48th week of 2014 patent applcation highlights part 69 |
Patent application number | Title | Published |
20140351837 | METHODS AND SYSTEMS FOR DISPLAYING CONTEXTUALLY RELEVANT INFORMATION FROM A PLURALITY OF USERS IN REAL-TIME REGARDING A MEDIA ASSET - Methods and systems are described herein for quickly and easily displaying supplemental information about an event occurring in a media asset. In some embodiments, a media application may use a content-recognition module to determine the context of an event and distribute itemized tasks to multiple entities in order to generate the supplemental information about the event. | 2014-11-27 |
20140351838 | SYSTEM AND METHOD FOR PROVIDING A SECURE ACCESS-CONTROLLED ENTERPRISE CONTENT REPOSITORY - The disclosed system provides enables controlling access to content, such as videos, based on authentication information provided by a user of the system. In one embodiment, after authenticating a user, the system provides a database of media, such as corporate training videos, the scope of which is determined based on the identity of the user. The system enables the user to view and provide feedback about videos, such as by indicating a rating of the video and/or providing comments about the video. The system also enables the content provider to specify searchable information for various videos, such as title, creation date, run time, or other appropriate information. The system enables the creator to specify certain metadata about content, to provide further information that can be searched by users of the system. The disclosed system may also enable users to share videos with other users with similar access rights. | 2014-11-27 |
20140351839 | METHOD AND SYSTEM FOR FACILITATING DEMAND-DRIVEN DISTRIBUTION OF CONTENT - Methods and systems for facilitating distribution of content are disclosed. In one example embodiment, a method of facilitating demand-driven population and management of online content within a video-on-demand (VOD) service includes receiving trend information and a link reference at one or more input ports, the reference being at least indirectly indicative of a location at which the content is available, and obtaining and normalizing, by way of one or more processing devices, metadata pertaining to the content. The method further includes determining business rule information pertaining to the content based at least indirectly upon the trend information, content provider policy information, and the normalized metadata, via the processing device(s), and outputting via one or more output ports the business rule information for receipt by the VOD service, whereby availability and prioritization of the content at the VOD service is based at least in part upon the output business rule information. | 2014-11-27 |
20140351840 | FILTERING AND TAILORING MULTIMEDIA CONTENT BASED ON OBSERVED USER BEHAVIOR - A user is given the ability to control the display of content items such as advertisements, by for example skipping over content items that are not of interest. Metadata tags associated with non-skipped viewings of content are stored and tracked. Subsequently, candidate content items are scored according to their metadata tags, giving higher scores to candidate content items associated with higher occurrences of non-skipped viewings. The higher-scoring candidate content items can then be favored over other candidate content items. Thus, based on the choices the user makes with respect to skipping or not skipping particular content items, inferences are made as to the user's level of interest in various subjects, and subsequent content items are delivered in a personalized manner to the user. | 2014-11-27 |
20140351841 | METHODS AND APPARATUS FOR MONITORING AND/OR COLLECTING VIEWERSHIP STATISTICS - Methods and apparatus for collecting program viewership information are described. A viewership monitoring module is provided access to decrypted program content allowing program information to be recovered without having to capture output program content using a microphone or camera. The monitoring module is loaded onto a secure device, e.g., a home network device, such as a router used to deliver content to a secure playback device. Alternatively the secure device which performs the monitoring maybe the secure playback device. Since a user of the secure device or a company implementing the viewership monitoring process loads the monitoring module onto the secure device, the network used to deliver the secure content need not be informed of which network customers are contributing to the viewership information which is being collected. | 2014-11-27 |
20140351842 | METHOD OF COLLECTING USAGE INFORMATION - A method and system for micro-cloud computing is described. An application serving node, which is a specifically configured piece of customer premises equipment such as a set-top box, is the server for a micro-cloud network. Various user devices that form part of the micro-cloud network, such as television sets and smart phones, communicate with the application serving node. The application serving node is configured with software that allows various heterogeneous types of data to be obtained and streamed to the user devices in multiple ways. The application serving node performs much of the processing necessary for such content streaming itself and thus represents an edge-based network architecture. | 2014-11-27 |
20140351843 | SYSTEM TO AVOID VIEWING COMMERCIALS IN REAL TIME - Presented is a system that allows a user who subscribes to the system to avoid viewing commercials with unacceptable content (e.g. alcohol related, sexual content) during real-time television broadcasts. The system has a residential component consisting of a control unit having a user interface a local database and a specialized router, a remote processing component having monitoring stations where the monitored network feeds are processed, and a system DBMS component that stores channel and user information in real time. The control unit is connected to the internet, such as via a wireless connection on the user's network, to retrieve remotely-stored data obtained through monitored network feeds. The control unit retrieves real-time data associated with viewable content and applies logic to switch the viewing channel or signal source for display on the television. The monitored network feeds are viewed on the system's monitoring stations and the earliest feed for each monitored channel determines the channel content. | 2014-11-27 |
20140351844 | Communication Device and Communication Method - According to one embodiment, communication device includes communication module, operation module, image generator, and transmission controller. The operation module receives user operation. The image generator generates a first display image displayed on a display screen of a target device. The transmission controller performs, when there are contents to be transmitted to the target device and requiring copyright protection, controlling so as to generate the first display image comprising the contents to be transmitted and to transmit the generated first display image to the target device in a certain copyright protection system. Further, the transmission controller performs, when there are contents to be transmitted to the target device and requiring no copyright protection, controlling so as to generate the first display image comprising the contents to be transmitted and an image corresponding to the user operation and to transmit the generated first display image to the target device. | 2014-11-27 |
20140351845 | METHODS AND APPARATUS FOR CONTROLLING CONTENT DISTRIBUTION - Methods and apparatus for controlled distribution of program content are described where program content for certain regions may be selectively blocked. The described methods and apparatus allow content distribution to authorized regions while providing control to the content provider to effectively block program content delivery to regions not entitled to receive the program content. | 2014-11-27 |
20140351846 | METHODS AND APPARTUS FOR PROVIDING PARENTAL OR GUARDIAN CONTROL AND VISUALIZATION OVER COMMUNICATIONS TO VARIOUS DEVICES IN THE HOME - Methods and apparatus for providing a supervisor such as a parent or guardian with a way to monitor and control the delivery of content, e.g., video and audio programs, to users of devices within a home. Exemplary embodiments include methods and apparatus for operating a home network monitoring device located in a home including detecting delivery of content to one or more users in the home, storing, in the home, portions of content delivered to a first user, presenting some of the stored portions of content to a person responsible for setting content restrictions applicable to the first user, and subjecting further content delivery to the first user via the home network to restrictions established by the person responsible for setting content restrictions applicable to the first user. Some embodiments also detect and report potential attacks, e.g., cyber attacks, on the home network. | 2014-11-27 |
20140351847 | ELECTRONIC DEVICE, AND METHOD AND STORAGE MEDIUM - According to one embodiment, an electronic device includes a receiver, a transmitter, a management module, and an informing module. The receiver receives a purchase instruction from a user. The transmitter transmits the received purchase instruction to a server via a network. The management module manages a purchase history of the user. The informing module determines, upon receiving the purchase instruction from the user, whether the received purchase instruction satisfies a predetermined condition based on a purchase history of a predetermined period, and sends a message to the user if the purchase instruction satisfies the predetermined condition. | 2014-11-27 |
20140351848 | METHOD, CRYPTOGRAPHIC SYSTEM AND SECURITY MODULE FOR DESCRAMBLING CONTENT PACKETS OF A DIGITAL TRANSPORT STREAM - A method and cryptographic system for descrambling content packets, included within a digital transport stream, having conditional access messages and header data. The method and system require a deciphering algorithm, processed by a descrambler of a multimedia unit, using an initialization vector as a first input and a control word as a second input. The multimedia unit is connectable to a security module for processing the conditional access messages and extracting control words therefrom. The initialization vector, or intermediate data to determine the initialization vector, is the result of a cryptographic function based on at least one variable extracted from the digital transport stream and processed by the security module. | 2014-11-27 |
20140351849 | INFORMATION DISPLAY DEVICE - An information display device includes: a display unit, an information obtaining unit which obtains program-related information related to a video program displayed on a video display device following the video program; and a terminal control unit which causes the display unit to display the program-related information obtained by the information obtaining unit. When the information obtaining unit is unable to obtain first program-related information related to a first video program currently displayed on the video display device following the first video program, the terminal control unit causes the display unit to display (i) second program-related information distributed before the first video program is displayed on the video display device, or (ii) third program-related information related to the second video program displayed before the first video program is displayed on the video display device. | 2014-11-27 |
20140351850 | RETAIL OUTLET TV FEATURE DISPLAY SYSTEM - An automatic feature demonstration mode for TV products that can be used in retail stores. TV features that otherwise would be overlooked by customers or misrepresented by the sales staff are advertised on the TV itself. The system may be used to convey information beyond TV features. | 2014-11-27 |
20140351851 | USE OF MULTIPLE EMBEDDED MESSAGES IN PROGRAM SIGNAL STREAMS - Methods of generating video streams including advertisement information sufficient to support advertisement countdown times and other functions such as advertisement auto pause functions are described. In accordance with various embodiments, advertisement duration is determined from one or more messages included in a video stream, e.g., prior to the corresponding advertising segment. A countdown timer is generated from the advertisement information and displayed along with the content of the advertisement segment. Restrictions for different subscribers may be indicated in the advertisement information messages, e.g., with some end users being permitted to fast forward or skip advertisements with other users being required to allow the full normal playback of one or more advertisement segments. The auto pause function, when activated, pauses an ad segment or set of ad segments at a predetermined time before output of the main program resumes thereby making sure none of the main program is missed. | 2014-11-27 |
20140351852 | INSERTING ADVERTISING CONTENT - Content may be inserted at a duplicating device by inserting advertising content into a duplicated feed, and transmitting the duplicated feed to the terminal. The transmission of the duplicated feed is performed in response to a state of the terminal. | 2014-11-27 |
20140351853 | INSERTING ADVERTISING CONTENT - Content may be inserted at a duplicating device by inserting advertising content into a duplicated feed, and transmitting the duplicated feed to the terminal. The transmission of the duplicated feed is performed in response to a state of the terminal. | 2014-11-27 |
20140351854 | MANAGING SPLICE POINTS FOR NON-SEAMLESS CONCATENATED BITSTREAMS - Receiving a video stream in a transport stream comprising a plurality of compressed pictures, wherein information in the video stream includes plural data fields comprising: a first data field corresponding to a location in the video stream of a potential splice point, wherein the first data field identifies a location in the video stream after the location of the received information; a second data field corresponding to decompressed pictures yet to be output (DPYTBO) by a video decoder at the identified potential splice point (IPSP) when the video decoder decompresses the video stream, wherein the second data field is a number corresponding to the DPYTBO by the video decoder at the IPSP; and a third data field corresponding to pictures with contiguous output times (WCOT), wherein the third field corresponds to a set of pictures WCOT of the DPYTBO by the video decoder at the IPSP. | 2014-11-27 |
20140351855 | METHOD FOR GENERATING AN ON-SCREEN MENU - A method for generating an on-screen menu comprising menu buttons and other menu items, e.g. help text, is characterized in that one or more groups of menu buttons or menu items are defined, wherein a group comprises one or more menu buttons or menu items and has associated a defined area on the screen. A state is assigned to a button, the state being “enabled” or “disabled”, wherein only an enabled button or item may be displayed, and wherein within a group not more than one button or item may be enabled. The state of a button can be changed by commands associated with other buttons. | 2014-11-27 |
20140351856 | VIRTUAL CHANNEL TABLE FOR A BROADCAST PROTOCOL AND METHOD OF BROADCASTING AND RECEIVING BROADCAST SIGNALS USING THE SAME - A virtual channel table for broadcasting protocol and a method for broadcasting by using the virtual channel table includes identification information identifying and permitting discrimination of active and inactive channels contained in the virtual channel table. At a receiver, the virtual channel table transmitted from the transmitting side is parsed, thereby determining whether the current received channel is an active or inactive channel. | 2014-11-27 |
20140351857 | Method, Electronic Program Menu and Processing Device for Displaying Television Program Related Information - The present invention relates to a method for displaying information associated with television program, which includes: fetching a plurality of sequentially arranged program listings and corresponding program notes; generating an electronic program guide according to the program listings and corresponding program notes; and displaying the electronic program guide. The electronic program guide includes a program listing, a program note associated with the program listing, and at least one icon indicating that the user would select to display the previous or the next program listing in the electronic program guide. The present invention further provides an electronic program guide and a processing apparatus for generating the electronic program guide. The electronic program guide can display information associated with TV program in a more intuitive manner. | 2014-11-27 |
20140351858 | Interactive User Interface for Television Applications - An iTV user interface includes a navigable menu area through which a user can select from among a variety of services and a content display area in which formatted data associated with a selected menu service are displayed to the user. The formatted data is displayed in a rotating or ticker fashion having both a passive mode, in which the formatted data is displayed in a sequence independent of any selection operations by a television viewer, and active mode, in which the formatted data is displayed in a sequence that depends on selection operations by the television viewer. Advertisements and/or promotions may be interspersed among the content items. The navigable menu area and the content display area may be displayed to the viewer at the same time as television programming is displayed on the television. | 2014-11-27 |
20140351859 | GUIDE ACQUISITION METHOD IN ABSENCE OF GUIDE UPDATE INFORMATION ON ALL TRANSPONDERS - Guide acquisition method and apparatus for receiving a satellite broadcast stream containing guide data, encapsulating said broadcast stream containing guide data in a network communication protocol, assigning a multicast address to said broadcast stream containing guide data, transmitting said broadcast stream containing guide data, receiving a request for said guide data wherein said request comprises a satellite network identifier and transmitting a said multicast address in response to said request. | 2014-11-27 |
20140351860 | MEDIA SYNCHRONIZATION WITHIN HOME NETWORK USING SET-TOP BOX AS GATEWAY - Techniques disclosed herein include systems and methods for transmitting TV program related content to IP connected devices on a home network, or other local area network. Users can watch television while simultaneously receiving content related to TV programs currently being displayed on a television. TV centric and TV program related content can be transmitted to IP connected devices. Moreover, this TV program related content can be displayed at the same time as a television program is being displayed on a television. As such, the system can provide media synchronization within home network using the set-top box as a gateway for delivering the content. Users can watch TV at home, and at the same time receive TV program related content on a laptop, tablet computer, mobile phone, etc. | 2014-11-27 |
20140351861 | DIFFERENTIATED PSIP TABLE UPDATE INTERVAL TECHNOLOGY - An apparatus, method and data structure for generating at least one table in a broadcast environment, are provided. The apparatus includes a generator to generate an event information table (EIT) and an extended text table (ETT). The ETT has program guide information for an n-hour span and has a transmission interval. The ETT has a transmission interval and program description information according to the EIT. The transmission interval of the EIT is shorter than the transmission interval of the ETT. | 2014-11-27 |
20140351862 | DIFFERENTIATED PSIP TABLE UPDATE INTERVAL TECHNOLOGY - An apparatus, method and data structure for generating at least one table in a broadcast environment, are provided. The apparatus includes a generator to generate an event information table (EIT) and an extended text table (ETT). The ETT has program guide information for an n-hour span and has a transmission interval. The ETT has a transmission interval and program description information according to the EIT. The transmission interval of the EIT is shorter than the transmission interval of the ETT. | 2014-11-27 |
20140351863 | DIFFERENTIATED PSIP TABLE UPDATE INTERVAL TECHNOLOGY - An apparatus, method and data structure for generating at least one table in a broadcast environment, are provided. The apparatus includes a generator to generate an event information table (EIT) and an extended text table (ETT). The ETT has program guide information for an n-hour span and has a transmission interval. The ETT has a transmission interval and program description information according to the EIT. The transmission interval of the EIT is shorter than the transmission interval of the ETT. | 2014-11-27 |
20140351864 | TELEVISION BROADCAST RECEIVER - The control portion of a television broadcast receiver individually processes, in a pseudo manner, a network application as one of choices of an “input target” and/or a “reception channel” and starts up, when the choice of the “input target” and/or the “reception channel” corresponding to the network application is selected, the network application corresponding to the “input target” and/or the “reception channel” that has been selected. | 2014-11-27 |
20140351865 | SYSTEM AND METHOD FOR REAL-TIME COMPOSITE BROADCAST WITH MODERATION MECHANISM FOR MULTIPLE MEDIA FEEDS - A method of operation of a composite broadcast system includes: receiving a client AV stream from a user station and a user profile associated with the client AV stream; receiving a user interaction from the user station; approving the client AV stream for airing based on the user interaction and the user profile; receiving a program AV stream; generating a visualization based on the user interaction and the user profile; and mixing the client AV stream, the program AV stream, and the visualization for broadcasting to multiple devices. | 2014-11-27 |
20140351866 | LIVE EVENT AUGMENTATION - Systems, devices, and methods for live event augmentation are provided. A central server computer system detects intelligent beverage containers at an event. The beverage containers include an integrated electronic display. Extrinsic data is received during the course of the event that is used to generate a message. The message is transmitted to the beverage containers at the event to update the electronic display. The extrinsic data may be related to the event or to an activity occurring separate from the event. The electronic display of the beverage containers may be changed periodically during the event. The beverage containers may be divided into one or more groups based on information stored in a user account associated with each beverage container. Different messages can be sent to the different groups to display different information on the beverage containers of each group. | 2014-11-27 |
20140351867 | ENTERTAINMENT NETWORK FOR PASSENGERS IN A MEANS OF TRANSPORTATION - An entertainment network for passengers in a means of transportation, such as an airplane, having at least one data server for video and/or audio data. A routing device is connected to the data server. The entertainment network has at least one playback device which is provided for a passenger for the duration of a trip in order to play back the audio/video data. The routing device is designed for the wireless broadband transmission of the video/audio data to numerous playback devices simultaneously and in at least two different frequency bands independently of one another. The playback device is designed to only receive the data of a first frequency band, and a second frequency band is designed to be received only by individual passenger terminals, such as notebooks, tablets, or smartphones. The invention likewise relates to methods for transmitting audio/video data to entertain passengers in a means of transportation. | 2014-11-27 |
20140351868 | ON-BOARD COMMUNICATION DEVICES FOR A CAB OF A VEHICLE, EACH WITH A MEDIA SERVER AND A RADIO MODULE BY MEANS OF WHICH THE DEVICES ARE CONNECTED TO ONE ANOTHER IN A WIRELESS FASHION - Embodiments relate to an on-board communication device, a plurality of communication devices, a communication system for a passenger compartment of a vehicle, and/or a vehicle having a passenger compartment and a communication system, wherein the on-board communication device comprises at least one media server and at least one wireless data access point with a radio unit for wireless transmission of media data from the media server of the on-board communication device to at least one passenger device, such as in the passenger compartment, where the on-board communication device has at least one radio module for wireless communication of the on-board communication device with a further on-board communication device. | 2014-11-27 |
20140351869 | MANAGING REMOTE DISTRIBUTION OF CONTENT RECORDED AT A TELEVISION RECEIVER - Various arrangements for providing remote access to locally-recorded television programming is presented. In some embodiments, a DVR is presented that it is configured to receive input indicating a timer for recording a television channel during a time period. The DVR may record television programming on the television channel during the time period indicated by the timer. The television receiver may further receive input indicating the television programming is to be stored remotely. The DVR may transmit the television programming to a media distribution management system via a second network. The DVR may transmit an indication of a user account to the media distribution management system via the second network. | 2014-11-27 |
20140351870 | NUMERIC CHANNEL TUNER AND DIRECTORY SERVER FOR MEDIA AND SERVICES - Embodiments disclosed herein describe an apparatus, method and system for indexing online media content and services into numeric channel numbers and enabling a user device to access such content and services by entering the channel numbers. Embodiments may include a media and services tuner software module that resides on a user device and a directory server. The directory server may include a request module configured to receive a request including instructions to provide users access to content or services. Embodiments may also include a database module configured to determine a uniform resource locator for a server associated with the channel number within the received request. | 2014-11-27 |
20140351871 | LIVE MEDIA PROCESSING AND STREAMING SERVICE - A live media processing and streaming service provides a content provider with media processing and distribution capabilities for live events. The service provides capabilities for capturing a live event, configuring programs from the live event, formatting the programs into a mezzanine format suitable for streaming, storage of the presentation manifest and fragments corresponding to a program into a cloud storage, and distribution of the presentation manifest and fragments to media consumers in real time. | 2014-11-27 |
20140351872 | DECENTRALIZED MEDIA DELIVERY NETWORK - A decentralized approach to delivering a media file to a requesting subscriber in a network of subscribers comprises the steps of segmenting the media file into a plurality of segments and distributing the segments of the media file among the network of subscribers, and responding to a request from the requesting subscriber by directing to that requesting subscriber al of the plurality of segments of the media file. All of the segments are assembled into the media file and displayed or stored by the requesting subscriber. | 2014-11-27 |
20140351873 | METHOD OF PROCESSING NON-REAL TIME SERVICE AND BROADCAST RECEIVER - A method of processing a non-real time service of a broadcast receiver includes receiving a signaling information table including additional information on contents configuring a non-real time service and a content identifier for each content, acquiring the additional information on contents and the content identifier for each content from the signaling information table, storing contents being downloaded through a FLUTE or an internet in a storage medium, based upon the additional information on contents and the content identifier for each content, and displaying a list of recordings including the contents stored in the storage medium. | 2014-11-27 |
20140351874 | METHOD AND APPARATUS FOR TRANSMITTING MEDIA DATA FOR MMT SYSTEM, AND APPARATUS AND METHOD FOR RECEIVING MEDIA DATA - Provided are a method and apparatus for transmitting and receiving media data, which can provide D-layer timing information, which is transmitted from a media transmission service based on an MMT system and required for timely synchronization playout time of the media and media. The apparatus for transmitting the media data comprises a packetizer for generating a delivery layer packet (D-layer packet), which packetizes encapsulation layer data (E-layer data) to include timing information, wherein the timing information comprises sampling time information and transmission process delay information. | 2014-11-27 |
20140351875 | System and Method for Supporting Multiple Identities for a Secure Identity Device - A multiple-identity secure device (MISD) persistently stores a single identification code (a “seed identity”). The seed identity need not be a network address, and may be stored in an integral memory of the device, or on an interchangeable card received in a physical interface of the MISD. The MISD is provided with a transformation engine, in hardware or software form, that is subsequently used to generate one or more unique identities (e.g., network addresses) from the stored seed identity using predefined logic. The generated identities may be dynamically generated, e.g., in real-time as needed after deployment of a device into possession of a subscriber/customer/user, etc., or may be securely stored in the MISD for subsequent retrieval. The transformation engine may generate a unique identity in accordance with an addressing scheme identified as a default setting, a global/network setting, or as determined from a received data transmission. | 2014-11-27 |
20140351876 | BROADCAST RECEIVER AND COMPUTER PROGRAM PRODUCT - According to one embodiment, a broadcast receiver has a receiving module, a display controller and an output module. The output module is configured to output, when a first display module changes from a first state where a first video image is displayed to a second state where a second video image is displayed, first instruction to at least a first information processor configured to switch a second display module of the first information processor from a third state where first content is displayed to a fourth state where second content is displayed and configured to maintain a third display module of a second information processor in the third state. The first and second content are based upon the first and second video images, respectively. | 2014-11-27 |
20140351877 | SERVICE USAGE REPORTING DATA TRANSPORT - Methods, apparatuses, and non-transitory computer-readable storage mediums for providing and/or processing service usage reporting data. The reception apparatus includes a receiver, a parser, and a processor. The receiver receives closed caption service data. The closed caption service data includes closed caption data within a first service block having a service number in the range of 1-6, and the service usage reporting data within a second service block having a different service number in the range of 1-6. The closed caption data includes closed caption text. The parser parses the service usage reporting data within the second service block having the different service number in the range of 1-6. The processor provides service-usage information to a service-usage reporting server (SURS) based on the service usage reporting data. | 2014-11-27 |
20140351878 | LOCATION-AWARE RATE-LIMITING METHOD FOR MITIGATION OF DENIAL-OF-SERVICE ATTACKS - A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component. | 2014-11-27 |
20140351879 | ELECTRONIC APPARATUS, CONTROL METHOD AND STORAGE MEDIUM - According to one embodiment, an electronic apparatus includes a multiuser function. The apparatus includes a manager and controller. The manager is configured to provide an environment for restricting a process executable by the apparatus. The controller is configured to detect a request to execute the process, and to transmit contents related to the request to the manager prior to the execution of the process. The manager is configured to transmit a determination result to the controller based on a policy applied to each user and indicative of permission or prohibition of the execution of the process. | 2014-11-27 |
20140351880 | Method of Seamless Policy Based Network Discovery, Selection and Switching - The present invention relates to a method for seamless policy based network discovery, selection and switching of a user equipment (UE), characterised by the steps of: retrieving existing network selection policy information for current UE location; contacting network policy control server of current UE location; performing network authentication procedure with the network policy control server; securing communication channel between the UE and the network policy control server; requesting a network selection policy information; storing the network selection policy information; extracting the network selection policy information; evaluating a first set of UE local operating environment conditions; provisioning the plurality of sets of access point security information on UE; evaluating a second set of UE local operating environment conditions; performing network switch; evaluating a third set of UE local operating environment conditions; establishing a wireless local area network (WLAN) interworking procedures; diagnosing the quality of service of connected network connection. | 2014-11-27 |
20140351881 | PREMISES AWARE SECURITY - Premise-based policies can be applied in the management of mobile devices and other computing devices within a system. A computing device is detected using close proximity wireless communication and location information is sent to the computing device using close proximity wireless communication. Policies applied to the computing device can be based at least in part on the location information. | 2014-11-27 |
20140351882 | SYSTEMS AND METHODS FOR THE RAPID DEPLOYMENT OF NETWORK SECURITY DEVICES - A configuration service comprises a deployment package and a production configuration for a network security device. One or more configuration parameters of the production configuration may be defined by an administrator of the network security device (e.g., the customer). The network security device may be preconfigured with a network address and identifier. The network security device may be configured to automatically request and apply the deployment package at deployment time by use of the preconfigured network address and identifier. The network security device may automatically request and apply the production configuration from the configuration service in response to applying the deployment package. | 2014-11-27 |
20140351883 | E-MAIL FIREWALL WITH POLICY-BASED CRYPTOSECURITY - An e-mail firewall applies policies to e-mail messages between a first site and second sites in accordance with administrator selectable policies. The firewall includes a simple mail transfer protocol relay for causing the e-mail messages to be transmitted between the first site and selected ones of the second sites. Policy managers enforce-administrator selectable policies relative to one or more of encryption and decryption, signature, source/destination, content and viruses. | 2014-11-27 |
20140351884 | DATA MAPPING USING TRUST SERVICES - Embodiments are directed to mapping encryption policies to data stored in a database using a policy identifier, and to accessing data stored in a database using a policy identifier. In one scenario, a computer system receives an indication that identifies which type of encryption is to be applied when encrypting a specified portion of data stored in a database. The database has a database schema identified by a database schema identifier, where the database schema defines relationships for data stored in the database. The computer system then accesses a namespace that identifies a set of databases in which the specified portion of data is accessed in the same manner. The computer system also generates a policy identifier, which contains information including the namespace and the database schema identifier. | 2014-11-27 |
20140351885 | CONTROL OF SIMPLE NETWORK MANAGEMENT PROTOCOL ACTIVITY - A server system may be configured to receive configuration information. The server system may also be configured to determine if the configuration information includes SNMP configuration information. The server system may be further configured to disable SNMP activity and close an SNMP port if it determines that the configuration information does not include SNMP configuration information. Therefore, in the absence of any configuration information which specifies that SNMP should be available, SNMP activity is disabled and the SNMP port is closed. | 2014-11-27 |
20140351886 | METHODS AND APPARATUSES FOR PROTECTING POSITIONING RELATED INFORMATION - Various methods, apparatuses and articles of manufacture are provided which may be implemented to authenticate the provider of a positioning engine provisioned within a mobile station to enable the positioning engine to obtain and use protected positioning assistance data. In certain examples, a relationship between the provider of a location server and the provider of a positioning engine provisioned within a mobile station may be authenticated, and protected positioning data may be obtained from said positioning engine by said location server. | 2014-11-27 |
20140351887 | Authentication Method and Device for Network Access - Embodiments of the present invention disclose an authentication method and device for network access. In the authentication method for network access in the embodiments, a first radio access network device establishes a data transmission channel of a first radio access network with a user equipment, obtains identification information of the user equipment in a second radio access network, and generates authentication information which is of the second radio access network and corresponds to the identification information, where the authentication information includes authentication information which is of the second radio access network and is for the user equipment and a second radio access network device to use; and sends the authentication information for the user equipment to use to the user equipment, and send correspondence between the identification information and the authentication information for the second radio access network device to use to the second radio access network device. | 2014-11-27 |
20140351888 | COMMUNICATION ACCESS CONTROL SYSTEM - A communication access control system includes a messaging service facility and a computing system. The computing system has a permanent memory and hosts a plurality of access control cells (each having an input and an output address); a messaging service to send messages between at least some of the access control cells; and a control service to define a link. The link is selected from a C-link, an F-link, and a Q-link. The C-link connects the output address of a first read-write cell of the access control cells to the input address of a second read-write cell of the access control cells. The F-link connects a forwarder address to the input address of at least one of the access control cells. The Q-link connects the output address of at least one of the access control cells to a queue address. | 2014-11-27 |
20140351889 | SANDBOX TECHNOLOGY BASED WEBPAGE BROWSING METHOD AND DEVICE - The invention discloses a sandbox technology based webpage browsing method and device. The method comprises: upon receiving an instruction for webpage browsing in a sandbox, starting a framework process outside the sandbox, so that an operation incurred in the framework process is processed outside the sandbox; intercepting a browser process created by the framework process and putting the browser process into the sandbox, so that a webpage access result is saved in a specified directory in the sandbox, and/or a script in the webpage runs in a virtual environment of the sandbox. The present invention not only ensures the convenience of user operations, but also meets the security requirement for webpage access. | 2014-11-27 |
20140351890 | Systems and Methods for Publishing Datasets - Systems and methods for publishing datasets are provided herein. According to some embodiments, methods for publishing datasets may include receiving a request to publish a dataset to at least one of an internal environment located within a secured zone and an external environment located outside the secured zone, the request comprising at least one selection criteria, selecting the dataset based upon the at least one selection criteria, the dataset being selected from an index of collected datasets, and responsive to the request, publishing the dataset to at least one of the internal environment and the external environment. | 2014-11-27 |
20140351891 | COOPERATIVE DATA ACCESS REQUEST AUTHORIZATION IN A DISPERSED STORAGE NETWORK - A method begins by storage units of a set of storage units receiving an access request regarding a set of encoded data slices from a user device. The method continues with a storage unit interpreting to determine whether the user device is authorized to access the set of encoded data slices. When the storage unit determines that the user device is authorized to access the set of encoded data slices as requested in the access request, the method continues with the storage unit sending a message to proceed with responding to the access request to the other storage units. When the storage unit determines that the user device is not authorized to access the set of encoded data slices as requested in the access request, the method continues with the storage unit sending a message to disregard the access request to the other storage units. | 2014-11-27 |
20140351892 | DATA DRIVEN ROLE BASED SECURITY - Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access. | 2014-11-27 |
20140351893 | MANAGING HARDWARE REBOOT AND RESET IN SHARED ENVIRONMENTS - In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine. | 2014-11-27 |
20140351894 | TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE - Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment. | 2014-11-27 |
20140351895 | METHOD AND APPARATUS FOR PROCESS ENFORCED CONFIGURATION MANAGEMENT - A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems. | 2014-11-27 |
20140351896 | HEAD-MOUNTED DISPLAY APPARATUS WITH ENHANCED SECURITY AND METHOD FOR ACCESSING ENCRYPTED INFORMATION BY THE APPARATUS - There are provided a head-mounted display (HMD) apparatus and a method for accessing encrypted information by the apparatus, in which the head-mounted display apparatus with enhanced security according to an embodiment of the present invention includes a biometric information input unit that receives biometric information of a user; a communication module that transmits or receives information to or from a server; a memory that stores encrypted information; a processor that transmits the biometric information received through the biometric information input unit to a user authentication server through the communication module, receives access privilege information from the user authentication server, and decrypts the encrypted information stored in the memory based on the received access privilege information; and a display unit that displays the decrypted information through the processor. By decrypting information encrypted by a head-mounted display apparatus with enhanced security, even though the encrypted information is exposed, it is possible to prevent the information from being decrypted. | 2014-11-27 |
20140351897 | APPARATUS AND METHODS FOR DEVICE AUTHORIZATION IN A PREMISES NETWORK - Apparatus and methods for enabling protected premises networking capabilities. In one embodiment, a white list of devices authorized to access a premises network and a black list of device not authorized to access a premises network are utilized. The black and white lists may be stored at a database in communication with an authorization manager or may be stored at the manager itself. When a client device is connected to a premise, the manager determines, based on the premises and/or device identity, whether the device is entitled to access. The authorization manager makes this determination based on whether the device is on the white or black list. If the device is on neither list, the manager may add the device to the white list upon appropriate verification. The manager may also facilitate removal of a device from the white list to the black list upon request or automatically. | 2014-11-27 |
20140351898 | METHOD AND APPARATUS FOR IDENTITY FEDERATION GATEWAY - Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified. | 2014-11-27 |
20140351899 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER OF A COMPUTER APPLICATION, NETWORK, OR DEVICE USING A WIRELESS DEVICE - A method and system for authenticating a user includes providing an invocation element capable of being activated by a single user action, receiving an indication that the invocation element has been activated, obtaining a location of a wireless device associated with the user, determining whether the wireless device is associated with an authorized user, approving the user to use the application based on a predetermined location criterion, and producing an indication that the user has been authenticated. | 2014-11-27 |
20140351900 | LOCAL PROXY SYSTEM AND METHOD - A local proxy system includes a storage device having a local proxy and a physical port connection. The local proxy is part of a split proxy configuration having a local proxy and a remote proxy. The physical port connection is operative to receive commands from a host via an internet application protocol; and to transmit commands to the host via a modem control protocol, to thereby function as a gateway for conveying these commands to a remote proxy, via the host. Also provided is a method of optimizing communication over a network; and a local proxy system that includes a storage device having a local proxy. The storage device is in connection with a host via a physical port connection complying with a standard storage device interface. | 2014-11-27 |
20140351901 | SYSTEMS AND METHODS FOR PAIRING BLUETOOTH DEVICES - Embodiments of software-supervised pairing processes are provided. The processes enable a user to pair a mouse and keyboard with a Bluetooth transceiver without having to use a second mouse and keyboard. At least two separate processes are provided, including a long transition for initial pairing or re-pairing and a short transition for re-establishing a connection after devices have already been paired. | 2014-11-27 |
20140351902 | APPARATUS FOR VERIFYING WEB SITE AND METHOD THEREFOR - Disclosed are an apparatus and a method for verifying a web site by using a mobile terminal. A method, performed in a server verifying a web site, comprises receiving a message requesting verification on truth or falsehood of a web site which an access terminal accesses from the access terminal; processing the web site based on an Uniform Resource Location (URL) of the web site according to the message; generating verification information for verifying truth of falsehood of the web site based on the URL of the web site, and transmitting the verification information to a mobile terminal; and receiving verification result information on the web site which is generated in the mobile terminal based on an image of the web site and the verification information, and transmitting the verification result information to the access terminal. | 2014-11-27 |
20140351903 | AUTHENTICATION MECHANISM - A method is provided in which both device application and service capability portions of a machine-to-machine (M2M) device can be authenticated to the M2M platform. First, the service capability portion of the M2M device is authenticated at an M2M platform; at this stage, the M2M device enters a partially authenticated state. Next, the device application portion is authenticated at a network application of a M2M system. The M2M platform is informed of the authentication of the device application in order for the M2M device to move from the partially authenticated state to a fully authenticated state. | 2014-11-27 |
20140351904 | METHOD FOR PAIRING ELECTRONIC APPARATUSES - A method of pairing a first item of equipment, termed an initiating equipment desiring to transmit and receive data with a second item of equipment, termed an accepting equipment. The method includes: generating a pairing code; restoring, in the form of a first symbol, the paring code by the accepting equipment; acquiring the first symbol by the initiating equipment; and decoding the first symbol acquired delivering the pairing code. | 2014-11-27 |
20140351905 | Ensemble Computing - Described herein are methods, systems, and computer program products for seamless interoperability between multiple computing nodes. A server computing device receives, from a first computing node in a plurality of computing nodes, a message for transmission to one or more other computing nodes, the message generated by the first computing node based upon application-specific instructions from a first application on the first computing node, where the plurality of computing nodes is defined as a virtual network at the server computing device and each computing node includes an ensemble module for communicating with the server. The server determines one or more other computing nodes in the virtual network to receive the message. The server transmits the message to the determined one or more other computing nodes, where each of the destination computing nodes formats the message into application-specific instructions for a second application on the determined node. | 2014-11-27 |
20140351906 | STORAGE GATEWAY ACTIVATION PROCESS - Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider. | 2014-11-27 |
20140351907 | CREDENTIAL AUTHENTICATION SYSTEM AND METHODS OF PERFORMING THE SAME - A personal credentialing system including an information gathering unit that gathers information from a subscriber. A credential analysis unit configured to gather additional information pertaining to the subscriber based on the information gathered by the information gathering unit, store the additional information in a storage unit, categorize the additional information based on predefined criteria, assign an indicator to the additional information based on categorization of the additional information, and stores the additional information and indicators. A credential access unit that receives requests for access to view the indicators and stored additional information from a third party. A credential display unit that displays the indicators and stored additional information after the credential access unit authorizes a request to view the stored additional information. Methods of verifying a person's credentials, conveying personal credential information, and preventing fraudulent on-line postings. | 2014-11-27 |
20140351908 | METHOD OF PAIRING AN ELECTRONIC APPARATUS AND A USER ACCOUNT WITHIN AN ON-LINE SERVICE - The present invention relates to the field of methods for pairing an electronic apparatus and a user account within an online service. The invention describes a method of pairing in which the fleet management service generates a short identifier which it provides to the electronic apparatus during the initialisation phase. The apparatus displays said identifier. The user copies this identifier into the interface for accessing the portal of the online service. The online service can then provide an association between this identifier and a user account to the fleet management service. The code generated being displayed in a readable manner and being shorter than a serial number, its copying by the user is facilitated and the risk of transcription error is minimized. | 2014-11-27 |
20140351909 | AUTHENTICATION RISK EVALUATION - A computer is configured to receive an authentication request that identifies one or more authentication form factors, and for each form factor identified, further identifies at least one parameter. The computer is further configured to generate a risk score for the authentication request using the parameter, the risk score being based at least in part on a complexity associated with each of the one or more authentication form factors. The computer is further configured to provide the risk score to a requester. | 2014-11-27 |
20140351910 | Authorizing Access by a Third Party to a Service from a Service Provider - Systems and methods are provided for authorizing third-party access to a specific service from a service provider. In an example embodiment, a server system identifies a shared service from multiple services provided by the server system. The shared service is specified by an authorizing entity. The server system provides a credential associated with the shared service and the authorizing entity. The server system receives a request to access the shared service from a requesting entity that is separate from the authorizing entity. The server system verifies that the request includes the credential and that the credential is associated with the shared service and the authorizing entity. The server system provides access to the shared service to the requesting entity based on verifying that the request includes the credential. The requesting entity is restricted to accessing the shared service identified by the credential as authorized by the authorizing entity. | 2014-11-27 |
20140351911 | SECURE AUTHORIZATION SYSTEMS AND METHODS - Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication processes. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider. | 2014-11-27 |
20140351912 | TERMINAL IDENTIFICATION METHOD, AND METHOD, SYSTEM AND APPARATUS OF REGISTERING MACHINE IDENTIFICATION CODE - A terminal identification method, a machine identification code registration method and related system and apparatus are disclosed. After receiving a first request for which signature or certificate verification is to be performed from a terminal, a service network obtains a signature or certificate of a trusted party for a machine identification code identifier of the terminal from the first request, wherein the machine identification code identifier being an identifier allocated by the trusted party to the machine identification code of the terminal. The service network verifies the obtained signature or certificate, and if a verification result indicates legitimacy, identifies the terminal using the machine identification code identifier obtained from the signature or certificate. The present disclosure further provides a trusted party and a method of registering a machine identification code by the trusted party. The present scheme can efficiently realize terminal identification, occupy fewer resources and facilitate better privacy protection. | 2014-11-27 |
20140351913 | Verifying User Information - A computer is configured to impose an access restriction based upon user-provided information, such as a user's birthdate. In order to enforce such a restriction, the computer requests from a user an image of a valid identity document associated with the user, such as a valid driver's license. In response to receiving such an image from the user, the computer performs an image analysis on the image to extract user information. The computer might extract the user's name, address, birthdate, driver's license number, and/or other information from the image for instance. The computer may utilize the extracted information to determine whether the user should be granted access. The computer may determine based upon the extracted information, for instance, whether the age of the user is greater than a minimum age required to access the computer. The computer may be configured to restrict access to a Web site in this manner. | 2014-11-27 |
20140351914 | Identity Verification for Online Education - Performing identity verification for online education is disclosed. In response to receiving a notification of a submission event, a user is prompted to provide authentication information including at least one of a plurality of types of information. Authentication information received is compared to at least a portion of stored enrollment information associated with the user with which the received authentication information is associated. The stored enrollment information includes at least two different types of information collected during an enrollment phase, including the at least one type of information solicited during the user prompting. In the event that matching criteria are met based at least in part the comparison a first action is performed. In the event that matching criteria are not met based at least in part on the comparison, a second action that is different from the first action is performed. | 2014-11-27 |
20140351915 | METHOD AND APPARATUS FOR PROVIDING AN AUTHENTICATION CONTEXT-BASED SESSION - An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session. | 2014-11-27 |
20140351916 | ELECTRONIC DEVICE AND MONITORING METHOD - An electronic device establishes a communication connection with a server. The electronic device determines if the electronic device comprises other communication connections. The electronic device notifies the server to terminate the communication connection with the electronic device when the electronic device comprises other communication connections. | 2014-11-27 |
20140351917 | PROVISIONING NETWORK ACCESS THROUGH A FIREWALL - A method may include determining one or more rules and communicating the one or more rules to a firewall, where the firewall receives a data unit and determines, based on the one or more rules, whether to forward the data unit to a destination address; receiving a redirection of a device from the firewall when the firewall determines not to forward the data unit to the destination address; receiving an indication that the firewall did not forward the data unit to the destination address; and determining a new rule to allow the firewall to forward the data unit to the destination address and communicating the new rule to the firewall; and redirecting the device to the destination address. | 2014-11-27 |
20140351918 | POLICY-BASED CONTENT FILTERING - Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall maintains multiple configuration schemes, each defining a set of administrator-configurable content filtering process settings. The firewall also maintains a security policy database including multiple firewall security policies. At least one of the firewall security policies includes an associated configuration scheme and an action to take with respect to a particular network session based on a set of source Internet Protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol. Policy-based content filtering of network sessions is performed by: (i) identifying a firewall security policy matching traffic associated with the network session; (ii) identifying content filtering processes to be performed on the traffic based on the configuration scheme associated with the matching firewall security policy; and (iii) applying the identified content filtering processes to the traffic. | 2014-11-27 |
20140351919 | Automated Hybrid Connections Between Multiple Environments In A Data Center - A multi-tenant data center environment includes a dedicated domain having at least one dedicated server associated with a client and a cloud domain having at least one cloud server associated with the client. The cloud server may have a public interface to a public network and a private interface to a private network. In turn, a network device is coupled between the dedicated domain and the public network, and is further coupled to the cloud server via the private network. A controller of the data center may be used to determine presence of the cloud server, and configure the network device to allow certain traffic to pass directly to the dedicated domain, while preventing other traffic from this direct path, based on access controls of the network device. | 2014-11-27 |
20140351920 | Method and Apparatus for Dynamic Tunneling - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 2014-11-27 |
20140351921 | Method and Apparatus for Remotely Manageable, Declaratively Configurable Data Stream Aggregator with Guaranteed Delivery for Private Cloud Compute Infrastructure - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 2014-11-27 |
20140351922 | Method and Apparatus for Remotely Manageable, Declaratively Configurable Data Stream Aggregator with Guaranteed Delivery for Private Cloud Compute Infrastructure - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 2014-11-27 |
20140351923 | Method and Apparatus for Remotely Manageable, Declaratively Configurable Data Stream Aggregator with Guaranteed Delivery for Private Cloud Compute Infrastructure - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 2014-11-27 |
20140351924 | METHOD AND SYSTEM FOR PROVIDING LIMITED SECURE ACCESS TO SENSITIVE DATA - An approach is provided for enabling limited secure access to sensitive data by an authorized requestor. A request is received for access to data maintained at a primary data center of a secure private network from an authorized requestor. A subset of the data is then determined to be transmitted to a secure data store associated with the requestor through a private firewall of the primary data center based on the request type and the authorization of the requestor. Transmission of a subset of the data is then initiated from the secure data store to the requestor in encrypted form. | 2014-11-27 |
20140351925 | SECURITY FOR REMOTE ACCESS VPN - Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection. | 2014-11-27 |
20140351926 | ATHENTICATION OF DEVICE USERS BY GAZE - A method includes obtaining a gaze feature of a user of a device, wherein the device has already been unlocked using a second feature, the gaze feature being based on images of a pupil relative to a display screen of the device, comparing the obtained gaze feature to known gaze features of an authorized user of the device, and determining whether or not the user is authorized to use the device based on the comparison. | 2014-11-27 |
20140351927 | ACCESS CONTROL FOR WIRELESS DOCKING - In one example, a method includes receiving, by a wireless docking center (WDC) and from a wireless dockee (WD), a request to access one or more peripheral functions (PFs) associated with the WDC, and receiving, by the WDC and from the WD, one or more authentication credentials. In this example, the method also includes determining, by the WDC, whether or not the one or more authentication credentials received from the WD grant access to the one or more PFs to which the WD requests access. In this example, the method also includes permitting, by the WDC, the WD to access a first PF of the one or more PFs to which the WD requests access in response to determining that the one or more authentication credentials grant access to the first PF. | 2014-11-27 |
20140351928 | SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO AN ELECTRONIC DEVICE - A method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match. When authenticating the user, the method and system consider the possibility of the user being legitimate but subject to duress or force by a computer hacker. | 2014-11-27 |
20140351929 | METHOD AND SYSTEM FOR MITIGATING INTEREST FLOODING ATTACKS IN CONTENT-CENTRIC NETWORKS - One embodiment of the present invention provides a system for mitigating interest flooding attacks in content-centric networks (CCNs). During operation, the system receives, at a physical interface of a router, an interest packet; obtains current interest satisfaction statistics associated with the physical interface; and determines whether to forward or drop the interest packet based on the current interest satisfaction statistics. | 2014-11-27 |
20140351930 | GENERIC PRIVILEGE ESCALATION PREVENTION - An apparatus, method, computer readable storage medium are provided in one or more examples and comprise accessing an application, identifying an access token of the application, determining if the access token is a system token, and responsive to the access token failing to be a system token, enabling a runtime module. | 2014-11-27 |
20140351931 | METHODS, SYSTEMS AND MEDIA FOR DETECTING NON-INTENDED TRAFFIC USING CO-VISITATION INFORMATION - A non-transitory processor-readable medium is provided that stores code representing instructions to be executed by a processor to receive data associated with access by a first plurality of entities to a first website location and to receive data associated with access by a second plurality of entities to a second website location. The processor is also caused to define a co-visitation factor for each of the first website location and the second website location based on the received data. The processor is also caused to, if the co-visitation factor of the first website location and/or the co-visitation factor of the second website location is over a predefined threshold, select the first website location and/or the second website location as target website locations. The processor is caused to send a signal to set a flag associated with each target website location indicating the target website location as a suspicious website location. | 2014-11-27 |
20140351932 | SYSTEMS AND METHODS FOR BROADCAST WLAN MESSAGES WITH MESSAGE AUTHENTICATION - Systems, methods, and devices for multicast wireless local area network messages with message authentication are contained herein. The method includes determining a message integrity check value for each of a plurality of wireless devices. The method further includes transmitting a multicast packet to each of the plurality of devices on a wireless local area network, the multicast packet including an indication of each of the plurality of devices and the message integrity check value for each of the plurality of devices. | 2014-11-27 |
20140351933 | SYSTEM AND METHOD FOR INSPECTING HARMFUL INFORMATION OF MOBILE DEVICE - Disclosed herein are a system and a method for inspecting harmful information of a mobile device capable of temporarily stopping an automatic access to a web site using access information for accessing a web site when the access information is obtained from various paths through a mobile device, requesting an inspecting server to inspect whether or not the corresponding web site includes harmful information, and receiving and displaying an inspection result in response to the request. | 2014-11-27 |
20140351934 | METHOD AND APPARATUS FOR DETECTING MALWARE AND RECORDING MEDIUM THEREOF - A method of detecting malware in a terminal, the method including: generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals; clustering the plurality of generated virtual machines into groups based on respective profile information of each terminal of the plurality of terminals; and in response to the malware being detected in a first terminal among the plurality of terminals, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine, via the second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as a first virtual machine. | 2014-11-27 |
20140351935 | METHOD, APPARATUS AND VIRTUAL MACHINE FOR DETECTING MALICIOUS PROGRAM - A method, an apparatus and a virtual machine for detecting a malicious program(s) are disclosed. The method comprises: setting a virtual memory ( | 2014-11-27 |
20140351936 | FREQUENCY-VARIABLE ANTI-VIRUS TECHNOLOGY - A frequency-variable anti-virus technology relates to a method and apparatus for dynamically adjusting an amount of system resources occupied by security protection software running on a user device. The method comprises: collecting, by the security protection software, state information associated with the user device; calculating the expected operating intensity of the security protection software based on the state information; and operating the security protection software based on the calculated expected operating intensity, so as to adjust the amount of system resources occupied by the security protection software. The apparatus may comprise means for performing the abovementioned steps, respectively. The method and apparatus may be used to dynamically adjust an operating policy of the security protection software, so as to more rationally allocate system resources among the software of the user device, thus improving the usage efficiency of the system resources and improving the usage experience of the user. | 2014-11-27 |