25th week of 2012 patent applcation highlights part 80 |
Patent application number | Title | Published |
20120159561 | SYSTEM AND METHOD FOR COLLECTING IP-BASED VIDEO, MOBILE & REMOTE QUALITY INFORMATION - Video content information associated with video content is received, by at least a first computing device, wherein the video content is delivered utilizing internet protocol. End destination information associated with a reception instance of the video content is received, by at least the first computing device, wherein the end destination information includes experience information that, at least in part, includes information relating to a quality of the reception instance of the video content and a location of an end destination associated with the reception instance of the video content. At least a portion of the video content information and at least a portion of the end destination information, which includes at least a portion of the information relating to the quality of the reception instance of the video content, is selectively aggregated, by at least the second computing device, to generate aggregated information. | 2012-06-21 |
20120159562 | Mitigating Potential Video Traffic Interference - A particular method of mitigating potential video traffic interference includes receiving an alert at a network management system, where the alert indicates detection of a signal in an ultra high frequency (UHF) white space frequency at a video head-end of a video distribution network, where the signal has a potential to interfere with video traffic that has been detected. The method also includes sending data to the video head-end, where the data indicates at least one corrective measure to mitigate interference with the video traffic by the signal. | 2012-06-21 |
20120159563 | Accessing Content Via a Matrix Code - A system for accessing content corresponding to a matrix barcode, such as a video and/or audio content. The system may include a mobile computing device in communication with a content receiver. The mobile computing device may be configured to capture the matrix barcode, for example, via using an optical component and/or barcode scanner to record and/or scan the matrix barcode. The mobile computing device may also include a network interface component configured to transmit the matrix barcode to the content receiver. The content receiver may then receive the matrix barcode from the mobile computing device. The content receiver may include a processor to determine and/or access the content corresponding to the matrix barcode. The content receiver may then transmit the content to a display device. | 2012-06-21 |
20120159564 | APPLYING ACTIVITY ACTIONS TO FREQUENT ACTIVITIES - Activities of users of a service often involve one or more resources, such as uploading or downloading files in a file system of an FTP server. The activities of the users may be tracked and recorded in an activity log in order to identify frequently performed activities involving particular resources, and for such frequently performed activities, one or more activity actions may be performed. For example, malicious users may upload or utilize an equivalent set of assets stored in several accounts. The frequency of these undesirable activities may be identified, and an activity action may be automatically applied to the users (e.g., banning accounts), resources (e.g., deleting assets), and/or activities (e.g., blocking access to the resources). Conversely, desirable activities involving particular resources may be similarly detected, and the activity action applied to such desirable activities may involve reporting the desirable activity to an administrator of the service. | 2012-06-21 |
20120159565 | Techniques for Performing Data Loss Prevention - A technique for performing data loss prevention includes creating for a user, using a data processing system, respective permissive policies with a most permissive enforcement action for each content category of a resource. In this case, the content category includes at least two categories. The technique also includes forming, using the data processing system, a policy set based on the respective permissive policies. The technique further includes creating, using the data processing system, an effective policy from the policy set using a least permissive enforcement action. Finally, the technique includes applying, using the data processing system, the effective policy to determine whether a user action is permitted on the resource. | 2012-06-21 |
20120159566 | ACCESS CONTROL FRAMEWORK - A system and method for flexible access controls access be setting access permissions at the object element or subject level. An access control framework (ACF) may be implemented to control access to business objects, business object nodes, business object queries, actions, attributes, associations, instances, or other identifiable elements. The access control configurations for a user or object may be set at the system level with static configuration settings. In an embodiment, a user may temporarily reconfigure access permissions for a subject or object for a limited session with dynamic configuration settings. | 2012-06-21 |
20120159567 | CONTEXTUAL ROLE AWARENESS - The disclosed subject matter relates to an architecture that can provide contextual role awareness. For example, rather than focusing on features and functionality at the device level, features and functionality can be controlled based upon various roles that can be related to various personas of a user. Thus, in a business or enterprise setting, the enterprise can manage a business role in accordance with that enterprise's security objectives, which might dramatically limit certain features for the user. However, the user can quickly switch roles, away from the business role in order to again access desired features, yet without compromising the security objectives of the enterprise. | 2012-06-21 |
20120159568 | Method and Apparatus for Limiting Digital Content Consumption Inside Defined Real-world Geographic Area(s) - A method for limiting digital content consumption inside defined real-world geographic area(s) is disclosed. In one embodiment, the method is realized by adding additional consumption policy for geographic control to digital content's metadata, requesting the digital consumption device to acquire and provide its current location, checking device's current location against the geographic control consumption policy, and displaying the content for consumption if the digital content consumption policy is satisfied. | 2012-06-21 |
20120159569 | METHOD OF MANAGING WEB APPLICATION POLICY USING SMART CARD, AND WEB SERVER AND MOBILE TERMINAL FOR IMPLEMENTING THE SAME - A method of managing policy information in a mobile terminal by requesting an external policy management server for information about whether a change has been made to policy information and updating the policy information in a smart card web server of the mobile terminal to control access to resources based on the updated policy information. | 2012-06-21 |
20120159570 | PROVIDING A SECURITY BOUNDARY - In order to enable potentially conflicting applications to execute on the same computer, application programming interface (API) calls are intercepted when an application attempts to access a computer system's resources. During a learning mode of operation, a security monitor stores data in a security monitor database identifying which applications are allowed to access the computer system resources. At runtime of an application, the security monitor operates in an enforcement mode and utilizes the contents of the security monitor database to determine if an application is permitted to access system resources. If data associated with the application is located in the security monitor database, the application is allowed to access computer system resources, if data associated with the application is not located in the security monitor database, the application is not allowed to access computer system resources. | 2012-06-21 |
20120159571 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATING AN ENTITY THROUGH USE OF A GLOBAL IDENTITY OF THE ENTITY THAT SERVES AS A PROXY FOR ONE OR MORE LOCAL IDENTITIES OF THE ENTITY - A method of authenticating an entity includes associating a local identity of the entity with a global identity of the entity, the local identity being associated with a first one of a plurality of restricted access zones, associating the global identity of the entity with particular ones of the plurality of restricted access zones for granting access to the particular ones of the plurality of restricted access zones, receiving an authentication request from the entity to access a second one of the plurality of access zones where the authentication request includes the local identity of the entity, and authenticating the entity for access to the second one of the plurality of access zones responsive to receiving the authentication request when the second one of the plurality of restricted access zones is one of the particular ones of the plurality of restricted access zones that are associated with the global identity of the entity, | 2012-06-21 |
20120159572 | COLLABORATIVE RULES BASED SECURITY - A cloud computing security system. An access manager module includes first and second client profiles. The first client profile has a first set of rules enabling access to a first set of cloud computing system resources, and the second client profile has a second set of rules enabling access to a second set of cloud computing system resources. A security logic module is in communication with the access manager module. The security logic module is configured to receive an access request for access to one of the first and second sets of cloud computing system resources. Responsive to determining that the access request complies with at least one of the first set of rules and the second set of rules, the security logic module is configured to provide an access grant that grants access to at least one of the first and second sets of cloud computing system resources. | 2012-06-21 |
20120159573 | SYSTEM, METHOD AND COMPUTER USABLE MEDIUM FOR RESTRICTING INTERNET ACCESS - A method of restricting internet access includes receiving an alteration of a master internet setting within an access device's registry file and monitoring an occurrence of the alteration. Then, in response to the occurrence of the alteration, the method includes restoring the master internet setting where the master internet setting does not include the alteration. An additional exemplary method further includes storing the occurrence of the alteration in an event tracking database. In another exemplary method, the master internet setting includes a ProxyEnable setting and an AutoConfigURL setting. In another exemplary method, the ProxyEnable setting value is zero and the AutoConfigURL setting value is null. Yet another exemplary method, the access device is coupled to a computer network. | 2012-06-21 |
20120159574 | METHOD AND SYSTEM FOR PROVIDING INFORMATION SHARING SERVICE FOR NETWORK ATTACKS - A system is provided to provide an information sharing service for network attacks. The system includes a service provider configured to collect and analyse information on detection and response policies to network attacks, a service registry that stores the collected information on the detection and response policies, and client terminals, each client terminal configured to request the information sharing service and search the service registry for the information on the detection and response policies. | 2012-06-21 |
20120159575 | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMPUTER PROGRAM - To securely transmit content through remote access via an external network, such as a WAN, while exceeding restrictions of an RTT and a TTL. | 2012-06-21 |
20120159576 | METHOD, APPARATUS AND SYSTEM FOR UPDATING AUTHENTICATION, AUTHORIZATION AND ACCOUNTING SESSION - The present disclosure relates to a method, an apparatus and a system for updating an Authentication, Authorization and Accounting AAA session. The method includes: receiving an AAA session request sent by a second network access server, where the AAA session request includes a second session identifier and an ERP message; and updating a session according to the second session identifier and a stored first session identifier after successful user authentication that is performed according to the ERP message, where the first session identifier and the second session identifier correspond to the same user. As the session is updated according to the second session identifier and the stored first session identifier, synchronization of session information is ensured, thereby resolving an abnormal session problem that occurs when a home AAA server initiates a session or the network access server uses a session after re-authentication. | 2012-06-21 |
20120159577 | ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES - Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity. | 2012-06-21 |
20120159578 | METHODS AND APPARATUS TO CONTROL PRIVILEGES OF MOBILE DEVICE APPLICATIONS - Methods and apparatus to control privileges of mobile device applications are disclosed. A disclosed example method includes assigning a process identifier to an application on a mobile device, the process identifier generated by an operating system of the mobile device, determining via a digital certificate that the application is authorized to be executed on the mobile device and that the application is authorized to access a network interface of the mobile device, configuring a mandatory access control module of the mobile device to enforce access of the network interface by providing the process identifier to the mandatory access control module, and enabling the application to access the network interface. | 2012-06-21 |
20120159579 | SYSTEM, METHOD AND DATABASE FOR MANAGING PERMISSIONS TO USE PHYSICAL DEVICES AND LOGICAL ASSETS - A system and method for storing user permissions for multiple disparate physical devices and systems in a unified permissions database connected to a network in common with the devices. The permissions database also stores user permissions for logical assets on or attached to the network. | 2012-06-21 |
20120159580 | Method of Establishing Trusted Contacts With Access Rights In a Secure Communication System - A method of establishing trusted contacts with access rights in a secure communication system. The method includes establishing the trustworthiness of an untrusted call received from another end point in a secure communication system and storing information corresponding to the end point as a trusted contact entry in a database if the trustworthiness of the end point is established. Access rights of the trusted contact are determined and stored in the database and any time restrictions are determined and stored in the database. | 2012-06-21 |
20120159581 | DISTRIBUTED MESH NETWORK - A device, method, and system are disclosed. In one embodiment a computing device resides in a mesh network. The device includes a first storage device that operates when the computing device is awake. The first storage device stores a last known list of peer computing devices in the mesh network. The device also includes a second storage device that operates regardless of whether any central processing unit in the computing device is awake or asleep. The second storage device includes a local block that stores a list of resources provided by the first computing device and a list of computing devices in the mesh network verified by the first computing device. The second storage device also includes a remote block that stores an unverified remote list of computing devices in the mesh network. | 2012-06-21 |
20120159582 | OBSCURING VISUAL LOGIN - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and either the modified base image or modified overlay image is moved by the user. A security level requirement is assigned and positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image after the moving in a manner that meets the security level requirement. | 2012-06-21 |
20120159583 | VISUAL OR TOUCHSCREEN PASSWORD ENTRY - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and movement of either the modified base image or modified overlay image is permitted if a criterion for movement is met. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image. | 2012-06-21 |
20120159584 | Device Association - Embodiments provide systems, methods, and articles of manufacture for enabling a client to associate with a device. In various embodiments, the device may transmit cryptographic data to a client. Based on and utilizing the cryptographic data, the client may associate with the device. | 2012-06-21 |
20120159585 | SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS - A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requestor identifying information; generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer. | 2012-06-21 |
20120159586 | METHOD AND APPARATUS FOR IMPLEMENTING SECURITY MEASURES ON NETWORK DEVICES - A method for providing security measures on a network device, such as a router, is disclosed. In one embodiment, a method includes receiving a request for a network resource. The method further includes determining a classification of the request, and generating, based on the determined classification of the request, a security measure corresponding to the determined classification of the request for authentication of the request. The method also includes permitting access to the network resource when a correct response is received to the security measure corresponding to the determined classification of the request. | 2012-06-21 |
20120159587 | METHOD AND SYSTEM FOR PRE-SHARED-KEY-BASED NETWORK SECURITY ACCESS CONTROL - A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network. | 2012-06-21 |
20120159588 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 2012-06-21 |
20120159589 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 2012-06-21 |
20120159590 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATING AN IDENTITY OF A USER BY GENERATING A CONFIDENCE INDICATOR OF THE IDENTITY OF THE USER BASED ON A COMBINATION OF MULTIPLE AUTHENTICATION TECHNIQUES - A user's identity is authenticated by evaluating the identity of the user using a plurality of authentication techniques, the plurality of authentication techniques generating a plurality of numerical confidence indicators, respectively, of the identity of the user, associating a plurality of authentication technique weights with the plurality of numerical confidence indicators, respectively, and calculating a weighted combination of the respective numerical confidence indicators using the plurality of authentication technique weights to generate a composite numerical confidence indicator of the identity of the user. | 2012-06-21 |
20120159591 | User Authentication Via Mobile Communication Device With Imaging System - A graphical authentication identifier is used to facilitate automatic authentication of a user. A graphical identifier authentication system receives a request from an authenticating entity for a onetime use graphical authentication identifier. In response to the received request, a onetime use graphical authentication identifier to be displayed by the authenticating entity is generated. A request for user authentication information by the authenticating entity is encoded in the graphical authentication identifier, which is transmitted to the authenticating entity for display (e.g., on a login screen). The onetime use graphical authentication identifier being displayed by the authenticating entity is captured by a registered user operated computing device. In response, the requested user authentication information is transmitted to the authenticating entity, such that the user is automatically authenticated to the authenticating entity, without the user manually entering the requested user authentication information. | 2012-06-21 |
20120159592 | MULTI-LAYERED COLOR-SENSITIVE PASSWORDS - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image and selection of a color for a portion of the display that matches a pre-selected color. | 2012-06-21 |
20120159593 | MULTI-LAYER ORIENTATION-CHANGING PASSWORD - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. In addition to the moving, a change in orientation of at least one of the modified base image and the modified overlay image is required. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image and the change in orientation matching a pre-selected orientation criterion. | 2012-06-21 |
20120159594 | ADJUSTING THE POSITION OF AN ENDPOINT REFERENCE FOR INCREASING SECURITY DURING DEVICE LOG-ON - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and with each execution of the method, at least one of a position of a pre-selected base image reference point on the modified base image and a position of a pre-selected overlay image reference point on the modified overlay image is varied. Positive authentication is indicated in response to an input resulting in the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image. | 2012-06-21 |
20120159595 | THIRD PARTY INITIATION OF COMMUNICATIONS BETWEEN REMOTE PARTIES - A data transfer system is described herein that allows data to be sent directly between two computing devices at the request of a third party client computer. The system allows a third party to initiate data transfers between computers in a network file system. This results in a significant speed increase because little to no data travels over the third party's potentially slower connection. The data transfer system provides a mechanism to determine if the direct transfer would be more efficient than two separate read and write operations, based on measurements of bandwidth and latency between each computing device. The data transfer system provides support for the source server to compress the data and the destination server to decompress the data at the direction of a third party client to further save network bandwidth. | 2012-06-21 |
20120159596 | BROWSER-BASED BACK-END MANAGEMENT SYSTEM FOR A CONCENTRATED PHOTOVOLTAIC (CPV) SYSTEM - Each of the CPV arrays at a solar site is coupled with a different system control point (SCP) to be communicatively connected to a central backend management system associated with that solar site. The management system is configured to present a plurality of user interfaces via the Internet to a browser of a user's client device to enable the user to navigate to and then 1) view information for various components and 2) send a command to perform an action for various components for the various components associated with the CPV arrays. The plurality of user interfaces presented to the user based on the management system having authenticated the user as being allowed to view the information related to the CPV array. | 2012-06-21 |
20120159597 | METHODS FOR REMOTE MONITORING AND CONTROL OF SECURITY DEVICES OVER A COMPUTER NETWORK - Methods are provided to access devices over the Internet and to control and/or set states of devices over the Internet. One method includes providing, at a server connected to the Internet, code for enabling access to networked devices at a remote location using a networked computing device. The method can enable receiving a status request to view status of one or more of the networked devices. The method can also enable receiving a control request at the server, via the networked computing device, to operate one or more utility controls at a remote location. The utility controls can be used for any of a variety of purposes. The method is operable for any computing device that has access to the Internet, including wireless hand-held networked devices. | 2012-06-21 |
20120159598 | USER AUTHENTICATION SYSTEM AND METHOD USING PERSONAL IDENTIFICATION NUMBER - A user authentication system using a personal identification number, includes a user terminal device for requesting issuance of a personal identification number from an authentication server, storing and displaying a personal identification number, and registering reference information used to permit verification of validity of the personal identification number on the authentication server. Further, the user authentication system includes an inquiry device for requesting verification of validity of the personal identification number from the authentication server, and receiving and displaying results of the verification. Furthermore, the user authentication system includes an authentication server for storing issuance information while issuing the personal identification number, determining whether to permit the verification of the validity of the personal identification number, if the inquiry device requests the verification of the validity, and replying with results of the verification, if it is determined that the verification of the validity is to be permitted. | 2012-06-21 |
20120159599 | Personalized Multifunctional Access Device Possessing an Individualized Form of Authenticating and Controlling Data Exchange - A personalized multifunctional access device that possesses an individualized form of authenticating and controlling data exchange following a unique authentication of a user by the access device, wherein the access is further disposed to create a secure exchange environment for a user through pairing with a corresponding medium and subsequent authentication. | 2012-06-21 |
20120159600 | METHOD OF CONTROLLING BIOMETRIC AUTHENTICATION SYSTEM, NON-TRANSITORY, COMPUTER READABLE STORAGE MEDIUM AND BIOMETRIC AUTHENTICATION SYSTEM - A control method for controlling a biometric authentication system including a server that stores reference biometric data, and a client that acquires biometric authentication data of the user, has saving in the server a table in which identification information identifying the user and a previous authentication result of the user are associated with each other, transmitting the identification information to the server, referring to the identification information and acquiring a previous authentication result of the user corresponding to the identification information from the table, calculating, an authentication success rate of the user from the acquired previous authentication result, transmitting the reference biometric data to the client when the authentication success rate is less than or equal to a certain value, calculating, a degree of matching between the biometric authentication data and the reference biometric data, and determining, whether or not the authentication of the user has succeeded. | 2012-06-21 |
20120159601 | Transition from WS-Federation Passive Profile to Active Profile - A server system sends a first credential request to a passive requestor at a client device. After sending the first credential request, the server system receives a credential for a user of the client device. If the credential is valid, the server system can provide the passive requestor with access to a resource provided by the server system. After providing the passive requestor with access to the resource, the server system provides an active requestor at the client device with access to the resource without sending a second credential request to the active requestor. Consequently, it may not be necessary for a user of the client device to provide credentials twice in order for the passive requestor and the active requestor to access the resource. | 2012-06-21 |
20120159602 | MOBILE MIDDLEWARE FOR GENERIC BOOTSTRAPPING ARCHITECTURE - A mobile terminal receives a Global Bootstrapping Architecture (GBA) authentication request from an application client, executing on a processor of the device, in non-standard GBA syntax. The mobile terminal converts the GBA authentication request into standard GBA syntax for a Universal Integrated Circuit Card (UICC) and sends the GBA authentication request having standard GBA syntax to the UICC. The mobile terminal receives, from the UICC, GBA authentication information responsive to the GBA authentication request, the GBA authentication information having standard GBA syntax, and converts, the GBA authentication information having standard GBA syntax into GBA authentication information having non-standard GBA syntax supported by the application client. | 2012-06-21 |
20120159603 | MOBILE OUT-OF-BAND AUTHENTICATION SERVICE - Certain embodiments enable authentication of an application session at a client machine by using authentication values and user-identification values that are received from a mobile communication device. The mobile communication device provides an out-of-band channel for validating the session and enables secure authentication for a variety of applications. | 2012-06-21 |
20120159604 | Method and System for Communication Between Devices - An embodiment of the present invention includes a system for communicating digital data from a preferably small battery powered device (e.g., key-chain or pocket-sized form-factor) to a personal electronic device (e.g., a smartphone such as an iPhone or a Nexus One). The communication mechanism of the present invention can be used as second factor authentication. The present invention can also be used as a key for accessing physical locations such as building. Alternatively, the present invention can be used as a manner for transmitting digital data to a personal electronic device such as a smart phone. | 2012-06-21 |
20120159605 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 2012-06-21 |
20120159606 | CODE DOMAIN ISOLATION - A method for achieving code domain isolation. A first set of data is received in a first domain format. The first set of data is changed to a second domain format. The first set of data in the second domain format is captured. The first set of data in the second domain format is changed to a third domain format. The first set of data in the third domain format is prepared for receipt by a user computer system. | 2012-06-21 |
20120159607 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE - An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client integrates with an operating system of the device to provide a single entry point for user authentication for secure enterprise connectivity, endpoint security services including endpoint compliance with respect to anti-virus and spyware software, and comprehensive integrity checks. That is, the multi-service client provides a common user interface to the integrated services, and provides a VPN handler that interfaces with the operating system to provide an entry point for network traffic to which the integrated services can be seamlessly applied. | 2012-06-21 |
20120159608 | PASSWORD ENTRY USING 3D IMAGE WITH SPATIAL ALIGNMENT - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned, at least one of the base image reference point and the overlay image reference point having coordinates in three dimensions. | 2012-06-21 |
20120159609 | PASSWORD ENTRY USING MOVING IMAGES - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method, an authentication video is displayed on a display. In response to receiving an input at a point in time in the video that matches a pre-selected time reference point, positive authentication is indicated. | 2012-06-21 |
20120159610 | MEMORY PROTECTION AND SECURITY USING CREDENTIALS - A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory. | 2012-06-21 |
20120159611 | Central Administration and Abstraction of Licensed Software Features - Systems and techniques are provided to allow for license abstraction by a central licensing server among a set of remote clients. The central server may generate a configuration file that can be pushed to remote clients, to configure the clients to provide desired software features. The licensed features may be distributed among the clients in any combination desired by an administrator. | 2012-06-21 |
20120159612 | System for Storing One or More Passwords in a Secure Element - The present invention involves a system for storing one or more passwords on a portable communication device having a secured element and a user interface, the system comprising memory associated with the secure element; a card management module operably associated with the portable communication device and with the secure element capable of controlling the secured element to facilitate writing to and reading from the memory; a graphical user interface operably connected via the user interface of the portable communication device with the card management module, the graphical user interface providing for input of the one or more passwords into the memory via the card management module and for viewing the one or more passwords so stored in the memory. | 2012-06-21 |
20120159613 | MULTI-LAYER MULTI-POINT OR RANDOMIZED PASSWORDS - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response a first point relative to the base image reference point being aligned with a second point relative to the overlay image reference point. | 2012-06-21 |
20120159614 | SIMPLE ALGEBRAIC AND MULTI-LAYER PASSWORDS - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. The modified overlay image comprises a plurality of numbers. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned, in sequence, with two or more numbers from the overlay image that equal a pre-selected algebraic result when one or more algebraic operator is apply to the numbers. | 2012-06-21 |
20120159615 | MULTI-LAYER MULTI-POINT OR PATHWAY-BASED PASSWORDS - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. In addition to the moving, a change in orientation of at least one of the modified base image and the modified overlay image is required. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image after moving through at least one other pre-selected reference point. | 2012-06-21 |
20120159616 | PRESSURE SENSITIVE MULTI-LAYER PASSWORDS - A method of authenticating a user of a computing device is proposed, together with a computer readable medium and a computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and either the modified base image or modified overlay image is moved by the user. Positive authentication is indicated in response to alignment of a base image reference point and an overlay image reference point and an indication of a correct level of pressure applied to a pressure sensitive input device. | 2012-06-21 |
20120159617 | HEADSET, METHOD FOR CONTROLLING USAGE OF HEADSET, AND TERMINAL - The present invention provides a headset, a method for controlling usage of the headset and a terminal. The headset includes a memory configured to store an authentication password; and a usage control unit configured to send, after a connection is established between the headset and a terminal, a request of inputting authentication password to the terminal when the headset is in a protected state, receive an authentication password inputted from the terminal, authenticate the received authentication password using the stored authentication password, and control an execution of a predetermined function of the headset based on an authentication result. The present invention protects the headset by limiting the usage right of the headset, so as to reduce the probability of headset loss. | 2012-06-21 |
20120159618 | IMAGE PROCESSING APPARATUS, CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM FOR COMPUTER PROGRAM - An image processing apparatus performs specific processing on images read out of a document having pages as follows. Each of the pages is a member assigned to at least any one of groups. The apparatus determines a second security level of each group based on a first security level of each page of the corresponding group; before the specific processing on the N-th group, determines whether or not password entry is necessary based on the second security level of the N-th group and any of the second security levels of the first group through the (N−1)-th group; and performs the specific processing on the N-th group if it is determined that password entry is unnecessary for the N-th group, or, alternatively, if it is determined that password entry is necessary for the N-th group and if a password is appropriately entered. | 2012-06-21 |
20120159619 | Formal Analysis of the Quality and Conformance of Information Flow Downgraders - Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration. | 2012-06-21 |
20120159620 | Scareware Detection - A machine-implemented method for detecting scareware includes the steps of accessing one or more landing pages to be evaluated, extracting one or more features from the landing pages, and providing a classifier to compare the features extracted from the landing pages with features of known scareware and non-scareware pages. The classifier determines a likelihood that the landing page is scareware. If determined to be scareware, the landing page is removed from search results generated by a search engine. The features can be URLs, text, image interest points, image descriptors, a number of pop-ups generated, IP addresses, hostnames, domain names, text derived from images, images, metadata, identifiers of executables, and combinations thereof. | 2012-06-21 |
20120159621 | DETECTION SYSTEM AND METHOD OF SUSPICIOUS MALICIOUS WEBSITE USING ANALYSIS OF JAVASCRIPT OBFUSCATION STRENGTH - The present invention provides a detection system of a suspicious malicious website using the analysis of a JavaScript obfuscation strength, which includes: an entropy measuring block of measuring an entropy of an obfuscated JavaScript present in the website, a special character entropy, and a variable/function name entropy; a frequency measuring block of measuring a specific function frequency, an encoding mark frequency and a % symbol frequency of the JavaScript; a density measuring block of measuring the maximum length of a single character string of the JavaScript; and a malicious website confirming block of determining whether the relevant website is malicious by comparing an obfuscation strength value, measured by the entropy measuring block, the frequency measuring block and the density measuring block, with a threshold value. | 2012-06-21 |
20120159622 | METHOD AND APPARATUS FOR GENERATING ADAPTIVE SECURITY MODEL - A method for generating an adaptive security model includes: generating an initial security model with respect to data input via an Internet during a learning process; and continuously updating the initial security model by applying characteristics of the input data during an online process. Said generating an initial security model includes: matching the input data with a unit having a weight vector with distance closest to the input data using a first unsupervised algorithm; generating a map composed of weight vectors of units; and performing a second unsupervised algorithm using the weight vectors forming the map as input values to partition an attack cluster. | 2012-06-21 |
20120159623 | METHOD AND APPARATUS FOR MONITORING AND PROCESSING DNS QUERY TRAFFIC - A method for monitoring and processing domain name system (DNS) query traffic includes: monitoring DNS query traffic in each time slot during a monitoring period comprised of n number of time slots; extracting traffic information during the monitoring period by using the DNS query traffic monitored in said each time slot; and analyzing the extracted traffic information to detect a DNS traffic flooding attack. | 2012-06-21 |
20120159624 | COMPUTER SECURITY METHOD, SYSTEM AND MODEL - A computer security method includes receiving a security alert associated with an electronic attack to at least one computer system of a data network, identifying a first set of business services which may be affected by the electronic attack, estimating, based on an identified first set of potentially affected business services, a first potential cost to a business when the electronic attack is successful, identifying at least one counteraction which may be employed to prevent or mitigate the electronic attack, identifying a second set of business services which may be affected by the at least one counteraction, estimating, based on the identified second set of potentially affected business services, a second potential cost to the business when the counteraction is employed, and comparing the first potential cost and the second potential cost. | 2012-06-21 |
20120159625 | MALICIOUS CODE DETECTION AND CLASSIFICATION SYSTEM USING STRING COMPARISON AND METHOD THEREOF - The present invention provides a malicious code detection and classification system using a string comparison technique, including a string extracting unit configured to extract all expressed strings existing in a binary file from the malicious code binary file; a string refining unit configured to refine elements obstructing malicious code detection and classification in the strings extracted from the string extracting unit; and a string comparison unit configured to determine how similar one binary is to another binary by comparing strings refined from the string refining unit. | 2012-06-21 |
20120159626 | GEOGRAPHICAL INTRUSION RESPONSE PRIORITIZATION MAPPING SYSTEM - Systems and methods for geographically mapping an intrusion into a network having one or more network points include receiving intrusion information identifying a intrusion into a point of the network, correlating the intrusion information with location information for the identified network point, and network identification information for the identified network point, and generating a map displaying a geographical location of the intrusion. | 2012-06-21 |
20120159627 | SUSPICIOUS NODE DETECTION AND RECOVERY IN MAPREDUCE COMPUTING - Embodiments of the present invention address deficiencies of the art in respect to distributed computing for large data sets on clusters of computers and provide a novel and non-obvious method, system and computer program product for detecting and correcting malicious nodes in a cloud computing environment (e.g., MapReduce computing). In one embodiment of the invention, a computer-implemented method for detecting and correcting malicious nodes in a cloud computing environment can include selecting a task to dispatch to a first worker node, setting a suspicion index threshold for the selected task, determining a suspicion index for the selected task, comparing the suspicion index to the suspicion index threshold and receiving a result from a first worker node. The method further can include applying a recovery action when the suspicion index exceeds the selected suspicion index threshold. | 2012-06-21 |
20120159628 | MALWARE DETECTION APPARATUS, MALWARE DETECTION METHOD AND COMPUTER PROGRAM PRODUCT THEREOF - A malware detection apparatus, a malware detection method, and a computer program product thereof are provided. The malware detection apparatus is used to detect a program. The program executes a first process. The malware detection apparatus comprises a storage unit and a processing unit. The storage unit is configured to store a malicious behavior profile of a malware. The processing unit is configured to construct a first behavior profile according to the first process, compare the first behavior profile with the malicious behavior profile and generate a comparison result. The processing unit updates a behavior record table according to the comparison result, and determines that the program is the malware according to the behavior record table. | 2012-06-21 |
20120159629 | METHOD AND SYSTEM FOR DETECTING MALICIOUS SCRIPT - A method for detecting a malicious script is provided. A plurality of distribution eigenvalues are generated according to a plurality of function names of a web script. After the distribution eigenvalues are inputted to a hidden markov model (HMM), probabilities respectively corresponding to a normal state and an abnormal state are calculated. Accordingly, whether the web script is malicious or not can be determined according to the probabilities. Even an attacker attempts to change the event order, insert a new event or replace an event with a new one to avoid detection, the method can still recognize the intent hidden in the web script by using the HMM for event modeling. As such, the method may be applied in detection of obfuscated malicious scripts. | 2012-06-21 |
20120159630 | PROGRAM EXECUTION INTEGRITY VERIFICATION FOR A COMPUTER SYSTEM - A computer system may be employed to verify program execution integrity by receiving a request to launch a program that has been instrumented to include at least one integrity marker, instantiating the program with an integrity marker value, and verifying the execution integrity of the program based on the integrity marker value and information received from the program during execution. A computer system may also be employed for program instrumentation by modifying the program to include at least one instruction for passing an integrity marker value to an operating system kernel during execution of the instruction. | 2012-06-21 |
20120159631 | Anti-Virus Scanning - A method and apparatus for performing an anti-virus scan of a file system. Intermediate scanning results are obtained for a file in the file system, prior to a scan of the file being completed. The intermediate scanning results are then stored in a database. The intermediate scanning results can be used to speed up subsequent scans, and to provide other useful information to an on-line anti-virus server. In a subsequent scan of the file system, a determination is made whether intermediate scanning results relating to the file are available in the database. If they are available for a particular type of intermediate scan, then a scan need not be performed for the file. If they are not, then the scan can be performed. | 2012-06-21 |
20120159632 | Method and Arrangement for Detecting Fraud in Telecommunication Networks - Method and arrangement in a mediating function ( | 2012-06-21 |
20120159633 | System and Method for Updating Antivirus Cache - Disclosed are systems, methods and computer program products for updating antivirus cache during malware scan of a computer system. In particular, an antivirus cache stored in a non-volatile system memory may be updated with information from an antivirus database during execution of malware detection processes launched on the computer system. If a malware detection process use one or more sections of the antivirus cache which require updating, the system replicates those sections of the antivirus cache and updates them. Each update contains different types of data and code associated with different types of malware. During update, the same types of data for each type of malware is collected and stored as data files in corresponding sections of the antivirus cache and executable code sections are converted into platform-specific dynamic libraries and also stored in the antivirus cache. | 2012-06-21 |
20120159634 | VIRTUAL MACHINE MIGRATION - Attesting a virtual machine that is migrating from a first environment to a second environment includes in response to initiation of migration of the virtual machine from the first environment to the second environment, accessing one or more stored trust values generated during the trusted boot of the virtual machine in the first environment, determining if the accessed trust values define a security setting sufficient for the second environment, and if the accessed trust values do not define a security setting sufficient for the second environment, performing a predetermined action in relation to the migration of the virtual machine to the second environment. | 2012-06-21 |
20120159635 | Comment Plug-In for Third Party System - In one embodiment, a user comment system receives a user comment associated with a content object, assigns one or more privacy settings to the user comment, and stores the user comment in a data store in association with an identifier unique to the content object. | 2012-06-21 |
20120159636 | DNS-BASED DETERMINING WHETHER A DEVICE IS INSIDE A NETWORK - In a computing device a domain name system (DNS) query is generated and sent, and a check is made as to whether a verified DNS response to the DNS query is received. The computing device is determined to be inside a particular network if a verified DNS response is received, and is determined to be outside that particular network if a verified DNS response is not received. A DNS response can be determined to be verified if both the DNS response has an expected value and the DNS response is digitally signed by a trusted authority, and otherwise can be determined to be not verified. | 2012-06-21 |
20120159637 | FUNCTIONALITY FOR PROVIDING DE-IDENTIFIED DATA - A de-identification system is described herein for converting original messages into de-identified messages. The de-identification system leverages original message-inception-functionality which operates as a gateway for providing original messages for use by a production environment. Namely, the de-identification system includes a transformation module that receives the original messages from the original message-inception functionality. The transformation module then converts instances of sensitive information contained in the original messages into non-sensitive information, to produce the de-identified messages. A de-identified environment can consume the de-identified messages with high confidence that the messages have been properly sanitized. This is because the de-identification work has been performed at a well-contained quarantine level of the message processing functionality. | 2012-06-21 |
20120159638 | METHOD AND APPARATUS FOR ACCESSING CONTENT PROTECTED MEDIA STREAMS - A method and apparatus for recovering a content signal from media stream protected by a digital rights management (DRM) system. A content access device includes a network interface configured to receive the protected media stream from a remote content provider via a network and a plurality of distinct DRM components corresponding to DRM systems supported by the content access device. A content extraction unit is operable to select a DRM component of the plurality of DRM components and execute the selected DRM component to recover a content signal from the protected media stream. When a search engine is used to discover available content, a list of references to available content is presented to the user, the presentation being dependent upon whether or not the content is protected by a DRM system supported by the content access device. | 2012-06-21 |
20120159639 | METHOD OF PROVIDING CUSTOMIZED SERVICE WITH PRIVACY SECURITY - A method of providing customized service with privacy security includes: requesting service information provided from a smart environment to a smart environment control system; once the service information is transmitted from the smart environment control system, generating schedule information by using the service information, user personal information, and schedule generation information; and transmitting a service command to the smart environment control system according to the schedule information. | 2012-06-21 |
20120159640 | Acquiring Access To A Token Controlled System Resource - Acquiring access to a token controlled system resource, including: receiving, by a token broker, a command that requires access to the token controlled system resource, where the token broker is automated computing machinery for acquiring tokens and distributing the command to the token controlled system resource for execution; identifying, by the token broker, a first need state, the first need state indicating that the token broker requires access to the token controlled system resource to which the token broker does not possess a token; requesting, by the token broker, a configurable number of tokens to gain access to the token controlled system resource, without dispatching an operation handler for executing the command until at least one token is acquired; assigning, by the token broker, an acquired token to the operation handler; and dispatching, by the token broker, the operation handler and its assigned token for executing the command. | 2012-06-21 |
20120159641 | Power Meter Arrangement - An electric power meter arrangement, includes a metrology unit configured to be coupled to a power line and to determine power consumption and provide measurement data representing the power consumption. A programmable control unit including a memory is configured to store software configured to run on the control unit. A security unit is configured to store at least one key and to validate that software stored in the memory of the programmable control unit is authorized. | 2012-06-21 |
20120159642 | Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 2012-06-21 |
20120159643 | Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 2012-06-21 |
20120159644 | Method for Managing Keys and/or Rights Objects - One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified. This greatly increases the efficiency of RO management. A similar system may be used for management of content encryption/encryption keys for protecting content files. | 2012-06-21 |
20120159645 | TECHNIQUES FOR VALIDATING AND SHARING SECRETS - Techniques for validating and sharing secrets are presented. A secret is divided into a plurality of parts. Each part is represented by a unique value. Each value is distributed to a unique user that shares in the secret. The secret is recreated when each user presents each user's unique value. Each unique value is then used to recreate its corresponding part of the key and when all parts are present and validated, the secret is reproduced. | 2012-06-21 |
20120159646 | Storage device with a hidden space and its operation method - A storage device with a hidden space comprises a case, a biometric identification device and a switch device and embodies digital data protected in a private zone without any concern about digital data disclosed to any person who holds a data disk according to a procedure of comparing a user's characteristic signals transferred from a user's features read by the biometric identification device with a test program in an automatic executive program. | 2012-06-21 |
20120159647 | Systems and methods for user identity verification and risk analysis using available social and personal data - A new approach is proposed that contemplates systems and methods to support user identity verification based on social and personal information of the user. Under the approach, customers/users are required to grant identity verifying party a degree of access to their social network information, including but not limited to, account data and social graph information on social networks. The identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user. | 2012-06-21 |
20120159648 | APPARATUS AND METHOD FOR MANAGING DIGITAL RIGHTS USING VIRTUALIZATION TECHNIQUE - The present invention relates to an apparatus and a method for managing digital rights using virtualization technique, and more particularly to an apparatus and a method for enabling a user to access a desired text file in an independent area through a virtual machine corresponding to a licensed right for accessing the text file. The present invention comprises a virtual machine (VM) management unit for controlling a user access authorization function for accessing the text file in the area to which the virtualization technique is applied. | 2012-06-21 |
20120159649 | Sensitive Information Handling on a Collaboration System - On a document collaboration system, such as a wiki, the content of postings to the collaboration system is monitored for sensitive information. Under some embodiments, when instances of such sensitive information are detected, an e-mail is sent to the user that posted the collaboration page posting. In other embodiments, a message is then sent to a person associated with the entity that indicates that the information placed on the collaboration page is confidential information or is related to an asset of the entity. In further embodiments, individual people are assigned responsibility for monitoring the use of certain instances of sensitive information on the collaboration system. Each user is only notified when the instances they are responsible for appear on a collaboration page. In other embodiments, if a collaboration page includes an instance of sensitive information, access to the collaboration page is changed such that fewer people can access the collaboration page. | 2012-06-21 |
20120159650 | APPARATUS AND METHOD FOR RECOGNIZING SECURITY SITUATION AND GENERATING SITUATION INFORMATION BASED ON SPATIAL LINKAGE OF PHYSICAL AND IT SECURITY - An apparatus for recognizing security situation and generating situation information based on spatial linkage of physical and IT security, the apparatus includes: a security event collection unit for mapping, when a security event is detected from a security device, unique information of the security device to a location or an object in a real space, and collecting correlated security events based on the mapped information; a security situation awareness unit for determining a type of a security situation and a degree of threat based on the correlated security events; and a situation information generation unit for analyzing a correlation between the correlated security events and the security event to generate security situation information. | 2012-06-21 |
20120159651 | SECURE KVM SWITCH - A secure switch assembly for controlling first and second computers using a common keyboard and a common mouse is provided. The switch assembly comprises a secure controller together with first and second switching elements. The secure controller comprises receiving means, configured to receive a selection signal from a user, determining means configured to determine whether the selection signal represents a single, coherent selection and transmitting means configured to emit first and second enabling signals. The first switching element is associated with a first computer and is configured to receive a signal indicative of a mouse instruction from a mouse, a signal indicative of a keyboard instruction from a keyboard and a first enabling signal from the secure controller. The second switching element is also associated with the first computer and is configured to receive a signal indicative of a mouse instruction from the first switching element, a signal indicative of a keyboard instruction from the first switching element and a second enabling signal from the secure controller. The first and second switching elements are configured to enable transmission of the mouse and keyboard instructions therethrough if both the first and second enabling signals are respectively received. The first and second computers are effectively isolated by the first and second switching elements and thereby effect assurance to a high grade. | 2012-06-21 |
20120159652 | APPARATUS AND METHOD TO HARDEN COMPUTER SYSTEM - In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification. Other embodiments are disclosed and claimed. | 2012-06-21 |
20120159653 | GENOMIC EDITING OF GENES INVOLVED IN MACULAR DEGENERATION - The present invention provides genetically modified animals and cells comprising edited chromosomal sequences encoding proteins associated with MD. In particular, the animals or cells are generated using a zinc finger nuclease-mediated editing process. Also provided are methods of using the genetically modified animals or cells disclosed herein to study MD development and methods of assessing the effects of agents in genetically modified animals and cells comprising edited chromosomal sequences encoding proteins associated with MD. | 2012-06-21 |
20120159654 | GENOME EDITING OF GENES INVOLVED IN ADME AND TOXICOLOGY IN ANIMALS - The present invention provides genetically modified animals and cells comprising edited chromosomal sequences involved in ADME and toxicology. In particular, the animals or cells are generated using a zinc finger nuclease-mediated editing process. The invention also provides zinc finger nucleases that target chromosomal sequence involved in ADME and toxicology and the nucleic acids encoding said zinc finger nucleases. Also provided are methods of assessing the effects of agents in genetically modified animals and cells comprising edited chromosomal sequences involved in ADME and toxicology. | 2012-06-21 |
20120159655 | METHODS USING AXL AS A BIOMARKER OF EPITHELIAL-TO-MESENCHYMAL TRANSITION - The present invention relates to the use of AxI as a biomarker for detecting the occurrence of epithelial-to-mesenchymal transition (EMT) in a subject. More specifically, the invention relates to various methods for detecting the occurrence of epithelial-to-mesenchymal transition (EMT) in a subject by measuring AxI expression and/or activity. | 2012-06-21 |
20120159656 | COMPOSITIONS AND METHODS FOR EVALUATING COGNITIVE DEFECTS - The present invention provides, in some aspects, methods for identifying agents useful in treating disorders or conditions associated with cognitive deficits. In some aspects, the invention provides methods for detecting a cognitive deficit in a subject. | 2012-06-21 |
20120159657 | Compositions and Methods for Inhibiting Expression of RRM2 Genes - The invention relates to a double-stranded ribonucleic acid (dsRNA) for inhibiting the expression of a RRM2 gene. The invention also relates to a pharmaceutical composition comprising the dsRNA or nucleic acid molecules or vectors encoding the same together with a pharmaceutically acceptable carrier; methods for treating diseases caused by the expression of a RRM2 gene using said pharmaceutical composition; and methods for inhibiting the expression of RRM2 in a cell. | 2012-06-21 |
20120159658 | EXTRACELLULAR VESICLES DERIVED FROM GRAM-POSITIVE BACTERIA, AND USE THEREOF - The present application relates to extracellular vesicles (EVs) derived from gram-positive bacteria. In detail, the present application provides animal models of disease using extracellular vesicles derived from gram-positive bacteria, provides a method for screening an active candidate substance which is capable of preventing or treating diseases through the animal models of disease, provides vaccines for preventing or treating diseases caused by extracellular vesicles derived from gram-positive bacteria, and provides a method for diagnosing the causative factors of diseases caused by gram-positive bacteria using extracellular vesicles. | 2012-06-21 |
20120159659 | CUSTOM-MADE MEGANUCLEASE AND USE THEREOF - New rare-cutting endonucleases, also called custom-made meganucleases, which recognize and cleave a specific nucleotide sequence, derived polynucleotide sequences, recombinant vector cell, animal, or plant comprising said polynucleotide sequences, process for producing said rare-cutting endonucleases and any use thereof, more particularly, for genetic engineering, antiviral therapy and gene therapy. | 2012-06-21 |
20120159660 | DESATURASES AND METHODS OF USING THEM FOR SYNTHESIS OF POLYUNSATURATED FATTY ACIDS - The amino acid and nucleic acid sequences of a Δ | 2012-06-21 |