38th week of 2012 patent applcation highlights part 65 |
Patent application number | Title | Published |
20120240142 | Content Provision - A system is disclosed for providing a user with access to augmented media content. A set-top-box is provided to pass live broadcast content to a user device. A software module is arranged to receive augmentation content that is associated with the live TV, and the software module can augment the live TV by, for example, controlling the placement of graphics over or alongside video programs. A back-channel is provided from the user device to content providers and a server so that a user can interact with the augmentation content. | 2012-09-20 |
20120240143 | Method and system for verifiable two-way communication and interaction with audiences using multiple media formats - A system and method for verifiable two-way communication and interaction with audiences using Visual Cues and images to enable an audience, irrespective of size, to interact with multiple media formats, using smart devices such as smartphones and smart cameras. Allows interactions with viewers in real-time that will provide richer data that can be used to measure an audience more reliably. | 2012-09-20 |
20120240144 | CONTENT PROVISION - An apparatus for displaying live television is described in which live television can be received and output to a user on one or more display devices. A user analysis module is configured to acquire data concerning television content being viewed contemporaneously by other users in a network, and the user's set-top-box can output content related to the acquired data to one or more display devices so that it can be viewed by the user. In addition the set-top-box is connected to a server including an extractor configured to extract data from the live television. A selection tool is configured to select augmentation content using the extracted data, and the set-top-box is configured to output the selected augmentation content to one or more display devices. | 2012-09-20 |
20120240145 | SYSTEMS AND METHODS FOR MANAGING A STATUS CHANGE OF A MULTIMEDIA ASSET IN MULTIMEDIA DELIVERY SYSTEMS - Systems and methods are disclosed which detect a change in the status of a multimedia asset in a multimedia delivery system, and take steps to make the multimedia asset available after the status change. The multimedia asset can then be locally recorded on the user's digital video recorder (DVR) before the status changes. Alternatively, the user can be directed to an equivalent asset, for example, video-on-demand (VOD). The user may also receive a notification, which can be displayed on a TV or computer monitor or send to a remote device, for example to a mobile phone as an email or a short message. The user may be able to purchase the asset and/or initiate recording the asset. The status can be, for example, an expiration date of an asset, or a change of the source or format of an asset. | 2012-09-20 |
20120240146 | SERVER MANAGING THE INTERACTIONS BETWEEN A SOURCE MOBILE DEVICE AND A PLURALITY OF RECIPIENT TELEVISION DEVICES - A mobile device or a sender's PC, notebook, PDA or laptop creates questionnaires and sends it to other recipient devices. The questionnaire is created by user of mobile device using audio inputs for a questionnaire preamble and for preambles for a question. A server in the network incorporates other generic portions of the questionnaire. It collates results received and send it to user who made/sent the questionnaire. Thus, a user can make adhoc questionnaires, send them to recipients and receive the results. This makes it easy for a user to create, disseminate, conduct questionnaires or surveys on mobile handsets and to collect results for processing and storage. | 2012-09-20 |
20120240147 | Tracking and Providing Availability Status of Personal Bi-Directional Services - The present invention provides methods and systems for accessing services in a television system. In one embodiment, a DHCT presents a subscriber an EPG presentation containing a plurality of selectable bi-directional services that are purchasable for a period of time and rendered to a buying subscriber on an individualized basis as offered by the cable television system. The subscriber navigates an EPG menu presentation with an input device such as a remote control device and selects a purchasable service by choosing the visual representation that corresponds to the desired service. The DHCT receives the user input, translates the selected command into an executable program call that queries service availability and, if the service is available, initiates the selected bi-directional audiovisual service on a personalized session. | 2012-09-20 |
20120240148 | IPTV System and Implementation Method for Relieving Binding Between an EPG and a Multimedia Node - A method for relieving binding between an Electronic Program Guide (EPG) and a multimedia node in an Internet Protocol Television (IPTV) system including: firstly sending an identity authentication request by a user, and then a user homepage authentication request after obtaining an identity authentication of a service processing module; and obtaining information of a multimedia node for serving the user via a node allocation module after receiving the user homepage authentication request, wherein the information of the multimedia node is used for assembling a channel Uniform Resource Locator for use by the user. The system relieves the binding relationship between an EPG and a multimedia node, enables the multimedia node to be dynamically allocated to the EPG when a user logs in, and enables the multimedia node to be used normally when a fault occurs in the EPG, thus improving the utilization rate of the system resource. | 2012-09-20 |
20120240149 | SYSTEM AND METHOD FOR DISTRIBUTING AND BROADCASTING MULTIMEDIA - Multimedia distribution and broadcast systems and related processes are provided for transmitting multimedia contents and control information from a central uplink facility to a remote downlink via a satellite. The system is preferably implemented in order to generate sequences of multimedia that are broadcast from the remote downlink facility to viewers. The display arrangements of the multimedia sequences are varied and customized by each downlink facility using the control information in order to better inform and entertain viewers. | 2012-09-20 |
20120240150 | Payment Authentication and Authorization Non-Web Devices - The present disclosure involves a method of conducting a transaction. In one aspect, the method includes: displaying a media program on a media display device; indicating, while the media program is being displayed, an item associated with the media program is available for purchase; receiving authentication information of a prospective purchaser of the item; and completing a purchase of the item in response to the authentication information. In another aspect, the method includes: receiving, from a media display device, a user authentication request that contains user login credentials; granting the user authentication request in response to the user login credentials; and sending an authentication permission to the media display device; wherein the receiving and the sending are each performed such that the user login credentials and the authentication permission are sent through one or more intermediate hops without being inspected by any of the intermediate hops. | 2012-09-20 |
20120240151 | Synchronizing Interactive Digital Advertisements displayed on client devices with television commercials - A system for the real time detection of an advertisement on a particular television channel or in a video stream, the development of a probability that the user of a client device such as a laptop, tablet or mobile phone (other than the device displaying the television channel or video stream, e.g. a Television) is viewing that particular television channel or video stream and the real time provision of an associated interactive digital advertisement to the user's client device, such as a laptop, tablet or smart phone. The system is composed of a series of software processes running on computer servers. Such servers comprising a microprocessor, data base, input device and output device wherein said data base comprises computer readable instructions stored in fixed memory or other digital storage system and executable by said microprocessor. | 2012-09-20 |
20120240152 | METHOD AND APPARATUS FOR DISPLAYING INFORMATION IN RESPONSE TO MOTION PICTURE PROGRAMMING - Various apparatuses and techniques for displaying information in response to motion picture programming are herein described. A handheld digital device can comprise a display and a processor. The processor can be configured to receive a watermark via programming. The programming can include an element representing a sale target. The sale target can be an item or service for sale. The watermark can include sale target information about the sale target. The processor can also be configured to identify the sale target via the sale target information in the watermark. The processor can also be configured to present the sale target to a user via the display. | 2012-09-20 |
20120240153 | SYSTEM FOR PROVIDING OFFERS USING A BILLING STATEMENT - A billing statement according to one aspect of the invention includes a description of a transaction and an offer pointer associated with the transaction, wherein the offer pointer includes information that may be used to review an offer. In one example of this aspect, a telephone number or a hyperlink is provided adjacent to a total amount owed listed on a statement (e.g., an electronically-displayed billing statement). The offers reviewed may be customized, for example, based on details of the transaction such as the product purchased or the amount of the purchase, the identity of the consumer, and/or on other data. | 2012-09-20 |
20120240154 | SYSTEM FOR PROVIDING OFFERS USING A BILLING STATEMENT - A billing statement according to one aspect of the invention includes a description of a transaction and an offer pointer associated with the transaction, wherein the offer pointer includes information that may be used to review an offer. In one example of this aspect, a telephone number or a hyperlink is provided adjacent to a total amount owed listed on a statement (e.g., an electronically-displayed billing statement). The offers reviewed may be customized, for example, based on details of the transaction such as the product purchased or the amount of the purchase, the identity of the consumer, and/or on other data. | 2012-09-20 |
20120240155 | SYSTEM FOR PROVIDING OFFERS USING A BILLING STATEMENT - A billing statement according to one aspect of the invention includes a description of a transaction and an offer pointer associated with the transaction, wherein the offer pointer includes information that may be used to review an offer. In one example of this aspect, a telephone number or a hyperlink is provided adjacent to a total amount owed listed on a statement (e.g., an electronically-displayed billing statement). The offers reviewed may be customized, for example, based on details of the transaction such as the product purchased or the amount of the purchase, the identity of the consumer, and/or on other data. | 2012-09-20 |
20120240156 | SYSTEM FOR PROVIDING OFFERS USING A BILLING STATEMENT - A billing statement according to one aspect of the invention includes a description of a transaction and an offer pointer associated with the transaction, wherein the offer pointer includes information that may be used to review an offer. In one example of this aspect, a telephone number or a hyperlink is provided adjacent to a total amount owed listed on a statement (e.g., an electronically-displayed billing statement). The offers reviewed may be customized, for example, based on details of the transaction such as the product purchased or the amount of the purchase, the identity of the consumer, and/or on other data. | 2012-09-20 |
20120240157 | SYSTEM FOR PROVIDING OFFERS USING A BILLING STATEMENT - A billing statement according to one aspect of the invention includes a description of a transaction and an offer pointer associated with the transaction, wherein the offer pointer includes information that may be used to review an offer. In one example of this aspect, a telephone number or a hyperlink is provided adjacent to a total amount owed listed on a statement (e.g., an electronically-displayed billing statement). The offers reviewed may be customized, for example, based on details of the transaction such as the product purchased or the amount of the purchase, the identity of the consumer, and/or on other data. | 2012-09-20 |
20120240158 | Delivering Personalized Media Items to Multiple Users of Interactive Television by Using Scrolling Tickers - A system and method of delivering personalized media items to users of an interactive television is disclosed. The system comprises a television terminal, a computing device and a remote control device. The computing device further comprises a set top box. The computing device may be connected to a server through a communication network. The system stores a personal profile for each of its users. Personal mobile devices associated with the users are connected wirelessly to the computing device. Identities of the users may be transmitted from the personal mobile devices to the computing device. Media items are selected based upon the personal profiles according to a predetermined algorithm. Selected media items may be delivered using scrolling tickers displayed on the television terminal. | 2012-09-20 |
20120240159 | Delivering Personalized Media Items to Users of Interactive Television and Personal Mobile Devices by Using Scrolling Tickers - A system and method of delivering personalized media items to users of an interactive television is disclosed. The system comprises a television terminal, a computing device and a remote control device. The system stores a personal profile for each of its users. Personal mobile devices associated with the users are connected wirelessly to the computing device. Identities of the users may be transmitted from the personal mobile devices to the computing device. Media items are selected based upon the personal profiles according to a predetermined algorithm. Media items may be displayed using scrolling tickers on the television terminal. In one embodiment, a detailed content of a selected media item may be delivered either on the television terminal or on a display of one of the personal mobile device. In another embodiment, scrolling tickers may also be displayed on displays of the personal mobile devices. | 2012-09-20 |
20120240160 | SYSTEM FOR PROVIDING OFFERS USING A BILLING STATEMENT - A billing statement according to one aspect of the invention includes a description of a transaction and an offer pointer associated with the transaction, wherein the offer pointer includes information that may be used to review an offer. In one example of this aspect, a telephone number or a hyperlink is provided adjacent to a total amount owed listed on a statement (e.g., an electronically-displayed billing statement). The offers reviewed may be customized, for example, based on details of the transaction such as the product purchased or the amount of the purchase, the identity of the consumer, and/or on other data. | 2012-09-20 |
20120240161 | GRAPHICAL USER INTERFACE (GUI) CONTROL BY INTERNET PROTOCOL TELEVISION (IPTV) REMOTE INTERNET ACCESS DEVICES - An Internet protocol television (IPTV) system is driven by a graphical user interface (GUI) controlled by an input device attached to an Internet access device that in turn connects to the GUI over IPTV connections. The input device may be a keyboard, smart phone, iPad, mouse, personal computer, laptop, touch screen, or other generic universal serial bus (USB), IEEE 1394 (FireWire), or other connected device. Connection between the input device and the GUI may be either wired (including, but not limited to USB, IEEE 1394, and Ethernet) or wireless (including, without limitation, infrared (IR), radio frequency, or other form of electromagnetic transmission). Regardless of connection method, the input device acts to operate and command the IPTV GUI so as to navigate and control the IPTV. By appropriate GUI implementations, a single input device may be configured to operate one or more windows on one or more display via IPTV connections. | 2012-09-20 |
20120240162 | Content Provision - An apparatus for displaying live television is described in which live television can be received and output to a user on one or more display devices. A user analysis module is configured to acquire data concerning television content being viewed contemporaneously by other users in a network, and the user's set-top-box can output content related to the acquired data to one or more display devices so that it can be viewed by the user. In addition the set-top-box is connected to a server comprising an extractor configured to extract data from the live television. A selection tool is configured to select augmentation content using the extracted data, and the set-top-box is configured to output the selected augmentation content to one or more display devices. | 2012-09-20 |
20120240163 | INSERTING BRANDING ELEMENTS - Techniques are described that permit the flexible introduction of branding elements into or around video rendered by a media player. One or more sets of metadata related to the presentation of branding elements may be collected, and then one or more sets of the metadata may be selected based on business rules when the media player requests a particular piece of content. The selected metadata may indicate what branding element is to be displayed, and how it is to be displayed (e.g., position of element in video rendering window). The media player is then instructed based on the metadata to access and appropriately place the branding elements in or outside of the video rendering window (e.g., overlayed on top of the video content). | 2012-09-20 |
20120240164 | METHOD AND SYSTEM FOR POSITIONING ROW ADVERTISING IN A PROGRAM GUIDE - A method of arranging row ads system within a program guide includes communicating row ad metadata to a user device and communicating program guide information to a user device. The program guide information defines a plurality of rows, wherein at least a first row is associated with a first channel. The method includes associating positioning information with the row ad relative to the first row, populating a second row from the plurality of rows in response to the metadata and displaying the row ad and displaying the first row associated with the first channel within a program guide structure on a display associated with the user device in response to the positioning information. | 2012-09-20 |
20120240165 | Delivering Personalized Media Items to a User of Interactive Television by Using Scrolling Tickers in a Hierarchical Manner - A system and method of delivering a personalized media item to a user of an interactive television is disclosed. The system comprises a television terminal, a computing device and a remote control device. The computing device further comprises a set top box. The computing device may be connected to a server through a communication network. The system stores a personal profile for each of its users. The user's identity is determined after a user switches on the television. Media items organized by media categories are stored in the computing device. A user may select a media item through a hierarchical user interface based upon scrolling tickers on the television terminal. | 2012-09-20 |
20120240166 | METHOD AND SYSTEM FOR MANAGING PROGRAM IN WORD SERVICE OF VIDEO PROGRAM - The present invention claims a method and a system for managing a Program In Word (PIW) service of a video program. The method comprises the steps of: a management platform configuring a sub-program to bear the PIW service for a program provided by the operator, and sending a corresponding relation between the program and the sub-program to an EPG server for storing; the EPG server storing text information input for the program by all users as PIW display information of the corresponding sub-program, and updating the PIW display information in real time; an STB forwarding a PIW service request of a user to the EPG server; according to program information, which is carried in the PIW service request, of a currently playing program, the EPG server obtaining the sub-program corresponding to the currently playing program by inquiry, and then obtaining the PIW display information of the sub-program and sending the PIW display information to the STB; and the STB displaying the PIW display information on a client terminal for the user. The present invention enables the users to submit comments on the program when they are watching it, and the PIW display information can be updated continuously and displayed in real time. | 2012-09-20 |
20120240167 | METHOD AND APPARATUS FOR PROVIDING WIRELESS SERVICE USING SCALABLE VIDEO CODING - A multimedia multicast-broadcast coverage capability is disclosed. The multimedia multicast-broadcast coverage capability is configured to provide wireless service coverage for multimedia multicast-broadcast services within an intended service coverage area including a plurality of wireless service regions. The wireless service coverage may be provided using properties of scalable video coding, where, for a given content item, different encoded layers of the content item are appropriately propagated to all or part of the intended coverage area. In one embodiment, a base encoded layer and one or more higher encoded layers, for providing basic and incrementally better quality versions of the content item, are appropriately propagated toward respective sets of the wireless service regions of the intended coverage area. In one embodiment, multiple encoded layers of lower quality are formed, from a content item of higher quality, and propagated toward each of the wireless service regions of the intended coverage area. | 2012-09-20 |
20120240168 | METHOD FOR PROTECTING SATELLITE RECEPTION FROM STRONG TERRESTRIAL SIGNALS - The present invention concerns an apparatus for protecting a satellite reception system from strong terrestrial signals. A high Q tunable trap is used to help reject strong ATSC signals or other signals that may be present on the input coaxial cable of a satellite receiver that operates in a single-wire multi-switch (SWM) environment. | 2012-09-20 |
20120240169 | Method and System for Satellite Communication - Certain aspects of a method and system for satellite communication are disclosed. Aspects of one method may include a receiver that handles digital broadcasting. The receiver may be enabled to dynamically vary spacing between two or more pilots and/or the size of one or more pilots within at least one frame based on a determined symbol rate. The size of each of a plurality of received programs may be determined and the spacing between two or more pilots may be dynamically varied based on the determined size of each of the plurality of received programs. | 2012-09-20 |
20120240170 | AIRCRAFT COMMUNICATIONS SYSTEM PROVIDING PEDS WITH SATELLITE TV PROGRAMMING CHANNELS AND ASSOCIATED METHOD - A communications system for an aircraft includes an aircraft in-flight entertainment (IFE) system that includes an antenna, a satellite television (TV) receiver connected to the antenna for receiving satellite TV programming channels from at least one satellite TV transponder, and at least one access point in the aircraft configured as a wireless local area network (WLAN) for providing the satellite TV programming channels. At least one personal electronic device (PED) is for receiving the satellite TV programming channels. | 2012-09-20 |
20120240171 | METHOD AND APPARATUS FOR MULTIMEDIA COMMUNICATIONS WITH DIFFERENT USER TERMINALS - Multimedia communications in multimedia communications with different user terminals. Various optimization for the delivery of multimedia content across different channels are provided concurrently to a plurality of user terminals. | 2012-09-20 |
20120240172 | RULES-BASED CONTENT MANAGEMENT - Techniques for rules-based content management are provided. Video on demand content is collected from a variety of sources. Business rules embedded within metadata can be retrieved where the business rules control processing and delivery of the video on demand content. The video on demand content may be selectively packaged in response to the business rules and the metadata to generate packaged video on demand content. A server can distribute the packaged video on demand content to devices. A priority for processing the packaged video on demand content can be based on a quality of service parameter and based on the metadata, the business rules, and a license embedded within the metadata where the license describes the priority. Other embodiments are disclosed. | 2012-09-20 |
20120240173 | VIDEO SIGNAL PROCESSING CIRCUIT AND METHOD APPLICABLE THERETO - A video signal processing circuit includes: a transport stream (TS) decoding unit, decoding a demodulated analog radio frequency (RF) signal for generating a first TS signal; and a TS bit rate control unit, deciding whether to insert a null packet stream into the first TS signal to generate a second TS signal. | 2012-09-20 |
20120240174 | METHOD AND APPARATUS FOR CONFIGURING CONTENT IN A BROADCAST SYSTEM - A method and an apparatus are provided for configuring content in a broadcast system. The method includes encapsulating a plurality of Access Units (AUs) transmitted from a higher layer to generate a Data Unit (DU); rearranging the AUs within the DU; and inserting a header into the DU to transfer the DU to a lower layer. The header includes DU description information and AU structure description information indicating a structure of the plurality of AUs. | 2012-09-20 |
20120240175 | CONTENT RECEIVING APPARATUS, DATA PROCESSING APPARATUS, CONTENT RECEPTION METHOD - According to one exemplary embodiment, a content receiving apparatus includes: a first receiver which receives a first identifier of first content from a first external apparatus; a generator which employs the first identifier to generate a second identifier of second content that corresponds to the first content but has different quality from the first content; a transmitter which transmits a content request including the second identifier to a second external apparatus different from the first external apparatus; and a second receiver which receives data of the second content transmitted from the second external apparatus in response to the content request. | 2012-09-20 |
20120240176 | METHOD AND SYSTEM FOR FEDERATED OVER-THE-TOP CONTENT DELIVERY - A method is provided for managing over-the-top delivery of content through a plurality of content delivery networks (CDN). The method provided works transparently with standard HTTP servers supporting an initial request for content from a client to a first preferred CDN. If the first CDN does not have the content, the method includes provisions for the first CDN to acquire the content from a second CDN, or for the client to request the content from a second CDN directly. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method. | 2012-09-20 |
20120240177 | CONTENT PROVISION - An apparatus for displaying live television is described in which live television can be received and output to a user on one or more display devices. A user analysis module is configured to acquire data concerning television content being viewed contemporaneously by other users in a network, and the user's set-top-box can output content related to the acquired data to one or more display devices so that it can be viewed by the user. In addition the set-top-box is connected to a server including an extractor configured to extract data from the live television. A selection tool is configured to select augmentation content using the extracted data, and the set-top-box is configured to output the selected augmentation content to one or more display devices. | 2012-09-20 |
20120240178 | METHOD AND APPARATUS FOR TRANSPORTING CONTENT - A system that incorporates teachings of the present disclosure may include, for example, a local resource manager server that receives a request to distribute media content, and provides signaling information to a global resource manager server. The global resource manager server can determine a media configuration of a network element based on the signaling information and a media capability of a recipient media processor. The signaling information can be provided to the local resource manager server to enable an initiating media processor to present the media content at the recipient media processor over a virtual private network. | 2012-09-20 |
20120240179 | VIDEO SERVER APPARATUS AND SYNCHRONIZATION CONTROL METHOD - According to one embodiment, a video server apparatus includes a memory, a recorder, a decoder, a controller, a synchronizer, a sync signal transmitter and a time manager. The synchronizer generates sync signals in frame unit. The sync signal transmitter distributes the sync signals generated by the synchronizer in frame unit, to the memory, the recorder, the decoder and the controller. Each of the memory, recorder, decoder and controller includes a time manager. The time manager manages the sync signals distributed. | 2012-09-20 |
20120240180 | SET-TOP BOX, EARPHONE, AND MULTIMEDIA PLAYING METHOD - A set-top box receives a multimedia program from a headend server. The multimedia program includes a video content and a plurality of corresponding audio contents each corresponding to a sign. The set-top box transmits the video content and one of the audio contents to a multimedia playing device. The set-top box connects to each earphone, transmits the signs corresponding to the audio contents to each earphone, and receives one of the signs and the corresponding unique identifier from each earphone. The set-top box transmits one of the audio contents corresponding to the received sign to one of the earphones according to the received corresponding unique identifier. | 2012-09-20 |
20120240181 | TECHNIQUES FOR SECURING A CHECKED-OUT VIRTUAL MACHINE IN A VIRTUAL DESKTOP INFRASTRUCTURE - Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out. | 2012-09-20 |
20120240182 | SECURITY ENFORCEMENT IN VIRTUALIZED SYSTEMS - A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information. | 2012-09-20 |
20120240183 | CLOUD BASED MOBILE DEVICE SECURITY AND POLICY ENFORCEMENT - The present disclosure relates to cloud based mobile device security and policy systems and methods to use the “cloud” to pervasively enforce security and policy on mobile devices. The cloud based mobile device security and policy systems and methods provide uniformity in securing mobile devices for small to large organizations. The cloud based mobile device security and policy systems and methods may enforce one or more policies for users wherever and whenever the users are connected across a plurality of different devices including mobile devices. This solution ensures protection across different types, brands, operating systems, etc. for smartphones, tablets, netbooks, mobile computers, and the like. | 2012-09-20 |
20120240184 | SYSTEM AND METHOD FOR ON THE FLY PROTOCOL CONVERSION IN OBTAINING POLICY ENFORCEMENT INFORMATION - A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. The message is processed using one or more portions of the client identifying information as a unique key identifier. A policy access request is generated, in a second protocol, and includes at least the unique key identifier. The policy access request is sent to a policy server, wherein the policy server is configured to provide policy enforcement information of the client associated with the policy access request. The policy enforcement information is received and one or more policies from the policy enforcement information are enforced to network traffic between the client and the server. | 2012-09-20 |
20120240185 | SYSTEMS AND METHODS FOR PROCESSING DATA FLOWS - A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps. Exposing threats and intrusions within packet payload at or near real-time rates enhances network security from both external and internal sources while ensuring security policy is rigorously applied to data and system resources. Intrusion Detection and Protection (IDP) is provided by a flow processing facility that processes a data flow to address patterns relevant to a variety of types of network and data integrity threats that relate to computer systems, including computer networks. | 2012-09-20 |
20120240186 | SOC-BASED DEVICE FOR PACKET FILTERING AND PACKET FILTERING METHOD THEREOF - Provided is a device including a chip that includes a first storage unit that stores a rule DB for packet filtering, and a firewall engine that allows or blocks transmission of a packet by applying the rule DB; and a rule converter that receives a rule for packet filtering from a user and converts the rule into a format to store the rule in a rule list, wherein the chip receives a rule list converted by the rule converter and stores the rule list in the first storage unit as a rule DB. | 2012-09-20 |
20120240187 | POLICY BASED AUDITING OF WORKFLOWS - An auditing system is disclosed comprising a Policy Validation Mechanism Program (PVMP) that operates in conjunction with a Workflow Engine (WE), and a Policy Validation Server Program (PVSP) that operates on a Policy Validation Server (PVS) connected to the WE by a secure communication link. The PVMP converts a workflow to a workflow representation (WR) and sends the WR to the PVS. The PVSP compares the steps in the WR to a security policy identified for that WR and determines whether the WR is in compliance. In addition, the PVSP validates a checksum for the WR and logs the checksum for subsequent comparisons. The PVSP uses the checksum to determine whether a policy has changed during execution of the workflow. | 2012-09-20 |
20120240188 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR FACILITATING COMMUNICATION IN AN INTEROPERABILITY NETWORK - Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data. | 2012-09-20 |
20120240189 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR FACILITATING COMMUNICATION IN AN INTEROPERABILITY NETWORK - Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data. | 2012-09-20 |
20120240190 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR FACILITATING COMMUNICATION IN AN INTEROPERABILITY NETWORK - Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data. | 2012-09-20 |
20120240191 | WIRELESS DEVICE NEARFIELD SECURITY CONFIGURATION - A joining device is operable to join a wireless network by establishing a nearfield wireless connection between the joining device and an intermediary device, and exchanging identifying information with the intermediary device that enables the joining device to securely join the wireless network. | 2012-09-20 |
20120240192 | USING ENTITLEMENT CERTIFICATES TO MANAGE PRODUCT ASSETS - A server receives a consumer request from a client to access a product repository that is coupled to the server. The consumer request comprises an entitlement certificate and a uniform resource locator (URL). The server identifies at least one extended attribute object identifier in the entitlement certificate to determine whether the client is authorized to access the product repository. The at least one extended attribute object identifier has a corresponding URL in the entitlement certificate that specifies a location of the product repository that the client is authorized to access. The server grants the client access to the product repository based on a determination that the URL in the consumer request matches a URL in the entitlement certificate. | 2012-09-20 |
20120240193 | SYSTEM AND METHOD FOR ASSIGNING PERMISSIONS TO ACCESS DATA AND PERFORM ACTIONS IN A COMPUTER SYSTEM - A method for setting permissions for a group of users of a computer system. The method includes receiving data that defines a role for a first group of users, the role including one or more permissions each defining a permitted activity of the first group of users with respect to data of users in a second group of users, and setting the one or more permissions based on the defined role. | 2012-09-20 |
20120240194 | Systems and Methods for Controlling Access to Electronic Data - Access to an organization's electronic data is controlled by receiving login information for an individual, authenticating the individual based on the received login information, and granting permissions to the authenticated individual for a portion of an organization's electronic data. The granted permissions are associated with rote assignments for the individual, which role assignments are independent of any organizational structure, and may be granted to the individual for more than one role assignment based on the same authenticated login information. Further, an individual may be denied some role assignments to preclude access to certain portions of the organization's electronic data. | 2012-09-20 |
20120240195 | APPARATUS, SYSTEM AND METHOD EMPLOYING A WIRELESS USER-DEVICE - Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction. | 2012-09-20 |
20120240196 | AUTOMATED SNIFFER APPARATUS AND METHOD FOR MONITORING COMPUTER SYSTEMS FOR UNAUTHORIZED ACCESS - An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus includes a processing unit. It includes a wireless network interface device and an Ethernet (or like) wired network interface device that are coupled to the processing unit. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from a wireless access point device that is operational about the selected local geographic region. A code is directed to performing connectivity test using one or more marker packets to determine connectivity status of the wireless access point device to network to be protected from intrusion. Depending upon the embodiment, other codes may exist to carry out the functionality described herein. | 2012-09-20 |
20120240197 | Managing Tethered Data Traffic Over a Hotspot Network - Presented is a system and method for controlling access to a mobile hotspot on a mobile device utilizing a hotspot management application. The method includes detecting unauthorized data traffic over a tethered link between the mobile device and a tethered device by analyzing a signature of the unauthorized data traffic. Analyzing the signature of the unauthorized data traffic may be carried out utilizing a rules engine, where the rules engine is based on one or more carrier controlled tethering policies and one or more user controlled tethering policies. Detecting unauthorized data traffic may further include detecting an unauthorized tethering application on the mobile device utilizing a database of known unauthorized tethering applications. The method further includes controlling the unauthorized data traffic. The method additionally includes redirecting a user of the mobile device to a captive portal for authorized tethering plan support. | 2012-09-20 |
20120240198 | COMPUTERIZED AUTHORIZATION SYSTEM AND METHOD - A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity. | 2012-09-20 |
20120240199 | CONFIDENTIAL PRESENTATIONS IN VIRTUAL WORLD INFRASTRUCTURE - Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture. | 2012-09-20 |
20120240200 | LOCATION-TARGETED ONLINE SERVICES - Described are various implementations of location-targeted online services. When a user accesses the Internet from a supported location, he'll be able to use premium or exclusive online services (premium content, member-only discounts etc.) for free and without going through an elaborate subscription process. The location owner may promote these services before the user enters the location. Example: in addition to mentioning “free Internet”, the hotel owner can attract new customers by mentioning “free Netflix movies” or “free access to premium content, from Zagat reviews to stock reports”. It allows the location owner to utilize a network (WIFI) service provider as a means of increasing its core business and not just as a source of incremental advertisement income. | 2012-09-20 |
20120240201 | System and Method for Providing Multimedia Services - A communications system and method is configured to provide multimedia services utilizing a signaling protocol such as a session initiated protocol (SIP), via a local access network. The method includes providing a local proxy having an internet protocol (IP) address, wherein the local proxy is integrated with the local access network. The method further includes providing a client device having a signaling protocol client, wherein the client device is coupled to a remote access network that is, external to the local access network. Additionally, the method includes initiating a session by the client device accessing the IP address of the local proxy. | 2012-09-20 |
20120240202 | Communication Abuse Prevention - Communication abuse prevention techniques are described. In an implementation, a reputation level for a communication is determined based on relation information for a sender and an intended recipient of the communication. A challenge is invoked that is to be completed by the sender before the communication is sent. The challenge is selected based on the reputation level for the communication. The communication is caused to be available for access based on successful completion of the challenge. Access to the communication is inhibited in response to a subsequent determination of the reputation level that indicates that the reputation level for the communication has changed to a new reputation level prior to the communication being accessed by the intended recipient. The subsequent determination is based on additional information associated with the sender of the communication | 2012-09-20 |
20120240203 | METHOD AND APPARATUS FOR ENHANCING ONLINE TRANSACTION SECURITY VIA SECONDARY CONFIRMATION - The need for secure online transaction on inherently insecure platforms such as PCs and mobile devices is increasing with the widespread adoption of e-commerce and online banking. Providing enhanced security on such platforms is challenging as factors of cost and user convenience are significant barrier to adoption rates. The proposed invention does not require special hardware, operating systems or communication links installed on the client devices. Instead, it makes use of the fact that a large number of consumers already have access to multiple independently operating devices such as PCs and cellular phones. Providing secondary confirmation for secure transactions using a plurality of such devices addresses both the cost and ease-of-use factors. In particular, a secure transaction that is originated on one type of consumer device such as a PC is conducted to require a secondary transaction on a different device such as a mobile phone. This way an attacker faces the much harder problem of synchronously compromising two very different systems to gain control of a particular secure transaction. | 2012-09-20 |
20120240204 | System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication - Systems and methods of authentication according to the invention are provided comprising a user, a service client, a service server, a portable communications device and an authentication server, wherein the method comprises use of one time passwords and out-of-band outbound communication channels. This system gives access to authentication seekers based on OTP out of band outbound authentication mechanism. The authentication seeker or system user scans a multi-dimensional barcode or another like encoding mechanism and validates the client and triggers the out of band outbound mechanism. The portable mobile device invokes the client server to request authentication. The client server authenticates the user based on a shared secret key and the user is automatically traversed to the next page. | 2012-09-20 |
20120240205 | SELECTIVE INTERNET PRIORITY SERVICE - An Internet Priority Service (IPS) provides to authorized users priority access to communication over the Internet during emergencies. Transmission of data packets from an authorized user that accesses the IPS are given priority for transmission over the Internet. The level of priority given to a data packet depends on the type of application associated with the data packet. Each user or group of users may also be given a respective IPS level of priority. Furthermore, for a particular authorized user, access to the IPS may be limited to a specific number of application types, which for example do not have high bandwidth requirements. Assigning different priority levels as a function of application type and user or group of users, and limiting IPS access to specific application types allows efficient methods of emergency communication to be implemented over the Internet during emergencies. | 2012-09-20 |
20120240206 | Configuration of a Data Collection Agent and Its Distribution System - A wireless device user controls participation in a study panel. The device contains a data collection agent installed by the user, the manufacturer, or a distributor. The user enlists in a study panel. The essential steps include: a user obtains a panel identification identity and provides it to a data collection agent; the data collection agent receives the panel identification identity and uses it to initiate the transfer of a data collection profile. Upon receiving the data collection profile, the data collection agent on the wireless device is configured to participate in a specific study. The agent is controlled by the profile to record metrics and user selections, transform the data into a package, and transmit the package to a destination package reception server determined in the profile. | 2012-09-20 |
20120240207 | APPARATUS, METHOD, AND PROGRAM FOR VALIDATING USER - User validation accuracy is improved without inconveniencing a user. When an authentication request packet is received from a terminal and the authentication is successful based on a user ID and a password, an HTTP header, user-agent information, and access source IP address are extracted from the packet, and user authentication is performed by verifying the IP address and the user-agent information against usage history information where at most two sets of the IP address and the user-agent information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information. | 2012-09-20 |
20120240208 | MOBILE TERMINAL APPARATUS - A mobile terminal apparatus checks if a user is a proper user based on the operation of the user and, if the result of authentication is negative, uploads predetermined data, which is part of data stored in a memory, to a predetermined server. After the transmission is completed, the mobile terminal apparatus erases the uploaded data from the memory. It is also possible to instruct the mobile terminal apparatus to upload and erase data from an external source using an electronic mail or a telephone tone signal sequence. This may protect data contained in mobile terminal apparatus that has been lost, from a person who improperly attempts to access the data. | 2012-09-20 |
20120240209 | SECURE INFORMATION DISTRIBUTION BETWEEN NODES (NETWORK DEVICES) - In an embodiment, a method of secure information distribution between nodes, includes: performing a handshake process with an adjacent node to determine membership in a secure group; and distributing secure information to the adjacent node, if the adjacent node is a member of the secure group. In another embodiment, an apparatus for secure information distribution between nodes, includes: a node configured to performing a handshake process with an adjacent node to determine membership in a secure group, and distribute secure information to the adjacent node, if the adjacent node is a member of the secure group. | 2012-09-20 |
20120240210 | SERVICE ACCESS CONTROL - The invention enables a user to use single-sign-on methodologies to obtain access to a service where that user has more than one account. In addition to querying an identity provider to obtain user credentials in the usual way, the invention enables an application to request and obtain further credentials for that user in order to enable the user to gain access to the desired user account. The user may then be prompted to select which of the available accounts should be used at the application. | 2012-09-20 |
20120240211 | POLICY-BASED AUTHENTICATION - A device receives a request to authenticate an end user of a user device based on a requested use of an application by the user device, and communicates with an authentication client, provided in the user device, to perform an authentication requested by the request. The device also generates a response to the request based on the communication with the authentication client, where the response indicates that the end user is or is not authenticated to use the application. The device further provides the response to an application server device hosting the application. | 2012-09-20 |
20120240212 | SYSTEMS AND METHODS FOR GENERATING MODULAR SECURITY DELEGATES FOR APPLICATIONS - Embodiments of the present teachings relate to systems and methods for generating modular security delegates for application instances, including, for example, applications usable on physical machines, virtualized environments, in the cloud, etc. According to embodiments, in a multiple network environment, multiple machines (or clients) can be configured, each having a defined security level. Each machine can include a plurality of application instances and corresponding security delegates for various defined security levels. For example, the defined security levels can be based on various authentication mechanisms, including, Kerberos, NT Lan Manager (NTLM) authentication protocol, secure sockets layer/transport security layer (SSL/TSL), token authentication, virtual private network (VPN), remote access security (RAS), digest authentication, etc. | 2012-09-20 |
20120240213 | GATEWAY DEVICE AND METHOD FOR USING THE SAME TO PREVENT PHISHING ATTACKS - A gateway device that is in electronic connection with at least one client computer, a first domain name system (DNS) server located in a first communication network, and a second DNS server located in a second communication network separated from the first communication network. When a domain name is transmitted to both the first DNS server and the second DNS server, the first DNS server and the second DNS server respectively resolve the domain name into two groups of internet protocol (IP) addresses, and the gateway device compares the two groups of IP addresses with each other to select one of the two groups of IP addresses that is identified as all IP addresses of which are safe, and allows the client computer to access websites within the first communication network via the selected group of IP addresses to prevent the client computer from phishing attacks. | 2012-09-20 |
20120240214 | SYSTEM, METHOD OF AUTHENTICATING INFORMATION MANAGEMENT, AND COMPUTER-READABLE MEDIUM STORING PROGRAM - In response to a service request designating a service identifier, a proxy server reads out at least two processing system identifiers corresponding to the designated service identifier from a first storage unit, and transmits an acquisition request containing the read-out at least two processing identifiers to a management server. The management server acquires respective authentication information items corresponding to the at least two processing identifiers contained in the received acquisition request from a second storage unit, and transmits the acquired authentication information items to the proxy server. The proxy server transmits user authentication requests for respective processing systems containing the received authentication information items to the at least two processing systems, respectively. | 2012-09-20 |
20120240215 | SOC-BASED DEVICE FOR PACKET FILTERING AND PACKET FILTERING METHOD THEREOF - Provided is a device including a chip that includes a firewall engine, and a driver, wherein the driver identifies an owner process of a packet to be transmitted, and transmits the packet to the chip only if the owner process is allowed to transmit the packet to an external device, wherein the chip performs filtering by applying a rule for packet filtering to the packet received from the driver. | 2012-09-20 |
20120240216 | Method for Lawfully Intercepting Communication IP Packets Exchanged Between Terminals - A method for lawfully intercepting communication IP packets exchanged between terminals is provided. The method involves assigning an IP address associated with a telecommunication service provider to, for example, a sending terminal for use as its IP address in communications with a receiving terminal, the telecommunication service provider providing SIP proxy services for establishing communication between the sending and receiving terminals. The communication IP packets are intercepted in such a way that the terminals are unaware of the interception. | 2012-09-20 |
20120240217 | Computer Security - Computer security processes include displaying information elements on a computer display screen. Some of the information elements are mapped to corresponding parameters. The computer security processes also include receiving a selected information element from the information elements displayed on the computer display screen, and determining a value of a parameter associated with the selected information element based on a condition. The value of the parameter is changeable according to changes in the condition. The computer security processes further include comparing the selected information element with the value of the parameter, and upon determining the value of the parameter matches the selected information element, providing a user with access to a system resource. | 2012-09-20 |
20120240218 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR RESUMING A SUSPENDED SESSION - Methods, apparatuses, and computer program products are provided for resuming a suspended session. A method may include determining a presence of a user within a predefined proximity of a workstation. The method may further include, responsive to determining the presence of the user, causing pre-retrieval of stored session state information for a suspended session associated with the user before the user enters credential information for logging onto the workstation. Corresponding apparatuses and computer program products are also provided. | 2012-09-20 |
20120240219 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - When receiving an access request to a resource of a first application from a second application, a resource management unit transfers an authentication result for the first application included in the access request to the first application, and when receiving a determination result on whether access of the second application to the resource is permitted from the first application, the resource management unit returns the determination result to the second application. | 2012-09-20 |
20120240220 | METHOD AND SYSTEM FOR CONTROLLING DATA ACCESS ON USER INTERFACES - A system for controlling access to data at the user interface level includes a device permissions manager to manage user access to data on a device including a device permissions comparator configured to receive a plurality of user profiles corresponding to users in proximity to the device and including user permissions to the data, and to generate a comparison of the user permissions. The device permissions manager also includes a device access controller configured to control access to the data on the device in response to the comparison of the user permissions. | 2012-09-20 |
20120240221 | PROVISIONAL ADMINISTRATOR PRIVILEGES - A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally. | 2012-09-20 |
20120240222 | Methods and systems for preventing security breaches - A security payload is attached to a received binary executable file. The security payload is adapted to intercept application programming interface (API) calls to system resources from the binary executable file via export address redirection back to the security payload. Upon execution of the binary executable file, the security payload replaces system library export addresses within a process address space for the binary executable file with security monitoring stub addresses to the security payload. Upon the binary executable computer file issuing a call to a given API, the process address space directs the call to the given API back to the security payload via one of the security monitoring stub addresses that is associated with the given API. The security payload then can assess whether the call to the given API is a security breach. | 2012-09-20 |
20120240223 | PROCESS AND APPARATUS FOR AUTOMATICALLY IDENTIFYING USER OF CONSUMER ELECTRONICS - A user of a device may be uniquely identified using a metric that is contingent upon the user using the device for its intended purpose without the user having to perform a separate step, function, or operation for the express purpose of identifying the user. Context sensitive content may be provided to or from the device based on the user's patterns of use of the device without requiring the user's personal information. The context sensitive content depends on the user's identity. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. This abstract is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. | 2012-09-20 |
20120240224 | SECURITY SYSTEMS AND METHODS FOR DISTINGUISHING USER-INTENDED TRAFFIC FROM MALICIOUS TRAFFIC - Security systems and methods distinguish user-intended input hardware events from malicious input hardware events, thereby blocking resulting malicious output hardware events, such as, for example, outgoing network traffic. An exemplary security system can comprise an event-tracking unit, an authorization unit, and an enforcement unit. The event-tracking unit can capture a user-initiated hardware event. The authorization unit can analyze a user interface to determine whether the input hardware event should initiate outgoing hardware events and, if so, to create an authorization specific to the outgoing event initiated by the input event. This authorization can be stored in an authorization database. The enforcement unit can monitor outgoing hardware events and block the outgoing events for which no authorization matching the outgoing events are found in the authorization database. | 2012-09-20 |
20120240225 | VERIFICATION APPARATUS AND VERIFICATION METHOD - A verification apparatus for verifying a verified apparatus corresponding to a first apparatus included in a plurality of information processing apparatuses includes a storage and a processor. The storage stores captured data acquired by capturing data transmitted and received among the plurality of information processing apparatuses. The processor receives first data transmitted from the verified apparatus. The first data is destined for a second apparatus included in the plurality of information processing apparatuses. The processor extracts, from the storage, second data transmitted from the second apparatus in response to third data transmitted from the first apparatus to the second apparatus. The third data corresponds to the first data. The processor transmits the extracted second data to the verified apparatus. | 2012-09-20 |
20120240226 | NETWORK ROUTERS AND NETWORK TRAFFIC ROUTING METHODS - A network router comprising a first communication interface for receiving traffic from a first traffic source and a second communication interface for receiving traffic from a second traffic source, a processor and memory. The processor of the router is to execute instructions stored in the memory to forward data traffic received at the first communication interface according to a first routing policy and to forward data traffic received at the second communication interface according to a second routing policy. | 2012-09-20 |
20120240227 | METHODS AND APPARATUS FOR CONDUCTING ELECTRONIC TRANSACTIONS - A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component. | 2012-09-20 |
20120240228 | MULTI-DIMENSIONAL REPUTATION SCORING - Methods and systems for assigning reputation to communications entities include collecting communications data from distributed agents, aggregating the communications data, analyzing the communications data and identifying relationships between communications entities based upon the communications data. | 2012-09-20 |
20120240229 | SYSTEMS AND METHODS FOR LOOKING UP ANTI-MALWARE METADATA - A computer-implemented method for looking up anti-malware metadata may include identifying a plurality of executable objects to be scanned for malware before execution. The computer-implemented method may also include, for each executable object within the plurality of executable objects, assessing an imminence of execution of the executable object. The computer-implemented method may further include prioritizing, based on the assessments, a retrieval order for anti-malware metadata corresponding to the plurality of executable objects. The computer-implemented method may additionally include retrieving anti-malware metadata corresponding to an executable object within the plurality of executable objects based on the retrieval order. Various other methods, systems, and computer-readable media are also disclosed. | 2012-09-20 |
20120240230 | MEMORY STORAGE DEVICE AND MEMORY CONTROLLER AND VIRUS SCANNING METHOD THEREOF - A memory storage device, a memory controller, and a virus scanning method are provided. In the method, a virus signature database recording a predetermined file segment and a corresponding virus signature is provided. A plurality of logical addresses is mapped to a part of a plurality of physical addresses in a rewritable non-volatile memory chip of the memory storage device, a host system accesses the logical addresses by using a file system including a file allocation table (FAT). At lease one binary code is received. The FAT is analyzed to identify a file segment containing the at least one binary code. If the file segment matches the predetermined file segment, the at least one binary code is not written into the memory storage device or transmitted back to the host system when the at least one binary code matches the virus signature corresponding to the predetermined file segment. | 2012-09-20 |
20120240231 | APPARATUS AND METHOD FOR DETECTING MALICIOUS CODE, MALICIOUS CODE VISUALIZATION DEVICE AND MALICIOUS CODE DETERMINATION DEVICE - An apparatus for detecting a malicious code includes: a malicious code visualization device for generating a graph for a malicious file by using strings in the malicious file, a connection among the strings and entropies for the strings and establishing a malicious code database with the generated graph for the malicious file. The apparatus further includes a malicious code determination device for generating a graph for a specific executable file and comparing the graph for the executable file with graphs for malicious files stored in the malicious code database to detect a malicious code in the executable file. | 2012-09-20 |
20120240232 | QUARANTINE NETWORK SYSTEM AND QUARANTINE CLIENT - A quarantine network system includes a quarantine control apparatus and a quarantine client connectable with each other. The quarantine control apparatus includes a receiving unit to receive verification information of the quarantine client, an identification unit to identify a security policy that the quarantine client is required to conform to, and an inspection request unit to transmit an inspection request to the quarantine client, requesting the quarantine client to inspect conformance/non-conformance to the identified security policy. The quarantine client includes a receiver to receive the inspection request from the quarantine control apparatus, a storage unit storable inspection information to inspect conformance/non-conformance to the security policy, a reading unit to read out the inspection information from the storage unit, an inspection unit to inspect the quarantine client using the read-out inspection information, and an inspection result reporting unit to transmit an inspection result to the quarantine control apparatus. | 2012-09-20 |
20120240233 | Method and system for detecting malicious web content - A method for determining whether web content intended for transmission from a second device to a first device via a routing device comprises malware is proposed. The method, to be carried out by the routing device, includes receiving at least a part of the web content from the second device, providing to an antivirus service a representation of N bits of the received part of the web content, and receiving, from the antivirus service, test information based on the representation of the N bits provided by the router and indicating whether the web content may comprise malware. An appropriate representation of the N bits of web content serves as a “fingerprint,” sufficiently identifying the entire piece of the web content for the purpose of determining whether or not this piece of web content may contain malware. | 2012-09-20 |
20120240234 | USB FIREWALL APPARATUS AND METHOD - Apparatus and methods prevent malicious data in Universal Serial Bus (USB) configurations by providing a hardware firewall. A hardware device interconnected between a host and the USB monitors communication packets and blocks packets having unwanted or malicious intent. The device may act as a hub, enabling multiple devices to connect to a single host. The device may only allow mass storage packets from a device recognized as a mass storage device. The device may block enumeration of unwanted devices by not forwarding packets between the device and the host. The device may be operative to assign a bogus address to a malicious device so as not to transfer communications from the device further up the chain to the host. The device may provide shallow or deep packet inspection to determine when a trusted device is sending possible malicious data, or provide packet validation to block packets that are malformed. | 2012-09-20 |
20120240235 | METHODS AND SYSTEMS FOR PROVIDING A FRAMEWORK TO TEST THE SECURITY OF COMPUTING SYSTEM OVER A NETWORK - A security tool can utilize a vulnerability in a computing system or credentials for the computing system to gain access to the computing system. Once access is gained, the security tool can deliver an agent to the computing system. The agent can execute, detected or undetected, on the computing system in order to establish a network link between the computing system and the security tool. Once established, the security tool creates a virtual network interface on the computing system on which it is running and instructs the agent to relay network traffic between the virtual network interface of the computing system executing the security tool and the existing network interfaces of computing system executing the agent. | 2012-09-20 |
20120240236 | CRAWLING MULTIPLE MARKETS AND CORRELATING - A crawler program collects and stores application programs including application binaries and associated metadata from any number of sources such as official application marketplaces and alternative application marketplaces. An analysis including comparisons and correlations are performed among the collected data in order to detect and warn users about pirated or maliciously modified applications. | 2012-09-20 |
20120240237 | SYSTEM AND METHOD FOR IN-PRIVATE BROWSING - A method, system, and computer program product for operating a web browser in an open browsing mode and a private browsing mode. The method may include calculating, by a computer processor, a privacy probability that a website contains information sensitive to the user. The privacy probability may be based, at least in part, on historical use of the private browsing mode by the user. The method may also include comparing the privacy probability to a privacy threshold and automatically switching the browser from the open browsing mode to the private browsing mode for the website if the privacy probability is greater than the privacy threshold. | 2012-09-20 |
20120240238 | System and Method to Govern Data Exchange with Mobile Devices - Techniques for limiting the risk of loss of sensitive data from a mobile device are provided. In one aspect, a method for managing sensitive data on a mobile device is provided. The method includes the following steps. A sensitivity of a data item to be transferred to the mobile device is determined. It is determined whether an aggregate sensitivity of data items already present on the mobile device plus the data item to be transferred exceeds a current threshold sensitivity value for the mobile device. If the aggregate sensitivity exceeds the current threshold sensitivity value, measures are employed to ensure the aggregate sensitivity remains below the current threshold sensitivity value for the mobile device. Otherwise the data item is transferred to the mobile device. | 2012-09-20 |
20120240239 | WIRELESS AD HOC NETWORK SECURITY - Providing network security includes detecting network traffic associated with an ad hoc network that includes a first station and a second station, and preventing data sent by the first station from reaching the second station. | 2012-09-20 |
20120240240 | MONITORING OF DIGITAL CONTENT - The invention refers to monitoring usage of digital content provided from a content provider over a network to a client system. In the client system, a logging agent generates and stores information concerning usage of the digital content individually for each usage to be monitored. The generated information is entered in a usage log, either stored in the client system or at a trusted party. The logged usage information is also authenticated allowing identification of the client using the associated digital content. The entries of the log may include a representation of the content, information about usage quality and/or usage time. The logging agent is preferably implemented in a portable tamper-resistant module, e.g. a network subscriber identity module. The module may be pre-manufactured with the logging agent, or the agent can be downloaded thereto. | 2012-09-20 |
20120240241 | METHOD FOR IDENTITY SELF-VALIDATION, SUITABLE FOR USE IN COMPUTER ENVIRONMENTS OR IN REAL LIFE - A process for validating the identity of individuals and the individuals' belonging to a group, organization or large community of millions of people, as well as within computer environments and in real life, wherein an individual concerned requests the validation of an individual's identity; the individual concerned chooses the validation level wherein he or she seeks to be validated; the requirements are consulted for the individual to validate his or her own identity at the chosen validation level; the individual concerned is informed about the requirements to validate the user's identity; the individual concerned decides whether to continue with the validation process at the chosen level of validation or chooses to change the level of validation; the individual concerned enters data of the individual who will validate his or her own data and data from the individuals, or the verifiers who will validate his or her identity; the verifiers receive a set of validation questions that has to be answered in order to validate the identity of the individual; and the answers from the verifiers are compared with data of the individual who will validate his or her own identity to determine if such answers are satisfactory. | 2012-09-20 |