49th week of 2009 patent applcation highlights part 76 |
Patent application number | Title | Published |
20090300679 | Information processing apparatus, information processing method, program and information processing system - An information processing apparatus according to the present invention includes a content information acquisition unit that acquires content related information related to content data managed by a content management server from the content management server managing the content data, a selection unit that selects content from a content list which is a list of the content based on the content related information, and an externally connected device control unit that notifies, when the selected content is executed by an externally connected device connected externally, the externally connected device of location information of content data corresponding to the selected content and acquires reproduction state information representing a reproduction state of content when the externally connected device reproduces the selected content from the externally connected device. | 2009-12-03 |
20090300680 | Method and Apparatus for Displaying Interactions With Media by Members of a Social Software System - A media viewing method and system monitors user interaction with an electronic program guide. An awareness engine collects data generated by the user interaction and forms awareness indicators and information. The awareness information is output to end users and is indicative of which users in a social circle are accessing (e.g. viewing, playing, or recording) or have accessed which media works. Some output enables user-to-user interaction. The media works may be supplied by cable television, satellite television, online or global computer network sources. | 2009-12-03 |
20090300681 | METHOD FOR DISPLAYING AN ELECTRONIC PROGRAM GUIDE AND DEVICE THEREFOR - A device for displaying an electronic program guide includes a program guide display unit configured to display an electronic program guide in which a program channel including scheduled broadcast television program entries and a content channel including content entries stored in a storage device are arranged parallel to each other, a determination unit configured to determine a program entry selected by a user from the displayed electronic program guide, and a changing unit configured to change the content channel in the displayed electronic program guide based on the selected program entry. | 2009-12-03 |
20090300682 | CONTROL DEVICE AND METHOD FOR CHANNEL SEARCHING IN IMAGE DISPLAY DEVICE - Provided are a system and a method for channel searching in an image display device. When there are requests for channel searching and setting with respect to a broadcasting signal received through a signal receiving unit, image or audio data set by a user are outputted to a standby screen or while the channel searching. Or, after calculating a required time for the channel searching, image or audio data having a playing time close to the calculated required time are extracted for output while channel searching. | 2009-12-03 |
20090300683 | SYSTEM AND METHOD FOR SCHEDULING AN AUDIOVISUAL INFORMATION RECORDING - A novel method and system is provided for scheduling the recording of audiovisual information based on pre-programmed user specified criteria including at least one user preferred channel and user preferred content description. In a preferred embodiment, applicable to the Digital Video Broadcasting (DVB) standard, a broadcast stream conformant to the Digital Video Broadcast (DVB) specifications defines a plurality of program categories and sub-categories from which a user selects preferred categories/sub-categories. Broadcasted events in conformance with a DVB broadcast stream are automatically recorded based on the user specified preferred categories/sub-categories. | 2009-12-03 |
20090300684 | METHOD AND SYSTEM OF MARKING AND RECORDING CONTENT OF INTEREST IN A BROADCAST STREAM - A system and method for marking and recording content includes a network operation center receiving an incoming programming stream, monitoring the incoming programming stream, generating descriptive data corresponding to the programming stream, combining the descriptive data with the programming stream to form a composite signal and broadcasting the composite signal to a receiving unit. The system may also include a receiving unit having a monitoring term stored therein. The receiving unit monitors the composite signal for the monitoring term within the descriptive data and storing content or sub-content in a memory of the receiving unit when a monitoring term corresponds to the descriptive data. | 2009-12-03 |
20090300685 | SYSTEM, METHOD, AND DEVICE FOR TRANSMITTING VIDEO CAPTURED ON A WIRELESS DEVICE - Aspects include methods, systems, and apparatuses for processing video for display on a display device. The method may include receiving a plurality of video segments from a wireless device, wherein each video segment comprises video data captured by the wireless device; determining a data rate at which at least one of the plurality of video segments was received; determining a delay based at least in part on the data rate at which at least one of the plurality of video segments was received; waiting for a time approximately equivalent to the delay; and transmitting for display on the display device the video segments in substantially the same order as the video segments were received, wherein a size of the video segments is determined based on at least one capability of the wireless device, and wherein transmitting a first video segment is executed substantially simultaneously with or before receiving a last video segment. The method may also include storing the received plurality of video segments and concatenating the plurality of video into a single file capable of being displayed by the display device. Other aspects include methods, systems, and devices for transmitting video from a wireless device. | 2009-12-03 |
20090300686 | EDGE DEVICE RECEPTION VERIFICATION/NON-RECEPTION VERIFICATION LINKS TO DIFFERING DEVICES - A video processing system and method of operation transports a video stream between a video source and a remote wireless device and includes a communication interface and processing circuitry. The processing circuitry couples to the communication interface, establishes a reception verified communication link with the remote wireless device via the communication interface, and establishes a non-reception verified communication link with the video source via the communication interface. The processing circuitry further receives the video stream (and an audio stream) from the video source via the communication interface using the non-reception verified communication link and transmits the video stream (and audio stream) to the remote wireless device via the communication interface using the reception verified communication link. | 2009-12-03 |
20090300687 | EDGE DEVICE ESTABLISHING AND ADJUSTING WIRELESS LINK PARAMETERS IN ACCORDANCE WITH QOS-DESIRED VIDEO DATA RATE - A video processing device receives a request to forward a video stream from a video source to a remote wireless device and, based upon characteristics of the video stream, determines data throughput requirement sufficient to transport the video stream. The video processing device establishes a wireless communication link with the remote wireless device via a servicing wireless network with wireless link parameters that support the data throughput requirement. The video processing device may be required to establish/alter the wireless communication link with the remote wireless device via differing wireless link parameters that support a differing data throughput that is less than the data throughput requirement and process the video stream to alter its characteristics to meet the differing data throughput. In either case, the video processing device transmits the video stream to the remote wireless device via at least the differing wireless communication link. | 2009-12-03 |
20090300688 | MAP INDICATING QUALITY OF SERVICE FOR DELIVERY OF VIDEO DATA TO WIRELESS DEVICE - Providing Quality of Service (QoS) information regarding video content delivery to a requesting wireless device. QoS/position information is first collected by, for each wireless device of a plurality of serviced wireless devices operating within a service area, receiving position information regarding a wireless device during delivery of video content and determining QoS provided during delivery of the video content, the QoS provided during delivery of the video content delivery varying over time and respective to the position information. The collected QoS/position information is then consolidated and a QoS map for the service area is produced based upon the consolidated collected QoS/position information. Finally, the QoS map for the service area is downloaded to the requesting wireless device. The QoS map may be tailored for the requesting wireless device based upon a current position/mobility of the requesting wireless device. | 2009-12-03 |
20090300689 | Method for transmitting broadcast services in a radiocommunication cellular network through a femto base station, and corresponding femto base station - The invention concerns a method and a Femto base station for transmitting broadcast services from a radiocommunication cellular network ( | 2009-12-03 |
20090300690 | METHOD AND APPARATUS FOR SENDING AND RECEIVING BROADCAST SERVICE IN A DIGITAL BROADCASTING SYSTEM - A method and apparatus for sending a broadcast service in a digital broadcasting system. The method includes assigning a same Internet Protocol (IP) address for a common broadcast service when the common broadcast service is provided in at least two IP platforms, each of the at least two IP platforms providing a broadcast service to a terminal; delivering the common broadcast service using the same IP address; and delivering related information relevant to the common broadcast service. | 2009-12-03 |
20090300691 | METHOD AND SYSTEM OF OPERATING CONTENT STREAMS - A method and system of operating content streams. The method includes detecting that a playing of first and second content streams is asynchronous, each of the first and second content streams respectively including first and second turning points, and selectively synchronizing at least the first and second turning points of the first and second content streams by inserting gap fillers into at least one of the first and second content streams. | 2009-12-03 |
20090300692 | SYSTEMS AND METHODS FOR VIDEO STREAMING AND DISPLAY - For display of, at a user device, a region of interest within video images and associated applications. In a particular example embodiment, a streaming video source provides streaming data to a user device, with the streaming data being representative of a sequence of images, and each image including a plurality of individually decodable slices. At the user device and for a particular image and a corresponding subset region of the image, less than all of the plurality of individually decodable slices are displayed in response to a current input indicative of the subset region. Future input indicative of a revised subset region is then predicted in response to images in the image sequence that have yet to be displayed and to previously received input. In other embodiments, multicasting methods, systems or arrangements provide streaming video to one or more user devices. | 2009-12-03 |
20090300693 | METHOD, APPARATUS AND SYSTEM FOR DYNAMIC GROUPING AND CONTENT DISTRIBUTION - In one embodiment of the present invention, a system for dynamic content distribution and grouping includes a server for providing a plurality of content channels, at least one tuning/decoding means for receiving/decoding at least one of the plurality of content channels, and at least one respective display means for displaying the at least one received/decoded content channel. In such embodiments of the present invention, the server is configured to dynamically configure the at least one tuning/decoding means to receive/decode at least one of the plurality of content channels. More specifically, in embodiments of the present invention, the server dynamically configures the at least one tuning/decoding means by communicating a channel change command to the at least one tuning/decoding means over a dedicated radio-frequency channel or, in an alternate embodiment, using an internet protocol. | 2009-12-03 |
20090300694 | OPEN CABLE APPLICATION PLATFORM (OCAP) AND SET-TOP BOX (STB)-BASED CALENDERING APPLICATION - One exemplary aspect is advanced multimedia communications via OCAP using customer specific profiles resident in the STB for calendar management. Additional aspects relate to invitation management including auto-calendaring, forwarding of an invitation details to a specific destination, conflict resolution, auto-rescheduling, global rescheduling and automatic reminders based on an invitation. Still further aspects relate to enabling confirmation of an appointment based on a received reminder and a technique to confirm an appointment with the ability to forward an appointment confirmed identifier to the appointment setter. Rescheduling routines are also provided for use with the calendaring application. | 2009-12-03 |
20090300695 | SYSTEM AND METHOD OF IDENTIFYING EVENTS SCHEDULED AT A MEDIA RECORDER - A system and method of identifying events scheduled at a media recorder. In a particular embodiment, a system to identify events scheduled at a media recorder is disclosed. The system includes an identification module to determine a time interval and an address and to identify one or more media content items scheduled for recording within the time interval. The system also includes a notification module to send a message to the address, the message including scheduling information related to the one or more media content items scheduled for recording within the time interval. | 2009-12-03 |
20090300696 | Receiving Apparatus, Display Control Method, and Program - A receiving apparatus includes: a receiving means for receiving broadcasted broadcast content and information relating thereto; an acquisition means for acquiring network content and information relating thereto from a predetermined server via a network; and a start-up controlling means for starting up, in a non-display state, a browser which provides a frame display of the broadcast content and the information relating to the broadcast content and also provides a frame display of the network content and the information relating to the network content, and maintaining the start-up condition of the browser, regardless of whether the receiving apparatus is in a broadcast content mode in which at least one of the broadcast content or the information relating to the broadcast content is displayed, or in a network content mode in which at least one of the network content or the information relating to the network content is displayed. | 2009-12-03 |
20090300697 | Method and Arrangement for Storing and Playing Back TV Programmes - The invention relates to a method and a PVR server for storing and playing back TV programmes, in particular to an improved method for operating a network PVR and to an improved PVR server ( | 2009-12-03 |
20090300698 | EDGE DEVICE THAT ENABLES EFFICIENT DELIVERY OF VIDEO TO HANDHELD DEVICE - A video processing system includes a communications interface and video processing circuitry. The communications interface receives video data from a video source, receives at least one operating parameter regarding a remote wireless device, and transmits an output video stream to the remote wireless device. The video processing circuitry couples to the communications interface, receives the video data and the at least one operating parameter, determines video processing parameters based upon the video data and the at least one operating parameter, processes the video data based upon the video processing parameters to produce the output video stream, and provides the output video stream to the communications interface for transmission to the remote wireless device. The video data (incoming video stream) may be processed by altering a frame rate, PCRs, pixel resolution, color resolution, color content, and/or region of interest content of the incoming video data to produce the output video stream. | 2009-12-03 |
20090300699 | METHODS AND APPARATUS FOR PRESENTING SUBSTITUTE CONTENT IN AN AUDIO/VIDEO STREAM USING TEXT DATA - Various embodiments of apparatus and/or methods are described for skipping, filtering and/or replacing content from an audio/video stream using text data associated with the audio/video stream. The text data is processed using location information that references a segment of the text data of the first audio/video stream to identify a location within the first audio/video stream. The location within the first audio/video stream is utilized to identify portions of the audio/video stream that are to be skipped during presentation. The portions of the audio/video stream that are to be skipped are filtered from the audio/video stream, and some of the skipped portions of the audio/video stream are replaced with substitute content. The filtered video stream, including the substitute content, is outputted for presentation to a user. | 2009-12-03 |
20090300700 | REPLAYABLE TV SYSTEM - A replayable TV system ( | 2009-12-03 |
20090300701 | AREA OF INTEREST PROCESSING OF VIDEO DELIVERED TO HANDHELD DEVICE - Processing a video stream intended for a remote wireless device by a video processing system based upon identified area of interest information to produce an output video stream having lesser required data throughput. Operation commences with receiving the video stream and buffering the video stream. Then the video processing system identifies an area of interest corresponding to at least one video frame of the video stream. The video processing system the processes the video frames of the video stream based upon the identified area of interest to produce an output video stream. The video processing system then transmits the output video stream for delivery to the remote wireless device. Processing video frames of the video stream may include altering pixel resolution, color resolution, and/or cropping video information of the video frames outside of the area of interest. | 2009-12-03 |
20090300702 | Early Warning Fault Identification and Isolation System for a Two-Way Cable Network - A system and method for determining an operational status of a segment of a hybrid fiber coax (HFC) cable network. Subscriber premises units (SPUs) connected to the HFC cable network are “pinged” and their responses recorded. The two most responsive SPUs in each node of the HFC cable network are identified. The most responsive SPU is added to a primary ping list and the next most responsive SPU is added to a secondary ping list. The SPUs on the primary list are “pinged” and their responses recorded. If an SPU on the primary list fails to respond, the secondary SPU associated with the node is pinged. If both the primary and secondary SPU associated with a node fail to respond to the “ping,” the node is identified as non-responsive. If all of the nodes associated with a modulator (or a demodulator) are identified as non-responsive, the modulator (or demodulator) is identified as “non-responsive.” Additionally, network devices are pinged and their responses noted. Using the responsiveness of nodes and network devices, faults in segments in an HFC cable network can be identified and located. | 2009-12-03 |
20090300703 | Communicating Ancillary Information Associated With A Plurality Of Audio/Video Programs - A system includes a receiver and a communication interface. The receiver is adapted to tune to an audio/video portion over a transport medium. The communication interface is adapted to receive announcement data associated with the tuned audio/video content directed to a first addressable location and to receive a special announcement directed to the first addressable location. The special announcement indicates availability of the announcement data associated with the tuned audio/video program, and the announcement data is associated with the tuned audio/video content and indicates enhancement data is being transmitted. The controller is adapted to redirect the announcement data to a second addressable location other than the first addressable location in response to the special announcement. | 2009-12-03 |
20090300704 | Presentity Rules for Location Authorization in a Communication System - A server, computer readable medium and method for accessing data related to a first user connected to a communication network that includes a server, the data being accessed by a second user connected to the communication network. The method includes receiving at the server instructions from the first user for generating authentication privileges for the second user to access the data of the first user, wherein the data includes at least one of location data related to a physical location of the first user, and presence data related to an availability of the first user to communicate with the second user; applying a single set of authentication rules to generate the authentication privileges for the second user for both the location data and the presence data; and storing the generated authentication privileges of the second user. | 2009-12-03 |
20090300705 | Generating Document Processing Workflows Configured to Route Documents Based on Document Conceptual Understanding - Embodiments of the invention may be used to improve enforcement and compliance with publishing rules in an automated and provable manner. Prior to publication, documents may be processed using publishing rules (workflows) based on conceptual analysis of document content. Additionally, embodiments of the invention include a content creation system configured to provide prompt feedback on content coverage. Such a system enables the creator of information to better understand what approval requirements apply to content they create and intend to publish, as the content is being created. | 2009-12-03 |
20090300706 | CENTRALLY ACCESSIBLE POLICY REPOSITORY - The present invention extends to methods, systems, and computer program products for a centrally accessible policy repository. Protection policies for protecting resources within an organization are stored at a central policy repository. Thus, an administrator can centrally create, maintain, and manage resource protection polices for all of the organizational units within an organization. Accordingly, resources consumed when performing these protection policy related operations is significantly reduced. Additionally, since protection policies are centrally located, there is increased likelihood of being able to consistently apply an organization's protection policies within different organizational units, even when protection policies change. | 2009-12-03 |
20090300707 | Method of Optimizing Policy Conformance Check for a Device with a Large Set of Posture Attribute Combinations - A method, apparatus, and electronic device for conforming integrity of a client device | 2009-12-03 |
20090300708 | Method for Improving Comprehension of Information in a Security Enhanced Environment by Representing the Information in Audio Form - In a software environment wherein one or more subjects respectively seek to access one or more objects, and wherein a security policy having rules is associated with the environment, a method is provided for use in connection with an effort by a particular subject to access a particular object. The method comprises identifying a domain to which the particular subject belongs, and identifying a type that includes or characterizes the particular object. One or more rules of the security policy are then used to decide whether or not to permit the particular subject to access the particular object. The method further comprises providing one or more distinct audible sounds for a user associated with the particular subject, wherein each audible sound represents specified information pertaining to the decision of whether or not to permit access to the particular object. | 2009-12-03 |
20090300709 | AUTOMATED CORRECTION AND REPORTING FOR DYNAMIC WEB APPLICATIONS - Changes to dynamic web content are monitored for compliance with web content compliance rules. A noncompliant element associated with a change to the dynamic web content is identified based upon the web content compliance rules. Automated correction of the noncompliant element is performed based upon the web content compliance rules. The noncompliant element is reported to a server associated with the change to the dynamic web content. | 2009-12-03 |
20090300710 | UNIVERSAL SERIAL BUS (USB) STORAGE DEVICE AND ACCESS CONTROL METHOD THEREOF - The invention provides a USB storage device and an access control method thereof. An access control module is provided on the USB storage device. The storage space is divided into at least one data storage entity. Each user's access right to each data storage entity is set and stored in the USB storage device as an access control list. The process between the USB storage device's being connected with a USB host and its being disconnected from the USB host is one session. When a session is established, the user provides authentication information for the USB device to authenticate him/her, and saves the user information used in the current session. In the current session, when the host of the user issues an access request for the data storage entity on the USB storage device, the access control module queries the access right list based on the user information in the current session to determine whether the user has an access right to the requested data storage entity. When the user does not have the access right to the data storage entity, the access control module denies the user's access request for the data storage entity. | 2009-12-03 |
20090300711 | ACCESS CONTROL POLICY COMPLIANCE CHECK PROCESS - A storage medium on which is recorded a program for causing an information processing device. The program executes, an access right management information obtainment process for obtaining access right management information, a violation detection process for obtaining a policy from a policy storing unit for storing the policy set for the resource or the access to the resource, for checking whether or not the access right management information complies with the policy, and for detecting access right management information, a policy compliance level calculation process for calculating a risk score in accordance with a degree of risk of the violation, and for calculating a level of compliance with the policy. | 2009-12-03 |
20090300712 | System and method for dynamically enforcing security policies on electronic files - A system and method dynamically enforcing security policies on electronic files when the file is used. The system and method preferably delegates the file the ability to protect itself. The file automatically identifies its confidential information and applies them when needed. | 2009-12-03 |
20090300713 | ACCESS CONTROL SYSTEM, ACCESS CONTROL METHOD, ELECTRONIC DEVICE AND CONTROL PROGRAM - Provided is the access control system for controlling an access on a task basis without modifying a device side to be accessed and without applying a task ID at each access to a device. | 2009-12-03 |
20090300714 | PRIVACY ENGINE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - A privacy enforcement engine conducts a process that evaluates user privacy preferences against the privacy policy of a service provider. The engine works in conjunction with an identity selector. The identity selector filters user identity information cards to determine which ones satisfy the requirements of a security policy. The engine identifies privacy preferences that are relevant to the user identity information specified by the successfully filtered cards. The engine evaluates these privacy preferences against the privacy policy, to provide its own filtering operation relative to the exercise of privacy controls. The cards that pass the filtering operation conducted by the engine are deemed available for disclosure. | 2009-12-03 |
20090300715 | USER-DIRECTED PRIVACY CONTROL IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user's privacy preferences regarding the disclosure of identity information. Based on the evaluation results, the user can either approve or disapprove the privacy policy, and so decide whether to proceed with disclosure of the user identity. | 2009-12-03 |
20090300716 | USER AGENT TO EXERCISE PRIVACY CONTROL MANAGEMENT IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - A client-side user agent operates in conjunction with an identity selector to institute and exercise privacy control management over user identities managed by the identity selector. The user agent includes the combination of a privacy enforcement engine, a storage of rulesets expressing user privacy preferences, and a preference editor. The editor enables the user to direct the composition of privacy preferences relative to user identities. The preferences can be applied to individual cards and to categorized groups of attributes. The engine evaluates the proper rulesets against the privacy policy of a service provider. The privacy preferences used by the engine are determined on the basis of specifications in a security policy indicating the attribute requirements for claims that purport to satisfy the security policy. | 2009-12-03 |
20090300717 | HARDWARE ACCESS AND MONITORING CONTROL - Various embodiments described and illustrated here include one or more of systems, methods, software, and data structures that may be used to implement policies for hardware access and monitoring control. One embodiment includes obtaining device property data from each device coupled to a system and determining if each device is a device authorized for use with the system. Such embodiments may further include allowing only devices authorized for use with the system to be accessed by processes of the system. | 2009-12-03 |
20090300718 | SYSTEM AND METHOD FOR LOST DATA DESTRUCTION OF ELECTRONIC DATA STORED ON A PORTABLE ELECTRONIC DEVICE WHICH COMMUNICATES WITH SERVERS THAT ARE INSIDE OF AND OUTSIDE OF A FIREWALL - A data security system and method protects stored data from unauthorized access. According to one aspect of the invention, a client computing device communicates periodically with a server. If communications is note established between the client and the server for a selected activation interval and a subsequent grace period, the data is determined to be lost, and programmed security rules are automatically executed. The server with which the client computer device communicates includes one server located inside the firewall of a particular organization, or a mirror server located outside the firewall, and thereby allow for the re-setting of the activation interval when the client is properly outside of the firewall through communication with the mirror server, as well as the to provide command an control over a lost or stolen client by pushing updated rules if communication is subsequently attempted with the mirror server. | 2009-12-03 |
20090300719 | SYSTEMS AND METHODS FOR MANAGEMENT OF SECURE DATA IN CLOUD-BASED NETWORK - Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud. | 2009-12-03 |
20090300720 | CENTRALIZED ACCOUNT REPUTATION - A centralized account reputation system differentiates between illegitimate users and legitimate users using reputation scores associated with the users' online accounts. The system restricts the access of illegitimate users to certain network services while minimizing its negative effects on legitimate users. The system can manage the life cycle of an online account, considering data about the account that is obtained throughout the account network to compute the online account reputation score and allocating access to network services based on the online account reputation score. For example, a reputation score may be embedded in a security token that can be accessed by multiple services on the account network, so that each service can determine the appropriate level of access to be granted to the associated user account based on the reputation score. Various types of online account behavior over time can improve or diminish the online account's reputation. | 2009-12-03 |
20090300721 | Reverse VPN over SSH - A system and method for enabling access to a computer server operating within a private network, in which the computer server is isolated by access restrictions that prevent incoming connections from a public network. In one embodiment, the method includes identifying a remote client operating in a public network outside the private network, initiating a secure communication channel with the remote client, and instructing the remote client to initiate a Point-to-Point Protocol (PPP) session with the computer server via the secure communication channel. | 2009-12-03 |
20090300722 | SUPPORT FOR INTEGRATED WLAN HOTSPOT CLIENTS - The invention proposes a method and a network device comprising an operation entity ( | 2009-12-03 |
20090300723 | SHARING PRIVATE DATA PUBLICLY AND ANONYMOUSLY - Sharing a secret that can later be revoked. A client sends data to a server that makes the data available to other clients. The data is shared generically without specifically identifying the client. The data can be considered quasi-secret data or data that is secret except for the anonymous sharing of the data. The client can later make the shared data private again by changing or deleting the sharing of the data. | 2009-12-03 |
20090300724 | METHOD FOR MANAGING DOMAIN USING MULTI DOMAIN MANAGER AND DOMAIN SYSTEM - The present invention relates to a method of managing a domain employing a multi-domain manager and a domain system. The method of managing a domain employing a multi-domain manager includes designating a primary domain manager, configuring the domain by registering a domain device with the primary domain manager, designating at least one secondary domain manager of the domain devices, and managing the domain through conjunction of the primary domain manager and the secondary domain manager. Thus, domain management can be performed efficiently by employing a multi-domain manager. | 2009-12-03 |
20090300725 | ENABLING SYNCHRONOUS AND ASYNCHRONOUS COLLABORATION FOR SOFTWARE APPLICATIONS - A method for collaborating a first computer with a second computer. The method includes sending an invitation from the first computer to the second computer, and sending a list of permissions from the first computer to the second computer upon acceptance of the invitation. The list of permissions allows the second computer to access a limited portion of one or more data on the first computer. The method further includes performing an analysis on the limited portion of the data stored on the first computer by the second computer, and sending a notification from the second computer to the first computer, wherein the notification indicates that the analysis has been performed on the limited portion of the data. | 2009-12-03 |
20090300726 | ETHERNET SERVICE CAPABILITY NEGOTIATION AND AUTHORIZATION METHOD AND SYSTEM - Described herein are methods and systems for negotiating and authorizing one or more Ethernet and/or IP services among a plurality of network entities in a wireless communication system. In one embodiment, an Access Service Network Entity transmits Ethernet Service capability data to a Home Connectivity Service Entity. Optionally, the Ethernet Service capability data may include Ethernet Service capability data associated with a Visited Connectivity Service Entity. The Home Connectivity Service Entity then determines which Ethernet and/or IP Services are authorized for a particular mobile station associated with the Access Service Network Entity based upon the received Ethernet Service capability data, a subscriber profile, and a home network policy. | 2009-12-03 |
20090300727 | SERVER, INFORMATION PROCESSING METHOD AND PROGRAM - A server having an authority information storage configured to store therein authority information on an operation authority, a determination request information receiver configured to receive determination request information that is transmitted from a client and requests a permission/rejection determination on execution of a desired operation in the server or a client, a permission/rejection determination unit configured to make a permission/rejection determination in response to the determination request information received by the determination request information receiver based on the authority information, and a determination result information transmitter configured to transmit determination result information on a determination result made by the permission/rejection determination unit to the client that transmitted the determination request information. | 2009-12-03 |
20090300728 | ELECTRONIC MAIL TERMINAL APPARATUS, MAIL SERVER, CHECK CODE REGISTERING METHOD, AND MAIL RECEPTION PERMITTING METHOD - An apparatus includes: an address book to store mail addresses; an address registration unit to register a mail address of electronic mail in the address book; a check code generation unit to generate a check code from the mail address; and a check code transmission unit to transmit a mail reception permission notification including the check code generated from the mail address to a registration unit. | 2009-12-03 |
20090300729 | PURCHASING PERIPHERAL SUPPORT IN A MEDIA EXCHANGE NETWORK - A system providing support for user transactions in a media exchange network is disclosed. An embodiment of the present invention may comprise a television display, storage, and a set top box, and may provide an interface device for receiving from a user associated authorization device, information for authorizing user transactions via a communication network. A user transaction may comprise the exchange, purchase, storage, or consumption of media such as, for example, audio, still images, video, and data. The communication network may comprise, for example, a cable infrastructure, a digital subscriber line infrastructure, a wireless infrastructure, and may be the Internet. The system may provide for the completion of the user transaction without divulging the identity of the user to a vendor. | 2009-12-03 |
20090300730 | SECURITY MESSAGE PROCESSING - Systems, methods and apparatus for handling security messages in a distributed security system. Requests, replies, and/or updates have varying time constraints. Processing node managers and authority node managers determine the best transmission times and/or the ignoring of such data to maximize information value. | 2009-12-03 |
20090300731 | Remote Publishing and Server Administration - Embodiments are directed to managing server content and configuration from within a single server management application. In one embodiment, a computer system receives a client connection requesting initiation of a server management application. The computer system initiates the server management application. The application provides means managing content and server configuration settings from within the server management application. The computer system receives user input indicating a configuration settings change to be applied to the server and alters configuration settings on the server. The management application provides configuration access to those settings for which the client has access rights. The computer system receives user input indicating that one or more portions of content are to be published to the server and publishes the content portions to the server. The server management application implements a protocol provider model that facilitates content publishing to the server over a variety of different protocols. | 2009-12-03 |
20090300732 | METHOD AND APPARATUS OF OTP BASED ON CHALLENGE/RESPONSE - The present invention is proposed to solve the problem of high cost of an ordinary OTP token and the problem of vulnerability to hacking of a mobile OTP, for which an OTP program is mounted to solve the problem of high cost. There is provided a user authentication system and a method thereof, in which a user sets an image password as a fixed key, a query terminal outputs a query screen on which a created OTP is divided into pieces and matched to images of the fixed key, the user who confirms the query screen sequentially inputs the numbers that correspond to the image password, i.e., the fixed key of the user himself or herself, and a result of user authentication is processed according to whether the inputted numbers are matched to the response value prepared in a server. | 2009-12-03 |
20090300733 | INFORMATION PROCESSING APPARATUS, AUTHENTICATION SYSTEM, INFORMATION PROCESSING METHOD AND STORAGE MEDIUM - An information processing apparatus includes a storage unit that stores a first user identifier that identifies respective users in the information processing apparatus, and plural second user identifiers stored in respective authentication apparatuses and identify the users in each authentication apparatus, so as to correspond with each other; a first authentication request unit that transmits authentication information input by a user to at least one of the authentication apparatuses and requests authentication of the user; a first user identifier acquisition unit that, when authentication of the user has been successful, acquires the second user identifier of that user stored in that authentication apparatus; and a use allowing unit that specifies the first user identifier stored in the storage unit corresponding with the second user identifier acquired by the first user identifier acquisition unit, and allows the user identified by the specified first user identifier to use the information processing apparatus. | 2009-12-03 |
20090300734 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND COMPUTER-READABLE STORAGE MEDIUM STORING AUTHENTICATION PROGRAM - An authentication system including an apparatus, in the system use of the apparatus is restricted by an authentication processing according to authentication information, the system having: decision section to compare inputted authentication information with pre-stored authentication information and to notify a message indicating that the authentication information has been changed in a case where the inputted authentication information is not the same as the updated authentication information but is the same as the previously set authentication information. | 2009-12-03 |
20090300735 | METHOD FOR CONTROLLING ACCESS TO CONTENT ON DATA CARRIER - A method for controlling access to content on a data carrier includes reading a first and a second machine readable key stored on the data carrier. Further, a third key is retrieved from a remote server based on the first key. Access to the content on the data carrier is allowed only if the second key matches the third key. | 2009-12-03 |
20090300736 | REMOTE ACCESS METHOD - A remote access method for use in a computer includes the following steps. Firstly, the computer logins into a remote access interface. Next, a remote access role of the computer is selected via the remote access interface, and a remote access operation is performed according to the selected remote access role. If the remote access role is intended to be changed, another remote access role of the computer is selected via the remote access interface. | 2009-12-03 |
20090300737 | SPLIT TEMPLATE BIOMETRIC VERIFICATION SYSTEM - An exemplary system includes a plurality of storage devices storing at least one of a plurality of chunks of a template. A first chunk is stored in a first location and a second chunk is stored in a second location. The system further includes a client device in communication with the storage devices. Each client device includes a verification module that divides the template into the plurality of chunks, and reconstitutes the plurality of chunks into the template during validation. A method includes generating the template based upon an enrollment biometric identifier, dividing the template into the plurality of chunks, storing at least one of the plurality of chunks in a first storage location, and storing at least another of the plurality of chunks in a second storage location. | 2009-12-03 |
20090300738 | Authentication Methods and Systems - A method of generating an authentication token using a cryptographic based application downloaded to a mobile telephony device and a method of authenticating an online transaction using such a token. The method may be employed in a two factor authentication method uitilising a user password and an authentication token. The method allows a two factor authentication method to be provided by a wide range of mobile telephony devices operating either online or offline. Other authentication systems and methods of authentication are also disclosed. | 2009-12-03 |
20090300739 | Authentication for distributed secure content management system - Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy. | 2009-12-03 |
20090300740 | PROACTIVE CREDENTIAL CACHING - In wireless networking, such as per the IEEE 802.11 standard, a technique automatically republishes an authentication credential to a global credential repository. A station can have a first credential, as is created when the station connects to a first access node of a wireless network. Upon trying and failing to connect to a second access node of the wireless network, the station can have a second credential created and published to the global credential repository. In some situations, the station then roams back to the first access node using the first credential. Efficiently, when the station uses the first credential at the first access node, the first credential can be automatically republished as a global credential. The automatic republishing of the first credential can ensure that the station is able to access the wireless network via various access nodes when roaming. | 2009-12-03 |
20090300741 | GRANTING SERVER/WORKSTATION ACCESS USING A TELEPHONE SYSTEM - A method of granting access to a computing system includes: receiving a connection request from a remote computing system; generating a first message indicating a session identification number and an access number; receiving the session identification number from a telephone system; performing a verification of the session identification number; and granting access to the computing system based on the verification of the session identification number. | 2009-12-03 |
20090300742 | IDENTITY SELECTOR FOR USE WITH A USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - An identity selector manages the identity requirements of an online interaction between a user and a service provider environment. The identity selector is adapted for interoperable use with a user-portable computing device. The user device enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The identity selector includes an agent module that facilitates communication with the user device. The identity selector imports the user identities from the user device and determines which user identities satisfy a security policy of a relying party. After the user selects one of the eligible user identities, the identity selector generates a token request based on the selected identity and forwards it to the user device, which in response issues a security token. The security token is returned to the identity selector and used to facilitate the authentication process. | 2009-12-03 |
20090300743 | METHODS AND SYSTEMS FOR USER AUTHENTICATION - Method and systems for user authentication are provided according to the embodiments of the invention. The method mainly includes: sending, by a management station, an authentication request message of an authentication protocol to a managed device via a management protocol, and sending user authentication information to the managed device; and authenticating the user by the managed device via the authentication protocol or a authentication server based on the received user authentication information, and returning an authentication acknowledgement message of the authentication protocol carrying the authentication result to the management station via the management protocol. The system mainly includes a management station and a managed device; or, a management station, a managed device and a backend authentication server. With the present invention, methods and systems for user authentication with a good extensibility and a widened application are provided. | 2009-12-03 |
20090300744 | TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service. | 2009-12-03 |
20090300745 | ENHANCED MULTI FACTOR AUTHENTICATION - In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel. | 2009-12-03 |
20090300746 | SYSTEM INTEGRATING AN IDENTITY SELECTOR AND USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy. | 2009-12-03 |
20090300747 | USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process. | 2009-12-03 |
20090300748 | RULE COMBINATION IN A FIREWALL - A firewall system comprises a rule management tool that is operable to evaluate a rule set for rules that may be merged, present selected rules that can be merged to an administrator, along with an indication of any change in function of the resulting merged rule, and receive input from the administrator indicating whether to merge the selected rules. | 2009-12-03 |
20090300749 | METHOD AND SYSTEM FOR DEFEATING THE MAN IN THE MIDDLE COMPUTER HACKING TECHNIQUE - A method for constructing a secure Internet transaction, the method includes: receiving a user identification (userid) and user password on a client device for filling out a form generated by a secure web site; concatenating the user's Internet Protocol (IP) address with a separate password that is maintained on the secure web site that the user is authenticating to; encrypting the concatenated user IP and separate password to form an Internet Protocol password (IPPW); wherein the encrypting is carried out with asymmetric public-key cryptography using a public key; building a transaction consisting of the IPPW and userid; transmitting the transaction and form via a network towards the secure web site; wherein in response the secure website performs the following: decrypts the IPPW, and determines if the IP portion of the decrypted IPPW is equal to the user's IP address. | 2009-12-03 |
20090300750 | Proxy Based Two-Way Web-Service Router Gateway - A system for providing two-way Web services is disclosed that enables the client and server to be in different enterprise domains—behind firewalls—with few or no changes to the firewalls. In accordance with the illustrative embodiment, a “tunnel hub” is deployed in the public domain and “tunnel gateways” are deployed behind the firewalls where the clients request two-way services and the servers provide two-way services. Each tunnel gateway initiates a secure tunnel out through the firewall to the target hub. Thereafter, a request for service enters the tunnel gateway, travels to the tunnel hub and to the appropriate tunnel gateway where the server is that provides the service. When the server provides the service, it enters the tunnel gateway, travels to the tunnel hub and to the appropriate tunnel gateway where the client is that requested the service. | 2009-12-03 |
20090300751 | Unique packet identifiers for preventing leakage of sensitive information - In accordance with an aspect of the invention, leakage prevention is implemented by: a) associating—within a network—a unique identifier with a packet transmitted by a process which has previously accessed data containing sensitive information, and b) searching a packet before it exits a network for the unique identifier. This mechanism provides a strong guarantee against leakage of sensitive data out of a network by facilitating the monitoring of packets which potentially contain the sensitive information. The unique identifier may be located in the header of the packet, which is detectable without requiring a heavy investment of network resources. Additionally, a packet's movement within a network may be tracked by analyzing trapped system calls. Furthermore, an exiting packet may be analyzed by a network firewall, the firewall utilizing various policies to determine how to proceed when a packet containing a unique identifier is located. | 2009-12-03 |
20090300752 | UTILIZING VIRTUAL PRIVATE NETWORKS TO PROVIDE OBJECT LEVEL SECURITY ON A MULTI-NODE COMPUTER SYSTEM - The disclosure herein provides data security on a parallel computer system using virtual private networks connecting the nodes of the system. A mechanism sets up access control data in the nodes that describes a number of security classes. Each security class is associated with a virtual network. Each user on the system is associated with one of the security classes. Each database object to be protected is given an attribute of a security class. Database objects are loaded into the system nodes that match the security class of the database object. When a query executes on the system, the query is sent to a particular class or set of classes such that the query is only seen by those nodes that are authorized by the equivalent security class. In this way, the network is used to isolate data from users that do not have proper authorization to access the data. | 2009-12-03 |
20090300753 | METHOD FOR PREVENTING DATA IN A COMPUTER SYSTEM FROM BEING ACCESSED BY UNAUTHORIZED USER - A computer system is provided comprising a non-volatile storage medium and a processor. The processor acquires authentication information from a first removable storage device, stores the authentication information into the non-volatile storage medium, and forbids data access of the computer system when detecting that a second removable storage device has been inserted and identification data of the second removable storage device is different from the authentication information. | 2009-12-03 |
20090300754 | Protecting a Program Interpreted by a Virtual Machine - A method of protecting a program interpreted by a virtual machine comprises the inclusion of interference operations during the execution of each program instruction. The scrambling operations are selected according to a program digest, so as to vary when a single instruction belongs to two different programs. In this way, any attempt at reverse engineering from side channels is made possible. | 2009-12-03 |
20090300755 | PROVIDING HINTS WHILE ENTERING PROTECTED INFORMATION - One or more hints can be presented during the entry of protected information. Traditionally, for security reasons, the protected information is displayed as ambiguous characters, hindering the ability to determine if there was an error inputting the information. A hash can be calculated from some or all of the protected information already input, and the resulting hash value can be used to select a hint. The hints can be selected from a relatively small number of easily distinguishable hints, including visual, auditory and sensory hints, or any combination thereof. The hints are not a globally unique identifier of the protected information and can, instead, be used to detect a deviation from the correct entry of the protected information. | 2009-12-03 |
20090300756 | System and Method for Authentication - A system for authentication comprises a mobile unit and a smart card reader. The mobile unit includes a security application that prevents access to functionalities and data stored thereon and further includes an authentication application that securely stores an authentication token. The smart card reader communicatively connects to a smart card. The smart card includes authentication data. The authentication application transmits the authentication token to the smart card reader to verify the smart card. The authentication application shares the authentication token with the security application when the verification is successful. The authentication token indicates to the security application to grant access to the functionalities and the data. | 2009-12-03 |
20090300757 | IMAGE FORMING APPARATUS PERFORMING USER AUTHENTICATION USING A CARD - An image forming apparatus includes an ID acquisition part configured to acquire a card ID readable by a card reader. A correspondence information management part manages correspondence information between the card ID and user identification information. A user information acquisition part acquires the user identification information corresponding to the card ID acquired by the card ID acquisition part from the correspondence information management part, and acquires a password of a user corresponding to the acquired user identification information. An authentication control part causes an authentication process of the user to be executed in accordance with the acquired user identification information and the acquired password. | 2009-12-03 |
20090300758 | PROVISIONING SECRETS IN AN UNSECURED ENVIRONMENT - A method and apparatus for generating provisioning data to provision a device are described. A provisioning bundle is validated according to a relationship between a configuration and a bundle sequence number identifying the provisioning bundle. A provisioning request includes a device hardware identifier identifying the device. An authorization for the provisioning request is determined for generating provisioning data including the provisioning bundle personalized by the device hardware identifier for the device. | 2009-12-03 |
20090300759 | ATTACK PREVENTION TECHNIQUES - Techniques for detecting and responding to attacks on computer and network systems including denial-of-service (DoS) attacks. A packet is classified as potentially being an attack packet if it matches an access control list (ACL) specifying one or more conditions. One or more actions may be performed responsive to packets identified as potential attack packets. These actions may include dropping packets identified as potential attack packets for a period of time, rate limiting a port over which the potential attack packets are received for a period of time, and other actions. | 2009-12-03 |
20090300760 | Grid Security Intrusion Detection Configuration Mechanism - A method, apparatus, and article of manufacture are provided to support security in a distributed gird computer cluster. Each non-node root node in the cluster is configured with a local security agent, and the root node is configured with a security controller to manage each of the security agents of each non-root node. The security agent of each non-root node is in communication with an associated configuration file that contains data private to the respective non-root node, to allow the security agent to manage security local to the node. The security controller of the root node is in communication with a controller configuration file that contains data that applies to all security agents in the grid cluster, to allow the controller to manager the security agents. | 2009-12-03 |
20090300761 | Intelligent Hashes for Centralized Malware Detection - A suspicious entity is identified. An intelligent hash for the suspicious entity is generated, wherein the intelligent hash includes a set of metadata that is specific to the suspicious entity and at least some of the metadata is invariant over changes to the suspicious entity. The intelligent hash is transmitted to a server for evaluation of whether the suspicious entity corresponds to the malware entity. The server is adapted to determine whether the suspicious entity corresponds to the malware entity based on the intelligent hash. A result is received from the server specifying whether the suspicious entity corresponds to the malware entity. | 2009-12-03 |
20090300762 | Methods And Systems For Managing A Potential Security Threat To A Network - Methods, systems and computer readable mediums storing computer executable programs for managing a potential security threat to a network are disclosed. Network data received at a network system within a network is monitored at a network management system. A determination is made at the network management system regarding whether the network data received at the network system poses a potential security threat to the network. A threat type associated with the potential security threat is identified at the network management system based on the determination. A threat assessment system operable to evaluate the identified threat type is identified at the network management system. A command is issued from the network management system to the network system to mirror network data received at the network system to the identified threat assessment system. | 2009-12-03 |
20090300763 | METHOD AND SYSTEM FOR DETECTING CHARACTERISTICS OF A WIRELESS NETWORK - Characteristics about one or more wireless access devices in a wireless network, whether known or unknown entities, can be determined using a system and method according to the present invention. An observation is made of the activity over a Wireless Area Network (WLAN). Based on this activity, changes in state of wireless access devices within the WLAN can be observed and monitored. These changes in state could be indicative of normal operation of the WLAN, or they may indicate the presence of an unauthorized user. In the latter case, an alert can be sent so that appropriate action may be taken. Additionally, ad hoc networks can be detected that may be connected to a wireless access point. | 2009-12-03 |
20090300764 | SYSTEM AND METHOD FOR IDENTIFICATION AND BLOCKING OF MALICIOUS CODE FOR WEB BROWSER SCRIPT ENGINES - A system and method to protect web applications from malicious attacks and, in particular, a system and method for identification and blocking of malicious code for web browser script engines. The system includes at least one module configured to protect web applications from malicious attacks by detecting an occurrence of heap spraying and blocking the occurrence of heap spraying. | 2009-12-03 |
20090300765 | UNKNOWN MALCODE DETECTION USING CLASSIFIERS WITH OPTIMAL TRAINING SETS - The present invention is directed to a method for detecting unknown malicious code, such as a virus, a worm, a Trojan Horse or any combination thereof. Accordingly, a Data Set is created, which is a collection of files that includes a first subset with malicious code and a second subset with benign code files and malicious and benign files are identified by an antivirus program. All files are parsed using n-gram moving windows of several lengths and the TF representation is computed for each n-gram in each file. An initial set of top features (e.g., up to 5500) of all n-grams IS selected, based on the DF measure and the number of the top features is reduced to comply with the computation resources required for classifier training, by using features selection methods. The optimal number of features is then determined based on the evaluation of the detection accuracy of several sets of reduced top features and different data sets with different distributions of benign and malicious files are prepared, based on the optimal number, which will be used as training and test sets. For each classifier, the detection accuracy is iteratively evaluated for all combinations of training and test sets distributions, while in each iteration, training a classifier using a specific distribution and testing the trained classifier on all distributions. The optimal distribution that results with the highest detection accuracy is selected for that classifier. | 2009-12-03 |
20090300766 | BLOCKING AND BOUNDING WRAPPER FOR THREAD-SAFE DATA COLLECTIONS - A membership interface provides procedure headings to add and remove elements of a data collection, without specifying the organizational structure of the data collection. A membership implementation associated with the membership interface provides thread-safe operations to implement the interface procedures. A blocking-bounding wrapper on the membership implementation provides blocking and bounding support separately from the thread-safety mechanism. | 2009-12-03 |
20090300767 | METHOD FOR OUT OF BAND LICENSE ACQUISITION ASSOCIATED WITH CONTENT REDISTRIBUTED USING LINK PROTECTION - Particular embodiments generally relate to transferring data with first usage rights to a device and presenting the data by a receiving device by using different usage rights. The receiving device contacts one or more services that can determine what rights are available and can issue those rights to the receiving device. The receiving device can update the state across devices and services that maintain compliance with the usage rights. | 2009-12-03 |
20090300768 | Method and apparatus for identifying phishing websites in network traffic using generated regular expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation. | 2009-12-03 |
20090300769 | DETECTING GLOBAL ANOMALIES - Systems and methods of detecting distributed attacks that pose a threat affecting more than one node in the network. The distributed attacks include events that appear normal or innocuous when viewed locally at any node. The systems and methods include reference global profiles and detection global profiles corresponding to activities or events of interest on the network. | 2009-12-03 |
20090300770 | MECHANISM TO SEARCH INFORMATION CONTENT FOR PRESELECTED DATA - A method and apparatus for detecting preselected data embedded in information content is described. In one embodiment, the method comprises receiving information content and detecting in the information content a sequence of content fragments that may contain a portion of preselected data. The method further comprises determining whether a sub-set of these content fragments matches any sub-set of the preselected data using an abstract data structure that defines a tabular structure of the preselected data. | 2009-12-03 |
20090300771 | Electronic Device With Protection From Unauthorized Utilization - An electronic device has software for protecting the electronic device from unauthorized utilization. When executed, the software causes the electronic device to execute an application component, wherein the application component is configured to automatically ascertain whether the electronic device has been reported stolen, based on information received from a server system. The electronic device also automatically determines whether the application component is operating correctly, and if so, automatically provides a basic input/output system (BIOS) component of the electronic device with information indicating that the application component is operating correctly. During a subsequent boot process for the electronic device, the software automatically prevents the electronic device from completing the boot process if the BIOS component does not find the information from the application component indicating that the application component was operating correctly. Other embodiments are described and claimed. | 2009-12-03 |
20090300772 | METHODS FOR PREVENTING SOFTWARE PIRACY - A method for preventing unauthorized installation of application software is disclosed wherein application software is distributed with a user-readable permanent password, one or more user-readable one-time disposable password, and a hidden password (hidden from users but accessible by the setup program). When the setup program is run, the user must enter the permanent password and disposable password(s). The setup program sends these passwords and the target computer serial number to a remote server which verifies their validity, stores the serial number, and returns a complex password and a new disposable password from a remote passwords folder stored on the remote server. The setup program displays the new disposable password to the user who records it for use in future installations. The complex password is used to enable installation of the software, and it is deleted after installation is complete. Subsequent installation or re-installations, if authorized by the terms of the software license agreement, are performed using the same procedure, except that for each such installation, a new disposable password must be used. | 2009-12-03 |
20090300773 | SYSTEMS, METHODS AND APPARATUS FOR REDUCING UNAUTHORIZED USE IN A TELEVISION DISTRIBUTION SYSTEM - Systems, method and apparatus are described for reducing unauthorized usage in a television distribution system. A television receiver communicates with base stations of a wireless communication network. Based on the communications with the base station, the television receiver identifies its location and transmits the location information to a data collection system through the wireless communication network. The data collection system utilizes the location information to identify unauthorized uses of the television receiver. | 2009-12-03 |
20090300774 | ERROR AND EXCEPTION MESSAGE HANDLING FRAMEWORK - Described are systems and methods for counteracting attempts at unauthorized use of information systems. An error message generated in response to an error in the information system is received, where the error message includes a set of information describing the error. The received error message is then translated into an obfuscated message, where the obfuscated message replaces at least a portion of the set of information describing the error with a set of alternative information. The obfuscated message is then presented to a user via a user interface. | 2009-12-03 |
20090300775 | METHOD FOR SHARING RIGHTS OBJECT IN DIGITAL RIGHTS MANAGEMENT AND DEVICE THEREOF - A Digital Rights Management (DRM), and particularly a method for sharing a Rights Object (RO) of a certain DRM content between devices, wherein a certain device requests a Rights Issuer (RI) to upgrade its existing RO, and moves or copies the upgraded RO by the request to at least one or more other devices via a wired/wireless medium, thereby sharing the RO with the other devices. | 2009-12-03 |
20090300776 | COMPOSITIONS FOR PREVENTING, REDUCING OR TREATING KERATINOCYTE-MEDIATED INFLAMMATION - The present invention relates to the field of epidermal repair. More particularly, the invention concerns the use of a molecule able to inhibit a heteromeric receptor comprising OSMRβ as a subunit, for the preparation of a composition for inhibiting the expression of inflammatory factors by the keratinocytes. In particular, the invention concerns the use of antagonists and/or expression inhibitors of OSM, IL-17, TNFα, IL-31, IFN-γ, and/or the OSMRβ subunit, for the preparation of cosmetic or dermatologic compositions, especially for treating inflammatory skin diseases. | 2009-12-03 |
20090300777 | Novel apoptosis inducing factor and method of inducing apoptosis using the same - The purpose of the present invention is to provide a system in which an apoptosis-inducing factor is expressed in an expression promoter-dependent manner, which is not a system wherein a toxin is introduced externally, and a novel protein that can enhance an apoptosis signal used in the system. | 2009-12-03 |
20090300778 | Neutral Sphingomyelinase-E and Its Use - The present invention provides a neutral sphingomyelinase-3 (nSMase3), a nucleic acid encoding said nSMase3, a vector containing said nucleic acid, and cells and non-human organisms transformed or transfected with said nucleic acid sequence or vector. The invention furthermore relates to the use of said nSMase3 as pharmaceutical or diagnostic agent. Test systems for candidate active agents for their therapeutic potential in diseases connected with nSMase3 are also provided. | 2009-12-03 |