27th week of 2014 patent applcation highlights part 78 |
Patent application number | Title | Published |
20140189746 | SYSTEMS AND METHODS FOR INTERRUPTED PROGRAM RECORDING - Program recording systems and methods are operable to adjust recording times of a program of interest in response to an occurrence of an interrupting program that alters the scheduled recording times of the program of interest. An exemplary embodiment receives an unscheduled program flag (UPF) corresponding to an occurrence of an unscheduled program; adjusts at least one of a scheduled recording start time associated with the program of interest to an updated record start time and a scheduled recording end time associated with the program of interest to an updated record end time in response to receiving the UPF; and records the program of interest based upon at least one of the updated record start time and the updated record end time. | 2014-07-03 |
20140189747 | RAPID MOVEMENT THROUGH AN ELECTRONIC PROGRAM GUIDE - Methods and apparatus to scroll through an electronic program guide at a first and a second scroll speed are provided. While viewing an electronic program guide (EPG) output by a receiving device, a user transmits a first command to the receiving device to start scrolling the time slots in the EPG such that the EPG displays program information for future time slots. The first command causes the time slots to scroll at a first speed. The user can increase the scroll speed by transmitting another command. The time slots in the EPG cease scrolling when there is no more data to display or when the user transmits a stop scrolling command to the receiving device. | 2014-07-03 |
20140189748 | METHOD AND APPARATUS FOR RECORDING CONTENTS - The present invention relates to a method and apparatus for recording a content. An embodiment of the invention provides a method for recording a content that includes: determining a recording state of a first content through a first path; searching a second content corresponding to the first content through a second path according to the recording state of the first content through the first path; and recording or downloading the second content found by the search through the second path or providing a link by which to obtain the second content. | 2014-07-03 |
20140189749 | Apparatus and Method for Combining Realtime and Non-Realtime Encoded Content - A terminal for decoding and presenting encoded realtime and non-realtime interactive program guide (IPG) content including a realtime video portion and a non-realtime guide graphics portion. The terminal includes a demodulator operative to receive and demodulate a modulated signal to provide a transport stream, and a transport demultiplexer coupled to the demodulator and operative to receive and process the transport stream to provide a sequence of transport packets re-timestamped to synchronize encoded realtime content and encoded non-realtime content included therein. At least one video decoder is coupled to the transport demultiplexer and operative to receive and decode the encoded realtime and non-realtime contents to recover the realtime and non-realtime contents for the user interface. | 2014-07-03 |
20140189750 | Digital Satellite Broadcast Program Distribution Over Multicast IP Broadband Networks - Systems and methods for distributing digital satellite broadcast programs over multicast Internet Protocol (IP) networks are provided. A satellite receiver gateway receives a signal from a digital satellite broadcast and generates service information multicast packets that are transmitted over a multicast IP network. A device receives the service information multicast packets and generates a channel list or electronic program guide for a user. When a user selects a service from the channel list or electronic program guide the device sends a service request for the service towards the satellite receiver gateway. Either the satellite receiver gateway or a switch within the multicast IP network can then transmit the service in multicast IP packets to the requesting device. | 2014-07-03 |
20140189751 | BROADBAND ASSISTED CHANNEL CHANGE - A receiver reduces a time delay associated with a change between two broadcast channels by detecting an activity associated with a channel change operation and requesting, via a broadband interface, data corresponding to the newly requested broadcast channel. The broadband data corresponding to the new broadcast channel is displayed while the broadcast channel is tuned and processed by the receiver. Upon processing the broadcast channel, the displayed broadband data is replaced by the processed broadcast data. | 2014-07-03 |
20140189752 | INFORMATION PROCESSING APPARATUS - The present invention relates to an information processing apparatus with improved operatability. With the information processing apparatus in which the user is capable of watching a television program and connecting to the Internet, the index panel | 2014-07-03 |
20140189753 | System and Method for Providing Interactive Mobile Content Using Multiple Communication Paths - A method of and system for providing interactive services to a set of mobile devices is provided, comprising: providing at least one set of first information adapted for over-the-air broadcast to a set of mobile devices by at least one first facility, wherein the first information is selected from the group comprising program content, basic information and cloud content; providing at least one set of second information adapted for transmission to at least one of the mobile devices by at least one second facility, wherein the second information is selected from the group comprising non-linear information, on-demand information, cloud content and user-defined content, and wherein the second facility comprises a transmitter selected from the group comprising a short range wireless transmitter in intermittent communication with at least one of the mobile devices and a long range wireless transmitter; and receiving at least one set of third information based on information selected from the group comprising the first information and the second information from at least one of the mobile devices, wherein the third information is forwarded by a third facility comprising a receiver selected from the group comprising a short range wireless receiver in intermittent communication with at least one of the mobile devices and a long range wireless receiver. | 2014-07-03 |
20140189754 | ADAPTIVE MULTICAST DELIVERY OF MEDIA STREAMS - Various systems, methods and devices adaptively manage the multicast delivery of multiple media programs. Each of the media programs is encoded into multiple media streams, each stream having a different bitrate, frame rate, resolution or other encoding parameter. A computer receives feedback about the delivery of the multiple streams and automatically adapts the number of streams available for at least one of the multiple media programs in response to the received feedback. This allows resources to be applied to those multicast streams having the greatest user demand. | 2014-07-03 |
20140189755 | WIRELESS NETWORK ACCESS POINTS BY STB AND SATELLITE ANTENNAE - A satellite dish assembly and a set-top box are utilized to provide an internet wireless hotspot. The set-top box connects to the internet through a modem. The set-top box is coupled to the satellite dish assembly allowing the satellite dish assembly to connect to the internet through the set-top box. An antenna coupled to the satellite dish assembly broadcasts a wireless internet signal allowing a mobile electronic device to connect to the internet through the set-top box. | 2014-07-03 |
20140189756 | ENHANCED RELIABILITY FOR SATELLITE DATA DELIVERY - A media device may be configured for receiving data from one or more satellites. The media device may include one or more processors and one or more storage devices. A first tuner of a media device may tune to a first data stream that came from a first satellite transponder. A second tuner of the media device may tune to a second data stream that came from a second satellite transponder. The first data stream and the second data stream may be derived from source data based at least in part on a data distribution scheme. The data distribution scheme may include distributing at least portions of the source data with the first data stream and the second data stream. The first data stream and/or the second data stream may be processed to store and/or output for presentation content. | 2014-07-03 |
20140189757 | METHOD AND SYSTEM FOR PROVIDING COMMENTARY - The invention discloses a system having electronic means for providing commentary audibly and/or visually, which electronic means is adapted to provide such commentary asynchronously. The system includes multiple asynchronous group triggering on channels. The commentary is divided into channels and/or groups and includes plays based on areas, and not on sequence only. The plays and/or areas are sequenced if required and are provided with associated rules. | 2014-07-03 |
20140189758 | WIFI VIDEO BRIDGE CIRCUIT IN QOS - A first television receiver provides media content wirelessly to a second television receiver. The first television receiver transmits video data to the second television receiver on a first wireless network. The television receiver transmits other kinds of data to the second television receiver on a second wireless network. | 2014-07-03 |
20140189759 | CUSTOM-TAILORED ENTERTAINMENT EXPERIENCE FOR USER IDENTIFIED BY DIFFERENT LOYALTY PROGRAM USER IDENTIFIERS AT DIFFERENT HOSPITALITY LOCATIONS - A user profile server stores a particular user profile corresponding to a user who belongs to a plurality of separate loyalty programs, and the particular user profile includes a plurality of different loyalty program user identifiers each identifying the user on a respective one of the separate loyalty programs. The user profile server communicates user a preference included on the particular user profile to a first controller via the computer network and communicates the user preference included on the particular user profile to a second controller via the computer network. The first controller is associated with a first hospitality location where the user is identified according to a first loyalty program user identifier included on the particular user profile, and the second is controller is associated with a second hospitality location where the user is identified according to a second loyalty program user identifier included on the particular user profile. | 2014-07-03 |
20140189760 | METHOD AND SYSTEM FOR ALLOCATING WIRELESS RESOURCES - A system and method for allocating wireless video resources among video streaming sources at an event (or events) according to a crowd selection mechanism. | 2014-07-03 |
20140189761 | ARCHIVING A LIVE MEDIA PRESENTATION - A computer-implemented method for archiving a live media presentation includes archiving the live media presentation as it is being streamed from a live server, wherein the archiving includes recording the live media presentation in fixed-length segments. A segment name is associated with each of the segments, wherein each of the segment names includes a time stamp. The fixed-length segments are stored on a video on-demand (VOD) server. A manifest is generated that describes at least a portion of the live media presentation and identifies a uniform resource locator (URL) to be used by a client device to access a first one of the segments, wherein the URL includes the segment name of the first segment. | 2014-07-03 |
20140189762 | PEER-TO-PEER VIDEO ON DEMAND TECHNIQUES - Techniques for delivering video-on-demand content via peer-to-peer connections are provided. A video-on-demand distribution service maintains associations of viewer devices that have specific video-on-demand content. As new viewer devices, which lack the specific video-on-demand content, make requests for the specific video-on-demand content from the video-on-demand distribution system, the video-on-demand distribution system identifies a peer-to-peer viewer device from which the specific video-on-demand content may be acquired via a peer-to-peer transaction. Video-on-demand content sources are identified by comparing distances between the geographical location of the requestor device and geographical locations of devices of the plurality of viewer devices to a distance threshold. A first portion of a first item of video on demand content is obtained from source viewer device and a second portion of the first item of video on demand content is obtained from the video distribution system. Other embodiments are disclosed. | 2014-07-03 |
20140189763 | SYSTEM AND METHOD FOR HOSTING A PERSONALIZED TELEVISION CHANNEL - According to various exemplary embodiments, systems and methods are described, wherein the system implements a method executable by a host placeshifting device communicating via a network with a client and a backend media server, the method comprising: providing digital media content in the host placeshifting device; determining the presence of the client for receiving the digital media content; providing the client with electronic access to the digital media content via the network and the backend media service; and distributing the digital media content from the host placeshifting device over the network and via the backend server to the client, wherein the digital media is distributed in the form of a personalized television channel produced by the host placeshifting device. | 2014-07-03 |
20140189764 | ENHANCED VIDEO PROGRAMMING SYSTEM AND METHOD UTILIZING USER-PROFILE INFORMATION - Example methods of providing media content via a network are presented. In one example, a user profile and a group profile are accessed. The user profile includes information describing a user of media content, and the group profile includes information describing a group of users of media content. Based on the information of the user profile, the user profile is assigned to the user group, in which the user profile is linked as a child profile to the group profile. Based on the information of the user profile and on the assigning of the user profile to the user group, an item of media content is determined for transmission to a user device of the user. The item of media content is transmitted via the network to the user device. | 2014-07-03 |
20140189765 | SYSTEMS AND METHODS FOR GENERATING CONCATENATED TRANSPORT STREAMS FROM ADAPTIVE MEDIA STREAMS - Embodiments of a method executable by an adaptive stream concatenation server to deliver a concatenated transport stream to a video distribution system are provided, as are embodiments of adaptive stream concatenation servers. In one embodiment, the method includes receiving an adaptive media stream containing television programming in an adaptive packet format at the adaptive stream concatenation server via a digital network. The contents of the adaptive media stream are concatenated by the adaptive stream concatenation server to create a concatenated transport stream containing the television programming in a streaming format different from the adaptive packet format and compatible with the video distribution system. The concatenated transport stream containing the television programming is then transmitted in the streaming format to the video distribution system. | 2014-07-03 |
20140189766 | METHODS AND APPARATUS FOR SEEKING WITHIN RECORDED MEDIA STORED ON A SET-TOP BOX - A method of viewing recorded media in accordance with one embodiment includes receiving a media stream from a remotely located media source over a network, storing the media stream on a media storage device, and generating a condensed media file to store a subset of frames of the media stream. Further, the method includes receiving a seek request associated with a specified time within the media stream, determining a first frame within the subset of frames in the condensed media file that is previous to and closest in time to the specified time, and displaying the first frame. | 2014-07-03 |
20140189767 | COMMUNICATION DEVICE, TELEVISION RECEIVER, COMMUNICATION SYSTEM, METHOD FOR COMMUNICATION SETTING, PROGRAM, AND RECORDING MEDIUM - A monitor includes: an input receiving section for causing a single setting screen to receive an input of respective communication setting values of an STB and a monitor; and a setting section for setting, for each of the STB and the monitor, a corresponding communication setting value of an inputted plurality of communication setting values. | 2014-07-03 |
20140189768 | CONTENT CREATION METHOD AND MEDIA CLOUD SERVER - A method and a media cloud server for creating content are disclosed. The method includes: recording and storing a real-time broadcast content transmitted through a broadcaster system; dividing the stored broadcast content according to a predetermined method and storing the segments; storing metadata including descriptions of the segments; and creating a user content by extracting at least one segments using the metadata and synthesizing the extracted segments in response to a request from a client device. | 2014-07-03 |
20140189769 | INFORMATION MANAGEMENT DEVICE, SERVER, AND CONTROL METHOD - According to one embodiment, an information management device includes a generator, a storage module, a structuring module, a retrieval module, and a result notification module. The generator generates a characteristic quantity of a reproduction content. The storage module stores the generated characteristic quantity. The structuring module generates structure information by dividing a single reproduction content into a plurality of reproduction intervals based on the generated characteristic quantity and by structuring the reproduction content by taking into account a time sequence of the reproduction intervals of the reproduction content that is being reproduced. The reproduction content is structured by the reproduction intervals. The retrieval module retrieves a related content based on the structure information. The result notification module notifies the retrieval result of the related content. | 2014-07-03 |
20140189770 | DIGITAL BROADCASTING SYSTEM AND DATA PROCESSING METHOD - A digital broadcasting system and a method of processing data are disclosed, which are robust to error when mobile service data are transmitted. To this end, additional encoding is performed for the mobile service data, whereby it is possible to strongly cope with fast channel change while giving robustness to the mobile service data. | 2014-07-03 |
20140189771 | ADAPTIVE STREAMING FOR DIGITAL CONTENT DISTRIBUTION - One embodiment of the present invention sets forth a technique for adapting playback bit rate to available delivery bandwidth in a content delivery system comprising a content server and a content player. A content player periodically estimates whether a given playback bit rate can feasibly provide complete playback for a given title assuming currently available bandwidth. If playback becomes unfeasible at a current bit rate assuming currently available bandwidth, then the content player adapts the bit rate downward until a feasible bit rate is achieved. If playback is feasible using a higher bit rate, then the content player may adapt the bit rate upward. | 2014-07-03 |
20140189772 | TRANSMISSION APPARATUS, TRANSMISSION METHOD, AND NETWORK APPARATUS - To increase the efficiency of a cache and delivery resource control of video data streams in a network. | 2014-07-03 |
20140189773 | METHOD AND APPARATUS FOR GENERATING MEDIA CONTENT - A system that incorporates teachings of the present disclosure may include, for example, a storage medium including computer instructions to receive sensory information at a media device from a first mobile communication device where the first mobile communication device obtains at least a portion of the sensory information from at least one second mobile communication device in response to a broadcast by the first mobile communication device of a wireless signal representing a notice to obtain the sensory information, where the sensory information is associated with an environment of the first mobile communication device, and where the sensory information comprises images of the environment. The computer instructions can enable generating a plurality of personal content utilizing at least a portion of the sensory information, where each of the plurality of personal content includes some of the images captured at different perspectives. Other embodiments are disclosed. | 2014-07-03 |
20140189774 | DEVICES AND METHODS FOR MULTICAST - In one embodiment, the method of multicast includes assigning a pilot sequence to each program from among a plurality of programs such that each program has a unique pilot sequence. The method further includes broadcasting the unique pilot sequences for the plurality of programs. | 2014-07-03 |
20140189775 | TECHNIQUES FOR SECURE DEBUGGING AND MONITORING - Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token. | 2014-07-03 |
20140189776 | Real-Time Representation of Security-Relevant System State - A situational model representing of a state of a monitored device is described herein. The situational model is constructed with the security-relevant information in substantially real-time as execution activities of the monitored device associated with the security-relevant information are observed. The represented state may include a current state and a past state of the monitored device. Also, the situational model may be used to validate state information associated events occurring on the monitored device. Further, a remote security service may configure the monitored device, including configuring the situational model, and may build an additional situational model representing a state of a group of monitored devices. | 2014-07-03 |
20140189777 | POLICY-BASED SECURE CONTAINERS FOR MULTIPLE ENTERPRISE APPLICATIONS - Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed. | 2014-07-03 |
20140189778 | WEB APPLICATION CONTAINER FOR CLIENT-LEVEL RUNTIME CONTROL - Technologies for establishing client-level web application runtime control using a computing device include receiving application code for a browser-based application from a web server and generating machine-executable code and an access control map for the application code. The computing device receives application security information associated with the application code from local and/or remote security applications and performs a security assessment of the application code based on the application security information and the access control map. Further, the computing device establishes a runtime security policy for the browser-based application and enforces that policy. | 2014-07-03 |
20140189779 | QUERY SYSTEM AND METHOD TO DETERMINE AUTHENTICATIN CAPABILITIES - A system, apparatus, method, and machine readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client. | 2014-07-03 |
20140189780 | Method and Apparatus for Limiting Digital Content Distribution Inside Defined Real-world Geographic Area(s) - A method for limiting digital content distribution inside defined real-world geographic area(s) is disclosed. In one embodiment, the method is realized by adding additional distribution policy for geographical control to digital content's metadata, requesting the receiver to acquire and provide its current location, checking receiver's current location against the geographic control distribution policy, and distributing the content if the distribution policy is satisfied. | 2014-07-03 |
20140189781 | MOBILE ENTERPRISE SERVER AND CLIENT DEVICE INTERACTION - A system includes an application server that hosts a plurality of enterprise applications and stores enterprise data associated with each of the enterprise applications. A client device executes a client application that can provide access to each of the enterprise applications. The client application includes a memory protection engine that allocates a first memory location for the enterprise data transmitted to the client device so the enterprise data is accessible to each of the plurality of enterprise applications through the client application. A second allocated memory location is allocated for non-enterprise data. A mobile enterprise server transmits the enterprise data to the client device. | 2014-07-03 |
20140189782 | RESOURCE PROTECTION ON UN-TRUSTED DEVICES - Authenticating a user to a first service to allow the user to access a resource provided by the first service. The resource is a protected resource requiring a general purpose credential (e.g. a user name and/or password) to access the resource. The method includes receiving at a second service, from the device, an ad-hoc credential. The ad-hoc credential is a credential that is particular to the device. The ad-hoc credential can be used to authenticate both the user and the device, but cannot be directly used to as authentication at the first service for the user to access the resource. The method further includes, at the second service, substituting the general purpose credential for the ad-hoc credential and forwarding the general purpose credential to the first service. As such the first service can provide the resource to the user at the device. | 2014-07-03 |
20140189783 | POLICY-BASED DEVELOPMENT AND RUNTIME CONTROL OF MOBILE APPLICATIONS - A method, process, and associated systems for policy-based development and runtime control of mobile applications. Security objects that describe or enforce security policies are embedded into the source code of an enhanced application while the application is being developed. When a user attempts to launch the enhanced application on a mobile device, the security objects are updated to match a latest valid version of the objects stored on an enterprise server. The security objects may be further updated at other times. Global security policies, which affect the entire enterprise and which may deny the application permission to launch, are enforced by a global security policy stored within one of the updated security objects. If the application does run, application-specific security policies contained in the updated security objects modify application behavior at runtime in order to enforce application-specific security policies. | 2014-07-03 |
20140189784 | SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS - A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed. | 2014-07-03 |
20140189785 | SOCIAL AND PROXIMITY BASED ACCESS CONTROL FOR MOBILE APPLICATIONS - Methods and systems for proximity-based access control include determining whether a distance from a first mobile device to each of one or more safe mobile devices falls below a threshold distance; determining whether a number of safe mobile devices within the threshold distance exceeds a safe gathering threshold with a processor; and activating a safe gathering policy in accordance with the safe gathering threshold that decreases a security level in the first mobile device. | 2014-07-03 |
20140189786 | SOCIAL AND PROXIMITY BASED ACCESS CONTROL FOR MOBILE APPLICATIONS - Systems for proximity-based access control include a proximity module configured to determine whether a distance from a first mobile device to each of one or more safe mobile devices falls below a threshold distance; a policy engine comprising a processor configured to determine whether a number of safe mobile devices within the threshold distance exceeds a safe gathering threshold; and a security module configured to activate a safe gathering policy in accordance with the safe gathering threshold that decreases a security level in the first mobile device. | 2014-07-03 |
20140189787 | EVALUATION SYSTEMS AND METHODS FOR COORDINATING SOFTWARE AGENTS - A device, method, computer program product, and network subsystem are described for associating a first mobile agent with a first security policy and a second mobile agent with a second security policy or for providing a first agent with code for responding to situational information about the first agent and about a second agent and for evaluating a received message at least in response to an indication of the first security policy and to an indication of the second security policy or for deploying the first agent. | 2014-07-03 |
20140189788 | Security Architecture For A Process Control Platform Executing Applications - A security component within a supervisory process control and manufacturing information system comprising a set of user roles corresponding to different types of users within the information system, a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles, and a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system. The security permissions within the supervisory process control and manufacturing information system are assigned at an object attribute level. | 2014-07-03 |
20140189789 | METHOD AND APPARATUS FOR ENSURING COLLABORATION BETWEEN A NARROWBAND DEVICE AND A BROADBAND DEVICE - A network device is configured to authenticate a collaborative session between at least two communication devices. The network component receives an indication that at least two devices located within a predefined physical range are attempting to collaborate. The network component determines, based on the indication, that the two devices are authentic and that the two devices are attempting to collaborate. Responsive to determining that the two devices are authentic and attempting to collaborate, the network component determines that the two devices are authorized to collaborate and a level on which the two devices are authorized to collaborate. The network component sends an authorization response to at least one of the at least two devices, wherein if the two devices are authorized to collaborate the authorization response includes the level on which the two devices are authorized to collaborate. | 2014-07-03 |
20140189790 | PROVIDING MULTIPLE APN CONNECTIONS SUPPORT IN A BROWSER - At a web browser application installed on a device a first Uniform Resource Locator (URL) is received. The web browser application determines a first Access Point Name (APN) network identifier associated with the first URL and establishes a first data connection based on the first APN network identifier between the device and a network. At the web browser application installed on the device a second URL is received. The web browser application determines a second Access Point Name (APN) network identifier associated with the second URL and establishes a second data connection based on the second APN network identifier between the device and a network. | 2014-07-03 |
20140189791 | SYSTEM AND METHOD FOR IMPLEMENTING PRIVACY CLASSES WITHIN AN AUTHENTICATION FRAMEWORK - A system, apparatus, method, and machine readable medium are described for implementing privacy classes within an authentication framework. For example, one embodiment of a method comprises: transmitting a query for client information from a server to a client, the client information including information related to authentication devices coupled to the client; analyzing the query to determine an appropriate privacy class to be used for providing client information to the server; providing a subset of client information selected based on the determined privacy class, the subset of client information including the information related to the authentication devices coupled to the client; and using the subset of client information within an authentication framework to provide user authentication services over a network. | 2014-07-03 |
20140189792 | METHOD AND SYSTEM FOR ELECTRONIC CONTENT STORAGE AND RETRIEVAL USING GALOIS FIELDS AND INFORMATON ENTROPY ON CLOUD COMPUTING NETWORKS - A method and system for electronic content storage and retrieval using Galois Fields and information entropy on cloud computing networks. Electronic content is divided into plural portions and stored in plural cloud storage objects based on determined information entropy of the electronic content thereby reducing location guessing of the electronic content using information gain and mutual information. Storage locations for the plural cloud storage objects are selected using a Galois field. The plural cloud storage objects are distributed across the cloud network. The Galois filed and information entropy providing various levels of security and privacy for the electronic content. | 2014-07-03 |
20140189793 | VIRTUAL FILE SYSTEM FOR INTERWORKING BETWEEN CONTENT SERVER AND INFORMATION-CENTRIC NETWORK SERVER AND OPERATING METHOD THEREOF - Disclosed is a virtual file system for interworking between a content server and an information-centric network server, the system including: a file system function processing unit configured to process a file operation for a predetermined content requested from a plurality of content service protocols; a cache control unit configured to process the content requested through the file operation by managing a cache in a node; and a protocol matching unit configured to process the content requested through the file operation by interfacing with a plurality of content transfer protocols. | 2014-07-03 |
20140189794 | SYSTEM AND METHOD FOR UTILIZING AND REPLACING ANONYMOUS RECOGNITION CARDS - A system and method for utilizing and replacing an anonymous recognition substrates, which can be anonymous recognition cards, codes, emitters, tags, or any combination. The invention permits replacing and utilizing of anonymous recognition substrates at anonymous web-based program and/or at an anonymous interactive display terminals. Whereby the anonymous substrate holder may create an anonymous account on a web-based program and/or at an interactive display terminal using the anonymous substrate's anonymous code. The user may securely request a new anonymous substrate from the web-based program and/or at the interactive display terminal. The web-based program provider and/or the interactive display terminal provider can anonymously message and track the anonymous account holder and/or anonymous substrate holder. | 2014-07-03 |
20140189795 | Method and Apparatus for Conducting Service by Service Delivery Platform - A method for conducting a service by a service delivery platform (SDP) and an SDP are provided. By means of the method for opening a service capability by a provided SDP, the time required for introduction of a new capability to the SDP can be reduced, being advantageous in implementation of rapid launching of a new service. | 2014-07-03 |
20140189796 | GROUP DEFINITION MANAGEMENT SYSTEM - A group definition management system can easily acquire correspondence between an internal ID and an external ID and easily reflect information of a group definition for the internal ID to an external site. In a typical embodiment of the present invention, this is configured of an internal server | 2014-07-03 |
20140189797 | AUTHORIZATION MESSAGING WITH INTEGRAL DELEGATION DATA - A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, includes receiving a delegation message from the first server computer system to initiate authorization of the access by the client application, issuing an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data indicative of the user, the client application, the resource, and a timestamp, respectively, receiving a redemption message from the second server computing system comprising the authorization data package, conducting an analysis of the authorization data package, and sending an access token to the second server computing system based on the analysis. | 2014-07-03 |
20140189798 | 3D Bot Detection - In one embodiment, a computer method of verifying an operator is human includes automatically selecting a pattern and dividing the pattern into a plurality of textures. The method further includes projecting each texture onto a different respective displayed element in a 3D experience. The method additionally includes randomizing a position and/or an orientation of at least one displayed element of the different respective display elements in the 3D experience. The method also includes receiving operator manipulations of the randomized elements to solve for the pattern and make the pattern appear/reappear. The method further includes granting access to the operator if the pattern is made to appear/reappear. Access is granted upon determining that the operator has made the pattern is appear/reappear, and access is denied if the operator fails to make the pattern appear/reappear. | 2014-07-03 |
20140189799 | MULTI-FACTOR AUTHORIZATION FOR AUTHORIZING A THIRD-PARTY APPLICATION TO USE A RESOURCE - Enhanced security for limited access through multi-factor authorization to cloud computing resources. The enhanced security is obtained by utilizing a personal security device to perform certain security operations as part of an authorization protocol such that an authorization grant is confirmed using two independent factors such as evidence of knowledge of a secret plus possession of a personal security device. The personal security device may also store an access token and perform cryptographic operations evidencing possession of the access token. Other systems and methods are disclosed. | 2014-07-03 |
20140189800 | Electronic Rendezvous-Based Two Stage Access Control for Private Networks - A method for providing access to a private network resource comprises receiving an indication from an electronic rendezvous service that a client application has passed a first set of authentication and authorization processes. A request to access the private network resource is received from the client application. The client application is allowed to attempt to perform a second set of authentication and authorization processes based at least in part on receiving the indication from the electronic rendezvous service that the client application has passed the first set of authentication and authorization processes. The second set of authentication and authorization processes are performed, and the client application is allowed to access the private network resource based at least in part on a determination that the client application has passed the first and the second sets of authentication and authorization processes. | 2014-07-03 |
20140189801 | Method and System for Providing Limited Usage of an Electronic Device - An electronic device ( | 2014-07-03 |
20140189802 | METHOD AND APPARATUS FOR LOCATION-BASED AUTHORIZATION TO ACCESS ONLINE USER GROUPS - An approach is provided for determining a request from a user for an access to at least one user group. The at least one user group is associated with at least one reference location. Consequently, the point of interest platform determines location information associated with the user and/or the device associated with the user. Subsequently, the point of interest platform causes, at least in part, a granting of the access to the user group if the location information indicates that the user and/or the device associated with the user is within a predetermined proximity of the reference location. | 2014-07-03 |
20140189803 | SELECTING IMAGE OR VIDEO FILES FOR CLOUD STORAGE - A method, apparatus, and computer program product, responsive to receiving a data from a computing device connected to the computer in a cloud computing system or data center, identifies a criteria associated with the computing device, responsive to identifying the criteria, determines whether the data is authorized for transmission to a storage in the cloud computing system or data center, and responsive to determining that the data is authorized for transmission to the storage, forwards the data to the storage. | 2014-07-03 |
20140189804 | LOCATION-BASED APPLICATION SECURITY MECHANISM - The present disclosure describes methods, systems, and computer program products for providing a location-based application content security mechanism to a web portal. One computer-implemented method includes receiving a request for portal content from a client device, determining that the requested portal content has an established geo-location permission, requesting a client geo-location from the requesting client device, receiving the client geo-location from the requesting client device, determining, by operation of a computer, that the received client geo-location is within a required geo-location threshold associated with at least one geo-location data point associated with the established geo-location permission, and serving the portal content to the requesting client device. | 2014-07-03 |
20140189805 | REVERSE AUTHORIZED SYN COOKIE - Techniques for providing a service to registered users over a network such as the internet are disclosed. The techniques can be used to hide the service from unregistered entities. Further, the techniques can thwart certain types of so-called denial-of-service attacks. | 2014-07-03 |
20140189806 | Wireless Network Linking System and Method of Obtaining Access Right of Network Thereof - A wireless network linking system and a method of obtaining access right of network thereof The method includes following steps: sending a wireless access signal by a client with wireless network access function; receiving the wireless access signal and deciding the location of the client according to a signal strength of the wireless access signal by a server; and providing a wireless access point service to the client by the server, thereby providing the client the permission of accessing network resources if the location of the client is corresponding to a specific region. | 2014-07-03 |
20140189807 | METHODS, SYSTEMS AND APPARATUS TO FACILITATE CLIENT-BASED AUTHENTICATION - Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider. | 2014-07-03 |
20140189808 | MULTI-FACTOR AUTHENTICATION AND COMPREHENSIVE LOGIN SYSTEM FOR CLIENT-SERVER NETWORKS - Embodiments are directed to a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context information related to at least one of the user, the request, and the client computer, and determining a disposition of the request based on the reply and the one or more items of context information. The reply includes a user password and may be provided by an authorizing client device coupled to the client computer over a wireless communications link. | 2014-07-03 |
20140189809 | METHOD AND APPARATUS FOR SERVER-SIDE AUTHENTICATION AND AUTHORIZATION FOR MOBILE CLIENTS WITHOUT CLIENT-SIDE APPLICATION MODIFICATION - A method (and structure) for enforcing authentication and authorization includes making a resource access request, by a client application being executed by a processor on a digital device, to invoke authentication and authorization services to evaluate the resource access request by the client application. A security application on the digital device is activated and executed, the security application being separate from the client application, the security application including instructions for processing a challenge-response protocol for the resource access request. The client application communicates outside the digital device using a primary communication channel and the security application uses a secondary communication channel that is out-of-band from the primary communication channel. | 2014-07-03 |
20140189810 | NETWORK SECURITY AS A SERVICE USING VIRTUAL SECURE CHANNELS - Disclosed are methods, devices, and systems to provide an end-to-end secure transaction over a network. In one embodiment, a machine-implemented method comprises opening an in-band channel or an out-of-band channel over the network; authenticating, through the control plane of a switch managing the network, a user of a resource over the in-band channel or the out-of-band channel; authorizing the user, through the control plane, access to the resource over the in-band channel or the out-of-band channel; and accounting for a transaction conducted by the user accessing the resource, through the control plane, over the in-band channel or the out-of-band channel. In another embodiment, a switch to manage the network and to implement the method described herein is disclosed. | 2014-07-03 |
20140189811 | SECURITY ENCLAVE DEVICE TO EXTEND A VIRTUAL SECURE PROCESSING ENVIRONMENT TO A CLIENT DEVICE - Disclosed are methods and devices to provide a transaction over a network. In one embodiment, a machine-implemented method includes: opening, through an enclave device, an in-band channel or an out-of-band channel over the network; authenticating, through the enclave device, a user of a resource over the in-band channel or the out-of-band channel; facilitating, through the enclave device, an authorization of the user to access the resource over the in-band channel or the out-of-band channel; and accounting for a transaction conducted by the user accessing the resource, through the enclave device, over the in-band channel or the out-of-band channel. | 2014-07-03 |
20140189812 | Privileged Activity Monitoring Through Privileged User Password Management and Log Management Systems - A system and method is provided for allowing seamless auditing compliance and investigations of privileged account access and activities. Account access information and privileged activity information may be stored in a central data repository. The central data repository may be queried to determine who was granted access to a privileged account, the timeframe that the access was granted, and/or what actions were performed by the user who was granted access. | 2014-07-03 |
20140189813 | METHODS AND APPARATUS FOR TRANSACTING WITH MULTIPLE DOMAINS BASED ON A CREDENTIAL - In one embodiment, a method includes receiving from a credential a credential-owner authentication information associated with an identity of an individual. A issuer validation information associated with an issuer of the credential is also received. The method also includes providing a plurality of options, including a first option associated with a first domain and a second option associated with a second domain mutually exclusive from the first domain. The method also includes sending to a portion of the first domain the credential-owner authentication information and the issuer validation information in response to the first option being selected. | 2014-07-03 |
20140189814 | METHOD FOR VEHICLE COMMUNICATION, INTERFACE MODULE, VEHICLE DIAGNOSIS INTERFACE, USER COMMUNICATION TERMINAL, DATA NETWORK SYSTEM AND DIAGNOSIS AND CONTROL NETWORK - The invention relates to a method for vehicle communication, particularly using a vehicle-implemented vehicle diagnosis system ( | 2014-07-03 |
20140189815 | INFORMATION INPUT DEVICE, INFORMATION OUTPUT DEVICE, INFORMATION PROCESSING SYSTEM, AND COMPUTER-READABLE RECORDING MEDIUM - The present invention is concerning to an information processing system includes an information input device and an information output device. The information input device includes a communication module that establishes communication with one or more information output devices, an information acquiring module that acquires device information of the respective information output devices including an identification code used only for identifying the information output device and makes a storage module store therein the device information, an input receiving module that receives an entry of an identification code, and a device specifying module that searches the device information acquired from the respective information output devices to specify the information output device to which the information is to be transmitted based on the identification code received and gives instructions to the communication module to transmit the information using the device information of the information output device specified. | 2014-07-03 |
20140189816 | EXTENDING SERVER-BASED DESKTOP VIRTUAL MACHINE ARCHITECTURE TO CLIENT MACHINES - A server-based desktop-virtual machines architecture may be extended to a client machine. In one embodiment, a user desktop is remotely accessed from a client system. The remote desktop is generated by a first virtual machine running on a server system, which may comprise one or more server computers. During execution of the first virtual machine, writes to a corresponding virtual disk are directed to a delta disk file or redo log. A copy of the virtual disk is created on the client system. When a user decides to “check out” his or her desktop, the first virtual machine is terminated (if it is running) and a copy of the delta disk is created on the client system. Once the delta disk is present on the client system, a second virtual machine can be started on the client system using the virtual disk and delta disk to provide local access to the user's desktop at the client system. This allows the user to then access his or her desktop without being connected to a network. | 2014-07-03 |
20140189817 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING MEDIA MANAGEMENT - Providing media management services includes creating an account record for a first user of the media management services, allocating a first storage space to the first user that is accessible to the first user via user credentials assigned to the first user, creating an account record for a second user of the media management services, and allocating a second storage space to the second user that is accessible to the second user via user credentials assigned to the second user. The media management services also include sharing the second storage space with the first user based on a device identifier of a media recording device that is common to both the first account record and the second account record. | 2014-07-03 |
20140189818 | EMAIL EFFECTIVITY FACILTY IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT - In embodiments of the present invention improved capabilities are described for managing access to a secure exchange environment managed by an intermediate business entity through a user email identity, the method comprising establishing a secure exchange server hosted by an intermediate business entity, wherein communications and access to a collection of files established by a first business entity are managed for a second business entity; and establishing an email effectivity facility that allows a user of the first business entity to specify a condition for email-based access to at least one resource in the collection of files, wherein the condition expresses (a) an effective period for using an email providing access to the resource and (b) a condition of email access to the resource by a designated individual of the second business entity, wherein the access permission was assigned using a specific email address of the designated individual. | 2014-07-03 |
20140189819 | 3D Cloud Lock - In embodiments, a method of securing access to a computer memory and other computer resources includes authoring a 3D projection of data by a registering user customizing elements in the 3D projection, resulting in a registered 3D projection. The method further includes presenting to a requesting user a representation of the elements of the 3D projection in a randomized fashion. The method additionally includes receiving, from the requesting user, manipulations of the presented elements of the 3D projection toward undoing or solving the randomization. The method includes determining whether the manipulated elements of the 3D projection match the customized elements of the registered 3D projection. Then, the method includes granting, to the registered user, access to the computer memory if the manipulated elements of the 3D projection match the customized elements of the registered 3D projection. The granting may be based on the determination of whether the manipulated elements of the 3D projection match the customized elements of the registered 3D projection in the positive. | 2014-07-03 |
20140189820 | Safe auto-login links in notification emails - A web application user is authenticated directly upon selecting a link in a notification email. In this approach, the user's web browser stores a first data string provided by the web application (e.g., in a cookie) during a prior session. The first data string encodes first data about the user that can be verified by the application. Later, the user receives the notification email that includes the link. The link encodes a second data string from which second data about the user can be verified by the application. When the end user selects the link, an authentication request is transmitted to the application. The authentication request includes both the first and second data strings. If both the first data and the second data (as obtained from their respective data strings) can be verified, the user is authenticated without having to perform any additional steps (e.g., manual entry of credentials). | 2014-07-03 |
20140189821 | ACCESSORY INTERFACE SYSTEM - The accessory is capable of connecting to a host device, which is physically separated from the accessory. The accessory includes a first communication module and a contactless module. The first communication module is used to wirelessly coupled to the host device, and receive a first credential from the host device. The contactless module is coupled to the first communication module. The contactless module includes a controller, a first security element, an antenna, and a storage unit. The controller receives the credential from the first communication module. The first security element is coupled to the controller for receiving and storing the first credential. The antenna is coupled to the controller to wirelessly communicate with a first reader for a first application by using the stored first credential. The storage unit stores at least one first transaction record generated during the first application is operating. | 2014-07-03 |
20140189822 | NON-INTRUSIVE BACKGROUND SYNCHRONIZATION WHEN AUTHENTICATION IS REQUIRED - A non-modal notification user interface element is displayed persistently but unobtrusively such that a user may easily determine that authentication credentials are required by a background synchronization process. The non-modal notification is configured such that it may be ignored by the user such that their workflow is not interrupted. The background synchronization continues to synchronize the data it can even though the background synchronization may require authentication credentials for a subset of the data to be synchronized. The user may select the non-modal notification user interface element at any point in time in order to supply the required authentication credentials. The non-modal notification is removed from the display when there are no further authentication credentials required. | 2014-07-03 |
20140189823 | Pass-Thru for Client Authentication - This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server. | 2014-07-03 |
20140189824 | COMMUNICATION SYSTEM, COMMUNICATION APPARATUS AND METHOD FOR SETTING COMMUNICATION PARAMETERS OF THE APPARATUS - A wireless terminal which newly joins a wireless communication system transmits a message containing its identification data to an access point in the wireless communication system at a communication parameter setting start. Upon receiving the message, the access point determines whether or not the wireless terminal has been registered. If it is determined that the wireless terminal has not been registered, the access point determines whether or not the wireless terminal is a setting target device of communication parameters based on the identification data contained in the message. If it is determined that the wireless terminal is a setting target device, the access point sets communication parameters for the wireless terminal. | 2014-07-03 |
20140189825 | Multi Mode Operation Using User Interface Lock - A system and a method are disclosed for a computer implemented method to unlock a mobile computing device and access applications (including services) on a mobile computing device through a launcher. The configuration includes mapping one or more applications with a guest access code. The configuration receives, through a display screen of a mobile computing device, an access code, and determines whether the received access code corresponds with the guest access code. The configuration identifies the mapped applications corresponding to the guest access code and provides for display, on a screen of the mobile computing device, the identified applications. | 2014-07-03 |
20140189826 | TECHNIQUES FOR DYNAMIC GENERATION AND MANAGEMENT OF PASSWORD DICTIONARIES - Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable. | 2014-07-03 |
20140189827 | SYSTEM AND METHOD FOR SCOPING A USER IDENTITY ASSERTION TO COLLABORATIVE DEVICES - A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion. | 2014-07-03 |
20140189828 | SYSTEM AND METHOD FOR PROCESSING RANDOM CHALLENGES WITHIN AN AUTHENTICATION FRAMEWORK - A system, apparatus, method, and machine readable medium are described for transparently requesting a new random challenge from a server within an authentication framework. For example, one embodiment of a method comprises: transmitting a random challenge and an indication of a timeout period associated with the random challenge from a server to a client within the context of a network registration or authentication process using authentication devices communicatively coupled to the client; automatically detecting that the random challenge is no longer valid based on the timeout period; and responsively transmitting a request for a new random challenge from the client to a server, wherein transmitting is performed transparently to a user of the client. | 2014-07-03 |
20140189829 | ADAPTIVE SECONDARY AUTHENTICATION CRITERIA BASED ON ACCOUNT DATA - An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices. | 2014-07-03 |
20140189830 | Multi-Component Signature Generation - A method, system, and computer program product for multi-component signature generation are provided in the illustrative embodiments. A set of original signature components is received comprising original signature components of different types. A subset of original signature components from the set of original signature components is modified to create a set of modified signature components. Members of a subset of the set of modified signature components are arranged in a modified order. The modified order is different from an original order in which original signature components corresponding to the members of the subset of the set of modified signature components appear in the set of original signature components. The multi-component signature is generated in response to the arranging. | 2014-07-03 |
20140189831 | TIME-BASED AUTHENTICATION - Time-based authentication apparatus deploys a seed record to user equipment such as a mobile telephone pre-equipped with an app. When a user initiates login access to a protected product or service, using a computing device, they run the app on their mobile equipment which delivers an output such as a QR code (or other local communication such as NFC) containing two time-based codes. The login process on the computing device accepts the output and sends the time-based codes to the authentication apparatus, either together or the second code on request. The authentication apparatus now locates the codes and automatically resynchronises to any time zone across the world plus 1 hour of clock drift (+/−13 hours UTC). | 2014-07-03 |
20140189832 | Transcoding Content Based on Verification of Ownership of the Content - A computer-implemented method includes generating data indicative of one or more times in which to sample content of a first resource and content of a second resource; receiving, from a client device, content of the first resource sampled at the one or more times; comparing the sampled content from the first resource to content sampled from the second resource at the one or more times; determining, based on comparing, that the first resource includes a same resource as the second resource; verifying, based on determining, ownership of the second resource; generating, based on a verifying, a user key specifying ownership of the second resource; and transmitting the user key to the client device. | 2014-07-03 |
20140189833 | INFORMATION PROCESSING APPARATUS CAPABLE OF AUTHENTICATION PROCESSING WITH IMPROVED USER CONVENIENCE, CONTROL PROGRAM FOR INFORMATION PROCESSING APPARATUS, AND RECORDING MEDIUM HAVING CONTROL PROGRAM FOR INFORMATION PROCESSING APPARATUS RECORDED THEREON - An information processing apparatus determines whether a device accesses a box region of the information processing apparatus. When it is determined that the box region is accessed, a box ID entry screen is displayed on the device. The information processing apparatus determines whether a box ID is entered by a user of the device. If it is determined that a box ID is entered, then device information about the device is obtained. After the device information is obtained, the information processing apparatus determines whether the device possesses a hardware keyboard. If it is determined that the device possesses a hardware keyboard, a password authentication screen is displayed on the device. If it is determined that the device does not possess a hardware keyboard, an image authentication screen is displayed on the device. | 2014-07-03 |
20140189834 | METHOD AND APPARATUS FOR SINGLE SIGN-ON COLLABORATON AMONG MOBILE DEVICES - An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices. | 2014-07-03 |
20140189835 | SYSTEMS AND METHODS FOR EFFICIENT AUTHENTICATION OF USERS - Systems and methods for efficient user authentication in a client-server system using a tiered, risk-based approach including a no-risk tier are provided. When a user requests access to the system for a no-risk feature, the user is registered without an additional authentication test. When the user later requests a higher risk transaction, the user is provided with the appropriate third-party additional authentication test based upon the risk level and applicable vendor profile. During no-risk access to the system, user data is collected that may be used with the additional authentication test at the appropriate time. | 2014-07-03 |
20140189836 | SYSTEM FOR CONTROLLING ACCESS TO AN ACCOUNT - An account management server, a communication device and a service device are provided for managing access to an account. The account management server, for example, includes, but is not limited to, a storage device configured to store identifying information for each of a plurality of service devices and configured to store an account associated with each of the plurality of service devices, and a processor communicatively coupled to the storage device, wherein the processor is configured to: receive identifying information from a communication device; identify at least one service device whose stored identifying information matches the received identifying information; and grant management access to the account associated with the identified at least one service device to the communication device | 2014-07-03 |
20140189837 | METHOD TO ENHANCE HIGH AVAILABILITY IN A SECURE TELECOMMUNICATIONS NETWORK, AND TELECOMMUNICATIONS NETWORK COMPRISING A PLURALITY OF REMOTE NODES - A method for enhancing high availability in a secure telecommunications network includes: switching from a first operational mode to a second operational mode based on an exchange of at least a first message and a second message between at least one specific remote node of the plurality of remote nodes and one or a plurality of further network nodes using Dynamic Host Configuration Protocol (DHCP). The first message includes a request from the at least one specific remote node of the plurality of remote nodes and the second message includes an answer to the first message by a network management node. The second message includes a one-time password. | 2014-07-03 |
20140189838 | Access method,and system and mobile intelligent access point - An access method is disclosed. The method includes: a mobile intelligent access point accesses a network through at least two wireless technologies; a User Equipment (UE) establishes a connection with the mobile intelligent access point; and the UE acquires access authentication from the network through the mobile intelligent access point. An access system and a mobile intelligent access point are further disclosed. With the disclosure, network authentication can be implemented to facilitate an operator to control the number of access users and to guarantee the network of the operator. Furthermore, a broadband mobile network is taken as a backhaul network, so as to reduce the reliability on a fixed network and improve the utilization of the broadband mobile network. | 2014-07-03 |
20140189839 | SINGLE SIGN-ON METHODS AND APPARATUS THEREFOR - Embodiments of the invention employ a KUSO (Kerio Unity Sign On) server to work with different web services (which offer online service via to users via user accounts) to offer single sign-on capability to different services. With the use of the KUSO server, a user only has to authenticate with one of the web services in order to have authenticated access to all web services. After the first successful authentication at one of the web services, the web server that successfully authenticates the user communicates the successful authentication with the KUSO server using a special channel and a special token. Subsequently authentication verification is performed transparently by the KUSO server if the user wishes to access any of the other web services. Safeguards for various edge conditions during sign-on and sign-offs are provided to improve security. | 2014-07-03 |
20140189840 | METHOD AND APPARATUS FOR SINGLE SIGN-ON COLLABORATION AMONG MOBILE DEVICES - A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices. | 2014-07-03 |
20140189841 | APPARATUS FOR AND METHOD OF MULTI-FACTOR AUTHENTICATION AMONG COLLABORATING COMMUNICATION DEVICES - Multi-factor authentication is enabled across a plurality of communication devices. A user performs authentication by using a first authentication factor on a first of the communication devices, and by using a second authentication factor on a second of the communication devices. A collaboration credential is shared among the devices to enable the devices to collaborate with each other. Both of the authentication factors are bound together. A multi-factor identification token is issued to each device, to support multi-factor authentication for the user across the devices. | 2014-07-03 |
20140189842 | METHOD FOR DEFENDING AGAINST SESSION HIJACKING ATTACKS AND FIREWALL - The present disclosure provides a method for defending against session hijacking attacks, including: receiving a first access request transmitted from a legal client side and transmitting the first access request to a server; receiving a first response comprising a first authentication token returned from the server; generating a first sequence value according to a network address of the legal client side and an identification code of the legal client side, and recombining the first authentication token and the first sequence value to form a second authentication token; and replacing the first authentication token in the first response with the second authentication token, and transmitting the first response comprising the second authentication token to the legal client side. | 2014-07-03 |
20140189843 | AUTOMATIC CONFIGURATION OF AN ENDPOINT - A method for automatically configuring at least one mobile device associated with a user, via a client software application stored on said mobile device using a token generated by a provisioning server and a hashed username with a publicly available redirect server. | 2014-07-03 |
20140189844 | METHOD AND APPARATUS FOR SEARCHING METADATA - Methods and apparatuses for searching metadata are described herein. In one embodiment, an example of a process for search metadata includes, hut is not limited to, in response to a search query for metadata stored in one or more of metadata stores, the search query is partitioned into multiple search query segments. Thereafter, searches corresponding to the search query segments are performed, where each search is performed independently within the one or more metadata stores. Other methods and apparatuses are also described. | 2014-07-03 |
20140189845 | AUTHENTICATION OF APPLICATIONS THAT ACCESS WEB SERVICES - Systems and methods for authenticating applications that access web services. In one embodiment, a web service gateway intercepts a request for a web service from an application, and determines if the application is authorized by a service provider based on information provided in the web service request. If the application is authorized, then the web service gateway identifies a profile for an end user that initiated the web service using the application, and determines if the web service is allowed for the end user based on the profile. If the web service is allowed for the end user, then the web service gateway determines that the application is authenticated, converts the web service request to a protocol used by a server that provides the web service, and transmits the web service request to the server. | 2014-07-03 |