establishing a false path with the initial false source node as a terminal node of the false path; and sending a false data packet to the initial false source node via the false path, such that the real data packet is hidden by the false data packet. | 2015-03-05 |
| 20150067842 | Intelligent Communication Screening to Restrict Spam - A system is provided to restrict the ability of a spammer to freely contact an entity over a communication channel. To do so, the system reconfigures a communication channel used to contact the target entity such that the system can intercept a communication from a source contacting entity en route to the target entity. The system extracts an identifier (e.g., contacting entity's telephone number) from the communication and uses the identifier to query a database storing information about the contacting entity. The information reveals the contacting entity's industry, occupation, credibility, etc. From this information, the system automatically identifies the contacting entity as a spammer, potential spammer, or non-spammer. The system performs a default screening of the communication based on the classification. Alternatively, the target contacted entity can specify a configuration for different actions the system takes to screen the communication based on the source contacting entity classification. | 2015-03-05 |
| 20150067843 | Method and System for Scanning a Computer System for Sensitive Content - A computer-implemented method for scanning a computer system for sensitive data. A scan manager manages a scan of files of a second computer. The scan manager receives a request to scan and identify files stored on the second computer based on at least one category of sensitive data. The scan manager receives scan report recipient information and generates a user profile based on the at least one category and the recipient information. The scan manager makes the user profile available to a category server for use in creating a scan profile defining the scan criteria and deploys a scan agent to a computer to conduct the scan based on the scan profile. When the scan is complete and upon creation of the scan report, the scan manager makes the scan report available to the intended recipients. | 2015-03-05 |
| 20150067844 | SYSTEM AND METHODOLOGY PROVIDING AUTOMATION SECURITY ANALYSIS, VALIDATION, AND LEARNING IN AN INDUSTRIAL CONTROLLER ENVIRONMENT - The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order. The security learning system monitors/learns network traffic patterns during a learning phase, fires alarms or events based upon detected deviations from the learned patterns, and/or causes other automated actions to occur. | 2015-03-05 |
| 20150067845 | Detecting Anomalous User Behavior Using Generative Models of User Actions - A method for detecting abnormal behavior of users is disclosed. Processors identify from a log of user activity, a first number of actions performed by a user over a first time period that match a pattern of user activity for a task associated with one or more roles of the users. Processors also identify from the log of user activity, a second number of actions performed by the user over a second time period that match the pattern of user activity. Processors calculate an amount of deviation between the first number of actions and the second number of actions. The deviation identifies a difference between amounts of time spent in the one or more roles. Processors then determine whether the amount of deviation between the first number of actions and the second number of actions exceeds a threshold for abnormal behavior. | 2015-03-05 |
| 20150067846 | Malicious Activity Detection of a Functional Unit - A mechanism is provided for detecting malicious activity in a functional unit of a data processing system. A set of activity values associated with a set of functional units and a set of thermal levels associated with the set of functional units are monitored. For a current activity value associated with the functional unit in the set of functional units, a determination is made as to whether a thermal level associated with the functional unit differs from a verified thermal level beyond a predetermined threshold. Responsive to the thermal level associated with the functional unit differing from the verified thermal level beyond the predetermined threshold, sending an indication of suspected abnormal activity associated with the given functional unit. | 2015-03-05 |
| 20150067847 | Malicious Activity Detection of a Processing Thread - A mechanism is provided for detecting malicious activity in a functional unit. For a current activity value associated with a functional unit, a determination is made as to whether a thermal level associated with the functional unit differs from a verified thermal level beyond a first predetermined threshold. Responsive to the thermal level associated with the functional unit differing from the verified thermal level beyond the first predetermined threshold, a determination is made as to whether there is a known profile of thread activity levels that substantially matches current thread activity levels. Responsive to identifying the known profile that substantially matches the current thread activity levels, thread activity levels are compared to the known profile of thread activity levels. Responsive to the thread activity levels differing from the known profile beyond a second predetermined threshold, an indication of suspected abnormal activity associated with the given functional unit is sent. | 2015-03-05 |
| 20150067848 | DETECTING AUTOMATED SITE SCANS - Automated site scans are often seen as precursors to a cyber attack, from URI enumeration and version mapping to timing scans used to identify the most valuable DDoS targets. Disclosed are methods and apparatuses for detecting automated site scans and identifying the source of cyber attacks. Honeypot links are provided on a web page via a server. If multiple honeypot links are selected by a visitor of the web page, the server may identify the visitor as an automated system and generate a session ID. The server induces an artificial delay prior to displaying the data associated with the selected honeypot link. After a subsequent attack, the server is able to identify the attacker by association with the stored session ID of an automated site scan. | 2015-03-05 |
| 20150067849 | NEUTRALIZING PROPAGATION OF MALICIOUS INFORMATION - Methods and arrangements for controlling a spread of malicious information in a network. A viral spread of information is tracked, in a network comprising interconnected nodes. Malicious information in the viral spread of information is identified. A topic-specific sub-network of nodes prone to be affected by the malicious information is predicted, and the effect of the malicious information at the sub-network of nodes is neutralized, via initiating a spread of neutralizing information to the sub-network of nodes. Other variants and embodiments are broadly contemplated herein. | 2015-03-05 |
| 20150067850 | DDOS DETECTION USING SENSOR GRID - Methods and apparatus for detecting a network attack are disclosed. A sensor grid may be established in a network (e.g., an enterprise network). The sensors may monitor network assets across various network layers and transmit to a server signals that indicate the probability of an attack on the network. The server may apply an amplification algorithm to combine and amplify all of the received signals into a single signal that more accurately displays the probability of an attack on the network. | 2015-03-05 |
| 20150067851 | Malicious Activity Detection of a Functional Unit - A mechanism is provided for detecting malicious activity in a functional unit of a data processing system. A set of activity values associated with a set of functional units and a set of thermal levels associated with the set of functional units are monitored. For a current activity value associated with the functional unit in the set of functional units, a determination is made as to whether a thermal level associated with the functional unit differs from a verified thermal level beyond a predetermined threshold. Responsive to the thermal level associated with the functional unit differing from the verified thermal level beyond the predetermined threshold, sending an indication of suspected abnormal activity associated with the given functional unit. | 2015-03-05 |
| 20150067852 | Malicious Activity Detection of a Processing Thread - A mechanism is provided for detecting malicious activity in a functional unit. For a current activity value associated with a functional unit, a determination is made as to whether a thermal level associated with the functional unit differs from a verified thermal level beyond a first predetermined threshold. Responsive to the thermal level associated with the functional unit differing from the verified thermal level beyond the first predetermined threshold, a determination is made as to whether there is a known profile of thread activity levels that substantially matches current thread activity levels. Responsive to identifying the known profile that substantially matches the current thread activity levels, thread activity levels are compared to the known profile of thread activity levels. Responsive to the thread activity levels differing from the known profile beyond a second predetermined threshold, an indication of suspected abnormal activity associated with the given functional unit is sent. | 2015-03-05 |
| 20150067853 | SYSTEMS AND METHODS FOR DETECTING MALICIOUS MOBILE WEBPAGES - The disclosed technology includes techniques for identifying malicious mobile electronic documents, e.g., webpages or emails, based on static document features. The static features may include mobile-specific features, such as mobile web API calls, hosted mobile-specific binaries, noscript content, or misleading URL tokens visible on a mobile-specific interface. The static features may instead or also include various JavaScript (JS) features, HTML features, and URL features detected in numbers outside ranges expected for desktop electronic documents. These features may be used with machine learning techniques to classify benign and malicious documents in real time. | 2015-03-05 |
| 20150067854 | APPARATUS AND METHOD FOR MULTI-CHECKING FOR MOBILE MALWARE - An apparatus and method for multi-checking for mobile malware are provided. The apparatus for multi-checking for mobile malware includes a communication unit and a user interface (UI) unit. The communication unit communicates with at least one relay server. The UI unit receives an app to be checked from a user before sending the app to the relay server, or provides the user with the check results of the app obtained by a plurality of collection agents located in respective user terminals or emulators based on the app. | 2015-03-05 |
| 20150067855 | SERVER AND METHOD FOR ATTESTING APPLICATION IN SMART DEVICE USING RANDOM EXECUTABLE CODE - The present invention discloses an application attestation server and an application attestation method. Specially, there is provided an application attestation server that attests a certain application in a smart device, the application attestation server comprising: an executable code generation unit configured to generate executable codes for attestation with respect to the application; a transceiver configured to transmit an executable code randomly selected from the generated executable codes to the smart device, and receive a result of execution of the selected executable code with respect to the application from the smart device; a malicious application analysis unit configured to analyze whether the application is a malicious application based on the received result; and an analysis result providing unit configured to provide an analysis result of the malicious application analysis unit to a user. Herein, the executable code generation unit configures to generate the executable codes by randomly combining information relevant to the application. | 2015-03-05 |
| 20150067856 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR SCANNING PORTIONS OF DATA - A scanning system, method and computer program product are provided. In use, portions of data are scanned. Further, access to a scanned portion of the data is allowed during scanning of another portion of the data. | 2015-03-05 |
