34th week of 2012 patent applcation highlights part 58 |
Patent application number | Title | Published |
20120216194 | HYPERVISOR APPLICATION OF SERVICE TAGS IN A VIRTUAL NETWORKING ENVIRONMENT - A physical host executes a virtual machine monitor (VMM) in communication with a plurality of consumer virtual machines (VMs). In response to receipt of a packet, the VMM determines whether a service is to be performed for the packet by a service virtual machine (VM) in communication with the VMM. In response to determining that the service is to be performed for the packet by the service VM, the VMM applies a tag to the packet that differentiates the packet from any other packet sharing a common address with the packet but having a different associated consumer, passes the packet to the service VM for performance of the service, and thereafter removes the tag from the packet in response to receipt of the packet from the service VM following performance of the service. In response to receipt of the packet from the service VM, the VMM forwards the packet. | 2012-08-23 |
20120216195 | DIAGNOSE INSTRUCTION FOR SERIALIZING PROCESSING - A system serialization capability is provided to facilitate processing in those environments that allow multiple processors to update the same resources. The system serialization capability is used to facilitate processing in a multi-processing environment in which guests and hosts use locks to provide serialization. The system serialization capability includes a diagnose instruction which is issued after the host acquires a lock, eliminating the need for the guest to acquire the lock. | 2012-08-23 |
20120216196 | Administration Of Virtual Machine Affinity In A Data Center - Administration of virtual machine affinity in a data center, where the data center includes a plurality of virtual machines (VMs), each VM being a module of automated computing machinery installed upon a computer in the data center and characterized by a Universally Unique Identifier (UUID), at least two of the VMs having an affinity requirement to be installed on separate computers, the data center further including a data center administration server operably coupled to the VMs, including communicating, by at least one of the VMs having an affinity requirement to the data center administration server, the UUIDs of the VMs having an affinity requirement; and moving by the data center administration server the VMs having an affinity requirement to separate computers in the data center. | 2012-08-23 |
20120216197 | VIRTUALIZING THE EXECUTION OF HOMOGENEOUS PARALLEL SYSTEMS ON HETEROGENEOUS MULTIPROCESSOR PLATFORMS - An embodiment of the invention is a virtual machine monitor that is executable by computer processor. The virtual machine monitor runs a virtual processor. When the virtual processor encounters a faulting instruction the virtual processor is unmapped from the physical processor, and generates a list of other physical processors that could execute the instruction. The virtual machine monitor determines if one of the other of the physical processors in the list is currently idle, and when one of the other of the physical processors in the list is determined to be currently idle, the virtual processor is mapped to a second physical processor, which is the one of the other of the physical processors in the list that was determined to be currently idle. | 2012-08-23 |
20120216198 | INTERPRETING I/O OPERATION REQUESTS FROM PAGEABLE GUESTS WITHOUT HOST INTERVENTION - Input/output (I/O) operation requests from pageable storage mode guests are interpreted without host intervention. In a pageable mode virtual environment, requests issued by pageable storage mode guests are processed by one or more processors of the environment absent intervention from one or more hosts of the environment. Processing of the requests includes manipulating, by at least one processor on behalf of the guests, buffer state information stored in host storage. The manipulating is performed via instructions initiated by the guests and processed by one or more of the processors. | 2012-08-23 |
20120216199 | PROVIDING A VIRTUAL MACHINE - A software element database stores software element definitions according to a software element hierarchy. A score is assigned to at least one of the software element based at least in part upon the software element's hierarchy level. Further, virtual machine templates are stored in a library. The virtual machine templates include at least one software element associated with a software element from the software element database. A user enters a specification that specifies desired software elements to be included in the virtual machine via a user interface. After the specification is entered, the a score value is calculated for at least one virtual machine template from the library, based on the scores assigned to the software elements. Using the calculated score, the virtual machine template having the highest score value is selected and the selected virtual machine template is delivered as the virtual machine to a hypervisor. | 2012-08-23 |
20120216200 | DYNAMIC POWER AND TEMPERATURE CAPPING THROUGH TELEMETRY DATA ANALYSIS - The disclosed embodiments provide a system that analyzes telemetry data from a computer system. During operation, the system obtains the telemetry data as a set of telemetric signals using a set of sensors in the computer system. Next, the system analyzes the telemetry data to estimate a value of a parameter associated with the computer system, wherein the parameter is at least one of a power utilization and a temperature. Finally, the system controls a subsequent value of the parameter by modulating a virtual duty cycle of a processor in the computer system based on the estimated value. | 2012-08-23 |
20120216201 | STATE MANAGEMENT OF OPERATING SYSTEM AND APPLICATIONS - A method and a processing device may be provided for state management of an operating system and applications. A framework may be provided for separating behaviorless state information from code or instructions for executing a method. Applications may have instances of state information derived from, or completely different from, instances of state information of an operating system. Instances of state information for an application may be layered over corresponding instances of state information of the operating system, such that the application and the operating system may have different views of the instances of the state information. At least one policy may be defined, which may include rules for resolving conflicts, information for providing a merged view of data from multiple repositories, default values for instances of data, as well as other information. In various implementations, referential integrity of state information may be guaranteed. | 2012-08-23 |
20120216202 | Restarting Data Processing Systems - Techniques are disclosed that include a computer-implemented method including transmitting a message in response to a predetermined event through a process stage including at least first and second processes being executed as one or more tasks, the message instructing the abortion of the executing of the one or more tasks, and initiating abortion of execution of the one or more tasks by the one or more of the processes on receiving the messages. | 2012-08-23 |
20120216203 | HOLISTIC TASK SCHEDULING FOR DISTRIBUTED COMPUTING - Embodiments of the present invention provide a method, system and computer program product for holistic task scheduling in a distributed computing environment. In an embodiment of the invention, a method for holistic task scheduling in a distributed computing environment is provided. The method includes selecting a first task for a first job and a second task for a different, second job, both jobs being scheduled for processing within a node a distributed computing environment by a task scheduler executing in memory by at least one processor of a computer. | 2012-08-23 |
20120216204 | CREATING A THREAD OF EXECUTION IN A COMPUTER PROCESSOR - Creating a thread of execution in a computer processor, including copying, by a hardware processor opcode called by a user-level process, with no operating system involvement, register contents from a parent hardware thread to a child hardware thread, the child hardware thread being in a wait state, and changing, by the hardware processor opcode, the child hardware thread from the wait state to an ephemeral run state. | 2012-08-23 |
20120216205 | ENERGY-AWARE JOB SCHEDULING FOR CLUSTER ENVIRONMENTS - A job scheduler can select a processor core operating frequency for a node in a cluster to perform a job based on energy usage and performance data. After a job request is received, an energy aware job scheduler accesses data that specifies energy usage and job performance metrics that correspond to the requested job and a plurality of processor core operating frequencies. A first of the plurality of processor core operating frequencies is selected that satisfies an energy usage criterion for performing the job based, at least in part, on the data that specifies energy usage and job performance metrics that correspond to the job. The job is assigned to be performed by a node in the cluster at the selected first of the plurality of processor core operating frequencies. | 2012-08-23 |
20120216206 | METHODS AND SYSTEMS FOR MANAGING DATA - Systems and methods for managing data, such as metadata or index databases. In one exemplary method, a notification that an existing file has been modified or that a new file has been created is received by an indexing software component, which then, in response to the notification performs an indexing operation, where the notification is either not based solely on time or user input or the notification includes an identifier that identifies the file. Other methods in data processing systems and machine readable media are also described. | 2012-08-23 |
20120216207 | DYNAMIC TECHNIQUES FOR OPTIMIZING SOFT REAL-TIME TASK PERFORMANCE IN VIRTUAL MACHINE - Methods to dynamically improve soft real-time task performance in virtualized computing environments under the management of an enhanced hypervisor comprising a credit scheduler. The enhanced hypervisor analyzes the on-going performance of the domains of interest and of the virtualized data-processing system. Based on the performance metrics disclosed herein, some of the governing parameters of the credit scheduler are adjusted. Adjustments are typically performed cyclically, wherein the performance metrics of an execution cycle are analyzed and adjustments may be applied in a later execution cycle. In alternative embodiments, some of the analysis and tuning functions are in a separate application that resides outside the hypervisor. The performance metrics disclosed herein include: a “total-time” metric; a “timeslice” metric; a number of “latency” metrics; and a “count” metric. In contrast to prior art, the present invention enables on-going monitoring of a virtualized data-processing system accompanied by dynamic adjustments based on objective metrics. | 2012-08-23 |
20120216208 | In-Car-Use Multi-Application Execution Device - An in-car-use multi-application execution device is provided that ensures safety while maintaining convenience by securing operation of a plurality of applications and suppressing occurrence of a termination process within a limited processing capacity without degrading a real-time feature. The in-car-use multi-application execution device dynamically predicts a processing time for each application, and schedules each application on the basis of the predicted processing time. If it is determined that an application failing to complete a process in a prescribed cycle exists as a result of the scheduling, a process is executed that terminates the application or degrades the function of the application on the basis of a preset priority order. | 2012-08-23 |
20120216209 | VISUALIZATION-CENTRIC PERFORMANCE-BASED VOLUME ALLOCATION - A method, system, and computer program product for visualization-centric performance-based volume allocation in a data storage system using a processor in communication with a memory device is provided. A unified resource graph representative of a global hierarchy of storage components in the data storage system, including each of a plurality of storage controllers, is generated. The unified resource graph includes a common root node and a plurality of subtree nodes corresponding to each of a plurality of nodes internal to the plurality of storage controllers. The common root node and the plurality of subtree nodes are ordered in a top-down orientation. Scalable volume provisioning of an existing or new workload amount by graphical manipulation of at least one of the storage components represented by the unified resource graph is performed based on an input. | 2012-08-23 |
20120216210 | PROCESSOR WITH RESOURCE USAGE COUNTERS FOR PER-THREAD ACCOUNTING - Processor time accounting is enhanced by per-thread internal resource usage counter circuits that account for usage of processor core resources to the threads that use them. Relative resource use can be determined by detecting events such as instruction dispatches for multiple threads active within the processor, which may include idle threads that are still occupying processor resources. The values of the resource usage counters are used periodically to determine relative usage of the processor core by the multiple threads. If all of the events are for a single thread during a given period, the processor time is allocated to the single thread. If no events occur in the given period, then the processor time can be equally allocated among threads. If multiple threads are generating events, a fractional resource usage can be determined for each thread and the counters may be updated in accordance with their fractional usage. | 2012-08-23 |
20120216211 | AUTHENTICATING A PROCESSING SYSTEM ACCESSING A RESOURCE - Provided are a method, system, and article of manufacture for authenticating a processing system accessing a resource. An association of processing system identifiers with resources, including a first and second resources, is maintained. A request from a requesting processing system in a host is received for use of a first resource that provides access to a second resource, wherein the request is generated by processing system software and wherein the request further includes a submitted processing system identifier included in the request by host hardware in the host. A determination is made as to whether the submitted processing system identifier is one of the processing system identifiers associated with the first and second resources. The requesting processing system is provided access to the first resource that the processing system uses to access the second resource. | 2012-08-23 |
20120216212 | ASSIGNING A PORTION OF PHYSICAL COMPUTING RESOURCES TO A LOGICAL PARTITION - A computer implemented method includes determining first characteristics of a first logical partition, the first characteristics including a memory footprint characteristic. The method includes assigning a first portion of a first set of physical computing resources to the first logical partition. The first set of physical computing resources includes a plurality of processors that includes a first processor having a first processor type and a second processor having a second processor type. The first portion includes the second processor. The method includes dispatching the first logical partition to execute using the first portion. The method includes creating a second logical partition that includes the second processor and assigning a second portion of the first set of physical computing resources to the second logical partition. The method includes dispatching the second logical partition to execute using the second portion. | 2012-08-23 |
20120216213 | ELECTRONIC CONTROL UNIT HAVING A REAL-TIME CORE MANAGING PARTITIONING - An electronic control unit having a microcontroller provided with RAM associated with variable data and ROM associated with the code of a software operating system incorporating a real time core for executing computer tasks. The RAM and ROM include zones corresponding to partitions, one of which is allocated to the real time core, while each of the others is allocated to at least one of the tasks. The RAM and the ROM are associated with an address bus that is physically programmed so that each partition is prevented firstly from writing in another one of the zones of the RAM, and secondly from executing another one of the zones of the ROM. The he real time core is associated with a timer for allocating an execution time to each partition. | 2012-08-23 |
20120216214 | MIXED OPERATING PERFORMANCE MODE LPAR CONFIGURATION - Functionality is implemented to determine that a plurality of multi-core processing units of a system are configured in accordance with a plurality of operating performance modes. It is determined that a first of the plurality of operating performance modes satisfies a first performance criterion that corresponds to a first workload of a first logical partition of the system. Accordingly, the first logical partition is associated with a first set of the plurality of multi-core processing units that are configured in accordance with the first operating performance mode. It is determined that a second of the plurality of operating performance modes satisfies a second performance criterion that corresponds to a second workload of a second logical partition of the system. Accordingly, the second logical partition is associated with a second set of the plurality of multi-core processing units that are configured in accordance with the second operating performance mode. | 2012-08-23 |
20120216215 | METHOD AND SYSTEM FOR PROCESSING DATA FOR PREVENTING DEADLOCK - Provided are a method and system for processing data for preventing deadlock, and more particularly, provided are a method and system which process messages received at a message response standby state in an actor system so as to prevent deadlock. The data-processing method for preventing deadlock includes the following steps: (a) transmitting a read message for requesting information on the status of a target actor required for processing data; (b) receiving only read messages for reading information on the status of an actor until a response to the read message is received; and (c) when the response to the read message is received, processing relevant data using the status information. | 2012-08-23 |
20120216216 | METHOD AND MIDDLEWARE FOR EFFICIENT MESSAGING ON CLUSTERS OF MULTI-CORE PROCESSORS - Disclosed embodiments include a Java messaging method for efficient inter-node and intra-node communications on computer systems with multi-core processors interconnected via high-speed network interconnections. According to one embodiment, the Java messaging method accesses the high-speed networks and memory more directly and reduces message buffering. Additionally, intra-node communications utilize shared memory transfers within the same Java Virtual Machine. The described Java messaging method does not compromise Java portability and is both user and application transparent. | 2012-08-23 |
20120216217 | INTERFACE FOR DISPLAYING CONTENT SUPPORTING HARDWARE ACCELERATION - One or more application programming interfaces (APIs) are exposed by a host program running on a device to facilitate a control program displaying content in a window in which the host program displays content. As part of an API, a method is exposed that the control program can invoke to pass to the host program a definition of a surface presenter to be created by the host program. Additionally, the control program can store content that the control program desires to have presented in a buffer of the surface presenter, and invoke another method exposed as part of an API to pass to the host program an indication of the content that the control program desires to have displayed in the window in which the host program displays content. | 2012-08-23 |
20120216218 | METHODS FOR OPERATING SYSTEM IDENTIFICATION AND WEB APPLICATION EXECUTION - Methods to execute operating system dependencies for web applications are provided. A particular method includes receiving an operating system independent function call at a web server. The operating system independent function call may be initiated at a web-based application. The method further includes determining a particular operating system used by the web server and selecting a command based on the particular operating system. The method further includes executing the selected command. | 2012-08-23 |
20120216219 | METHODS AND APPARATUS FOR DYNAMIC CUSTOMIZATION OF CLINICAL WORKFLOWS - Methods and apparatus for dynamic customization of clinical workflows are disclosed. An example method includes receiving a script that implements one or more actions of a clinical workflow from a first healthcare entity that utilizes an electronic clinical information system, wherein the electronic clinical information system aggregates healthcare information from a plurality of healthcare entities including the first healthcare entity; loading the script into a dynamic module core framework that interacts with a runtime environment to execute application bundles; and publishing the script of the dynamic module core framework to the runtime environment such that the clinical workflow is installed into the electronic clinical information system dynamically at runtime. | 2012-08-23 |
20120216220 | CLAMPING DEVICE OF OPTICAL DISC - An optical disc clamping device is disclosed. Two concentric rotators with inward/outward rotation are disposed in the inner ring of a stationary seat, and a number of protruded slide grooves support the indented slide base for sliding, such that the stationary seat, the two rotators and the pressing plate are directly suspended to move together. The two-stage rotation enlarges the descent distance of the clamping device and directly descends the pressing plate for clamping the optical disc stably. | 2012-08-23 |
20120216221 | METHOD FOR CALIBRATING STEPS OF STEPPING MOTOR USED IN OPTICAL DISC DRIVE - A method for calibrating steps of a stepping motor used in an optical disc drive is provided. A pick-up head is moved to an origin of the structure. The pick-up head is moved toward a terminal of the structure by a stepping motor. The steps of the stepping motor are recorded until a counter electromotive force of the stepping motor is detected. A predetermined travel distance of the pick-up head is calculated. If the predetermined travel distance of the pick-up head is different from the maximum distance of the structure, then it is decided that the stepping motor has step error, and the steps of the stepping motor are calibrated. | 2012-08-23 |
20120216222 | Parental Control for Audio Censorship - In certain implementations, a television receiver device has an interface configured to receive audio video (A/V) program content and tuning information. A processor is programmed to: tune to a designated program; present an option to tune to the designated program with either a censored or uncensored version of audio; upon receipt of an instruction to tune to the designated program with uncensored audio, tune to a substitute audio stream identified with a secondary packet identifier, where the substitute audio stream substitutes uncensored segments of audio for censored segments of audio. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract. | 2012-08-23 |
20120216223 | METHOD AND SYSTEM FOR REPLACING/OBSCURING TITLES AND DESCRIPTIONS OF RECORDED CONTENT - A method and system for displaying titles of recorded content based on a user's access level. In one embodiment, a plurality of user identifications is received. Each of the user identifications may be associated with one of a plurality of access levels. Login information corresponding to a user may be received and a user interface may be generated. The user interface may display one or more titles corresponding to recorded content. The one or more titles displayed on the user interface may be based on an access level associated with the user. | 2012-08-23 |
20120216224 | METHOD AND APPARATUS FOR MANAGING TARGETED ADVERTISEMENTS FOR A LINEAR TELEVISION SERVICE - A method and apparatus for managing targeted advertisements for linear television is provided herein. During operation a list of N channels are maintained. Advertisements for the N channels are downloaded and stored locally. The list of N channels will be dynamically updated with advertisements being added to, and removed from local storage. | 2012-08-23 |
20120216225 | METHODS AND APPARATUS FOR PROVIDING VIRTUAL CONTENT OVER A NETWORK - Methods and apparatus for selecting, purchasing and delivering content to users of a network so that the user has “virtual” ownership of and access to the content, thereby obviating the need for physical media (e.g., DVDs or CDs). In an exemplary embodiment, the network comprises a hybrid fiber coax (HFC) network, and on-demand (OD) sessions or broadcast modes are used to deliver the virtual content stored at the head-end (or hub site) to the requesting owner. The purchased content is associated with one or more users when stored, thereby providing the owner(s) unlimited access thereto, without the costs and effort associated with renting/purchasing and maintaining DVDs. The content may also comprise new release content, which would otherwise not be available over the network at that time but for the purchase and delivery mechanisms of the invention. Various other complementary features for enhancing the user's virtual ownership experience are also disclosed. | 2012-08-23 |
20120216226 | Detection System and Method for Mobile Device Application - A system and method for detecting a non-visual code using an application on a mobile device, where the application is capable of associating the non-visual code with at least one item contained in a transmitted presentation and connecting the mobile device to information about the item in a database associated with the transmitted presentation. The non-visual code may comprise a high frequency signal played alone or with another audio or video signal. A mobile device application executing on a processor of the mobile device performs signal processing on the audio signal of the presentation to extract the high frequency signal. Also contemplated is obtaining information about the visual content and presenting the information on the personal device. | 2012-08-23 |
20120216227 | INFORMATION DESCRIPTOR AND EXTENDED INFORMATION DESCRIPTOR DATA STRUCTURES FOR DIGITAL TELEVISION SIGNALS - A digital television (DTV) data stream includes an event information table (EIT), the EIT including: a descriptor including: a descriptor tag identifying the descriptor as a genre descriptor, a descriptor length field, and at least one category code for an associated event in a DTV data stream. | 2012-08-23 |
20120216228 | PROGRAM GUIDE INCLUDING ONLINE CHANNELS - A method includes providing a programming guide including listings associated with a number of channels provided by a television service provider. The method may also include receiving, from a user, input corresponding to a request to add a listing in the programming guide associated with an online content provider, and providing a user interface requesting that the user add information associated with the online content provider. The method may further include receiving, via the user interface, an identifier associated with the online content provider, storing the identifier in a memory, and modifying the programming guide to include a listing associated with the online content provider. | 2012-08-23 |
20120216229 | Non-real Time Services - In certain embodiments, a method of receiving digital television signals involves tuning a radio frequency tuner to receive a radio frequency modulated channel containing a transport stream; demodulating the channel to produce an output transport stream; the output transport stream containing an Internet Protocol (IP) stream of packets containing non-real time content, a FLUTE file description table (FDT), NRT service metadata and NRT content metadata; demultiplexing the IP stream of packets to produce: NRT content that is stored in an electronic storage medium, the FLUTE FDT, NRT service metadata, and NRT content metadata; parsing the metadata to produces NRT service metadata; NRT content description text and NRT content metadata; and processing the NRT content description text derived from a Text Fragment Table (TFT). This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract. | 2012-08-23 |
20120216230 | Method and System for Signaling Transmission Over RTP - Apparatuses may perform and methods may include: receiving a digital broadcast signal that includes layer 2 (L2) signaling information carried within a Real-time Protocol (RTP) layer; locating a physical layer pipe (PLP) carrying local multiplex information of the L2 signaling information and a PLP carrying other multiplex information of the L2 signaling information; and extracting the local multiplex information and the other multiplex information from the respective PLPs. | 2012-08-23 |
20120216231 | INTELLIGENT DEVICE SYSTEM AND METHOD FOR DISTRIBUTION OF DIGITAL SIGNALS ON A WIDEBAND SIGNAL DISTRIBUTION SYSTEM - A plurality of intelligent device systems for use with a wideband signal distribution network, and methods for transmitting digital information and receiving digital and non-digital information onto and off of an RF carrier through a wideband signal distribution network, are disclosed. The intelligent device systems provide networks of intelligent devices that modulate and demodulate digital video, IP video/data/voice and digital wireless onto, and off of, a wideband signal distribution system, such as an analog carrier system, using existing EIA/TIA 568 standard wiring infrastructure. The methods modulate and demodulate digital video, IP video/data/voice and digital wireless onto, and off of, a wideband distribution system, such as an analog carrier system, and separate IP portions from non-IP portions. | 2012-08-23 |
20120216232 | SET TOP BOX VIDEO STREAM MERGING/PASS THROUGH - A gateway includes a communications interface and processing circuitry and establishes communications with at least one service provider device and with a serviced client device. The gateway receives serviced client device display structure instructions from a cloud server. The gateway then receives first streamed content from the cloud server, the first streamed content comprising images of an Internet session hosted by the cloud server and having a video program hole formed therein. The gateway receives second streamed content from the cloud server, the second streamed content comprising a video program corresponding to the video program hole of the first streamed content. Based upon the serviced client device display structure instructions, the gateway combines the first streamed content with the second streamed content to form merged streamed content and transmits the merged streamed content to the serviced client device. The client device may alternately receive and merge the video streams. | 2012-08-23 |
20120216233 | VIRTUAL NETWORK CONSTRUCTING APPARATUS AND METHOD - A virtual network constructing apparatus and a virtual network constructing method are provided. The virtual network constructing method includes constructing a virtual network on the basis of a Multi-Depot Ring-Star with 2-Depots per Ring (MDRS-2DR) topology, applying the virtual network to an actual network environment, and reflecting a result of the application to reconstruct the virtual network. | 2012-08-23 |
20120216234 | APPARATUS, SYSTEMS AND METHODS FOR ACCESSING AN INITIAL PORTION OF A MEDIA CONTENT EVENT - Systems and methods are operable to retrieve a previously broadcast initial portion of a media content event. An exemplary embodiment stores a media content event at a first media device as the media content event is communicated over a broadcast system; receives a request at the first media device from a second media device, wherein the request identifies an initial portion of a media content event that has previously been communicated over a broadcast system; identifies the initial portion of the media content event from the stored media content event; retrieves the identified initial portion of the media content event; and communicates the initial portion of the media content event from the first media device to the second media device. | 2012-08-23 |
20120216235 | Wireless Information Transfer and Interactive Television System - A system and method for controlling an interactive media system includes generating, by a first communication system, an information signal and a display signal for display by an electronic medium, transferring the information signal by a wireless signal transfer network, receiving and processing the information signal by a server, providing, by the server, data included in the information signal to a functional network, wherein the server retrieves return data from the functional network and provides the return data to a second communication system, generating, by the second communication system, a return information signal and providing the return information signal to the wireless signal transfer network, and transferring, by the wireless signal transfer network, the return information signal to the first communication system, which generates the display signal for display on the electronic medium. | 2012-08-23 |
20120216236 | CONTROLLING PLACESHIFTED CONTENT - Media content to be place shifted is received at the local user device along with a place shift enabled parameter that contains data associated with the received media content and that indicates whether the received media content is authorised to be place shifted. A user command to place shift the received media content to the remote user device is also received. It is then determined, by analysing the place shift enabled parameter, whether the received media content is authorised to be place shifted and based on this determination the place shifting of the received content to a remote device is allowed or impaired. | 2012-08-23 |
20120216237 | SIGNAL ACQUISITION APPARATUS AND METHOD - A receiver comprises a first signal acquisition unit for acquiring a first type of signal block formatted according to a first format, wherein the first type of signal block is interleaved with a second type of signal block formatted according to a second format, the first signal acquisition unit comprising one or more parameter estimation units for estimating from received signals of the first type one or more signal parameters related to acquisition of the first type of signal block at a respective frequency memory arranged to store data relating to the or each estimated parameter for said respective frequency, and a controller arranged to initialise parameter estimation for subsequent received signals on a revisited frequency based upon data stored for that respective frequency. | 2012-08-23 |
20120216238 | Method, Apparatus, And Server For Spreading File Transfer Notifications In Time - The present invention relates to home devices such as set-top boxes, and more particularly to methods providing autonomous file transfers to and from such home devices. There is provided a method for spreading notifications pertaining to the completion of file transfers in time. The method is based on the concept of imposing different delay times on different devices, which delay times must be observed prior to notifying the server of a file transfer completion. | 2012-08-23 |
20120216239 | Integration of network admission control functions in network access devices - In one embodiment, a method includes receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network, identifying a network admission control policy for the endpoint device, enforcing at the network access device, the network admission control policy for traffic received from the endpoint device, and forwarding at the network access device, traffic from the endpoint device to the network in accordance with the network admission control policy. An apparatus is also disclosed. | 2012-08-23 |
20120216240 | PROVIDING DATA SECURITY THROUGH DECLARATIVE MODELING OF QUERIES - Data security is implemented through a query based policy constraining a primary table. Nested tables inherit the security policy by implementing the policy queries of the primary table. Operations on nested tables such as join actions execute the security policy queries once due to inheritance from the primary table therefore optimizing query modeling. A security policy may respond to a context or a role by executing queries responsive to the context. | 2012-08-23 |
20120216241 | METHODS, CIRCUITS, APPARATUS, SYSTEMS AND ASSOCIATED SOFTWARE APPLICATIONS FOR PROVIDING SECURITY ON ONE OR MORE SERVERS, INCLUDING VIRTUAL SERVERS - Disclosed are methods, circuits, apparatus, systems and associated software applications for providing security on one or more servers, including virtual servers. A server operating system may include or be otherwise functionally associated with a firewall application, which firewall application may regulate IP port access to resources on the server. A port-tending agent or application (PorTender) running on the server, or on a functionally associated computing platform, may monitor and regulate server port status (e.g. opened, closed, and conditionally opened). The PorTender may initiate and engage in communication sessions with a policy server, from which policy server the PorTender may receive port, user and security policies and/or settings. | 2012-08-23 |
20120216242 | Systems and Methods for Enhanced Security in Wireless Communication - A communication system having a policy server coupled to a communications network for managing secure communication with and among end instruments (EI). The EI comprises a memory, and a processor coupled to the memory with processor-executable instructions, including instructions for an operating system kernel; and instructions for a protection core that monitors operations of the operating system kernel in accordance with a security policy for the EI. Security policies can intercept calls to an operating system kernel and for each call, determining whether the call is allowed under the security policy(ies). Policies are stored in a policy library and transmitted to an EI over a wireless communication network. | 2012-08-23 |
20120216243 | ACTIVE POLICY ENFORCEMENT - A method and apparatus is provided that includes techniques for providing complete solutions for role-based, rules-driven active policy enforcement. An embodiment addresses blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational systems in the context of threat and fraud detection, risk analysis and remediation, compliance checks and continuous monitoring. Further, an embodiment provides ability to embed and enforce active policy enforcement in particular processes. | 2012-08-23 |
20120216244 | SYSTEM AND METHOD FOR APPLICATION ATTESTATION - An instrumented machine or platform having a target application thereon is disclosed. An attestation service may generate an application artifact having associated therewith a name and an application statement having at least one of a plurality of attribute value assertions describing the examined runtime local execution and introspection based derived security context. The application statements may represent the level of contextual trustworthiness, at near real time, of a running application on the instrumented target platform. A runtime process and network monitor may examine the local runtime execution context of the target application, and an identity provider may authenticate a user to the web application based on a web services query for attestation of the target application. A physical or logical authorization service may control access of an authenticated user to the target application, based on a dynamic application statement and multi-factor application attestation issued by the attestation service. | 2012-08-23 |
20120216245 | METHOD AND APPARATUS FOR EDITING, FILTERING, RANKING AND APPROVING CONTENT - The system provides a method and apparatus for editing, filtering, ranking and approving content. In one embodiment, the system provides a browsing environment for children that routes all internet requests through a central server. A request to a blocked website is automatically forwarded to one of a plurality of editors who can then access the site and determine on a page or site basis as to whether the request is suitable for the browsing environment. The system includes a workflow management system that determines which of the plurality of editors will be assigned a link to review. Approved content is categorized by the age and gender of the users of the content. The approved content is also categorized as a resource or reference to assist in accomplishing homework assignments. Parents can receive updates and can manage the content remotely. | 2012-08-23 |
20120216246 | PARAMETRIC CONTENT CONTROL IN A NETWORK SECURITY SYSTEM - A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and social engineering attacks. The system can implement centralized policies that allow an administrator to approve, block, quarantine, or log file activities. The system can provide and update a security value that causes host computers to change security levels for a number of different policies. The policies are grouped into a master set of policies and options which are propagated to the hosts from a centralized server. The security value is stored on the hosts and the server, and changes of the value on the server are propagated to the hosts. | 2012-08-23 |
20120216247 | Access control in data processing system - A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure. | 2012-08-23 |
20120216248 | ADJUSTING FILTER OR CLASSIFICATION CONTROL SETTINGS - Methods and systems for managing data communications are described. The method includes receiving a data communication; analyzing the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication; assigning a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks; comparing the total risk level assigned to the data communication with a maximum total acceptable level of risk; and allowing the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk. | 2012-08-23 |
20120216249 | Enhanced Media Control - An enhanced mechanism for conflict resolution between authorized services in respect of selective authorization criteria, such as service incompatibilities, subscribed bandwidth QoS assigned per subscriber and pre-emption priority value assigned per service. The present invention allows the authorization of a subsequent service as a result of applying a selective authorization criterion for the subscriber at a policy control rules server to determine those previously authorized services to be put on hold, notifying about said previously authorized services to be on hold towards application devices handling such services, and inactivating at a policy enforcement device those control rules applicable to the media associated with said previously authorized services. In addition, the method as well as the policy control rules server, the application devices and the policy enforcement device may be also arranged for re-activating said previously authorized services still on hold when the reason for being on hold has ceased. | 2012-08-23 |
20120216250 | IMAGE FORMING APPARATUS, IMAGE FORMING METHOD, AND AUTHENTICATION PROGRAM PRODUCT - An image forming apparatus provided with a document transport unit that transports a document placed thereon, a confirmation unit that confirms whether a detachable recording medium is connected and whether the document is placed, an authentication control unit that controls an authentication and, when the authentication is succeeded, switches an authentication status from a non-authenticated mode to an authenticated mode, and a function execution unit that executes a function, while the authentication status is the authenticated mode. The authentication control unit controls a switching of the authentication status from the authenticated mode to the non-authenticated mode, on the basis of a status indicating whether the recording medium is connected and a status indicating whether the document is placed during the non-authenticated mode, as well as a status indicating whether the recording medium is connected and a status indicating whether the document is placed during the authenticated mode. | 2012-08-23 |
20120216251 | SECURITY RESTRUCTURING FOR WEB MEDIA - User input to a web service including content from one or more media providers is subjected to a security analysis based on extracting whitelisted attributes and/or properties, the extracted attributes/properties validated, a template selected based on a source of the content, and a secure embedded code generated based on the whitelisted attributes/properties if the source is also a whitelisted source. The generated secure embedded code may then be provided as content by the web service. | 2012-08-23 |
20120216252 | SYSTEMS AND METHODS FOR AUTHENTICATING DEVICES IN A SENSOR-WEB NETWORK - There is provided a method for distributing sensor data. The method includes receiving, from a requesting device, a request to access first sensor-collectable data associated with at least one package. The requesting device is authenticated to access the first sensor-collectable data. And when second sensor-collectable data is associated with a predetermined value, the method also includes denying the request for access. | 2012-08-23 |
20120216253 | On-Line Membership Verification Utilizing An Associated Organization Certificate - A system and method is presented for providing verification of specified credentials to an independent person (a third party, that is, a user of a purported member's website) through the utilization of an “organization certificate” (OC) in combination with a “membership certificate” (MC), with the field structure of the OC limiting the type of information that can be certified by the issuing organization. The set of fields in the OC is defined as associated with a particular type of organization, where any extraneous information will not be permitted to form part of a legitimate membership certificate (hereinafter “MC”). The use of specific field descriptions thus assumes that any field appearing in an MC that does not have a corresponding tag in the OC will cause the MC to be flagged as invalid by the user's browser extension during the verification process. | 2012-08-23 |
20120216254 | Scalable Distributed Web-Based Authentication - Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol. | 2012-08-23 |
20120216255 | Attesting a Plurality of Data Processing Systems - A technique for attesting a plurality of data processing systems. The method includes: configuring a chain of data processing systems wherein a first data processing system is responsible for retrieving attestation data associated with a second data processing system; sending a request for attestation of the first data processing system; in response to receiving the request, retrieving a list of associated one or more children, wherein the one or more children comprise the second data processing system; retrieving and storing attestation data associated with each child; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first and second data processing systems, such that the attestation data associated with the first and second data processing systems can be used to attest the first and second data processing systems, respectively. | 2012-08-23 |
20120216256 | System, Method And Apparatus For Providing Multiple Access Modes In A Data Communications Network - A system, method and apparatus for providing multiple access modes in a data communications network includes a network access device having a plurality of input ports, a plurality of output ports, and a switching fabric for routing data received on the plurality of input ports to at least one of the plurality of output ports. Control logic within the network access device is adapted to determine whether a user device coupled to one of the plurality of input ports supports a user authentication protocol used by a host network. If the user authentication protocol is not supported, then the input port to which the network access device is coupled is placed in a semi-authorized access state that limits access to a pre-configured network accessible via the host network. | 2012-08-23 |
20120216257 | LABEL PRIVILEGES - Methods, systems, and apparatus for managing labeling privileges. In one aspect, a method includes receiving label data defining a label to be associated with an image of a first user in a photograph, the first user identified by a first user identifier and the label data associated with a submitting user identifier; accessing data defining labeling privileges for the first user identifier, the labeling privileges being for second users identified by respective second user identifiers, and the labeling privileges defining, for each second user, a labeling privilege for the second user to label an image of the first user in a photograph; determining whether the submitting user identifier is included in the second user identifiers; in response to determining that the submitting user identifier is included in the second user identifiers: determining the labeling privileges for the user identified by the submitting user identifier, and processing the label accordingly. | 2012-08-23 |
20120216258 | Network Connecting Device and Method - In a network connecting device connectable to a network, a connection approval/disapproval determination section determines approval/disapproval of connection to a network in accordance with a connection approval/disapproval determination rule managed by a connection approval/disapproval determination rule management section. When there is a security problem in a content of the connection approval/disapproval determination rule if a connection is to be formed, the security problem is solved by having a user re-input authentication information in the content of the connection approval/disapproval determination rule. | 2012-08-23 |
20120216259 | Network Connecting Device and Method - A network connecting device includes: a network device for connecting to the network; a profile generation determination section for determining whether or not to generate a profile including information necessary for forming a connection with the network; a profile generation section for generating the profile when the profile generation determination section determines to generate the profile; a profile management section for managing the profile generated by the profile generation section; and a network connection section for controlling the network device and connecting to the network, based on the profile managed by the profile management section. | 2012-08-23 |
20120216260 | SYSTEMS, METHODS AND APPARATUS FOR AUTHENTICATING ACCESS TO ENTERPRISE RESOURCES - Systems, apparatus, methods and articles of manufacture provide for controlling access to one or more enterprise resources, including one or more functions of an enterprise device, or other computing device, based on information about one or more activities of a user. Some embodiments provide for determining an intuitive challenge question having a corresponding response, such as an intuitive password. | 2012-08-23 |
20120216261 | Method and System for Electronic Delivery of Essential Mail Items - A delivery server, and a method of operating same for providing an trusted electronic mail service for the delivery of items to a subscriber. An associated database contains subscriber details. The server receives from the subscriber a nomination of at least one service provider from which the subscriber wishes to receive electronic mail items. The nomination is stored in the database in association with the subscriber details. A trusted communications channel is established between the delivery server and a service provider computer system, for example via the Internet or other public network. The delivery server receives essential mail data from the service provider via the communications channel, and verifies that the subscriber wishes to receive a corresponding electronic mail item, by comparison with subscriber details and nominations stored in the database. In the event that the verification is successful, the delivery server delivers the electronic mail item to the subscriber. | 2012-08-23 |
20120216262 | Methods, Systems, And Computer Program Products For Determining An Originator Of A Network Packet Using Biometric Information - Associating a network packet with biometric information for a user includes identifying biometric identification information for a user of a network device, including an identifier of the biometric identification information in at least one of a header and a trailer of a network packet without including biometric identification information in a payload of the network packet, and sending the packet via a network, wherein the identifier identifies the network packet as having originated from the user. | 2012-08-23 |
20120216263 | Authentication in Communication Systems - A user of a first packet-based communication network is authorised to access a second packet-based communication network. In at least some embodiments, an authorisation request is received from a user terminal of the user at a first network element of the first packet-based communication network, the authorisation request comprising a first user identity. Responsive to the authorisation request, a request is transmitted to create a second user identity from the first network element to a second network element of the second packet-based communication network. The second network element creates the second user identity for use in the second packet-based communication network, the second user identity being derivable from the first user identity according to a predetermined rule. The second user identity in the second packet-based communication network is stored for use with subsequent communication events over the second packet-based communication network. | 2012-08-23 |
20120216264 | GENERALIZED CREDENTIAL AND PROTOCOL MANAGEMENT OF INFRASTRUCTURE - A workflow request having a set of device specific operations and credentials is obtained. The workflow request is parsed to locate at least one of the set of device specific operations and credentials. The located device specific operations and credentials are replaced with at least one logical device operation and logical credentials to create a generalized credential and protocol workflow. | 2012-08-23 |
20120216265 | USING CLOCK DRIFT, CLOCK SLEW, AND NETWORK LATENCY TO ENHANCE MACHINE IDENTIFICATION - Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data. | 2012-08-23 |
20120216266 | SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 2012-08-23 |
20120216267 | User Initiated and Controlled Identity Federation Establishment and Revocation Mechanism - A method for single sign-on with established federation includes triggering a single sign-on operation from a first service to a second service, retrieving, by the first service, an associated federation key and pseudo identification for a user agent, generating, by the first service, a token signed with a federation key for the user agent based on the pseudo identification, redirecting, by the first service, the user agent to the second service, wherein the user agent transfers the token to the second service, verifying, by the second service, the token and determining an associated identification in the second service, and returning, by the second service, a resource to the user agent. | 2012-08-23 |
20120216268 | IDENTITY ASSERTION FRAMEWORK - Systems and methods for implementing an identity assertion framework to authenticate a user in a federation of security domains are provided. A first security token service (STS) is configured to receive a request for a first token from a consumer and to issue the first token to the consumer. The first STS is associated with a first security domain, and the first token is issued according to a first issuing policy of the first security domain. A service provider within a second security domain receives the first token and makes a determination whether the first token is invalid in the second security domain. A second STS receives the first token from the service provider, determines that the first token was issued by the first STS, and validates the first token according to a federation policy between the first security domain and the second security domain. | 2012-08-23 |
20120216269 | Software licensing in a virtualization environment - Provided are a system and method for activating an unauthorized software program in a virtualization environment. A software program is installed on a computer. A valid license is obtained to activate the software program. A cloning operation is performed on the software program. At least one other instance of the software program is generated during the cloning operation. The valid license is obtained to activate the at least one other instance of the software program. Also provided are systems and methods for identifying and counteracting unauthorized licensing of instances of a software program. | 2012-08-23 |
20120216270 | Method and Apparatus for Graphical Presentation of Firewall Security Policy - A graphical representation of the firewall and a network coupled to the firewall is generated and displayed. A number of an inbound port of the network is displayed. An arrow adjacent to the port number pointing toward the network is displayed to indicate that a communication is permitted to the port. The port number and the arrow are located between an icon for the network and an icon for the firewall. A port number of a destination of a communication originating from the network is displayed. Also, another arrow adjacent to the destination port number pointing toward the firewall is displayed to indicate that a communication is permitted to the destination port number. The destination port number and the other arrow are located between an icon for the network and an icon for the firewall. | 2012-08-23 |
20120216271 | SYSTEM AND METHOD FOR INTERLOCKING A HOST AND A GATEWAY - A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel. | 2012-08-23 |
20120216272 | ROUTING VOIP CALLS THROUGH MULTIPLE SECURITY ZONES - Call setup signaling is performed across at least a first security zone, a second security zone, and a third security zone to set up a call. At least one gate is then established between the first security zone and the third security zone to enable traffic flow for the call between the first security zone and the third security zone. | 2012-08-23 |
20120216273 | SECURING A VIRTUAL ENVIRONMENT - Securing a virtual environment includes: in a host device, intercepting a packet addressed to a virtual machine implemented by the host device; redirecting the packet to a security device external to the host device through an egress tunnel; and delivering the packet to the virtual machine if the host device receives an indication from the security device that the packet is approved. | 2012-08-23 |
20120216274 | INFERENCING DATA TYPES OF MESSAGE COMPONENTS - A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components. | 2012-08-23 |
20120216275 | SCALABLE TRANSPARENT PROXY - A facility for proxying network traffic between a pair of nodes is described. The facility receives packets traveling between the pair of nodes that together constitute a distinguished network connection. For each packet of the connection that is part of a transport protocol setup process, the facility updates a representation of the status of the setup process to reflect the packet, and forwards the packet to its destination without proxying the packet. For each packet of the connection that is subsequent to the setup process, the facility proxies the contents of the packet to the packet's destination. | 2012-08-23 |
20120216276 | SECURE PORTABLE OBJECT - The invention relates to a secure portable object of the smart card type comprising (a) an object body and (b) a micro-module comprising a processor and at least one memory in which a first application executed by a first execution engine in a first execution space is stored. The invention is characterised in that a second application is further stored in the said at least one memory, where the said second application is executed by a second execution engine distinct from the first execution engine, in a second execution space distinct from the first execution space. The invention particularly applies to smart cards. | 2012-08-23 |
20120216277 | USER PROFILE AND USAGE PATTERN BASED USER IDENTIFICATION PREDICTION - Embodiments of the present invention provide method, system and computer program product for user profile and usage pattern based user ID prediction. In accordance with an embodiment of the invention, a user can request a user ID to access a portion of a computing system. One or more characteristics of the user, such as a role or location can be determined and correlated to one or more different additional user ID options. In this regard, the additional user ID options can be a suggested alternative user ID for use by the user commensurate with the role or location of the user, or with past patterns of other users considered similar to the user based upon the characteristics of the user. | 2012-08-23 |
20120216278 | METHOD AND SYSTEM FOR REAL TIME CLASSIFICATION OF EVENTS IN COMPUTER INTEGRITY SYSTEM - Method and system using a designated known secure computer for real time classification of change events in a computer integrity system are disclosed. In the embodiment of the invention, the known secure computer, having only inbound connection, is dedicated for providing permissible change events, which are compared with change events generated on client operational computers. An alert is generated when the change event at the client operational computer and the respective permissible change event provided by the known secure computer mismatch. | 2012-08-23 |
20120216279 | Backward researching time stamped events to find an origin of pestware - A system and method for identifying an origin of suspected pestware activity on a computer is described. One embodiment includes establishing a time of interest relating to a suspicion of pestware on the computer; issuing a timestamp in response to the establishing the time of interest; identifying, in response to the issuing the timestamp, indicia of pestware; and accessing at least a portion of a recorded history of sources that the computer received files from so as to identify, based at least in part upon the identified indicia of pestware, a reference to an identity of a source that is suspected of originating pestware. | 2012-08-23 |
20120216280 | DETECTION OF CODE-BASED MALWARE - This document describes techniques for detection of code-based malware. According to some embodiments, the techniques utilize a collection of known malicious code and know benign code and determine which features of each type of code can be used to determine whether unclassified code is malicious or benign. The features can then be used to train a classifier (e.g., a Bayesian classifier) to characterize unclassified code as malicious or benign. In at least some embodiments, the techniques can be used as part of and/or in cooperation with a web browser to inspect web content (e.g., a web page) to determine if the content includes code-based malware. | 2012-08-23 |
20120216281 | Systems and Methods for Providing a Computing Device Having a Secure Operating System Kernel - A method and apparatus for resisting malicious code in a computing device. A software component corresponding to an operating system kernel is analyzed prior to executing the software component to detect the presence of one or more specific instructions such as malicious code, a change in mode permissions or instructions to modify or turn off security monitoring software, and taking a graduated action in response to the detection of one or more specific instructions. The graduated action taken is specified by a security policy (or policies) stored on the computing device. The analyzing may include off-line scanning of a particular code or portion of code for certain instructions, op codes, or patterns, and includes scanning in real-time as the kernel or kernel module is loading while the code being scanned is not yet executing (i.e., it is not yet “on-line”). Analysis of other code proceeds according to policies. | 2012-08-23 |
20120216282 | METHODS AND SYSTEMS FOR DETECTING AND MITIGATING A HIGH-RATE DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACK - Methods and systems for detecting and mitigating high-rate Distributed Denial of Service (DDoS) attacks are herein described. The present invention contemplates a variety of improved techniques for using a flow-based statistical collection mechanism to monitor and detect deviations in server usage data. The method further includes combining multiple anomaly algorithms in a unique way to improve the accuracy of identifying a high-rate DDoS attack. The DDoS solution includes a two-phase approach of detection and mitigation, both of which operate on a local- and a global-basis. Moreover, the anomaly algorithms can be modified or extrapolated to obtain the traffic deviation parameters and therefore, the attack probabilities. | 2012-08-23 |
20120216283 | METHOD AND SYSTEM FOR DISABLING MALWARE PROGRAMS - Disabling malware programs. At least some of the various embodiments are methods including disabling a malware program on a computer system that comprises a native operating system on a long term storage device. In some cases, the disabling by: booting a non-native operating system on the computer system; identifying, by a scan program executed under the non-native operating system, the malware program on the long term storage device; modifying, by the scan program, a file system coupled to the native operating system with respect to the malware program, the file system on the long term storage device; and then booting the native operating system on the computer system. | 2012-08-23 |
20120216284 | METHOD AND SYSTEM OF POSTING ACHIEVEMENTS REGARDING SCANS FOR MALWARE PROGRAMS - Posting achievements regarding scans for malware programs. At least some of the illustrative embodiments are methods including: initiating a scan for malware programs on a computer system, the initiating by a first user, and the scan by a scan program executed on the computer system; identifying malware programs on the computer system by the scan program, where identifying meets a predetermined achievement; and posting to a social network, the posting comprises an indication of meeting the predetermined achievement, and the posting associated with the first user. | 2012-08-23 |
20120216285 | SYSTEMS AND METHODS FOR INHIBITNG DENIAL-OF-SERVICE ATTACKS USING GROUP CONTROLS - A sandbox tool can cooperate with components of a secure operating system (OS) to create an isolated execution environment for accessing content without exposing other processes and resources of the computing system to the untrusted content. The sandbox tool can utilize task control groups (cgroups) of the secure OS with the isolated execution environment. A cgroup defines the hardware resources that can be accessed and utilized by the isolated execution environment. The cgroups can define accessible hardware resources by particular hardware resources, amount of hardware resources, and/or components of the hardware resources. Once a cgroup is applied to the isolated execution environment, any processes running in the isolated execution environment will be confined to the hardware resources defined by the applied cgroup. If a process running in the isolated execution environment attempts to utilize hardware resources outside the definition of the cgroup, the secure OS can block the usage. | 2012-08-23 |
20120216286 | METHODS AND SYSTEMS FOR SECURELY UPLOADING FILES ONTO AIRCRAFT - Methods and systems for securely uploading files onto a vehicle such as an aircraft are provided. In one embodiment, a system for transmitting files to a remote vehicle comprises: a communication system onboard the remote vehicle; at least one processor onboard the remote vehicle coupled to the communication system; and at least one storage device comprising a database, the at least one storage device further comprising computer executable instructions which when executed by the at least one processor implement a data checking functionality process comprising: generating a security file at the remote vehicle from an uplinked file received by a communication system; verifying integrity of the uplinked file using the security file; when integrity of the uplinked file is confirmed, accepting the uplinked file; and when integrity of the uplinked file is not confirmed, rejecting the uplinked file. | 2012-08-23 |
20120216287 | SOCIAL NETWORK PRIVACY USING MORPHED COMMUNITIES - A system, method and program product for morphing social network data. A system is disclosed that includes: a system for splitting up M communities within a set of social network data into N split communities; a system for morphing the N split communities into P morphed communities using a cardinality key, wherein the cardinality key causes subsets of split communities to be unioned together; and a system for adding phony members into the P morphed communities. | 2012-08-23 |
20120216288 | METHOD AND SYSTEMS FOR SECURE DISTRIBUTION OF CONTENT OVER AN INSECURE MEDIUM - A method, system, and computer program product for secure distribution of content over an insecure medium, including a recipient device configured to receive content; and a sender device configured to request from the recipient device a unique identification associated with the recipient device, before sending to the recipient device, the content and a unique key associated with the content for use of the content by the recipient device. The sender device is configured to request the unique identification associated with the recipient device from the recipient device during a predetermined time interval after sending the key, and after verification of the unique identification, send a new key associated with the content to the recipient device for further use of the content by the recipient device. | 2012-08-23 |
20120216289 | CONTENT PROVISION SYSTEM - The second content provision system determines, in response to a request by a user from a second terminal belonging to a second network, a second content being a same content as a first content, which is provided to the first terminal belonging to a first network or an alternative content for the first content and matching rights of the user. The second content is provided from the second network to the second terminal and can be used by the second terminal. The second content is determined by using content information specifying the first content which is in-use or which the use has interrupted and ownership information indicating the rights of the user and the content provision system acquires the content information and the ownership information from the first content provision system in response to the request from the second terminal. | 2012-08-23 |
20120216290 | Partial Access to Electronic Documents and Aggregation for Secure Document Distribution - Partial access to electronic documents and aggregation for secure document distribution is disclosed. The embodiments herein relate to providing access to electronic documents and, more particularly, to providing access to portions of electronic documents and aggregating such portions in secure document distribution environment. Existing document distribution mechanisms do not provide means to access partial documents based on the attributes such as roles of the agents within an organization, location of access, time of access, device ID and so on. The disclosed method allows agents to access partial contents of documents based on the attributes. Meta data tags are attached to the documents in order to control the access of the documents by the defined attributes. The agent who wishes to access the document enters his credential and based on the credentials he is provided access to the content that is assigned for him | 2012-08-23 |
20120216291 | DATA SECURITY MANAGEMENT SYSTEMS AND METHODS - Data security management system and methods are provided. First, a first system having a management authority is provided. The first system displays an input interface on an input device. A switch switches the management authority from the first system to a second system, wherein the second system operates with a secure mechanism. When the management authority is switched to the second system, the first system transmits layout information of the input interface and an input device characteristic of the input device to the second system. The second system receives input data via the input device, and decodes the input data according to the layout information and the input device characteristic. | 2012-08-23 |
20120216292 | User Account Creation Involving a Mobile Device - Mobile devices may often communicate with network (“cloud”) services that require an account. Because it may be undesirable to require user interaction when creating an account, it may be desirable to create an account associating a mobile device to a network service without requiring a user to explicitly enter authentication information, such as a username and password. In an embodiment, data corresponding to a mobile device is obtained to generate authentication information which is then sent to messaging address of a user. In another embodiment, in response to an event, a mobile device obtains an identifier for a user, sends the identifier to a server, where the server transmits one set of authentication information to a messaging address associated with the user and another set of authentication information to the device. | 2012-08-23 |
20120216293 | MEDIA SERVICE DELIVERY SYSTEM PROVIDING CONDITIONAL ACCESS TO MEDIA CONTENT FROM VARIOUS CLIENT DEVICES - A system for protecting the digital rights of content owners allows digital media to be delivered to only those media rendering client devices that have been approved for the media content. Before delivering requested media, the media service provider may determine whether the media rendering client device that requested the media is the type of device that is authorized to receive the request media. If it is, the media service provider may transmit the media to a middleman server over a network (such as the Internet). A middleman server may then serve the media to the client device over a local network. By allowing the media content to be distributed to approved devices only, the media service provider can prevent a user from using the media in a way that is not authorized by the content owner. | 2012-08-23 |