| 14th week of 2013 patent applcation highlights part 55 |
| Patent application number | Title | Published |
|---|
| 20130086599 | OPTICAL TAPE DRIVE MOVABLE PLANARIZER SUBSYSTEM AND METHOD FOR MINIMIZING DAMAGE TO AN OPTICAL PICKUP UNIT - In an optical tape drive system, a movable planarizer subsystem includes a tape planarizer support structure for supporting an optical tape planarizer. The support structure is moveable between an operational position and a non-operational position. The movable planarizer subsystem also includes an actuator for moving the support structure and the optical tape planarizer between the operational position and the non-operational position. The operational position of the support structure positions the optical tape planarizer to permit reading/writing of information from/to an optical tape via an optical pickup unit (OPU), and the non-operational position of the support structure positions the optical tape planarizer to permit passage of a tape leader through the tape drive system without damage to the OPU. | 2013-04-04 |
| 20130086600 | OPTICAL PICKUP - An optical pickup includes an object lens; a moving part including the object lens and coils; rod-shaped support members disposed in a focusing direction, one end of each of the support members being attached to side surfaces of the moving part in a tracking direction; a fixing part for fixing the other end of each of the support members; a yoke including magnets; and gel holding parts, each of the gel holding parts including walls on both sides of the support members in the tracking direction, and the support members being disposed on both sides of the moving part in the tracking direction. Each of the gel holding parts includes an opening at one end on an optical disc side in the focusing direction and includes a cutout in the wall farther from the object lens in the tracking direction, the cutout extending from an edge of the opening. | 2013-04-04 |
| 20130086601 | MESSAGE DELIVERY MECHANISM - A method may include receiving a video stream, wherein the video stream is divided into video segments, and wherein the video stream is being sent to a customer device and receiving a request to insert a message into the video stream. The method may further include determining a particular video segment after which to insert the message into the video stream; inserting the message into video stream after the particular video segment; and sending the video stream to the customer device, wherein the video stream includes the inserted message. | 2013-04-04 |
| 20130086602 | System and Method for Updating User Availability for Wireless Communication Applications - Systems and methods for monitoring and updating user availability based upon presence and television viewing behavior are described herein. In one embodiment, a presence system is used to detect a user's presence to update the user's availability status. The availability status is then used to update a contact list, voicemail message, and/or busy message. In further embodiments, user preferences are used in combination with presence data to update the user's availability status. In still further embodiments, a user's television viewing behavior is used in combination with the presence data, user preferences, or both to update the user's availability status. Alternative embodiments provide systems and methods in accordance with the present invention for other interactive devices. | 2013-04-04 |
| 20130086603 | METHOD AND APPARATUS FOR PRECISION INTEREST MATCHING LOCALLY STORED CONTENT - Methods and systems for delivering selected content to users are provided. More particularly, profile information associated with an individual user is applied to select content for presentation to that user. While the user is viewing streamed content, content selected through application of the user profile can also be presented to the user. The selected content can be inserted into space reserved within a data stream for such selected content, or can be presented in place of other content delivered as part of the requested content. | 2013-04-04 |
| 20130086604 | METHOD AND SYSTEM FOR PERFORMANCE METRIC ANALYSIS OF VIDEO ASSETS - A method and system for monitoring video assets provided by a multimedia content distribution network (MCDN) includes an expert test monitoring platform (ETMP) configured to emulate MCDN client systems at a facility of an MCDN service provider. The ETMP may be used to obtain remote control response metrics, along with internal performance data, for client systems in the ETMP. Historical metrics and historical data may be logged along with the release version for the client systems, which may then be used to correlate operational performance when analyzing client system characteristics. | 2013-04-04 |
| 20130086605 | PROGRAM PROMOTION FEEDBACK - A user request to watch a program is received in response to a promotion for the program. One or both of recording the program and playback of the program is performed. Information regarding one or both of the recording and the playback is output, this information including an identifier of the promotion. Additionally, a report can be generated from this information output by multiple devices, the report describing the recording of the program and the playback of the program on the multiple device in response to the promotion. | 2013-04-04 |
| 20130086606 | INFORMATION TRANSMISSION METHOD, SYSTEM AND DATA CARD - The disclosure provides an information transmission method, system and data card, wherein the method comprises: a sender scrambling original information in a predetermined scrambling way, and sending scrambled information to a receiver; the receiver receiving the scrambled information, and descrambling the scrambled information in a predetermined descrambling way to obtain the original information, wherein the predetermined scrambling way corresponds to the predetermined descrambling way. In accordance with the disclosure, contents to be transmitted are scrambled and the scrambled contents are sent to the receiver, and the receiver can restore the transmitted contents by performing descrambling according to the scrambling way used by the sender. The disclosure can avoid the transmitted contents from being monitored, as well as avoid the keys from being stolen; therefore, the security of the transmitted contents is effectively improved. | 2013-04-04 |
| 20130086607 | VIDEO AD SWAPPING IN A VIDEO STREAMING SYSTEM - Configuration of advertisements in a streaming video segment works in cooperation with a client device. Using a selection algorithm, a server selects a first number of default video advertisements for a video streaming session, and a second number of alternative video ads greater than the first number. The server provides identifiers for the alternative video advertisements and transmits the identifiers to the client device prior to a corresponding ad break in the streaming video. During or before streaming of one of the default video advertisements to the client device, the server detects a signal from the client device requesting that one of the alternative video advertisements be swapped for the one of the default video advertisements, interrupts streaming of the default video, and initiates streaming of the one of the alternative video advertisements, in response to detecting the signal. Corresponding operations may be performed by the client device. | 2013-04-04 |
| 20130086608 | SYSTEM AND METHOD FOR SELECTING ADVERTISEMENTS - A method for displaying interactive advertisements on a television having a controller connected thereto and configured for receiving input from a viewer of the television is disclosed. The controller has a receiver operable to receive advertisements and a processor operable to modify the advertisements. The method generally comprises requesting action by the viewer of the television, modifying an advertisement based on the action of the viewer, and displaying the modified advertisement on the television. | 2013-04-04 |
| 20130086609 | Integration of an Interactive Virtual Toy Box Advertising Unit and Digital Media Content - Described are systems and methods for dynamic integration and presentation of advertising content and media content. The method includes providing, by a server computing device, an advertising unit comprising a first content layer including the media content and a media player, a second content layer including the interactive advertising content, wherein the advertising content includes a virtual toy box, and an integration module. The integration module is configured to display the media content in the media player and, after determining that playback of the media content is complete, display the advertising content. The method includes transmitting, by the server computing device, the advertising unit for presentation on the remote computing device. | 2013-04-04 |
| 20130086610 | Visual Element, Method and System - The present invention relates to a method for displaying a user interface comprising a number of elements on which the user can focus his/her attention as desired, comprising steps for: rendering elements which together form the graphic user interface, distinguishing the element of the actual focus of the user, providing a visual effect to be further rendered in respect of the element of the actual focus, and rendering the visual effect in the user interface, whereby the attention of the user is directed relatively easily to the element of the actual focus. | 2013-04-04 |
| 20130086611 | DYNAMIC HEADER IN AN INTERACTIVE APPLICATION ON TELEVISION - A system and method for navigating using a dynamic header in an interactive application of a television having a number of modules are described. Among all the modules of the interactive application, one or more desired modules are determined by analyzing at least one parameter (either based on user input or default values set by system). References to the determined desired modules are added in the dynamic header. The dynamic header is displayed in the interactive application of the television and the user is enabled to navigate in the interactive application using the dynamic header. | 2013-04-04 |
| 20130086612 | METHOD FOR PROVIDING MULTIMEDIA CONTENT LIST AND SUB-LIST, AND BROADCAST RECEIVING APPARATUS USING THE SAME - A broadcast receiving apparatus and method of providing a sub-list thereof are provided. A method of providing a sub-list of the present broadcast receiving apparatus displays a video contents list which contains a plurality of video contents and a sub-list on one screen, selects at least one video content of the plurality of video contents contained in the video content list, and adds the selected at least one video content to the sub-list and displays it. | 2013-04-04 |
| 20130086613 | SEARCH AND DISPLAY TECHNIQUES FOR AN ELECTRONIC PROGRAMMING GUIDE - Various arrangements for organizing search results within an electronic programming guide of a television programming device are presented. A search string may be received by a television programming device from an end-user. A set of television programming information stored by a storage device local to the television programming device may be searched using the search string. Each search result, as presented to an end-user, may be accented by a color defined to convey a relationship between the search string and the search result. | 2013-04-04 |
| 20130086614 | AUTOMATIC SEARCH - Embodiments of the invention provide a method for searching program metadata using a media device, such as a set-top-box, to search for other programs related to a particular program. Program metadata is received at the media device, the program metadata comprising a plurality of data fields populated with accompanying data for each of a plurality of television programs. The media device is controlled by an input device, such as a remote control, and an input, such as a button, of the input device is associated with a data field. It is determined when an input, associated with a data field, is activated and in response the accompanying data within the associated data field, for a first program, is compared with the corresponding accompanying data of a plurality of other television programs. Data is then presented to the user, relating to those television programs having substantially equivalent data in the selected data field to the selected program. A corresponding apparatus is also provided. | 2013-04-04 |
| 20130086615 | CONCURRENT REAL-TIME COMMUNICATION WITH MEDIA CONTEXTUALIZED ACTIVITY SHARING - Extensible media and/or activity sharing within a voice call or concurrent real-time communication session is enabled. A concurrent voice call may contextualize shared media and/or activities. Users may share live experiences within the context of a voice call. Continuous, changing real-time media types such as periodic media (e.g., a user's current location) and streaming media (e.g., what the user is currently “seeing” through their personal video camera) may be shared, as well as interactive activities and atomic media types such as an image or a text message. Such sharing may have a unidirectional modality, for example, one party may offer to share media and/or an activity and another party may accept or reject it. Once accepted, the media and/or activity may be available until the sharing party terminates the call or ends the sharing. Conventional mobile computing environments may be adapted to enable rapid, wide-spread adoption of these communication modalities. | 2013-04-04 |
| 20130086616 | MOBILE-CONTROLLED LIVE STREAMING SERVICE TRANSFER METHOD ON HOME NETWORK - This invention relates to a mobile-controlled live streaming service transfer on home network enables a user to receive live streaming services using a desired home terminal without delay time for live streaming by relaying live streaming services toward a mobile terminal, without agreement between network providers and request for signaling processing with service sources, when a mobile terminal with multiple interfaces moves to home network that belongs to domains owned by a different network provider while using live streaming services through domains owned by a single network provider and when move the currently provided live streaming services to a different home terminal. | 2013-04-04 |
| 20130086617 | Personal Multi-Device Nomadic Media - Providing personal multi-device nomadic media is described herein. In different aspects, the techniques may include providing content to a user on a first device and suspending the delivery of the content on the first device. The user may register on a second device and resume delivery of the suspended content on the second device. | 2013-04-04 |
| 20130086618 | SMART PHONE AS REMOTE CONTROL DEVICE - A communication device such as a smart phone is enabled for remotely controlling set-top boxes (STBs) over Internet protocol networks using an applet running on the communication device. Authentication from within a multimedia content distribution network may be achieved by verifying that a network identifier associated with the communication device is associated with an account that has granted access to the smart phone and that is associated with the controlled STB. A viewing pane on the communication device permits a user to remotely view content received on or available to the controlled STB. | 2013-04-04 |
| 20130086619 | MEDIA RELAY - A method, system and computer program product for displaying media is provided herein. The method includes the steps of receiving, at a media server, streaming media from a source device located at a first user's premises and transmitting the streaming media from the media server to a display device at the second user's premises. The media server is located remotely from both the first user's premises and the second user's premises. The first user's premises and the second user's premises may be the same. The media server may be located at a cable television headend. | 2013-04-04 |
| 20130086620 | CONTENT REPRODUCTION APPARATUS AND CONTENT REPRODUCTION METHOD - According to one embodiment, a content reproduction apparatus includes a first communication module, acquisition module, reproduction module, second communication module, and control module. The acquisition module acquires content from a server through the first communication module. The reproduction module reproduces the content. The control module outputs command and data to a content reproduction device through the second communication module to thereby control the content reproduction device in a reproduction preparatory state, and outputs a synchronization clock, and reproduction request to the content reproduction device to thereby control the content reproduction device in a reproduction state. | 2013-04-04 |
| 20130086621 | METHOD AND DEVICE FOR DETERMINING THE VALUE OF A DELAY TO BE APPLIED BETWEEN SENDING A FIRST DATASET AND SENDING A SECOND DATASET - The invention relates to a method and to a device for determining the value of a delay to be applied between sending a first dataset and sending a second dataset, the data being representative of a sequence of coded images, the datasets consisting of data subsets, the coded images being coded according to a first level of resolution and at least a second level of resolution higher than the first level of resolution, the data subsets containing data of a first level of resolution. According to the invention:
| 2013-04-04 |
| 20130086622 | Input Switching Apparatus and Input Switching Method of Audio/Video Signal, and Audio/Video System - An input switching apparatus includes a plurality of AV signal input units; a communication unit that communicates with another AV device; an input selection unit that selects one of the plurality of AV signal input units; and a selection control unit that switches selection of the input selection unit in accordance with a switching request message for requesting switching of the input selection unit from an origin position to a destination position when the communication unit receives the switching request message. While the input position holding mode is activated, the selection control unit holds the selection of the input selection unit even when the switching request message is received, and transmits a message for causing another device to perform a switching from the destination position to the origin position. | 2013-04-04 |
| 20130086623 | SYSTEMS AND METHODS FOR ESTABLISHING ISOLATION BETWEEN CONTENT HOSTING SERVICES EXECUTING ON COMMON SUPPORT SERVER - Embodiments relate to systems and methods for establishing isolation between content hosting services executing on a common support server. In aspects, a server virtualization platform can operate on a common physical support server to instantiate, configure, and operate a set of virtual servers. The set of virtual servers can, for instance, be used to run independent Web sites or other locations or services. The data available to each process on each virtual server can be encoded using an SELinux™ label including an MCS (multi-category security) category or categories uniquely identifying that process. Isolation of the potentially sensitive data for multiple Web sites and/or their content hosted on a common physical server can therefore be enforced, since each process operating on each virtual server is restricted to only access and manipulate data objects or other entities having matching MCS category information identified on that baremetal support server. | 2013-04-04 |
| 20130086624 | FLEXIBLE DOCUMENT SECURITY FOR PROCUREMENT AGENTS - A method, system, and computer program product for providing document security for procurement agents. The method commences by establishing user authentication credentials for at least two procurement agents. Then, initially granting limited access to a first set of documents where the first set of documents is initially under control of the first procurement agent (and initially inaccessible by the second procurement agent), and initially granting limited access to a second set of documents, where the second set of documents is initially under control of the second procurement agent. A procurement application receives an access request from the first user to access a document from among the second set of documents, causing the procurement application to confirm the first user authentication credentials, retrieve the document access rule for the first procurement agent, and allow/deny access by the first user to the document from among the second set of documents. | 2013-04-04 |
| 20130086625 | ENFORCING SECURITY RULES AT RUNTIME - Various arrangements for implementing a security policy at runtime are presented. A plurality of calls in a syntax tree may be identified. Each call of the plurality of calls may be substituted with a corresponding security-modified call to create a plurality of security-modified methods calls. Each security-modified call may be linked with a security class. Following modification of each call of the plurality of calls, the plurality of security-modified calls may be compiled into bytecode. | 2013-04-04 |
| 20130086626 | CONSTRAINT DEFINITION FOR CONDITIONAL POLICY ATTACHMENTS - Framework for conditionally attaching web service policies to a policy subject (e.g., a web service client or service endpoint) at subject runtime. In one set of embodiments, a constraint expression can be defined that specifies one or more runtime conditions under which a policy should be attached to a policy subject. The constraint expression can be associated with the policy and the policy subject via policy attachment metadata. The constraint expression can then be evaluated at runtime of the policy subject to determine whether attachment of the policy to the policy subject should occur. If the evaluation indicates that the policy should be attached, the attached policy can be processed at the policy subject (e.g., enforced or advertised) as appropriate. Using these techniques, the policy subject can be configured to dynamically exhibit different behaviors based on its runtime context. | 2013-04-04 |
| 20130086627 | CONFLICT RESOLUTION WHEN IDENTICAL POLICIES ARE ATTACHED TO A SINGLE POLICY SUBJECT - Techniques for resolving conflicts between web service policies that are attached (via LPA and/or GPA metadata) to a single policy subject (e.g., a WS client/service endpoint). In one set of embodiments, a determination can be made whether two conflicting policies that are attached to a single policy subject are identical. This determination can be based on, e.g., a Uniform Resource Identifier (URI) that is used to identify the policies in their respective policy attachment metadata files, as well as any policy configuration properties. If the two conflicting policies are determined to be identical, the policy attachment metadata for one of the policies can be considered valid, while the policy attachment metadata for the other, duplicate policy can be ignored. In this manner, validation errors arising from duplicate policy attachments can be avoided. | 2013-04-04 |
| 20130086628 | PRIVILEGED ACCOUNT MANAGER, APPLICATION ACCOUNT MANAGEMENT - Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed. | 2013-04-04 |
| 20130086629 | DYNAMIC IDENTITY CONTEXT PROPAGATION - Techniques are provided for dynamically propagating identity context for a user in a Service-Oriented Architecture. Methods and apparatus are provided that include receiving a request to invoke a web service, retrieving first security claims from application identity context information pertaining to a user, generating second security claims at runtime, packaging the first and second security claims into an authentication token, and transmitting the authentication token to a second computer system in a service request. The second computer system can be configured to extract the first and second security claims from the authentication token, validate the extracted first and second security claims, generate identity context information based upon the extracted first and second security claims, and publish and propagate the identity content information in an identity context object. The second computer system can verify that the security claims conform to corresponding security claim schemas stored in a claims dictionary. | 2013-04-04 |
| 20130086630 | DYNAMIC IDENTITY SWITCHING - Techniques are disclosed for dynamically switching user identity when generating a web service request by receiving, at a client application, an invocation of a web service, the invocation associated with a first authenticated user identity of a first user, identifying a second user identity, verifying that a switch from the first user identity to the second user identity is permitted by switching rules, including the second user identity in a service request when the switch is permitted, and communicating the service request to the web service. The switching rules can include associations between initial user identities and permitted user identities. Verifying that a switch is permitted can include searching the associations for an entry having an initial user identity that matches the first authenticated user identity and a new user identity that matches the second user identity, wherein the switch is permitted when the entry is found. | 2013-04-04 |
| 20130086631 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO A MEDIA STREAM - Systems and methods of controlling access to a multimedia stream in a media streaming session from a multimedia server to a requesting device via a network. The systems and methods facilitate receiving a primary request for the multimedia stream from the requesting device; determining whether to allow access to the primary request from the requesting device in accordance with at least one media session policy; and if access is permitted, then generating a secondary request corresponding to the primary request; providing the secondary request to the multimedia server; receiving a first multimedia stream from the multimedia server in response to the secondary request; determining whether to transmit the first multimedia stream or a second multimedia stream based on the at least one media session policy; and transmitting either the first multimedia stream or the second multimedia stream to the requesting device as indicated by the at least one media session policy. | 2013-04-04 |
| 20130086632 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR APPLYING A RULE TO ASSOCIATED EVENTS - A system, method, and computer program product are provided for applying a rule to associated events. In use, a plurality of events is associated based on at least one identifier. Additionally, at least one rule is applied to the associated events. Further, a reaction is performed based on the application of the at least one rule. | 2013-04-04 |
| 20130086633 | METHOD AND SYSTEM FOR PROVIDING SECURE, MODULAR MULTIMEDIA INTERACTION - An approach is provided for the secure exchange of multimedia content through a mobile telephony device. A docking station receives a control signal from a media headset, and in response thereto determines to establish a communication link. The docking station selects one of a plurality of communication options corresponding to different networks based on the type of the communication link. The docking station initiates an authentication procedure for the communication link according to the selected communication option. Subsequent to successful authorization, the docking station receives multimedia content over the authenticated communication link, and transmits the received media signal to the media headset. | 2013-04-04 |
| 20130086634 | Grouping Multiple Network Addresses of a Subscriber into a Single Communication Session - An apparatus includes a processor, an interface, and a memory. The interface is operable to receive a request from a subscriber to access network services, wherein the request includes a subscriber address from the set comprising: an IP address and a media access control (MAC) address. The processor is operable to generate a query requesting an address associated with the subscriber address. The interface is further operable to communicate the query to the subscriber address, and receive a response to the query, wherein the response includes an address associated with the subscriber address, wherein the associated address is from the set comprising: an IP address and a MAC address. The memory is operable to store the subscriber address and the received associated address. | 2013-04-04 |
| 20130086635 | SYSTEM AND METHOD FOR COMMUNICATION IN A NETWORK - A method for providing secure communication in an electrical power distribution network includes detecting an enhanced threat level in the electrical power distribution network. A plurality of configuration command messages including information related to a common configuration command are received. The common configuration commands are certified if the plurality of configuration command messages have originated from a threshold number of command sites. The method further includes executing the certified configuration command. | 2013-04-04 |
| 20130086636 | SYSTEM AND METHOD FOR RESTRICTING PATHWAYS TO HARMFUL HOSTS IN COMPUTER NETWORKS - System and methods for restricting accessibility to harmful content on a computer network. Network pathways are explored to study a plurality of investigated hosts from a plurality of diverse entry points into the computer network. The investigated hosts are checked whether they are malicious hosts believed to contain harmful content. For any of the investigated hosts that are malicious hosts, intermediary hosts having connectors to those malicious hosts are identified based on the exploring of the network pathways. An access restriction is associated with each of the intermediary hosts, which can be used to block or otherwise restrict access to the intermediary hosts, which may or may not themselves contain malicious content. | 2013-04-04 |
| 20130086637 | INDIRECT AUTHENTICATION - Techniques are provided for granting authorization to restricted content on a display device from an authorizing device. In one embodiment, the display device may operate in a display mode where only unrestricted content is accessible. To access restricted content, the display device may transmit an authorization request signal to the authorizing device. The authorizing device, having received the authorization request, prompts an authorized user to enter an authentication input, such as a password or gesture, on the authorizing device. Upon verification of the authentication input, the authorizing device is authenticated. An authorization signal is transmitted to the display device, and the display device may operate in an authorized mode, having access to otherwise restricted content or functions. | 2013-04-04 |
| 20130086638 | SYSTEMS, APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM FOR RECORDING IMAGES ON A RECORDING MEDIUM - When authentication information is input via an IC card reader and includes predetermined information. A portable terminal corresponding to the authentication information is identified, and specific identification information that identifies an image-data file associated with the authentication information is extracted. The extracted specific identification information is transmitted to the identified portable terminal, and the portable terminal displays a list of the received specific identification information on its touch panel. The operation of a printing mechanism is controlled, so that the image-data file corresponding to the specific identification information that selected with a touch panel on the portable terminal is accessed, and an image defined by the image-data file defines is printed on a sheet. | 2013-04-04 |
| 20130086639 | MOBILE APPLICATION, IDENTITY INTERFACE - Techniques for managing identities are provided. In some examples, identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more identity management operations associated with an account of a service provider. Based at least in part on the requested operation and/or the particular service provider, an application programming interface (API) may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider. | 2013-04-04 |
| 20130086640 | INFORMATION PROCESSING APPARATUS AND METHOD - A computer determines whether destination information is included in permission target information. The destination information indicates a destination to which a file stored in a storage device is transferred. The permission target information includes information indicating a target permitted to access the file. The computer prompts before the file is transferred, upon determining that the destination information is not included in the permission target information, a user to input whether to permit the transfer. The computer adds the destination information to the permission target information upon receiving, via an input device, a permission input for permitting the transfer. The computer transfers the file upon receiving the permission input. | 2013-04-04 |
| 20130086641 | System and method for validating users using social network or other information from a wed site - A system and method uses any or all of information of a user and/or user's activity at a second web site, information of the user's friends or other connections at the second web site, or registration information of the user, to determine whether to allow the user to communicate with other users of a first web site, prevent the user from communicating with other users of the first web site, or monitor the user's communications and allow or prevent the user from further communication based on the monitored communications at the first web site. | 2013-04-04 |
| 20130086642 | OBTAINING A SIGNED CERTIFICATE FOR A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range. | 2013-04-04 |
| 20130086643 | TAMPER PROOF MUTATING SOFTWARE - System and method is disclosed for protecting client software running on a client computer from tampering using a secure server. Prior to or independent of executing the client software, the system integrates self-protection into the client software; removes functions from the client software for execution on the server; develops client software self-protection updates; and periodically distributes the updates. During execution of the client software, the system receives an initial request from the client computer for execution of the removed function; verifies the initial request; and cooperates with the client computer in execution of the client software if verification is successful. If verification is unsuccessful, the system can attempt to update the client software on the client computer; and require a new initial request. Client software can be updated on occurrence of a triggering event. Communications can be encrypted, and the encryption updated. Authenticating checksums can be used for verification. | 2013-04-04 |
| 20130086644 | METHOD AND APPARATUS FOR COMMUNICATION CONNECTION SERVICE - Methods and apparatus are provided for communication connection service. Identification information of a second device is acquired. An inquiry about whether to register the second device as a favorite device is displayed. A registration request message is sent to a server, when a request to register the second device as the favorite device is inputted in response to the inquiry. The registration request message includes the identification information of the second device. A registration response message is received from the server in response to the registration request message. A user interface of the first device is controlled to provide feedback informing of a success or a failure in registering the second device as the favorite device based on the registration response message. | 2013-04-04 |
| 20130086645 | OAUTH FRAMEWORK - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 2013-04-04 |
| 20130086646 | Method to Safeguard the Authorized Access to a Field Device used in Automation-Technology - A method of safeguarding the authorized access to field a device used in automation-technology, wherein the field device comprises an internet protocol capable interface as well as an interface for near field communication. The method comprises a unique factory installed access code for an authorized field device user is stored in the field device or clearly assigned to the field device; before delivery of the field device from a field device supplier to a field device user The unique factory installed access code for an authorized field device user is read from the field device through the near field communication interface means of a mobile service unit with the use of a Security App, made available by the field device supplier, or through an alternatively made available, and secure, channel of communication; access authorization for the field device is established by means of the Security App for at least one authorized field device user; and operation of the field device is accomplished by the authorized field device user with the established access authorization by means of the mobile service unit or the internet protocol capable interface. | 2013-04-04 |
| 20130086647 | ENCRYPTION SENTINEL SYSTEM AND METHOD - An encryption sentinel system and method protects sensitive data stored on a storage device and includes sentinel software that runs on a client machine, sentinel software that runs on a server machine, and a data storage device. When a client machine requests sensitive data from the data storage device, the data storage device interrogates the sentinel software on the server machine to determine if this client machine has previously been deemed to have proper encryption procedures and authentication. If the sentinel server software has this information stored, it provides an approval or denial to the storage device that releases the data if appropriate. If the sentinel server software does not have this information at hand or the previous information is too old, the sentinel server interrogates the sentinel software that resides on the client machine which scans the client machine and provides an encryption update to the sentinel server software, following which data will be released if appropriate. | 2013-04-04 |
| 20130086648 | UPDATING RESOURCE ACCESS PERMISSIONS IN A VIRTUAL COMPUTING ENVIRONMENT - Methods, systems, and devices are described for updating resource access permissions in a virtual computing environment. In these methods, systems, and devices, a host computer system determines that a user associated with an existing session has moved from a first location associated with a first set of access permissions to a second location associated with a second set of access permissions. The second set of access permissions is applied at the host computer to the existing session based on the determination that the user has moved to the second location. The user is then allowed to access the existing session from the second location according to the second set of access permissions. | 2013-04-04 |
| 20130086649 | METHOD AND DEVICES FOR SECURE COMMUNICATIONS IN A TELECOMMUNICATIONS NETWORK - The invention relates to a method for secure communications in a telecommunications network, said network comprising a group of servers S | 2013-04-04 |
| 20130086650 | Communication system including optical recognition and method of using same - A system and method for communication are disclosed. The system and method can be used for a variety of applications, including administrative provisioning of information to particular users, handing off calls to or from another phone, for other application deployment, for pass of control, and similar applications. The system includes a server, a first device having an image displayed thereon, and a second device having a camera and client application software thereon. The image provides a medium for sending encrypted data between the devices and/or between a device and a server. | 2013-04-04 |
| 20130086651 | RE-AUTHENTICATION IN SECURE WEB SERVICE CONVERSATIONS - Techniques are disclosed for sharing communication session information, such as encryption keys for data protection, among multiple communication operations and/or multiple users. Multiple users can share the same communication session concurrently, with each message being individually authenticated. The provided techniques include receiving, at a client application, a first request to send a first web service message to a web service application or group of web services, retrieving existing communication session information having the same sharing characteristics as the first request, where the sharing characteristics include web service environment information and/or request information, including the user credentials associated with the user in the message and in each subsequent message communicated using the existing communication session information, and communicating the web service message to the web service application or group of web services using the existing communication session information. | 2013-04-04 |
| 20130086652 | SESSION SHARING IN SECURE WEB SERVICE CONVERSATIONS - Techniques are disclosed for sharing communication session information sharing in web service applications. The techniques include management of concurrent sessions by dynamically determining the session association of web service requests at runtime. These sessions can be shared by a group of web services on the server side, and across multiple web services clients with many users, independently of where these applications reside. Session identifiers are determined for these concurrent web service invocations based on an algorithm that uses information from configuration and runtime data. Different information is used in the session identifier depending on configuration parameters to provide different types of sharing that correspond to different use cases. This mechanism can be used with SOAP-based web services, REST-based web services, and the like. | 2013-04-04 |
| 20130086653 | MOBILE NETWORK OPERATOR AND DATA SERVICE PROVIDER INTEROPERATION - Embodiments of computer-implemented methods, systems, computing devices, and computer-readable media are described herein for allowing a mobile network operator to perform services on behalf of a non-internet protocol multimedia subsystem (non-IMS) data provider. In various embodiments, an application server (“AS”) front end of the data provider is communicatively connected to a user data repository (“UDR”) and a home subscription server (“HSS”). The HSS is also connected to the UDR. Neither the non-IMS AS nor the HSS store user data, but instead communicate with the UDR across various reference points. The communication across the reference points facilitates the HSS performing various user services on behalf of the non-IMS AS. Other embodiments include user access and authentication procedures in such a network architecture, as well as corresponding policy and charging architecture. | 2013-04-04 |
| 20130086654 | COMPUTER IMPLEMENTED SYSTEM AND METHOD FOR AUTHENTICATING A SENDER OF ELECTRONIC DATA TO A RECIPIENT - A sever receives data from a sender to be dispatched to a recipient. Before dispatching the data to the recipient the server sends a message to the sender's email address requesting a response which will confirm the sender's authorship of the data. Upon receiving the confirmation about sender's authorship of the data, the server transmits the data together with an identification of the sender to the recipient. | 2013-04-04 |
| 20130086655 | PASSWORD CHANGING - In one example, a computing device generates a new password for accessing a user account and/or computing system and inspires a change of an existing password for the user account and/or computing system to the new password. Thereafter, the computing device detects occurrence of a condition to trigger another change of the password for the user account and/or computing system and, responsively, inspires another change of the password for the user account and/or computing system. | 2013-04-04 |
| 20130086656 | Method and Apparatus for Protecting a Single Sign-on Domain from Credential Leakage - Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client. | 2013-04-04 |
| 20130086657 | RELYING PARTY PLATFORM - A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality. | 2013-04-04 |
| 20130086658 | PRIVILEGED ACCOUNT MANAGER, ACCESS MANAGEMENT - Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed. | 2013-04-04 |
| 20130086659 | DATA PROCESSING APPARATUS, ACTIVATION CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM - According to one embodiment, a storage stores secret data, first identification data, and a first random key. A generation module generates first authentication data from the secret data, first identification data, and second identification data of a removable medium. A first verification module determines whether the first authentication data and second authentication in the removable medium are identical. A second verification module determines whether the first random key and a second random key in the removable medium are identical, if the first and second authentication data are identical. An activation module activates the data processing apparatus if the first and second random keys are identical. | 2013-04-04 |
| 20130086660 | SYSTEM FOR PREVENTING ILLEGAL COPY OF SOFTWARE AND METHOD FOR PREVENTING ILLEGAL COPY OF SOFTWARE - Disclosed herein are a system for preventing an illegal copy of software and a method for preventing an illegal copy of software. The system for preventing an illegal copy of software includes: a terminal where software to be authenticated is installed and executed; a first Zigbee device connected with the terminal in a wired method and storing a plurality of unique passwords; and a second Zigbee device connected with the first Zigbee device in a wireless method and storing at least all the unique passwords of the first Zigbee device. Utilization is improved as compared with a known hardware lock type and an illegal copy possibility by hooking is excluded and since an authentication process is performed through encoded communication by using random variables, the illegal copy of software can be thoroughly stopped. | 2013-04-04 |
| 20130086661 | TECHNIQUES FOR CLIENT CONTRUCTED SESSIONS - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use. | 2013-04-04 |
| 20130086662 | PARAMETER BASED KEY DERIVATION - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use. | 2013-04-04 |
| 20130086663 | KEY DERIVATION TECHNIQUES - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use. | 2013-04-04 |
| 20130086664 | SYSTEM AND METHOD FOR AUTHENTICATING A REQUEST FOR ACCESS TO A SECURED DEVICE - A method for authenticating a request for access comprises monitoring one or more ambient transmissions present in a local environment, analyzing the one or more ambient transmissions to create a characterization thereof, and transmitting information configured to instruct a security token regarding characteristics of an adapted transmission protocol based on the characterization. The adapted transmission protocol is configured for decreasing a likelihood of interference by the one or more ambient transmissions with reception of an authentication transmission from the security token. An authentication transmission comprising authentication information is received from the security token, and the security token is authenticated based on the authentication information. In response to a request for access, a signal is transmitted to a controller indicating the request is authentic. A system for authenticating a request for access comprises a secured device configured for use with a security token and for monitoring one or more ambient transmissions. | 2013-04-04 |
| 20130086665 | SYSTEM AND METHOD FOR CLONING A Wi-Fi ACCESS POINT - Systems and methods for cloning a Wi-Fi access point. A determination is made by a network monitoring device to transition communications between a Wi-Fi device and a first access point (AP) to a second AP. The SSID and the security configuration information, and, optionally, network address translation (NAT) information of the first access point are acquired and provided to a second AP. The second AP instantiates the SSID and the security configuration information and, optionally, the NAT information. The networking monitoring device directs the first AP to cease using the SSID and the security configuration information and, optionally, the NAT information in response to receipt of confirmation that the second AP has instantiated the SSID and the security configuration information and, optionally, the NAT information of the first AP. | 2013-04-04 |
| 20130086666 | METHOD AND COMPUTER SYSTEM FOR PROVIDING TIME RATIO-BASED PASSWORD/CHALLENGE AUTHENTICATION - Providing registration for password/challenge authentication includes receiving an access code or pattern inputted by a user, recording a time message associated with each component of the access code or pattern via a processor, generating a data record in combining each component of the access code or pattern with the associated time message, and storing the data record. | 2013-04-04 |
| 20130086667 | METHOD AND SYSTEM FOR PROVIDING LOGIN AS A SERVICE - Systems and methods are provided for providing login as a service. A system receives, via a customer server, a request from a user computer to login to a customer application provided by the customer server. The system outputs a login form to the user computer, receives a modified login form from the user computer, and determines whether the modified login form enables the user computer to login to the customer application. If the modified login form enables the user computer to login to the customer application, the system notifies the customer server that the modified login form enables the user computer to login to the customer application. | 2013-04-04 |
| 20130086668 | GROUP SECURITY IN MACHINE-TYPE COMMUNICATION - If the related secure communication method is applied to the system which includes a plurality of the MTC devices, traffic in a network would increase in proportion to the number of MTC devices. A disclosed communication apparatus is connected to a network and a plurality of communication terminals, and includes: a group information sending unit for sending group information, which is received from the network; an access control unit for 1) receiving a reply from the communication terminal(s) which responded to the group information and 2) sending the reply to the network; and a temporary identifier and group key sending unit for sending a temporary identifier and a group key to the communication terminal which responded to the group information, when the communication apparatus received the temporary identifier and the group key from the network. | 2013-04-04 |
| 20130086669 | MOBILE APPLICATION, SINGLE SIGN-ON MANAGEMENT - Techniques for managing single sign-on are provided. in some examples, single sign-on functionality may be provided for use on mobile devices by utilizing mobile applications, cloud applications, and/or other web-based applications. For example, a mobile application or mobile web browser may request to authenticate with or access one or more service providers. Authentication credentials may be requested from a user of the mobile device to facilitate such authentication and/or access. Based at least in part on a successful log-in, access to server resources from other applications on the same mobile device may be provided without successive or repetitive credential requests to the user. | 2013-04-04 |
| 20130086670 | PROVIDING THIRD PARTY AUTHENTICATION IN AN ON-DEMAND SERVICE ENVIRONMENT - A method for logging a user into an online host system begins by receiving a login request from a web browser application of a client device, wherein the login request identifies the online host system. The method continues by initiating a single sign-on routine that involves an online third party system and by obtaining third party user data from the online third party system, wherein the obtained third party user data is associated with the user and is maintained by the online third party system. Host system records maintained by the online host system are modified in accordance with the obtained third party user data. Thereafter, the user is automatically logged into the online host system. | 2013-04-04 |
| 20130086671 | INFORMATION TERMINAL DEVICE AND METHOD OF PERSONAL AUTHENTICATION USING THE SAME - An information terminal device is provided that may use the input functionality of a touch panel to remove the restriction on the use thereof, for example, release the key lock. The information terminal device ( | 2013-04-04 |
| 20130086672 | SECURITY METHOD OF A PORTABLE DEVICE - An application program of the portable device receives a command of an owner when the portable device is powered on. The application program notifies a basic input/output system to set a protection variable, and notifies the owner to set a password in a setup menu of the basic input/output system after the application program receives the command of the owner. A keyboard controller turns off the portable device to enable the protection variable after the basic input/output system sets the protection variable and the setup menu of the basic input/output system stores the password. After the protection variable is enabled, whenever the portable device is powered on, the basic input/output system checks a password inputted to the portable device at least once and the basic input/output system executes a corresponding operation according to a check result. | 2013-04-04 |
| 20130086673 | TECHNIQUES FOR SECURELY UNLOCKING A TOUCH SCREEN USER DEVICE - Techniques are provided for detecting a sequence of contact or interaction instances initiated by a user on a surface of an interface unit of a user device. Each contact instance comprises one or more points of contact between the user and the surface of the interface unit, while each interaction instance comprises one or more points of activation with respect to the surface of the interface unit. The sequence of contact instances or interaction instances initiated by the user is then compared to stored information to determine whether the sequence of contact instances or interaction instances matches the stored information. If the sequence of contact instances or interaction instances matches the stored information, access is granted to the user device or to a device or system associated with the user device. | 2013-04-04 |
| 20130086674 | Multi-frame depth image information identification - Embodiments of the present invention relate to systems, methods, and computer storage media for identifying, authenticating, and authorizing a user to a device. A dynamic image, such as a video captured by a depth camera, is received. The dynamic image provides data from which geometric information of a portion of a user may be identified as well as motion information of a portion of the user may be identified. Consequently, a geometric attribute is identified from the geometric information. A motion attribute may also be identified from the motion information. The geometric attribute is compared to one or more geometric attributes associated with authorized users. Additionally, the motion attribute may be compared to one or more motion attributes associated with the authorized users. A determination may be made that the user is an authorized user. As such the user is authorized to utilize functions of the device. | 2013-04-04 |
| 20130086675 | INFORMATION PROCESSING APPARATUS AND METHOD OF EXECUTING AN APPLICATION IN THE APPARATUS - An information processing apparatus capable of non-interactively executing an application and an application execution method are disclosed. In response to an issuance request of an access control token, if a user type described in a definition file is included in user types defined in the information processing apparatus, the information processing apparatus issues an access control token in accordance with a user type and executes process by an application, in a case that the user type of the access control token is contained in the user types that have the execution authority for the process by the application. | 2013-04-04 |
| 20130086676 | CONTEXT-SENSITIVE TAINT ANALYSIS - In one implementation, a taint processing applied to a tainted value of an application is identified and an output context of the application associated with output of the tainted value is determined. A notification is generated if the taint processing is incompatible with the output context. | 2013-04-04 |
| 20130086677 | METHOD AND DEVICE FOR DETECTING PHISHING WEB PAGE - The embodiments of the present invention provide a method and a device for detecting a phishing web page. The method includes: judging whether a unique domain name corresponding to a to-be-detected web page exists in a trusted domain name database; if the unique domain name does not exist in the trusted domain name database, determining a similarity between a content characteristic extracted from the to-be-detected web page and a content characteristic of each template file in a template file database; and determining that the to-be-detected web page is a phishing web page if the similarity between the content characteristic extracted from the to-be-detected web page and a content characteristic of at least one template file is greater than a preset similarity threshold. In the embodiments of the present invention, accuracy of a result of detecting a phishing web page is improved. | 2013-04-04 |
| 20130086678 | INTEGRATING SECURITY PROTECTION TOOLS WITH COMPUTER DEVICE INTEGRITY AND PRIVACY POLICY - At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access. | 2013-04-04 |
| 20130086679 | Responses To Server Challenges Included In A Hypertext Transfer Protocol Header - Example embodiments relate to verification of client requests based on a response to a challenge ( | 2013-04-04 |
| 20130086680 | SYSTEM AND METHOD FOR COMMUNICATION IN A NETWORK - A method for providing secure communication in an electrical power distribution network includes detecting an enhanced threat level in the electrical power distribution network. A threshold number of different configuration command shadows are received and processed to generate a configuration command data. A verified configuration command data is generated by comparing the configuration command data with a stored configuration commands and a verified configuration command related to the verified configuration command data is executed. | 2013-04-04 |
| 20130086681 | PROACTIVE BROWSER CONTENT ANALYSIS - A protection module operates to analyze threats, at the protocol level (e.g., at the HTML level), by intercepting all requests that a browser engine resident in a computing device sends and receives, and the protection agent completes the requests without the help of the browser engine. And then the protection module analyzes and/or modifies the completed data before the browser engine has access to it, to, for example, display it. After performing all of its processing, removing, and/or adding any code as needed, the protection module provides the HTML content to the browser engine, and the browser engine receives responses from the protection agent as if it was speaking to an actual web server, when in fact, browser engine is speaking to an analysis engine of the protection module. | 2013-04-04 |
| 20130086682 | SYSTEM AND METHOD FOR PREVENTING MALWARE ON A MOBILE COMMUNICATION DEVICE - A server receives from a mobile communication device information about a data object (e.g., application) on the device when the device cannot assess the data object. The server uses the information along with other information stored at the server to assess the data object. Based on the assessment, the device may be permitted to access the data object or the device may not be permitted to access the data object. The other information stored at the server can include data objects known to be bad, data objects known to be good, or both. | 2013-04-04 |
| 20130086683 | SELECTIVELY SCANNING OBJECTS FOR INFECTION BY MALWARE - Techniques are described herein that are capable of selectively scanning objects for infection by malware (i.e., to determine whether one or more of the objects are infected by malware). For instance, metadata that is associated with the objects may be reviewed to determine whether update(s) have been made with regard to the objects since a determination was made that the objects were not infected by malware. An update may involve increasing a number of the objects, modifying one of the objects, etc. Objects that have been updated (e.g., added and/or modified) since the determination may be scanned. Objects that have not been updated since the determination need not necessarily be scanned. For instance, an allowance may be made to perform operations with respect to the objects that have not been updated since the determination without first scanning the objects for infection by malware. | 2013-04-04 |
| 20130086684 | CONTEXTUAL VIRTUAL MACHINES FOR APPLICATION QUARANTINE AND ASSESSMENT METHOD AND SYSTEM - Described are embodiments that provide for the use of multiple quarantine partitions and/or multi-partition spaces (e.g., virtual machines) for initially installing and running downloaded content. The downloaded content can be run securely in the quarantine partitions and/or multi-partition spaces. Each quarantine partition and/or multi-partition space can be configured differently with different capabilities. Based on the configuration and capabilities of the quarantine partitions and/or multi-partition spaces, the downloaded content may have limited capabilities to access secure data, applications, or other code limiting the damage that the content can potentially cause. | 2013-04-04 |
| 20130086685 | SECURE INTEGRATED CYBERSPACE SECURITY AND SITUATIONAL AWARENESS SYSTEM - An integrated cube security system for an organization, such as a governmental or private organization, is disclosed, as well as a method of monitoring security for such an organization against cyberspace vulnerabilities. One such method includes receiving a definition of physical and logical locations of data managed by the organization, and receiving a definition of one or more business rules representing detected circumstances under which the data may be compromised. The method also includes monitoring the data based on the business rules and definition of the physical and logical locations of data to detect a cyberspace or electronic data vulnerability. The method includes generating one or more reports based on monitoring the data and relating at least in part to access of the data, and communicating, via a secure communications module, the one or more reports to an individual included within a community of interest. | 2013-04-04 |
| 20130086686 | Automated Detection of Flaws and Incompatibility Problems in Information Flow Downgraders - Mechanisms for evaluating downgrader code in application code with regard to a target deployment environment. Downgrader code in the application code is identified. Based on an input string, an output string that the downgrader code outputs in response to receiving the input string is identified. One or more sets of illegal string patterns are retrieved. Each of the one or more sets of illegal string patterns is associated with a corresponding deployment environment. The illegal string patterns are string patterns that a downgrader identifies in the information flow for security purposes. A determination is made as to whether the downgrader code is compatible with the target deployment environment based on the one or more sets of illegal string patterns and the output string. An output indicative of the results of the determining is generated. | 2013-04-04 |
| 20130086687 | CONTEXT-SENSITIVE APPLICATION SECURITY - In one implementation, a tag is associated with a tainted value of an application and an output context of the application that is associated with output from the application that includes the tainted value is determined. A taint processing is a applied to the tainted value in response to the output of the tainted value, the taint processing is compatible with the output context. | 2013-04-04 |
| 20130086688 | WEB APPLICATION EXPLOIT MITIGATION IN AN INFORMATION TECHNOLOGY ENVIRONMENT - Methods, systems, and computer program products are provided herein for facilitating security in an information technology environment. Web application security vulnerabilities are discovered and addressed by means of virtual patches deployed to components of the information technology environment. An intelligent feedback loop is created to fill the void in the security of the web application when implemented in the specific information technology environment, thereby providing end-to-end security application management through dynamic, pre-emptive, and proactive security awareness and protection in the information technology environment. As new web application security vulnerabilities are discovered, the vulnerability is diagnosed and resolved to preemptively prevent exploitation of the security vulnerability. | 2013-04-04 |
| 20130086689 | SECURITY VULNERABILITY CORRECTION - Systems and methods for addressing security vulnerability in a program code are described. The method comprises detecting a security vulnerability. The method further comprises identifying a set of security solutions specified within a specification repository, wherein each security solution is associated with the detected security vulnerability. The method further comprises presenting the set of security solutions to a user for selection. The method further comprises transforming a program code portion associated with the detected security vulnerability in conformance with a security solution selected by the user from the set of security solutions. | 2013-04-04 |
| 20130086690 | Hygiene-Based Computer Security - A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores. | 2013-04-04 |
| 20130086691 | SECURE ISLAND COMPUTING SYSTEM AND METHOD - A method for generating an n-bit result includes a secured containment device (SCD) receiving a request to generate the n-bit result. The request includes an n-bit generator input and a master secret identifier. The request is sent from an application executing on a host system using an input/output (I/O) interface. The SCD disables all I/O interfaces on the SCD between the host system and the SCD. After disabling all the I/O interfaces on the SCD between the host system and the SCD, the SCD provides the n-bit generator input and the master secret identifier to a secured hardware token over a second I/O interface, receives the n-bit result from the secured hardware token over the second I/O interface, enables at least the first I/O interface after the n-bit result is generated, and provides, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface. | 2013-04-04 |
| 20130086692 | Method of Removing Metadata From Email Attachments - A method and system for removing metadata from email attachments sent from mobile devices includes receiving an email with an attached document. The attached document has metadata removed to create a cleansed version of the attached document. The attached document is replaced by the cleansed version of the attached document, and the email is sent according to the address or addresses included in the email. | 2013-04-04 |
| 20130086693 | CLASSIFICATION-BASED DIGITAL RIGHTS MANAGEMENT - The present subject matter relates to a device for digital rights management. The device includes a classification module that assigns a classification tag to a document. The classification tag is selected from a predefined classification scheme. Further, the device includes an access control module that checks a lock status of the document at a predefined time interval. The predefined time interval depends on the classification tag of the document. Further, the access control module locks the document based on the lock status. | 2013-04-04 |
| 20130086694 | VIRTUAL FEDERATION OF REMOTE PORTALS - Embodiments of the invention provide systems and methods for providing a virtual federation of remote portals. According to one embodiment, providing a virtual federation of remote portals can comprise defining, by a portal system, a configuration of a virtual federation of a plurality of nodes. For example, each node can comprise an application server executing a different enterprise application and maintaining application content for the enterprise application in a separate database. The portal system can also define access control information for a user of the portal system. Each node of the virtual federation can similarly define access control information for the user. The system can then provide access to the application content of the nodes at runtime based on the configuration of the virtual federation and the access control information for the user defined by the portal system and the access control information for the user defined by the nodes. | 2013-04-04 |
| 20130086695 | METHOD AND SYSTEM FOR REMOTE ACCESS TO DATA STORED ON A HOST SYSTEM - A method and system for remote access to data stored on a host system from a remote system via a data link, a method and system for storing validation password data on a pair of connected first and second modules, and a method and system for verifying the identity of a first module removed from a pair of initially connected and associated first and second modules. | 2013-04-04 |
| 20130086696 | Method and Apparatus for Controlling Access to a Resource in a Computer Device - A computer device and method are described for controlling access to a resource. An execution environment executes a user process with access privileges according to a user security context. A security unit controls access to resources according to the user security context, with the user process making system calls to the security unit. A proxy hook module embedded within the user process intercepts the system call and generates a proxy resource access request. A proxy service module in a privileged security context validates the proxy resource access request from the proxy hook module and, if validated, obtains and returns a resource handle that permits access to the desired resource by the user process. | 2013-04-04 |
| 20130086697 | Systems and methods for pairing identification data to a network-based service - Disclosed are methods and systems of providing access, indexing, and/or connecting a user to a network-based service, associated with a particular entity, using an identifier that can be uniquely associated with the particular entity (e.g., with respect to a given scope of identification), can be proprietary to the entity, and/or issued by a third-party (i.e., a party not providing the method or system). A method can comprising receiving from a client computer system an entity identifier uniquely associated with a real world entity in a scope of identification, the entity identifier being issued by a third-party in association with the real world entity. The method can select a network-based service uniquely associated with the entity identifier, determine a public access parameter to the network-based service, and provide the client computer system with public access to the network-based service according to the public access parameter. | 2013-04-04 |
| 20130086698 | METHOD AND APPARATUS FOR DISTRIBUTED UPLOAD OF CONTENT - A system and method for distributed uploading of content utilizes one or more viewer systems, coupled over a network to a remote content source, to upload transmit at least a portion of the content to a remote storage system along with authorization/identification indicia identifying the viewer system. In one embodiment, fractional portions of the same content program from multiple different viewer systems are aggregated at the remote storage system for subsequent download streaming to a requesting of the viewer systems for viewing thereby at a second time, which is time-shifted from the initial transmission from the content source. | 2013-04-04 |
