14th week of 2014 patent applcation highlights part 61 |
Patent application number | Title | Published |
20140096148 | FAST REMOTE PROCEDURE CALL - A method for performing a remote procedure call between an application processor and a digital signal processor within a computing device. The computing device may compile interface description language data to generate stub software that executes on the application processor and skel software that executes on the digital signal processor. When an application executing on the application processor invokes a remote procedure call, the application processor may pack argument data within stack memory and transmit an interrupt to the digital signal processor, which may map the physical memory addresses of the argument data into local address space such that no copies of the argument data is made. The digital signal processor may execute skel software that unpacks the argument data and executes a service related to the remote procedure call. | 2014-04-03 |
20140096149 | CONFIGURABLE GENERATION OF PROXIES FOR BACKEND APIS - A proxy remote function call is created in a first component of an Enterprise Resource Planning (ERP) system, the proxy remote function call acting as a proxy for a previously created remote function call in the first component. A field mapping table may then be maintained for the proxy remote function call, the field mapping table containing a mapping of first data fields used for operation of a process in a second component of the ERP system to second data fields utilized by the remote function call in the first component, at least one of the first data fields mapping to a data field in the second data fields having a different data type and/or different field names. When a call is received from the process on the second component, fields in the parameters of the call may be converted using the field mapping table. | 2014-04-03 |
20140096150 | LIBRARY SYSTEM - The present invention relates to a library system including a disc recording/reproducing unit, a disc container, and a disc transport unit for transporting a disc between the disc recording/reproducing unit and the disc container. In order to improve the reliability of the operation of moving the disc from the disc recording/reproducing unit to the disc transport unit, a disc transport controller determines the situation in both the disc recording/reproducing unit and the disc transport unit, and error-stops the operation according to the result of the determination. Alternatively, the disc transport controller retries the movement of the disc, by pulling the disc into the disc transport unit or returning the disc to the disc recording/reproducing unit, and by finely adjusting the relative positions of the disc recording/reproducing unit and the disc transport unit if necessary, in order to solve the problem of damage to a surface of the disc. | 2014-04-03 |
20140096151 | OPTICAL DISK DRIVE WITH STORAGE DEVICE - An optical disk drive includes a disk drive body and a storage device. The drive body includes a receiving bracket and a support tray received in the receiving bracket. The support tray is used for supporting a disk. The support tray includes a tray body. The tray body defines an inserting slot. The storage device includes a main body and an inserting head connected to the main body. The inserting head is received in the inserting slot. The optical disk drive has a storage device which can be used by people to copy data. | 2014-04-03 |
20140096152 | TIMING ADVERTISEMENT BREAKS BASED ON VIEWER ATTENTION LEVEL - A device and method for timing advertisement breaks in video-on-demand applications based on viewer attention level includes a video device configured to display video content and receive biometric data indicative of the attention level of a viewer. The video device may notify a video-on-demand server that the attention level of the viewer has exceeded a threshold. In response to the notification, the video-on-demand server may determine a time to display advertisement content on the video device. The advertisement break time may be determined in relation to the video content. The advertisement content may be selected based on the video content. The video device may determine the viewer attention level during playback of the advertisement content and pause playback if the viewer attention level falls below the threshold. | 2014-04-03 |
20140096153 | SATELLITE COMMUNICATION SYSTEM AND METHOD BASED ON DIGITAL VIDEO BROADCASTING-RETURN CHANNEL VIA SATELLITE (DVB-RCS) - A satellite communication system and method based on a digital video broadcasting-return channel via satellite (DVB-RCS) are provided. The satellite communication system may include a central station, and at least one very small aperture terminal (VSAT) including a first VSAT and a second VSAT. When a logon request is received from the second VSAT, the central station may determine whether the first VSAT is normally operated. When the first VSAT is determined to be abnormally operated, the central station may allow the second VSAT to log onto the central station. | 2014-04-03 |
20140096154 | INTEGRATED BROADCASTING COMMUNICATIONS RECEIVER AND RESOURCE MANAGING DEVICE - An integrated broadcasting communications receiver, comprises: an application activation information extracting unit; an application obtaining unit; an application execution unit; an application controlling unit; an revocation list extracting unit and a verification key extracting unit for extracting an revocation list and a verification key from broadcast data; an revocation list verifying unit for verifying if a provider ID of an application is written in an revocation list; and a resource managing unit for obtaining a resource. | 2014-04-03 |
20140096155 | APPARATUS AND METHOD FOR CONTROLLING ADVERTISEMENT - An apparatus for controlling display of an advertisement includes a receiving terminal receiving a signal according to an operation of a remote controller, a transmitting terminal transmitting the display control signal received through the receiving terminal to a set-top box, a data transceiving terminal receiving advertisement data and advertisement information registered in the advertisement server, a data inputting terminal receiving the broadcasting data or the advertisement data, a data outputting terminal outputting the broadcasting data or the advertisement data input to the data inputting terminal to the display, and a control unit blocking the output of the broadcasting data to the display and controlling the output of the advertisement data when a broadcasting channel change signal is input through the receiving terminal during a period in which the broadcasting data are output through the display. | 2014-04-03 |
20140096156 | System and Method for Seamless Switching Through Buffering - A method of preparing data streams to facilitate seamless switching between such streams by a switching device to produce an output data stream without any switching artifacts. Bi-directional switching between any plurality of data streams is supported. The data streams are divided into segments, wherein the segments include synchronized starting points and end points. The data rate is increased before an end point of a segment, to create switch gaps between the segments. Increasing the data rate can include increasing a bandwidth of the plurality of data streams, for example by multiplexing, or compressing the data. | 2014-04-03 |
20140096157 | HOME MEDIA SERVER CONTROL - New forms of entertainment can result from this method of selecting, identifying, and storing by a media producer of multi-media content as files to a storage medium within an editing platform. Generating, using an editing software program, a set of instructions and data for assembly of an edited program, the edited program including specified segments from the files of the multi-media content. Assembling the specified segments using the set of instructions and data to form the edited program. Storing the edited program on the editing platform. Analyzing, using a software program, endpoint frames of each segment in the edited program, the analysis resulting in analysis data stored on the editing platform. Distributing the information to a home media server. Emulating assembly of the edited program by the home media server using the information and a home media server editing program, the assembled edited program being stored in the home media server. | 2014-04-03 |
20140096158 | METHOD OF CONTROLLING DISPLAY - A method of controlling a display includes displaying a first window on the display, setting the first window to receive commands, and displaying a second window on the display. When the second window is displayed, a portion of the first window is kept being displayed, and the first window is kept being set to receive commands. | 2014-04-03 |
20140096159 | ENCAPSULATED, STREAMING MEDIA AUTOMATION AND DISTRIBUTION SYSTEM - Disclosed are systems and methods for creating and distributing programming content carried by a digital streaming media to be a plurality of remote nodes located over a large geographic area to create customized broadcast quality programming at the remote nodes. | 2014-04-03 |
20140096160 | ELECTRONIC PROGRAM GUIDE DISPLAY METHOD AND SYSTEM - The present invention provides a computer-implemented method of displaying an electronic program guide, comprising: storing one or more program data of a program in a database; sorting the program into a category based on at least one of the one or more program data; associating the program with a property tag of the category, wherein the program data comprises title of the program, hosts, languages, length of the program, main actors, advertisement categories, source broadcasting channel of the program, and a combination thereof; and displaying a program guide of said category based on the property tag in the unit of individual programs. | 2014-04-03 |
20140096161 | Meta Channel Based Media System Control Technology - Meta-channels identify content entries and indicate an order with which to experience the content entries. The meta-channels may include a multi-source meta-channel that includes at least a first content entry that relates to first content broadcast by a first content provider at a specific time and a second content entry that relates to second content made available, over a network, by a second content provider in response to user requests. A selection of a meta-channel is received and the selection of the meta-channel is mapped to a content entry defined by the selected meta-channel. A media system is controlled to render content based on a content entry mapped to by the selected meta-channel. | 2014-04-03 |
20140096162 | Automated Social Media and Event Driven Multimedia Channels - Novel tools and techniques are described for generating or extracting keywords based on trend data related to contemporary news events, social media topics, and/or Internet searches, etc. Local and/or remote content catalogs, which are respectively associated with local and remote content libraries, are searched for relevant multimedia content (e.g., video, audio, and/or written content) using the generated or extracted keywords. Dynamic automated on-demand and/or broadcast channels are generated that incorporate the relevant multimedia content, and streamed and/or broadcast to one or more user devices (including PCs, televisions, and mobile devices). User-interactive selection capabilities are optionally provided during the channel generation process. | 2014-04-03 |
20140096163 | PROVIDING AND RECEIVING WIRELESS BROADCASTS - Systems, methods, apparatus, and computer program products are provided for wirelessly providing transcoded broadcasts to mobile devices and receiving content wirelessly via mobile devices. For example, in one embodiment, a distribution device can receive an over-the-air broadcast, transcode the over-the-air broadcast, and broadcast the transcoded broadcast to mobile devices within range. | 2014-04-03 |
20140096164 | ENHANCED USER EXPERIENCE FOR MIRACAST DEVICES - A method is implementable in a source device that is operable to provide, via a wireless channel, a video stream to a sink device for display by the sink device. The method includes receiving compressed video data corresponding to one or more video frames of the video stream, and generating a current packet of a plurality of packets. The plurality of packets collectively includes the compressed video data. The current packet includes a current portion of the compressed video data and recovery information indicative of at least one of (i) an arrangement of an earlier portion of the compressed video data, or (ii) content of the earlier portion of the compressed video data, wherein the earlier portion of the compressed video data is data included in an earlier packet of the plurality of packets. The method also includes causing the current packet to be transmitted to the sink device. | 2014-04-03 |
20140096165 | ENHANCED USER EXPERIENCE FOR MIRACAST DEVICES - A method is implementable in a source device operable to provide, via a wireless channel, a video stream to a sink device for display by the sink device. The method includes receiving link quality information indicative of a condition of the wireless channel and/or performance of communications between the source device and the sink device via the wireless channel. The method also includes determining a measure of network congestion based on the link quality information, and, based on the measure of network congestion, skipping one or more, but not all, video frames of a plurality of video frames in the video stream, such that the one or more video frames are not provided to the sink device, reconfiguring a video encoder operating on the plurality of video frames, such that an output bit rate of the video encoder is changed, and/or changing a video format of the video stream. | 2014-04-03 |
20140096166 | Recorded Multimedia and Live Television Roaming - Methods, systems, and apparatuses can be operable to facilitate pausing playback of recorded multimedia or live television on a multimedia player and resuming playback from the pause point on the same or a different multimedia player. A user can pause a channel on a multimedia player and resume play of the paused channel on a different multimedia player. A user can pause a channel on a multimedia player and tune the multimedia player to a different channel without losing content associated with the paused channel. | 2014-04-03 |
20140096167 | VIDEO REACTION GROUP MESSAGING WITH GROUP VIEWING - A system and method to create integrated reactions video that include one or more reactions presented in a synchronized manner with the original message video. The reaction and the original video are presented as complete package. In this manner, there is no need to search for and watch reaction videos individually. Additionally, because the original video is watched in synch with the reaction video, it is evident what portions of the original video are creating each specific reaction. | 2014-04-03 |
20140096168 | Media Playing Tool with a Multiple Media Playing Model - Machine-readable media, methods, and apparatus are described for a media playing tool with a multiple media playing model. In some embodiments, the multiple media playing model may decoding a first media stream into a plurality of first frames and decode a second media stream into a plurality of second frames. Further, the multiple media playing model may adjust a first frame of the plurality of first frames and a second frame of the plurality of second frames into a third frame with a predetermined layout. | 2014-04-03 |
20140096169 | PLAYBACK SYNCHRONIZATION IN A GROUP VIEWING A MEDIA TITLE - A method and apparatus for synchronizing the playback of a media title to a group of client device platforms is disclosed. A synchronizer may make adjustments to the playback modes of one or more client device platforms within a group watching the same media title in order to ensure synchronized playback. When a client device platform is behind the group its playback mode may be changed to a fast playback mode. When a client device platform is ahead of the group its playback mode may be changed to a slow playback mode. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. | 2014-04-03 |
20140096170 | Systems And Methods For Communicating With Patients - Methods and systems for communicating with a patient through a television in the patient's hospital room are disclosed. In some embodiments, the methods and systems include the following: a television signal gateway module for receiving televisions signals and encoding the signals as Ethernet-based Internet protocol signals; an application and media server including a first sub-system for storing and processing the signals and data according to instructions and generating, sending, and receiving application and media signals; and an interactive set-top-box including a second sub-system for storing and processing instructions and processing the Ethernet-based Internet protocol television signals and the application and media signals to produce television display signals, the set-top-box communicating the television display signals for display on the patient's television. In some embodiments, a whiteboard module that acts as a home page for patients as they navigate the interactive system is included in the application and media server. | 2014-04-03 |
20140096171 | SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR LOAD ADAPTIVE STREAMING - Methods, systems, and computer program products that allow for the load adaptive downloading, processing, and rendering of video by a video processing client, where the downloading is adaptive to the processing load of a computing system on which a video processing client operates. | 2014-04-03 |
20140096172 | SELECTIVE DISTRIBUTION OF CELL BASED VIDEO STREAMS OVER PACKET BASED NETWORKS - According to the present invention, methods and apparatus are provided to allow selective distribution of video information over packet based networks. Video information associated with a particular channel is received at an edge router from a cell based network. The edge router uses label switching to selectively distribute the video information to designated nodes in the packet based network. | 2014-04-03 |
20140096173 | METHOD OF PROCESSING NON-REAL TIME SERVICE AND BROADCAST RECEIVER - A method of processing a non-real time service of a broadcast receiver includes receiving a signaling information table including additional information on contents configuring a non-real time service and a content identifier for each content, acquiring the additional information on contents and the content identifier for each content from the signaling information table, storing contents being downloaded through a FLUTE or an internet in a storage medium, based upon the additional information on contents and the content identifier for each content, and displaying a list of recordings including the contents stored in the storage medium. | 2014-04-03 |
20140096174 | VIDEO BRANCHING - A method of displaying a branched chain of IPTV content involves providing a set of metadata that associates the time intervals with one of the plurality of affiliate video streams; playing the first stream of video content on an IPTV compatible player to sequentially reveal the plurality of features of the first stream in their respective time relationships in the first stream via a display driven by the IPTV compatible player device; at the IPTV player, receiving a selection signal during the time interval that selects the video feature being displayed and the IPTV player ceasing to play the first stream of video and beginning playing the associated one of the collection of affiliate data streams. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract. | 2014-04-03 |
20140096175 | Broadcast Synchronization - A first media server delivers content for broadcast via a first media channel, and a second media server delivers media content for broadcast via a second media channel. The first media server operates in a synchronized mode, under control of the second media server during some periods of time, and during other periods of time operates in an independent mode. When operating in the synchronized mode, content delivered by the first and second media servers can be synchronized, so that the timing of spot blocks played on the two servers generally coincides. When the first server operates in the independent mode, the timing of spot blocks and other content broadcast on the first media channel are not synchronized under control of the second media server. | 2014-04-03 |
20140096176 | System and Method for Signal Reception and Distribution - A system and method for receiving and distributing an over-the-air signal over a network. At least one antenna receives an over-the-air signal containing a plurality of channels, at least one tuner isolates from the over-the-air signal information associated with a selected channel and produces an intermodulated carrier wave associated with the selected channel, at least one demodulator demodulates the intermodulated carrier wave to produce a data stream in a first format. Optionally a processor (for example a transcoder) converts the data stream in a first format into a second format. A communications interface produces a network transport stream from the data stream in the second format and distributes the network transport stream over the network. A line coupling unit (LCU) sets resistance/capacitance values which optimize the signal for distribution. | 2014-04-03 |
20140096177 | FACILITATING VARIED ACCESS BASED ON AUTHENTICATION SCORING - Systems and methods may provide for determining a composite false match rate for a plurality of authentication factors in a client device environment. Additionally, the composite false match rate can be mapped to a score, wherein an attestation message is generated based on the score. In one example, the score is associated with one or more of a standardized range and a standardized level. | 2014-04-03 |
20140096178 | ALLOWING VARIED DEVICE ACCESS BASED ON DIFFERENT LEVELS OF UNLOCKING MECHANISMS - Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access. | 2014-04-03 |
20140096179 | SYSTEM AND METHOD FOR PERFORMING SECURE COMMUNICATIONS - A system establishes secure communications between first and second electronic devices. The first device stores secured content to be accessed by second device based on identification information of the first device. The identification information of the first device may be manually input into the second device, and the second device may perform an initial pairing operation with the first device based on this manually entered information. The identification information stored from initial pairing may allow secure automatic pairing. | 2014-04-03 |
20140096180 | SYSTEM, DEVICES, AND METHODS FOR PROXIMITY-BASED PARENTAL CONTROLS - Systems, devices, and methods for proximity-based parental controls include a dominant computing device and a subordinate computing device configured to pair and establish a shared secret. Later, upon determining that the dominant computing device and the subordinate computing device are in proximity, the dominant computing device authenticates the subordinate computing device using the shared secret and authorizes access to an application on the subordinate computing device. The dominant computing device may configure an access control policy associated with the application. The access control policy may define allowed usage time, allowed usage time of day, allowed content, and/or other parameters. The subordinate computing device may enforce the access control policy. The application on the subordinate computing device may be a user interface shell, a game, a web browser, a particular web site, or other application. Other embodiments are described and claimed. | 2014-04-03 |
20140096181 | EVENT INTEGRATION FRAMEWORKS - Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from a compliance and configuration control (“CCC”) tool and generating information for a security information and event management (“SIEM”) tool based on the information from the CCC tool. For example, in one exemplary embodiment, information from a CCC tool is transferred to a SIEM tool or logging tool by receiving the information from the CCC tool in a format that is not recognized by the SIEM tool or logging tool, and generating an output message in a message format that is recognized by the SIEM tool or logging tool. In particular embodiments, the message format is a customizable message format that is adaptable to multiple different SIEM tools or logging tools. In further embodiments, the data transferred to the SIEM tool comprises data indicative of compliance policy changes. | 2014-04-03 |
20140096182 | SYSTEMS AND METHODS FOR DISTRIBUTED TRUST COMPUTING AND KEY MANAGEMENT - Devices, systems, and methods for conducting trusted computing tasks on a distributed computer system are described. In some embodiments, a client device initiates a trusted task for execution within a trusted execution environment of a remote service provider. The devices, systems, and methods may permit the client to evaluate the trusted execution capabilities of the service provider via a planning and attestation process, prior to sending data/code associated with the trusted task to the service provider for execution. Execution of the trusted task may be performed while enforcing security and/or compartmentalization context on the data/code. Systems and methods for managing and exchanging encryption keys are also described. Such systems and methods may be used to maintain the security of the data/code before during, and/or after the execution of the trusted task. | 2014-04-03 |
20140096183 | PROVIDING SERVICES TO VIRTUAL OVERLAY NETWORK TRAFFIC - In one embodiment, a method for applying security policy in an overlay network includes receiving a request, including a packet, for a communication path through an overlay network, determining whether a security policy is to be applied to the packet based on at least one of: contents of the packet, first information, and second information, selecting a communication path between a source physical switch and a destination physical switch, wherein the selected communication path directly connects the source physical switch to the destination physical switch when it is determined to not apply the security policy to the packet, and the selected communication path connects the source physical switch to the destination physical switch via a security appliance when it is determined to apply the security policy to the packet, and sending the selected communication path to the source physical switch. | 2014-04-03 |
20140096184 | System and Method for Assessing Danger of Software Using Prioritized Rules - Disclosed are system, method and computer program product for assessing security danger of software. The system collects information about a suspicious, high-danger software objects, including one or more malicious characteristics of the software object, security rating of the software object, and information about one or more security rating rules used in assessing the security rating of the software object. The system then determines whether the suspicious object is a clean (i.e., harmless). When the suspicious object is determined to be clean, the system identifies one or more unique, non-malicious characteristics of the software object and generates a new security rating rule that identifies the software object as clean based on the one or more selected non-malicious characteristics. The system then assigns high priority ranking to the new security rating rule to ensure that the rule precedes all other rules. | 2014-04-03 |
20140096185 | METHOD AND APPARATUS FOR PROVIDING AUTHORIZED REMOTE ACCESS TO APPLICATION SESSIONS - A method and apparatus for providing authorized remote access to one or more application sessions includes a client node, a collection agent, a policy engine, and a session server. The client node requests access to a resource. The collection agent gathers information about the client node. The policy engine receives the gathered information, and makes an access control decision based on the received information. The session server establishes a connection between a client computer operated by the user and the one or more application sessions associated with the user of the client node identified in response to the received information. | 2014-04-03 |
20140096186 | Policy-Based Application Management - Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things. | 2014-04-03 |
20140096187 | Systems and Methods for Updating Scanning Rules - Systems and methods are provided for updating one or more scanning rules. For example, one or more first operation records being uploaded are obtained; scanning information corresponding to the first operation records is extracted; one or more recommended operations corresponding to the scanning information are obtained based on at least information associated with one or more scanning rules; a matching degree between the first operation records and the recommended operations is calculated; and the scanning rules are updated based on information associated with the matching degree. | 2014-04-03 |
20140096188 | SYSTEM AND METHOD FOR POLICY GENERATION - One example provides a collaborative policy refinement service to aggregate policy inputs from organizational layers and to generate security policies that are consistent across the organizational layers. This includes an interactive policy component to facilitate collaborative interaction between the organizational layers and to facilitate determination of the security policies. | 2014-04-03 |
20140096189 | USING TRUSTED DEVICES TO AUGMENT LOCATION-BASED ACCOUNT PROTECTION - An authentication process receives information identifying a user, a device used by the user and a location in which the device is being used. That authentication process determines whether the location is among a set of familiar locations stored about the user for a service being accessed. If the location is not among the set of familiar locations, then the user is not authenticated. A desirable user experience can be obtained by using information about any existing relationship, such as a synchronization relationship, between the device and the service established at a prior familiar location. Instead of challenging a user whose device is in an unfamiliar location, the authentication process determines whether the device has a relationship established with the service. If the device has a relationship established with the service, then the set of familiar locations is updated to include the location in which the device is being used. | 2014-04-03 |
20140096190 | DYNAMIC FLOW CONTROL FOR ACCESS MANAGERS - A master flow controller can branch to a dynamic flow controller for a specific event in an authentication process. The master flow controller saves the state of the plug-in execution before branching the control into the dynamic flow controller. All the attributes stored in the authentication context by the authentication plug-in is saved and synchronized before the control is branched to the child flow controller. After the dynamic flow controller finishes execution, the state information is synchronized between flow controllers. | 2014-04-03 |
20140096191 | AUTHENTICATION APPARATUS, AUTHENTICATION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING PROGRAM - An authentication apparatus includes a detection unit that detects whether or not communication with a portable storage medium storing identification information for identifying a user is able to be performed, a reading unit that reads identification information stored in the storage medium when the detection unit detects that the communication is able to be performed, a time counting unit that counts an elapsed time, a determination unit that determines whether or not the elapsed time counted by the time counting unit matches a predefined time for the identification information read by the reading unit, and an authentication unit that authenticates the storage medium with which the detection unit detects that the communication is able to he performed when the determination unit determines that the elapsed time counted by the time counting unit matches the predefined time. | 2014-04-03 |
20140096192 | PUTTING IN PLACE A SECURITY ASSOCIATION OF GBA TYPE FOR A TERMINAL IN A MOBILE TELECOMMUNICATIONS NETWORK - A method is provided for putting in place a security association of GBA type for a terminal. The method includes the following steps, executed in a network access server, following the receipt of a request for attachment to the network from the terminal: dispatching a request to a subscriber server, receipt of a response including an indication that the user profile associated with the terminal supports the security association of GBA type. | 2014-04-03 |
20140096193 | ACCESS THROUGH NON-3GPP ACCESS NETWORKS - When setting up communication from a user equipment UE ( | 2014-04-03 |
20140096194 | CLIENT-SIDE ACTIVE VALIDATION FOR MITIGATING DDOS ATTACKS - Methods and systems for mitigating denial-of-service attacks include a proxy server that monitors a set of application servers configured to receive and service requests from clients. The proxy server intercepts the requests, and in response, provides the clients with customized client-side scripts embedded in markup language. The client-side scripts may include random strings to generate follow-through random uniform resource identifier redirection requests expected by the proxy server. The client-side scripts, upon execution, may challenge the clients by demanding user interaction within a specified period of time, requesting a delay before responding, and/or attempting to set a challenge cookie multiple times. If a client provides the demanded user interaction within the specified time, honors the delay, and/or sets the challenge cookie with the correct value, then the client-side scripts may generate a redirection request expected by the proxy server for that client and the proxy servers may whitelist that client for a configurable duration and forward that client's subsequent requests to the application servers without challenge. | 2014-04-03 |
20140096195 | Secure Information Release - An embodiment of the invention provides a responder such as a health care professional with quick and secure access to select information about a user. An embodiment of such quick and secure access to select information may include receiving a user request to authenticate a responder mobile phone from the responder mobile phone, separately sending a common secure data to each of the responder's mobile phone and the user's mobile phone, receiving user authorization to release select data to the responder's mobile phone, the user's authorization received from the responder's mobile phone. Other embodiments are described herein. | 2014-04-03 |
20140096196 | SYSTEM AND METHOD FOR ENHANCING SELF-SERVICE SECURITY APPLICATIONS - Embodiments of the present invention may enable a user of an electronic device to setup a game-based environment within the electronic device that can be used as an authentication platform to prevent access by illegitimate or unauthorized users. The communication device may include a display screen, a processor, and a memory coupled to the processor. The memory may include a database and an instruction set. The database may store pre-defined access patterns that can be used in the authentication process. Further, the instruction set may include instructions executable by the processor to monitor inputs made by a new user in the game based environment. Furthermore, the instructions executable by the processor may match the inputs of the new user with the pre-defined access patterns to check the authentication of a new user. | 2014-04-03 |
20140096197 | INSTANT MESSAGING VIRTUAL PRIVATE NETWORKS - According to one embodiment, an apparatus may receive a virtual private network (VPN) establishment request communicated over an instant messenger protocol. The apparatus may negotiate a communication tunnel in response to receiving the VPN establishment request and receive a datagram through the communication tunnel. | 2014-04-03 |
20140096198 | SECURE CALL INDICATOR MECHANISM FOR ENTERPRISE NETWORKS - The concept of a secure call indicator is introduced. In general, the secure call indicator is capable of inspecting the security of signaling associated with Session Initiation Protocol (SIP) messages and comparing the security with media descriptions of the actual media path of the SIP messages. Furthermore, the secure call indicator may be configured to indicate the security associated with a communication session via a physical or virtual notification system. | 2014-04-03 |
20140096199 | DEVICE AND METHODS FOR MANAGEMENT AND ACCESS OF DISTRIBUTED DATA SOURCES - A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed. | 2014-04-03 |
20140096200 | Shared Level Networking - A social network server system including a qualitative Social network share level for a post, photo, etc. submitted by a given social network user device. The social network share level is based on actual content sensitivity, permitting each shared post, photo, or other information viewable by other social network user devices based on its own individual social network share level, or “closeness rating.” The closeness rating is inclusive and based on a social network share level set by the poster when making the post, adding the photo or other information. The social network share level establishes individually which connected social network user device(s) to which the poster has an established relationship may have access to the shared post, photo, information, etc. A privacy level is defined for each post, photo, etc. vis-a-vis each other social network user to which a poster has a defined relationship. | 2014-04-03 |
20140096201 | SYSTEMS AND METHODS FOR SECURED ENTRY OF USER AUTHENTICATION DATA - Techniques for improving security of transactions requesting user authentication data entry via mobile devices are described herein. The mobile device is configured to wirelessly communicate using a near field communications (NFC) standard used to communicate over very short distances. The mobile device includes a graphical user interface (GUI) configured to display a virtual keypad arranged in a randomly generated pattern, the pattern being configured to be changed in a random manner at each instance of displaying the virtual keypad. Security of transaction is improved by randomly changing positions of virtual keys of the virtual keypad configured to receive the user authentication data. | 2014-04-03 |
20140096202 | SYSTEM, SERVER, COMMUNICATION DEVICE AND COMPUTER READABLE MEDIUM THEREFOR - Computer-readable instructions, when executed by a processor of a server, cause the server to receive a request from a terminal device, using a protocol configured to be used by a browser of the terminal device. The computer-readable instructions cause the server to generate, in response to receiving the request, specific data. The specific data comprises first location information for location of a web data configured to display a message screen for transmitting target data from the terminal device to a communication device using a short-range wireless communication, and the target data is stored in a memory of the server associated with authentication information configured to authenticate the communication device to a service providing server. The specific data configured to be in a format for transmission using the protocol. | 2014-04-03 |
20140096203 | NETWORK SYSTEM AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM - A network system according to the present invention includes a service providing server that provides an application service, a user terminal used by a user when using the application service, and a proxy server intervening between the service providing server and the user terminal. The user terminal includes a whitelist for an application in which at least a URL of the proxy server is described. The user terminal accesses the service providing server over the network and provides an application service to the user by starting the application program. When an access request to a URL of an access target specified by the application program is made during the provision of the application service, the user terminal compares the URL of the access target with a URL described in the whitelist for the application. | 2014-04-03 |
20140096204 | MANAGING SECURITY RESTRICTIONS ON A RESOURCE IN A DEFINED ENVIRONMENT - Approaches described herein manage security restrictions on a resource in a defined environment to provide authorization and access. Specifically, a security system maintains a security restriction on the resource (e.g., an information technology (IT) account of a user, or an apparatus) in a defined environment. The presence of a plurality of users is continuously monitored throughout the defined environment and, based on a detection of a pre-specified set of users from the plurality of users in the defined environment, the security restriction is managed (e.g., removed or maintained). In one embodiment, the system removes the security restriction from the resource to allow at least one of: access to the IT account of the user, and operation of the apparatus. The security restriction on the resource may then be reinstated in the case that the pre-specified set of users from the plurality of users is no longer present in the defined environment. | 2014-04-03 |
20140096205 | Login method, open platform identification method, open platform and open platform system - The disclosure provides a login method, an open platform identification method, an open platform and an open platform system. A user terminal is guided to agree to authorize a third party application via a page of the open platform; when the connection of authorization of the user terminal succeeds, the open platform brings a first OpenID and a first OpenKey of the user to the third party application according to a login rebound protocol of the open platform; then the third party application performs user-terminal-based authorized login according to the first OpenID and the first OpenKey; and when the user terminal logging into the open platform initiates the third party application, a prompt message is sent to the user terminal with an open platform account serving as an identification of the open platform, and thus login can be implemented in various forms. A user does not need to register or manage login accounts of a plurality of websites and meanwhile the prompt and push problem of the third party application is solved. | 2014-04-03 |
20140096206 | NETWORK ACCESS CONTROL SYSTEM AND METHOD - A system comprising a client that can place a network site access request to a network access server. In use, prior to placing the request, the client accesses the network access server to set up a network access profile relating to personal choices and accesses a trusted site to select options to provide a trusted site profile. When the client places a request, client data is provided along with the request whereby the client is automatically recognized by the server. Upon recognition, the server passes the client data to the trusted site, the trusted site uses the client data to retrieve the client's trusted site profile, which is then transferred to the server. A combining engine in the server then combines the trusted site profile with the network access profile and a filtering engine applies the combined profiles to permit or forbid the network site request to be fulfilled. | 2014-04-03 |
20140096207 | LAYER 7 AUTHENTICATION USING LAYER 2 OR LAYER 3 AUTHENTICATION - A system and method for authenticating a layer 7 client application (application layer) based on a layer 2 (data link layer) or a layer 3 (network layer) authentication is provided. A request to authenticate to a network is received from a communication device. The request to authenticate to the network is for a layer 2 or layer 3 authentication. The communication device is authenticated to the network based on having the necessary credentials. | 2014-04-03 |
20140096208 | AUTOMATED SYSTEM AND METHOD FOR PROVISIONING AND MANAGING CLOUD DESKTOP SERVICES - An automated system and method including proprietary software applications and processes to be used by Internet Service Providers, Infrastructure as a service Providers, Independent Software Vendors, Data Center Managers, and Corporate Enterprises to rapidly provision, configure and manage complex information technology environments that exist in virtual space (the cloud) and are provided for end user interaction using the public computer networks (internet) or private computer networks. | 2014-04-03 |
20140096209 | PRE-AUTHENTICATED CALLING FOR VOICE APPLICATIONS - Architecture for providing pre-authenticated information from an endpoint for subsequently authenticating a device and/or user associated with the previously-authenticated information. A pre-authentication module of the architecture can be a trust component as part of an application that facilitates the utilization of user information and/or endpoint information in a media session protocol message to replace information that would otherwise be gathered via a dialog. In the context of IP-based voice communications, a call can be made from a client that is pre-authenticable, and no longer requires that an IP-based telephone interact with the phone user to facilitate sign-on. | 2014-04-03 |
20140096210 | Advanced Authentication Techniques - A method, system, apparatus, and computer program product are provided for facilitating advanced authentication techniques. For example, a method is provided that includes receiving at least one request to access at least one resource and receiving at least one composite authentication credential, the composite authentication credential comprising a first credential component and a second credential component. The method further includes determining whether the first credential component is valid, determining whether the second credential component is valid and, in an instance in which it is determined that the first and second credential components are valid, causing access to the at least one resource to be permitted. | 2014-04-03 |
20140096211 | SECURE IDENTIFICATION OF INTRANET NETWORK - A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer. | 2014-04-03 |
20140096212 | MULTI-FACTOR AUTHENTICATION PROCESS - Systems and methods may implement a multi-factor authentication process utilizing, among other things, a value known by a user and an item in the user's possession. In one example, the method may include authenticating a user via a first method utilizing input received from the user, authenticating the user via a second method utilizing a device associated with the user, and authenticating the user via a third method utilizing a security token. | 2014-04-03 |
20140096213 | METHOD AND SYSTEM FOR DISTRIBUTED CREDENTIAL USAGE FOR ANDROID BASED AND OTHER RESTRICTED ENVIRONMENT DEVICES - A method, system and computer program product configured for providing distributed credential usage for an electronic handheld device or computing device configured with an operating system comprising an iOS based, Android or other operating system with sandboxed or restricted environments. The system comprises one or more applications running an operating system and configured with one or more sandboxed environments, and a credential provider application configured in a sandboxed environment. The credential provider application is configured to transfer data between the applications, for example, utilizing an inter-process communication channel. The credential provider application is configured to perform an operation on a request from one of the applications and utilizes credentials associated with the application. The credential provider application is configured to maintain the integrity of the credentials within the confines of the credential provider application so that the application is not given access to any private or secret credentials. | 2014-04-03 |
20140096214 | RADIUS POLICY MULTIPLE AUTHENTICATOR SUPPORT - A method for providing multiple authenticator support when responding to RADIUS Access Request messages is disclosed. The method for providing multiple authenticator support when responding to RADIUS Access Request messages includes receiving a RADIUS Access Request message, retrieving customer authentication information having a first and second authenticator value; attempting authentication against the first authenticator value, and in the event that a failure to authenticate occurs, then attempting authentication against the second authenticator value. Int the event of a successful authentication against either the first or second authenticator value, a RADIUS Access Accept message is provided. Examples of first and second authenticator values include a UserName and a MAC address. The method for providing multiple authenticator support when responding to RADIUS Access Request messages provides advantages over single authenticator value systems known in the art. | 2014-04-03 |
20140096215 | METHOD FOR MOBILE SECURITY CONTEXT AUTHENTICATION - The present invention is a system and a method for improving the authentication security across a network from a mobile electronic computing device in the context of one or more users, devices, sites/sessions, servers, locations, proximity, motion and/or behavioral attributes within a defined session lifecycle. The authentication method and system utilizes a strong, elegant, private, definitive and real-time, triangulated verification, which requires mutual authentication between the parties. | 2014-04-03 |
20140096216 | METHOD AND APPARATUS FOR SECURE ACCESS PAYMENT AND IDENTIFICATION - According to one aspect, the invention provides a system for authenticating identities of a plurality of users. In one embodiment, the system includes a first handheld device including a wireless transceiver which is configured to transmit authentication information, a second device including a wireless receiver, where the second device is configured to receive the authentication information. | 2014-04-03 |
20140096217 | SYSTEM FOR PERSONALIZED TELEMATIC SERVICES - A telematics system can provide authenticated access to telematic services. Upon connection of a mobile communication device to an automotive telematic system, and receipt of a request to access a telematic service, the system can determine by a processing unit of the automotive telematic system whether a personalized key for user authentication is required to access the telematic service and, if it is determined that the personalized key is required, request the personalized key from the mobile communication device. | 2014-04-03 |
20140096218 | Information processing apparatus, information providing server, program, communication system, and login information providing server - In one example embodiment, the communication system disclosed herein includes an information processing apparatus that acquires address information from a memory device having a free area including the address information and a secure area including account information. The information processing apparatus connects to a resource of a server using the acquired address information. The information processing apparatus causes a security server to acquire the account information from the memory device and transmit the acquired account information to the server such that the server enables a user to access the resource of the server using the account information. | 2014-04-03 |
20140096219 | Assisted Registration of Audio Sources - Systems and methods are provided for assisting a user with setting up an audio system with audio content services the user is already registered with. One method may involve receiving a list of a plurality of audio services supported by an audio system, selecting an audio service from the list of plurality of audio services, and determining whether a computing device application corresponding to the audio service is present on a computing device operated by the user and associated with the audio system. If the computing device application is present on the computing device operated by the user, the audio service may be set up with the audio system based on the user's registration information. In one case, the setup of the audio system with the audio service may require additional user input. In another case, the setup of the audio system with the audio service may be automatic. | 2014-04-03 |
20140096220 | DEVICE, METHOD, AND SYSTEM FOR AUGMENTED REALITY SECURITY - Devices and methods for authenticating a user of a mobile computing device to a content server include establishing a communication session between a target computing device and the content server that is identified by a session ID. The target computing device generates a pairing token using the session ID, which pairing token may be a two-dimensional bar code such as a quick response (“QR”) code, and presents the pairing token to the mobile computing device. The mobile computing device captures the pairing token and authenticates the user of the mobile computing device to an authentication server. The target computing device receives an authentication token from the authentication server in response to the mobile computing device successfully authenticating the user to the authentication server. The target computing device accesses content on the content server using the authentication token. Other embodiments are described and claimed. | 2014-04-03 |
20140096221 | System and Method for Implicitly Resolving Query Scope in a Multi-Client and Multi-Tenant Datastore - An apparatus comprising a multi-tenant datastore and a processor coupled to the multi-tenant datastore, wherein the processor is configured to receive a request comprising one or more security tokens, wherein the one or more security tokens comprise identification information, and generate a query based on the request to access the multi-tenant datastore, wherein generating the query comprises deriving a query scope based on the one or more security tokens. | 2014-04-03 |
20140096222 | SECURE USER AUTHENTICATION USING A MASTER SECURE ELEMENT - The master secure element comprises a processor, a memory and a logic unit and at least controls the user input of the handset in order to secure the user authentication based on PIN entry. The PIN code is entered directly into the secure element with no possibility for the host processor to intercept the code or for a malware program to inject the code into the master secure element. | 2014-04-03 |
20140096223 | AUTOMATED SECURITY TOKEN ADMINISTRATIVE SERVICES - This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services. | 2014-04-03 |
20140096224 | HANDLING OPEN AUTHENTICATION OF AN INVOKED WEB SERVICE IN A PROCESS - Embodiments relate to methods, systems, and computer program products for handling open authentication (OAuth) of an invoked web service in a process. An aspect includes determining whether an OAuth access token has expired. Another aspect includes initiating an automatic update of the OAuth access token based on determining that the OAuth access token has expired. | 2014-04-03 |
20140096225 | MESSAGING SYSTEM FOR HEALTHCARE COMMUNITY - A messaging system for a health care community includes a private network. Electronic medical records are accessible via the private network. A calendar system includes appointments of patients with medical providers. An encrypted firewall and subscriber directory limits access to the private network so that only subscribers to the private network have access to the private network. Subscribers are identified by mobile phone numbers or extensions. | 2014-04-03 |
20140096226 | SECURE COMPUTER ARCHITECTURES, SYSTEMS, AND APPLICATIONS - Secure computer architectures, systems, and applications are provided herein. An exemplary computing system may include a trusted environment having a trusted processor and memory that provides a trusted computing environment that performs computing functions that could expose the computing device to a security risk, and a legacy environment having a secondary processor and memory for providing a legacy computing environment that manages computing functions exposed to unsecure environments. | 2014-04-03 |
20140096227 | Extensible Framework for Communicating over a Firewall with a Software Application Regarding a User Account - An on-premise software application (“OPA”) is communicated with according to an action received from outside a firewall. The action concerns user account information maintained by the OPA. The OPA is installed on a device located inside the firewall. The action is received from a management server located outside the firewall. The action includes a portion that adheres to a standardized format. An OPA interface request is generated based on the action. The OPA interface request includes the standardized portion. The OPA interface request is sent to an agent/OPA interface. | 2014-04-03 |
20140096228 | SYSTEM AND METHOD FOR AUTOMATIC PROVISIONING OF MULTI-STAGE RULE-BASED TRAFFIC FILTERING - Methods and systems for filtering communication packets using a multi-stage filtering system that receives a large volume of communication packets from a communication network that filters the packets in two or more successive stages. The system comprises at least one front-end filtering unit and multiple back-end filtering units. Typically although not necessarily, the front-end filtering unit filters the packets based on layer-2 to layer-4 attributes of the packets. The back-end filtering units, on the other hand, filter the packets based on content extracted from the packet payloads. The back-end filtering units may perform filtering, for example, based on keyword spotting, application classification, malware detection and other content-related criteria. The front-end filtering unit typically performs filtering at the individual packet level and/or at the level of request-response transactions. The back-end filtering units, on the other hand, typically perform filtering at the level of entire reconstructed packet flows. | 2014-04-03 |
20140096229 | VIRTUAL HONEYPOT - A virtual honeypot is configured within a security appliance by configuring one or more network addresses associated with the virtual honeypot. The security appliance receives network traffic destined for the virtual honeypot sent to the one or more network addresses associated with the virtual honeypot, and forwards the traffic to a remote honeypot such that the remote honeypot appears to be connected to a network local to the security appliance. | 2014-04-03 |
20140096230 | METHOD AND SYSTEM FOR SHARING VPN CONNECTIONS BETWEEN APPLICATIONS - A method for sharing a virtual private network (VPN) connection among applications is described herein. In an environment in which multiple applications exchange data through the use of the virtual file system, a VPN for a first application can be established, and it can be determined that the first application is deactivated. Upon the determination that the first application is deactivated, a state of the VPN can be saved in a shared memory through the virtual file system. It may also be determined that a second application is activated. A VPN connection can be established for the second application by resuming the saved VPN state through the virtual file system. | 2014-04-03 |
20140096231 | SECURE ACCESS MANAGEMENT OF DEVICES - Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period. | 2014-04-03 |
20140096232 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus includes a user interface, an authentication unit, a controller, a restriction unit, and an authentication termination unit. The user interface accepts a first operation for setting a parameter from a user. The authentication unit authenticates the user. The controller controls the user interface to display the set parameter. The restriction unit restricts, in a case where a first condition is met after the user has been authenticated by the authentication unit, the user interface from accepting the first operation. The authentication termination unit terminates the authentication of the user in a case where a second condition is met while accepting of the first operation is being restricted by the restriction unit. The controller controls the user interface not to display the set parameter in a case where the second condition is met while accepting of the first operation is being restricted by the restriction unit. | 2014-04-03 |
20140096233 | SYSTEM AND METHOD FOR DISPLAY DEVICE ACCESS MANAGEMENT - A system and method for display device access management. An alphanumeric key is generated and displayed on a display device. The key is entered into the system by a user within sight of the display device and authenticated by the system. Media sent to the display device by the user is then displayed on the display device. | 2014-04-03 |
20140096234 | INTELLIGENT TASK ASSIGNMENT AND AUTHORIZATION SYSTEMS & METHODS - The present disclosure relates to computer-implemented methods and systems for intelligent task management. An example method may include identifying one or more authorized entities. The method may further include broadcasting at least one task associated with a user to one or more devices associated with the one or more authorized entities. The method may further include receiving from the one or more authorized entities, via the one or more devices, an indication of acceptance of the at least one task. The method may further include selecting at least one trusted entity among the one or more authorized entities. The method may further include issuing at least one digital certificate to the at least one trusted entity to perform the at least one task. | 2014-04-03 |
20140096235 | Method and Apparatus for Dishonest Hardware Policies - A system implements dishonest policies for managing unauthorized access requests. The system includes memory management hardware to store a set of dishonest policy bits, each dishonest policy bit that is configured to a predetermined value indicating disallowed access for one of a set of memory ranges. When a processor receives an access request for a location in a memory range to which access is not allowed as indicated by a set dishonest policy bit, the processor returns a false indication according to a dishonest policy that the requested access has been performed. | 2014-04-03 |
20140096236 | APPARATUS AND METHOD FOR SECURING MOBILE TERMINAL - A mobile terminal and a method for securing information are provided. The mobile terminal includes an application part to receive information related to an application; a determining unit to receive a command issued by the application and to determine whether the command or the application is authorized to access a system resource of the mobile terminal; and a blocking unit to block an execution of the command in response to a determination that the execution of the command is unauthorized or issued by the unauthorized application. The method includes receiving information related to an application; receiving a request for executing a command issued by the application; determining whether the requested command or the application is authorized to access a system resource of a mobile terminal; and blocking execution of the command in response to a determination that the execution of the command is unauthorized or issued by an unauthorized application. | 2014-04-03 |
20140096237 | INFORMATION PROCESSING SYSTEM, ACCESS RIGHT MANAGEMENT METHOD, INFORMATION PROCESSING APPARATUS AND CONTROL METHOD AND CONTROL PROGRAM THEREFOR - Provided is an information processing apparatus including an application interface and a device interface, generated on the basis of each application, which are associated with each other. The information processing apparatus includes an access right table for storing whether the each application has an access right to a device connected to the information processing apparatus, and an access control unit that controls access between the application interface and the device interface with reference to the access right table. | 2014-04-03 |
20140096238 | ELECTRONIC DEVICE, OPERATOR ESTIMATION METHOD AND PROGRAM - An electronic device includes: a touch detection section that is disposed on a side surface of a casing of a main body so as to detect a touch condition when an operator touches the main body; a touch change extraction section that extracts one of a temporal change and a spatial change in the touch based on the detected touch condition; and an estimation section that determines the identity of the operator based on the one of the extracted temporal change and spatial change in the touch. | 2014-04-03 |
20140096239 | SYSTEMS AND METHODS FOR CLIENT SCREENING IN THE FINANCIAL SERVICES INDUSTRY - Systems, methods, and interfaces for screening clients for security compliance with a Customer Identification Program are disclosed. An illustrative system for screening clients can include a client screening engine adapted to filter client account data based on one or more filtering criteria, a database adapted to store client account information and verification status information, and a graphical user interface adapted to selectively display client account information and verification status information for one or more selected clients on a screen. The system can be used to submit identity verification requests to Customer Identification Program vendors for only those clients whose identity have not been verified. | 2014-04-03 |
20140096240 | IDENTIFYING WHETHER AN APPLICATION IS MALICIOUS - Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious. | 2014-04-03 |
20140096241 | CLOUD-ASSISTED METHOD AND SERVICE FOR APPLICATION SECURITY VERIFICATION - A method, device, and system for browser-based application security verification is disclosed. A client device requests a browser-based application from a web server. An application security module of the client device intervenes and transmits an application verification request to a cloud service system. The cloud service system retrieves data regarding the security of the application and source from cloud resources and a local database of the cloud server. The cloud service system then uses the data to authenticate the source and verify the security of the browser-based application. The cloud service system provides the client device with a recommendation regarding the security of the browser-based application and updates its local database. The client device may then consider the recommendation in determining whether to download or execute the browser-based application and provide feedback to the cloud service system. The client device may also perform a local security analysis after receiving the cloud service system's recommendation. | 2014-04-03 |
20140096242 | METHOD, SYSTEM AND CLIENT TERMINAL FOR DETECTION OF PHISHING WEBSITES - One aspect of the present invention relates to a method for detecting a phishing website. The method includes acquiring information related to a microblog post containing a uniform resource locator (URL) of a website; analyzing the information related to the microblog post to extract features of the microblog post; calculating credibility of the URL of the website contained in the microblog post according to the extracted features of the microblog post; and determining according to the credibility of the URL of the website whether the URL of the website is a URL of a phishing website. | 2014-04-03 |
20140096243 | ELECTRONIC MESSAGE MANAGER SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SCANNING AN ELECTRONIC MESSAGE FOR UNWANTED CONTENT AND ASSOCIATED UNWANTED SITES - A system, method, and computer program product are provided for scanning an electronic message for unwanted content and associated unwanted sites in response to a request. In use, a request is received via a network to scan an electronic message prior to opening the electronic message, utilizing an electronic message manager. In addition, the electronic message is scanned for unwanted content and associated unwanted sites, in response to the request. Further, a response to the request is sent via the network. | 2014-04-03 |
20140096244 | USING A DECLARATION OF SECURITY REQUIREMENTS TO DETERMINE WHETHER TO PERMIT APPLICATION OPERATIONS - Provided are a computer program product, system, and method for using a declaration of security requirements to determine whether to permit application operations. A declaration of security requirements indicates actions the application designates to perform with respect to resources in a computer system, wherein a plurality of the indicated actions are indicated for at least two operation modes of the application. A detection is made of whether the application is requesting to perform a requested action with respect to a requested resource in the computer system. A determination is made of a current operation mode of the application comprising one of the at least two operation modes in response to detecting that the application is requesting the requested action. A determination is made as to whether the declaration of security requirements indicates the requested action with the current operation mode. The requested action with respect to the requested resource is allowed to proceed in response to determining that the declaration of security requirements indicates the requested action with respect to the requested resource as indicated with the current operation mode. | 2014-04-03 |
20140096245 | Protection Against Return Oriented Programming Attacks - In one embodiment, a processor includes at least one execution unit. The processor also includes a Return Oriented Programming (ROP) logic coupled to the at least one execution unit. The ROP logic may validate a return pointer stored on a call stack based on a secret ROP value. The secret ROP value may only be accessible by the operating system. | 2014-04-03 |
20140096246 | PROTECTING USERS FROM UNDESIRABLE CONTENT - Systems, methods, routines and/or techniques are described to protect users from undesirable content, for example, on an open platform. One or more embodiments may prevent the installation of an application package or warn a user if the application package may be undesirable (e.g., because it may contain malware). In one or more embodiments, a method may include receiving a first request to install an application package, and receiving and/or capturing metadata related to the application package. The method may include communicating a second request (e.g., including the metadata) to a remote server, such that the remote server can determine whether the application package may be undesirable. The method may include receiving a response from the remote server, where the response may indicate whether the application package may be undesirable, and initiating installation of the application package if the application package is determined to be safe and/or acceptable. | 2014-04-03 |
20140096247 | Protection Against Return Oriented Programming Attacks - In one embodiment, a processor includes at least one execution unit. The processor also includes a Return Oriented Programming (ROP) logic coupled to the at least one execution unit. The ROP logic may validate a return pointer stored on a call stack based on a secret ROP value. The secret ROP value may only be accessible by the operating system. | 2014-04-03 |