Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Network

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
726005000 Credential 2399
726004000 Authorization 1199
726011000 Firewall 815
Entries
DocumentTitleDate
20130031604Method and Apparatus for Remote Authentication - A computer-implemented authentication method includes receiving a request to access one or more features of a vehicle computing system (VCS) from an application running on a wireless device in communication with the VCS. The method further includes preparing a secure access rights request to a remote server including one or more characteristics associated with the application and sending the secure request from the VCS, through the wireless device to the remote server. The method additionally includes receiving a response to the request having been sent from the remote server through the wireless device. The method includes verifying the authenticity of the received response and updating a policy table including information from the received response, the information including at least an expiration trigger and access rights for the application. Also, the method includes validating the application for usage based at least on the information included in the updated policy table.01-31-2013
20120204226Method, Super Node-Core (SN-C) Node and System for Requesting and Storing Distributed Service Network (DSN) Authentication Information - A method, Super Node-Core (SN-C) node and Distributed Service Network (DSN) authentication system for requesting and storing DSN authentication information are provided, wherein the method for requesting the DSN authentication information includes: according to a user access request, judging whether a local SN-C node stores the authentication information of the user; when the local SN-C node stores the authentication information, initiating an authentication process directly; when the local SN-C node does not store the authentication information, requesting the authentication information from other SN-C nodes which store the authentication information of the user. The method, SN-C node and DSN authentication system for requesting and storing the DSN authentication information, by means of the distributed storage and authentication of the authentication information of the user, can acquire the authentication information from other SN-C nodes when a failure occurs in one of the SN-C nodes, and reduce the risk that a single authentication server is unable to perform the authentication and operation caused by the failure.08-09-2012
20120266216Registration of Applications and Complimentary Features for Interactive User Interfaces - An exemplary computer-implementable method includes receiving a call from an application executing on a host computer, the host computer having a collection of graphical user interfaces, and, in response to the call, registering the application whereby the registering comprises providing one or more entry points for the application wherein each entry point corresponds to at least one of the graphical user interfaces of the collection of graphical user interfaces. Various other exemplary methods, devices, systems, etc., are also disclosed.10-18-2012
20100088748Secure peer group network and method thereof by locking a mac address to an entity at physical layer - A system and method of locking media access control (MAC) address of each entity to the entity's identity for formation of a secure peer group is disclosed. The identity of each entity includes at least the public key from the public-private key pair from public key infrastructure (PKI) and the entities' MAC address. Using the unique identifying features a security server links and locks the MAC address of the entity to its identity so that no other entity can identify itself as the owner of that MAC address to the secure server. A group of such entities and secure server with locked MAC addresses form a qualified and verifiable secure peer group enabled to establish a secure LAN.04-08-2010
20130047210Systems and Methods for Providing Security When Accessing a User Account of a Browser-Based Communications Application - The embodiments described herein provide in one aspect, a method of providing security when accessing a user account of a browser-based communications application, the method comprising: providing a communications server, the communications server configured to access personal information management (PIM) data for the user account, the PIM data comprising a plurality of non-security data items; receiving, at the communications server, a connection request from a remote system, the connection request comprising at least one connection parameter of the remote system; determining if the at least one connection parameter of the remote system is acceptable based on at least one non-security data item of the plurality of non-security data items; allowing access to the user account based on said determining; and sending security awareness data for the user account from the communications server, the security awareness data comprising at least one second non-security data item of the plurality of non-security data items.02-21-2013
20130031609Device Ownership Security On A Network - A method for device ownership security is disclosed. The method includes storing an ownership record on a mobile device identifying a home network for the mobile device. The method further includes connecting, by the mobile device, to a foreign network. The method also includes receiving, from the home network, a negative communication based on an indication that the mobile device is at least one of stolen and lost as a second portion of the transaction. The method still further includes ceasing a function of the mobile device in response to the negative acknowledgment.01-31-2013
20130031608METHODS AND APPARATUS TO TRANSFER MANAGEMENT CONTROL OF A CLIENT BETWEEN SERVERS - An example network device includes a processor configured to execute an Open Mobile Alliance (OMA) Device Management (DM) server, the OMA DM server to perform operations of: participating in mutual authentication with a second OMA DM server; sending a notification to the second OMA DM server for notifying the second OMA DM server to proceed with a delegation process; and sending, to a DM client, information for modifying an access control list (ACL).01-31-2013
20130031607SOFTWARE DELIVERY MODELS - Generally, this disclosure describes software delivery systems (and methods). A server is provided that operates to provision software on a customer's local machine. The server system, in response to a software purchase from an end user (customer), is configured to install the software on the customer's machine, encrypt the software, and provision encryption keys to grant the customer access to the software. In addition, a software agent is installed on the customer's machine that enables monitoring, by the server, of the customer's installed software. The server system is configured to control customer access to the installed software, via the software agent, and to terminate customer access to the software (for example, for nonpayment of fees). Thus, the software provider can retain control over software that is remotely deployed at an end user location.01-31-2013
20130031606INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND PROGRAM - There is provided an information processing device, including: an acquisition unit for acquiring information transmitted from terminals; and a generation unit for generating a community according to a similarity degree between the information transmitted from a plurality of terminals, wherein, when a plurality of different types of information are transmitted from one terminal, the community generation unit counts, for each of the plurality of types of information, the number of terminals transmitting information similar to the information, and generates a community in which a user of a terminal is permitted to participate, the terminal transmitting information similar to information which the greatest number of terminals transmit information similar to.01-31-2013
20130031605Method and Apparatus for Probabilistic Matching to Authenticate Hosts During Distributed Denial of Service Attack - A system and method to track external devices attempting to connect to a protected network using probabilistic filters. When a connection from a new external device attempts to access the protected network, the memory of a protection system, which is organized as a probabilistic filter, is searched to determine if the IP address already exists in the memory of protection system. If the search locates the IP address, the protection system terminates the connection to the external device. If the search is negative, then protection device begins the authentication process for the external device.01-31-2013
20110191823Bump validation - A “bump” occurs when two devices at the same place at the same time indicate their intention to establish a connection for transferring information. A process for validating bumps is described.08-04-2011
20110191820System and Method for Restricting Access to a Computer System to Live Persons by Means of Semantic Association of Images - A system and method for restricting access to a computer system, resource, or network to live persons, and for preventing the execution of automated scripts via an interface intended for human interaction.08-04-2011
20090193502Authentication system, server apparatus and authentication method - An authentication system includes: a server apparatus; a terminal device; and an authentication device connected to the terminal device and used for authentication when establishing a session between the terminal device and the server apparatus. The server apparatus has an authentication request data creating unit configured to create authentication request data to authenticate the terminal device, and a sending unit configured to send authentication request data. The terminal device has a receiving unit configured to receive authentication request data, an authentication reply data creation requesting unit configured to request the authentication device to create authentication reply data, and a sending unit configured to send the authentication reply data. The server apparatus further has: an authentication processing unit configured to authenticate the terminal device based on the authentication reply data, and as a result of authentication, data is sent to the terminal device when the terminal device is authenticated.07-30-2009
20090193501DOCUMENT EVIDENCE AND ARTICLE RETRIEVAL AND IDENTIFICATION SYSTEM - The invention involves document evidence and article retrieval and identification system which provides solution to track a document, or article within a control environment. This solution provides the integrated human identity, embedded tracking devices into physical evidence record to enable tracking of movement by authorized person or personnel. The system is capable to capture and track the activities life cycle of the document, evidence, file or article life cycle using the tracking management system server. This invention provide highly security feature to integrate human identity for access authentication interrogative with the confidential document or evidence or file or article.07-30-2009
20080301777Hot standby server system - A server system has servers that can be operated through switching as a primary system and a standby system, and a shared disk unit for storing data accessed by the servers. Each of the servers has a driver that acquires information on a configuration inside the shared disk unit after starting of the system. The driver sets the shared disk unit in an active state in which an access request can be sent to the shared disk unit. Access control determines whether the access request issued by an application should be sent on the basis of a management table indicating inhibited types of access requests for each access destination. The access control sends the access request to the driver when the access request is not inhibited for an access destination of the access request. By this arrangement, hot standby switching processing can be performed at high speed.12-04-2008
20130086635SYSTEM AND METHOD FOR COMMUNICATION IN A NETWORK - A method for providing secure communication in an electrical power distribution network includes detecting an enhanced threat level in the electrical power distribution network. A plurality of configuration command messages including information related to a common configuration command are received. The common configuration commands are certified if the plurality of configuration command messages have originated from a threshold number of command sites. The method further includes executing the certified configuration command.04-04-2013
20130086634Grouping Multiple Network Addresses of a Subscriber into a Single Communication Session - An apparatus includes a processor, an interface, and a memory. The interface is operable to receive a request from a subscriber to access network services, wherein the request includes a subscriber address from the set comprising: an IP address and a media access control (MAC) address. The processor is operable to generate a query requesting an address associated with the subscriber address. The interface is further operable to communicate the query to the subscriber address, and receive a response to the query, wherein the response includes an address associated with the subscriber address, wherein the associated address is from the set comprising: an IP address and a MAC address. The memory is operable to store the subscriber address and the received associated address.04-04-2013
20110202973AUTHENTICATION SERVERS - An authentication server manages traffic data with respect to each connection device, the traffic data representing a traffic amount, with respect to the connection device, that is contained in a charging information notification signal that provides notification of charging information transmitted from the connection device, compares the traffic data with respect to each connection device with a preset threshold, and assigns one of a plurality of connection devices as a connection device that connects a communication terminal and a network based on the compared result.08-18-2011
20110202972NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE - A network authentication method, a method for a client to request authentication, a client, and a device are provided. The method includes: receiving synchronize (SYN) data sent by a client, where the SYN data includes a sequence number SEQ08-18-2011
20110202971Server-Based Data Sharing in Computer Applications - A computer-implemented method of sharing data between computer applications is discussed. The method includes receiving, at an application server sub-system of a hosted computer server system and from a first computing device that is remote from the hosted computer server system, commands interacting with an electronic document served by the application server sub-system, and receiving at the hosted computer server system a command to copy content from the electronic document to an electronic clipboard. The method also includes storing, at a clipboard server sub-system of the hosted computer server system, that is separate from the application server sub-system, data that represents the content, receiving a request for the stored data that represents the content, and delivering, from the clipboard server sub-system to a second computing device, the data that represents the content.08-18-2011
20080256604System for Managing Proprietary Data - A content distribution system (10-16-2008
20080256603Method and system for securing a commercial grid network - A method for securing a commercial grid network involves receiving a lease request from a client to lease a computing resource selected from multiple computing resources in the commercial grid network, mapping a unique identifier of the client to a security label selected from multiple unmapped security labels to obtain a client-label mapping based on the lease request, mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings, and authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.10-16-2008
20080256602Filtering Communications Between Users Of A Shared Network - Methods, systems, and products are provided for filtering communications between users of a shared network. Embodiments include receiving a communication from a sender for delivery to a recipient; retrieving a receipt policy for the recipient; retrieving a profile for the sender; determining whether the sender's profile complies with the receipt policy for the recipient; delivering the communication to the recipient if the sender's profile complies with the receipt policy for the recipient; and blocking the communication if the sender's profile does not comply with the receipt policy for the recipient.10-16-2008
20080256601Strategies for Controlling Use of a Resource that is Shared Between Trusted and Untrusted Environments - A strategy is described for controlling access to a resource which is shared between a trusted environment and an untrusted environment. The resource can represent a clipboard module. The trusted environment can include trusted client functionality, while the untrusted environment can include potentially untrusted network-accessible entities (e.g., websites) which seek to access the clipboard module. The strategy provides a security presentation which notifies a user when a network-accessible entity is attempting to access the clipboard module, identifying the entity which is making the attempt, together with the nature of the information being read or added to the clipboard module. The security presentation invites the user to approve or deny the particular attempt (or all such attempts from the network-accessible entity), and/or clear the clipboard module. The security presentation does not block the user's interaction with other parts of a user interface presentation.10-16-2008
20120246700QoS CHANNELS FOR MULTIMEDIA SERVICES ON A GENERAL PURPOSE OPERATING SYSTEM PLATFORM USING DATA CARDS - A SIP (session initiation protocol) service activation abstraction layer that provides a unified interface to upper layer applications for discovering, establishing, and managing the QoS connectivity. In one implementation, this is IP Multimedia Subsystem-centric, further supporting applications that utilize SIP for session control. This capability extends to the data card universe allowing UMTS data card vendors to establish concurrent QoS-based sessions using multiple primary PDP (packet data protocol) contexts based on a set of SIP triggers, further allowing applications running on a computing system to transparently utilize the established pipes based on the individual QoS requirements.09-27-2012
20100077447Authentication techniques - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner.03-25-2010
20100115587Authentication system and terminal authentication apparatus - After checking a receiving message appearing on an output device, a network administrator inputs an authentication result to a setting terminal using an input device, such as a keyboard. Upon receiving the authentication result from the network administrator, the setting terminal registers, if the received authentication result is permission to access a network device, a MAC address of a traveling employee's terminal that is the sender of the authentication request in the network device as an access permitted terminal. After the registering in the network device is completed, the setting terminal sends the authentication result indicative of permission to access the network device to the employee's terminal, i.e., the sender of the authentication request.05-06-2010
20100115585METHOD AND SYSTEM FOR SECURING A THIRD PARTY COMMUNICATION WITH A HOSTING WEB PAGE - A method and system for securing hosting web pages from malicious third party modules. The method includes uploading a third party module to a hosting web page; validating a proxy API call received from the third party module, wherein the proxy API call includes at least a payload parameter provided by the third party module; generating an engine API call including at least the payload parameter; validating the engine API call; and executing the payload parameter if the engine API call is validated.05-06-2010
20130086636SYSTEM AND METHOD FOR RESTRICTING PATHWAYS TO HARMFUL HOSTS IN COMPUTER NETWORKS - System and methods for restricting accessibility to harmful content on a computer network. Network pathways are explored to study a plurality of investigated hosts from a plurality of diverse entry points into the computer network. The investigated hosts are checked whether they are malicious hosts believed to contain harmful content. For any of the investigated hosts that are malicious hosts, intermediary hosts having connectors to those malicious hosts are identified based on the exploring of the network pathways. An access restriction is associated with each of the intermediary hosts, which can be used to block or otherwise restrict access to the intermediary hosts, which may or may not themselves contain malicious content.04-04-2013
20130081108Providing Operation Services for Networks via Operations Service Servers - Systems and methods of provide operations services for networks through an operations service switch. Multiple customers of the operations service may obtain operations service through the operations switch, as opposed to implementing operations services themselves. Operations service servers are in communication with the operations switch so as to be available for providing operations services to the customer accessing the operations switch. The operations switch may then establish communication links between the customer networks and the operations service servers to facilitate a centralized manner of providing operations services to the customer networks.03-28-2013
20130081107APPARATUS, METHOD, AND PROGRAM FOR VALIDATING USER - User validation accuracy is improved without inconveniencing a user. When an authentication request packet is received from a terminal and the authentication is successful based on a user ID and a password, an HTTP header, user-agent information, and access source IP address are extracted from the packet, and user authentication is performed by verifying the IP address and the user-agent information against usage history information where at most two sets of the IP address and the user-agent information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information.03-28-2013
20130036453SYSTEM, METHOD AND USER INTERFACE FOR NETWORK STATUS REPORTING - A method and user interface for informing a user of the status of a network connection are provided. Conventionally, the “connected” icon in the system tray only informs the user that the computer is linked to a network medium, such as an Ethernet or wireless access point. This icon does not indicate whether a routable IP address has been obtained. In this invention, an icon is used to inform the user that the network connection is disabled, connecting, connected (routable IP address obtained), or in a warning state. The warning state indicates that a non-routable IP address (e.g. auto net address) has been obtained, which will likely be unsatisfactory to the user. However, when connected to an 802.11 ad-hoc network, or when IP status checking is disabled, a non-routable IP address is deemed acceptable, and thus the “connected” icon is displayed.02-07-2013
20130036451SYSTEM AND METHOD FOR CLIENT-SERVER COMMUNICATION FACILITATING UTILIZATION OF AUTHENTICATION AND NETWORK-BASED PROCEDURE CALL - System and method for setting up a data communication are disclosed. Method includes facilitating authenticating a module of a client computing device for the data communication. Method includes facilitating authenticating a module of a server for the data communication. Method includes authenticating an encoding for a network-based procedure call interface for the server. Method includes binding the network-based procedure call interface to a protocol for a gateway interface of the server. Method includes facilitating verifying that a message size of a message transmitted to a module of the client computing device or to a module of the server is within a message size range. Method includes facilitating creating a tunnel to a module of the server, wherein the tunnel is for the data communication. Method includes facilitating creating a channel within the tunnel, wherein the channel is for the data communication.02-07-2013
20130036452USER AUTHENTICATION METHOD, USER AUTHENTICATION DEVICE, AND PROGRAM - Provided is a user authentication method including reproducing sound data of which a sound source in a first position of a space around a user is virtually localized using a Head-Related Transfer Function (HRTF) of the user toward the user, acquiring a second position of the space around the user, the second position being estimated by the user who has listened to the reproduced sound data as a position of the sound source; and authenticating the user according to a coincidence between the first position and the second position.02-07-2013
20130036450AUTOMATIC DISABLING OF ENABLED CONNECTION PROFILE FOR WIRELESS NETWORK - To reduce automatically a number of enabled connection profiles in a mobile station, for example, while the number of enabled connection profiles is at its maximum, a mobile station automatically selects one of the existing enabled connection profiles to disable and automatically disables the auto-selected connection profile.02-07-2013
20120210395NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.08-16-2012
20130042305FACEMAIL - Systems and methods are disclosed for generating, sending, and delivering a message addressed using an image of an intended message recipient of the message. In one embodiment, a central server receives a message including an image of an intended message recipient from a first user device of a first user. The central server then identifies a second user as the intended message recipient based on the image of the intended message recipient. Then, before delivering the message, the central server obtains an image of a user at a second user device associated with the second user and sends the image to the first user device where the image is presented to the first user. Upon receiving authentication from the first user device that the user at the second user device is the intended message recipient, the central server delivers the message to the second user device of the second user.02-14-2013
20130042303COGNITIVE PATTERN RECOGNITION FOR SECURITY ACCESS IN A FLOW OF TASKS - Implementing security access includes receiving a request to perform an activity over a network and administering a cognitive test responsive to the request. The administering includes randomly selecting a set of related images from a database of images, randomly selecting one image that is unrelated to the set of related images, displaying the set of related images along with the image that is unrelated to the set of related images, and prompting a user to identify the image that is unrelated to the set of related images. Implementing the security access also includes processing results of the cognitive test, and executing the activity when it is determined from the processing that the cognitive test has been successfully completed.02-14-2013
20130042302COGNITIVE PATTERN RECOGNITION FOR COMPUTER-BASED SECURITY ACCESS - Implementing security access includes receiving a request to perform an activity over a network and administering a cognitive test responsive to the request that includes a set of images and an instruction to identify a cognitive pattern in the set of images. Implementing the security access also includes processing results of the cognitive test, and executing the activity when it is determined from the processing that the cognitive test has been successfully completed.02-14-2013
20130042301Authentication Control In Low-Power Lossy Networks - Techniques are provided for the controlled scheduling of the authentication of devices in a lossy network, such as a mesh network. An authenticator device that is configured to authenticate devices in a lossy network receives an authentication start message from a particular device to be authenticated. The authenticator device determines a schedule for engaging in an authentication procedure for the particular device based on an indication of current network utilization.02-14-2013
20130042304SYSTEM AND METHOD FOR HANDOVER BETWEEN INTERWORKING WLAN AND EUTRAN ACCESS SYSTEMS - This invention relates to the area of Mobility and Handover between heterogeneous wireless networks. The scope of the invention also covers the case when the UE is capable of accessing both the WLAN and EUTRAN access systems simultaneously and also the case where the UE is not capable of accessing both the WLAN and EUTRAN access systems simultaneously. This invention provides a system and method to perform Mobility between the access systems with optimized authentication procedure using security context transfer between the access systems and also minimize the data loss by buffering the data during the handover. More specifically, this invention provides a system and method to support handover between the I-WLAN and the EUTRAN access systems.02-14-2013
20100100933APPARATUS AND METHOD FOR TRANSITIONING ACCESS RIGHTS FOR ROLE-BASED ACCESS CONTROL COMPATIBILIITY - Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table.04-22-2010
20130139218SOFT METHOD FOR LOCAL SECURE CONNECTION TO A DEVICE - A system for pairing two devices includes a monitoring system and a server. The monitoring system receives a request made by a local submitter, such as servicing device or a technician operating the servicing device, for accessing diagnostic data of the monitoring system. The monitoring system initiates a request made to the server for connecting the monitoring system with the servicing device. The server generates pairing information and transmits the pairing information to the monitoring system. The server determines that a pairing key is received as input at the servicing device and/or monitored device and determines if the pairing key matches the pairing identification. If the server determines that there is a match, the server relays diagnostic data received from the monitoring system to the servicing device.05-30-2013
20090165090METHODS, SYSTEMS AND PROGRAM PRODUCTS FOR CREATION OF MULTIPLE VIEWS AND OPTIMIZED COMMUNICATIONS PATHWAYS BASED ON PERSONAL DESCRIPTORS - Multiple views and optimized communications pathways of personal descriptors are provided over a communications network for a globally accessible contact list of contacts in a database. User descriptors are automatically populated in a dynamic repository, and subsequently form personal descriptors. User queries and contact information are received anonymously and stored in a dynamic repository, based on adding the contact to an instant messaging roster state database, where the contact information is categorized, based on identifiable relationships between user descriptors and a group of user defined rules. Such user contact information is transmitted and/or received to and/or from contacts in the globally accessible contact list so as to share presence and access information, and where the user is an authorized user providing varying levels of access information. Sharing access to the personal descriptor includes the use of a communications broker, rendering an animated personal descriptor and completing social and business interactions.06-25-2009
20100043059Trusted Electronic Communication Through Shared Vulnerability - A method for using shared vulnerability to provide trusted communication services between systems is disclosed. For example, a server may deny access to a service which renders it vulnerable to an untrusted client unless access to a useful vulnerability is received from the client. That is, the server may trust the client because any misuse by the client may result in the server exploiting the shared vulnerability. A system may request access to a service on another system to perform some transaction. Upon receiving this request, the server may determine a vulnerability of the client useful in deterring or stopping unwanted actions. The server may request access to this vulnerability. Once this vulnerability has been granted to the server, the server may then grant access to the requested service to the client.02-18-2010
20100043058SYSTEM AND METHOD FOR FACILITATING USER AUTHENTICATION OF WEB PAGE CONTENT - System and method for facilitating user authentication of web page content are described. In one embodiment, the method comprises receiving a request from a web browser for web page content; and responsive to receipt of the request, providing to the web browser the requested web page content and associated digitally signed content; wherein prior to display of the web page content by the web browser, the digitally signed content is evaluated by a plug-in portion of the web browser to determine whether the digitally signed content is verified, indicating that a provider of the web page content is trustworthy.02-18-2010
20090158395METHOD AND APPARATUS FOR DETECTING DOWNLOADABLE CONDITIONAL ACCESS SYSTEM HOST WITH DUPLICATED SECURE MICRO - A method where a Downloadable Conditional Access System Provisioning Server (DPS) detects a duplicated secure micro is provided. A method of detecting a duplicated secure micro, the method including: generating authentication time difference information associated with a value of a difference between a time when a host is finally authenticated in a first address and a time when the host is authenticated in a second address; comparing the authentication time difference information with a first reference value and a second reference value, the second reference value being less than the first reference value; and determining whether the secure micro is duplicated based on a result of the comparing.06-18-2009
20090158394SUPER PEER BASED PEER-TO-PEER NETWORK SYSTEM AND PEER AUTHENTICATION METHOD THEREOF - Provided are a super peer based P2P network system and a peer authentication method thereof. The authentication method includes a first authentication process and a second authentication process. In the first authentication process, a user and a peer which want to use a P2P network are verified by submitting authentication information and a public key infrastructure (PKI) certificate, and receive the permission of connection. In the second authentication process, a user and a peer requesting the use of a specific service are authenticated by using an authentication ticket and a service access-permitted time is limited in order to reinforcing the security of the specific service, which is searched in the P2P network and provided by the peer. Accordingly, the service providers can verify users more securely and limit the service available time of each user with respect to a specific service provided by the peer by using the lifetime of the ticket.06-18-2009
20090158393Delegation of user's consent in federation of services and identity providers - The present invention is aimed to provide a mechanism whereby any person can have user's attributes in a web service provider for sharing with a web service consumer, even if such person is not enabled to provide user's consent to share such user's attributes, and provided that other persons at a hierarchically higher position are enabled to provide such user's consent instead of the owner of the user's attributes, whilst respecting high requirements on privacy for both. Therefore, the present invention provides for a number of cooperating entities and a new method, the cooperating entities being configurable in such manner that delegation modules comprising different relationships of user's consent may be distributed among some of the cooperating entities, and transmitted between the number of cooperating entities, depending on the required level of privacy set on a per network basis and on a per user basis.06-18-2009
20090158392DYNAMIC AUTHENTICATION GATEWAY - A dynamic authentication broker is configured to process authentication requests received from a network access server formatted in any of a plurality of protocols and received over any of a plurality of ports. Processing authentication requests may include authenticating and/or authorizing a particular user, user device and/or network access server.06-18-2009
20100107224Techniques for authenticated posture reporting and associated enforcement of network access - Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.04-29-2010
20100107223Network Access Method, System, and Apparatus - A network access method is disclosed. The method includes: by an access authenticator, receiving a Discover message sent by a client, returning a response message, and obtaining first configuration information used by the client during authentication, where the Discover message is used to discover the access authenticator; authenticating the client or interacting with an authentication server (AS) to authenticate the client remotely as an agent of the client; and sending a configuration request message to a configuration server to request second configuration information used by the client during a session after the authentication succeeds. A network access system, an access authentication apparatus and a broadband access device are also disclosed. The present invention can assure the stability of authentication.04-29-2010
20100107222METHOD AND APPARATUS FOR IMPLEMENTING SECURE AND ADAPTIVE PROXIES - Methods and apparatus for implementing common authentication and security policies across applications served over a data transmission network, such as the internet, http or https, are disclosed. The common authentication and security policies are implemented without mandating specific changes to be applied to the applications themselves. An authentication process can be dynamically performed based on different needed security levels. Applications can be graphical (e.g., web) or voice in nature and can use any applicable and available security method.04-29-2010
20100107221Network Service Provision Method, Network Device, Network Server and Network - Disclosed is a method of providing a service to a network device from a group of network devices, some but not all of the network devices being subscribed to said service, the method comprising determining which network devices of the group are not subscribed to said service in response to a service request from one of the network devices of said group; querying at least the network devices of the group that are subscribed to said service for permission to at least temporarily share the service with an unsubscribed network device; and at least temporarily providing the service to at least some of the unsubscribed network devices in response to a positive response to said query from at least one of the subscribed network devices. A network, network device and network server that can implement various aspects of this method are also disclosed.04-29-2010
20100107220SECURE CONSULTATION SYSTEM - A secure consultation system is disclosed that enables an owner entity to securely store its most secure and private data such that designated entities of the owner entity and a consultant entity can execute application programs on that data and thus, to consult on the operation and correctness of the application programs and the data.04-29-2010
20100031315Systems and methods for protecting against denial of service attacks - Systems and methods utilizing the network layer and/or application layer to provide security in distributed computing systems in order to thwart denial of service attacks. The systems and methods of the present invention utilize puzzles placed at the network layer level and/or application layer level to protect against denial of service attacks. Further, the systems and methods of the present invention advantageously provide a robust and flexible solution to support puzzle issuance at arbitrary points in the network, including end hosts, firewalls, and routers and thereby a defense against denial of service attacks.02-04-2010
20120216255Attesting a Plurality of Data Processing Systems - A technique for attesting a plurality of data processing systems. The method includes: configuring a chain of data processing systems wherein a first data processing system is responsible for retrieving attestation data associated with a second data processing system; sending a request for attestation of the first data processing system; in response to receiving the request, retrieving a list of associated one or more children, wherein the one or more children comprise the second data processing system; retrieving and storing attestation data associated with each child; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first and second data processing systems, such that the attestation data associated with the first and second data processing systems can be used to attest the first and second data processing systems, respectively.08-23-2012
20130047211METHOD AND APPARATUS FOR NETWORK SESSION VALIDATION - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive a first token indicating that access to the resource has been requested and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may indicate that the resource is associated with a virtual private network of the link layer of the open systems interconnection model. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token.02-21-2013
20120167176METHOD AND APPARATUS FOR PAIRING BETWEEN BLUETOOTH DEVICES - A method and apparatus for pairing between Bluetooth devices, If a pairing between Bluetooth devices is requested, a six-digit passkey is generated in an authentication process based on secure simple pairing (SSP). If a Bluetooth device (BD) address of a correspondent device is pre-registered and there are characters designated to the BD address, the designated characters instead of the passkey are outputted.06-28-2012
20130047212Wireless Internet-Accessing Module, Host, Communication Method Thereof, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format, and sending the encapsulated uplink interaction information to the host side.02-21-2013
20100071033AUTHENTICATION COORDINATION SYSTEM, TERMINAL APPARATUS, STORAGE MEDIUM, AUTHENTICATION COORDINATION METHOD, AND AUTHENTICATION COORDINATION PROGRAM - In remotely coupling one terminal apparatus to a server apparatus, if an authentication processing of a user of one terminal apparatus has been already completed, the user can switch one terminal apparatus to another without an additional authentication processing. Authenticated information indicating that the authentication of the user has already been successfully completed is transferred to another terminal apparatus by coordinating the authenticated information between more than one terminal apparatuses. Another terminal apparatus receives a service from the server apparatus using the authenticated information. Upon coordinating the authenticated information among more than one terminal apparatuses, another terminal apparatus to receive the authenticated information may be authenticated. A storage medium which conducts the authentication may be coupled to a terminal apparatus to be authenticated.03-18-2010
20090044250Embedded Self-Contained Security Commands - A set of commands is provided to a system for execution in order to modify a security related aspect of the system. The system executes the set of commands absent an intervening command being executed.02-12-2009
20090044249SYSTEMS, METHODS AND COMPUTER PRODUCTS FOR A SECURITY FRAMEWORK TO REDUCE ON-LINE COMPUTER EXPOSURE - Systems, methods and computer products for a security framework to reduce on-line computer exposure. Exemplary embodiments include a computer security method, including initiating a computer session on a first computer, receiving a grace period entry into the first computer, monitoring mouse and keyboard on the first computer activity during the computer session, monitoring long-running jobs initiated on the first computer during the computer session, monitoring authorized computer access of a plurality of computers to the first computer, determining which computers of the plurality of computers can access the first computer and for what time period and terminating computer traffic related to the first computer in response to an expiration of the grace period.02-12-2009
20090307754METHODS, SYSTEMS, AND STORAGE MEDIUMS FOR IMPLEMENTING ISSUE NOTIFICATION AND RESOLUTION ACTIVITIES - Exemplary embodiments include methods, systems, and storage mediums for implementing issue notification and resolution activities. A method includes receiving a request for access to a network service from an end user client system associated with an account. Upon determining an issue is associated with the account, the method includes flagging a user profile for the account to reflect the issue. Flagging accounts includes assigning a unique flag for each type of issue for determining a location for routing the request associated with flagged user profiles. The method also includes redirecting the request for access to a web server of the service provider network. Upon successful resolution of the issue, the method includes providing access to the network service for the end user client system.12-10-2009
20090307753NETWORK ACCESS CONTROL SYSTEM AND METHOD FOR DEVICES CONNECTING TO NETWORK USING REMOTE ACCESS CONTROL METHODS - A system and method for network access control (NAC) of remotely connected devices is disclosed. In embodiments, agents support role mapping and policy-based scanning. Embodiments automatically perform authentication, assessment, authorization, provisioning, and remediation. Capabilities include user authentication, role-based authorization, endpoint compliance, alarms and alerts, audit logs, location-based rules, and policy enforcement. Processes collect information about the user as well as the host being used from sources including, but not limited to, LDAP, the remote access device, and the agent. Once this data has been obtained, embodiments construct a comprehensive model of the host. This model is subsequently used to govern the actual host's network access when it connects to the network. Passive monitoring includes vulnerability scanning to control access rights throughout the duration of the connection.12-10-2009
20090307751PRESERVING SECURITY ASSOCATION IN MACSEC PROTECTED NETWORK THROUGH VLAN MAPPING - According to one general aspect, a method of using a network device may include receiving, via an ingress port, a data packet that includes a payload portion, a source network address and a destination network address. In various embodiments, the method may also include determining if the data packet includes a security tag that includes a role based authentication tag. In some embodiments, the method may include, if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address.12-10-2009
20090307750Internet-based access controlled consumption of content and services using client-side credentials - System and methods for controlling access to internet content, comprising: a web-server; a client computer comprising a web-browser, communicating with the web-server over the internet; means for adding at least one characteristic of the client computer user to a web-page request sent from the client computer to the web-server; means for identifying the at least one characteristic of the client computer user; and means for selectively responding to the web page request, based on said at least one characteristic.12-10-2009
20130091546Transmitting Authentication Information - The invention relates to a session control entity, a subscriber data entity, method and a computer program product for registering a user to a network, obtaining authentication information for the user and transmitting the authentication information to a subscription entity of the network during a registration of the user. 04-11-2013
20120192251DETERMINING TRUST DATA FOR DEVICES IN A NETWORK - In an embodiment, a first device detects a first interaction between the first device and a second device. The first device assigns a first rating of the first interaction. The first device calculates an internal trust for the second device based on the first rating and a first time since the occurrence of the first interaction. The first device receives trust data from a third device. The first device calculates a community trust for the second device based on the trust data and an internal trust that the first device has for the third device. The first device calculates a total trust that the first device has for the second device based on the community trust and the internal trust that the first device has for the second device. If the total trust is less than a minimum threshold, the first device disallows a second interaction.07-26-2012
20090094680ACCESS MANAGEMENT FOR WIRELESS COMMUNICATION - Provisioning and access control for communication nodes involves assigning identifiers to sets of nodes where the identifiers may be used to control access to restricted access nodes that provide certain services only to certain defined sets of nodes. In some aspects provisioning a node may involve providing a unique identifier for sets of one or more nodes such as restricted access points and access terminals that are authorized to receive service from the restricted access points. Access control may be provided by operation of a restricted access point and/or a network node. In some aspects, provisioning a node involves providing a preferred roaming list for the node. In some aspects, a node may be provisioned with a preferred roaming list through the use of a bootstrap beacon.04-09-2009
20090094679Detection and Management of Controlled Files - A remote device may receive a policy definition, search a file system for files that are to be protected, and disposition identified files to protect the files. After completing the protection, a report is generated and transmitted to a centralized location. The policy definition may include keywords, directory paths, metadata, or other information that may be used to identify files for protection. After identification, the files may be dispositioned by removal, tagging, encrypting, applying rights management, or other actions.04-09-2009
20130074156METHOD AND SYSTEM FOR EXECUTION MONITOR-BASED TRUSTED COMPUTING - A system and method to ensure trustworthiness of a remote service provided by a service provider. The method includes monitoring runtime dependencies invoked during execution of a service transaction associated with the remote service, the service transaction being requested by a service requester. The method further includes determining whether a deviation exists between the runtime dependencies and a trusted list of dependencies associated with the remote service. The method also includes blocking execution of the service transaction based on determining that the deviation between the runtime dependencies and the trusted list of dependencies exists.03-21-2013
20130074155NETWORK APPARATUS BASED ON CONTENT NAME, METHOD OF GENERATING AND AUTHENTICATING CONTENT NAME - A method of generating and authenticating a content name in content-centric networking (CCN) and a network apparatus are provided. A content name generation method includes generating authentication information using a secret key shared by network apparatuses that belong to a domain in content-centric networking (CCN); and generating a content name that includes the authentication information.03-21-2013
20130074154PUBLIC NETWORK ACCESS SERVER HAVING A USER-CONFIGURABLE FIREWALL - A user-configurable firewall and method in which a user-changeable security setting for a client computer is maintained by an access server through which a user accesses the public network. The user-changeable security setting can be used to specify which outside computers or network devices may access the client computer and what type of access to the client computer is allowed. If an attempt to access the client computer is made, the user-configurable security setting is checked to determine if the attempted access is allowed by the current security setting. If the attempted access is allowed by the current security setting, access is allowed to the client computer; otherwise, access is not allowed. If the user changes the user-configurable security setting, the changes to the user-configurable security setting are provided to the access server.03-21-2013
20130074151Online Business Method, System and Apparatus Based on Open Application Programming Interface - The present disclosure introduces a method, a system and an apparatus of implementing online transaction according to Open API. In one aspect, a method includes: receiving a first invocation request to invoke an Open API from a third party development server according to a user's transaction request; determining an ISP server corresponding to the Open API as requested to be invoked in the invocation request; sending the first invocation request to the determined ISP server; receiving a service page returned by the ISP server according to the first invocation request; and sending the service page to the third party development server for processing the service page and sending the processed service page to the user, the processing comprising embedding the service page into a page corresponding to the transaction request.03-21-2013
20130074150Presenting Visual Challenges for Verifying Human Interaction - A computing device-implemented method includes providing a presentable visual challenge for determining if access should be granted. The visual challenge includes presenting obscured text wherein the manner in which the text is obscured changes over a period of time. The method also includes determining if a received response substantially matches the text to determine if access should be granted.03-21-2013
20130074157IMAGE PROCESSING APPARATUS IN WHICH PROCESS TO BE EXECUTED TO IMAGE IS LIMITED, IMAGE PROCESSING PROGRAM PRODUCT EXECUTED THEREBY, MANAGEMENT SERVER EXECUTING PRESCRIBED PROCESS TO IMAGE TRANSMITTED FROM THE IMAGE PROCESSING APPARATUS, AND INFORMATION PROCESSING PROGRAM PRODUCT EXECUTED THEREBY - In order to cause a management server to execute a process desired by a user and to be shared by a plurality of users, an image processing apparatus capable of communicating with the management server includes a scanner inputting image data, an authentication information input unit inputting information necessary for authenticating a user, an authentication information send unit for transmitting the input authentication information to the management server, an additional function list receiver receiving from the management server, in response to the transmission of the authentication information, an additional function list for specifying an additional function registered in association with the user among the additional functions executed by the management server, an additional function selector accepting designation of the additional function, and an additional function select information transmitter transmitting the specified additional function and the input image data to the management server.03-21-2013
20130074152METHOD AND DEVICES FOR SECURITY ASSOCIATION (SA) BETWEEN DEVICES - In one aspect, there is provided a method and apparatus for security association (SA) upon communication between devices. When a mobile device is connected to another mobile device without subscribing to a specific service or a private network, SA may be established. For example, the SA may be used for resource saving and secure connections of resource poor devices (for example, a medical patch) having a relatively poor resource, such as insufficient battery power or computing power.03-21-2013
20130074153PUBLIC NETWORK ACCESS SERVER HAVING A USER-CONFIGURABLE FIREWALL - A user-configurable firewall and method in which a user-changeable security setting for a client computer is maintained by an access server through which a user accesses the public network. The user-changeable security setting can be used to specify which outside computers or network devices may access the client computer and what type of access to the client computer is allowed. If an attempt to access the client computer is made, the user-configurable security setting is checked to determine if the attempted access is allowed by the current security setting. If the attempted access is allowed by the current security setting, access is allowed to the client computer; otherwise, access is not allowed. If the user changes the user-configurable security setting, the changes to the user-configurable security setting are provided to the access server.03-21-2013
20130074149RE-AUTHENTICATION TIMER FOR USER EQUIPMENT - A device receives, from a user equipment (UE), a first request to access a first packet data network (PDN), and receives authentication information from the UE. The device also grants, based on the first request, the UE access to the first PDN when the authentication information authenticates the UE. The device further receives, from the UE, a second request to access a second PDN, and determines whether a re-authentication timer associated with the second PDN has expired before granting the UE access to the second PDN.03-21-2013
20130061285METHOD AND SYSTEM FOR PROVIDING BEHAVIORAL BI-DIRECTIONAL AUTHENTICATION - An approach for authenticating parties engaged in a web-based transaction without compromising the integrity or anonymity of the parties is described. An authentication platform receives, from a first application associated with a first party, an authentication request that has been redirected in response to a transaction initiated with a second application associated with a second party. The authentication platform forwards knowledge based assessment information to the first application that is based on determined behavioral information for authenticating the second party to the first party. A valid response to the knowledge based assessment information by the first application provides authentication of the first party to the second party.03-07-2013
20130061287METHOD FOR AUTHENTICATING A STORAGE DEVICE, MACHINE-READABLE STORAGE MEDIUM, AND HOST DEVICE - A method for authentication, by a host device, of a storage device having a plurality of unit storage areas comprises acquiring information on the distribution of locations of defect referenceive areas to be used for uniquely identifying the storage device, sampling the unit storage areas of the storage device, identifying the distribution of locations of physically defective areas among the sampled areas, determining the similarity between the acquired distribution of locations and the identified distribution of location, and authenticating the storage device according to the result of the determination.03-07-2013
20130061286Wireless Internet Access Module, Communication Method for Host and Wireless Internet Access Module, and Data Card - A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format.03-07-2013
20090271845METHOD AND DEVICE FOR INITIATING SESSION - A method and device for initiating a session are disclosed. The method includes: receiving a session triggering message from a Data Synchronization or Device Management (DS/DM) server, where the message carries indication information indicating whether to report at least one of security authentication information and device information; and if the at least one of the security authentication information and the device information needs to be reported, sending a session initiation message carrying the required information to the DS/DM server.10-29-2009
20090055897SYSTEM AND METHOD FOR ENFORCING NETWORK DEVICE PROVISIONING POLICY - Systems and methods are provided for enforcing a network device provisioning policy. In one embodiment, a method may employ a computer based system to restrict access to data center resources, receive provisioning requests for access to the data center resources, authorize the provisioning requests after compliance with the network provisioning policy and allow the network device to access authorized data center resources. In another embodiment, a system includes interfaces for provisioning policy, request and task status information. The information provided by these interfaces is then used to determine compliance with applicable network device provisioning policies and restrict or allow access to the data center resources according to the provisioning policy.02-26-2009
20090055896NETWORK CONNECTION CONTROL PROGRAM, NETWORK CONNECTION CONTROL METHOD, AND NETWORK CONNECTION CONTROL SYSTEM - The present invention prevents a computer, which is infected by an unauthorized program such as a virus or spyware when the computer is brought out, from being connected with a secure network such as an intracompany LAN. When a user terminal is started, a connection with the intracompany LAN is attempted. Then, a network connection is temporarily stopped and an environment is compared with the one where the user terminal operated at a previous time. When there is no difference between both of the environments, the connection with the intracompany LAN is restored. However, when it is determined that the user terminal is connected with a network other than the intracompany LAN when the user terminal was operated at a previous time, an inspection for a virus or the like is executed by a USB memory where the latest anti-virus software is stored. After it is confirmed that the user terminal is safe, the connection with the intracompany LAN is restored.02-26-2009
20120117624Method and Apparatus for use in an IP Multimedia Subsystem - A method is provided for use in an IP Multimedia Subsystem, IMS, in which a Serving 5 Call Session Control Function, S-CSCF, of the IMS cooperates with a Home Subscriber Server, HSS, of the IMS, to lock a user following a predetermined number of failed authentications of the user at the S-CSCF and/or to unlock that user thereafter, with any request received from the user at a node of the IMS where the lock is in effect and requiring an authentication challenge being caused by the node to be rejected. In one example, a locking signal is sent from the S-CSCF to the HSS, following the predetermined number of failed authentications, to indicate to the HSS that the user should be locked at the HSS. The locking signal could be carried by a Server Assignment Request, SAR, message. In another example, the user is unlocked at the S-CSCF in response to receipt of an unlock signal sent from the HSS to the S-CSCF. The unlock signal could be carried by a Registration Termination Request, RTR, message.05-10-2012
20120117623SECURE NETWORK CONNECTION - The invention provides for a method for use in a mobile radio communications network connection procedure and including the step of rejecting at a mobile radio communications device a handover request from a network responsive to determination of support of the security algorithm associated with the handover, and for a mobile radio communications device arranged to determine support of security algorithms as proposed by the network, preferably at AS level, within a handover command, and to provide notification to the network of rejection of the connection due to non-support of the algorithm.05-10-2012
20120117622DYNAMIC NETWORK ACCESS CONTROL METHOD AND APPARATUS - A method of network access control identifies, in response to a request by an end node to access a network, attributes of the end node and of a device receiving the request. Based on the attributes, a network access control implementation is selected from a plurality of network access control implementations to apply to the request.05-10-2012
20120117621SYSTEMS AND METHODS FOR MANAGING DOMAIN NAME SYSTEM SECURITY (DNSSEC) - The present invention is directed towards systems and methods for providing multiple modes of a zone for DNSSEC by an intermediary device. The method includes providing, by a device intermediary to a plurality of clients and a plurality of servers, a plurality of modes of a zone for Domain Name Service. The device receives a selection of a first mode of the zone of the plurality of modes of the zone. The device receives information identifying to enable DNS Security for the selected first mode. The device establishes the zone for DNS in accordance with the selected first mode and with DNS Security enabled.05-10-2012
20130067535APPARATUS AND METHOD FOR CONTROLLING A NETWORK CONNECTION - An apparatus and method for controlling access to a network in portable terminal based on a characteristic of an application may determine the characteristic of the application based on at least one of a reference security level of the application, a reference data amount of the application, and a reference speed of the application, and may select a network to be connected to from among available networks based on the characteristic of the application when executing the application.03-14-2013
20130067536INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING PROGRAM - An information processing apparatus includes an generating section that generates authentication operation data from an input type associated with the type of the appliance in appliance data and stores the authentication operation data in a storage device, an transmitting section that transmits the authentication operation data to a gateway apparatus, an acquiring section that receives, from the gateway apparatus, input operation data input from an input device of an appliance and stores the input operation data in the storage device, and an collating section that compares the authentication operation data and the input operation data, determines whether the authentication operation data and the input operation data coincide with each other, and outputs collation result data. If the coincidence is determined, the information processing apparatus causes the gateway apparatus to authenticate communication for controlling the appliance between the appliance and the gateway apparatus.03-14-2013
20130067537APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING PORTABLE COMMUNICATION IDENTITY SERVICES - Apparatus, methods, and computer program products for providing portable communication identity services are provided. A request is received to access a portable communication identity from a communications device. User information is received that is input by a user of the communications device, and the user information is authenticated. Capabilities of the communications device are accessed, and the portable communication identity is transmitted in accordance with the capabilities of the communications device.03-14-2013
20110023089PROFITS GIVE-BACK DEVICE, PROFITS GIVE-BACK METHOD, PROGRAM STORAGE MEDIA, PROFITS GIVE-BACK SYSTEM, CONTENT PROVIDING DEVICE, CONTENT PROVIDING METHOD, PROGRAM STORAGE MEDIA, AND CONTENT PROVIDING SYSTEM - A profit give-back device, profit give-back method, program storage medium, profit give-back system, content providing device, content providing method, program storage media, and content providing system are disclosed. Profits give-back processing is performed according to the accumulated points proportionate to the number of times the content with a commercial video is provided to a client PC 4 and thus the fare profits giveback can be easily performed. A preset content with a commercial video is provided to a user when requested from the client PC 4, and it is possible to surely provide advertisement information without the user being aware of the commercial.01-27-2011
20110023088FLOW-BASED DYNAMIC ACCESS CONTROL SYSTEM AND METHOD - A traffic analysis and flow-based dynamic access control system and method. The flow-based dynamic access control system for controlling a user's access to an internal communication network through an external communication network includes an access control unit operating in an access control mode in which traffic received from a user is basically blocked, generating state management information of a flow, which is received from the user, based on a specified packet of the flow, and verifying whether access of the flow to the internal communication network is a normal access. As a proactive defense concept of allowing only normal users to access an internal network, a method of blocking attacks from a system contaminated by a worm virus, detecting a cyber attack on a certain system in advance and automatically avoiding the cyber attack, and guaranteeing the quality of normal traffic even under cyber attacks without performance degradation of the internal network is provided.01-27-2011
20110023087METHOD AND APPARATUS FOR DYNAMIC DESTINATION ADDRESS CONTROL IN A COMPUTER NETWORK - An arrangement to direct a packet sent out from an arbitrary apparatus connected to a network to a predetermined authentication server without changing the configuration of a computer network. A packet transmitted from apparatus, such as a personal computer, newly connected to the network, is guided to an authentication server via communication control apparatus. The communication control apparatus replaces a MAC address of the destination addresses of another server, which is included in the ARP cache of the personal computer, with the MAC address of the communication control apparatus to guide the packet from the personal computer to the communication control apparatus. The communication control apparatus further transmits the received packet to a predetermined authentication server.01-27-2011
20110023086Suppression of malicious SIP messages using the resource priority header - An Internet Service Provider (ISP) node is configured to suppress malicious session initiation protocol (SIP) messages. The ISP node is coupled to receive a new session initiation protocol (SIP) message from a user agent client associated with the ISP. If the SIP message includes a resource priority header (RPH) indicating the new SIP message should be given priority within the network, the ISP node determines whether the user agent client previously sent an initial SIP message with an RPH that has not yet been authorized, and if so, places the new SIP message in a buffer.01-27-2011
20090013382SECURITY SYSTEM, TERMINAL, INFORMATION DELIVERING METHOD, PROGRAM AND RECORDING MEDIUM - A security system including a multiple number of terminals and a delivering apparatus, the terminal including: an acquiring portion for acquiring information to be delivered; a reception portion for accepting a recipient selected from the plural terminals; and a controller which, when the reception portion accepts the recipient, transmits a session initiation request and recipient information representing the recipient to the delivering apparatus and which, when receiving session establishment information that indicates that a communication session has been established between the recipient and its terminal, transmits the information to be delivered that was acquired by the acquiring portion to the delivering apparatus, wherein the delivering apparatus includes: a manager which, when receiving the session initiation request and the recipient information, establishes a communication session between the sender of the session initiation request and the recipient and transmits session establishment information that indicates that a communication session between the sender and the recipient has been established, to the sender; and a delivering portion which, when receiving the information to be delivered from the sender, pushes and delivers the information to be delivered to the recipient.01-08-2009
20090013381User Authentication and Authorisation in a Communications System - A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server.01-08-2009
20090007237METHOD AND SYSTEM FOR PROVIDING ONLINE RECORDS - A method is provided for providing a user with the ability to access and collect records associated with the user in a secure and private manner. The method includes assigning a phone number to the user for private fax and voice communications from service providers, associating access information with the user for the user to use to access a web site, receiving a private fax communication comprising a record associated with the user for which the user has requested and given permission to the service provider to send to the phone number, converting the private fax communications into an image file format, storing the record encoded in the image file format, and providing the user with access to the web site using the access information and providing on the web site an interface to the records of the user for the user to access the record.01-01-2009
20090007236System And Method For Using A Communication Lease To Open A Communication Channel - A system and method for using a communication lease to open a communication channel is provided. An initiation terminal transmits a channel initiation request for access to a resource manager through a target terminal. Evaluation of a communication lease controlling access to the resource manager is awaited. Approval of the channel initiation request is received upon the successful evaluation of the communication lease. A communication channel is opened between the initiation terminal and the target terminal upon receipt of the approval.01-01-2009
20090007234COMPUTER SYSTEM FOR AUTHENTICATING A COMPUTING DEVICE - A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.01-01-2009
20130167196SYSTEM AND METHOD FOR REMOTE DEVICE RECOGNITION AT PUBLIC HOTSPOTS - Described are various embodiments of a system and method in which device-identifying data can be used to uniquely recognize and optionally track and report on device activity at one or more hotspot locations by way of the creation and management of a device profile uniquely associated with such devices and stored in a network accessible knowledge base.06-27-2013
20130167197Methods, Systems, and Computer Program Products for Invoking Trust-Controlled Services Via Application Programming Interfaces (APIs) Respectively Associated Therewith - A trust evaluation may be obtained for a network element in a communication network. Based on this trust evaluation, one or more services may be invoked to address the risk that a potentially untrustworthy network element poses in the communication network. Application programming interfaces (APIs) may automate the invocation of trust-controlled services. An API for a trust-controlled service may be used to directly perform a function on one or more resources in the communication network or may be used to set up an ongoing function on one or more resources in the communication network that may continue until the API is used to terminate the function.06-27-2013
20130167195HARDWARE IDENTIFICATION THROUGH COOKIES - Multiple cookies of a client device are used to form an identifier of the client device such that a change in one or even several browser cookies does not defeat proper device recognition. The cookies are included in the identifier such that individual cookies can be parsed for separate comparison with corresponding cookies of known devices. However, to protect privacy of all devices, individual parameters of the constituent cookies are represented with irreversible hashes of the respective parameters. Recognition involves quantification of a degree of correlation between the cookies and corresponding cookies of each of the known devices. To quantify the degree of correlation, the observed stability and uniqueness of each cookie, and each cookie attribute, is considered.06-27-2013
20080295153SYSTEM AND METHOD FOR DETECTION AND COMMUNICATION OF COMPUTER INFECTION STATUS IN A NETWORKED ENVIRONMENT11-27-2008
20110247050METHOD OF PAIRING TERMINALS WITH EACH OTHER AND TERMINAL FOR THE SAME - Provided is a method of pairing terminals with each other, and a terminal for the method. The method includes sensing a physical motion of a terminal caused by a user and outputting a sensing value, comparing a reception value received from an external terminal with the sensing value, and establishing a communication path with the external terminal according to the comparison result.10-06-2011
20100146590SYSTEM AND METHOD FOR SECURITY USING ONE-TIME EXECUTION CODE - The present invention relates to a security system, and more particularly, to a security system and method using a one-time execution code in an environment in which a client and a server are connected through a network. The server irregularly generates and transmits the one-time execution code to the client, and the client directly executes the one-time execution code on a memory area and transmits the execution result and deletes the one-time execution code on the memory area. Therefore, the server determines whether or not an error exists in the execution result and can prevent forgery and appropriation of the client by blocking the connection with the client.06-10-2010
20090313679PERSONAL TRAVEL ORGANIZER AND ONLINE TRAVELOGUE - A website may allow a user to create an online travelogue to reminisce about his trips, and then serve as a database for future travelers. The website may provide a variety of different templates to help users to organize and document elements of their trips. A user may select a template he prefers to start to create a record of his trip. A template may provide a layout for pictures and information about the flights he took, hotels he stayed at, places he visited, restaurants he went to, people he met, and other activities. The website may automatically abstract the user's flight information from a travel website and fill in the information at places for such information on the template. A user may drag pictures from an online photo management website and drop them on the template. The website may search the Internet according to the information from the user and provide pictures, videos and text for the user to put on the template. The website may allow a user to set his travelogue as public or private/password protected, and may pool the public travelogues together to provide references to later travelers.12-17-2009
20090217351TECHNIQUES FOR ANONYMOUS INTERNET ACCESS - Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.08-27-2009
20120278859DIGITAL SOCIAL NETWORK TRUST PROPAGATION - A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications.11-01-2012
20110283337METHOD AND SYSTEM FOR AUTHENTICATING NETWORK NODES OF A PEER-TO-PEER NETWORK - This invention relates to system and a method for authentication of a network node (11-17-2011
20110302629Systems And Methods For Secure Network Interoperability and Management - The invention relates to an interoperability system that provides increased security and data tracking to security intensive applications, such as transportation systems that currently utilize a large number of independent devices and related systems.12-08-2011
20110302628METHOD AND APPARATUS FOR PREVENTING AND ANALYZING NETWORK INTRUSION - Aspects of the disclosure provide a method for preventing and analyzing network intrusion. The method includes receiving by a network device an initial communication from an entity, determining the entity is not trusted based on the initial communication, and transmitting signals to the entity that are indicative of first disinformation of the network device to hide real information of the network device.12-08-2011
20110289558NETWORK APPLICATION LAYER ROUTING - Techniques for network application layer routing are provided. Requests for services are inspected at an application layer of a network. A priority for a requestor is obtained and in response to the priority the requests are routed to particular processing environments. Depending on the priority the processing environments may be high performing or low performing.11-24-2011
20110289556Method and Apparatus for Serving Content Elements of a Markup Language Document Protected Against Cross-Site Scripting Attack - A web application decomposed into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain using a content handler.11-24-2011
20110289559Deep Packet Scan Hacker Identification - Securing an accessible computer system typically includes receiving a data packet that includes a payload portion and an attribute portion, where the data packet is communicated between at least one access requestor and at least one access provider. At least the payload portion of the received data packet typically is monitored, where monitoring includes scanning the payload portion for at least one predetermined pattern. When the payload portion is determined to include at least one predetermined pattern, access by the access requestor to the access provider may be controlled. Monitoring the data packet may include scanning the payload portion while handling the data packet with a switch. Controlling access may include denying access by the access requestor to the access provider.11-24-2011
20110296492Method of world-wide website registration - The present document describes a method of registering a world wide website by a registration authority comprising: providing to a website owner a pre-registration logo to be posted on a website while verifying data received from said website owner, announcing the website in WWWSR data base as pre-registered, during an opposition period, if there is an opposition, the mediation process is initiated to determine the validity of registering of the recently filed website or if there are no oppositions, the website will be registered after the specified delay period.12-01-2011
20110296494Service-Based Authentication to a Network - A method and a system for service-based authentication of a terminal to a network is described, wherein the terminal comprises a number of communications interfaces, each communications interface allowing the terminal to set-up a predetermined communication channel with the network. The method comprises the steps of: sending a service request for access to a network service; receiving in response to the service request an authentication request from the network; identifying the communication channel through which the authentication request was received; and, sending an authentication response RES to the network, wherein the authentication response depends on the identified communication channel.12-01-2011
20110296493MOBILE TERMINAL AND CONTROL METHOD THEREOF - A mobile terminal and a control method thereof are provided. The mobile terminal selects a method of interfacing an identification device with the mobile terminal according to whether the mobile terminal enters a sleep mode.12-01-2011
20110296491ACCOUNT SERVER AND NETWORK ACCESS METHOD USING THE SAME - According to one embodiment, an account server includes a first communication module, a second communication module, a database, and a controller. The first communication module receives a logon request from an electronic device, and establishes a session with the device. The second communication module obtains data from a service site connected to a network. The database associatively stores data for identifying electronic devices, data for identifying and accessing service sites, and names of services. The controller receives a service name from an electronic device which is established a session, obtains data from a service site by using data for identifying and accessing the site, and sends the data to the electronic device which is established a session.12-01-2011
20090288144TIME-DEPENDENT WHITE LIST GENERATION - A method is provided to control access to a femto cell. The method includes configuring one or more time-dependent parameters that specify access to a femto cell service. An access control list is employed for the femto cell service, where the access control list utilizes the time-dependent parameters to enable or deny access to the femto cell service. Access is granted to the femto cell service according to the access control list and the time-dependent parameters.11-19-2009
20090119749METHOD AND SYSTEM FOR DIRECTING USER BETWEEN CAPTIVE AND OPEN DOMAINS - A method for limiting user access to a captive domain or an open domain. The captive domain may include electronically accessible content that is selected/controlled by a service provider and the open domain may include electronically accessible content that is not completely selected/controlled by the service provider. The method may include configuring a modem or other user device in such a manner as to limit use access to the desired domain.05-07-2009
20100269153TERMINAL SYSTEM FOR GUARANTEEING AUTHENTICITY, TERMINAL, AND TERMINAL MANAGEMENT SERVER - In a terminal system for managing terminals coupled to a network, a terminal management server includes: a terminal information registration module for registering, in advance, information unique to each user of the terminal; an authentication module for executing authentication by comparing an ID and authentication information which are contained in an authentication request received from the terminal to user information set in advance; an authenticity determination module for determining, based on a predetermined investigation result received from the terminal, whether or not the terminal suffers falsification; and a unique information transmission module for transmitting, when the authentication is successful, and when the authenticity determination module has determined that the terminal does not suffer the falsification, the information unique to the each user to the terminal. The terminal outputs the information unique to the each user received from the terminal management server to a display unit.10-21-2010
20100169953CLIENT/SERVER AUTHENTICATION OVER FIBRE CHANNEL - An authentication service to authenticate access requests over a Fibre Channel (FC) network is provided. An authentication request is generated by a client and is sent over the FC network to a server. The request can be a native FC message, such as a CT message. For example, authentication software can generate the native FC message. In another example, authentication software can send a UDP or TCP authentication request, and an application program interface (API) can translate the request into a native FC message, such as a CT message, and send the message over the FC network. In another example, the authentication request can be sent as an encapsulated IP over FC message. For example, an authentication client can communicate using UDP or TCP messages, and an HBA can encapsulate the messages as IP over FC and send the encapsulated messages over the FC network.07-01-2010
20100169952METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING AN ADAPTIVE AUTHENTICATION SESSION VALIDITY TIME - An apparatus for providing an adaptive authentication session validity time period may include a processor. The processor may be configured to receive an indication of load parameters indicative of authentication rate information, determine, at the service platform, a value defining a validity period for indicating a period of time during which an authentication session validity object is valid based on the received indication of load parameters, and provide the authentication session validity object to a client device. A corresponding method and computer program product are also provided.07-01-2010
20100169951REMOTE SLIDE PRESENTATION - Techniques for remotely viewing a presentation are disclosed. In accordance with these techniques, a host device executing a presentation application makes a presentation available over a network. In one embodiment, a remote device receives presentation data corresponding to a currently displayed slide of the presentation. The remote device may then display a representation of the currently displayed slide at the remote location.07-01-2010
20100269152METHOD AND SYSTEM FOR RENDERING COMPOSITE VIEW OF AN APPLICATION - Examples of systems and methods are provided for rendering a composite view of an application. A system may display a local graphical user interface (GUI) and a remote application view associated with a remote application running at a remote server. The system may provide a message directed to a remote server to launch a remote application at the remote server. The system may receive a configuration file from the remote server. The system may register a GUI event listed in the configuration file. The system may display a local GUI based on the configuration file. The system may receive display output data of the remote application running on the remote server. The system may render a composite view including the local GUI based on the configuration file and a remote application view based on the display output data.10-21-2010
20110219430SECURE NETWORKED SYSTEM FOR CONTROLLING MOBILE ACCESS TO ENCRYPTED DATA SERVICES - A networked system for controlling the mobile access to a data service, which may provide encrypted data, is presented. The system may include a mobile device and a mobile access control server, which controls the mobile device's access to the data service by controlling the access information required to access the data service. The system may also include a content server that provides the data service, a certification authority, and a network for enabling communication among the components of the system. To access encrypted data services, the mobile device communicates an access request to the mobile access control server, which determines whether access should be granted, and provides access information to the mobile device, enabling the mobile device to establish encrypted communication with the content server and/or to decrypt the encrypted data provided by the data service via the content server.09-08-2011
20090288141PRE-EMPTIVE PRE-INDEXING OF SENSITIVE AND VULNERABLE ASSETS - A system and method for identifying sensitive content or indications of vulnerabilities is provided. A local search engine may index content at a data center. Specifications of sensitive data or fingerprints of vulnerabilities may be received from various internal or external sources. Targeted data may include vulnerable software, confidential content, dynamic or static web pages, or application data. Based on searches for targeted data, one or more components may be notified, enabling one or more security actions, including restricting publication of the targeted data.11-19-2009
20100077451MOBILE TERMINAL, WORKING DEVICE, DATA MANAGEMENT SYSTEM, AND RECORDING MEDIUM - A mobile terminal which communicates with a working-device includes a local connection receiver that locally communicates with the working-device through network, a holder that holds management-object-data and disclosure condition information of the management-object-data, a security specification acquirer that acquires security specification information of the working-device, and a data management contract creator that creates data management contract information of the management-object-data of the working-device. If it is determined that the working-device satisfies the disclosure condition of the management-object-data, based on the security specification information of the working-device receiving the management-object-data and the disclosure condition information of the management-object-data, a management-object-data transmitter transmits the management-object-data with the created data management contract information to the working-device, and a data management record receiver receives the management record of the management-object-data from the working-device, when the working-device is locally re-connected through the local connection receiver.03-25-2010
20100077449Calculating multi-tenancy resource requirements and automated tenant dynamic placement in a multi-tenant shared environment - A method for assigning tenants of users to offering instances of an application or middleware includes representing a set of offerings as respective offering instances of the application or middleware available from a server, determining server resource capacity of the server, representing constraints associated with the tenants and the offering instances, generating a mapping of the tenants to the offering instances based on the server resource capacity and constraints, and assigning a tenant to an offering instance according to the mapping, wherein the offering instance is made accessible to the users of the assigned tenant.03-25-2010
20090187970NETWORKING AS A SERVICE: DELIVERING NETWORK SERVICES USING REMOTE APPLIANCES CONTROLLED VIA A HOSTED, MULTI-TENANT MANAGEMENT SYSTEM - Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates.07-23-2009
20100077448USER LEVEL SECURITY FOR AN EMULATED REMOVABLE MASS STORAGE DEVICE - A communication session is established, via a wireless communication link, with a mobile communication device that is connected to a computer system. The mobile communication device is enumerated by the computer system as a locally attached mass storage device. An authentication executable file is sent to the mobile communication device. A response generated by the computer system executing the authentication executable file is received from the mobile communication device. Based on the response generated by the computer system executing the authentication executable file, access to a data file that is stored by a mass storage system via a network is granted.03-25-2010
20090150975METHOD AND APPARATUS FOR PROVIDING INTERNET GATEWAY SERVICE USING PLURALITY OF UNIVERSAL PLUG AND PLAY INTERNET GATEWAY DEVICES - Provided is a Universal Plug and Play (UPnP) Internet Gateway Device (IGD). A plurality of IGDs existing in a UPnP network interchange IGD information that is managed in order to provide a gateway service with each other, and thus the bandwidth of a device connected to the Internet can be increased, handover of a device can be successfully performed in the presence of an error of an IGD, and loads can be balanced between a plurality of IGDs. Accordingly, various Internet services can be efficiently provided to the UPnP device.06-11-2009
20120110640METHOD, APPARATUS AND SYSTEM FOR WIRELESS NETWORK AUTHENTICATION THROUGH SOCIAL NETWORKING - One exemplary embodiment includes a method for authenticating a terminal to an access point including: (i) receiving, at a server, network configuration information for an access point associated with a first user from a first terminal; (ii) receiving, at the server, a request for the network configuration information for the access point from a second terminal associated with a second user; (iii) sending a query from the server to a social network requesting information regarding whether the first user and the second user have a virtual trust relationship on the social network; (iv) receiving, from the social network, an indication that the first user and the second user have the virtual trust relationship; and (v) sending the network configuration information from the server to the second terminal.05-03-2012
20080244704MOBILE COMMUNICATION DEVICE MONITORING SYSTEMS AND METHODS - Systems and methods are directed to monitoring the communications to and from a mobile communication device in accordance with some embodiments of the present invention. For example in accordance with an embodiment, each of the data services on a mobile communication device may be monitored against rules stored in a central data center repository. The data services may include all forms of communications between the mobile communication device and a third party along with changes to application or data within the mobile communication device. An alert may be provided to an administrator when unauthorized data service activity and/or a message may be sent to the mobile communication device to prevent the unauthorized data service activity.10-02-2008
20100281521AUTHENTICATION SYSTEM, AUTHENTICATION DEVICE AND RECORDING MEDIUM - An authentication system includes node devices, wherein a first node device transmits the authentication information thereof to a second node device, the second node device selects third node devices that are requested to verify the validity of the received authentication information, and transmits the authentication information to each of the selected third node devices, the third node device records verification information that is used to verify the validity of the authentication information of the first node device, verifies the validity of the authentication information on the basis of the authentication information and verification information, and transmits the result information to the second node device, and the second node device further derives weighted values indicating the reliability of the each verification of the third node devices and authenticates the first node device on the basis of the each result information and the each weighted value received from the third node devices.11-04-2010
20100281519PROACTIVE AUTHENTICATION - A system for proactively authenticating includes a server having media independent access functions including media independent authentication functions that authenticates other entities attached via an interface to an end of a link specific to a media. A plurality of heterogeneous networks each having media specific access functions including authentication functions corresponding to the other entities attached via the interface to the end of the link specific to the media and mobile devices connected to the plurality of heterogeneous networks, and the server having predefined media independent handover protocols and media independent handover identities based on the media independent functions related to handover, in which the server authenticates candidate access networks prior to the handover of the mobile devices from serving access networks to the candidate access networks each of which belonging to the plurality of heterogeneous access networks having the link specific to the media.11-04-2010
20100281518SYSTEM AND METHOD FOR SEPARATING CONTROL OF A NETWORK INTERFACE DEVICE - A system and method for separating control of a network interface device. A portion of a network interface device (NID) is partitioned for utilization by a user. Permissions are established for management of the partitioned portion of the NID. The permissions including permissions that deny a service provider access to the partitioned portion. Access is granted for the service provider to manage the partitioned portion of the NID. Activities performed by the service provider in the partitioned portion of the NID are logged in response to granting access to the service provider and the permissions denying the service provider access.11-04-2010
20100122321SYSTEM AND METHOD FOR AUTHENTICATION FOR WIRELESS EMERGENCY SERVICES - A method of authenticating a user device includes transmitting a request, the request including a query for information, and receiving an identifier, the identifier being associated with one or more authentication mechanisms for obtaining access to emergency services.05-13-2010
20120036556Input to Locked Computing Device - The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.02-09-2012
20100088747Identification and Verification of Peripheral Devices Accessing a Secure Network - A system and method for identifying and verifying a client to access a secure network. Timing characteristics are acquired from the client, such as a peripheral device, and further verified and identified via a policy enforcement points and a policy decision points, or a measurer device in the secure network.04-08-2010
20110271324COMMUNICATION APPARATUS CAPABLE OF RESTRICTING DESTINATION OF TRANSMISSION BY AUTHENTICATED USER, METHOD OF CONTROLLING THE COMMUNICATION APPARATUS, AND STORAGE MEDIUM - A communication apparatus having a transmission function for transmitting data to another apparatus using a transmission protocol selected from a plurality of transmission protocols. A multifunction printer (MFP) implementing the communication apparatus authenticates a user, and acquires destination information associated with the authenticated user. The MFP permits the use of a specific transmission protocol for transmission using the acquired destination information, and restricts the use of the specific transmission protocol for transmission using other destination information. Further, the MFP permits display of destination information matching the acquired destination information, but restricts display of other destination information, among destination information stored in a hard disk in association with the specific transmission protocol.11-03-2011
20110271326NETWORK SECURITY HTTP NEGOTIATION METHOD AND RELATED DEVICES - The present invention discloses a network security HTTP negotiation method and related devices. the method comprises: a server receiving an HTTP request message with a header field sent by a terminal, wherein the header field indicates security mechanism(s) supported by the terminal, or the security mechanism(s) supported by the terminal and indication parameter(s) which show that the terminal has been in an accessing safety state; the server parsing the HTTP request message, and sending a response message with negotiated security mechanism(s) supported by the server and priority parameter(s) thereof to the terminal according to the result of the parsing if the header field of the request message indicates the security mechanism(s) supported by the terminal; and the server receiving another HTTP request message sent by the terminal again to authenticate security mechanism(s) selected by the terminal, wherein the header field of the request message indicates the security mechanism(s) selected by the terminal according to the response message and the priority parameter(s) of the security mechanism(s). The invention expands the HTTP protocol, solves the problem that the terminal security mechanisms are difficult to be deployed, and improves the network service quality.11-03-2011
20110271325User Configuration File for Access Control for Embedded Resources - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages.11-03-2011
20110197262NETWORK APPARATUS, ASSESSMENT METHOD, PROGRAM, AND INTEGRATED CIRCUIT - A network device restricts functions thereof in a special case such as theft, and comprises: an acquisition unit for acquiring one or more identification information pieces corresponding to one or more local devices in a communicable state; a calculation unit for calculating an index value for each local device; a holding unit for holding, for each local device whose identification information piece was acquired in the past, the identification information piece of the local device and the index value thereof; a difference specifying unit for specifying a difference between (i) one or more identification information pieces currently acquired and (ii) the one or more identification information pieces acquired in the past, thereby specifying a local device as the difference; and a judgment unit for judging whether to restrict the access based on the index value of the local device specified as the difference.08-11-2011
20110197261SERVICE ACTIVATION METHOD, SERVICE PROVIDING METHOD, TERMINAL DEVICE, AND SERVER - A method for providing a mobile advertising (MobAd) service includes: receiving a MobAd service activation request sent by a terminal, where the MobAd service activation request includes collected terminal capability information; and providing a MobAd service to the terminal according to the terminal capability information.08-11-2011
20110197260SYSTEM SELF INTEGRITY AND HEALTH VALIDATION FOR POLICY ENFORCEMENT - Embodiments of the invention provide methods and systems for enforcing system self integrity validation policies. The method includes accessing, by a policy enforcer, a plurality of policies configured to enforce system integrity, monitoring system performance to determine actions executed by the system, and based on at least one of the plurality of policies, comparing the system performance with system performance required by the at least one or the plurality of policies. The method further includes, based on the comparison, determining that the system has performed in a manner contrary to the requirements of the at least one policy, and in response, prohibiting access of the system to services provided by a service provider.08-11-2011
20100083350METHOD AND SYSTEM FOR ADVERTISING REAL ESTATE OVER THE INTERNET - An Internet-based method and system permits users to list their real estate properties on respective web site pages, edit their pages, and create new pages for additional listings. A feature of the invention provides for opening a domain name file for each new page and for E-mailing a request to register the new domain names. Such web site creation and editing may be made whenever the user wishes by simply accessing a home page, entering a corresponding service function such as editing an existing page or creating a new page. The user can then carry out the selected function from a personal computer over the Internet. The domain name may correspond to a parameter of the property such as its street address.04-01-2010
20090288142AUTHENTICATION DETECTION - A device, system, and method are directed towards facilitating a registration of a user for a network service. In one embodiment, a server receives, from a user at a client device, user information including at least one text block. The server analyzes the text block to determine an authenticity value of the user information. The analysis may be based on the length of a lexicon of the text block, the size of a word such as the longest word in the text block, or the number of clauses in the text block. The analysis may be further based on expected values determined by such values in authentic text blocks of a similar nature. Based on the authenticity value, the system may allow the user to access the network service, disallow access to the network, allow conditional access, queue the registration application for further review, or take other actions.11-19-2009
20100100936Secure Wireless Network Using Radiometric Signatures - A network security system for wireless devices derives a fingerprint from the modulation imperfections of the analog circuitry of the wireless transceivers. These fingerprints may be compared to templates obtained when the wireless devices are initially commissioned in a secure setting and used to augment passwords or other security tools in detecting intruders on the network.04-22-2010
20100100935CONTENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION METHOD AND PROGRAM - A content distribution system. A distribution management and unauthorized operation management device generates a one-time URL by using URL of content information specified by a user terminal and transmits the one-time URL and bandwidth information concerning the content information to the user terminal. A session control server extracts the one-time URL from a session control message transmitted from the user terminal, transmits it to the distribution management and unauthorized operation management device, and establishes a session between the content distribution server and the user terminal according to an authentication result performed by using the one-time URL transmitted from the distribution management and unauthorized operation management device and a correlation result obtained by correlating the bandwidth information contained in the session control message transmitted from the user terminal with the bandwidth information transmitted together with the authentication result from the distribution management and unauthorized operation management device.04-22-2010
20110173676System, Method and Apparatus for Electronically Protecting Data and Digital Content - The present invention provides a system, method and apparatus for protecting sensitive data by extracting the sensitive data from a data storage on a client, sending the extracted data to a server for storage, receiving a pointer indicating where the extracted data has been stored and replacing the sensitive data on the data storage on the client with the pointer. The pointer may include random data that is of a same data type as the sensitive data. Furthermore, the pointer is subsequently used to access the sensitive data after proper authentication.07-14-2011
20100138898METHOD FOR ACTIVATING VIRTUAL MACHINE, APPARATUS FOR SIMULATING COMPUTING DEVICE AND SUPERVISING DEVICE - A method for activating a virtual machine, an apparatus for simulating a computing device and a device for supervising activation of the apparatus. The method includes: activating a network interface of the virtual machine, and activating other components of the virtual machine, where the network interface of the virtual machine is capable of communicating with the outside world so activation of the other components of the virtual machine can be supervised. The simulation apparatus includes a network interface and an operating system having a security sub-system, where the network interface is configured to be first activated during activation of the simulation apparatus so the network interface can communicate with the outside world, and activation of the other components of the apparatus can be supervised during the activation of the other components of the apparatus.06-03-2010
20090089861PROGRAMMABLE DATA PROTECTION DEVICE, SECURE PROGRAMMING MANAGER SYSTEM AND PROCESS FOR CONTROLLING ACCESS TO AN INTERCONNECT NETWORK FOR AN INTEGRATED CIRCUIT - A data protection device for an interconnect network on chip (NoC) includes a header encoder that receives input requests for generating network packets. The encoder routes the input requests to a destination address. An access control unit controls and allows access to the destination address. The access control unit uses a memory to store access rules for controlling access to the network as a function of the destination address and of a source of the input request.04-02-2009
20090089860METHOD AND APPARATUS FOR LIFECYCLE INTEGRITY VERIFICATION OF VIRTUAL MACHINES - A method and system for verifying the integrity of virtual machines and for verifying the integrity of discrete elements of the virtual machines throughout the lifecycle of the virtual machines. A virtual machine manager capable of managing one or more virtual machine images is installed on a physical hardware platform. An integrity verification component can be communicatively coupled to the virtual machine manager and an integrity reference component so that the integrity verification component can compare digests of the virtual machine image or discrete virtual machine image elements to virtual machine integrity records accessible from the integrity reference component.04-02-2009
20090187972METHODS AND APPARATUS OF OVER-THE-AIR PROGRAMMING OF A WIRELESS UNIT - Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. They key is generated by the K-algorithm having the identifier associated with the K-algorithm input. In response to the receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match. When finding the match, the unit uses the parameters for programming of the unit in the particular communications system. When failing to find the match, the unit fails to use the parameters for the programming.07-23-2009
20090187969SYSTEM AND METHOD FOR SYNCHRONIZING SECURITY SETTINGS OF CONTROL SYSTEMS - A method for communicating data between a first and second control system (FCS and SCS). FCS (07-23-2009
20090125982COMPUTER SYSTEM FOR PORT FORWARDING - A computer system includes multiple computer modules each including at least a calculator and a storing unit. A first computer module of the computer modules includes: a storing unit that stores authentication information for connection with a second computer module of the computer modules; an authenticator that authenticates an information processing device accessing the first computer module, and allows the information processing device to access thereto based on an authentication result; and a relay connector that connects the information processing device allowed to access the first computer module to the second computer module based on the authentication information.05-14-2009
20090100505Third-party-secured zones on web pages - A computer-implemented method is provided, including storing, in an authentication server system, a URL identifying at least one web page, and providing a secure zone browser-side script to be placed on the web page. Upon opening of the web page in a browser, the secure zone browser-side script triggers execution of a server-side script at the authentication server system. The server-side script creates, on the web page, an inline frame, which is controlled by the authentication server system during a session that is associated with the inline frame. The authentication server system retrieves a referrer address from the session, and compares the referrer address with the stored URL. Upon finding a match between the referrer address and the stored URL, the authentication server system delivers web content to or via the inline frame. Other embodiments are also described.04-16-2009
20120297448AUTHENTICATION METHOD FOR NETWORK CONNECTION AND NETWORK DEVICE AND NETWORK AUTHENTICATION SYSTEM USING THE SAME METHOD - An authentication method for a network connection for a network device is provided. An embedded system is installed in the network connection, and the network device is free from a web browser. First, the network device connects to an authentication server, and an internet access request is sent to the authentication server. An authentication page is retrieved from the authentication server. User authentication data is obtained by an input unit of the network device, and then the user authentication data is filled in corresponding fields of the authentication page. The authentication page is transferred to the authentication server. After, when authentication of the authentication page is successful, the network device connects to the Internet via the authentication server.11-22-2012
20080209514Digital Asset Distribution System - Digital asset distribution systems and methods are provided. The method may include receiving a digital asset and associated permissions from each of a plurality of publishers, and hosting the digital assets received from each publisher on a digital asset server system. The method may further include receiving a request from a user to access a requested digital asset via the digital asset server system, determining whether the user is authorized to access the requested digital asset according to the permissions for the digital asset. If the user is not authorized, the method may include displaying a substitute to the user. The substitute may include a link to the digital asset server system by which the user may obtain authorization to download the digital asset.08-28-2008
20080209520Method For Authenticating a User and Device Therefor - The invention concerns a method for authenticating a user via a terminal (08-28-2008
20080209519IMAGE FORMING APPARATUS - An image forming apparatus. The image forming apparatus performs security management functions such as security transmission and security printing of data stored in a hard disk of the image forming apparatus and shared with a plurality of host computers through a network, to which a security tag is added for the security of the data so as to increase the security of the data. The image forming apparatus is connected to the network to be shared with the host computers to receive and store data transmitted from the host computers, and includes a storage device to store IP address information of a host computer which transmitted data and security data to which a security tag is added for the security of the transmitted data corresponding to the IP address information, and an image forming controller to perform security management function of the security data.08-28-2008
20110173677DETECTING MALWARE CARRIED BY AN E-MAIL MESSAGE - An anti-virus system provider distributes an e-mail identifying content filtering rule seeking to identify e-mail messages suspected of containing an item of malware from a central source (07-14-2011
20090282462Controlling Access to Documents Using File Locks - Examples are related to systems and methods for controlling access to document files on a document server. One example system includes document files stored on a document server, at least one of the document files referencing a file lock, and a document access processing module. The example document access processing module includes a file sharing processing module that determines a coauthoring status of a software application of a client computer requesting access to the document file, and a file lock processing module that stores one or more file locks and that controls the setting and resetting of file locks. The example document access processing module uses the coauthoring status of the software application and the file lock status of a document file to determine whether a software application is permitted to have write access to the document file.11-12-2009
20090288145INTERACTIVE CLIENT MANAGEMENT OF A WHITE LIST - System(s) and method(s) provide access management to femtocell service through access control list(s) (e.g., white list(s)). Such white list(s) can be configured via a networked interface which facilitates access management to a femtocell. White list(s) includes a set of subscriber station(s) identifier numbers, codes or tokens, and also can include additional fields for femtocell access management based on desired complexity. Various example aspects such as white list(s) management, maintenance and dissemination; pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided. An access management component can facilitate automatic population of a white list(s) associated with a femtocell and can prompt a communication device detected in the femtocell coverage area to inquire whether the communication device desires to connect to the femtocell, be entered into the white list(s), and access a services associated with the femtocell, on a permanent basis or temporarily for a specified period of time.11-19-2009
20090288143MULTI-FACTOR PASSWORD-AUTHENTICATED KEY EXCHANGE - Apparatus, methods, and computer program products are disclosed that enable a first computer and a second computer to mutually authenticate each other over a network. A first computer sends first authentication evidence to a second computer. The first authentication evidence is used to prove to the second computer that the first computer has access to a first plurality of authentication secrets without exposing the first plurality of authentication secrets. In addition, the second computer sends second authentication evidence to the first computer. The second authentication evidence is used to prove to the first computer that the second computer has access to a second plurality of authentication secrets without exposing the second plurality of authentication secrets. The first plurality of authentication secrets is related to the second plurality of authentication secrets. Thus, the first computer is authenticated to the second computer and the second computer is authenticated to the first computer.11-19-2009
20090293103FEDERATING TRUST IN A HETEROGENEOUS NETWORK - A check of a processing device is performed. A device may receive a network access request to access a network from a first processing device. A security check may be caused to be performed on the first processing device. Whether to grant the network access request to the first processing device is based on a result of the security check.11-26-2009
20090119751Communication device - A communication device includes an authenticating unit authenticating a wireless communication device, depending on whether predetermined authentication conditions are satisfied or not, when a connection request is received from the wireless communication device, a unit relaying the communications by the wireless communication device when the authenticating unit can authenticate the wireless communication device, a unit receiving connection information containing identifying information for identifying an access point relaying the communications by the wireless communication device from another communication device, a unit receiving, from the wireless communication device, the identifying information for identifying the access point relaying the communications by the wireless communication device, and a unit permitting the relay of the communications by the wireless communication device when the identifying information received from the wireless communication device is contained in the connection information received from the another communication device.05-07-2009
20090119750PROVIDING ACCESS CONTROL LIST MANAGEMENT - Control list management may be provided. First, it may be detected that an event has occurred on a data network. Then, it may be determined, in response to the detected event, that a device on the data network needs to be provided with an access control list. Next, the access control list may be obtained from a database central to the data network. Then, the device may be provided with the obtained access control list. 05-07-2009
20120297450Resource Upload - A method, system and program for uploading a resource from remote storage to a remote service. The method comprises the steps of connecting to the remote service, initiating an upload of the resource to the remote service, selecting the remote storage as a source of the resource, acquiring the resource from the remote storage, and uploading the resource to the remote service. In one embodiment, at least part of the method is executed by a proxy server and the step of acquiring the resource from the remote storage comprises downloading the resource to the proxy server. In another embodiment, the remote service communicates directly with the remote storage. In this further embodiment, a client device acquires authentication data for the resource from the remote storage and the step of acquiring the resource from the remote storage includes providing the authentication data to the remote storage.11-22-2012
20080276301Method and System for Software Installation - A network based installation management system that dynamically manages secure software installation on a client. The server is configured to determine the software required and prepare an appropriated response containing the list of software and an information file containing the respective attributes of the list of software. The server encoded this response and the encoded response is transmitted to the client. The client on receiving the response is configured to authenticate the response and install the encoded response after authentication. Highly accurate and reliable software installation using the network based installation management system may be achieved using a respective hardware element on the client and the server, which is configured to encode and decode a request and/or response suitably thereby providing a high level of security and trust in an un-trusted network environment.11-06-2008
20120297452PROVIDING PROTECTION AGAINST UNAUTHORIZED NETWORK ACCESS - A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.11-22-2012
20120297451COMMUNICATIONS SYSTEM - Methods and systems for integrated communications are provided. In one embodiment, a request to initiate a call via a channel is received. A call participant set associated with the channel is identified. A sequence of communications associated with the call is received. The sequence of communications includes at least a real-time media data type and a posted data type. The sequence of communications is transmitted to the call. Other methods and systems are described.11-22-2012
20080216154IDENTITY-BASED WIRELESS DEVICE CONFIGURATION - Techniques are provided for the relating identity information with wireless configuration information for a wireless device or a wireless network. A trusted system may be used to generate wireless configuration parameters for a wireless network based on identity information. The identity-based wireless configuration information may be stored on the trusted system remote to the wireless network and accessible to the wireless device. The wireless configuration may be migrated from the trusted system to the wireless device.09-04-2008
20080216153Systems and methods for facilitating authentication of network devices - Systems, apparatuses and methods for facilitating authentication and logons for network devices. An identifier that is already affiliated with a device is used as a username in an authentication process. A password and an authentication key are generated based on at least the username, and the password and authentication key are provided to the device. Upon attempted access to a network service by the device, the username, password and authentication key are exchanged in some manner to determine the authenticity of the device.09-04-2008
20120297447AUTHENTICATION TECHNIQUES - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner.11-22-2012
20090007235Course development program - The present invention is directed to a method of operating a knowledge capture program. The knowledge capture program has the steps of starting the knowledge capture program wherein a user can access content that is either existing content or creating new content. Once the content has been selected then a source subject matter can be selected and displayed, and then captured and incorporated into the content. The source subject matter can be edited and saved into the content. The content can then be retrieved and played in a desired mode of learning.01-01-2009
20100146589SYSTEM AND METHOD TO SECURE A COMPUTER SYSTEM BY SELECTIVE CONTROL OF WRITE ACCESS TO A DATA STORAGE MEDIUM - A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation, where the interrogation requests are queued in order manage multiple applications running on the same system. The system can further monitor the activity of unknown processes and continually match the sequence of activity against known malware activity sequences. In the case of a match, the user is warned or the process is blocked.06-10-2010
20100146591CONVERGED ACCESS CONTROL METHOD USING NETWORK ACCESS DEVICE AT PENETRATION NODE OF IP NETWORK OF CONVERGENCE ALL-IP NETWORK - There is provided a converged access control method using a network access device at an edge node of an IP network of a convergence ALL-IP network that performs authentication control, QoS control, traffic control and mobility control in a consistent manner using a network access device located at penetration nodes of an IP network of a convergence ALL-IP network to effectively accommodate a subscriber network in various access environments, thereby ensuring network flexibility and scalability.06-10-2010
20110209199METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method and system for secure communication is presented. A virtual private proxy is generated based on an agreement between a first entity and a second entity. A first virtual private proxy is associated with the first entity and a second virtual private proxy is associated with the second entity. Data associated with the first entity is monitored at the virtual private proxy. Whether the data violates the agreement is determined and communication of the data from the first virtual private proxy to the second virtual private proxy is disallowed when the data violates the agreement.08-25-2011
20110209198APPLYING ACCESS CONTROLS TO COMMUNICATIONS WITH AVATARS - Senders of instant messages may inspire perception by a recipient of avatars capable of being animated in order to customize or personalize communication exchanges from the sender. The avatar, an animation of or associated with the avatar, an object associated with the avatar, or another component of the avatar or communication may be inappropriate, or otherwise objectionable, to the recipient, the recipient class or category, or an identity associated with the recipient. In one example, a parent of a minor who is the intended recipient of an avatar (or a component of the avatar or communication) may object to the minor being exposed to the avatar (or the component of the avatar or communication). In such a case, the communication may be discarded or the perception of the objectionable avatar (or component associated with the avatar or the communication) by the intended recipient may be disabled, replaced or modified.08-25-2011
20080244702Method, Apparatus, System, Medium, and Signals for Intercepting a Multiple-Party Communication - Systems, apparatus and methods related to multiple-party communications conducted between client computers in a computer network. For example, a method and apparatus for intercepting a multiple-party communication between a plurality of client computers in communication with a server in a computer network is disclosed. The method involves receiving an input message at the server, the message representing user input received at one of the plurality of client computers, producing an output message representing the user input provided by the input message. The method further involves authorizing a designated client computer that is not part of the multiple-party communication to communicate with the server to cause the server to transmit output messages to the designated client computer, and transmitting the output message to each of the plurality of client computers and to the designated client computer. A method and apparatus for supporting access to a plurality of saved messages by a designated client computer in communication with a server in a computer network is also disclosed.10-02-2008
20080250475AUTOMATICALLY CHANGING THE APPEARANCE OF A SOFTPHONE BASED ON A USER PROFILE - A software phone (“softphone”) application enables a user to make a phone call from a computing device user Voice over Internet Protocol (VoIP). While the functionality of the softphone remains the same, its appearance is defined by a skin that can be changed. A server stores a profile for users of the softphone. Based on the user profile, the server selects a skin and pushes the skin to the user's softphone, thereby changing the appearance of the softphone. The skin can include advertisement and can include several layers that can be displayed simultaneously. Some of the layers are static, and some of the layers are animated.10-09-2008
20110271323Image forming apparatus, authentication method, and recording medium - An image forming apparatus is configured to receive user authentication information and perform image formation based on an image formation request and is connected to an external authentication server which performs authentication based on the user authentication information. The image forming apparatus comprises an authentication querying unit that queries the external authentication server for the authentication based on the user authentication information; an authentication result receiving unit that receives a result of the authentication performed by the external authentication server; an authentication result storage unit that stores the result of the authentication received by the authentication result receiving unit; and a control unit that controls the authentication querying unit, the authentication result receiving unit, and the authentication result storage unit. When the image forming apparatus receives the user authentication information, the control unit performs the authentication based on the result of the authentication stored in the authentication result storage unit.11-03-2011
20090265763Content-Based Notification and User-Transparent Pull Operation for Simulated Push Transmission of Wireless Email - Exemplary system, method, software and apparatus embodiments provide for creating a content-based notification for a mobile device, as a simulated push operation, for devices which do not have push capability. The system comprises a database, a server, and may also include a second web server for user account configuration. The database is adapted to store user account configuration and preference information. The server is adapted to receive a first message having a first protocol, such as SMTP, and to determine whether the content-based notification for the first message should be provided. When the content-based notification is to be provided, the server is adapted to extract a subset of information from the first message, and using the subset of information, to create a second message having a second, different protocol, such as SMS. The second message is transferred to a wireless network for transmission to the mobile device, with the second message providing the content-based notification of the first message. The information extracted from the first message enables a user to determine whether they want to download the complete message, as a user-transparent pull operation, and typically includes the from, to, size, date, subject fields, and a portion of the body of the first message, up to the remaining capacity of the second message.10-22-2009
20090265762ONLINE MANAGEMENT SERVICE FOR IDENTIFICATION DOCUMENTS - An online identification document management service includes a host server having a web-based interface adapted to facilitate secure customer access to the host server. The host server is configured to receive identification data communicated from the customer through use of a computing device. The identification data includes at least one of an imaged identification document and information related to the imaged identification document. A processing module is in operative communication with the host server and is configured to process the identification data communicated from the customer. A processing software application is trained to classify the processed identification data and selectively extract data therefrom based on the classification. The processing software application is configured to selectively present the processed identification data for a customer verification via the web-based interface upon at least one of an unsuccessful classification and an unsuccessful extraction of data. A storage device is in operative communication with the processing module and is configured to store the extracted data as metadata upon at least one of the customer verification and the extraction of data. The processing software application is cumulatively trained to subsequently classify the processed identification data successfully upon the customer verification thereof. A content management software application operates on the host server and is configured to process a customer request through the web-based interface to selectively generate at least one reproduction of the processed identification data.10-22-2009
20090265761ONLINE HOME IMPROVEMENT DOCUMENT MANAGEMENT SERVICE - An online home improvement document management service includes a host server having a web-based interface adapted to facilitate secure customer access to the host server. The host server is configured to receive home improvement data communicated from the customer through use of a computing device. A processing module is in operative communication with the host server and is configured to process the home improvement data communicated from the customer. A processing software application is trained to classify the processed home improvement data and selectively extract data therefrom based on the classification. The processing software application is configured to selectively present the processed home improvement data for a customer verification via the web-based interface upon at least one of an unsuccessful classification and an unsuccessful extraction of data. A storage device is in operative communication with the processing module and is configured to store the extracted data as metadata upon at least one of the customer verification and the extraction. A content management software application is configured to detect at least one of a customer request through the web-based interface and at least one triggering condition corresponding to the metadata. The content management software application generates at least one report based on the detection of at least one of the customer request and the at least one triggering condition.10-22-2009
20090265760COMPONENT-ORIENTED ARCHITECTURE FOR WEB MASHUPS - A component-oriented web mashup system and method for communicating between component-oriented Web gadgets to facilitate secure Web mashups. Embodiments of the system and method redefine the traditional definition of gadget to mean a Web component having a verifiable controlled communication channel (a CompoWeb gadget). A CompoWeb gadget is created and defined using new HTML tags and global script objects and functions that extend the functions of the browser. CompoWeb gadget content is treated as a component that is isolated from other gadgets and frames by a browser, and only those allowed access can view data and code therein. Called functions of a CompoWeb gadget are run in the callee's environment instead of the caller's environment. This adds security, because all the requesting CompoWeb gadget receives is the run result. Embodiments of the system and method also include delayed binding of CompoWeb gadgets, such that binding is performed at run time.10-22-2009
20090064281AUTHENTICATION DEVICE AND NETWORK AUTHENTICATION SYSTEM, METHOD FOR AUTHENTICATING TERMINAL DEVICE AND PROGRAM STORAGE MEDIUM - When an authentication identifier is contained in a first message required for receiving authentication with respect to IEEE 802.1X from a terminal device, the authentication is assumed to be successful and then a data link is established with the terminal device, and a filtering unit is set so as to pass a first packet which should be passed for receiving authentication with respect to a higher layer protocol from among packets sent from the terminal device through the data link and to block a second packet different from the first packet. If a second message required for receiving authentication with respect to the higher layer protocol from the terminal device is received through the filtering unit, the authentication with respect to the higher layer protocol is performed. When the authentication is successful, the filtering unit is set so as to pass the second packet.03-05-2009
20080282324Secure Social Networking System with Anti-Predator Monitoring - The invention provides a method for managing an online social network, the method including the steps of: a) identifying patterns associated with inappropriate user activity; a) monitoring the online actions of at least one user of the social network; b) evaluating online actions taken by the at least one user; and c) comparing the online actions to the identified patterns associated with inappropriate activity.11-13-2008
20080235769SYSTEM AND METHOD FOR ADAPTIVE TARPITS USING DISTRIBUTED VIRTUAL MACHINES - A system and method for adaptive tarpits using distributed virtual machines. A method in an embodiment may include determining an intrusion prevention strategy in response to a potential attack on a network. Then, based on the intrusion prevention strategy, allocating at least one virtual tarpit in the network, where the at least one virtual tarpit is implemented as a virtual machine, and the adapting the at least one virtual tarpit in the network includes one or more of suspending a virtual tarpit, resuming a suspended virtual tarpit and migrating a virtual tarpit to another virtual machine in the network. Other embodiments are described and claimed.09-25-2008
20080235767Method of Controlling Access to a Communication Network - A method of controlling access to infrastructure (09-25-2008
20080289004Method and Module for Protecting Against Attacks in a High-Speed Network - A method, module and computer program for protecting a target against attacks in a high-speed network. The method according to the invention comprises the steps of generating a question, after having received a request from an initiator identified by a sourceID associated to a certain node in the network, sending the question to the node identified by the sourceID, in case that an answer to the question is received, evaluating the answer, and in case that a proper answer has been received, enabling communication between the initiator and the target by sending a further message from the target to the initiator.11-20-2008
20100100937METHOD AND SYSTEM FOR LOCAL SEARCH AND SOCIAL NETWORKING WITH CONTENT VALIDATION - A social networking and local search service validates content including personal information, business information, text, photographs, music, video and/or other media or content. The service provides each member of with the ability to author and share content with the fellow members and visitors. In an embodiment of the invention, if a member claims to be a business owner and provides content for a local business, then the website performs validation functions to authenticate the business information. This allows the website to host only accurate information and allows small businesses to effectively advertise their merchandise.04-22-2010
20100005509SYSTEM, METHOD AND APPARATUS FOR ELECTRONICALLY PROTECTING DATA AND DIGITAL CONTENT - The present invention provides a system, apparatus and method for protecting sensitive data can be provided using a pre-content manager and a post-content manager. The pre-content manager extracts sensitive or non-sensitive data from a data storage on a client, sends the extracted sensitive data to a server for storage, receives a pointer indicating where the extracted sensitive data has been stored and replaces the sensitive data on the data storage on the client with the pointer. The post content manager receives the sensitive data from the pre-content manager and transmits the sensitive data to one or more media devices. The foregoing can be implemented as a computer program embodied on a computer readable medium wherein the steps are executed by one or more code segments.01-07-2010
20080276300Program Execution Device - To provide a program execution device which is capable of notifying time and information related to download and activation of a program.11-06-2008
20080276303Network Type Advertising - A technique for network type awareness involves providing network type information associated with a wireless network to stations. The stations, or users of the stations, can then select which network best meets their needs.11-06-2008
20100275244ENTERPRISE WIRELESS LOCAL AREA NETWORK SWITCHING SYSTEM - A process of controlling a flow of data in a wireless network providing wireless access to the wireless network by wireless devices is disclosed. Data is received from a wireless device by a network device, through one access point of a plurality of access points in communication with the network device, indicating a client identifier for the wireless device. The client identifier is forwarded to an authentication server and the network device mediated authentication of the wireless device with the authentication server. Thereafter, data packets received from portions of the wireless network and from the plurality of access points are evaluated and the received data packets are passed to portions of the wireless network and to the plurality of access points, based on the evaluation of the received data packets. In addition, the network device periodically polls for a status of the wireless device from the access point.10-28-2010
20080244703Quarantine System and Method - A quarantine system QS includes a network connection control apparatus 10-02-2008
20120297453SYSTEM AND METHOD FOR ABSTRACTION OF OBJECTS FOR CROSS VIRTUAL UNIVERSE DEPLOYMENT - A system and method for abstracting objects in a virtual universe (VU) deployment is provided. The system and method abstracts VU objects for editing in a common abstraction utility and for deploying to one or more VU grids containing one or more VU architectures and/or platforms (servers). The method can be implemented in a computer infrastructure having programming instructions operable to: obtain an object associated with a first virtual universe server; translate the object with syntax specific to at least a second virtual universe server, the syntax being different than that used with the first virtual universe server; and deploy the translated object to the second virtual universe server.11-22-2012
20080209516Signature and identity authentication and documentation using a third party witnessed authenticator via a video conference - The method of the present invention functions to perform signature and identity authentication using a third party witness whereby the parties are enjoined via a video conference and whereby an authorized identity document is created. The invention is suited to transactions that require a legally binding, traditional witnessed authentication. The method of the present invention creates legally binding documents that comprise biometric information, including at least one of the group of, a passport, a drivers license, government issued identity card, or an corporate identity document.08-28-2008
20080271117Cascading Authentication System - Generally speaking, systems, methods and media for authenticating a user to a server based on previous authentications to other servers are disclosed. Embodiments of a method for authenticating a user to a server may include receiving a request to authenticate the user to the server and determining whether authenticating the user requires matching an authentication plan. If a plan is required, the method may also include accessing a stored authentication plan with authentication records each having expected information relating to user access to a different server. The method may also include receiving an indication of the user's current authentication plan from an authentication store where the plan has authorization records each having current information relating to user access. Embodiments of the method may also include comparing the stored authentication plan with the received current authentication plan to determine whether they match and, in response to a match, authenticating the user.10-30-2008
20080271120Network Pre-Authentication - A method of dynamic pre-authentication includes receiving at an access point from one or more content platforms a white-list of internet domains that are to be deemed valid for serving content to a non-authenticated user. Updates to the white list are dynamically received from the one or more content platforms which are each responsible for a particular promotional campaign that features specific content. A request is received at the access point from a non-authenticated user for certain of the specific content, which is allowed such that a domain of the content platform responsible for the certain specific content is accessed by the user.10-30-2008
20080209515Location attestation service - In one embodiment a computer system comprises a processor and a memory module coupled to the processor and comprising logic instructions stored in a computer readable medium. The logic instructions, when executed, configure the processor to initiate, in a client computing device, a service request, in response to the service request, initiate a request for a location attestation certificate, and complete the client service request when the location attestation certificate is granted.08-28-2008
20100146588MAPPING PROPRIETARY SSL APIS ONTO OPENSSL APIS - Techniques are described for mapping an emulated SSL implementation to, for example, OpenSSL. An exemplary method includes receiving a request to initiate a communication session from an application, running in an emulation environment, with a first SSL API of an emulated SSL implementation running in the emulation environment, sending the request to a communication interface process that is running in a base computing environment, wherein the emulation environment is a process running on the base computing environment, extracting, with the communication interface process, communication session information from the request, calling, with the communication interface process, procedures provided by a second SSL API of an SSL implementation, in accordance with the request, to initiate a communication session with a computing device, wherein the SSL implementation is a program running in the base computing environment, initiating the communication session with the computing device, and transferring data to the computing device.06-10-2010
20130219467NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE - A network authentication method, a client and a device are provided. The method includes: receiving SYN data sent by a client, where the SYN data includes a sequence number SEQ1 and a network parameter comprising an ID in the header of the SYN data; sending SYN_ACK data to the client, where the SYN_ACK data includes an acknowledgment number ACK2 obtained by carrying out a function transformation according to the network parameter; receiving RST data sent by the client, where the RST data includes a sequence number SEQ3 or an acknowledgment number ACK3, and the RST data further includes a network parameter the same as that of the SYN data; carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and passing the authentication of the client if CHK matches SEQ3 or ACK3.08-22-2013
20130219466UNIFIED CLOUD COMPUTING NETWORK INTERFACE - A cloud computing network device is disclosed. The device is configured to receive a request from a joining device for access to the cloud computing network, and in response to the request, authenticate the joining device according to an authentication protocol. The device is also configured to receive from the joining device an indication of one or more items local to the joining device to be made available to other devices on the cloud computing network, and in response to the indication, provide information identifying items to the other devices on the cloud computing network.08-22-2013
20090165089Methods and Apparatus for Management of User Presence in Communication Activities - Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles.06-25-2009
20130219465METHOD AND APPARATUS FOR SEPARATION OF CONNECTION DATA BY PERIMETER TYPE - A method and a mobile device having a plurality of modes of operation, the method associating each connection interface on the mobile device with one of a plurality of modes; and restricting access to a profile for each connection interface on the mobile device to only a subset of applications based on the mode associated with the profile.08-22-2013
20110219427Smart Device User Authentication - Techniques for simplifying an authentication process from the viewpoint of a user while providing improved security to the many users currently employing no or weak security techniques. In logging into a web site hosted by a web server, a session begins by a user connecting and logging in with a device, such as a personal computer. Rather than a user name and password approach which is presently typical, the personal computer communicates with another user device, such as a smart phone. In one approach, an encoded acoustic signal is employed for this communication. The smart phone securely communicates with an authentication server which informs the web server whether the user has been authenticated or not.09-08-2011
20090183232Data processing network and method for operating a data processing network - During operation of a data processing network, including a number of individual devices enabling user access, an identification object that can be carried by a user of the data processing network exchanges data in a wireless fashion with an access control device connected to an individual device, as soon as the identification object is sufficiently close to the access control device. In at least one embodiment, the user is allowed access to the data processing network as a function of data stored on the identification object and transmitted to the individual device. If a second identification object approaches the access control device, the different identification objects are assigned different usage rights as a function of the time that has elapsed between the detection of the identification objects by the access control device.07-16-2009
20090165091METHOD AND SYSTEM FOR NETWORK ACCESS AND NETWORK CONNECTION DEVICE - A network access method and system and a network connection device are provided. A network connection device connected between a first network and a second network obtains first network attribute information about a first network device according to an access request for accessing the second network from the first network device on the first network. The network connection device performs authentication on whether the first network device has a right to access the second network based on the first network attribute information. If the authentication is passed, the network connection device connects the first network device into the second network. If the authentication is not passed, the network connection device prohibits the first network device from accessing the second network.06-25-2009
20090187971METHOD AND PROCESSOR FOR DELEGATED TRANSMISSION/ RECEPTION OF A SESSION INITIATION PROTOCOL, SIP, MESSAGE - A method for delegated transmission/reception of a Session Initiation Protocol, SIP, message, where delegation related header fields or header field parameters are extended in the SIP message and a SIP processor processes the message according to the extended header fields or header field parameters to implement the delegation function at the SIP layer. Accordingly, an SIP processor is provided. Because delegation is implemented at the SIP layer, the delegation mechanism is independent of services and therefore can be applied to different services. This facilitates multiplexing and uniform management of the delegation function.07-23-2009
20090019522WEB BASED APPLICATION CONSTRUCTOR USING DATA SPACES - A web-based application constructor can be used for constructing a web display. The web-based application constructor can obtain data from heterogeneous data sources to produce the web display. The web display can contain page components and display the data from at least some of the heterogeneous data sources. The system can allow for the construction of user interfaces to access different types of data.01-15-2009
20090178116Communication control device and communication control system - The present invention provides a technique for improving the security of access to contents.07-09-2009
20090178118Methods of and Systems for Offering and/or Providing Information - There is provided a method of selecting information, the method comprising attempting to authenticate a mobile device (07-09-2009
20090178117SYSTEM AND METHOD OF RETRIEVING A SERVICE CONTACT IDENTIFIER - Aspects of the invention relate to a system and method of retrieving a service contact identifier for providing a service to a user is proposed. The method is performed in a system comprising at least one server system configured for connecting to a user device of said user. The server system has access to a database comprising at least a first service contact identifier required for providing a first service and a second service contact identifier required for providing a second service. The first service is identified by a first service identifier. The first service contact identifier and second service contact identifier are different service contact identifiers. The first service identifier and a service contact identifier are received from the user device of said user. The first service contact identifier may then be retrieved in dependence of the received first service identifier and the received service contact identifier, irrespective of whether said received service contact identifier is said first service contact identifier or said second service contact identifier.07-09-2009
20110225629CAPTCHA (Completely Automated Public Test to Tell Computers and Humans Apart) Management Methods and Systems - CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) management methods and systems are provided. First, information trusted by a server and a client is determined. The server generates CAPTCHA data, and combines the information trusted by the server and the client with the CAPTCHA data. The server transmits the CAPTCHA data to the client. The client determines whether to perform subsequent operations based on the CAPTCHA data according to the information trusted by the server and the client.09-15-2011
20120198519Restricting Network Access While Connected to an Untrusted Network - In an example embodiment, disclosed herein is an apparatus comprising an interface configured to communicate with at least one external device, and processing logic coupled with the interface. The processing logic determines whether the interface is connected directly to a predefined network. The processing logic restricts access to the interface responsive to determining the interface is connected to a network other than the predefined network. The processing logic does not restrict access to the interface while the interface is directly connected with the predefined network.08-02-2012
20090144806Handling of DDoS attacks from NAT or proxy devices - A method for authenticating communication traffic includes receiving an initial incoming message, sent over a network from a source address to a destination address. In reply to the initial incoming message, an outgoing message containing an encoded token is sent to the client. Upon receiving a number of further incoming messages from the source address containing the encoded token, delivery of one or more of the further incoming messages to the destination address is inhibited when the number exceeds a predetermined threshold.06-04-2009
20090144807METHOD, APPARATUS AND SYSTEM FOR IMPLEMENTING ACCESS AUTHENTICATION - The method, apparatus and system for access authentication include: the network node sends the authentication information to the authentication server, the authentication server deals with the authentication process. When the authentication is successful, the network node is trusted. The UE may send authentication information through the trust node to the authentication server, and the authentication server deals with the authentication process. At the same time, the trust node controls the UE according to the information, which is from the policy server. So the NSP may account to the different users according to the different services, and prevent the illegal action, and the network node may deal with local monitoring according to the policy information.06-04-2009
20090025059IP SERVICE AUTHORIZATION IN WIRELESS COMMUNICATIONS NETWORKS - Systems and methodologies are described that facilitate protocol address assignment using protocols compatible with specified domains for mobile devices. Devices can request wireless network access through a gateway, which can forward an authentication/authorization request to an authentication server. Upon successful authentication, the authentication server can transmit one or more domain identifiers related to the device or a user thereof. Using the domain identifier, compatible protocols can be determined for use in configuring the device for subsequent domain communication.01-22-2009
20090025060METHOD AND APPARATUS TO IMPLEMENT SECURITY IN A LONG TERM EVOLUTION WIRELESS DEVICE - A wireless transmit receive unit (WTRU) is configured to receive unciphered and ciphered messages. The unciphered messages include identity requests, authentication requests, non-access stratum (NAS) security mode commands and tracking area update responses. The ciphered messages may come from the NAS and a Radio Resource Controller (RRC). The messages are ciphered using security keys.01-22-2009
20090025058Methods and apparatuses for introducing devices with simple user interfaces into a secure network community - A method for introducing devices with simple user interfaces into a network community. A user pushes a button on a first device that listens for messages from central points for two seconds and, if no such message is received, becomes a central point and starts sending broadcast ID messages. The user the pushes a button on a second device to be insert, which after interaction with the central point enters a selected state. Noticing this on the user interface of the second device, the user pushes the button on the first device again, and after further communication between the devices, they enter an associated state, which can be verified on the user interface of the first device. Also provided is a first device.01-22-2009
20110225627Access Limited Search Results - Apparatuses, systems and methods are provided for accessing a document management application through a network, wherein search results provided to an application user, via a user interface, do not include documents or document data that are not within the extent of the data accessible by the specific user.09-15-2011
20110225628INFORMATION INPUT ASSISTANCE DEVICE, COMPUTER-READABLE MEDIUM, AND INFORMATION INPUT ASSISTANCE METHOD - An information input assistance device includes an identification unit, a generation unit, and a processing unit. The generation unit acquires attribute information corresponding to a user identified by the identification unit from a first memory, acquires rule information corresponding to a transmission destination of input information and a class of input information from a second memory, and generates the input information corresponding to the identified user on the basis of the acquired attribute information and the acquired rule information. The processing unit performs processing that transmits the input information generated by the generation unit to the transmission destination.09-15-2011
20090199271IMPLICIT POPULATION OF ACCESS CONTROL LISTS - Communication applications may include lists of users with which a user of the application communicates. If two users of a communications application each include the other user on their user lists, an implicit trust may be established between the users. For example, if user A includes user B in her list and user B includes user A in his list, then it may be determined that each user knows and/or trusts the other user. As a result, a connection or communications pathway may be automatically created between the client devices of the users to facilitate communications between the users based on the implicit trust.08-06-2009
20090199272AUTHENTICATION USING A TURING TEST TO BLOCK AUTOMATED ATTACKS - System and methods for authenticating a transaction between a user system and a host system are described herein. In one embodiment, the system and methods use a text-reading test (TRT) image as part of the authentication process. The TRT image is presented to the user upon initiation of a transaction by the user. Information provided by a user, via the user system, after perception of the TRT image is compared to the source information in the TRT image. If the user input corresponds to the source information, the user is authenticated and transaction is allowed to proceed.08-06-2009
20090083836PREVENTING A NON-HEAD END BASED SERVICE PROVIDER FROM SENDING MEDIA TO A MEDIA PROCESSING SYSTEM - Systems and methods that prevent unauthorized access in a communications network are provided. In one embodiment, a system that prevents unauthorized access to a network device may include, for example, a network device and a headend. The headend may be coupled to a communications network. The network device may be deployed in a home environment and may be communicatively coupled to the communications network via the headend. The headend may be adapted, for example, to determine whether a request to access the network device is authorized.03-26-2009
20090044252SYSTEM, METHOD, AND PROGRAM FOR INSTANT MESSAGINGS - A method for delivering an instant message in a server connected to two or more computers via a network is provided. The two or more computers include groupware clients in which a user can perform login at the same time, using the same user ID, and for which status that may be different from each other can be set. Embodiments of the method includes authenticating a user of a groupware client who attempts to perform login using a user ID, recording the user ID and status information in association with an instant messaging user ID, receiving an instant message addressed to the user ID, and determining, on the basis of the status information, which of two or more client computers the instant message is sent to.02-12-2009
20110145890ACCESS METHOD SUITABLE FOR WIRELESS PERSONAL AREA NETWORK - The embodiments of the invention disclose an access method suitable for wireless personal area network (WPAN). After the coordinator broadcasts the beacon frame, according to the beacon frame, the equipment identifies the authentication demand and the authentication mode required by the coordinator to the equipment. If the coordinator has no authentication demand to the equipment, the equipment and the coordinator carry out the association processes directly; otherwise, based on a selected authentication mode and the corresponding authentication mechanism negotiation information, the equipment sends the authentication access request to the coordinator; then based on the authentication mode selected by the equipment, the coordinator carries out the processes of authentication and session key negotiation with the equipment; finally, the coordinator sends the authentication access response to the equipment, when the authentication state in the authentication access response is success, the equipment carries out the association processes with the coordinator. The processes of authentication and the session key negotiation can be based on primitive control, and also can be based on port control. If the equipment is associated with the coordinator successfully, the coordinator distributes a network address to the equipment, and therefore the equipment can communicate with the coordinator normally. The invention solves the technical problems of lower security and lower efficiency in the existing WPAN access methods.06-16-2011
20110145889SYSTEM AND METHOD FOR VERIFYING DELIVERY AND INTEGRITY OF ELECTRONIC MESSAGES - In order to provide third party verification of the content and delivery of an electronic message such as an e-snail, a server receives the e-mail intended to be sent or forwarded to a specified addressee, and “tags” the message to indicate that it is “registered” with the provider of the service. The server then establishes a direct telnet connection with the addressee's Mail User Agent (MUA), and transmits the tagged email to the addressee's MUA, as well as to the MUA's of any other addressees. After receiving responses from the receiving MUA's that the message was successfully received, the server then creates and forwards to the message originator an electronic receipt. The receipt includes one or more, and preferably all of, the following: the original message including any original attachments; a delivery success/failure table listing which addressee's MUA's successfully received the message and at what time, and for which MUA's there was a delivery failure; and a digital signature corresponding to the message and attachments. By receiving the receipt at a later date and verifying that the digital signature matches the message and related information, the operators of the system can provide independent third party verification that the receipt is a genuine product of their system and that the information pertaining to content and delivery of the message is accurate, without the need to archive either the original message or the receipt.06-16-2011
20110145888ELECTRONIC MONITORING SYSTEM AND METHOD - An electronic monitoring system located in a second service area when an electronic monitoring target has moved from a first service area having a first authority to the second service area having a second authority starts electronic monitoring for the electronic monitoring target that has moved into the second service area, configures a temporary electronic monitoring authority based on the first authority and the second authority, and executes the electronic monitoring on the electronic monitoring target in the second service area according to the configured temporary electronic monitoring authority.06-16-2011
20110145887System and Method of Selectively Applying Security Measures to Data Services - Systems and methods of applying security measures to data services are disclosed. In one embodiment, a processor determines when more than one data service is used by or is accessible to a subscriber device and applies a security measure to at least one data service.06-16-2011
20090064279System for secure remote access and control of computers - A system that anyone with a internet browser can use to set up a high security VPN between a mobile wireless hand-held devices or computer and a remote computer and operate control the remote computer. A automated internet browsers sign-up process that sets up a subscription to a VPN service and installs the required software components. A system to provide data and access control security as well as simulating a display, keyboard and mouse on a hand-held device with only a touch screen is also disclosed.03-05-2009
20120079565METHODS AND SYSTEMS FOR PROVIDING WEB APPLICATIONS - Methods and systems consistent with certain disclosed embodiments provide applications. In one embodiment, a system is disclosed that provides applications. The system may include a computer system that receives a request related to an application and a database system. The database system may include a database and an application server module and a framework of software modules logically arranged to provide controlled access to data in the database. The application server module may use the data to generate content to generate a Web page related to the application. Further, the software modules may be logically arranged in layers such that access to data or software in a software module of one layer is performed by executing software in another software module of another layer.03-29-2012
20120079563METHOD AND APPARATUS FOR MINIMIZING NETWORK VULNERABILITY VIA USB DEVICES - A device for preventing the rewriting and revision of the firmware installed on one or more USB devices, the device including a male Universal Serial Bus (USB) connector for connecting the device to a host, a female USB connector for receiving the USB device, an integrated circuit, and a detector blocking the transmission of a device firmware update (DFU) from the host to USB device.03-29-2012
20120079562METHOD AND APPARATUS FOR VALIDATING RESOURCE IDENTIFIER - An approach is provided for requesting access to content associated with a resource identifier. A system receives a first request to access content associated with a resource identifier. The system then determines to generate a second request for validating the content based, at least in part, on the resource identifier and to transmit the second request to a validation service. The system receives validation information based, at least in part, on the second request. In one embodiment, the validation information includes a preview of the content.03-29-2012
20080263634Method and System for Providing On-Demand Media Streaming from a User's Own Library to a Receiving Device of the User - A system and method are provided for on-demand media streaming from a user's own media library to a user's receiving device that may be located in a different location from that where the media library is stored. The present invention provides an out-of-the box on-demand media server device that may be used by itself, in conjunction with a personal computer, or in conjunction with a personal home stereo system or video system. The on-demand media server includes security mechanisms that allow a user to establish a private server that only the user may communicate with and gain access to the user's media library. In one particular embodiment, a smart card or other removable media are used as a security device to ensure that access to the media files on the user's personal on-demand media streaming server is limited to the user. In addition, the system and method provides an on-demand conversion of the media in the user's personal media library to an appropriate format.10-23-2008
20080263633Systems and Methods of Network Operation and Information Processing, Including Data Acquisition, Processing and Provision and/or Interoperability Features - According to some embodiments of the present invention, a system, apparatus and method of network operation and information processing, including data acquisition, data processing, data provision, and/or data interoperability features is presented. In some exemplary embodiments, the method includes registering users logging-on to a computer network and gathering user-related information from users. In one or more embodiments, user-profile and location-centric information for each user may be gathered and/or processed in connection with processing targeting and content information.10-23-2008
20110231902Controlling Device - A controlling device may acquire setting information regarding a wireless setting for a wireless communication currently being set in a wireless communication device. The controlling device may determine, using the setting information, whether the wireless setting indicates a first type of authentication method in which an authentication is performed by an authentication server or a second type of authentication method in which an authentication is performed by a device with which the wireless communication performing unit performs a wireless communication directly. The controlling device may provide a first screen to a displaying unit in a first case where a determination is made that the wireless setting indicates the first type of authentication method. The controlling device may provide a second screen which is different from the first screen to the displaying unit in a second case where a determination is made that the wireless setting indicates the second type of authentication method.09-22-2011
20090049520METHOD OF CONTROLLING A CONFERENCE SYSTEM, PROGRAM PRODUCT, AND STORAGE MEDIUM - A conference system includes a storage unit configured to store electronic data used as conference material, a display unit configured to display electronic data stored in the storage unit, an identifying unit configured to identify an attendee of a conference, and a memory unit configured to store information about an attendee identified by the identifying unit as viewing history information in association with electronic data displayed by the display.02-19-2009
20110231903STREAMING MEDIA FOR PORTABLE DEVICES - A system and method for allowing hand-held/wireless device devices to (1) provide audio/video conferencing; (2) access AV content through streaming and cloud transfer; and (3) offer hand-held and computer access to cameras and sensors for surveillance using ordinary personal computers as proxy servers is described. In a first aspect, a remote view streaming system which comprises a webcam server which enables streaming video over a network is disclosed. The system includes a portable device. The portable device includes a client application. The portable device is configured to receive the streaming video from the network and display it on a screen. The system includes a proxy server for authenticating a connection between the webcam server and the portable device. In a second aspect, a portable device is disclosed. The portable device comprises a client application; wherein the client application includes authentication information to allow connection to the proxy server and in turn can be connected directly to a webcam server if the webcam server has proper authentication.09-22-2011
20110231905METHOD AND COMMUNICATION SYSTEM FOR THE AUTHORIZATION-DEPENDENT CONTROL OF A CONTACTLESS INTERFACE DEVICE - A method for the authorization-dependent control of a contactless interface device of a communication device includes authenticating a user to the communication device. The contactless interface device is then deactivated so as to prevent a data transmission via the contactless interface device.09-22-2011
20110231904Automatic Notification System and Process - Receiving a notification message by a mobile subscriber can include establishing a session with a notification service; maintaining a persistent communication connection with the notification service after the session is established; subscribing to a node hosted by the notification service, wherein the node is pre-provisioned for use by a mobile subscriber; and receiving from the notification service a notification message corresponding to the subscribed node. Further, a message can be transmitted over the communication connection to the notification service at a predetermined interval and it can be determined whether the communication connection is viable. Additionally, it can be determined that the communication connection is no longer viable if no response is received from the notification service, the period of the predetermined interval can be decreased, and another session with the notification service can be established.09-22-2011
20110231901MANAGEMENT SYSTEM, PROGRAM RECORDING MEDIUM, AND PROGRAM DISTRIBUTION APPARATUS - The management system of the present invention is capable of efficiently discovering each apparatus coupled to a communication network. The management server 09-22-2011
20090083835NETWORK ACCESS CONTROL - An system for controlling access to a network by a user device. The system includes a criteria engine that generates a plurality of criteria to be monitored on the user device and a checker that generates at least one check for each of the plurality of criteria. The system further includes a profiler that retrieves a profile for the user device, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria, a comparator that compares a summary of the retrieved profile to a summary of a profile received from the user device and a communicator that communicates a message to the user device based on the comparison.03-26-2009
20120144451GEOLOCATING NETWORK NODES IN ATTENUATED ENVIRONMENTS FOR CYBER AND NETWORK SECURITY APPLICATIONS - A system and method for verifying and/or geolocating network nodes in attenuated environments for cyber and network security applications are disclosed. The system involves an origination network node, a destination network node, and at least one router network node. The origination network node is configured for transmitting a data packet to the destination network node through at least one router network node. The data packet contains a security signature portion, a routing data portion, and a payload data portion. The security signature portion comprises a listing of at least one network node that the data packet travelled through from the origination network node to the destination network node. In addition, the security signature portion comprises geolocation information, identifier information, and timing information for at least one network node in the listing.06-07-2012
20090210927AUTHENTICATION APPARATUS, AUTHENTICATED PRINTING SYSTEM, AND AUTHENTICATION METHOD - An authentication apparatus of the invention performs an authentication process based on authentication data input from a device used for data entry. The authentication apparatus receives device identification information for identifying the device and matches the received device identification information against authentication-authorized device identification information representing that the device is authorized to be used for authentication. In the case of failed matching of the received device identification information with the stored authentication-authorized device identification information, the authentication apparatus restricts the authentication process. This arrangement ensures the high security in an authenticated printing system including a printing apparatus connectable with at least one device used for entry of authentication data.08-20-2009
20090150976IP SERVICE CAPABILITY NEGOTIATION AND AUTHORIZATION METHOD AND SYSTEM - A method and system for negotiating and authorizing one or more IP services among a plurality of network entities in a wireless communication system is disclosed. In one embodiment, a system includes a transceiver module configured to receive one or more parameters of an access service network at a home connectivity service network of a mobile station. In addition, the one or more parameters of the access service network may be received at a visited connectivity service network, which transmits the one or more parameters of the access service network and one or more parameters of the visited connectivity service network to the home connectivity service network. This system further includes a home server unit authorizing one or more IP services, and transmitting network configuration information related to the authorized one or more IP services to the access service network.06-11-2009
20090013380Networks - A Personal Area Network Security Domain (PSD) is formed between devices (01-08-2009
20080289005SYSTEM AND METHOD FOR DIGITALLY AUTHENTICATING FACILITY MANAGEMENT REPORTS - A method for generating and digitally authorizing a report indicating the performance conditions of a facility are provided. The method is intended for use in allowing facility managers to document the performance of their facilities. The present invention allows a user to generate a PDF report indicating the status of facility that can be digitally authenticated by the user. Any attempted modifications of a digitally authenticated report are documented so that the accuracy of the report can be verified.11-20-2008
20090222890METHOD AND APPARATUS FOR PROVIDING STREAMING SERVICE BASED ON P2P AND STREAMING SERVICE SYSTEM USING THE SAME - A method and apparatus for providing a stream service based on P2P and a streaming service system using the same are provided. In order to provide the stream service to peers without concentrating the load thereof to a server, the each peer includes an apparatus for providing a streaming service. The streaming service apparatus includes a peer communication module, a storing unit, and a peer server unit and a peer client unit. By using a streamable software list and a peer list transmitted from the peer communication module, the peer server unit for receiving a streaming service request from other peers, reading corresponding software from the storing unit and providing a streaming service for the read software. Also, the peer client unit requests a streaming service for predetermined software to other peer, and stores streamable software, which is received from other peers through the streaming service, in the storing unit.09-03-2009
20120198520Machine-To-Machine (M2M) Call Flow Security - Systems, methods, and instrumentalities are disclosed to provide secure operations in an M2M device. An M2M device may receive an indication that an operation to be performed is security sensitive. The M2M device may determine that the operation is to be performed in a secure environment on the M2M device. The secure environment may be a logically distinct portion of the M2M device. The determination may be made in in accordance with a policy. For example, the M2M device may determine that the operation meets a requirement specified in the policy indicating that the operation is to be performed in the secure environment. The M2M device may perform the operation in the secure environment on the M2M device. The M2M device may store a result relating to the operation in the secure environment.08-02-2012
20090210926 METHOD FOR MAINTAINING PLESIOCHRONOUS ENTITIES - Methods and system are provided such that a Client device can send a synchronization signal to a Server device, and the Server can make the necessary adjustments to maintain the two devices plesiochronous. Further, the server is provided with the capabilities to calculate the Client time. That is, the server is configured to perform the necessary steps, as per the methods of this invention, in order to be able to compute the Client's CT08-20-2009
20090222891METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USER IDENTITY - A method and system for authenticating an internet user identity by cross-referencing and comparing at least two independent sources of information. A first IP address of an internet user is identified and the geographical location of the first IP address is traced to determine a first location. The geographical-location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated. Geographical information is maintained in an updatable cache.09-03-2009
20090241168SYSTEM AND METHODS FOR PROTECTING CONFIDENTIAL INFORMATION ON NETWORK SITES BASED ON SECURITY AWARENESS - A system for protecting confidential information based upon user security awareness is provided. The system includes a network interface for connecting the system to a plurality of remotely-located network sites. The system also includes one or more processors on which at one or more data processing feature execute in response to a request received from a user of one of the remotely-located network sites. The system further includes a security-awareness module configured to execute in conjunction with the one or more processors for determining a measure of security awareness of the user, and for granting or denying the user access to the at least one data processing feature based upon the measure of security awareness.09-24-2009
20090222892REMOTE ACCESS SYSTEM, METHOD AND PROGRAM - A remote access system comprises a remote terminal, an access server accommodating a connection from the remote terminal, and first and second logical channels logically connecting the remote terminal and the access server. The remote terminal comprises a flow search processing unit that classifies flows. The access server comprises a pass determining unit that determines whether a flow can pass or not, and a flow search processing unit that classifies flows. The first logical channel is used to transfer packets included in a flow that needs to be judged by the access server as to whether it can pass or not. The second logical channel is used to transfer packets included in a flow that has been permitted by the access server to pass.09-03-2009
20090222888COMMUNICATING A PASSWORD SECURELY - A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base.09-03-2009
20080271118METHOD OF PROTECTING AGAINST DENIAL-OF-SERVICE ATTACKS - An apparatus and method of protecting against a denial-of-service (DoS) attack are described. The apparatus comprises a classification engine, a meter engine, and a copy engine. The method comprises assigning a received packet to a meter based upon a classification of the network packet, determining that a DoS attack is in progress based upon a meter count, copying at least one packet from the meter to a processor; and suppressing the copying of subsequently received network packets to the processor.10-30-2008
20090254974Method and Apparatus for Open Internet Security for Mobile Wireless Devices - A method and apparatus for a wireless communication network with mobile wireless devices, where the wireless communication network is at least in part controlled by a wireless network service provider that provides wireless network services to subscribers, the wireless devices including terminals capable of communication in the wireless communication network and capable of connecting to the Internet, each terminal having a removable USIM under the control of the wireless network service provider, wherein the USIM is provided to a subscriber for installation in the subscriber's terminal for controlling the terminal's access to the service provider's wireless communication network and to the Internet.10-08-2009
20120131641OPTIMIZING INTERACTIONS BETWEEN CO-LOCATED PROCESSES - In one set of embodiments, methods, systems, and apparatus are provided to enable secure local invocation of a web service in response to receiving a request from a first composite application to invoke a web service operation of a second composite application, where the first application is associated with a reference policy, and the second application is associated with a service policy, then determining, based upon the service policy and the reference policy, whether local invocation is secure, and invoking the operation using the local invocation in response to determining that the local invocation is secure. Attributes associated with the reference and service policies can indicate whether those policies can be used in a local invocation, or if user authentication is needed before performing the invocation with those policies. The local invocation may comprise a procedure call in an application server from the first application to the second application.05-24-2012
20090222889REMOTE DISABLEMENT OF A COMPUTER SYSTEM - Methods and arrangements for ensuring that, when a computer system is stolen or otherwise misplaced, the system is rendered unusable (i.e., locked down). Conventional solutions have required software running on the system to perform the lockdown action, but in accordance with at least one preferred embodiment of the present invention is the linkage of TPM (Trusted Platform Module) and AMT (Active Management Technology) solutions whereby an AMT arrangement can remove secure data or identifiers so that any encrypted data present on the system will become unusable.09-03-2009
20090249444METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR OPERATING A COMMUNICATIONS NETWORK WITH ENHANCED SECURITY - A communications system includes a plurality of patch panels having a plurality of connector ports connected to individual communication channels, a switch that provides access to multiple networks via one or more switch ports, a system manager that controls interconnections between the patch panels and the switch, and a plurality of patch cords configured to selectively interconnect patch panel connector ports. The system manager is configured to receive a request to connect an individual communication channel to a specific network, to identify which patch panel connector ports are required to be patched together via one or more patch cords in order to establish a circuit to the requested network, and to enable a switch port to activate the circuit. The system manager is configured to monitor connectivity of a circuit and to park a switch port associated with the circuit in response to detecting a change in circuit connectivity.10-01-2009
20090260061SYMBIOTIC NETWORK DIGITAL DOCUMENT LAYERING AND/OR STEGANOGRAPHY METHOD, ARTICLE AND APPARATUS - What is provided are methods, articles and apparatuses for digital document layering, watermarking holding messages, and/or general steganography over a symbiotic network.10-15-2009
20090307752NETWORK DEVICE MANAGEMENT APPARATUS AND CONTROL METHOD THEREOF - A network device management apparatus includes a search unit configured to search for a network device supporting a first communication protocol, an authentication information input unit configured to input authentication information used in communication with the network device using the first communication protocol, an authentication executing unit configured to execute authentication of the network device by using the authentication information, a first checking unit configured to, when the authentication by the authentication executing unit is successful, check whether a second communication protocol different from the first communication protocol is enabled in the network device, and a setting changing unit configured to change a setting of the second communication protocol depending on a result of the checking performed by the first checking unit.12-10-2009
20090254975Location Based Authentication - The present invention relates to authenticating a mobile device using logical location information associated with the device which provides an indication of the proximity of the device to other devices. The present invention provides a mechanism for authenticating a mobile device based on location related information or a “logical location”, but without requiring an actual location. The mobile user device identifies or discovers other devices, using direct wireless communication, within its vicinity and forwards this information to the authenticating authority. If this information matches previous or otherwise predetermined information, then the device is authenticated.10-08-2009
20090249446METHOD AND SYSTEM FOR MANAGING ENTERPRISE CONTENT - A method and system for providing a consistent flow documents and data content across different organizational units of a company or agency where the documents and data come from different enterprise systems and data stores but are related to linked processes that share models for organizing the content in the business context and in a format that enables a user to relate the content to the process step or steps they are performing. The system includes a network service that enables a configuration utility to automatically discover the objects and metadata and provides for a mapping of selected fields of the metadata to regions displayed in the user interface view with provision for filtering the data by mapping selected fields to a user input form. Thereby, a business analyst can create solutions without writing and maintaining complex program logic for each combination of presentation environment, enterprise system and data store.10-01-2009
20090249445Authentication of Websites Based on Signature Matching - There are disclosed methods, computer-readable media, and apparatus for authenticating a target website. A repository that stores data on a plurality of known authentic websites may be provided. The stored data for each of the plurality of known websites may include identifying labels and a signature content set. A target website may be authenticated by comparing the identifying labels and a signature content set of the target website to corresponding data stored in the repository.10-01-2009
20100162360USER AUTHENTICATION APPARATUS AND METHOD FOR SUPPORTING PMIPv6 IN NEXT GENERATION NETWORKS - Provided are a user authentication apparatus and method for supporting PMIPv6 (Proxy Mobile Internet Protocol version 6) in next generation networks. Authentication and mobility signaling protocol can be performed without having an additional signaling process when a mobile terminal moves by extending user profiles of the next generations to support the PMIPv6.06-24-2010
20100162358Media Processing Device For Providing Access To Images In Remote Databases And Method Thereof - Disclosed are a media processing device for providing access to images in a remote database and a method thereof. The media processing device includes an input module, a transceiver module and a user interface module. The input module is configured to receive an input from a user. The transceiver module is communicably coupled to a remote database for transmitting the input to the remote database and receiving one or more images from the remote database based on the input. The user interface module is configured to display at least one image of the one or more images to the user.06-24-2010
20090260062REAL-TIME ONLINE COMMUNICATIONS MANAGEMENT - Every day many people use real-time online communication applications in business communications. Although instant message communications can be sent via a secure channel, users can accidentally send instant messages to unintended recipients by typing or pasting text and images. This can lead to unintended information security failures. Implementing functionality to prioritize chat windows within a real-time online communication application reduces the likelihood of sending messages to incorrect recipients.10-15-2009
20090260063IMAGE FORMING SYSTEM AND IMAGE FORMING APPARATUS - An image forming system includes: an authentication server device having user information, for performing a user authentication via a computer network; and an image forming apparatus including: an authentication unit for accessing the authentication server device to perform an authentication processing for a user; and a data storage device for storing therein document data generated by an image forming processing based on the user's operation, and storing document attribute information, which has the same attribute items as a part of, or all of, attribute items of the user information held by the authentication server device, in association with the document data.10-15-2009
20090260060RICH MEDIA COLLABORATION SYSTEM - A user annotates a shared document with text, sound, images, video, an e-mail message, graphics, screen snapshots, web site snapshots to share with others. The document and its annotations are stored in a digital object repository to which other users have access. Within the closed collaboration system, only users who are authenticated may upload digital objects, annotate digital objects and view objects and their annotations. The user sends a message to other users to invite them to view the object and its annotations and to add their own annotations. An annotated object generates an alert for all of the invited users. A remote authentication gateway authenticates users and has a repository for user metadata. Digital object repositories are separate from the authentication gateway, thus providing for disintermediation of the user metadata from the digital object data. The collaboration system may be hosted by a third party on a server computer available over the Internet that displays a web site. A user is not required to have collaboration system software on his or her computer and may annotate any image on the web site for later viewing by other users of the web site.10-15-2009
20080307498ACCESS CONTROL FOR SERVER-BASED GEOGRAPHIC INFORMATION SYSTEM - A number of geospatial attributes or parameters associated with GIS data are used to filter requests for geo-visualization of the data and to determine whether the request is subject to a restriction. Access to GIS data may be controlled for a variety of reasons including security concerns, proprietary concerns, or merely to generate revenue for a particular data source. In an open or public platform, contributors of GIS data accessible for geo-visualization may place limits or restrictions on the availability of or accessibility of the GIS data. The contributor may tag or otherwise encode an entire dataset or portions of the dataset with restriction instructions associated with one or more geospatial attributes. In a public platform, access to data is controlled based upon the geospatial attributes, for example, the geospatial location (coordinates) of a map tile request, scale of a map tile request, resolution of a map tile request, payment for access, the combination of layers requested, or freshness or staleness of data requested.12-11-2008
20080307499Upgradable Security Module - The aim of the present invention is to provide a security module capable of supporting the different functions of the latest and the previous generations, by avoiding any possible attack due to this adaptability.12-11-2008
20080307501Network Device Management - A method is provided to dynamically interact with a plurality of enabled devices within a personal network. Individual ones of the devices are configured to interoperate with a service provider network and configure or alter services to individually identifiable devices.12-11-2008
20080307500USER IDENTITY MANAGEMENT FOR ACCESSING SERVICES - Previously, a first server generates the identity of the user of a terminal. A second server generates a digital identification file concerning the user and including at least one access attribute for access to a first server. In response to a request relating to a service from the terminal to a third server dispensing the service, the reference of a selected file selected by the user is transmitted from the terminal to the second server. The second server transmits the access attribute to the terminal so that the terminal transmits it to the third server. The third server requests in conjunction with this attribute an authentication of the user by the first server. When the user is authenticated, an authentication file is stored and the user identity is transmitted from the first server to the third server that enables the requested service to be transmitted to the terminal.12-11-2008
20100162362Enterprise Management of Public Instant Message Communications - Techniques are described that enable enterprise management of public instant message (IM) communications. When a user requests a connection with a public IM service, the connection request is redirected to a gateway server that is associated with a domain specified in the user's user ID. The gateway server acts as a pass through server between the user's IM client application and the public IM service. The gateway server may be configured to log IM communications in which the user participates. The gateway server may also be configured to control whether or not the user is able to participate in point-to-point communications through the user's IM client application. An enterprise routing server may also be implemented in a geo-distributed enterprise to route a redirected public IM connection request to an enterprise IM gateway server based on a geographic location associated with the user.06-24-2010
20100162361REPLICATING SELECTED SECRETS TO LOCAL DOMAIN CONTROLLERS - A domain controller hierarchy includes one or more hub domain controllers in communication with one or more local domain controllers, such as local domain controllers at a branch office. The hub domain controller(s) is writable, while the local domain controller(s) is typically read-only. Non-secure and secure information is partitioned to specific local domain controllers at the one or more hub domain controllers. The non-secure and secure information is then passed from the hub domain controller only to the local domain controller associated with the given partition at the hub domain controller on request. For example, a user requests a logon at a client computer system at a local branch office, and the logon is passed from the local domain controller to the hub domain controller. If authenticated, the user logon account is passed to the local domain controller, where it can be cached to authenticate subsequent requests.06-24-2010
20100162357IMAGE-BASED HUMAN INTERACTIVE PROOFS - This document describes image-based human interactive proofs (HIPs). In some cases these proofs may be used when a browser at a client is used to access resources from a web server. Before access to the resources is enabled, the client can be challenged by the web server with an image-based puzzle. The image-based puzzle is configured to enable distinctions to be made between human input and non-human input. Input to answer the image-based puzzle can be formed via the client and communicated to the web server. The web server receives the input from the client and selectively enables client access to the resources based upon the input. In at least some embodiments, the web server can make use of a community database that stores client answers to image-based puzzles to assist in distinguishing between human input and non-human input.06-24-2010
20100192199CREATING AND USING A SPECIFIC USER UNIQUE ID FOR SECURITY LOGIN AUTHENTICATION - A method of monitoring all network login activity, which includes a real-time analysis of intercepting all network login activity, analyzing network login activity, authenticating network login activity and closing (i.e., terminating) those network login connections that are not authenticated to proceed and access the network.07-29-2010
20100186066METHODS AND SYSTEMS FOR FACILITATING PERSONAL DATA PROPAGATION - Methods and systems for facilitating the propagation of personal data are provided. Example embodiments provide a Personal Data Propagation Environment (“PDP environment”), which facilitates the propagation of personal data items between secure personal data stores and various consumers of the personal data items. In one embodiment, the PDP environment includes a personal data manager and a personal data subscriber. The personal data manager manages personal data items on a secure data store associated with a user computing device. The personal data manager provides access to personal data items stored on the secure data store in accordance with a personal data subscription associated with the personal data subscriber. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.07-22-2010
20100175107SECURE WORKLOAD PARTITIONING IN A SERVER ENVIRONMENT - Generally speaking, systems, methods and computer program products for creating a secure workload partition in a server environment are disclosed. Embodiments of the method may include creating, for a process associated with a client network service, a secure workload partition within a logical partition executing in a server environment having a root partition where the secure workload partition has no network interfaces and no communication with any other workload partitions within the logical partition. Embodiments of the method may also include establishing an alternative network connection for the process within the created secure workload partition without establishing a network interface for the secure workload partition and without establishing communication with any other workload partitions within the logical partition. Embodiments of the method may also include executing the process within the secure workload partition to provide the client network service.07-08-2010
20100192201Method and Apparatus for Excessive Access Rate Detection - A system and method for protection of Web based applications are described. Anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. Excessive access rates are one type of anomalous traffic that is detected by monitoring a source and determining whether the number of requests that the source generates within a specific time frame is above a threshold. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat. Various responsive actions may be taken in response to detection of an excessive access rate.07-29-2010
20100154032System and Method for Classification of Unwanted or Malicious Software Through the Identification of Encrypted Data Communication - A method for identifying malware or unauthorized software communications implemented within a computer infrastructure, the method including detecting an encrypted communication and determining identification data for the encrypted communication. Additionally, the method includes comparing the detected encrypted communication to at least one of a list of applications authorized for encrypted communications using the identification data and a list of authorized destinations of encrypted communications using the identification data. Furthermore, the method includes identifying the detected encrypted communication as an unauthorized encrypted communication in response to a determination that at least one of the detected encrypted communication is from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing and the detected encrypted communication is to an unauthorized destination, which is not on the list of authorized destinations.06-17-2010
20100299719Remote Verification for Configuration Updates - In various embodiments, a control client is configured to determine whether or not the most current configuration profile has been installed within a corresponding mobile device. In particular embodiments, the client is configured to store its own copy of a configuration profile and to compare its copy with the most current configuration profile generated by a device management system as well as to the configuration profile currently installed and applied by a configuration manager within the mobile device. Each configuration profile includes an embedded verification token that facilitates this process. Furthermore, the client may be configured to inform the device management system as to whether or not the current configuration profile has been installed. The device management system may govern enterprise access by the mobile device based on whether or not the current configuration profile has been installed.11-25-2010
20100205652Methods and Systems for Handling Online Request Based on Information Known to a Service Provider - Methods and systems for handling online requests based on information known to a service provider. One method may comprise: obtaining first information, the first information relating to an online request made using a communication apparatus; using a logical identifier assigned to the communication apparatus to obtain second information, the second information pertaining to a profile associated with the logical identifier; comparing the first information to the second information; and performing an action related to handling of the online request based on a result of the comparing.08-12-2010
20120124645SYSTEM ARCHITECTURE FOR DMZ EXTERNAL IP ADDRESSES - A system of a first network, which is intermediate a second network and a third network, connects a host of the second network to a host of the third network. The system includes at least one processor programmed to receive a domain name system (DNS) request for a hostname corresponding to the host of the third network from the host of the second network. An internet protocol (IP) address of the first network allocated and an IP address of the host of the third network is determined from the hostname. The allocated IP address is mapped to the determined IP address and the allocated IP address is returned to the host of the second network in response to the DNS request.05-17-2012
20100218236METHOD AND APPARATUS TO ESTABLISH ROUTES BASED ON THE TRUST SCORES OF ROUTERS WITHIN AN IP ROUTING DOMAIN - A router includes a management module and a routing module. The routing module can be used to route data around a network. The management module can be used to manage the operation of the routing module, including generating an integrity report for the router, which can be used to generate a trust report for the router. The trust report can include an integrity/trust score for the router. The management module can control the routing module via a secure control interface.08-26-2010
20100229214METHOD AND NODE FOR COMMUNICATIONS ENHANCED WITH TEMPORARY SHARING OF PERSONAL INFORMATION IN A COMMUNICATION NETWORK - A node and method for temporarily sharing personal information, in a communication network, between at least first and second nodes comprise establishing a communication session, through a session module, between the at least first and second nodes; receiving a permission to access the personal information, through a permission module; and retrieving the personal information upon receiving the access permission, through an information module. Also, prior to establishment of the communication session, the at least first and second nodes have no authorization relationship established therebetween and when the established communication session is terminated, the access permission to the personal information is also terminated.09-09-2010
20090077632PROACTIVE NETWORK ATTACK DEMAND MANAGEMENT - Various embodiments described and illustrated herein provide one or more of systems, methods, software, and firmware to handle attack generated demand proactively using distributed virtualization. One goal of some such embodiments is to provide a time window of stable operational response within which an intrusion detection system may detect an attack and/or cause a countermeasure against the attacks to be activated. Demand excursions which are not caused by an attack are supported during the variability of demand providing transparent response to legitimate users of the system. These embodiments, and others, are described in greater detail below.03-19-2009
20090077633COMMUNICATION DEVICE, COMMUNICATION METHOD, COMMUNICATION PROGRAM, ITS RECORDING MEDIUM, AND INTEGRATED CIRCUIT - It is an object of the present invention to provide technology capable of presenting information for selecting an introducer of content. A communication device is provided, the communication device sending content or content identification information to another communication device and receiving content or content identification information from another communication device, comprising: an evaluation value calculation unit 03-19-2009
20090077631ALLOWING A DEVICE ACCESS TO A NETWORK IN A TRUSTED NETWORK CONNECT ENVIRONMENT - A computer implemented method of allowing a device access to a network in a trusted network connect environment. Responsive to receiving a request from the device to access the network, a type of the device is determined. Responsive to determining the type of the device, a policy for the device is determined based on the type of the device. Responsive to determining the policy for the device based on the type of the device, determining whether an integrity of the device satisfies the policy. Responsive to determining that the device does not satisfy the policy, performing a remediation action on the device. Responsive to determining that the device satisfies the policy, allowing the device access to the network.03-19-2009
20100162359NETWORK USER USAGE PROFILING - Methods, systems, devices, and software are disclosed for generating a network usage profile. Certain embodiments of the network usage profile include a devices-by-node profile, indicating the set of customer devices available for use in communicating with a customer-side network node located at a customer side of an access network over a period of time, where some of the customer devices are not in operative communication with the customer-side network node during a portion of that time. Other embodiments associate the network usage profile with customer information to generate device-by-customer profiles. Still other embodiments associate the network usage profile with network traffic information to generate traffic-by-device profiles. Even other embodiments associate the multiple sources and types of information to generate traffic-by-customer profiles and/or traffic-by-device-by-customer profiles. Any of the profiles may then be accessed by one or more parties for use in affecting various network services, including targeting content delivery.06-24-2010
20100235883INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - A mechanism for ensuring security even when there is a possibility that an information processing apparatus capable of being operated from an external device via a network is connected to a global network. An information processing apparatus has a NIC section for connection a network, and can be remotely operated from an external device connected to the network. A CPU determines whether the network to which the NIC section is connected is a local network. If it is determined that the network to which the NIC is connected is not a local network, the CPU restrict remote operation from the external device.09-16-2010
20100154033METHOD AND NODES FOR SECURING A COMMUNICATION NETWORK - Methods for securing a communication network comprise the steps of: (in a first node) applying at least one security mechanism to a data packet; and setting a security indicator in the data packet upon application of the at least one security mechanism to the data packet; (in a second node) receiving the data packet; determining if a security indicator is present in the received data packet; applying at least one security mechanism to the received data packet upon determining that the security indicator is not present; and refraining from applying security to the received data packet upon determining that the security indicator is present. A mobile node and access node for securing the communication network, comprise respectively a security application module and a security module, and, an input for receiving a data packet; a security detector and a security application module responsive to the security detector.06-17-2010
20100242092SYSTEMS AND METHODS FOR SELECTING AN AUTHENTICATION VIRTUAL SERVER FROM A PLURALITY OF VIRTUAL SERVERS - The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server.09-23-2010
20100242093INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE FOR HIGH-AVAILABILITY APPLICATIONS - Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.09-23-2010
20100242091NETWORK VIDEO MESSAGING - Embodiments related to network video messaging are disclosed. One disclosed embodiment provides a method that comprises receiving a video message from a client application of a source client; associating a navigation link with the video message; transmitting a notification message to the recipient client including the navigation link; receiving a retrieval request from the recipient client to access the video content via the navigation link; and transmitting the video content to the recipient client responsive to receiving the retrieval request by providing a persistent download of the video content from the storage server if the download condition indicates that a persistent download of the video content is permissible; and providing a transient download of the video content to the recipient client while prohibiting a persistent download of the video content if the download condition indicates that a persistent download of the video content is not permissible.09-23-2010
20100235884Communication system and method, information processing terminal and method, and information processing device and method - The present invention relates to a communication system and method, an information processing terminal and method, and an information processing device and method which enable simple and secure restricted access. When a PDA 09-16-2010
20080209517Systems and methods for generating, managing, and displaying alarms for wireless network monitoring - The present disclosure is directed to systems and methods for generating, managing, and displaying alarms associated with monitoring a wireless network. Advantageously, the present disclosure provides one alarm per security event, and the ability to see an event in context over time and aggregate information. This results in a significant reduction in alarm volume for wireless monitoring which increases manageability and reduces storage requirements. Further, this provides better security by avoiding the “needle in the haystack” problem where you see few actionable alarms rather than being flooded by multiple copies of the same event over time. Finally, the present disclosure provides improved system scalability with large deployments by managing alarms through lesser alarm volume, and through visual representation.08-28-2008
20100211994User Management System, User Management Method, Information Recording Medium and User Management Program - In order to properly transmit a notification of prompting a user who has not logged in a network communication game or an SNS for a long time to that user, a terminal device (08-19-2010
20100242088COMPUTER SECURITY LOCK DOWN METHODS - Embodiments of the present invention extend the enforcement of computer security policies by blocking device access as well as network access. In some embodiments, communications with external devices are blocked upon discovery that some aspect of the client computing facility is out of compliance vis-à-vis a security policy.09-23-2010
20100242090USER AUTHENTICATION METHOD AND SYSTEM - A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.09-23-2010
20100242089PRIVACY CONTROL BETWEEN MOBILE AND HOME NETWORK BASE STATION - A method, a mobile system, and a home network base station are disclosed. A network operator server 09-23-2010
20100242087DISPLAY DATA TRANSMISSION DEVICE AND METHOD THEREOF - A display data transmission device includes a security level data acquisition unit configured to acquire security level data about a security level of a display device connected through a network, and a display data transmission unit configured to transmit display data created in a format corresponding to the security level data acquired by the security level data acquisition unit.09-23-2010
20100251332METHOD AND APPARATUS FOR ESTABLISHING SESSION CONNECTION FOR PREPAYMENT USER - Methods and Apparatus for implementing a prepayment service in a NGN environment are provided. At a terminal, authentication information of a user is collected at one time and stored locally, such that all the required authentication information can be extracted from a local storage device. Accordingly, at an application server, all the authentication information can be received in a single message, without need for several interactions. As such, the authentication process required for the prepayment service can be perform in one interaction, which greatly facilitates user operation, and provides improved system efficiency and reduced cost.09-30-2010
20100251330Optimized relaying of secure network entry of small base stations and access points - A method, apparatus, and computer program product, are provided to receive an authentication message initiated by a network access request to access a connectivity network. The authentication message may include a first communication protocol that is converted into at least one additional different protocol, and forwarded to an authentication function of a gateway of an access network prior to the authentication message being forwarded to the connectivity network.09-30-2010
20100235881Enabling Sharing of Mobile Communication Device - Various exemplary user interfaces, methods and computer program products describe enabling sharing of mobile communication devices. This process utilizes a shared mode for an owner of the mobile communication device to create a virtual environment for a borrower of the mobile communication device, which allows content information (e.g., certain applications and files) to be accessible and visual to the borrower. The process allows an owner of the mobile communication device to track and to manage data created or changed by the borrower. The owner may accept or reject the changes made in the content information. Furthermore, the process conceals non-shared resources to the borrower.09-16-2010
20100235882METHOD AND SYSTEM FOR USING TOKENS IN A TRANSACTION HANDLING SYSTEM - A method and system for using tokens in a transaction handling system comprising receiving at least one token transmitted from a sending device, the at least one token having a user-defined value and a plurality of data fields, locking the at least one transmitted token from a receiving device and redeeming from the receiving device the user-defined value of the locked at least one transmitted token.09-16-2010
20100211993METHOD AND APPARATUS FOR PACKET DATA SERVICE DISCOVERY - A method and device for packet data service discovery are described. A mobile device memory stores a packet data services blacklist and a historical blacklist. The packet data services blacklist identifies wireless networks that do not provide packet data services to the mobile device. The packet data services blacklist is based on previous packet data service authentication rejections, is distinct from a voice services blacklist, and is updated in response to newly received packet data service authentication information. The historical blacklist is distinct from the packet data services blacklist and the voice services blacklist. The historical blacklist identifies wireless networks that are no longer in the packet data services blacklist and were once in the packet data services blacklist within a particular time period. No advance knowledge of data services roaming agreements is required, and unnecessary network access can be avoided, which in turn saves network resources and capacity.08-19-2010
20100211992DATA SECURITY APPARATUS - A data security apparatus fragments original data into a plurality of data, blocks the fragmented data, and distributes and stores the blocked data over and in respective storage medium. The data security apparatus includes a storage having a first block, into which original data of a file is fragmented and blocked, distributed and stored, a security storage medium having a second block, into which the original data is fragmented and blocked, distributed and stored, and a distributed storage management module performing data interface among the storage, the security medium, and an operating system (OS) system, fragmenting and blocking the original data, and distributing and storing the blocked data over and in the storage and the security storage medium.08-19-2010
20100211991INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device including a flow definition memory unit configured to store flow definition information in which a process flow of image data read by an image reading unit is defined, and an authentication screen generating unit configured to determine plural processing units that execute a part of the process flow based on the flow definition information, acquire item information indicative of items of authentication information corresponding to a part or all of the plural processing units which require authentication from the part or all of the plural processing units which require the authentication, and generate authentication screen definition information used for displaying an authentication screen integrating and showing the item information.08-19-2010
20100223657METHOD AND SYSTEM FOR INCLUDING NETWORK SECURITY INFORMATION IN A FRAME - A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security.09-02-2010
20100138899AUTHENTICATION INTERMEDIARY SERVER, PROGRAM, AUTHENTICATION SYSTEM AND SELECTION METHOD - An authentication server is dynamically changed in consideration of a user's situation, a kind of service used by the user and user's convenience. When a terminal device 06-03-2010
20100251335POLICY BASED NETWORK ADDRESS TRANSLATION - A system and method is described for providing policy-based Network Address Translation (NAT) configurations wherein each user/resource policy within a network protection device may use a different set of address translation mappings.09-30-2010
20100251334TRUSTED NETWORK ACCESS CONTROL SYSTEM BASED TERNARY EQUAL IDENTIFICATION - A trusted network access control system based on ternary equal identification is provided. The system includes access requestor AR, access controller AC and policy manager PM as well as the protocol interface among them. The protocol interface between the AR and AC includes a trusted network transmission interface (IF-TNT) and IF-TNACCS interface between TNAC client and TNAC server. The protocol interface between the AC and PM includes an identification policy service interface IF-APS, evaluation policy service interface IF-EPS and a trust measurement interface IF-TM. The protocol interface between the AR and PM includes a trust measurement interface IF-TM.09-30-2010
20100251333SERVER, AUTHENTICATION SERVER, CONTENT DELIVERY SYSTEM, AND PROGRAM - A service provider server has management means which manages a user ID corresponding to a service user and a device IDs corresponding to an information processing terminals of the service user in association with each other.09-30-2010
20100205653PERFORMING INTERACTIVE CONNECTIVITY CHECKS IN A MOBILITY ENVIRONMENT - A network element, method and computer program product is enabled to perform interactive connectivity checks in a mobility environment. Specifically, a network element comprises a discovery unit configured to identify a candidate defined as a combination of an internet protocol address and a port which the network element can use to communicate with a particular other network element. The network further comprises a mobile internet protocol signaling unit configured to submit a candidate identified by the discovery unit and to receive a candidate related to the other network element, and a simple traversal underneath network address translators protocol enabled unit configured to perform a connectivity check for a pair constituted by the submitted candidate and the received candidate by using the simple traversal underneath network address translators protocol.08-12-2010
20100088746SECURE EBOOK TECHNIQUES - A computing system for delivering content includes one or more servers communicatively coupled to one or more ebooks. A given ebook may send a request for content at a specified location to a server. The request is received at the server with an identifier of the given ebook and/or user. The server determines if the ebook can access the content at the specified location based on the identifier of the ebook and/or user. If the ebook and/or user are allowed to access the content, the server streams a predetermined portion of the content to the ebook for display to a user.04-08-2010
20110113473METHOD OF ACCESSING APPLICATIONS IN A SECURE MOBILE ENVIRONMENT - A method of accessing in a mobile communication device (05-12-2011
20090276831Method for logging in to computer information processing apparatus and computer-readable information recording medium - In a method for logging in to a computer, a log-in display is carried out on a terminal unit when the terminal unit is connected to a system management apparatus. A display is carried out to urge to carry out a physical operation when a log-in starting operation is carried out to the terminal unit in response to the log-in display. An operation detection signal is sent when detecting the physical operation carried out to an operating panel. The computer enters a logged-in state when the operation detection signal is detected.11-05-2009
20100192200Control program providing method using communication system, center apparatus in communication system, user apparatus in communication system, and program recorded on recording medium in user apparatus - A method includes creating process data which constitutes at least a portion of the control program and describes the execution contents of the communication functions, and parameter data which constitutes a different portion of the control program from the process data portion and is used to describe individual setting information of user in accordance with the process data, in the center apparatus, sending the process data, and the parameter data from the center apparatus to the user apparatus via the communication network, receiving the process data and the parameter data from the center apparatus, then describing input individual setting information in the parameter data to create the control program, in the user apparatus, recording the resulting control program onto a recording medium, and reading the control program from the recording medium and setting the read control program in the communication equipment as requested by the user, in the user apparatus.07-29-2010
20090260059Method and System for Secure Management of Co-Located Customer Premises Equipment - A method, system, and apparatus for managing customer premise equipment according to one embodiment includes establishing a secure connection between a first transport unit and a second transport unit. The secure connection includes an embedded operations channel and is operable to isolate a management plane from a data plane. The method further includes the first transport unit receiving a request for access to the first transport unit from the second transport unit. The method further includes establishing a secure terminal session between the first transport unit and the second transport unit using the embedded operations channel in response to receiving the request for access. The first transport unit then receives a management command from the second transport unit and the first transport unit performs at least one management function in response to receiving the management command.10-15-2009
20090328151Program, apparatus, and method for access control - In a computer which executes an access control program, an authentication information storage unit stores authentication information. A logical volume acquiring unit acquires a logical volume associating data with storage nodes storing the data, from a predetermined database. In response to an access request to access data, a data access unit identifies a storage node to be accessed, based on the logical volume, and sends the authentication information and a command corresponding to the access request to the identified storage node.12-31-2009
20090328150Progressive Pictorial & Motion Based CAPTCHAs - A CAPTCHA system uses images/pictures and/or motion for granting access to a computing system. The images can be culled from examples used in pictorial games, and can progressively presented to increase the strength of the CAPTCHA challenges. Speech recognition, motion and touch sensing can also be employed as parts of the challenge.12-31-2009
20090328149METHOD AND SYSTEM FOR MANAGING THE ACCESS AND USE OF ELECTRONIC FORMS - A method and system is provided for authenticating electronic forms prior to download. A Form Administrator may enable authentication requirement for an End User and also select an authentication scheme. The End User will not be allowed access to an electronic form unless authenticated. The invention also includes a method and system for delivering and presenting electronic forms to an End User through a purely browser based application, without requiring the installation of additional software or browser plug-ins.12-31-2009
20090328146Method of generating authentication code in digital device - A method of generating an authentication code in a digital device is provided. An ID set in a digital device is read when it is requested to generate an authentication code. It is determined whether the authentication code previously generated based on the ID is stored in the digital device. A new authentication code is generated based on the ID and stored when the authentication code is not stored. A part of the authentication code is displayed. Only the serial number can be displayed in the authentication code. The ID is a unique and fixed value set when the digital device is produced. And, the ID is extracted from an authentication code stored in the digital device and the extracted ID is compared with the read ID so that it is determined whether the authentication code is previously generated or is not generated yet.12-31-2009
20090328145METHOD AND APPARATUS FOR MIGRATING A VIRTUAL TPM INSTANCE AND PRESERVING UNIQUENESS AND COMPLETENESS OF THE INSTANCE - A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.12-31-2009
20090276830Facilitating Protection Of A Maintenance Entity Group - According to one embodiment, maintenance points of a maintenance entity group are identified. The maintenance points comprise end points and intermediate points. A secure connectivity association set is established for the maintenance points. The following is performed for each frame of a number of frames: determining security data of the secure connectivity association set; placing the security data into a frame; and communicating the frame to a maintenance point. The maintenance point is configured to determine whether a frame is acceptable from the security data of the frame.11-05-2009
20110067089 METHOD FOR SWITCHING A MOBILE TERMINAL FROM A FIRST ACCESS ROUTER TO A SECOND ACCESS ROUTER - A method of switching a mobile terminal from a first access router to a second access router, the terminal having previously set up a secure connection with the first access router with which is associated a communication context between the terminal and the first router, said context comprising at least one identifier relating to a set of security parameters of the connection. The invention relates to a method wherein said context is transferred to the second router while the terminal is switching, the method comprising, if the at least one identifier in the transferred context is already being used by said second router, a step of the second router sending the terminal a new identifier for said set of security parameters.03-17-2011
20110067088IMAGE PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND RECORDING MEDIUM - In an image processing device which is configured to use plug-ins to provide services, a service managing part manages services, plug-ins of which are implemented. A common control part controls common processes of a requested service in response to a service execution request with respect to one of the services. A common process part performs common processes for the respective services. An individual process part performs an individual process in the common processes, the individual process being implemented as a plug-in. The common process part includes an individual-process managing part which manages the individual process associated with one of the services.03-17-2011
20110067087ORGANIZING DOCUMENTS THROUGH UTILIZATION OF PEOPLE TAGS - A method disclosed herein includes the acts of receiving a document that has a people tag assigned thereto, wherein the people tag comprises first data that is indicative of an identity of a first individual that corresponds to the document, and wherein the people tag is assigned to the document by an assignor, and accessing contact data pertaining to a second individual, wherein the contact data comprises second data that is indicative of identities of contacts of the second individual, wherein the second data comprises data that is indicative of the identity of the first individual. The method also includes comparing the contact data with the first data, and displaying the document on a computer screen in conjunction with text that identifies the first individual to the third individual, wherein the text indicates a name of the first individual as assigned to the first individual by the second individual.03-17-2011
20090254976CONDITIONAL DATA DELIVERY TO REMOTE DEVICES - In one embodiment a method comprises enrolling a mobile device in a local area network by setting a variable to a mobile device identifier and authenticating the mobile device using a network gateway and the mobile device identifier. A request for data is received from the mobile device and the data is delivered from a service provider to the mobile device.10-08-2009
20090320100HANDLING OF INTEGRITY CHECK FAILURE IN A WIRELESS COMMUNICATION SYSTEM - Handling of integrity check failure in a wireless communication system can safely send the mobile station to the idle mode upon detection of security failure. Alternatively or in addition, attempts to recover from the security failure situation can be enabled without forcing the mobile station to enter idle mode. The mobile station autonomously transitions to idle mode when the integrity check failure is detected a certain threshold number ‘X’ times during a specified period ‘Y’. Whereupon, the mobile station initiates the Radio Resource Control (RRC) connection re-establishment procedure after integrity check failure is detected. In the RRC connection re-establishment procedure, the security parameters are re-initialized to provide a possibility to recover from the failure situation.12-24-2009
20090320099Content Retrieval - Content retrieval techniques are described. In an implementation, a determination is made as to whether a client is permitted to receive content requested by the client. When the client is permitted to receive the content, a communication is formed to be communicated via a wide area network that includes a hash list having a hash of each of a plurality of blocks of the content, each hash being configured to enable the client to locate a corresponding one of the blocks of the content via a local area network.12-24-2009
20090320098HOSTED NETWORK DEVICE USER INTERFACE - A system and method of hosting a user interface of a network device are provided. A particular method includes receiving a request at a server to display a user interface of the network device, authenticating an end user device to validate an identity of a user, and communicating display information of the user interface of the network device to the end user device for display. The server hosted user interface permits monitoring and interactions with the network device by a user of the end user device.12-24-2009
20090113520Techniques for Limiting Remote Control of a Computer System - A technique for limiting remote control of a computer system includes receiving user input via an input device associated with the computer system. The user input is encoded, at the input device, using a first coding procedure to provide an encoded signal, which is communicated to an input queue of the computer system. The encoded signal is then decoded, at the input queue, using the first coding procedure to provide the user input.04-30-2009
20080282323ACCESS CONTROL APPARATUS, ACCESS CONTROL METHOD, AND ACCESS CONTROL PROGRAM - Additional information indicating photographic conditions for a received image signal is compared with additional information indicating photographic conditions for an access target image signal. If the both conditions satisfy a predetermined relationship, an access to the access target image signal is permitted.11-13-2008
20100223656TRUSTED ENTITY BASED ANTI-CHEATING MECHANISM - An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software intended to allow cheating or undesirable user behavior.09-02-2010
20080276302System and Method for Providing Data and Device Security Between External and Host Devices - A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.11-06-2008
20120144450Authentication Method in Electronic Commerce - An authentication method in electronic commerce is disclosed. The authentication method includes steps of a first side utilizing a first device to access an interactive interface, and the first side transferring a first device characteristics of the first device and a verification information to a second side for authentication.06-07-2012
20080229390Method and Apparatus for Handling Invites to a Multi-User Communication Session - A method of handling Invite messages for a multi-user communication session utilizing the IP Multimedia Subsystem to set up and control the session. Two or more access servers control user access. A first access server receives from a session-initiating user, an Invite that identifies as a potential participant, at least one user group which is owned by a second access server. The first access server sends to the second access server, an Invite that identifies the user group. The second server resolves the group identification into a set of group member identities and sends the identities in a response to the first access server. The first access server then sends Invites to at least some of the group members identified in the response.09-18-2008
20090106821CALL LIMITER FOR WEB SERVICES - Embodiments of methods, apparatuses, devices and systems associated with web services are disclosed.04-23-2009
20090037982METHOD AND SYSTEM FOR AUTHENTICATING A PARTY TO A TRANSACTION - One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message02-05-2009
20100306820CONTROL OF MESSAGE TO BE TRANSMITTED FROM AN EMITTER DOMAIN TO A RECIPIENT DOMAIN - For controlling a message to be transmitted by a sender linked to a sender domain, from a terminal connected to an emitter domain to at least one recipient linked to a recipient domain, the emitter domain requests an authentication of the sender of the message by the sender domain. In response to a first request transmitted from the emitter domain, the recipient domain transmits a second request to the sender domain that transmits it to the emitter domain if data previously transmitted from the sender domain to the emitter domain are identical to data contained in the second request. The emitter domain transmits a response to the recipient domain so that the recipient domain receives the message from the emitter domain and transmits it to a recipient having accepted the message.12-02-2010
20090070857COMMUNICATION APPARATUS - An authentication unit performs an authentication processing to obtain a permission for a physical interface including a driver to establish a connection to a network to perform a data transfer. A detecting unit detects authentication state information indicating a state of the authentication processing. Upon receiving the authentication state information from the detecting unit, a transmission control unit controls a transmission of data received from a module for performing a communication based on a protocol of an upper-level layer with respect to a data link layer to an external device based on the state of the authentication processing.03-12-2009
20130133033Behavioral fingerprint controlled automatic task determination - A computationally implemented method includes, but is not limited to: determining a behavioral fingerprint associated with a network-accessible user, the behavioral fingerprint providing a current status of the network-accessible user; and controlling one or more devices automatically as a function of the determined behavioral fingerprint and a direction received from the network-accessible user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.05-23-2013
20130133034SYSTEMS AND METHODS FOR CREATING A TRUST INDEX WITH RESPECT TO ONLINE IDENTITIES - A user verification engine that will verify trust worthiness (trust-level) of individuals and through that trust-level of content they produce online is disclosed herein.05-23-2013
20130133035SYSTEM AND METHOD FOR MUTUAL AUTHENTICATION - A control unit for controlling a card reader. The control unit includes an authentication management unit for transmitting/receiving information to/from a host and each of a first encryption magnetic head device and a second encryption magnetic head device to mutually authenticate each other. The authentication management unit includes (1) a commanding means for commanding one of the first encryption magnetic head device and the second encryption magnetic head device to create lower-level information for authentication, according to a request on authentication from the host, (2) a sharing means for transmitting the lower-level information for authentication received from the above-mentioned one device to the other device for the purpose of sharing it and (3) a transmission means for transmitting the lower-level information for authentication, having been shared in all of the first encryption magnetic head device and the second encryption magnetic head device, to the host.05-23-2013
20100306822Communication System, Line Providing Apparatus And Communication Method - A line providing apparatus has an acceptance processor accepting a line use request from the terminal apparatus, a contract determiner determines a state of conclusion of a first contract, a second contract or a combined contract obtained by substantially combining the first contract and the second contract at the terminal apparatus which is a source of the line use request accepted by the acceptance processor, and an assistance processor performing an assisting process for conclusion of a contract found not to be concluded according to a result of determination on the state of conclusion of the first contract, the second contract or the combined contract by the contract determiner, whereby the user of the terminal apparatus which does not yet conclude can sign the contract for the communication service or the information providing service through the terminal apparatus.12-02-2010
20100306821ACCOUNT-RECOVERY TECHNIQUE - Embodiments of a computer system, a method, and a computer-program product (e.g., software) for use with the computer system are described. These embodiments may be used to evaluate a user request to regain control of an online account. For example, the user request may be submitted online using a web page, and may include information that establishes the user's identity or that substantiates that the user is the owner of the online account, such as a history of recent activities associated with the online account. This information may be evaluated by comparing it to stored information associated with the online account, such as a stored history of recent activities or one or more locations of a registered user when the registered user previously accessed the online account. After evaluating the user request, remedial action may be performed.12-02-2010
20130139219METHOD OF FENCING IN A CLUSTER SYSTEM - A method of fencing in a cluster system including network devices and a management network device is disclosed. Each network device may run an application program and comprises a fence device. A first network device receives a fence operation command from the management network device. The fence operation command contains information of a target network device and information of a target application. The first network device may determine a fence device on the first network device that corresponds to the fence operation command and activates the determined fence device such that the fence device performs a fence operation on the target application program according to the fence operation command.05-30-2013
20100325695CONTENT DELIVERY SERVER, CONTENT PROVIDING SERVER, CONTENT DELIVERY SYSTEM, CONTENT DELIVERY METHOD, CONTENT PROVIDING METHOD, TERMINAL DEVICE, CONTROL PROGRAM, AND COMPUTER-READABLE STORAGE MEDIUM - A foreign gateway (FGW) (12-23-2010
20100325697MULTILAYER ACCESS CONTROL SECURITY SYSTEM - A computer-based system provides secure, configurable access to computer network resources. A human-readable language is provided for defining access policy rules. Rules in this language are converted in an automated fashion into filters applied within the various subsystems and components in a multi-layer security system. Network users are authenticated by an access control security system that obtains basic information about that user. Based on the user ID, a set of abstract policies can be retrieved. The retrieved policies are associated with the user and the groups associated with that user. Based on the retrieved rules, a set of rules for multiple layers of the network are generated and applied to those subsystems. Two or more of the subsystems may be placed in series with different types of processing occurring in each of the subsystems, reducing the workload of subsequent subsystems.12-23-2010
20100333176Enabling Dynamic Authentication With Different Protocols on the Same Port for a Switch - The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.12-30-2010
20100333174METHOD AND APPARATUS FOR SOFTWARE DOWNLOADS IN A NETWORK - Files associated with the operation of gateway and client devices in a network may be downloaded with minimal operator intervention. Accordingly, a method includes receiving data including a first file, a first authentication element, and a second authentication element, the first authentication element being unique to a client device associated with the gateway device. The method also includes determining if the second authentication element is valid for the gateway device and storing the first authentication element and the second file for the client device if the second authentication element is valid for the gateway device. An apparatus includes a receiver that receives data, a processor that determines if the second authentication element is valid for the gateway device, and a memory that stores the first authentication element and a portion of the data for the client device if the second authentication element is valid for the gateway device.12-30-2010
20110030032SECURE DHCP PROCESSING FOR LAYER TWO ACCESS NETWORKS - In general, this disclosure describes network security techniques that may accommodate legitimate movement of a subscriber device while preventing MAC collisions that may result from configuration errors or MAC spoofing attempts. MAC spoofing may result in packets directed to one subscriber device being sent instead to another subscriber device. By modifying an access node or a Dynamic Host Configuration Protocol (DHCP) server to allow only authorized subscriber devices on the access network, layer two collisions (“MAC collisions”) may be prevented.02-03-2011
20090019526ELECTRONIC CONFERENCE SERVER APPARATUS AND ELECTRONIC CONFERENCE SYSTEM - An electronic conference server apparatus is provided, which carries out proper access management over electronic data used at an electronic conference in accordance with an access authority of each participant in the electronic conference. A folder making portion makes a folder for each participant in the electronic conference, the folder being accessible only by the participant, in a participant data recording portion, and copies electronic data limited in access in accordance with an access authority level set for the participant, to the made folder. An access managing portion permits a participant's access to a folder that is made for the participant, but denies other participants' access to the folder.01-15-2009
20110035786Preventing A Non-Head End Based Service Provider from Sending Media to a Media Processing System - Systems and methods that prevent unauthorized access in a communications network are provided. In one embodiment, a system that prevents unauthorized access to a network device may include, for example, a network device and a headend. The headend may be coupled to a communications network. The network device may be deployed in a home environment and may be communicatively coupled to the communications network via the headend. The headend may be adapted, for example, to determine whether a request to access the network device is authorized.02-10-2011
20110041159EXECUTING COMMANDS ON DEVICES THROUGH PRESENCE APPLICATIONS - Presence applications running on different devices are used to access and command devices through a communications server. A communication channel is established between at least two instances of a presence application that are running on different devices. A device that is associated with an instance of a presence application is remotely commanded by a received message from the communications server from another instance of the presence application on a different device.02-17-2011
20110113472Integrated Virtual Desktop and Security Management System - An integrated virtual desktop and security management system provides the virtual desktop server functionality and, more importantly, security management for computing devices and servers in the corporate data network. The computing devices include computers running virtual desktop client software and computers running a complete operating system and applications. The system in this invention can intercept data packets exchanged among the computing devices and servers and also can scrutinize virtual machine computing and networking activities, and therefore, possess the capability of analyzing, logging, reporting, and permitting or denying computing and networking activities of devices in the corporate data network.05-12-2011
20090064280FRAMEWORK FOR DELEGATING ROLES IN HUMAN RESOURCES ERP SYSTEMS - Embodiments presented herein provide transaction delegation systems and methods that allow a delegator to select any user to act as a proxy on that manager's behalf with respect to certain transactions. In embodiments, a manager is able to select different users to manage different transactions. A user can accept a proxy request and obtain the necessary security access when the delegation is active. Thus, the proxy user is able to approve and/or initiate the selected transactions even if the security for those transactions is higher than what the proxy user would normally have. In embodiments, an administrator is able to configure the delegations and can ensure that the delegated authority is revoked when the delegated authority expires.03-05-2009
20110119734ACCESS CONTROL IN A SECURED FACILITY - In one embodiment, a system processes access decisions for individuals where the system includes a portable handheld housing for the processor, display, internal memory, and card reader of the system. The system further includes software comprising: code for downloading, in a first mode of operation through the wireless communication circuitry, to the internal memory, access rights information from a distribution server, the access rights information, for multiple users, independently originating and being cryptographically authenticated from multiple sources, the access rights information revocation data that is specific to respective identified individual users; code for reading and processing identity information and access rights information from a portable memory card via the reader in a second mode of operation, the identify information comprising first and last name information pertaining to a specific user and employer organization information of the specific user, the code for reading and processing cryptographically authenticating information.05-19-2011
20110119735APPARATUS AND SYSTEM EFFECTIVELY USING A PLURALITY OF AUTHENTICATION SERVERS - An authentication system and apparatus having an authentication process distributing function for individually setting an authenticating method and an authentication server on a port unit basis of a network apparatus and selecting an authentication processing unit which authenticates every port are provided. More specifically speaking, there is provided a packet transfer apparatus or system having: a plurality of connecting ports; a plurality of authentication processing units for authenticating apparatuses connected through the connecting ports; and an authentication process distributing unit for selecting the authentication processing unit to be authenticated every connecting port, wherein any one of the plurality of authentication processing units is made to correspond to each of the plurality of connecting ports, and when a packet is received from the apparatus connected to one of the connecting ports, the authentication process distributing unit selects the authentication processing unit which was made to correspond to the connecting port to which the apparatus to which the packet was transmitted has been connected and allows an authenticating process of the packet-transmitted apparatus to be executed.05-19-2011
20110119736APPARATUS AND METHOD FOR PREVENTING CHARGE CAUSED BY UTILIZING APPLICATION IN PORTABLE TERMINAL - An apparatus and method for determining a function that causes a charging problem and a personal information leakage problem when executing an application are provided. The apparatus includes an application configuration unit for determining and storing function information of the application that performs a network connection, and for providing a network connection function item of the application selected by a user based on the pre-stored function information.05-19-2011
20110131631COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM - There is provided a communication device, which includes a physical layer which performs close-range one-to-one communication with a device B through electric field coupling or magnetic field coupling, an authentication information changing unit which dynamically changes device information for mutual authentication according to a type of data selected on an application, a protocol selection unit which selects one protocol that can be utilized by the communication device and the device B, a start information transmission unit which transmits the device information and information showing the selected protocol to the device B in order to make the device B start an application corresponding to the type of data and the selected protocol, and a protocol conversion unit which converts a protocol utilized by the application into a protocol utilized by the physical layer in order to transfer data between the applications of the communication device and the device B.06-02-2011
20110214159COMPUTER SYSTEM - Provided is a computer system capable of ensuring sufficient security even when a computer resource of a server is dynamically allocated to a thin client. This computer system includes a plurality of computer resources for providing an arithmetic processing result to a thin client, a management device for deciding a prescribed computer resource from the plurality of computer resources according to a request from the thin client and allocating the decided computer resource to the thin client, and a coupling controller for restricting the thin client from coupling to a computer resource other than the decided prescribed computer resource.09-01-2011
20110093922Portable Computing Device For Wireless Communications And Method Of Operation - In one embodiment of the present invention, a portable computing device for wireless communications comprises a first network interface for communicating with a public wireless wide area network (WWAN), a second network interface for communicating with a private wireless local area network (WLAN), and a processor executing under control of software instructions, the software instructions defining a gateway protocol, the gateway protocol establishing the portable computing device as an access point within the private WLAN after the wireless presence on the public WWAN is established.04-21-2011
20110214160Method for Increasing Security in a Passive Optical Network - A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code. The method may further include, at the OLT: receiving the second authentication message; calculating a second authentication code by using the first random number and a secret code stored at the OLT; and authenticating the optical termination device if the first authentication code matches the second authentication code.09-01-2011
20090328147EAP BASED CAPABILITY NEGOTIATION AND FACILITATION FOR TUNNELING EAP METHODS - Capability negotiation during a PEAP transaction between two end points in a network is performed by initiating EAP capability negotiation methods. A first end point that desires to use a specific capability during a PEAP transaction initiates capability negotiation method requesting the specific capability. Upon receiving the request for the specific capability, a second end point performs the desired capability if an outer method employed in the PEAP transaction supports the specific capability. If the outer method does not support the desired capability, the receiver responds to the first end point with a negative acknowledgment. In other embodiments, if the outer method does not support the desired capability, the desired capability may still be performed if it is supported by an inner method. In such instances, an inner wrapper method is employed in the PEAP transaction to maintain and perform the capability.12-31-2009
20090100504Methods and Apparatus for Adaptively Determining Trust in Client-Server Environments - Techniques are disclosed for adaptively determining trust in client-server environments. By way of example, a method for assigning a trust level to a client in a client-server environment including at least one client communicating with a plurality of servers includes the following steps. Information associated with a server s04-16-2009
20090313680MOBILE NETWORK MANAGING APPARATUS AND MOBILE INFORMATION MANAGING APPARATUS FOR CONTROLLING ACCESS REQUESTS - Disclosed is a technique capable of proper execution of access control based on various security policies set by a home user with regards to a packet sent from a visitor node. According to the technique, a MR (Mobile Router) 12-17-2009
20110093921MULTI-FUNCTIONAL PERIPHERAL AND MULTI-FUNCTIONAL PERIPHERAL CONTROL SYSTEM - This invention provides a multi-functional peripheral and a multi-functional peripheral control system that manage a total number of output sheets of a user strictly and accurately even when an authentication server of a multi-functional peripheral is not able to perform authentication due to network failure or the like and authentication and output limitation are performed in the multi-functional peripheral. When the number of outputtable sheets registered in a user information management table is not 0, the multi-functional peripheral executes a copy job. When the number of copy outputtable sheets becomes 0, or when copy output of all pages is completed, the number of output sheets is deducted from the number of copy outputtable sheets registered in the user information management table, and thereby the user information management table is updated. Then, when connection to the authentication server is restored, the authentication server updates a user information management DB.04-21-2011
20110093919Method and Apparatus for Determining an Authentication Procedure - A server for managing the authentication of clients that are subscribers of a home domain within which the server is located, the server comprising means for determining whether a client that is attached to a visited domain is to be authenticated by the home domain or by said visited domain, and for signalling the result to said visited domain.04-21-2011
20110093920System and Method for Device Authentication with Built-In Tolerance - A system for building tolerance into authentication of a computing device includes a means for executing, from a computer-readable medium, computer-implementable steps of: (a) receiving and storing a first digital fingerprint of the device during a first boot of an authenticating software on the device, the first digital fingerprint based on a first set of device components, (b) receiving a second digital fingerprint from the device at a subsequent time, (c) comparing the second digital fingerprint with a plurality of stored digital fingerprints of known devices, (d) in response to the comparison indicating a mismatch between the second digital fingerprint and the plurality of stored digital fingerprints, generating a request code comprising instructions for the device to generate a third digital fingerprint using the first set of device components, (e) sending the request code to the remote device, (f) receiving the third digital fingerprint from the remote device in response to the request code, and (g) authenticating the device based on a comparison of the first and third digital fingerprints.04-21-2011
20090031398ROLE DETERMINATION FOR MESHED NODE AUTHENTICATION - Techniques are provided for determining respective roles of a first meshed node (MN) and a second MN during an authentication process. The first MN and the second MN determine whether at least one of the first MN and the second MN have a secure connection to an authentication server. When the first MN and the second MN each have a secure connection to the authentication server, the first MN and the second MN determine whether a first authentication message forwarding cost (AMFC) associated with the first MN is the same as a second AMFC associated with the second MN. When the first AMFC associated with the first MN is the different than the second AMFC associated with the second MN, the MN having the lower AMFC to an IAP (coupled to the authentication server) assumes the authenticator role, and the other MN having the higher AMFC assumes the supplicant role.01-29-2009
20090031399Method and Apparatus for Content Based Authentication for Network Access - A method and apparatus are provided for authenticating the contents of a device requesting access to a first network, such as an enterprise network. If a device has connected to at least one other network then the content of the device is evaluated prior to obtaining access. The scope of the content evaluation may be based, for example, on properties of the other network or on one or more defined content authentication rules. If a device attempts to access a network, the content of the device is evaluated and the device may be restricted to accessing only one or more restoration services if the content fails to satisfy one or more predefined criteria, such as a content item that is out of date or a determination that the device connected to one or more external networks. The restoration service(s) can update a content item that is out of date, reinstall one or more programs or return configuration settings to default values.01-29-2009
20100037297Method and System for Deterring Product Counterfeiting, Diversion and Piracy - A method and system for authenticating goods and thereby detecting and deterring counterfeits are disclosed. According to one aspect of the invention, a client utilizes data received from a host to generate a plurality of security codes and to direct a printing device to print the plurality of security codes on a plurality of products, without retaining the plurality of security codes after the printing device has printed the plurality of security codes on the plurality of products. After the security codes have been printed, a person can communicate the security code to the host, which can verify its authenticity.02-11-2010
20100037295METHOD AND SYSTEM FOR EXCHANGING SECURITY SITUATION INFORMATION BETWEEN MOBILE TERMINALS - In a method for exchanging security situation information between mobile terminals, each of which is connected to a wired/wireless network, security profiles are exchanged between two mobile terminals between which a connection is to be established. The security profiles include security situation information of the mobile terminals, and, each mobile terminal performs a validity check on the received security profile to determine whether security situation of the opponent mobile terminal is trustworthy or not. The connection is established only when the security situations of both mobile terminals are trustworthy.02-11-2010
20090049519TERMINAL AND ACCESS POINT FINDING METHOD FOR COMMUNICATING WITH STEALTH ACCESS POINT - There is provided a terminal that is capable of not sending a useless probe request to detect a stealth access point. The terminal communicates with a normal access point that reports a network identifier and a stealth access point that does not report a network identifier. The terminal includes an access point information accumulating section 02-19-2009
20090328148METHOD OF TRUST MANAGEMENT IN WIRELESS SENSOR NETWORKS - The present invention relates to Group-based trust management scheme (GTMS) of wireless sensor networks. GTMS evaluates the trust of a group of sensor nodes in contrast to traditional trust management schemes that always focused on trust values of individual nodes. This approach gives us the benefit of requiring less memory to store trust records at each sensor node in the network. It uses the clustering attributes of wireless sensor networks that drastically reduce the cost associated with trust evaluation of distant nodes. Uniquely it provides not only a mechanism to detect malicious or faulty nodes, but also provides some degree of a prevention mechanism.12-31-2009
20090307749APPARATUS AND METHOD FOR INTELLECTUAL PROPERTY MANAGEMENT AND PROTECTION - Provided is an apparatus and method for intellectual property management and protection (IPMP). The present research provides an interface for confirming IPMP tools and exchanging information and an interface for managing a domain. The IPMP apparatus using a tool for managing and protecting intellectual property of contents and the other tool interacting with the first tool, includes: a tool information extraction unit for detecting information of the second tool based on a request of the first tool; and a tool reference unit for detecting a location of’ the second tool based on a request of the first tool and the extracted information of the second tool. The present research is applied to an IPMP apparatus.12-10-2009
20100031318DISTRIBUTED DEVICE REVOCATION - In a distributed revocation method, it is individually decided at each of a plurality of autonomous device nodes of a distributed network whether a suspect autonomous device node or suspect distributed key of the distributed network should be removed from the distributed network. A voting session is conducted at which the individual decisions of the plurality of autonomous device nodes are combined to decide whether the suspect autonomous device node or suspect distributed key should be removed from the distributed network. The suspect autonomous device node or suspect distributed key is removed from the distributed network responsive to the voting session deciding in favor of removal.02-04-2010
20090044251MEETING SYSTEM INCLUDING DISPLAY DEVICE AND DATA PROCESSING APPARATUS CONNECTED THERETO, DATA PROCESSING APPARATUS CONNECTED TO DISPLAY DEVICE, DATA OUTPUT METHOD, AND DATA OUTPUT PROGRAM - In order to prevent leakage of confidential data, a meeting system includes a MFP and a projector. The MFP includes a data obtaining portion to obtain data, a participant information obtaining portion to obtain user identification information as participant information, an access permission determination portion and an output permission determination portion to determine whether or not a user identified by the participant information can access the obtained data, to determine that the obtained data can be output if the determination result shows that all the meeting participants can access the obtained data, and to determine that the obtained data cannot be output if any one of the meeting participants cannot access the obtained data, and an output portion to output data on condition that it is determined by the output permission determination portion that data can be output. The display device displays an image based on the data output from the data processing apparatus.02-12-2009
20100077455INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM - This invention has as its object to attain strong security and to implement network solutions with high convenience and simplicity with low cost upon providing Web services. To this end, an information processing apparatus according to this invention has the following arrangement. That is, an information processing apparatus (03-25-2010
20100037296Client Authentication And Data Management System - Methods and systems for performing an authenticated boot (02-11-2010
20090217355Method and Apparatus For Providing Network Security Using Role-Based Access Control - A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.08-27-2009
20090217354CONTROLLING ACCESS OF A CLIENT SYSTEM TO ACCESS PROTECTED REMOTE RESOURCES SUPPORTING RELATIVE URLS - A response can be received from an access protected remote resource in response to a client request to the access protected remote resource. The access protected remote resource is configured in such a way that the client system is not allowed to directly access the access protected remote resource but all client requests are rerouted via the web application which is authorized to access the access protected remote resource. All references that are defined by absolute URLS and point to access protected remote resources can be identified within responses. A rewritten URL replaces each original URL of the identified reference to an access protected remote resource. Generation of the rewritten URL can occur by splitting the original URL into a base part and a resource part, by generating an authentication identifier by applying an authentication method to at least the base part, and by concatenating the URL of the web application, the base part, authentication identifier, and resource part. The original URL of the references contained in the response can be replaced by the rewritten URL including the authentication identifier. The response including rewritten URL and authentication identifier can be sent to the client system. When the client system triggers said rewritten URL, the web application extracts the base part and authentication identifier from the URL and verifies the authentication identifier by applying the same authentication method on the base part in order to ensure that the base part has not been changed. Only if the authentication identifier is verified correctly, the web application builds the full resource URL from the rewritten URL and returns the respective resource to the client system.08-27-2009
20090217353METHOD, SYSTEM AND DEVICE FOR NETWORK ACCESS CONTROL SUPPORTING QUARANTINE MODE - This invention discloses a network access control method supporting quarantine mode. Access devices can identify access control strategies identifications of which are returned from the AAA server during identity authentication processes. When the security policy server needs to assign an access control strategy to the access device for the terminal, the AAA server puts the identification of the required access control strategy into the identity authentication response to be sent to the access device, and then the access device recognizes and applies the access control strategy. Thus access devices from any vendors can cooperate with the security policy server in quarantine mode. This invention also discloses a network access control system supporting quarantine mode, and the system consists at least of a security policy server, an AAA server, and some user terminals.08-27-2009
20090217352Web managed multimedia asset management method and system - A system for multimedia asset management includes: multimedia assets stored in storage locations, the assets containing collections of associated multimedia files and metadata; a web portal in communications with the storage locations and configured to provide a user access to the assets; a search engine accessible to the user through the web portal and configured, responsive to a user search query, to search for assets based on asset metadata and provide corresponding search results to the user. The web portal is configured: responsive to a user's selection of a selected asset located by the search engine, to provide the user access to the selected asset; and to automatically determine how the asset is presented to the user based, at least in part, on the nature of the user's connection to the storage location storing the selected asset and on an available application on the user's client machine.08-27-2009
20090217350DYNAMIC INTERNET ADDRESS ASSIGNMENT BASED ON USER IDENTITY AND POLICY COMPLIANCE - In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client.08-27-2009
20100058441Information processing limitation system and information processing limitation device - This information processing limitation system includes an information processing server computer 03-04-2010
20100064346Method and Arrangement for Providing a Wireless Mesh Network - The invention relates to a method for providing a wireless local network, wherein stationary communication devices and mobile communication devices are connected in the manner of a mesh as the sub-network, which is particularly connected to an infrastructure network and configured such that it can exchange authentication messages with at least one communication device, which is particularly disposed in the infrastructure network and provides an authentication function. During an attempt to establish a first link by a first communication device connected to a communication device providing the authentication function to a second communication device connected to the communication device providing the authentication function, an authenticator role to be assigned as part of an authentication process is associated with the first and second communication devices, wherein at least one property correlating with the connection is analyzed for meeting a criterion. The invention further relates to an arrangement comprising means for carrying out the method.03-11-2010
20100077454TRUSTED NETWORK CONNECT METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) method based on tri-element peer authentication is provided, which includes the following steps. Platform integrity information is prepared in advance. An integrity verification requirement is predefined. A network access requestor initiates an access request to a network access controller. The network access controller starts a mutual user authentication process, and performs a tri-element peer authentication protocol with a user authentication serving unit. After the mutual user authentication is successful, a TNC client, a TNC server, and a platform evaluation serving unit implement platform integrity evaluation by using a tri-element peer authentication method. The network access requestor and the network access controller control ports according to recommendations received respectively, so as to implement mutual access control between the access requestor and the access controller. Thus, the technical problems in the prior art of poor extensibility, complex key agreement process, low security, and that platform integrity evaluation is not peer-to-peer are solved by the present invention. Through the method of the present invention, key management and integrity verification mechanisms of the TNC are simplified, and the range of applicability of the TNC is expanded.03-25-2010
20100077453Wireless System and Method for Managing Logical Documents - A system and method is provided for managing logical documents using a wireless mobile device. The wireless mobile device, which may be a wireless handset, connects to the management system through a wireless communication network such as a public telecommunications provider network. The network has other devices, such as computers, servers, data appliances, or other wireless devices. Selected logical documents from the network devices are associated with the wireless mobile device, and the selected logical documents are targeted to be stored, copied, distributed, or backed up to the wireless mobile device. In a similar manner, logical documents originating on the wireless mobile device may be targeted to be stored, copied, distributed, or backed up on selected network devices. A logical document may be, for example, an XML document, a file, a set of files, a disk drive, or the files on a device.03-25-2010
20100077452Wireless System and Method for Managing Logical Documents - A system and method is provided for managing logical documents using a wireless mobile device. The wireless mobile device, which may be a wireless handset, connects to the management system through a wireless communication network such as a public telecommunications provider network. The network has other devices, such as computers, servers, data appliances, or other wireless devices. Selected logical documents from the network devices are associated with the wireless mobile device, and the selected logical documents are targeted to be stored, copied, distributed, or backed up to the wireless mobile device. In a similar manner, logical documents originating on the wireless mobile device may be targeted to be stored, copied, distributed, or backed up on selected network devices. A logical document may be, for example, an XML document, a file, a set of files, a disk drive, or the files on a device.03-25-2010
20100064344Method and device for updating a key - A method for updating a key includes: assigning, by a network, a stipulated specific value to an authentication management field AMF and generating a corresponding authentication tuple, and sending corresponding parameters in the authentication tuple to the terminal when an authentication request is initiated to the terminal, and generating a new authentication key for use in the next authentication; generating, by the terminal, a new authentication key corresponding to the network for use in the next authentication, when the corresponding parameters are received and it is determined that the authentication for the network is passed and the authentication management field in the corresponding parameters is with the predetermined value. According to the method for updating the key according to the invention, the key may be updated conveniently without adding to or modifying the existing signaling resources or the authentication parameters, so that network security may be improved.03-11-2010
20100064345Continual Peer Authentication - A method for orchestrating peer authentication during a call (e.g., a telephone call, a conference call between three or more parties, an instant messaging [IM] chat session, etc.) is disclosed. In particular, a user is first authenticated in order to participate in a call (e.g., via entering a password, etc.), and subsequently during the call the user may be peer authenticated. In accordance with the illustrative embodiment, a user who participates in a call might be prompted to authenticate another user on the call based on particular events or user behavior during the call.03-11-2010
20100058442METHOD AND SYSTEM FOR ENFORCING SECURITY POLICES IN MANETS - A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusting at least one second network node, distinct from said first network node, with the control of the enforcement of the security policies by the first network node.03-04-2010
20100058440INTERACTION WITH DESKTOP AND ONLINE CORPUS - A method is disclosed that includes gaining authenticated access to at least one of a restricted network device and a restricted online webpage with an authenticator integrated with a content crawler, wherein the authenticator is configured to obtain authentication data from a user for access to the at least one of the restricted network device and the restricted online webpage; indexing personal content of the at least one of the restricted network device and the restricted online webpage in a database; and enabling the user to search the indexed database based on a search query.03-04-2010
20110154437NETWORK COMPONENT SECURITY SYSTEM - A method and system for controlling access to a network is disclosed. This is done by identifying a component attached to the network, determining whether the identified component requires special access to the network and providing an indication when the identified component is identified as requiring special access to the network and fails to satisfy a criterion for such special access.06-23-2011
20110154439SECURE APPLICATION NETWORK - Systems and methods are provided for a secure application network according to one or more embodiments. In one embodiment, a system for a secure application network comprises a service provider server adapted to interact with an application development server and a client device over a network, wherein the service provider server is adapted to implement the secure application network system. The system also comprises one or more processors and one or more memories adapted to store a plurality of machine-readable instructions which when executed by the one or more processors are adapted to cause the secure application network system to: maintain a plurality of records associated with at least one application developer using the application development server; authenticate the at least one application developer based on the plurality of records; and enable the at least one authenticated application developer to create and/or deploy one or more applications operable on the client device to be downloaded by a user of the client device from the secure application network system.06-23-2011
20110083162METHOD AND APPARATUS FOR PROVIDING CONTEXT ACCESS WITH PROPERTY AND INTERFACE OBFUSCATION - An apparatus for enabling provision of context access with property or interface obfuscation may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured, with the processor, to cause the apparatus to perform at least receiving, from an application, a request for access to property information corresponding to a provider node in which the access is provided via a delivery context client interface based context model, determining access rights associated with the application based on a classification of the application, enabling masking of a portion of information associated with the access rights in response to the classification of the application defining a corresponding subclass restriction, and enabling access to the property via the context model based on the access rights associated with the application and subject to the masking. A corresponding method and computer program product are also provided.04-07-2011
20100077450PROVIDING SIMPLIFIED INTERNET ACCESS - Aspects of the subject matter described herein relate to providing simplified network access. In aspects, a network access device that controls access to a network is configured to allow communications with a set of specified hosts regardless of whether the requesting user has paid for or authorized payment for the network usage. The user may communicate with such hosts without further configuration, providing payment or other information to the network access device, or the like. If the user attempts to access other hosts, the network access device ensures that the user is authorized (e.g., has paid for, belongs to a partner organization, etc.) before granting the access.03-25-2010
20110252457SYSTEM AND METHOD FOR INTERMEDIATING BETWEEN SUBSCRIBER DEVICES AND COMMUNICATION SERVICE PROVIDERS - A system and method are disclosed which may include receiving an activation request from a first subscriber device at a communication convergence platform; identifying a service provider associated the first subscriber device; composing a service activation request compatible with a communication protocol for the identified service provider; and transmitting the service activation request from the platform to the identified service provider.10-13-2011
20110107397System, Method and Computer Program Product for Securing Legal Documents - A system, method and computer program product for securing legal documents includes connecting to a server for exchanging at least one document with a contracting party. Identities of contracting parties and ownership of the at least one document are authenticated by the server. The at least one document is exchanged with the contracting party for conducting a business transaction. The at least one document is communicated through the server and content of the at least one document is stored as read-only in a secured data bank along with at least a date and time of the exchange and locations and identities of contracting parties engaged in the business transaction.05-05-2011
20110154442SECURITY CONTROL SYSTEM AND METHOD FOR PERSONAL COMMUNICATION TERMINALS - A security control system for personal communication terminals includes: a terminal registration agent for registering information on a personal communication terminal of a worker or visitor present within a security area into a terminal security control server and a zone notification node for providing the information of the personal communication terminal that has entered a control zone covered by the zone notification node in the security area when the personal communication terminal moves to the control zone. The system further includes the terminal security control server for installing a security control software module in the personal communication terminal, configuring computing resources and components permitted within the control zone based on a security control policy and zone information, and providing the configured computing resources and components to the personal communication terminal.06-23-2011
20120304255Systems and Methods for Authenticating Mobile Device Communications - Embodiments of the invention provide systems and methods for authenticating mobile device communications. A mobile device to which a message will be communicated may be identified. Based upon a shared secret between a service provider and the mobile device, a payload authentication code (“PAC”) may be generated, and the generated PAC may be associated with a payload for the message. The message and the generated PAC may then be communicated to the mobile device, and the mobile device may be configured to utilize the shared secret to verify the PAC and authenticate the message. In certain embodiments, the operations of the method may be performed by one or more computers associated with the service provider.11-29-2012
20110088078Authentication Failure in a Wireless Local Area Network - In the event of an authentication process failure, a mobile station bans a connection profile storing the credentials provided by the mobile station when initiating the failed authentication process, thus affecting how subsequent scans—other than discovery scans—and connection attempts are handled. In the event of an authentication process failure, a mobile station bans or suppresses an access point with which the mobile station initiated the failed authentication process. The mobile station refrains from transmitting any communications addressed to the unique identifier of any banned access point. The mobile station may ignore any communications received from a banned access point. Suppressed access points are occasionally not made available to the mobile station for selection as a target for a connection attempt.04-14-2011
20110078764TIGHT COUPLING SIGNALING CONNECTION MANAGEMENT FOR COUPLING A WIRELESS NETWORK WITH A CELLULAR NETWORK - A method for communicating between a cellular system and a client terminal such as a mobile terminal by way of a standard wireless LAN and the Internet allows data communications to traverse the core of the cellular network, thereby allowing monitoring of the time and volume usage by the subscriber for billing purposes. The mobile terminal has a communication protocol for communicating with the wireless LAN, over which is a EAP/EAPOL protocol. A Radio Adaptation Layer protocol overlies the EAP/EAPOL protocol. At the cellular system, a Serving GPRS Support Node establishes initial control contact with the mobile terminal by way of EAP/EAPOL. During authentication, the Support Node gives the mobile terminal parameters for an alternative tunnel connection. Once authorization is complete, the mobile terminal closes the EAP/EAPOL connection and opens a new connection tunnel to the Support Node using the parameters.03-31-2011
20130014217Adapting Extensible Authentication Protocol for Layer 3 Mesh Networks - Techniques are provided for adaptive routing of authentication packets in a network, such as a wireless mesh network. At an authenticated device in the network, an authentication packet is received over the network from a device that is seeking authentication. The authentication packet is encapsulated for transmission in Layer 3 packets over an Internet Protocol (IP) tunnel to an authenticator device associated in the network. Similarly, for an authentication packet encapsulated in Layer 3 packets from the authenticator device over the IP tunnel, the authentication packet is decapsulated from the Layer 3 packets and transmitted over the network to the device seeking authentication.01-10-2013
20110078762MOBILE OR USER DEVICE AUTHENTICATION AND TRACKING - A system and method, according to one or more embodiments, includes a server computing device configured to communicate with a network-based device via a network; a visitor identification, in which the system generates the visitor identification and the visitor identification corresponds to a piece of information that is unique to the network-based device; a mapping for which the system adds the generated visitor identification to the mapping so that the visitor identification uniquely identifies the network-based device from all other network-based devices in communication with the server computing device; and a database in which the system tracks the visitor identification among a plurality of visitor identifications in the database.03-31-2011
20110078766SYSTEM AND METHOD FOR BOOKMARKING AND TAGGING A CONTENT ITEM - The present invention is directed towards systems and methods for saving and tagging a content item available on a computer network, including saving and bookmarking a reference to a content item. According to one embodiment of a method according to the present invention, a user navigates to a content item and selects a control to save a bookmark to the content item. A bookmarking and tagging server receives one or more items of tag information that are related to the bookmarked content item, which are saved in conjunction with the one or more items of tag information.03-31-2011
20110078765SYSTEM AND METHOD FOR ESTABLISHING HISTORICAL USAGE-BASED HARDWARE TRUST - Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.03-31-2011
20110078763Immobilization module for security on a communication system - Example embodiments are directed to a method of controlling a self-sufficient network system to prevent unauthorized use of the self-sufficient network. The method includes receiving an activation request from the self-sufficient network system and authenticating the self-sufficient network system based on the activation request. The self-sufficient network system is functional if the activation request is valid and the self-sufficient network system has reduced functionality if the activation request is not valid.03-31-2011
20110078761METHOD AND APPARATUS FOR EMBEDDING REQUESTS FOR CONTENT IN FEEDS - An approach is provided for embedding requests for news inputs in web feeds to news input sources. A request for news input is received in conjunction with a web feed. The request includes filtering information for targeting news input sources. And, the web feed with the request for news input embedded in the web feed is caused at least in part to be transmitted to a news input source that satisfies the filtering information.03-31-2011
20110072492SCREEN ICON MANIPULATION BY CONTEXT AND FREQUENCY OF USE - Dynamic device management is provided based on a change in context. The management can be for one or more of icons, application, operating system(s), preferences, display characteristics, and the like. Detection and/or monitoring of one or more of presence information, environmental information, user information, recent activity information, inbound/outbound communication information, external stimuli information, geopositional information, temporal information, calendar information, user information, biometric information, and security information can be used as inputs to determining a change in this context.03-24-2011
20110061090METHODS AND APPARATUS FOR NETWORK ADDRESS CHANGE FOR MOBILE DEVICES - In one aspect, a system capable of performing network address changes is provided. The system comprises a network interconnecting a plurality of hosts, a mobile device connected to the network, the mobile device associated with a first network address corresponding to a first network location of the mobile device on the network, a first host connected to the network, and a mobile handler capable of communicating with the mobile device and the host over the network. Wherein the mobile handler is configured to receive a change of address request from the mobile device, the change of address request including a second network address corresponding to a second network location of the mobile device on the network, the mobile handler configured to notify the first host of the change of address request, the notification including the second network address, and wherein the first host is adapted to receive the notification and to initiate a connection with the mobile device at the second network address, wherein a communication path of the connection does not include the mobile handler.03-10-2011
20130160079DECEPTION-BASED NETWORK SECURITY USING FALSE POSITIVE RESPONSES TO UNAUTHORIZED ACCESS REQUESTS - A request handler may receive an access request for access to application server resources of an application server and determine that the access request is unauthorized. A response manager may provide a false positive response including apparent access to the application server resources.06-20-2013
20130160083METHOD AND DEVICE FOR CHALLENGE-RESPONSE AUTHENTICATION - Method of performing a challenge-response process, comprising, in this sequence, the steps of a) providing a first challenge-response pair (06-20-2013
20110035787Access Through Non-3GPP Access Networks - When setting up communication from a user equipment UE (02-10-2011
20110030033MANAGING SECURE USE OF A TERMINAL - A terminal exhibits at least one functionality made secure on the basis of a security item. A security entity stores said security item as well as first authentication parameters. The terminal stores second authentication parameters. At the level of the terminal, an authentication of the security entity is performed on the basis of the first and second authentication parameters. Next, a secure contactless link is established with the security entity. Finally, the security item stored on said security entity is received in the course of said secure link.02-03-2011
20120204229METHOD AND SYSTEM FOR AUTHENTICATING AN END USER - A method and associated system for authenticating an end user. A selected subset of root nodes of a set of root nodes in a server mask is received, the selected subset of root nodes having been selected by the end user. In response to the receiving of the selected subset of root nodes, the end user is authenticated by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask.08-09-2012
20100313243DIGITAL SOCIAL NETWORK TRUST PROPAGATION - A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications.12-09-2010
20100269154METHOD OF COMMUNCIATING STATE INFORMATION BETWEEN A SERVER AND A MOBILE DEVICE BROWSER WITH VERSION HANDLING - A method for communicating state information between a server and a mobile device browser with version handling includes: providing a control channel between the server and mobile device browser; transmitting at least one message from the mobile device browser to the server over the control channel indicative of browsing-related state data, wherein the at least one message includes an XML-encoded document and a protocol version value identifying a version of Document Type Definition (DTD) against which to validate the XML-encoded document; and regulating subsequent transmission of data from the server to the mobile device browser based on the at least one message.10-21-2010
20100269155Method and Apparatus for Registering Auto-Configured Network Addresses Based On Connection Authentication - A method and apparatus for registering auto-configured network addresses includes receiving first data at a networking device connected to a host at a physical connection. The first data is received from a first server and indicates authentication information associated with the host. A first message is received at the networking device from the host. The first message requests configuration information and includes a logical network address for the host determined at least in part by the host. A second message is generated based on the first message and the first data. The second message is sent to a second server that registers the host by associating the logical network address with the first data.10-21-2010
20100263023 TRUSTED NETWORK ACCESS CONTROLLING METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network access controlling method based upon tri-element peer authentication comprises: Firstly initializing creditability collectors and a creditability verifier; then carrying out a tri-element peer authentication protocol among a network access requester, a network access controller and an authentication strategy server in a network access control layer to realize bi-directional user authentication between the access requester and the access controller; When authentication is successful or the locale strategy requires to carry out a when a platform creditability evaluation process, the TNC terminal, TNC server and evaluation strategy server in a trusted platform evaluation layer performing the tri-element peer authentication protocol to realize bi-directional platform creditability authentication between the access requester and the access controller; Finally the access requester and the access controller controlling ports according to the recommendation generated by the TNAC client terminal and the TNAC service terminal. The invention solves the technical problem about poor expandability in background, and further solves the problem about complex key negotiation and relatively low safety.10-14-2010
20110154441ONLINE DEVELOPMENT ENVIRONMENT SERVER, ONLINE MARKETPLACE SERVER, ONLINE DEVELOPMENT ENVIRONMENT CONSTITUTING METHOD, AND DEVELOPED APPLICATION PROVIDING METHOD - An online development environment server, online marketplace server, an online development environment configuring method, and a developed application providing method are provided. The online development environment server includes: a virtual resource pool providing virtual resources including a design tool pool, an IDE/SDK pool, a service component, and a virtual server and repository pool; a virtual resource pool manager supporting to allow a developer to select a virtual resource according to a selected development environment; a virtual development environment manager establishing a virtual development environment with reference to virtual resource information through the virtual resource pool manager; a virtual operation space and view manager binding a user and a view of a virtual development environment of each group through the virtual development environment manager and the virtual resource pool manager; a presenter presenting a virtual view model constituted by being bound by the virtual operation space and view manager; and a metadata manager storing metadata configured for virtualizing an operation space and managing the same.06-23-2011
20080263632System and Method for Managing Use and Access of a Communication Network - The present invention provides a system and method for managing access and use of a communication network or service or service. When a user requests the use of a communication network or service and this network is experiencing a level of use which is above a predetermined threshold, one or more incentives can be offered to the user in return for deferring access to the communication network or service for a predetermined period of time. In this manner, usage of the communication network or service can be managed such that variability of the usage level over time can be reduced.10-23-2008
20120204225ONLINE AUTHENTICATION USING AUDIO, IMAGE AND/OR VIDEO - Systems, methods, and computer program products for online authentication using audio, video and/or image data. In some examples, audio, video and/or image data of a user may be captured, and recognition may be performed on at least part of the captured data during an attempt to confirm that the user is who he/she is supposed to be. If the attempt is successful, a validation confirmation may be generated. In some cases of these examples, the validation confirmation or a part thereof may optionally be provided to a server during user authentication relating to a resource provided by the server. Additionally or alternatively, in some cases of these examples, at least part of the captured data may optionally be provided to the server during user authentication. Depending on the example, the server may or may not be a web server.08-09-2012
20110162042TRUSTED METWORK MANAGEMENT METHOD OF TRUSTED NETWORK CONNECTIONS BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network management method of trusted network connections based on tri-element peer authentication. A trusted management proxy and a trusted management system are respectively installed and configured on a host to be managed and a management host, and are verified as local trusted. When the host to be managed and the management host are not connected to the trusted network, they use the trusted network connection method based on the tri-element peer authentication to connect to the trusted network respectively, and subsequently perform the authentications and the cipher key negotiations of the trusted management proxy and the trusted management system; when the host to be managed and the management host have not completed the user authentication and the cipher key negotiation process, they use the tri-element peer authentication protocol to complete the user authentication and the cipher key negotiation process, then use the tri-element peer authentication protocol to implement the remote trust of the trusted management proxy and the trusted management system, and finally perform network management. The present invention can actively defend attacks, reinforce the safety of the trusted network management architecture, and realize the trusted network management of distributed control and centralized management.06-30-2011
20100263022Systems and Methods for Enhanced Smartclient Support - Exemplary systems and methods for enhanced smartclient support are provided. In various embodiments, a method comprises receiving, by a digital device, an authentication reply message associated with a wireless network, the authentication reply message indicating whether authentication is successful and indicating whether the digital device has been granted access to the wireless network, identifying, with the digital device, a URL message within the authentication reply message, and displaying content from a URL of the URL message on the digital device.10-14-2010
20100100934SECURITY METHODOLOGY TO PREVENT USER FROM COMPROMISING THROUGHPUT IN A HIGHLY THREADED NETWORK ON A CHIP PROCESSOR - A computer-implemented method, system and computer program product for preventing an untrusted work unit message from compromising throughput in a highly threaded Network On a Chip (NOC) processor are presented. A security message, which is associated with the untrusted work unit message, directs other resources within the NOC to operate in a secure mode while a specified node, within the NOC, executes instructions from the work unit message in a less privileged non-secure mode. Thus, throughput within the NOC is uncompromised due to resources, other than the first node, being protected from the untrusted work unit message.04-22-2010
20080229389RESTRICTING ACCESS TO HARDWARE FOR WHICH A DRIVER IS INSTALLED ON A COMPUTER - Users of a computer are prevented from directly accessing certain hardware for which a driver is installed on the computer. The users are provided a limited, indirect manner to access the hardware for a specific purpose or to do a specific job. One example of such hardware is a wireless hardware communication interface. The wireless activity of the computer may be restricted so that the wireless hardware communication interface is prevented from communicating with any devices compatible with the wireless hardware communication interface other than one or more specific devices.09-18-2008
20080229391CONTENT MANAGEMENT APPLICATION FOR AN INTERACTIVE ENVIRONMENT - The content management application is an intranet application which provides a process for implementing changes to an internet website of a company by providing the company the ability to define and enforce a common style of page layout. The application can be accessed via a desktop browser and multiple users may access the application for multiple reasons at the same time. The application also dynamically generates new page designs and new component design with various people assigned to groups or teams enabling the continuous creation and processing of content. Once the content is created and reviewed, it is then launched onto the company's internet site for viewing by the internet users accessing the company's web page.09-18-2008
20120204228METHODS FOR HOSTING DATA ON A GROUP OF NETWORKED HOSTS - A method for hosting data on an interoperable, related group of networked hosts organized in a tree structure including descendants associated with ancestors, each host independently accessible by network connected client computers, the method including hosting ancestor data on an ancestor host, including genus content related to a genus subject matter, hosting descendant data on a descendant host including species content related to subject matter defining a species within the genus subject matter. Some examples further include incorporating at least a portion of the species content into the ancestor data, connecting the ancestor host in data communication to a client computer via the computer network, and displaying an ancestor output incorporating a portion of the ancestor data Some examples may additionally or alternatively include allowing the user to access the ancestor user features on the ancestor host in response to entering user authentication data consistent with a descendant user records.08-09-2012
20120204230AUTHENTICATION OF AN END USER - A method and System for authenticating an end user. A first pattern of colored quadrilaterals is generated. A second pattern of multiple colored nodes that include a first subset of nodes is generated. The first and second patterns are sent to the end user. If a transparent credit card is overlaid by the end user on top of the second pattern, then a second subset of nodes in the credit card would match in color and location the first subset of nodes. The authenticity status of the end user is determined by determining whether each node of a third subset of nodes within the second subset of nodes (i) corresponds to a unique node of the multiple colored nodes and (ii) has a color that matches a specific color in one quadrilateral of the colored quadrilaterals. The determined authenticity status is sent to the end user via an output device.08-09-2012
20090320097METHOD FOR CARRYING OUT A DISTRIBUTED SEARCH - An operator provides services to a population of client device, such as mobile communication devices, including search services accessed via an operator portal. A search gateway places a search object, in which user privacy is protected, into a distributed, transactional object (tuple) space. Resolvers monitoring the space read the search descriptors and coordinate an external search to be performed with result objects placed back in the space. The gateway removes the search result objects from the space, matching them with the user search for reporting to a user of the client device. Thereby, an increased amount of content is accessible across a distributed system.12-24-2009
20110154443SYSTEMS AND METHODS FOR AAA-TRAFFIC MANAGEMENT INFORMATION SHARING ACROSS CORES IN A MULTI-CORE SYSTEM - A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.06-23-2011
20090241171WEARABLE COMPUTER SYSTEM AND METHOD CONTROLLING INFORMATION/SERVICE IN WEARABLE COMPUTER SYSTEM - A wearable system and a method for transferring and controlling information/service based on biologically generated information from a user are provided. In the method, an intuitive bio signal generated by a user is sensed and a device pointed by the sensed bio signal is selected. Then, bio signal information is created using the sensed bio signal and the generated bio signal information is transmitted to the selected device. After transmitting, the information/service is transferred to the selected device after confirming that the selected device that receives the bio signal information is activated.09-24-2009
20090241170ACCESS, PRIORITY AND BANDWIDTH MANAGEMENT BASED ON APPLICATION IDENTITY - A method or system for managing packet flow is disclosed. The packets each include an inserted application identifier identifying a registered application. The method includes receiving packets destined for one or more resources, determining, by a packet processor, the inserted application identifier for each of the respective packets received and managing the packet flow of each received packet sent from a security node based at least in part on the inserted application identifier of the received packet.09-24-2009
20090241169AUTHENTICATION OF DEVICES IN A WIRELESS NETWORK - A method for authentication of devices (D09-24-2009
20110154440DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) AUTHENTICATION USING CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP) CHALLENGE - A method performed by a Dynamic Host Configuration Protocol (DHCP) server comprising receiving a DHCP DISCOVER message from a DHCP client; generating a challenge in response to the DHCP DISCOVER message; sending the challenge to an authentication device; receiving a first challenge response from the authentication device; generating a DHCP OFFER message; sending the challenge to the DHCP client in the DHCP OFFER message; receiving a DHCP REQUEST message that includes a second challenge response from the DHCP client; comparing the first challenge response with the second challenge response; and authenticating the DHCP client when the first challenge response and the second challenge response match.06-23-2011
20110258682METHOD, APPARATUS, AND SYSTEM FOR PROCESSING SESSION CONTEXT - A method, an apparatus, and a system for processing session context are disclosed. The method for processing session context includes: receiving a reset notification message that carries a device identifier; confirming that a reset event corresponding to the reset notification message occurs on a peer device identified by the device identifier; and deleting an associated context related to the reset event. According to the present invention, after a local device receives a reset notification message from a peer device and before deleting an associated context related to the reset event of the peer device, the local device needs to confirm the authenticity of the reset notification message with the peer device. In this way, the associated context on the device will not be wrongly deleted due to the attack from a fake source address, and it is ensured that the associated context are correctly processed after a reset notification message is received, thus ensuring that the local device can perform normal communication and improving the system security.10-20-2011
20110258681SYSTEM AND METHOD FOR MONITORING AND ENFORCING POLICY WITHIN A WIRELESS NETWORK - In general, one embodiment of the invention is a air monitor adapted to a wireless network. The air monitor enforces policies followed by the wireless network even though it is not involved in the exchange of data between wireless devices of the wireless network such as access points and wireless stations.10-20-2011
20110258680REMOTE SUBSCRIBER IDENTIFICATION (RSID) SYSTEM AND METHOD - The present invention discloses a Remote Subscriber Identification (RSID) system with a communication device in communication with a remote database capable of seamlessly storing, linking, and transferring mobile data to a user's communication device. The communication device receives a biometric information of a subscriber and accesses a subset of the mobile information by authenticating the user in the remote database and uses the subset of mobile information for communication with a third-party associated with at least one item of the subset of the mobile information. The user's data can be used on any communication device that capable of recognizing personal identifying information, transmitting this information to the remote database, accessing the user's subscriber specification information and any subscriber personalized information, and transmitting it to the user's communication device, enabling the user to use this information with the communication device.10-20-2011
20080320563SYSTEM AND PROGRAM PRODUCT FOR ASSOCIATING EVENT CATEGORIZATION AND ROUTING WITH SECURITY AUTHORIZATION ROLES - Under the present invention, when an event is received on a server, it is stored and then categorized. In being categorized, an event group pertaining to the event is identified. Based on the group of events, a set (e.g., one or more) of destinations to which the event should be routed can be determined. The group of events is then associated with an access control list (ACL) that contains entries identifying users (or groups of users) and their permissions to interact with events in that group. Once the association is made, the event and optionally the ACL is routed to the appropriate destinations. Based on the permissions contained in the ACL, the destinations will interact with the event accordingly.12-25-2008
20080320562EFFORTLESS REGISTRATION WITH CONTENT PROVIDERS AND METHODS THEREOF - A communication system (12-25-2008
20080320561Method and System for Collaboration Involving Enterprise Nodes - A method and system for a communication network containing both trusted peers and untrusted hosts within the network. Trusted peers can collaborate with each other to observe and monitor the activity of the untrusted hosts. In addition, a trusted peer instantiated with a virtual machine can have an operating system kernel collaborate with a hypervisor to determine whether threats are present. A trusted peer that needs particular functionality installed can collaborate with other trusted peers and with an administrative console to have that functionality installed. An untrusted host can have a driver directly inserted into it by an administration console, which will facilitate in the collaboration process.12-25-2008
20080320560Delegating or Transferring of Access to Resources Between Multiple Devices - A gatekeeper device delegates an ability to access a resource to an access device by transmitting metadata, which includes access information for accessing the resource. The access device uses the metadata to retrieve the associated resource from a resource server. By transmitting the metadata in lieu of the resource, flexible use of the resources is implemented while enabling compliance with various restriction schemes. The system may condition the delegation or transfer of resource access on one or more factors, such as proximity between the gatekeeper device and the access devices. Using information about an access device, the resource server may optimize the resources for the receiving access device.12-25-2008
20090125981SYSTEM AND METHOD FOR WIRELESS NETWORK AND PHYSICAL SYSTEM INTEGRATION - In one embodiment, an apparatus includes an intrusion detection arrangement and a location identification arrangement. The intrusion detection arrangement determines when a client without authorization attempts to access a wireless network of which the intrusion detection arrangement is a part. The location identification arrangement identifies at least a first approximate physical location of the client without authorization when the client without authorization attempts to access the wireless network. The location identification arrangement is configured to communicate the first approximate physical location to a surveillance arrangement which monitors the first approximate physical location05-14-2009
20090125980NETWORK RATING - Methods and systems for operation upon one or more data processors for assigning a reputation to a messaging entity by analyzing the attributes of the entity, correlating the attributes with known attributes to define relationships between entities sharing attributes, and attributing a portion of the reputation of one related entity to the reputation of the other related entity.05-14-2009
20080313708Data content matching - A method, device and system for matching data content, including identifying items of data that would be potentially harmful if transferred through a network, creating a list containing the identified items of potentially harmful data, deriving a hash value for each item of data on the list, receiving a data stream containing data packets, calculating a hash value for each data packet in the data stream, evaluating whether any of the hash values calculated for the data packets in the data stream match any of the hash values derived for each item of data on the list, discovering a hash value match between one of the data packets in the data stream and one of the items of data on the list, comparing the actual contents of the one data packet in the data stream to the actual contents of the one item of data on the list, confirming a match between the actual contents of the one data packet in the data stream and the one item of data on the list, and applying a filter policy that restricts a further transfer of the one data packet through the network. Some embodiments also include identifying a field of interest for each item of data on the list and for each data packet in the data stream.12-18-2008
20080313709METHOD AND APPARATUS FOR VERIFICATION OF DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) RELEASE MESSAGE - An apparatus and method for verification of a DHCPRELEASE message comprising extracting a IP address from the ciaddr field of the DHCPRELEASE message, determining a tunnel-associated IP address, comparing the IP address and the tunnel-associated IP address to determine if there is a match, and releasing the IP address if there is a match, and wherein the tunnel-associated IP address is the IP address associated with the tunnel from which the server receives the DHCPRELEASE message.12-18-2008
20120204231USER IDENTITY MANAGEMENT FOR PERMITTING INTERWORKING OF A BOOTSTRAPPING ARCHITECTURE AND A SHARED IDENTITY SERVICE - A method, apparatus and computer program product are provided to facilitate authentication of a request, such as by a mobile terminal, while also supplying information about the user to a service, website, application or the like A method, apparatus and computer program product may provide for interworking a bootstrapping architecture, such as Generic Bootstrapping Architecture, and a shared identity service, such as OpenID architecture In this regard, a method, apparatus and computer program product may provide for a secure session with a service provider through Generic Bootstrapping Architecture while being able to supply the service provider with the user information and/or accessing a user account using OpenID architecture.08-09-2012
20120204227DATA BACKUP AND TRANSFER SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT - A backup system having a plurality of accounts for copying selected data between one or more account user computers and a system computer where an account user's computer connects to the system computer via the Internet. Selected data is copied between the account user's computer and the system computer including, documents, media files, and email in any file type or format. Additionally, the system is compatible with all types of computers, including personal data assistants and mobile telephones, and all types of operating systems. All of the software to operate the system is resident on the system computer with no hardware or software required on the account user computer beyond a conventional web browser. The system also includes a scheduler, a contacts manager, a reminder generator and file transfer system for third-party users.08-09-2012
20120204224Method and Apparatus for a Control Plane to Manage Domain-Based Security and Mobility in an Information Centric Network - A networking system comprising a virtual group controller in an information centric network configured to enable mobility and security for a plurality of users groups of the information centric network, a plurality of user groups coupled to the virtual group controller and associated with the users, a plurality of agents that are each associated with one of the user groups, and a database for trusted service profile coupled to the virtual group controller, wherein the virtual group controller is configured to interact with the agents to enable mobility for the user groups using a server-less domain-based naming scheme.08-09-2012
20120151558NETWORK SECURITY APPLIANCE - A network security appliance that provides security to devices in industrial environments by transparently bridging traffic to the endpoint device. The security 5 appliance securely communicates with a management server for receiving configuration data for operation of security modules in the appliance by encrypted communications. The security appliance utilizes the network address of the industrial device when communicating with a management server and is addressed by the management server using the address of one of the protected devices associated with the appliance. Learned device characteristics are provided by the appliance to the management server which tailors software and security rules to specific network vulnerabilities of the device and control protocol. The security appliance sends periodic heartbeat messages to the management server using the network address of the device. The heartbeat message can also report anomalous events which may required additional software being provided from the management server to the node.06-14-2012
20110055896AUTHENTICATION SERVER AND LINE SERVER - When a reader/writer 03-03-2011
20110055895Shared scalable server to control confidential sensory event traffic among recordation terminals, analysis engines, and a storage farm coupled via a non-proprietary communication channel - A highly secure sensory stream event server receiving and storing encrypted assets and references to those assets over a non-proprietary communications channel. A system for selectively decrypting and transmitting references to analysis clients such as authenticated mutually unconscious users, and retrieving, decrypting and transmitting certain assets from high-volume storage, distributed storage, or in transit. A method for controlling a plurality of sensory stream event recordation clients and a plurality of analysis clients transmitting policies and commands requesting upload of assets and obtaining status solely by receiving client initiated sessions.03-03-2011
20110055894Firewall and NAT Traversal for Social Networking and/or Content Sharing On Mobile Devices - A method for facilitating firewall and NAT traversal during social networking and/or content sharing via a mobile device uses an instant message protocol to establish a near real-time communications session between two user devices on opposite sides of the firewall or NAT enabled router. A first application on a mobile device provides social networking and/or content sharing. A second application on the mobile device establishes a communication session for exchanging near real-time messages between the mobile device and a second device over the firewall or NAT protected network. The second application is associated with the first application and allows the mobile device to access a file associated with the first application that is stored in the second device via the communication session.03-03-2011
20110055893COMMUNICATION APPLICATION - In at least some embodiments, a computer system includes a processor and a system memory coupled to the processor. The system memory stores a communication application that, when executed, provides first stage operations and second stage operations. The computer system also includes a network interface coupled to the processor. The first stage operations comprise a selective exchange of primary connection information with a communication endpoint via the network interface. The second stage operations comprise initiating a peer-to-peer communication session with the communication endpoint based on the primary connection information.03-03-2011
20110055899SECURE REMOTE MANAGEMENT OF NETWORK DEVICES WITH LOCAL PROCESSING AND SECURE SHELL FOR REMOTE DISTRIBUTION OF INFORMATION - A system and method for the management of one or more wide area or local area network connected devices by a collocated managing device. The managing device forwards information in graphical form using a secure connection to a remotely located administrative user workstation.03-03-2011
20110055898Dynamic Authentication in Secured Wireless Networks - Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.03-03-2011
20110055897TRUST ASSERTION USING HIERARCHICAL WEIGHTS - An illustrative embodiment provides a computer-implemented method for access control by trust assertion using hierarchical weights. The computer-implemented method comprises obtaining an access request for an asset, identifying a trust value associated with a set of paths associated with the access request to form an identified trust value. The identified trust value is compared with a required trust value and a determination as to whether the identified trust value is greater than or equal to the required trust value is made. Responsive to a determination that the identified trust value is greater than or equal to the required trust value, access to the asset is permitted.03-03-2011
20100325696SYSTEM FOR AUTHENTICATION OF CONFIDENCE LINK AND METHOD FOR AUTHENTICATION AND INDICATING AUTHENTICATION THEREOF - In a certified link authentication system, a terminal parses a web page and extracts markup information for a certified link. In addition, the terminal transmits the extracted markup information to a certified link authentication server. The certified link authentication server authenticates the certified link from the markup information of the certified link transmitted from the terminal, and transmits an authentication result to the terminal. The terminal marks the authenticated certified link with a certified mark, renders the web page, and displays it to the user.12-23-2010
20110010757ELECTRONICALLY IMPLEMENTED METHOD AND SYSTEM FOR AUTHENTICATION AND SHARING OF DOCUMENTS VIA A COMMUNICATION NETWORK - The invention provides a method and system of authentication and online sharing of documents by electronic means, through a third party, conducted via a communication network. The method involves, creation of a website, subject to the control of an administration entity; uploading the scanned version of the original document by the user at the allotted location in the website, using the obtained user name and created password; assigning a uniquely identifiable indicia to the scanned document; sending the scanned document to the authenticating entity; accessing and verifying the authenticity of scanned document by the authenticating entity, by comparison with the original document available in the database of the authenticating entity. The authentication is performed through an electronically simple mechanism only once, in which, irrespective of the date of issue of the document, the document may be attested and the record may be maintained permanently.01-13-2011
20110167476MESSAGE DELIVERY SYSTEM AND DELIVERY METHOD - A message delivery system for delivering a message to a user includes: a plurality of delivery systems (07-07-2011
20110265146METHOD AND SYSTEM FOR AUTHENTICATION PROCESSING, 3GPP AAA SERVER AND USER EQUIPMENT - The present invention relates to a method and a system for authentication processing, a 310-27-2011
20110072493DATA PROVIDING DEVICE, OPERATION DEVICE, DATA PROCESSING DEVICE, OPERATION SYSTEM, CONTROL PROGRAM, AND COMPUTER-READABLE RECORDING MEDIUM STORING CONTROL PROGRAM - A service providing device (03-24-2011
20100293597CONTENT TRANSMISSION DEVICE, PROGRAM, TRANSMISSION CONTROL METHOD, AND CONTENT TRANSMISSION SYSTEM - Provided is a content transmission device, including an input section in which a boundary between a parental level on content data restricted to be viewed and a parental level on content data allowed to be viewed for each of the reproducing devices, and a restriction time slot are input, a storage section in which the content data, the boundary and the restriction time slot are recorded, a transmitting section that transmits the content data to the reproduction device, a judgment section that determines whether the parental level on the content data is higher than the boundary of the reproduction device and the current time is within a restriction time slot of the reproduction device, and a control section that controls so that the content data being a determination object is not to be transmitted from the transmitting section to the reproduction device depending on the determination result.11-18-2010
20100293598METHOD AND SYSTEM FOR USE IN COORDINATING MULTIMEDIA DEVICES - Some embodiments of the present invention provide methods for use in playing back content. Some of these methods access a content package comprising media content to be locally played back; detect, as defined by the content package, whether a remote secondary device is available with which a connection can be established; determine whether an authorization to establish the connection has been confirmed; establish, when the authorization is confirmed, a communication connection; determine, as instructed by the content package and when the communication with the secondary device is established, whether one or more commands are received from the secondary device; and implement, as instructed by the content package and when it is determined that the one or more commands are received from the secondary device, the one or more commands in controlling playback experience of the media content.11-18-2010
20110119737METHOD AND DEVICE FOR DISTRIBUTED SECURITY CONTROL IN COMMUNICATION NETWORK SYSTEM - With migration of network technology and more and more requirements of user equipment for accessing to Internet, the network security faces more and more severe situation. There is provided a method for distributed security control in communication network system and the device thereof in order to improve security and operatability of network operator. In the method, firstly the network controller establishes a network security control mechanism, which is used for a second network device to check the validity of the data package from the user equipment; secondly, the network controller sends the network security control mechanism to the second network devices; lastly, the second network device checks the validity of the data package from the user equipment according to the network security control mechanism, and discards the data package if the data package is invalid. With the present invention, security and operatability of the communication network maybe improved greatly, particularly, the functionality of address anti-spoofing can be implemented in the network with a WLAN architecture in centralized control. (FIG. 05-19-2011
20120311670SYSTEM AND METHOD FOR PROVIDING SOURCE ID SPOOF PROTECTION IN AN INFINIBAND (IB) NETWORK - A system and method can provide source ID spoof protection in an InfiniBand (IB) fabric. The IB fabric can support a plurality of tenants in a subnet that connects a plurality of physical servers, wherein the plurality of tenants are associated with different partitions in the subnet. Then, the plurality of tenants can use at least one shared service, and the IB fabric can be configured to determine what ID values are legal for different physical servers and different partitions.12-06-2012
20120311669ACCESS MONITORING METHOD, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE MEDIUM STORING ACCESS MONITORING PROGRAM - In an access monitoring method executed by a computer: information on a first link is recorded when a request for access through the first link is detected and authentication information is transmitted through the first link; and when an email containing information on a second link is received and a request for access through the second link is detected, a determination whether or not the information on the second link is identical, in a predetermined part, to the recorded information on the first link is made. In the case where yes is determined, access through a link is forbidden when the information on the link is identical, in the predetermined part, to the recorded information on the first link, and the recorded information on the first link is transmitted to a server which collects information on links.12-06-2012
20110138446SYSTEM AND METHOD FOR PROVIDING USER AUTHENTICATION AND IDENTITY MANAGEMENT - A distributed client/server system comprises a network of servers and clients, such as the Internet, in which user access to certain restricted resources is controlled by a logon procedure that identifies an authorized user to the respective administering server. The disclosed system and method includes a logon server that comprises a user authentication procedure by which a user can logon to the logon server from any client in the network and uniquely identify itself to the logon server. The logon server also includes a library of usernames and passwords for the restricted resources chosen by each user and the ability to automatically log the users on to any of the restricted resources when selected by the user through a personal catalog maintained by the logon server. The disclosure system and method also includes various other features for providing user authentication and identity management in a network environment, such as the Internet.06-09-2011
20110138445SYSTEMS AND METHODS FOR DYNAMIC ACCESS TO PROGRAM FEATURES - The multimedia client-server system provides a multimedia client program with a set of features and a server system that creates feature access information that determines which features are to be made available to a particular user. The server system may send the feature access information to the user such that the information is accessible to the multimedia client program. The multimedia client program may dynamically control the user's access to the program's feature set by using the feature access information to validate and verify the user. In addition, the feature access information may be accessible to the server system, such that the server system may periodically update the feature access information, such as, for example, when the user accesses the server system to download multimedia content.06-09-2011
20110138444AUGMENTED REMOTE CONTROLLER AND METHOD FOR OPERATING THE SAME - An image display may be displayed by augmented reality on a remote controller. This may include identifying an electronic device having playable content, receiving information regarding a locked status of the playable content of the identified electronic device, and displaying, on a screen, an object indicating a locked status when the playable content of the identified electronic device requires a user authentication for playing the content. A user authentication input may be received and a determination may be made whether the received user authentication input matches a previously stored user authentication information. The playable content may be released from the locked status when it is determined that the received user authentication input matches the previously stored user authentication information, and information relating to the released playable content may be displayed.06-09-2011
20100333175Smart Net System and Method of Use - The smart net system has a smart net controller and one or more computers each with a smart net key. The smart net keys spawn a smart window on each computer and communicate wirelessly with the smart net controller. Via the smart net key, computer users can transmit presentations to a video display or projector attached to the smart net controller and/or communicates with other electronic devices connected to the smart net system. Data such as files, presentations, or instant messages can be shared among users by way of the smart window. The need for sharing a video cable or a computer or printing up handouts for distribution is reduced or eliminated. The efficiency of conferences, lectures, classes and workgroups is increased. Smart net for the small office provides network like communications without the traditional networking hardware allowing communications between computers without allowing computers access to each other's information.12-30-2010
20110055892ACCESS CONTROL IN A MULTI-PRINCIPAL BROWSER - A principal operating system based-browser controls access to resources. The resources are represented semantically in a resource object model. A browser kernel of the browser mediates resources access calls from principals. In some implementations the principals are web entities and the resources are peripheral devices. The resource object model separates device semantics from physical device access. Resource access control policies are maintained by the browser kernel and separated from device access mechanisms.03-03-2011
20110191822CONTROLLED USE MEDICAL APPLICATION - In an example, a plurality of virtualized medical application containers can be stored on one or more servers, wherein each server includes a memory, and wherein each virtualized medical application container includes a virtualized operating system, separate from a client operating system and a medical application executable installed on the virtualized operating system.08-04-2011
20110191819Diameter Signaling for Mobile IPv4 - The invention consists of a new registration and authentication protocol for between a Mobile Node and a Home Agent. The new protocol uses a novel messaging sequence to request registration, authentication and authorization of the Mobile Node when it is located on a foreign network, and the novel protocol will avoid some of the standard registration and authentication protocol messages in order to eliminate the problems associated with re-transmission errors.08-04-2011
20100115586MANAGING STORED DATA ON A COMPUTER NETWORK - A method and system for managing stored data on a computer network organizes data into logical volumes, and each logical volume has a friendly name associated with it. A domain controller keeps track of the friendly names of the logical volumes and associates those friendly names with the actual physical paths of the logical volumes. When a client computer on the network wishes to access a logical volume, it sends a look-up request having the friendly name to the domain controller. The domain controller may fulfill the request by sending the path of the logical volume to the client computer.05-06-2010
20100115584INFORMATION PROCESSING SYSTEM - An information processing system includes a client device and a server system. The client device executes an application program as a confidential process for performing processing based on confidential information. When a transmission request asking for transmission of confidential information is generated by the application program being executed, the client device transmits, to the server system, the transmission request and confidential process information indicating that the process in which the transmission request was generated is a confidential process. When the server system receives the transmission request and the confidential process information from the client device, the server system transmits stored confidential information in accordance with the received transmission request.05-06-2010
20110179467Intercepting malicious access - Analyzing network access requests includes: receiving an access request for service from a user; updating a frequency of access requests associated with the user; receiving an analysis result based at least in part on the access request; determining whether the frequency of access exceeds a predetermined frequency; in the event that the frequency of access does not exceed the predetermined frequency, allowing the access request; and in the event that the frequency of access is greater than the predetermined frequency, determining whether to intercept the access request from the user based at least in part on the analysis result.07-21-2011
20110179466INFORMATION PROCESSING SYSTEM, CONTROL METHOD FOR THE SAME, AND PROGRAM - An information processing system is provided that simplifies a logout procedure in an information processing apparatus that has a Web browser that operates together with a Web server that serves as an external apparatus, while maintaining the operational feel of the Web browser. To accomplish this, in the present information processing system, the Web server is notified of a user instruction input via an operation screen of the Web browser provided from the Web server as an event. Here, the Web server analyzes the notified event, and if this event is a logout request, the Web server executes processing for logging out of the Web server, and also notifies the Web browser of the logout request. The Web browser executes processing for logging out of the Web browser upon receipt of the logout request from the Web server.07-21-2011
20100122320Secure and Self Monitoring Slot Gaming Network - Among other things, systems and techniques are described for authenticating one or more client devices. A system includes one or more client devices and a server to communicate with the one or more client devices over a network. The server receives a request for network connection from at least one of the client devices. In response to the received request, the server performs authentication of the requesting client device based on at least two factors. The at least two factors includes a transmission control protocol (TCP) header verification to identify a media access control (MAC) address of the requesting client device as an authorized or unauthorized MAC address; and a challenge-reply verification performed based on the TCP header verification. The challenge-reply verification includes sending a challenge message sent to the requesting client device; receiving a reply message from the requesting client device; and identifying the received reply message as a correct or incorrect reply.05-13-2010
20110126263IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, PROGRAM FOR IMPLEMENTING THE METHOD, AND STORAGE MEDIUM STORING THE PROGRAM - An image processing apparatus which can be readily used by an authenticated user without laborsome setting even if the user uses the image processing apparatus for the first time through an authentication server. A user is authenticated with an authentication server connected to an image processing apparatus via a network. User unique setting information for the authenticated user is set, and the user unique setting information for each user is stored in user information storing areas. Initial setting information of initial setting of the image processing apparatus is stored in an initial setting information storing area. When the authenticated user uses the image processing apparatus for the first time, duplicate copy of the initial setting information stored in the initial setting information storing area is stored as the user unique setting information in the user information storing areas.05-26-2011
20090089859Method and apparatus for detecting phishing attempts solicited by electronic mail - A phishing filter employs a plurality of heuristics or rules (in one embodiment, 12 rules) to detect and filter phishing attempts solicited by electronic mail. Generally, the rules fall within the following categories: (1) identification and analysis of the login URL (i.e., the “actual” URL) in the email, (2) analysis of the email headers, (3) analysis across URLs and images in the email other than the login URL, and (4) determining if the URL is accessible. The phishing filter does not need to be trained, does not rely on black or white lists and does not perform keyword analysis. The filter may be implemented as an alternative or supplemental to prior art spam detection filters.04-02-2009
20090300721Reverse VPN over SSH - A system and method for enabling access to a computer server operating within a private network, in which the computer server is isolated by access restrictions that prevent incoming connections from a public network. In one embodiment, the method includes identifying a remote client operating in a public network outside the private network, initiating a secure communication channel with the remote client, and instructing the remote client to initiate a Point-to-Point Protocol (PPP) session with the computer server via the secure communication channel.12-03-2009
20090300719SYSTEMS AND METHODS FOR MANAGEMENT OF SECURE DATA IN CLOUD-BASED NETWORK - Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud.12-03-2009
20090300720CENTRALIZED ACCOUNT REPUTATION - A centralized account reputation system differentiates between illegitimate users and legitimate users using reputation scores associated with the users' online accounts. The system restricts the access of illegitimate users to certain network services while minimizing its negative effects on legitimate users. The system can manage the life cycle of an online account, considering data about the account that is obtained throughout the account network to compute the online account reputation score and allocating access to network services based on the online account reputation score. For example, a reputation score may be embedded in a security token that can be accessed by multiple services on the account network, so that each service can determine the appropriate level of access to be granted to the associated user account based on the reputation score. Various types of online account behavior over time can improve or diminish the online account's reputation.12-03-2009
20110154438Multi-Level Security Controls System - A method and apparatus for processing information. First information is received from a first number of devices at a first number of interfaces configured to receive the first information in a first section of a programmable integrated circuit. The first information is sent to a second section in the programmable integrated circuit. Second information is received at a second number of interfaces in the second section from a second number of devices that generates the second information with a plurality of security levels. The first and second sections are partitioned from each other such that communication between the first and second sections is controlled by the second section. The first and second information are processed to form processed information that is sent to a number of network interfaces in which an identification of a security level within a plurality of security levels is associated with the processed information.06-23-2011
20110191825WIRELESS COMMUNICATION DEVICE, WIRELESS COMMUNICATION METHOD, AND PROGRAM - There is provided a wireless communication device including a storage unit for storing authentication information distributed to a plurality of users including a user of the wireless communication device belonging to a community on a network; an authentication unit for authenticating a peripheral wireless communication device based on the authentication information stored in the storage unit; and a control unit for forming a communication group with the peripheral wireless communication device when the authentication of the peripheral wireless communication device by the authentication unit is successful.08-04-2011
20110265144IMAGE SENDING APPARATUS AND AUTHENTICATION METHOD IN IMAGE SENDING APPARATUS - An image sending apparatus includes a first authentication unit configured to perform processing for first authentication to authenticate a user, a storage unit configured to store authentication information used when the first authentication unit authenticates the user, a sending unit capable of sending image data by a plurality of kinds of sending methods, a destination setting unit configured to set a destination to which the sending unit sends the image data, a second authentication unit configured to perform processing for second authentication required for the sending unit to send the image data to the destination set by the destination setting unit, and a determination unit configured to determine whether to use the authentication information stored in the storage unit when the second authentication unit performs the processing for the second authentication, based on the sending method by which the sending unit sends the image data to the destination.10-27-2011
20100031317SECURE ACCESS - Secure access is provided to a resource hosted in a first domain. A first web server provides access to the resource. A second web server is provided in a second domain for receiving requests from a user for access to the resource. A browser is arranged for authentication and authorization for access to resources in the second domain and for forwarding requests from the user to the second web server. A reverse proxy is provided for publishing, with a resource identifier identifying the second domain, the resource to the second web server. The reverse proxy is arranged to forward to the first web server for access to the resource requests received from the second browser.02-04-2010
20100031316SYSTEM ACCESS LOG MONITORING AND REPORTING SYSTEM - A user requests approval from an application server for accessing a program in a managed server. If the access is approved, the application server issues authentication information which includes at least a public key and a private key. The managed server receives command from the user to execute by the program. An original authentication value is computed from the command. The original authentication value is encrypted with the public key. The encrypted original authentication value is stored in association with the command in a log storage. Alteration of the command can be detected by computing a new authentication value from the stored command. The stored encrypted original authentication value is decrypted with the private key to obtain the original authentication value, which is compared with the new authentication value. An alarm is set if the comparison is not satisfied.02-04-2010
20100031314DISTRIBUTED PICO-CELL MOBILITY - System (PAA-BSS) comprising a plurality of access points (AP), defining a pre authentication area (PAA), the system communicating a list of frequencies relating to the access points of the pre-authentication area (PAA) and information as to the relative position of the access points to the a mobile station seeking pre-authentication before the system. Method of preparing a mobile station for handover between access points, wherein the mobile station associating (02-04-2010
20100024004METHOD AND SYSTEM FOR SECURING ACCESS TO AN UNSECURE NETWORK UTILIZING A TRANSPARENT IDENTIFICATION MEMBER - A method, system and computer-usable medium for providing secure access to an application over an unsecure network. A transparent identification member can be physically placed by a user against a login interface, the transparent identification member possessing a filter for filtering and displaying a pattern unique to the login interface. Thereafter, the user can be automatically permitted to authenticate an unsecure network and securely access an application over the unsecure network, in response to placing the transparent identification member against the login interface and providing a user input at a physical location on the login interface corresponding to the pattern unique to the login interface, thereby providing a secure authentication for the user to perform secure transactions over the unsecure network and preventing phishing by others with respect to the user and the unsecure network.01-28-2010
20100024003Method for controlling connection of a peripheral to an access point, corresponding access point and peripheral - The invention concerns a method for controlling connection of a peripheral (T) to an access point (AP) in shared network. It consists in pre-initializing (A) the access point through a local command of that access point, the pre-initializing step enabling at least the access point to be configured to provisionally match the peripheral, simultaneously initializing (B) the access point (AP) and the peripheral (T) through a substantially concurrent local command of the access point respectively of the peripheral, locally measuring and storing the initializing duration (T01-28-2010
20100017854IMAGE FORMING APPARATUS, METHOD AND MEDIUM STORING PROGRAM - The image forming apparatus acquires authentication information for authentication of document data and an authentication result. When the result indicates success, the document data is converted and is added with the specific information to specify the authentication apparatus and is stored. The image forming apparatus acquires the specific information from the converted data, transmits the specific information to a destination of the converted data, requests the destination to confirm establishment of a communication path from the destination to the authentication apparatus and transmits the converted data to the destination when receiving information representing establishment.01-21-2010
20100017853SYSTEM AND METHOD FOR SELECTING A WEB SERVICE FROM A SERVICE REGISTRY BASED ON AUDIT AND COMPLIANCE QUALITIES - A particular web service is selected based on conformation to a particular degree-of-trust. Information about available web services is requested. Responsive to requesting that information on the particular web service, a list of possible services is presented. The list of possible services includes a plurality of services, each of the plurality having a levels-of-trust assigned thereto. An acceptable web service having an acceptable degree-of-trust can then be selected from the list of possible services. Responsive to selecting the acceptable service from the list of possible services, the acceptable service can be invoked.01-21-2010
20090165088METHOD AND SYSTEM FOR PROVIDING A CONTENT LIST AND CONTENT CLIPS TO A USER NETWORK DEVICE THROUGH AN INTERMEDIATE WEB PROVIDER - A method and system for providing content includes an intermediate web provider having content therein and a user network device communicating a user identifier data to the intermediate web provider. The intermediate web provider communicates the user identifier data for the user network device to a primary service provider. The system also includes a primary service provider authenticating the user network device using the user identifier. The intermediate web device forms a content list corresponding to at least some of the content provided to the intermediate web provider. The intermediate web provider communicates the content list to the user network device from the intermediate web provider. The user network device forms a selection from the content list at the user network device and communicates the selection to the partner service provider. The intermediate user device communicates the content corresponding to the selection to the user network device. The user network device displays the content on a display associated therewith.06-25-2009
20080222702SYSTEM AND METHOD FOR PREVENTING VIRUSES FROM INTRUDING INTO NETWORK - Some embodiments of the present invention provide a system and method for preventing viruses from intruding into a network. The system for preventing viruses from intruding into a network includes: a detection unit for performing virus detection to traffic passing through the network, and a control unit arranged between terminals and the network. The control unit is adapted to control access of the terminals to the network, and decide whether to allow the terminals to access the network according to detection result from the detection unit. According to the invention, all the traffic of a terminal infected by a virus is limited, and the connection between the terminal and the network is interrupted, thereby preventing the virus from diffusing and propagating widely over the network, and improving operation security of the network.09-11-2008
20110307939ACCOUNT ISSUANCE SYSTEM, ACCOUNT SERVER, SERVICE SERVER, AND ACCOUNT ISSUANCE METHOD - Provided is an account issuance system that can open an account owner in a service server to the outside without revealing personal information. Terminal 12-15-2011
20110307938Integrating Account Selectors with Passive Authentication Protocols - Described is using a client-side account selector in a passive authentication protocol environment (such as OpenID) in which a relying party website trusts the authentication response from an identity provider website. The account selector may access and maintain historical information so as to provide user-specific identity provider selection options (rather than only general identity provider selection options). The account selector is invoked based upon an object tag in the page, e.g., as invoked by a browser extension associated with that particular object tag. The account selector may communicate with a reputation service to obtain reputation information corresponding to the identity providers, and vary its operation based upon the reputation information.12-15-2011
20090172781TRUSTED VIRTUAL MACHINE AS A CLIENT - The embodiments provide generating a dedicated virtual machine image (DVMI) including functionality for a target service provider and launching the DVMI in the host device as a dedicated virtual machine (DVM). A measurement of the DVMI and/or the launched DVM, as a Trusted Dedicated Virtual Machine (TDVM), is transmitted to the target service provider server. The target service provider determines a trust level for the TDVM, based upon the measurement and provides a level of service by the target service provider server to the TDVM, according to the trust level of the TDVM.07-02-2009
20090172780Server for displaying contents - Provided are a user/viewer-friendly device and system for displaying various contents such as moving images, still images, and texts, and a service using these. A screen (terminal) for displaying the contents and a terminal for operating display switching, etc. are separated from each other. A display terminal (television, large screen display, etc.) and an operation terminal (mobile phone terminal) are connected to a server through a network. The server manages association and operation of both the terminals.07-02-2009
20120042358Proctoring System - A computer implemented method and system is provided for authenticating and monitoring an examination environment of a user. A proctoring software provided on a user's computing device communicates with a remote monitoring station via a server over a network. A data capture device provided on the computing device is configured to rotate and tilt to multiple angles to view and capture audiovisual data from the examination environment. A proctor administering the remote monitoring station authenticates the user based on an examination selected by the user. The proctor defines criteria comprising actions allowed for the user while taking the examination. The proctoring software monitors the examination environment for conformance to the defined criteria. The proctoring software transmits the monitoring information to the remote monitoring station based on transmission parameters determined by the server. The proctor controls actions of the user when the user is not in conformance with the defined criteria.02-16-2012
20090100503AUTHENTICATION FOR SHARED WIRELESS PERIPHERALS HAVING AN INTERNAL MEMORY STORE FOR SHARING DIGITAL CONTENT ACROSS MULTIPLE HOSTS - The present solution can authenticate a first host to access a memory space of a shared wireless peripheral communicatively linked to the first host via a bus and a device controller. Digital content displayed within a graphical user interface of the first host can be selected. Either a CUT or COPY clipboard operation can be detected that is conducted from the first host. The selected content can be copied to the memory space of the peripheral. The second host can be authenticated to access a memory space of the peripheral communicatively linked to the second host via a bus and a device controller. A PASTE clipboard operation conducted from the second host can be detected. The selected content obtained from the first host can be conveyed from the memory space of the shared wireless peripheral to a cursor specified location within a graphical user interface of the second host.04-16-2009
20120060202CONTENT SERVICE SYSTEM, CONTENT SERVER, CONTENT TERMINAL AND CONTENT SERVICE METHOD - The present invention discloses a content service system, which comprises a content server and a content terminal that are connected via the internet, the content server is further connected with a client via the internet and comprises: a content database, for storing content data to be downloaded by the content terminal via the internet; and a message queue module, for receiving command messages from the client via the internet which specifies the content data to be downloaded by the content terminal; the content terminal comprises: a message acquiring module, for communicating with the content server to acquire the command message; a content downloading module, for downloading the specified content data from the content server via the internet according to the command messages and storing the specified content data locally; and a content playing module, for playing the content data which is stored locally. The present invention also relates to a corresponding content service method, a content server, and a content terminal. With the solutions of the present invention, the client can select freely the content data on the content server and control the content terminal in the home for downloading, storing locally, and playing.03-08-2012
20120210396PROCESSING EXTENSIBLE MARKUP LANGUAGE SECURITY MESSAGES USING DELTA PARSING TECHNOLOGY - Markup language security messages are processed. A template corresponding to a markup language security message is identified. The markup language security message is parsed for variable values using the template. A transition sequence is generated that represents the entire markup language security message. Each transition in the transition sequence is associated with a portion of the markup language security message. A lightweight data model of the markup language security message is populated using the transition sequence. The lightweight data model includes nodes for the variable values and a set of selected constant values.08-16-2012
20120210394CIRCUIT DEVICE AND A COMMUNICATION APPARATUS - An application program relating to a process of an integrated circuit is stored in a virtual integrated circuit storage area server apparatus. Following a mutual authentication between the IC and the virtual storage area server apparatus through a portable communication function unit, the server apparatus executes the application program. Additionally, through the IC, the portable communication function unit, a wireless communication line, and a network, communicate with an IC_R/W apparatus and perform a process relating to a service in collaboration with each other.08-16-2012
20120047559LICENSE INFORMATION EXCHANGE SYSTEM - When license information is transferred between a server machine and a client machine, an identifier which is unique to a series of communication sequences is provided. The identifier is sent when a communication is performed between the two machines, as well as when the license information is updated. Therefore, when a message for transferring the license information is received by the use of the same identifier, a response message is returned without updating the license information.02-23-2012
20120005725TRANSACTIONAL SERVICES - Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.01-05-2012
20120005726TRANSACTIONAL SERVICES - Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.01-05-2012
20080271119BEHAVIORAL ADVERTISING AND CREATION OF AD-HOC MICROCOMMUNITIES THROUGH USER AUTHENTICATION - Implementations of behavioral advertisement targeting and creation of ad-hoc microcommunities through user authentication are described. In one implementation, a user is allowed to submit authentication information on a webpage associated with a third party website. For example, a user can identify himself by entering a username and password to an email account unaffiliated with the third party website. The authentication information can then be used to access a personal account associated with the user. For example, behavioral data associated with the user can be gathered from the personal account and be used to present advertisements on the webpage targeting a specific behavioral profile of the user. Alternately, the user can be presented with options to interact with information in the personal account. For example, the user may be given the opportunity to invite members of a contacts list in the personal account to visit the webpage.10-30-2008
20080307497Method And System For Preventing Malicious Code From Being Introduced Into A Protected Network - A method, system, and device for secure communications are provided, including at least one of means for configuring two or more computer devices as a single computer device; and means for separating the two or more computer devices from one or more computer networks.12-11-2008
20120047558Method And Apparatus Of Automated Discovery In A Communication Network - An automated method is provided for mutual discovery between a network entity and a client entity that cooperate for providing a service in a machine-to-machine environment. In an embodiment, the network entity receives an identifier in a communication from a server on behalf of the client entity. At some point in time, the network entity receives a communication containing the identifier from the client entity. Before or after receiving the client entity communication, the network entity discovers itself to the client entity. Some time after receiving the client entity communication, the network entity authenticates the client entity, establishes a permanent security association with the client entity, and initiates the service.02-23-2012
20120117620UNLIMITED ACCESS TO MEDIA AND APPLICATIONS OVER WIRELESS INFRASTRUCTURE - Methods, systems, and apparatus are presented for providing unlimited access to either or both of media content, such as music, and applications. A media server environment can be provided, which maintains an instance of each subscriber account, a central archive of media content, and an application catalog. Selected media content can be downloaded to, and stored locally at, a subscriber device, such as on a secure storage device. Also, selected applications can be locally installed on the subscriber device. Access to the local media content and locally installed applications can be controlled through the media server environment based on the status of the subscriber's account. If the subscriber's account becomes inactive, access to the downloaded media content and installed applications can be disabled. Once the subscriber's account is reactivated, access to the downloaded media content and applications can be restored.05-10-2012
20110167475Secure Access to Remote Resources Over a Network - A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network. When the client computer requests access to a specific resource in the remote network, the virtual private network tool will only provide the routing table with the routing information for that specific remote resource.07-07-2011
20120011566SYSTEM AND METHOD FOR SENSOR NETWORK AUTHENTICATION BASED ON XOR CHAIN - Disclosed is a method for sensor network authentication based on an XOR chain, which authenticates a transmitting node and a message in a sensor network including a central server, a plurality of transmitting nodes, and a plurality of receiving nodes, the method comprising the steps of: (a) receiving an initial key from the central server, generating a key chain from the initial key, generating a first key chain parameter sequence from the key chain, generating authentication information by XORing all the first key chain parameter sequence, and generating a second key chain parameter sequence by XORing each parameter of the first key chain parameter sequence with the authentication information, by each of the transmitting nodes; (b) transmitting first and second parameters of the same position in the first and second key chain parameter sequences of the transmitting node together with a message by the transmitting node; and (c) XORing the first and second parameters and comparing a result of the XOR operation with the authentication information, thereby authenticating the message, by the receiving node. By the method, a receiving node can authenticate a transmitting node and a message by only a small quantity of fixed operation regardless of the number of key chains.01-12-2012
20120159576METHOD, APPARATUS AND SYSTEM FOR UPDATING AUTHENTICATION, AUTHORIZATION AND ACCOUNTING SESSION - The present disclosure relates to a method, an apparatus and a system for updating an Authentication, Authorization and Accounting AAA session. The method includes: receiving an AAA session request sent by a second network access server, where the AAA session request includes a second session identifier and an ERP message; and updating a session according to the second session identifier and a stored first session identifier after successful user authentication that is performed according to the ERP message, where the first session identifier and the second session identifier correspond to the same user. As the session is updated according to the second session identifier and the stored first session identifier, synchronization of session information is ensured, thereby resolving an abnormal session problem that occurs when a home AAA server initiates a session or the network access server uses a session after re-authentication.06-21-2012
20120159575COMMUNICATION SYSTEM, COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMPUTER PROGRAM - To securely transmit content through remote access via an external network, such as a WAN, while exceeding restrictions of an RTT and a TTL.06-21-2012
20120159574METHOD AND SYSTEM FOR PROVIDING INFORMATION SHARING SERVICE FOR NETWORK ATTACKS - A system is provided to provide an information sharing service for network attacks. The system includes a service provider configured to collect and analyse information on detection and response policies to network attacks, a service registry that stores the collected information on the detection and response policies, and client terminals, each client terminal configured to request the information sharing service and search the service registry for the information on the detection and response policies.06-21-2012
20120159573SYSTEM, METHOD AND COMPUTER USABLE MEDIUM FOR RESTRICTING INTERNET ACCESS - A method of restricting internet access includes receiving an alteration of a master internet setting within an access device's registry file and monitoring an occurrence of the alteration. Then, in response to the occurrence of the alteration, the method includes restoring the master internet setting where the master internet setting does not include the alteration. An additional exemplary method further includes storing the occurrence of the alteration in an event tracking database. In another exemplary method, the master internet setting includes a ProxyEnable setting and an AutoConfigURL setting. In another exemplary method, the ProxyEnable setting value is zero and the AutoConfigURL setting value is null. Yet another exemplary method, the access device is coupled to a computer network.06-21-2012
20120159572COLLABORATIVE RULES BASED SECURITY - A cloud computing security system. An access manager module includes first and second client profiles. The first client profile has a first set of rules enabling access to a first set of cloud computing system resources, and the second client profile has a second set of rules enabling access to a second set of cloud computing system resources. A security logic module is in communication with the access manager module. The security logic module is configured to receive an access request for access to one of the first and second sets of cloud computing system resources. Responsive to determining that the access request complies with at least one of the first set of rules and the second set of rules, the security logic module is configured to provide an access grant that grants access to at least one of the first and second sets of cloud computing system resources.06-21-2012
20120017265VALIDATING PACKETS IN NETWORK COMMUNICATIONS - A method for validating packets in network communications includes receiving, at networking hardware of a device, a packet communicated from another device over a network; intercepting, by virtual dispersive routing (VDR) software loaded on the device, the packet as it is passed from the networking hardware; determining, by the VDR software, that a destination address of the packet corresponds to an address associated with the device; and determining, by the VDR software, using a virtual machine for a network connection that virtualizes network capabilities of the device, that the packet belongs to a valid application running on the device.01-19-2012
20120017264LOCATION-AWARE SECURITY AND ACCESS SYSTEM - An invention is afforded for providing security for a protected network resource. The system includes a network access apparatus in communication with a receiver that receives signals from a remote source. The network access apparatus is capable of collecting current microprint data for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, forty-five seconds. The system also includes an authentication computer in communication with the network access apparatus. The authentication computer has access to an LSDF for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, a twenty-four hour period of time. In operation the network access apparatus provides current microprint data for the receiver to the authentication computer, and the authentication computer compares the current microprint data to the LSDF for the receiver to authenticate an access request.01-19-2012
20120023552METHOD FOR DETECTION OF A ROGUE WIRELESS ACCESS POINT - A method for processing a packet is described herein. The packet is received by a network device of a wired network. The packet is filtered if a field in the packet matches a marker designated for indicating a path of the packet includes a rogue access point (AP). Upon filtering, a location on the wired network is determined. The location connects the wired network to a rogue AP from which the packet was received.01-26-2012
20120023551INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM - An information processing system includes an external system having an external server managing public information, and an internal system having an internal server managing secure information and a terminal outputting information. The external server sends an information generating module to the terminal at an acquisition request source, and the terminal executes the received information generating module, in order to generate information to be provided, using the public information acquired from the external server and the secure information acquired from the internal sever.01-26-2012
20120023550Method and System for Policy Enforcement in Trusted Ad Hoc Networks - A non-transitory computer-readable storage medium storing a set of instructions executable by a processor. The set of instructions is operable to receive a request from a node to join a trusted ad hoc network. The set of instructions is further operable to authenticate the node to join the trusted ad hoc network. The authentication is performed based on a verification that the node will comply with a security policy of the trusted ad hoc network. The set of instructions is further operable to send, to the node, a verification that the trusted ad hoc network complies with the security policy. The set of instructions is further operable to add the node to the trusted ad hoc network.01-26-2012
20120060205METHOD AND SYSTEM FOR STATION SWITCHING WHEN WIRELESS TERMINAL POINT COMPLETES WPI IN CONVERGENT WLAN - The invention involves a method and a system for station (STA) switching when a wireless terminal point (WTP) completes wireless local area network (WLAN) privacy infrastructure (WPI) in a convergent WLAN. The method includes steps as follows. The STA implements re-association rebinding process with a target access controller (AC) over a target WTP. A base key is requested by the target AC from an associated AC. An associated WTP is informed to delete the STA by the associated AC, and the target WTP is informed to add the STA by the target AC. A session key is negotiated based on the requested base key by the STA and the target AC, and is synchronized between the target AC and the target WTP. The method enables fast and safe switching of the STA between WTPs under the control of different controllers in the convergent WLAN based on WAPI protocol.03-08-2012
20120060204Methods and Apparatus for Scalable Secure Remote Desktop Access - The invention provides scalable, secure, and easily administerable methods and systems for providing remote access to networked resources by combing aspects of physical access limitation measures with traditional computer access limitation measures. The methods and systems utilize an enrollment administration system for specifying enrollment rules, an enrollment system configured to communicate with the enrollment administration system to permit enrolling a first networked resource if permitted by specified enrollment rules, and a remote access system for granting a user remote access to the first networked resource if the user successfully enrolled the first networked resource.03-08-2012
20120060203LOGICAL UNIT NUMBER MANAGEMENT DEVICE, LOGICAL UNIT NUMBER MANAGEMENT METHOD, AND PROGRAM THEREFOR - A logical unit number management device includes: an access processing unit that performs information processing with access objects by using logical unit numbers for identifying logical identification information; a logical unit number management table storage unit that stores a logical unit number management table storing a corresponding relationship between the logical identification information and the logical unit numbers; a logical unit number management table changing unit that changes the corresponding relationship based on an external change request; a change completion reporting unit that reports change completion to the access processing unit when the logical unit number management table has been changed in accordance with the change request; and an access control unit that controls an access to the access object indicated by the logical identification information corresponding to one of the logical unit numbers after a report of the change completion.03-08-2012
20120159571METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATING AN ENTITY THROUGH USE OF A GLOBAL IDENTITY OF THE ENTITY THAT SERVES AS A PROXY FOR ONE OR MORE LOCAL IDENTITIES OF THE ENTITY - A method of authenticating an entity includes associating a local identity of the entity with a global identity of the entity, the local identity being associated with a first one of a plurality of restricted access zones, associating the global identity of the entity with particular ones of the plurality of restricted access zones for granting access to the particular ones of the plurality of restricted access zones, receiving an authentication request from the entity to access a second one of the plurality of access zones where the authentication request includes the local identity of the entity, and authenticating the entity for access to the second one of the plurality of access zones responsive to receiving the authentication request when the second one of the plurality of restricted access zones is one of the particular ones of the plurality of restricted access zones that are associated with the global identity of the entity,06-21-2012
20120210397METHOD AND SYSTEM FOR MANAGING SECURITY IN MOBILE COMMUNICATION SYSTEM - A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).08-16-2012
20120079564METHOD AND APPARATUS FOR PERFORMING AN AUTHENTICATION AFTER CIPHER OPERATION IN A NETWORK PROCESSOR - A method and apparatus is described for processing of network data packets by a network processor having cipher processing cores and authentication processing cores which operate on data within the network data packets, in order to provide a one-pass ciphering and authentication processing of the network data packets.03-29-2012
20090172779MANAGEMENT OF SPLIT AUDIO/VIDEO STREAMS - Described herein is a method that includes receiving multiple requests for access to an exposed media object, wherein the exposed media object represents a live media stream that is being generated by a media source. The method also includes receiving data associated with each entity that provided a request, and determining, for each entity, whether the entities that provided the request are authorized to access the media stream based at least in part upon the received data and splitting the media stream into multiple media streams, wherein a number of media streams corresponds to a number of authorized entities. The method also includes automatically applying at least one policy to at least one of the split media streams based at least in part upon the received data.07-02-2009
20110107399AUTHENTICATION TECHNIQUES - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner.05-05-2011
20110107398SYSTEM AND METHOD FOR TRANSPARENT ACCESS AND MANAGEMENT OF USER ACCESSIBLE CLOUD ASSETS - System and method for enabling user access of cloud assets are described. In one embodiment, a method comprises authenticating a user to a system comprising a cloud computing environment in which a plurality of cloud assets are hosted; assembling a deployment associated with the authenticated user in accordance with a policy, the deployment comprising designated ones of the cloud assets; and providing a secure mechanism by which the designated ones of the cloud assets comprising the deployment are accessible by the authenticated user.05-05-2011
20120151559Threat Detection in a Data Processing System - A mechanism is provided for resolving a detected threat. A request is received from a requester to form a received request, statistics associated with the received request are extracted to form extracted statistics, rules validation is performed for the received request using the extracted statistics, and a determination is made as to whether the request is a threat. Responsive to a determination that the request is a threat, the requester is escalated using escalation increments, where the using escalation increments further comprises increasing user identity and validation requirements through one of percolate to a next user level or direct entry to a user level.06-14-2012
20120317617CROSS DOMAIN NOTIFICATION - A method for a mobile communication device to indicate activity associated with an operating domain includes establishing a plurality of operating domains for the mobile communication device each operating as an independent virtual machine. The method also includes providing a trusted indicator at the mobile communication device for indicating activity associated with a high-side domain. The method also includes providing an input on the mobile communication device for switching from a low-side domain to the high-side domain. The method also includes providing a trusted element for the mobile communication device that is independent of either the high-side domain or the low-side domain. The trusted element may be configured to receive a signal from the input for switching from the low-side domain to the high-side domain and to perform user authentication for switching from the low-side domain to the high-side domain.12-13-2012
20100095352Message Service Indication System and Method - Systems and methods for displaying messages to a user, the messages having different levels of security, are provided herein. One method of displaying to a user messages having different levels of security includes receiving a message over a network includes examining an attribute of the message to determine a security-related level associated with the message. A visual indication for display to a device user is generated by the device. Such visual indication is indicative of the determined security-related level, and is configured to be visible during scrolling through a majority of the message text.04-15-2010
20100095351METHOD, DEVICE FOR IDENTIFYING SERVICE FLOWS AND METHOD, SYSTEM FOR PROTECTING AGAINST DENY OF SERVICE ATTACK - A method, device for identifying service flows and a method, system for protecting against a denial of service attack are provided. The method for identifying service flows includes: detecting a user access to a target system; dynamically generating a set of user identifier information according to the detected user access to the target system and a preset user access statistical model; when the service flow needs to be identified, extracting the user identifier information from the service flow; comparing the extracted user identifier information with the user identifier information in the set of user identifier information to determine whether they are matched; determining whether the service flow is legal service flow according to the comparison result.04-15-2010
20100095350UNIVERSALLY USABLE HUMAN-INTERACTION PROOF - Disclosed is a system and method for generating a universally usable, completely automated public turing test to tell a computer and a human apart (CAPTCHA). The universally usable CAPTCHA uses contextually related pictures and sounds to present concepts to a user. The pictures allow the CAPTCHA to be used by someone who could see, and the audio would allow the CAPTCHA to be used by someone who could not see. This combination of sound and images should make the CAPTCHA more universally usable for a larger population of users than previously known CAPTCHAs.04-15-2010
20110099607METHOD OF AUTHENTICATING AND BRANDING EMAILS AND OTHER MESSAGES USING INFORMATION AVAILABLE IN A MESSAGE LIST - Disclosed are systems, methods, networks, and computer programs for messaging. In some cases a receiving system receives certain message data which was slated to be presented in a message list to a receiving user, including a sending system contact indicator. In some cases, the receiving system uses the sending system contact indicator in determining where to send a message authentication request in order to reach the system which presumably sent the message. In some cases, the request preferably includes sufficient message identifying information from the received message data for the system which receives the request to find a match among sent messages, provided that the system which received the request had in fact sent the message. In some cases, the system which received the request provides a response to the request which reflects the matching outcome.04-28-2011
20110099606APPARATUS AND METHOD FOR CONNECTING WITH ACCESS POINT IN MOBILE TERMINAL - An apparatus and a method for simplifying a connection process with an Access Point (AP) in a mobile terminal are provided. More particularly, an apparatus and a method for simplifying a connection process with a peripheral apparatus by registering in advance information regarding the peripheral apparatus that performs an AP function to search for only the registered peripheral apparatus, and for performing a security access to the peripheral apparatus without a separate operation in a mobile terminal are provided. The mobile terminal includes an AP searching unit. The AP searching unit stores and registers information regarding APs to be connected, and searches for only the registered APs to perform a security access.04-28-2011
20110099605SYSTEM OF MULTIPLE DOMAINS AND DOMAIN OWNERSHIP - Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies.04-28-2011
20090133101SECURE FILE TRANSFER METHOD - An on-board telecommunication system, partitioned into a secure area and a non secure area, including at least a first telecommunication equipment unit in the secure area, a second telecommunication equipment unit in the non secure area, and a first one-way link from the first to the second equipment. The first equipment unit is configured to transmit data on the first link according to a first protocol. The system further includes a second link from the second to the first equipment unit, in accordance with a second protocol, the first two layers of which are distinct of those of the first protocol, the second equipment configured to transmit data on the second link as messages in accordance with the first protocol and encapsulated in frames in accordance with the second protocol.05-21-2009
20090133100ACCESS CONTROL ON DYNAMICALLY INSTANTIATED PORTAL APPLICATIONS - The present invention relates to a method and system for controlling access rights to dynamically instantiated portal applications in a portal environment, wherein new instances of a portal application and respective access control information on resources used in the application are generated dynamically from an automated programmed mechanism, and wherein a user-application role mapping is demanded for the portal application by a respective runtime access control function implemented at the portal environment. The method includes: assigning an individual user-to-application role mapping to a respective individual one of the created instances of the portal application, wherein for each incoming user request to one of the created instances the runtime access control function checks a target application instance identifier, which identifies an individual application instance desired to be addressed by the incoming request; and granting access rights to incoming user requests according to the application roles as they are defined for the target application instance.05-21-2009
20120124644Input to Locked Computing Device - The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.05-17-2012
20120124646Method and Apparatus for Authenticating Online Transactions Using a Browser - A computer-implemented method for authenticating a user using a service provider server and an authentication server, the user communicating with at least one of the service provider server and the authentication server using a user browser. The method includes requesting, using the user browser, the authenticating with the service provider server. The method also includes authenticating, using the user browser, a secure communication channel with the authentication server. The method also includes receiving, using the user browser, a Next Pre-Authentication Anchor (NPAA) value from the authentication server. The method additionally includes temporarily storing the Next Pre-Authentication Anchor (NPAA) value in a user browser cookie associated with the user browser, wherein the Next Pre-Authentication Anchor (NPAA) value is protected by employing Same Origin Policy (SOP).05-17-2012
20120167174TRUSTED EMAIL SENDER INDICATORS - In embodiments of trusted email sender indicators, email messages are received for distribution, and validation techniques can be applied to determine whether a sender of an email message is trusted. If the sender of the email message is determined to be trusted, a trusted sender indicator can be associated with the email message for display with the email message. The trusted sender indicator indicates that the email message is from a trusted sender, such as when the trusted sender indicator is displayed along with the email message at a recipient client device.06-28-2012
20120167175MOBILE TERMINAL, SERVER, AND METHOD FOR PROVIDING CONTENT INFORMATION - A mobile terminal includes a communication unit to perform Wi-Fi communication in a Wi-Fi zone of an access point, an authentication unit to perform or request authentication using Media Access Control (MAC) address information of the mobile terminal if the mobile terminal enters the Wi-Fi zone, and a control unit to receive content information allowed according to the authentication result through the communication unit when the mobile terminal is authenticated by the authentication unit.06-28-2012
20110126264SYSTEM AND METHOD FOR PROVIDING A SECURE NETWORK ON ANOTHER SECURE NETWORK - The present invention provides a system and method for providing a closed or secure network” on another closed or secure network. The system enables linking at least one acquirer network operating a closed network to at least one operator by a central server. The acquirer network includes one or more terminals and optionally an acquirer server. The central server is linked to the acquirer network and to the operator. The central server is configurable to communicate with at least a subset of the one or more terminals, and also with the operator, and to establish one or more serve; communication links between the operator and the one or more terminals. The central server acts as a trusted intermediary between the acquirer network and the operator for enabling the operator to communicate with the one or more terminals via the closed acquirer network.05-26-2011
20120222089NETWORK TOPOLOGY AIDED BY SMART AGENT DOWNLOAD - A system, method, and apparatus for a network topology aided by a smart agent download are disclosed. The method involves authenticating, with at least one authenticator device, at least one claimant. The method further involves transmitting, by at least one transmission source, the smart agent download to at least one receiving source associated with at least one claimant. In one or more embodiments, at least one transmission source is employed in a Lower Earth Orbiting (LEO) Iridium satellite. Also, the method involves receiving, by at least one receiving source, the smart agent download. In addition, the method involves executing, by at least one processor, the smart agent download. Further, the method involves monitoring, by the smart agent download, network behavior. The monitoring of network behavior includes monitoring the users on the network, monitoring data passing through the network, and monitoring the quantity of data passing through the network.08-30-2012
20120222091METHODS AND APPARATUS FOR USE IN A GENERIC BOOTSTRAPPING ARCHITECTURE - According to an aspect of the present invention there is provided a method of obtaining authentication information for use in a Generic Bootstrapping Architecture, GBA, employed in a network with one or more GBA-capable subscriber registers and one or more GBA-incapable subscriber registers. The method involves a selection function for determining whether the authentication information of a subscriber is stored at a GBA-capable subscriber register or at a GBA-incapable subscriber register, and an inter working function for translating between the Diameter messages of the Zh interface and the MAP messages of the Zh′ interface.08-30-2012
20120317616NODE DEVICE AND METHOD TO PREVENT OVERFLOW OF PENDING INTEREST TABLE IN NAME BASED NETWORK SYSTEM - A node device and method are described to prevent overflow of a pending interest table (PIT). When excessive request messages are received through a particular interface, the node device and method transmits a traffic control message to control a transmission interval of the request messages, which are transmitted to a corresponding interface.12-13-2012
20120317615USE OF USER LOCATION INFORMATION FOR REMOTE ACTIONS - Architecture that provides location broker services which share the user location with other parties (e.g., based on user consent). Stationary computing devices can also determine the location of the user operator and interact accordingly. In one embodiment, the user location is retrieved from the user mobile device (e.g., smart phone) and is transmitted to other mobile or non-mobile devices with which the user interacts. Moreover, existing infrastructure and systems can be employed using a device driver that emulates the user location so that any software that uses the location services does not need modification.12-13-2012
20120317618METHOD AND SYSTEM FOR MANAGING DELAYED USER AUTHENTICATION - A system and methods for coordinating the operation of a client security module and a host security module on a mobile electronic device. The modules communicate with each other through a platform abstraction layer using application programming interfaces to coordinate their activities. In particular, on start-up of the device, the host security module obtains user authorization input from a user and passes the input to a client operating system for validation. Once validated, the host security module unlocks the host-side of the device. At the same time, the client operating system sends a notice or request to the client-side virtual machine requesting that the client-side be unlocked. Once the virtual machine is initialized and available it launches the client security module and unlocks the client-side. During the delay while the virtual machine loads, the user is given access only to the host applications.12-13-2012
20120131638PROCESSING PERFORMANCE OF REPEATED DEVICE COMPLIANCE UPDATE MESSAGES - A message comprising an indication of a management key block and an indication of an authorization table is received at a first network device from a second network device. The indication of the management key block, the indication of the authorization table, and a response message generated based on validating the indication of the management key block and the indication of the authorization table are stored. A second message comprising a second indication of the management key block and a second indication of the authorization table is received at the first network device from the second network device. The first network device communicates with the second network device in accordance with the stored response associated with the first message on determining that the second indication management key block and the second indication of the authorization table match corresponding stored indications of the management key block and the authorization table.05-24-2012
20120131640ENABLING PRESENCE INFORMATION ACCESS AND AUTHORIZATION FOR HOME NETWORK TELEPHONY - In a first embodiment of the present invention, a method for operating a presence server in a home network is provided, the method comprising: receiving a request for presence information; sending an event notification to all subscribed control points informing them of the request for presence information; receiving an action from one of the subscribed control points accepting or rejecting the request for presence information; and if the action received from the one of the subscribed control points accepts the request for presence information, causing presence information regarding the one of the subscribed control points to be sent to the entity that sent the request for presence information.05-24-2012
20120131639SESSION REDUNDANCY AMONG A SERVER CLUSTER - Systems and methods are provided for providing redundancy and failover for servers communicating via an authentication protocol. Mirroring is initiated at the beginning of a Diameter application session by an enhanced Diameter server, which continuously provides updates of the Diameter session to one or more peer Diameter mirror servers and thereby maintains an active mirror of the session.05-24-2012
20120167177METHOD CLIENT AND SYSTEM FOR AUTHENTICATION OF A LOW-SECURITY CLIENT AND A HIGH-SECURITY CLIENT IN A MOBILE RADIO NETWORK - A method for authentication of a high-security client and a low-security client in a high-security mobile radio network includes: transmitting a request for authentication from a base station to the high-security client, wherein the request for authentication comprises a random number as a challenge; receiving a response from the high-security client at the base station, wherein the response from the high-security client comprises a generated number generated by performing a keyed cryptographic function on the challenge; providing a fixed number to the low-security client; and receiving a response from the low-security client at the base station, wherein the response from the low-security client comprises the fixed number. Limited access to the mobile radio network is granted for the low-security client relative to an access of the high-security client.06-28-2012
20120131644Mobile IPv6 authentication and authorization baseline - The invention consists of an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated. 05-24-2012
20120131642Identity management trust establishment method, identity provider and service provider - A method for establishing an identity management trust, and an IDentification Provider (IDP) and a Service Provider (SP) are provided in the present disclosure. The method comprises: after receiving an access from a user, an SP determines whether an IDP to which the user attaches is located in a trust domain of the SP (S05-24-2012
20120216254Scalable Distributed Web-Based Authentication - Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol.08-23-2012
20120216253On-Line Membership Verification Utilizing An Associated Organization Certificate - A system and method is presented for providing verification of specified credentials to an independent person (a third party, that is, a user of a purported member's website) through the utilization of an “organization certificate” (OC) in combination with a “membership certificate” (MC), with the field structure of the OC limiting the type of information that can be certified by the issuing organization. The set of fields in the OC is defined as associated with a particular type of organization, where any extraneous information will not be permitted to form part of a legitimate membership certificate (hereinafter “MC”). The use of specific field descriptions thus assumes that any field appearing in an MC that does not have a corresponding tag in the OC will cause the MC to be flagged as invalid by the user's browser extension during the verification process.08-23-2012
20120216252SYSTEMS AND METHODS FOR AUTHENTICATING DEVICES IN A SENSOR-WEB NETWORK - There is provided a method for distributing sensor data. The method includes receiving, from a requesting device, a request to access first sensor-collectable data associated with at least one package. The requesting device is authenticated to access the first sensor-collectable data. And when second sensor-collectable data is associated with a predetermined value, the method also includes denying the request for access.08-23-2012
20120216256System, Method And Apparatus For Providing Multiple Access Modes In A Data Communications Network - A system, method and apparatus for providing multiple access modes in a data communications network includes a network access device having a plurality of input ports, a plurality of output ports, and a switching fabric for routing data received on the plurality of input ports to at least one of the plurality of output ports. Control logic within the network access device is adapted to determine whether a user device coupled to one of the plurality of input ports supports a user authentication protocol used by a host network. If the user authentication protocol is not supported, then the input port to which the network access device is coupled is placed in a semi-authorized access state that limits access to a pre-configured network accessible via the host network.08-23-2012
20120137345SYSTEM AND METHOD FOR CYBER OBJECT PROTECTION USING VARIABLE CYBER COORDINATES (VCC) - A method, system, and computer program product for cyber protection using variable cyber coordinates (VCC), including a variable cyber coordinates (VCC) controller unit configured to generate cyber coordinates based on a VCC protocol for respective control circuits (CC) of one or more protected routers; and the VCC controller unit configured to communicate the generated cyber coordinates to the protected routers with or without encryption and/or authentication. At a predetermined time interval or based on a command from the VCC controller unit, the routers and their respective control units (CU) are configured to change their cyber coordinates together or separately, to cyber coordinates newly generated by the VCC controller unit according to the VCC protocol.05-31-2012
20110185398ACCESS CONTROL SYSTEM AND ACCESS CONTROL METHOD - A system including a providing unit that provides a virtual-desktop-service selected on the basis of an identification information acquired from the terminal apparatus, and sends a message that includes an address of the providing unit and an address of an application program booted by a process of the virtual-desktop-service, a storage unit that stores the identification information associated with the address of the providing unit and an access control information associated with a set of a identification information and an address of an application program, and a relay unit that receives a message sent by the providing unit, acquires an identification information associated with a source address included in the received message, acquires an access control information associated with a set of the acquired identification information and a destination address included in the received message, and controls relaying the message depending on the acquired access control information.07-28-2011
20110185397Method And Apparatus For Securing Wireless Relay Nodes - In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process.07-28-2011
20120137344SYSTEMS AND METHODS FOR RESETTING A NETWORK DEVICE - A network device includes a data store with first and second parameters, the first parameter affecting a communication operation of the network device and the second parameter affecting a security operation of the network device. A device reset function enables a user to selectively and independently refresh the first and second parameters. For example, a Session Initiation Protocol (SIP) device user can restore a default communications configuration of the SIP device while preserving the device decryption key.05-31-2012
20120216251SECURITY RESTRUCTURING FOR WEB MEDIA - User input to a web service including content from one or more media providers is subjected to a security analysis based on extracting whitelisted attributes and/or properties, the extracted attributes/properties validated, a template selected based on a source of the content, and a secure embedded code generated based on the whitelisted attributes/properties if the source is also a whitelisted source. The generated secure embedded code may then be provided as content by the web service.08-23-2012
20100175110PROTECTING A NETWORK FROM UNAUTHORIZED ACCESS - A system to dynamically protect access to a first network receives a data unit containing a source address indicating a source of the data unit. The source address is matched with information stored in the system, and entry of the data unit to the first network is enabled or denied based on the matching. It is determined whether the data unit contains an identifier of a codec type that matches a stored codec type, and occurrence of an attack of the first network is indicated in response to determining that the identifier is of a codec type that does not match the stored codec type.07-08-2010
20100175109ROUTE OPTIMISATION FOR PROXY MOBILE IP - A method of establishing a route optimisation mode between a mobile node and a correspondent node across a mobile IP network. The method comprises establishing a bi-directional security association between a proxy mobile agent to which the mobile node is attached or to which the mobile node will attach, and the correspondent node. On behalf of the mobile node, the proxy mobile agent performs a reachability test with the correspondent node via a home agent of the mobile node, and sends a binding update to the correspondent node.07-08-2010
20120222088Method and Apparatus for Implementing Communication of Stand-Alone Software - The present disclosure discloses a method and apparatus for implementing communication of stand-alone software applications. In one aspect, a method for implementing communication of stand-along software applications comprises: establishing an instant communication connection between a first user device and a second user device by a first instant communication client on the first user device and a second instant communication client on the second user device, the first user device and the second user device being remote from each other; and communicating, by a first stand-alone software application on the first user device, with a second stand-alone software application on the second user device via the instant communication connection.08-30-2012
20120174190System and Methods for Network Authentication - Exemplary systems and methods for network authentication are provided. Exemplary systems include an application program interface configured for receiving a request for an authentication code, a code generator in communication with the application program interface, the code generator configured to generate the authentication code, and the application program interface further configured to receive the generated authentication code and allow an application to communicate digital data with a web-based social network. Further systems include the generated authentication code being received from a network device without an Internet browser and the received generated authentication code allowing an application to communicate digital data with a web-based social network for an extended period of time. Exemplary methods include receiving a request for an authentication code, generating the authentication code, receiving the generated authentication code, and allowing an application to communicate digital data with a web-based social network.07-05-2012
20120174189SYSTEM AND METHOD FOR MANAGING OTA PROVISIONING APPLICATIONS THROUGH USE OF PROFILES AND DATA PREPARATION - A method using a non-transitory processor for providing an application product including receiving an application profile, a key profile, a secure element (SE) profile, and a mobile terminal profile; establishing a link between the received profiles, in which the link is established for assembling the application product; and applying a limitation to the application product, in which the applied limitation determines whether the application product is accessible to a user. A method using a non-transitory processor for data preparation in a Trusted Service Manager (TSM) including receiving data from a service provider, in which the received data is in a Data Grouping Identifier (DGI) format or a raw data format; and processing the data using at least one of a logical data preparation and a physical data preparation.07-05-2012
20100299722Secure Content Delivery System - A secure streaming content delivery system provides a plurality of content servers connected to a network that host customer content that can be cached and/or stored, e.g., images, video, text, and/or software. The content servers respond to requests for customer content from users. The invention load balances user requests for cached customer content to the appropriate content server. A user makes a request to a customer's server/authorization server for delivery of the customer's content. The authorization server checks if the user is authorized to view the requested content. If the user is authorized, then the authorization server generates a hash value using the authorization server's secret key, the current time, a time-to-live value, and any other information that the customer has configured, and embeds it into the URL which is passed to the user. A content server receives a URL request from the user for customer content cached on the content server. The request is verified by the content server creating its own hash value using the customer server's secret key, the current time, a time-to-live value, and any other related information configured for the customer. If the hash value from the URL matches the content server's generated hash value, then the user's request is valid and within the expiration time period and the content server delivers the requested content to the user.11-25-2010
20100299721Security management program, security management method, and portable terminal device - A security management program stored in a computer-readable recording medium causes a computer to perform the following steps (1) to (4). (1) A security manager authenticates an authentication target with a prepared authentication method in response to a login request from the authentication target. (2) An application execution unit outputs an authentication request in response to an application execution request which is output from the security manager after the authentication succeeds. (3) A database access unit authenticates the authentication target with the authentication method in response to the authentication request. (4) In response to a database access request from the application execution unit, the database access unit accesses a database in a portable terminal device depending on the authentication performed by the database access unit.11-25-2010
20100299720METHOD AND APPARATUS FOR CONVENIENT CONNECTING AND DISCONNECTING OF INTERNET FROM A COMPUTER - The present invention discloses a convenient method for easily disconnecting and connecting internet to/from a computer. Instead of plugging and unplugging the physical cable that connects to the internet, a facility is invented to conveniently connect and disconnect internet using a switch on an internet cable or a convenient switch on the keyboard or monitor/display or the computer housing/box itself. Instead of pressing a switch, a key or swipe card can be used to activate the switch. Alternately the internet connection can be activated by opening a browser. The invention can be integrated into the browser to disable the internet connection during periods of inactivity. The key or swipe card can additionally be used to implement access restrictions, for instance controlling hours of access or disallowed sites for a child.11-25-2010
20120254944METHOD AND APPARATUS FOR PROVIDING SECURE REMOTE ACCESS TO ENTERPRISE NETWORKS - The invention includes a method and apparatus for providing secure remote access to enterprise networks. An apparatus includes a network interface module adapted for maintaining a secure network connection with a network device independent of a power state of a host computer associated with the apparatus a storage module for storing information associated with the secure connection, and a processor coupled to the network interface and the memory where the processor is adapted for automatically initiating the secure connection without user interaction.10-04-2012
20110191824METHOD FOR PROVIDING CONTENTS DATA USING WIRELESS COMMUNICATION DEVICE AND NAVIGATION DEVICE PERFORMING THE SAME - A method of providing content information using a wireless communication device and a navigation device of performing the method are disclosed. The navigation device may comprise a terminal searching unit that searches a wireless communication terminal that may perform near field wireless communication in response to a content information providing request, a terminal authenticating unit that performs terminal authentication on whether the searched wireless communication terminal has been subscribing for a content providing service, and a content information displaying unit that, if it is identified that the wireless communication terminal is a terminal subscribing for the content providing service, receives content information from the wireless communication terminal and displays the content information on a display.08-04-2011
20110191821CONTROLLED USE MEDICAL APPLICATION - In an example, a client application can be implemented, including controlling access of a medical application to a client operating system resource; receiving medical data according to a first medical standard, and providing information to the medical application using the received medical data.08-04-2011
20100050236QUALITY ASSURED ANALYTICAL TESTING SYSTEM AND METHOD THEREOF - A system and method for quality assured analytical testing is disclosed. A user is prompted by the system questions which relate to an analytical test to be conducted or an analytical instrument to be employed. Input received by the system from the user is evaluated to determine to which degree the inputs are correct. The user is certified if the determined degree is above a preset threshold. Next, the user is prompted by the system for a user identification and if the user is a certified user, access is provided to a testing routine of the analytical instrument.02-25-2010
20100050235METHODS AND APPARATUS FOR REDUCING THE EFFECTIVENESS OF CHOSEN LOCATION ATTACKS IN A PEER-TO-PEER OVERLAY NETWORK - Methods and apparatus for reducing the effectiveness of chosen location attacks in a peer-to-peer overlay network. A method includes determining that new node identifiers are to be generated for a plurality of nodes in the network, inputting parameters to a hash function to generate a selected node identifier, and adopting a location in the network associated with the selected node identifier. Another method includes receiving a node identifier associated with a selected node, inputting parameters associated with the selected node to a hash function to generate a corresponding node identifier, comparing the node identifier with the corresponding node identifier, and determining that the selected node is a potential attacker if the node identifiers do not match. Another method includes detecting responsibility for initiating an update to one or more node identifiers, generating parameters to generate the node identifiers, and transmitting the parameters on the network.02-25-2010
20100050234Provision of Access Information in a Communication Network - A method and apparatus for providing user access information to a Home Subscriber Server (HSS) in an IP Multimedia Subsystem (IMS) network. A User Equipment transmits to a Call Session Control Function (CSCF), a message containing a P-Access-Network-Info (PANI) header. The CSCF or an Application Server then sends user access information retrieved from the PANI header to the HSS, which stores the information. The stored information can be used to control access to the IMS network based on the access network being utilized or the user location.02-25-2010
20120260310SYSTEM AND METHOD FOR APPLYING AUTHENTICATION AND SECURITY POLICIES IN A SIP ENVIRONMENT - The present disclosure provides a system and method for applying authentication and security policies in a SIP environment. In accordance with one embodiment, there is provided a method for use on a SIP server, comprising: establishing a persistent connection with a user agent (UA); initiating an idle connection timeout countdown timer; performing authentication of an initial REGISTER request using a first level of authentication; and terminating the persistent connection when the initial REGISTER request is not validated before expiry of the idle connection timeout countdown timer.10-11-2012
20120260309System for Managing Real Time Ad-Hoc Service Relationships Between Services and Network Attached Client Devices - A system comprising network based servers and a data management system providing a unified method for managing real time ad-hoc service relationships between service providers and network attached devices connected directly to the network or attached to a network attached premises gateway. Functions of a system include device/gateway network address discovery, transaction and access security, access permissions between elements in a service network and tracking of transactions between network elements.10-11-2012
20120260312DYNAMIC APPLICATION CHARGING IDENTIFICATION - The present invention relates to a solution for handling charging and statistics of use of applications in a wireless communication network (10-11-2012
20090113521Private network access using IPv6 tunneling - A connection to a private network may use an IPv6 tunneling client to connect to a corresponding IPv6 tunneling router at the edge of the private network. The client may be configured to automatically establish a tunneling connection and may have a routing table for routing IPv6 addresses for hosts within the private network through the tunneling connection. The client may be connected to an IPv4 or IPv6 connection outside the private network. The connection between the IPv6 tunneling client and IPv6 tunneling router may be an authenticated and secure connection.04-30-2009
20120180109Object Model for Domain-Based Content Mobility - In embodiments of an object model for domain-based content mobility, a client object model architecture (07-12-2012
20120180110Data Communication Authentication System and Method - A data communication authentication system (07-12-2012
20120180108METHODS AND SYSTEMS FOR PROVIDING A DISCUSSION THREAD TO KEY PERFORMANCE INDICATOR INFORMATION - Systems and methods for providing a discussion thread to key performance indicator information displayed on a dashboard are disclosed. The system may include a renderer for rendering a dashboard displaying a key performance indicator value corresponding to at least one business value. The system may also include a comment module that is configured to: receive a comment corresponding to the displayed key performance indicator value, and generate a discussion thread including the received comment. The generated dashboard can then be rendered by the renderer in association with the displayed key performance indicator value. In some cases, the discussion thread can include a plurality of related comments.07-12-2012
20120180107GROUP-ASSOCIATED CONTENT RECOMMENDATION - A method of generating content recommendations to groups of users is provided. The method includes establishing a group, determining group-associated characteristics, where such characteristics include preferences independent of any merging, intersection or other combination of individual preferences of the group members, and providing content recommendations to the group based on the group-associated characteristics.07-12-2012
20100031319Secure messaging using caller identification - A method of securing an electronic message from a sender to a recipient comprising the step of restricting access to content of message at a recipient terminal unless an session is opened by transmission of a signal from equipment of the recipient via a second communication channel.02-04-2010
20100011414MANAGING LOGICAL SOCKETS - Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations.01-14-2010
20090055898PANA for Roaming Wi-Fi Access in Fixed Network Architectures - A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.02-26-2009
20120185919METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR OPERATING A COMMUNICATIONS NETWORK WITH ENHANCED SECURITY - A communications system includes a plurality of patch panels having a plurality of connector ports connected to individual communication channels, a switch that provides access to multiple networks via one or more switch ports, a system manager that controls interconnections between the patch panels and the switch, and a plurality of patch cords configured to selectively interconnect patch panel connector ports. The system manager is configured to receive a request to connect an individual communication channel to a specific network, to identify which patch panel connector ports are required to be patched together via one or more patch cords in order to establish a circuit to the requested network, and to enable a switch port to activate the circuit. The system manager is configured to monitor connectivity of a circuit and to park a switch port associated with the circuit in response to detecting a change in circuit connectivity.07-19-2012
20120185918PROVISIONING OF E-MAIL SETTINGS FOR A MOBILE TERMINAL - Method and apparatus for provisioning an e-mail service to a mobile terminal in an e-mail system that uses e-mail addresses comprising a domain part. The apparatus maintains a list of good setting parameter sets versus e-mail domain parts. It receives an e-mail address and user authentication information from a user and compares the domain part of the received address with domain parts in the list of good parameter sets. If a match is found, e-mail service is provisioned with the matching parameter set. If no match is found, the apparatus requests and receives further parameters from the user, including an e-mail server address, and provisions the e-mail service with the further parameters. If the provisioning with the further parameters is successful, the domain part and the further parameters are used to generate a new setting parameter set in the list of good setting parameter sets.07-19-2012
20100293596METHOD OF AUTOMATICALLY DEFINING AND MONITORING INTERNAL NETWORK CONNECTIONS - A method of defining network connection policies, deploying the network connection policies and monitoring all network connections, including an automated real-time analysis and intercepting all connections, and determining whether those network connections are private access connections, or public access connections. If the public access connections are unauthorized, terminating the public access connections in communications port for authorized connections.11-18-2010
20120185917SECURITY EXTENSIONS USING AT LEAST A PORTION OF LAYER 2 INFORMATION OR BITS IN THE PLACE OF LAYER 2 INFORMATION - Information applied to a packet at an ingress port of a network may be used for enhancing security. The information applied to a packet may be “context information” which replaces at least some bits of layer 07-19-2012
20120084836Providing access levels to services based on mobile device security state - A mobile device's level of access to services provided by a service provider is based on a current security state assessment of the mobile device. Mobile devices are granted different access levels to services based on the security state of the device. A security component can assess the current security state of the mobile device by processing security data generated by the mobile device. In a specific embodiment, the security component is at the mobile device. In another specific embodiment, the security component is at a server.04-05-2012
20120084835Launching a Cached Web Application Based on Authentication Status - In general, the subject matter described in this specification can be embodied in methods, systems, and program products for receiving a request to retrieve electronic resources that correspond to a first network address. The resources are retrieved from a cache. The retrieved resources are responsive to the request, correspond to the first network address, and are configured to activate a first web application. Activation of the first web application requires that the computing device be authenticated. Instructions that are in the retrieved resources and are for activating the first web application are executed. The execution includes determining that the computing device is not authenticated to activate the first web application, and requesting to retrieve electronic resources that correspond to a second network address and that are configured to activate a second web application. Activation of the second web application does not require that the computing device be currently authenticated.04-05-2012
20120084834SYSTEM FOR COMMUNICATING WITH A MOBILE DEVICE SERVER - A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium operating in a mobile device server that has computer instructions to execute a web server application at the mobile device server. The web server application can be operable to detect a media resource center while roaming in a communication zone of the media resource center and to transmit a pairing key to the media resource center responsive to acquiring communication access to the communication zone. The web server application can be further operable to receive from the media resource center an indication that a roaming charge will be applied to a subscriber account associated with the mobile device responsive to the media resource center identifying from the pairing key that the mobile device server is a guest device. Other embodiments are disclosed.04-05-2012
20120084833Launching a Cached Web Application Based on Authentication Status - In general, the subject matter described in this specification can be embodied in methods, systems, and program products for receiving a request to retrieve electronic resources that correspond to a first network address. The resources are retrieved from a cache. The retrieved resources are responsive to the received request, correspond to the first network address, and are configured to activate a first web application. Activation of the first web application requires that the computing device be authenticated. Instructions that are in the retrieved resources and are for activating the first web application are executed. The execution includes determining that the computing device is not authenticated to activate the first web application, and requesting to retrieve electronic resources that correspond to a second network address and that are configured to activate a second web application. Activation of the second web application does not require that the computing device be currently authenticated.04-05-2012
20120222090METHOD OF COMMUNICATIONS AND COMMUNICATION NETWORK INTRUSION PROTECTION METHODS AND INTRUSION ATTEMPT DETECTION SYSTEM - A method, system and computer readable medium for protecting a communications device connected to a communications system against an unauthorized intrusion, including providing a variable identifier to the communications device and entities authorized access thereto. The variable identifier is provided to a user address book and assigned with a permanent identifier and the permanent identifier, but not the variable identifier, is available to a user. The presence or absence of the correct variable identifier is sensed during an attempt to access the communications device for granting or denying access to the communications device. A new variable identifier is periodically provided to the communications device and to the authorized entities and to the user address book and assigned with the permanent identifier, wherein the permanent identifier, but not the new variable identifier, is available to the user.08-30-2012
20120227086CROSS SOCIAL NETWORK DATA AGGREGATION - Disclosed in some examples is a method of aggregating social networking data by receiving first authentication information for a first social networking service, the first authentication information being associated with a user and being received from a first social networking application, receiving second authentication information for a second social networking service, the second authentication information being associated with the user and being received from a second social networking application, requesting first information regarding the user from the first social networking service using the first authentication information, receiving the first information regarding the user from the first social networking service and storing the received first information, requesting second information regarding the user from the second social networking service using the second authentication information; and receiving the second information regarding the user from the second social networking service and storing the received second information.09-06-2012
20120227088METHOD FOR AUTHENTICATING COMMUNICATION TRAFFIC, COMMUNICATION SYSTEM AND PROTECTIVE APPARATUS - Embodiments of the present disclosure provide a method for authenticating communication traffic, a protective apparatus and a communication system, and relate to the fields of communications and computer. The method includes: a TCP packet is authenticated before it arrives at the server, to verify the true source address of the TCP packet, further verify whether the TCP packet is an attack packet, and determine whether the sender of the TCP packet is allowed to set up a TCP connection with the server, thereby effectively preventing DoS attacks that are launched through TCP packets and improving communication security.09-06-2012
20120227087CROSS PLATFORM SOCIAL NETWORKING AUTHENTICATION SYSTEM - Disclosed in one example is a method of authenticating with multiple social network services. The method may include storing first authentication information associated with a user for a first social networking service using at least one computer processor, receiving second authentication information associated with the user for a second social networking service from a social networking application, and sending to the social networking application the first authentication information. The first authentication information may enable the social networking application to utilize a protected application programming interface call for the first social networking service and the second authentication information may enable the social networking application to utilize a protected application programming interface call for the second social networking service.09-06-2012
20120227085VIRTUAL COMPUTING SERVICES DEPLOYMENT NETWORK - A virtual computing services deployment network provides a consistent user experience from a variety of locations via a connection fabric for accessing a virtual desktop. The connection fabric identifies a user profile defining the virtualized desktop resources required for a particular user. The connection fabric includes distributed data and processing in nodes distributed throughout a public access network accessible from a user access device. Each of the fabric nodes is operable to provide an identifier (such as an IP address) of a computing resource adapted to provide the user specific desktop. A user access device accesses a local fabric node in the connection fabric, and the fabric node determines a computing resource matching a user profile of expected computing resources. The fabric node associates the user access device with the computing resource and sends the user access device an identifier for directly accessing the computing resource. The determined computing resource may be determined by a centralized virtual computing approach, thus providing appropriate scaling without significantly impacting the existing fabric.09-06-2012
20120260313DIGITAL SYSTEM AND METHOD FOR BUILDING EMERGENCY AND DISASTER PLAN IMPLEMENTATION - An emergency and disaster preparedness system is hosted on a computer system with a secure network interface using a terminal for user interface to the system communicates through the network interface. A security management module for user authentication connects an authenticated user into the system. A communications module provides and sets active alerts for all users. An administrative console provides management of system functions. A learning management system operable from the system incorporates a plurality of function specific databases for user information on the building structure, content and environs. A portable emergency response tool (ERT) operable independently or through the network interface is an integral portion of the system. The ERT has a portion of the plurality of function specific databases integrally stored thereon and functions specifically for use by first responders separate from or communicating with the overall system.10-11-2012
20120260314UNINTERRUPTED VIRTUAL PRIVATE NETWORK (VPN) CONNECTION SERVICE WITH DYNAMIC POLICY ENFORCEMENT - Techniques for uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement are provided. An existing VPN session between a VPN client and a VPN server detects a change in a VPN network being used for the existing VPN session. New credentials and new policies are received by the VPN client. The new credentials are automatically used to re-authenticate the VPN client to the change during the existing VPN session, and the new policies are dynamically used to enforce the new policies during the existing VPN session on the VPN client.10-11-2012
20090019525DOMAIN-SPECIFIC LANGUAGE ABSTRACTIONS FOR SECURE SERVER-SIDE SCRIPTING - A method and apparatus is disclosed herein for secure server-side programming. In one embodiment, the method comprises creating a server-side program with one or more abstractions and compiling the server-side program by translating the server-side program, including the one or more abstractions, into target code that is guaranteed to execute in a secure manner with respect to a security criteria.01-15-2009
20090019524System and method for network operation - A network of secure servers, requiring no central entity to administer user identities or access permissions. Each autonomous server hosts a set of user accounts. Users may link to and access the accounts of all other users in the network. Resources in accounts are private, but users may grant each other partial permissions to them. Links and permissions are independent of the location of accounts, and are cryptographically authenticated. Users may migrate their account between servers without loosing accumulated permissions, or breaking links that others have to their account. The ability to grant permissions may be delegated to reflect complex organizational structures. A permission may be configured to unlock data in a multitude of accounts. The system will support applications that require secure information sharing across multiple organizational boundaries, and provides a distributed security model which is feasible to deploy as it is wholly administered by its users.01-15-2009
20090019523CONTROLLING NETWORK COMMUNICATIONS - A technique of establishing communication between a server apparatus and a client apparatus in a manner that satisfies a desired security level of network communications is disclosed.01-15-2009
20090019521CONTROLLING ACCESS PRIVILEGES IN A WIRELESS DOMAIN - Various systems, methods, and programs executable on a computer readable medium are provided for providing secure communications in a wireless domain. In one embodiment, a method is provided in which access to a network is established a client in an originating subnet associated with an originating controller in a wireless domain. The access rights for the client are set based upon a first active control list. Access to the network for the client is established in a foreign subnet associated with a foreign controller in the wireless domain when the client roams from the originating subnet to the foreign subnet. A second active control list is tunneled from the foreign subnet to the originating subnet. The access rights to the network for the client in the originating controller are reset based upon the second active control list.01-15-2009
20120233660METHOD AND APPARATUS FOR PROVIDING SECURITY FOR AN INTERNET PROTOCOL SERVICE - A method and apparatus for providing security to an endpoint device are disclosed. For example, the method receives a signaling message by the endpoint device. The method processes the signaling message, if the signaling message is received from a device associated with one of one or more Internet Protocol (IP) addresses in an Access Control List (ACL), and discards the signaling message, if the signaling message is received from a device not associated with one of the one or more IP addresses in the ACL.09-13-2012
20120233659NETWORK IDENTITY MANAGEMENT SYSTEM AND METHOD - Users of Internet services (e.g., SKYPE messaging service, GOOGLETALK messaging service, AOL INSTANT MESSENGER messaging service, and MICROSOFT MESSENGER messaging service) that are initially identified using separate identifiers that may be associated with respective service providers (e.g., email addresses) can manage network identities using a single unified set of account information managed by a registry service. The registry authenticates the user's request(s) to bind a service provider identity to his or her personal registry user record by presenting a random challenge to the user which the registry must then receive back from the service provider corresponding to the identity being added. Later, the registry may authenticate itself to service providers using information received from a service provider application as the service provider application authenticates itself to the service provider.09-13-2012
20080313710COMMUNICATIONS DEVICE, COMMUNICATIONS METHOD, COMMUNICATIONS PROGRAM, AND COMPUTER-READABLE STORAGE MEDIUM STORING THE COMMUNICATIONS PROGRAM - The communications device of the present invention performs an authentication with the device at the other end automatically or through a simple operation, independently of an authentication scheme supported by the device at the other end. A communications device includes: a connecting section for establishing a connection with the other communications device according to the IrSimple scheme; an authentication section for performing an authentication by the IrSimple scheme; a connecting section for establishing a connection with the other communications device according to the IrDA scheme, an authentication section for performing an authentication according to the IrDA scheme; and a protocol switching section for causing the connecting section to initiate a connection and causing the authentication section to perform an authentication, when an authentication by the authentication section is unsuccessful. This makes it possible to switch to a protocol of the IrDA scheme and perform communications according to the IrDA scheme when the other communications device does not support device authentication of the IrSimple scheme although being compliant with the IrSimple scheme.12-18-2008
20080301775Method and apparatus for securing data in a memory device - A Method and a terminal intended for securing information in a local memory device which is couplable to a terminal having a data link interface. At the terminal, the method comprises the following steps. The method divides 12-04-2008
20080301776System method for providing secure access to a communications network - A system and method for providing secure access to a telecommunications network system. In one embodiment, a cellular device produces a communication session key and utilizes an index and corresponding timing intervals previously provided by the network to the cellular device. The session key is divided into multiple segments that are placed into separate data packets. The data packets, separated by the timing intervals, are sent to the network where a comparison is made between the information in the data packets and the time intervals between the data packets. The timing intervals between the data packets must match an identical set of time intervals stored in the network and if so, the network assembles the data packets to provide a session key for secure communications between the network and the access device.12-04-2008
20080301774INFORMATION PROCESSING APPARATUS - An information processing apparatus includes: a processor; a first auxiliary storage device that stores data; a second auxiliary storage device that is provided separate from the first auxiliary storage device at a position inaccessible to a user, the second auxiliary storage device being configured to be rewritable; and a firmware memory that stores a firmware program that is initially executed when a power of the apparatus is turned on, wherein the firmware program causes the apparatus to operate: performing an user authentication; permitting an access to the first auxiliary storage device when the user authentication is successful; and initiating an authentication failure processing program that is stored in the second auxiliary storage device to be performed by the processor when is the user authentication is unsuccessful.12-04-2008
20080301773METHOD AND APPARATUS FOR SECURITY CONFIGURATION AND VERIFICATION OF WIRELESS DEVICES IN A FIXED/MOBILE CONVERGENCE ENVIRONMENT - A system and method is described that enables autonomic discovery of wireless network security mechanisms by mobile devices. Stateful monitoring of wireless devices facilitates identification of pending network connectivity loss, enabling a handoff server to proactively advertise new points of access and their associated security mechanisms to devices before connectivity is lost. As a result, devices may seamlessly transition between secure networks. Stateful monitoring of device reachability may be used together with device certificates and/or tokens to decrease the potential of MAC spoofing and further secure the network. Stateful monitoring of device connectivity status during network transitions facilitates the identification of rogue access points. The token or certificate on the device may be used to authenticate the device while transitioning between networks by a centralized entity, managing the initiation and the execution of the handover for the device.12-04-2008
20120266215Captcha Image Scramble - Particular embodiments determine a modified image for a CAPTCHA. The CAPTCHA may include an original image, a challenge based on the original image, and/or a correct response based on the original image. The modified image may be a scrambled version of the original image. Web-browser-executable code is determined for unscrambling the modified image back to the original image. The modified image and the web-browser-executable code are then provided to a computing device. Upon receiving the modified image and the web-browser-executable code, the computing device then displays the original image based on the modified image and the web-browser-executable code.10-18-2012
20120266214CREATING SECURE INTERACTIVE CONNECTIONS WITH REMOTE RESOURCES - Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.10-18-2012
20120266213TRUSTED HARDWARE FOR ATTESTING TO AUTHENTICITY IN A CLOUD ENVIRONMENT - Apparatuses, computer readable media, methods, and systems are described for storing a first measurement of a virtualization platform, storing a second measurement of a measured virtual machine, generating a quote using a key, wherein the quote is based on the first measurement and the second measurement, and providing the quote for attesting to authenticity of the virtualization platform and of the measured virtual machine. In a further example, the quote may be generated based on a third measurement of a secure tunnel.10-18-2012
20120266212APPARATUS AND METHOD FOR AUTHENTICATING SMART CARD - The disclosure discloses an apparatus and a method for authenticating a smart card. The apparatus for authenticating a smart card comprises a smart card authentication service module, a Smart Card Reader (SCReader) drive module, a Personnel Computer Smart Card Drive (pcscd) service module and a virtual serial port drive module, wherein the smart card authentication service module is configured to send an initialization command to the SCReader drive module, to send an authentication request to the terminal device and the network server, and to compare smart card authentication operation results received from the network server and the terminal device; when the results are identical to each other, the authentication of the smart card is passed; the SCReader drive module is configured to receive the initialization command from the smart card authentication service module and to send the authentication operation result from the terminal device to the smart card authentication service module; the pcscd service module is configured to provide a data transmission interface for the smart card authentication service module and to send data to the virtual serial port drive module through the SCReader drive module; and the virtual serial port drive module is configured to transmit data between the terminal device and the SCReader drive module. By the device and method, the existing module of a computer can be well used; and the authentication of multiple kinds of smart cards can be implemented, so that the device and method have high compatibility, and are easy to expand and widely applied.10-18-2012
20120266211TRANSPARENT DATABASE CONNECTION RECONNECT - A first computer establishes a logical connection to a second computer for requesting and/or receiving data from a database. A logical connection is independent of the underlying physical network connection used to connect to the database. A context identifier is stored by both computers to enable the context of a logical connection to be persisted between switches from one physical network connection to another within the logical connection thus enabling database transfers to be continued on a second physical network connection when a failure in a first physical network connection occurs.10-18-2012
20110004921PERSONALIZED SECURITY MANAGEMENT - Systems and methods for personalized security management of online applications are provided. A determination may be made that a condition for constructing an increased authentication proposal for access to an online financial service is satisfied. The increased authentication proposal may be associated with (i) a user of the online financial service and (ii) a user request option associated with the online financial service. Based upon the determination that the condition is satisfied, the increased authentication proposal may be generated and transmitted for presentation to the user. An increased authentication proposal response may then be received, and the increased authentication proposal response may be processed in order to store, in association with the user and the user request option, (i) an indication of an increased authentication condition and (ii) an indication of an increased authentication mechanism.01-06-2011
20110004920WIRELESS COMMUNICATION SYSTEM, WIRELESS HOST, AND WIRELESS DEVICE - A wireless communication system includes a wireless host and a wireless device. The wireless device includes a user authentication unit that authenticates a requesting user that is using the wireless host based on a result of comparison between a requesting-user ID of the requesting user received from the host and a user ID of a user that is permitted to establish communication with the wireless device. When the requesting user is authenticated by the user authentication unit, information required prior to connection is stored in the wireless device and the wireless host. The wireless device permits to continue the association process with the wireless host, when the information required prior to connection received from the wireless host and the information required prior to connection stored in the wireless device match.01-06-2011
20110004919Method for Processing Emails in a Private Email Network - A postal inspector gatekeeper function is implemented in an electronic email communication system to process email. Various methods of processing email in a private email network approve or reject specific emails for delivery after determining whether the email sender and/or the intended email recipient are included in directories such as a member directory, enterprise member client directory, and a non-member whitelist.01-06-2011
20110004918Facilitating heterogeneous authentication for allowing network access - A method comprises an operation for facilitating authentication of a client device attempting to connect to a port of a network element. Facilitating authentication includes determining whether the client device is configured for being authenticated using a first authentication mechanism and, in response to determining that the client device is not configured for being authenticated using the first authentication mechanism, determining whether the client device is configured for being authenticated using at least one other authentication mechanism. For each one of the authentication mechanisms, an operation is provided for providing the client device with network connectivity dependent upon a respective first classification policy structure in response to the client device being successfully authenticated and an operation is provided for providing the client device with network connectivity dependent upon a respective second classification policy structure different that the first classification policy structure in response to the client device failing to be successfully authenticated.01-06-2011
20100024005METHOD AND APPARATUS FOR PROVIDING IDENTITY MANAGEMENT FOR USERS IN A WEB ENVIRONMENT - An identity management method, apparatus, and computer readable article of manufacture tangibly embodying computer readable instructions for executing the identity management method. The method includes: creating an association table to record a first session ID between the user and the first Web application, a second session ID between the user and the second Web application, and an association of the IDs; sending a session ID request containing the first session ID by the first Web application to a return module; receiving the session ID request and searching by the return module for the associated second session ID in the association table according to the first session ID; and returning the second session ID to the first Web application, thereby providing identity management for a user in a Web environment in which a first Web application accesses a second Web application on behalf of the user.01-28-2010
20110131630SERVICE ACCESS METHOD AND DEVICE, SERVICE AUTHENTICATION DEVICE AND TERMINAL BASED ON TEMPORARY AUTHENTICATION - A service access method and device, a user authentication device, and a terminal are provided. A service access method includes requesting a terminal to transmit authentication information in response to a service access request that is received from the terminal, receiving the authentication information from the terminal, permitting a temporary access to the terminal based on a result of a temporary authentication performed based on the authentication information, and processing a main authentication based on the authentication information.06-02-2011
20120240191WIRELESS DEVICE NEARFIELD SECURITY CONFIGURATION - A joining device is operable to join a wireless network by establishing a nearfield wireless connection between the joining device and an intermediary device, and exchanging identifying information with the intermediary device that enables the joining device to securely join the wireless network.09-20-2012
20100175108METHOD AND SYSTEM FOR SECURING VIRTUAL MACHINES BY RESTRICTING ACCESS IN CONNECTION WITH A VULNERABILITY AUDIT - A method and system for securing a virtual machine is disclosed. An initiation signal from the host system that is generated upon startup of the virtual machine is intercepted, and a network connection on the host system accessible by the virtual machine is restricted in response. Then, the virtual machine is queried for preexisting vulnerabilities, and such data is received. Access by the virtual machine to the network connection is controlled based upon a comparison of a security policy, which is associated with the virtual machine, to the received preexisting vulnerabilities.07-08-2010
20110047597SYSTEM AND METHOD FOR SECURITY DATA COLLECTION AND ANALYSIS - Disclosed herein is a system and method for efficiently gathering information about applications for mobile communication devices (e.g., smartphones, netbooks, and tablets). This disclosure is also directed to a server producing assessments for applications by analyzing data from multiple sources. To gather information, a device sends information about an application to a server, which stores some or all of the information and may request additional information, if necessary. The server collects information from many devices, including devices that have varied configurations and different operating systems, by only collecting the appropriate information from each device. The server gathers the appropriate data to perform in-depth, granular mobile application analysis while minimizing overhead on devices, wireless networks, and the server. The server may collect portions of data from multiple devices, combining them on the server to produce an assessment for an application.02-24-2011
20110047596KEYSTROKE LOGGER FOR UNIX-BASED SYSTEMS - A device receives, from an Internet program manager (IPM) server, an identification (ID) of a user associated with a user device and an Internet protocol (IP) address of the user device, and connects to the user device based on the user ID and the IP address of the user device. The device also receives, from the IPM server, a request to execute a logging application for the user device, and executes the logging application based on the request. The device further receives, via the logging application, one or more inputs or outputs associated with the user device, and records the one or more inputs or outputs associated with the user device.02-24-2011
20110047595DISTRIBUTED SYSTEM AND COMPUTER PROGRAM PRODUCT FOR ESTABLISHING SECURITY IN A PUBLISH/SUBSCRIBE DATA PROCESSING BROKER NETWORK - A technique for establishing security in a publish/subscribe data processing broker network is presented. The technique includes providing a security extension module from a publisher to a broker of the network, wherein the security extension module is for a topic asset of the publisher. The broker employs the security extension module, responsive to receipt of a request from a subscriber for the topic asset, to authenticate the request at the broker before pushing the topic asset of the publisher to the subscriber. In addition to authenticating the request, the security mode extension can be employed to authorize the request, and to automatically forward messages to the publisher providing information on when topic asset access by a subscriber begins and ends.02-24-2011
20120324537MULTIPLE USER LOGIN DETECTION AND RESPONSE SYSTEM - A method is provided for controlling multiple access to a network service to prevent fraudulent use of the network service. The method includes identifying an account access counter for an account using identification information received from a user at a first device using a network, wherein the user is requesting access to a service provided at a second device, and further wherein the account access counter is the number of service access sessions active for the account; comparing the account access counter to a maximum account access number, whrerein the maximum account access number defines a maximum number of service access sessions allowed for the account; and providing the user at the first device access to the service at the second device if the account access counter is less than the maximum account access number.12-20-2012
20120324536VIRTUAL EXTENDED NETWORK - A network device may receive a data structure, intended for a second computing device, from a first computing device. The network device may determine, based on the first data structure, whether the first computing device and the second computing device correspond to the same virtual network. When then the first computing device and the second computing device correspond to the same virtual network, the network device may communicate the data structure to the second computing device. However, when the first computing device and the second computing device do not correspond to the same virtual network, the network device may disregard the data structure.12-20-2012
20120331521SYSTEM AND METHOD FOR APPLICATION CENTRIC CLOUD MANAGEMENT - An application-based cloud management system and method are provided. The cloud management method comprises authenticating a user to access a cloud network, determining a user behavior of the authenticated user using one or more metadata stored in a cache memory, loading resources related to the user behavior to a virtual machine, and allocating the virtual machine to the authenticated user.12-27-2012
20110219429ONLINE SERVICE PROVIDING SYSTEM, METHOD, SERVER AND MOBILE DEVICE THEREOF, AND COMPUTER PROGRAM PRODUCT - An online service providing system, a method, a server, and a mobile device thereof, and a computer program product are provided. The method includes sending a verification link corresponding to a user account that is not verified; after receiving a verification request corresponding to the verification link, determining whether a device identification sent by the mobile device that has logged in the user account is received; when receiving the device identification, confirming whether the user account is verified according to the device identification; after confirming that the user account is verified, when receiving a service request sent by a terminal device logging the user account into a service website, determining a homepage of the service website according to the device identification, and providing the online service corresponding to the mobile device to the terminal device through the service web site.09-08-2011
20110239273NETWORK UTILIZATION AND RESOURCE CONTROL BASED ON TRAFFIC PATTERNS - A device receives, from a user device, a request to access a network, determines whether to accept or deny the request to access the network, and monitors traffic provided to or from the user device via the network. The device also determines a traffic pattern for the user device based on the traffic, classifies the traffic as one of high throughput traffic, low packet data size traffic, or high frequency packet interval traffic, and applies different network resource control mechanisms to different classifications of the traffic.09-29-2011
20100251331Method and Apparatus for Accessing Heterogeneous Networks via Wireless Local Area Network - A method and an apparatus for accessing heterogeneous networks via a Wireless Local Area Network (WLAN) are disclosed. The method includes receiving an access request from a WLAN terminal or a portal/policy server; determining a target network that the terminal needs to access according to the access request; converting the access request according to the format of a target network transmission protocol; sending the converted access request to the target network; and receiving an authentication result from the target network, and sending the authentication result to the terminal.09-30-2010
20120131643Tunneled Security Groups - A method for providing security groups based on the use of tunneling is disclosed. The method includes assigning a security group identifier (SGI) to a packet and classifying the packet based on the packet's SGI.05-24-2012
20120278860PERSONAL LIFESTYLE DEVICE - A method and apparatus for advertising a service on a wireless device. The method includes: storing authentication information in the wireless device; using the authentication information to establish communication between the wireless device and a service provider; and subsequent to the communication being established between the wireless device and the service provider, advertising, on the wireless device, context-specific information about a service associated with the service provider based on at least one of (i) an ambient temperature, (ii) a body temperature of a user of the wireless device, and (iii) a heart rate of the user.11-01-2012
20120278858SYSTEM AND METHOD OF PROVIDING INFORMATION ACCESS ON A PORTABLE DEVICE - A system and method of providing information stored in a memory is provided. The system comprises an information repository for storing information and an access module for providing access to the information in response to a predetermined operation performed on a man-machine interface. The method includes the steps of storing information in a memory and providing access to the information in dependence upon at least one predetermined operation.11-01-2012
20120278856METHOD, DEVICE, AND SYSTEM FOR SERVICE PRESENTATION - A method, device and system for service presentation, which includes: receiving a presentation request message; acquiring presentation information from the presentation request message; storing the presentation information; when the presentee accesses the presented content, receiving an authentication and rating request message transmitted from the service enabling component; performing authenticating and rating according to the authentication and rating request message and the stored presentation information. The present invention is applicable to presenting content type services and so on.11-01-2012
20120278854SYSTEM AND METHOD FOR DEVICE ADDRESSING - A system and method for enabling communication with one or more mobile communication devices. In one aspect, one or more mobile communication devices use an authenticated web identification to obtain a Uniform Resource Locator (URL) which is associated with the mobile communication device(s). The URL may be used to enable communication between the mobile communication device(s) and an application service via the Internet.11-01-2012
20110265145PROTECTION AGAINST UNSOLICITED COMMUNICATION FOR INTERNET PROTOCOL MULTIMEDIA SUBSYSTEM - A PUCI system includes a user equipment (UE) and a PUCI application server holding user policies in connection to a home subscriber server (HSS) holding operator policies. A policy manager establishes the correlation between the user policies and the operator policies, thus determining whether to reject or forward an incoming call originated from a trusted/distrusted source network in accordance with prescribed rules/logics.10-27-2011
20110277015Proxy Server, Control Method Thereof, Content Server, and Control Method Thereof - The present invention particularly relates, but is not limited to, a technology that facilitates the identification of a consumed content item and a user who consumed that item, and there is provided a proxy server that is capable of communicating with a client and a content server storing content for which permission data is required for reproduction. The proxy server comprises, in particular, a content information retrieving unit that retrieves, from the content server, content information that identifies the content server and the content, and a generating unit that generates modified content information that identifies the proxy server and the content identified by the content information.11-10-2011
20110277014NODE AUTHENTICATION - A requester node requesting a service in a peer-to-peer network transmits a request to a service provider node. The request may include a communication history of the requester node identifying other nodes with which the requester node has previously communicated. The service provider node authenticates the requester node based on the communication history. The service provider node may ask other nodes with which the requester node has communicated for evaluation of the requester node. The other nodes may calculate a trust metric of the requester node and provide this metric to the service provider node. The service provider node may use this trust metric in combination with a similarity calculation of the requester node and the service provider node to make a determination whether the requester node is to be authenticated. The service provider node may evaluate the requester node and store the evaluation in its communication history.11-10-2011
20120331522SYSTEM AND METHOD FOR LOGICAL SEPARATION OF A SERVER BY USING CLIENT VIRTUALIZATION - A system for logically separating a server using client virtualization includes a client terminal including a virtual environment generation unit for generating a virtual environment, and a virtualized server including a local storage unit, an authentication server for performing authentication on the client terminal when a request for access to the local storage unit is received from a process executed in the virtual environment, and a virtualization filter drier for allowing or blocking the access request to the local storage unit based on the authentication result of the client terminal. The client terminal further includes a virtualization filter drives for transmitting the access request from the process executed in the virtual environment to the local storage unit, and blocking the access request from the process without being made through the virtual environment to the local storage unit.12-27-2012
20120331523Wireless access device and method - The disclosure discloses a wireless access device (12-27-2012
20120331524NETWORKING AS A SERVICE - Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates.12-27-2012
20120331520Method and System for the Transmission of Wireless Data Stream - The disclosure provides a method and a system for transmitting wireless data stream. After a user equipment (UE) sends a packet data protocol (PDP) context activation request signaling to a base station, the base station checks whether the user equipment is allowed to activate a local Internet protocol access (LIPA) function. If the base station decides that the user equipment is allowed to activate the LIPA function, the base station informs a core network which executes authentication accordingly. The base station disconnects from the core network. The base station assigns a private IP address to the user equipment for implementing the LIPA function, so that the user equipment having the private IP address is directly connected to an external network through the base station without going through the core network.12-27-2012
20100229216WIRELESS CONNECTION DEVICE - A wireless connection device includes a unit to perform communications with another wireless connection device; a unit to transmit a wireless device guide packet to a wireless device and to accept an access request from said wireless device; and a control unit that includes a unit to receive a proxy request containing identifying information for identifying another wireless connection device when in wireless communications from said another wireless connection device; a packet generating unit to generate a proxy packet as a substitute for the wireless device guide packet sent from said another wireless connection device serving as a sender of this wireless device guide packet by use of the received identifying information; a unit to transmit the proxy packet via said wireless communication unit; a unit to accept a request for the connection to said wireless network system from said wireless device; and a forwarding unit to forward the connection request to said another wireless connect ion device when the accepted connection request is a connection request addressed to said another wireless connection device.09-09-2010
20100229215RECEPTION APPARATUS - A reception apparatus in accordance with the present invention is provided with a reception unit (09-09-2010
20110321128PUBLIC ACCESS POINT - The invention instantiates a Personal VLAN bridge, using IEEE Std. 802.11 elements. The result is a bridge, referred to as a public access point, that is better suited for implementing public wireless data networks than the IEEE Std. 802.11 architecture. The invention also provides a location-update protocol for updating the forwarding tables of bridges that connect public access points together. The invention further provides a method for more controlled bridging, which is referred to as fine bridging.12-29-2011
20110321126METHOD FOR WIRELESS COMMUNICATION AND WIRELESS TRANSMIT/RECEIVE UNIT - A method for wireless communications and a wireless transmit/receive unit are disclosed. At least one first wireless communication link with a base station for transmitting/receiving data packets is established, which at least one first wireless communication link complies with at least a first authentication mechanism. At least one second wireless communication link with at least one user device for transmitting/receiving data packets is established, which at least one second wireless communication link complies with at least a second authentication mechanism, wherein the at least one second wireless communication link comprises a peer-to-peer wireless communication link. The at least one first wireless communication link and the at least one second wireless communication link are concurrently maintained.12-29-2011
20120102546Method And System For Authenticating Network Device - The present invention provides a method and system for authenticating a network equipment (NE). When the NE is authenticated, the integrity checking result recorded in the trust environment (TE) of the network equipment is added for joint judgment to determine finally whether to initiate the authentication request or to respond with the authentication access. Only when both of the received access authentication request and the integrity checking result recorded in the TE of the network equipment are correct, the NE responds with the authentication success. And only when the integrity checking result recorded in the TE of the NE is correct, the NE actively initiates a valid access authentication request. Thus only when the integrity of the NE is correct, authentication for the NE is passed, therefore the secure authentication for the NE is ensured, and the possibility that the illegal device or tampered device passes the authentication is eliminated.04-26-2012
20120102545METHOD AND SYSTEM FOR PROTECTING AGAINST UNKNOWN MALICIOUS ACTIVITIES BY DETERMINING A REPUTATION OF A LINK - A method and system for protecting against unknown malicious activities by determining a reputation of a link are disclosed. A reputation server queries a database including reputation information associated with a plurality of links to retrieve a reputation of a redirected link. The reputation information may indicate whether the links are associated with a malicious activity. The reputation of the redirected link may be associated with the original link to create a reputation of the original link.04-26-2012
20120291098Multimode Authentication - Assigning clients to VLANs on a digital network. A client attaching to a digital network through a network device is initially assigned to a first VLAN. This VLAN may have restricted access and is used for authentication. The device snoops DHCP traffic on this first VLAN rewriting DHCP traffic from the client to request a short lease time for the client. A short lease time may be on the order of 30 seconds. The device optionally rewrites DHCP traffic to the client on the first VLAN to assure a short lease time is returned; this rewriting supports DHCP servers which do not issue short leases. Traffic on this first VLAN may be limited to authentication such as captive portals, 802.1x, Kerberos, and the like. If client authentication on the first VLAN does not succeed, when the short lease expires, the client will receive another short lease on the first VLAN. The network device snoops authentication traffic. When authentication succeeds, the device snoops this traffic and derives information such as roles and the target VLAN for the client, saving this information. When the short DHCP lease expires for the client, and the client restarts the DHCP process, the device assigns the client to the target VLAN and all further processing occurs on this target VLAN.11-15-2012
20120291096METHOD AND APPARATUS FOR SECURE SIGNING AND UTILIZATION OF DISTRIBUTED COMPUTATIONS - An approach is provided for providing secure signing and utilization of distributed computations. A distributed computation authentication platform causes, at least in part, a signing of one or more computation closures of at least one functional flow. The distributed computation authentication platform also processes and/or facilitates a processing of the one or more signed computation closures to cause, at least in part, a transfer of the one or more signed computation closures among one or more levels, one or more nodes, or a combination thereof, wherein an execution of the one or more signed computation closures at the one or more levels, the one or more nodes, or a combination thereof is based, at least in part, on an authentication of the signed one or more computation closure.11-15-2012
20120291095INDEPENDENT SECURE ELEMENT MANAGEMENT - An independent secure element manager (ISEM) routes secure payloads without modifying the secure payloads and without knowledge of the encryption keys used to encrypt the secure payloads. Secure payloads from multiple issuers and multiple TSMs can coexist in one or more secure elements because of control by the ISEM.11-15-2012
20120291094METHOD AND APPARATUS FOR LIFECYCLE INTEGRITY VERIFICATION OF VIRTUAL MACHINES - A method and system for verifying the integrity of virtual machines and for verifying the integrity of discrete elements of the virtual machines throughout the lifecycle of the virtual machines. A virtual machine manager capable of managing one or more virtual machine images is installed on a physical hardware platform. An integrity verification component can be communicatively coupled to the virtual machine manager and an integrity reference component so that the integrity verification component can compare digests of the virtual machine image or discrete virtual machine image elements to virtual machine integrity records accessible from the integrity reference component.11-15-2012
20120291099PROVIDING DISPERSED STORAGE NETWORK LOCATION INFORMATION OF A HYPERTEXT MARKUP LANGUAGE FILE - A method begins by a dispersed storage (DS) processing module of a domain name system (DNS) server receiving, from a client, a request regarding dispersed storage network (DSN) location information of a hypertext markup language (HTML) file. The method continues with the DS processing module searching a DNS table for an entry regarding the HTML file based on information of the request. When the entry is found, the method continues with the DS processing module ascertaining the DSN location information regarding a plurality of sets of encoded data slices, wherein the HTML file is encoded using a DS error coding function to produce the plurality of sets of encoded data slices and wherein the plurality of sets of encoded data slices is stored in a DSN. The method continues with the DS processing module outputting the DSN location information to the client.11-15-2012
20120291097SYSTEM AND METHOD FOR MULTI-TASKING OF A MEDICAL IMAGING SYSTEM - A medical imaging system capable of acquiring medical imaging data of a patient includes a console coupled to the system, the console comprising a computer programmed to enable a first user to perform a first task on the system via the console, and enable a second user to perform a second task simultaneously with the first task via a remote device.11-15-2012
20100199328METHOD AND APPARATUS FOR UTILITY COMPUTING IN AD-HOC AND CONFIGURED PEER-TO-PEER NETWORKS - Executing a program structure by leveraging a peer-to-peer network comprises generating a program structure comprising a plurality of program instructions. A first of a plurality of network peers then executes a portion of the program instructions which initiates the execution of code hosted by said first network peer, where said portion comprising fewer than all program instructions. The first network peer then migrates one or more of the program instructions, together with any requisite data, to at least one other of the plurality of network peer. The at least one other network peer then continues execution of the program structure until one or more of the objections of the program structure are achieved.08-05-2010
20100199327METHOD AND APPARATUS FOR SHARING CONTENT IN AN INTERNET BROADCASTING SYSTEM - An apparatus and method for sharing content in an Internet broadcasting system that supports broadcasting services using an Internet protocol. The method includes creating, by a bookmark creator, a bookmark for contents, transmitting, by the bookmark creator, the bookmark to a service provider, receiving the bookmark by the service provider, notifying, by the service provider, that the bookmark is updated to a content-sharing party, receiving, by the service provider, a transmission request for the bookmark from the content-sharing party, sending, by the service provider, the bookmark to the content-sharing party, and accessing, by the content-sharing party, the contents by executing the bookmark.08-05-2010
20100199326CONTROLLING WHETHER A NETWORK ENTITY PERFORMS ACCESS CONTROL BASED ON AN INDICATION FROM AN ACCESS POINT - An access point sends an indication or message to a network entity to indicate whether the network entity is to perform access control for an access terminal. In some implementations the indication/message may comprise an explicit indication of whether or not that network entity is to perform the access control. In some implementations, the inclusion of information (e.g., a CSG identifier) in the message or the exclusion of information from the message indicates whether the network entity is to perform the access control.08-05-2010
20100199325SECURITY TECHNIQUES FOR DEVICE ASSISTED SERVICES - Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service.08-05-2010
20130014218SYSTEM INCLUDING IMAGE FORMING APPARATUS AND INFORMATION PROCESSING APPARATUS, METHOD PERFORMED UNDER THE SYSTEM, IMAGE FORMING APPARATUS AND INFORMATION PROCESSING APPARATUS DIRECTED TO THE SYSTEM, AND NON-TRANSITORY STORAGE MEDIUM ENCODED WITH PROGRAM DIRECTED TO THE APPARATUSES - Provided is a system including a first image forming apparatus and an information processing apparatus connected via a network. When a second image forming apparatus is added to the network, the second image forming apparatus generates parent setting information indicating that the first image forming apparatus previously connected to the network is its parent, and transmits the parent setting information to the first image forming apparatus. The first image forming apparatus generates parent-child relationship setting information indicating a parent-child relationship between the first image forming apparatus and the second image forming apparatus, based on the parent setting information from the second image foaming apparatus. The information processing apparatus registers the second image forming apparatus as a new output destination, based on information of the second image forming apparatus.01-10-2013
20130014221SECURITY ARRANGEMENTS FOR EXTENDED USB PROTOCOL STACK OF A USB HOST SYSTEM - Security arrangements for a universal serial bus (USB) protocol stack of a USB host system are provided. The security arrangements prevent an unauthorized or suspicious USB device from communicating with the host system, detect suspicious activity originating from a device which is already communicating with the host system and may provide notification to a user.01-10-2013
20130014220Method and system for processing authenticator relocation request - The disclosure provides a method and a system for processing an authenticator relocation request. When detecting that initial authentication, re-authentication or authenticator relocation is being performed for a terminal, a network side refuses a new authenticator relocation request from the terminal. When detecting that no initial authentication, re-authentication or authenticator relocation is being performed for the terminal, the network side accepts the new authenticator relocation request from the terminal. Further, when detecting that the initial authentication, the re-authentication or the authenticator relocation is being performed for the terminal, the network side refuses a new re-authentication request from the terminal. According to the technical solution of the disclosure, the complexity of network element processing is reduced and potential safety hazard is avoided.01-10-2013
20130014219MESH NETWORK SECURITY SYSTEM GATEWAY AND METHOD - A gateway for transmitting signals between a computer network and a radio-frequency mesh network. The gateway includes a housing, a radio-frequency transceiver for communicating with the radio-frequency mesh network, an Internet Protocol transceiver, operatively coupled to the radio-frequency transceiver, for communicating with the computer network, a power supply, and a logic and memory unit configured to communicate with the computer network using a secure data connection.01-10-2013
20130014216GUARD SPOT BEAMS TO DETER SATELLITE-BASED AUTHENTICATION SYSTEM SPOOFING - A transmission-based authentication system and method to prevent an unauthorized claimant from tracking a signal are disclosed herein. In one or more embodiments, the method involves transmitting, from at least one transmission source, a plurality of authentication signals. The method further involves receiving, from at least one receiving source, a resultant signal that includes at least two of the authentication signals. Further, the method involves authenticating, with at least one authenticator device, at least one claimant by comparing properties of the resultant signal the claimant receives from the receiving source location(s) to expected properties of the resultant signal that the claimant should receive from the receiving source location(s). The properties that are compared are signal power, doppler shift, time of reception, and/or signal modulation. The transmission source(s) is employed in at least one satellite and/or at least one pseudo-satellite.01-10-2013
20100132015APPARATUS AND METHOD FOR PROVIDING SECURITY INFORMATION IN VIRTUAL ENVIRONMENT - An apparatus and method of providing security information in a virtual environment that supports a plurality of operating systems. The plurality of operating systems include at least one secure operating system in which applications whose safety has been verified are installed, and at least one normal operating system in which applications whose safety has been not verified are freely installed. The server operating system may provide security information corresponding to an operating system in which an application executed as foreground is installed, to provide information indicating whether an application is operated in a secure operating system, to a user.05-27-2010
20130019280ESTABLISHING SECURE COMMUNICATION LINK BETWEEN COMPUTERS OF VIRTUAL PRIVATE NETWORK - A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet.01-17-2013
20130019279VEHICULAR COMMUNICATION SYSTEM, MOBILE COMMUNICATION TERMINAL, AND VEHICULAR APPARATUSAANM Aida; ToshiyukiAACI Anjo-cityAACO JPAAGP Aida; Toshiyuki Anjo-city JP - A vehicular communication system includes a mobile communication terminal, an in-vehicle apparatus, and a distribution center to distribute a content. The mobile communication terminal includes a terminal-side application to execute a content. The in-vehicle apparatus includes a vehicle-side application to execute a content. If the mobile communication terminal and the in-vehicle apparatus are not communicably connected, the terminal-side application of the mobile communication terminal executes a content acquired from the distribution center. If the mobile communication terminal and the in-vehicle apparatus are communicably connected, the terminal-side application and the vehicle-side application are caused to be cooperative and the vehicle-side application of the in-vehicle apparatus is enabled to execute a content acquired by the mobile communication terminal.01-17-2013
20110162045ACCESS CONTROL SYSTEM, ACCESS CONTROL METHOD, AND COMMUNICATION TERMINAL - Collation information (06-30-2011
20110162044SECURE COMMUNICATION DEVICE, SECURE COMMUNICATION METHOD, AND PROGRAM - A secure communication device for high-speed encryption/decryption authentication including network stack processing. An encryption/decryption authentication control unit (06-30-2011
20110162043ELECTRONIC APPARATUS INCLUDING SELECTOR FOR CONNECTING FURTHER APPARATUS TO CONTROLLER OR COMMUNICATION CIRCUIT OF ELECTRONIC APPARATUS - A controller controls a selector to connect a portable apparatus to the controller, to authenticate the portable apparatus. When the authentication of the portable apparatus is successful, the controller controls the selector to connect the portable apparatus to an audio and visual processing device circuit.06-30-2011
20130024910COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR INTEGRATING A SOCIAL NETWORK INFORMATION FEED WITH A NETWORK COMMUNICATIONS APPLICATION - Disclosed are systems, apparatus, and methods for integrating an information feed. In various implementations, an identity of a user may be determined based on authentication information, where the authentication information identifies a user profile. In some implementations, profile information is identified based on the determined identity, where the profile information identifies one or more entities tracked using one or more information feeds associated with the user profile, and where the one or more information feeds comprises one or more feed items stored in a database system. In various implementations, the identified profile information is associated with a user account provided by a network communications application.01-24-2013
20130024911EXTENSIBLE ACCESS CONTROL ARCHITECTURE - Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.01-24-2013
20080244705METHOD AND APPARATUS FOR EXTENDING REMOTE NETWORK VISIBILITY OF THE PUSH FUNCTIONALITY - An approach is provided for extending remote network visibility for push functionality. An application is transmitted, via a push agent, from a first network to a device of a second network, wherein the device is configured to execute the application. The device is remotely controlled using the application.10-02-2008
20080235768SYSTEM AND METHOD FOR AUTHENTICATION OF A COMMUNICATION DEVICE - A system and method for authentication of a communication device is disclosed. A system that incorporates teachings of the present disclosure may include, for example, an authentication system can have a controller element that receives from a communication device by way of a packet-switched network an authentication request comprising a first identification (ID) of a gateway and a second ID of the communication device. The gateway and at least one network element of the packet-switched network can be provisioned to have a physical association with each other such that other network elements of the packet-switched network deny services to the gateway when the gateway attempts to operate outside of said physical association. From said physical association and the aforementioned IDs the controller element can authenticate the communication device. Additional embodiments are disclosed.09-25-2008
20130185765METHODS AND SYSTEMS FOR RESTRICTING ELECTRONIC CONTENT ACCESS BASED ON GUARDIAN CONTROL DECISIONS - Methods, computer-readable media, and systems are provided to facilitate a second user to allow or deny a first user, such as a child, from accessing content by proving the second user with a content profile based on decisions made by other users with respect to the content. In one implementation, a system allows the second user to set a threshold to automatically allow or deny access based on the other users' decisions. The decisions made by other users are aggregated into information that may be based on similarities between the child and other children from whom other users have previously made decisions regarding the particular content. In addition, the aggregation may more heavily weight decisions by users that have a history of making similar decisions to the second user.07-18-2013
20110247049ELECTRONIC DOCUMENT SECURITY SYSTEM AND METHOD - An electronic document security method receives a user request for viewing an electronic document from a client device. If the user request is approved, the electronic document is retrieved from a storage system. The electronic document is converted into an image format, and is output to the client computer.10-06-2011
20130174222METHOD AND APPARATUS FOR AN EPHEMERAL TRUSTED DEVICE - A method and system is performed by a requesting apparatus for accessing protected content from a content provider. The method includes receiving an indication of a level of trust needed to access specific protected content from a content provider, and supplying an identity attestation and an attribute attestation and the received level of trust to a third party evaluator. The evaluator determines if the requesting apparatus meets the level of trust needed to access the protected content. A trust attestation is generated indicating a level of trust of the requesting apparatus and is sent to the requesting device. The trust attestation is evaluated by the requesting device to determine what version of the protected content can be downloaded from a content provider. The requesting apparatus then asks for the protected content if the trust level attestation meets the level of trust needed to access the specific content from the content provider.07-04-2013
20130174220SECURE BOOT OF A DATA BREAKOUT APPLIANCE WITH MULTIPLE SUBSYSTEMS AT THE EDGE OF A MOBILE DATA NETWORK - A secure boot is provided for a breakout system having multiple subsystems at the edge of a mobile data network. The secure boot utilizes two trusted platform modules (TPM) to secure multiple subsystems. Further described is utilizing a first TPM to boot a service processor and then utilizing a second TPM to secure boot two additional subsystems. Booting of the final subsystem is accomplished in a two step process which first loads a boot loader and verifies the boot loader, and then second loads an operating system load image and verifies the operating system code.07-04-2013
20080222704Method and Apparatus for Computer Network Security - Techniques are provided for computer network security. The techniques include obtaining operational data for at least a first networked application; obtaining enterprise data for at least a second networked application; correlating the operational data with the enterprise data to obtain correlated data; and using the correlated data to improve security of the computer network.09-11-2008
20080222703DATA REPRODUCING APPARATUS AND TRANSMITTER AUTHENTICATING DATA REPRODUCING APPARATUS - A data reproducing apparatus includes a receiver receiving the content and outputting the received content to an image display apparatus prepared in advance, and a transmitter transmitting the content to the receiver when authentication of the receiver is successful. Before transmitting the content, the transmitter transmits a request to start authentication to the receiver and executes an authentication process after a predetermined time. When the receiver cannot be authenticated, the transmission of the request to start authentication and the execution of the authentication process are repeated. Here, the predetermined time is variably set according to the number of times the request to start authentication is transmitted and the authentication is executed.09-11-2008
20080222701Using secondary bearer to detect proximity of a device - A new and unique method or apparatus for providing protected transport of digital content from a first device to a second device, featuring activating a proximity link between the first and second devices; performing proximity detection between the first device and the second device; delivering the digital content from the first device to second device over a communications link when it is determined that the proximity between devices is within a predetermined range. The proximity link may take the form of a wireless link that is limited in its range with adequate authentication mechanisms, and may be either is an additional link compared to, for example, a wireless broadband link, or may even form part of the wireless broadband link if its broadband is sufficient. In operation, an actual streaming transfer or other suitable data transfer would be provided from one device to the other device using the additional link, such as the wireless broadband link. In particular, the proximity link may ensure that the physical proximity of the other device is in a certain range.09-11-2008
20080222700Challenge/Response in a Multiple Operating System Environment - a secure challenge-response virtualization system including a computer having a memory divided into at least a first and a second logical partition, where the first partition is operative to receive a challenge from an entity, and a challenge/response manager configured with the second partition, where the first partition is configured to provide the challenge to the challenge/response manager configured with the second partition, and where the challenge/response manager is configured to generate a response to the challenge and provide the response to the first partition.09-11-2008
20130179941Identifying guests in web meetings - A technique that identifies registered or guest users in web meetings of the type wherein users must follow a supplied URL to attend the meeting. Registered and guest users are provided different forms of the meeting invite URL. Each registered user receives a common web meeting link (a URL) that he must follow to join the meeting. This link forces the registered user to authenticate to the service when used. A guest user invitee receives a unique URL for the meeting that is generated with a nonce value associated with the guess user's contact information. The nonce value does not expose the contact information. To join the meeting, each registered user must follow the common web meeting link and authenticate to the service. True identities of the web meeting participants are displayed.07-11-2013
20130179942CONSOLIDATED DATA SERVICES APPARATUS AND METHOD - An apparatus for consolidated data services comprising a plurality of devices, a plurality of data services and a content application programming interface (API). A user API provides user identification for each of the plurality of devices using one or more of a plurality of user API methods. A feedback API configured to receive data from each of the plurality of devices that identifies media content that was delivered to the plurality of devices using one or more of a plurality of feedback API methods. A device API configured to provide a client system to one or more of the plurality of devices using one or more of a plurality of device API methods. A web service consolidator coupled to the content API, the user API, the feedback API, the device API, the update API, a plurality of data services and the plurality of devices through the communications media.07-11-2013
20130179943Systems and Methods for Authentication - A method of performing authentication involves receiving, by a station, an initiation frame and transmitting, by the station, an authentication request. The authentication request includes an extensible authentication protocol (EAP) over local area network (LAN) (EAPOL) Start and security parameters for a fast initial link setup (FILS) handshake.07-11-2013
20130145425VERIFICATION SERVICE - Concepts and technologies are disclosed herein for verifying sender information. According to various embodiments of the concepts and technologies disclosed herein, a verification service can determine, receive a request, or receive a call to verify sender information associated with data. The server computer generates and delivers a verification message to a sender device in response to determining that sender information verification is to be provided. The server computer receives a response indicating if the data was sent by the sender device. If the response indicates that the sender device did not send the data, the server computer can block delivery of the data, generate alarms or alerts, take other actions, and/or take no action. If the response indicates that the sender device sent the data, the server computer can deliver the data, provide a verification response to the recipient device, take no action, and/or take other actions.06-06-2013
20120254943METHODS FOR CONTROLLING A TRAFFIC OF AN AUTHENTICATION SERVER - A method for controlling the traffic of an authentication server and an authentication access apparatus, wherein a local area network token bucket including a high priority token bucket and a low priority token bucket is set according to the capability of the authentication server in processing the request message, and the request message sent by the authentication client is redirected to the authentication server after allocating a token to the authentication client, thus the traffic of the authentication server is controlled, so that the authentication server will not receive more request messages than it can handle. Meanwhile, the tokens in the high priority token bucket are reserved specially for authentication clients of a high priority, and they cannot be used by authentication clients that are not of a high priority, so the quality of service for authentication clients of a high priority is improved.10-04-2012
20120254942CONNECTION DESTINATION DETERMINATION DEVICE, CONNECTION DESTINATION DETERMINATION METHOD, AND SERVICE COLLABORATION SYSTEM - A connection destination determination device includes a control unit for performing an approval determination process to determine that a user authentication state in a connection destination request is approved if the user authentication state satisfies the user authentication state corresponding to a collaboration service. If the user authentication state is determined to be approved in the approval determination process, the control unit responds to a source of the connection destination determination request with the connection destination of service corresponding to the collaboration service which is the search key. If the user authentication state is not determined to be approved in the approval determination process, the control unit responds to the source of the connection destination determination request with the connection destination of authentication service, in order to obtain the user authentication state that does not satisfy the user authentication state corresponding to the collaboration service which is the search key.10-04-2012
20120254941Providing particular level of access to one or more items in response to determining primary control of a computing device - A computationally implemented system and method that is designed to, but is not limited to: determining which of a plurality of users detected in proximate vicinity of a computing device has primary control of the computing device; and providing a particular level of access, via the computing device, to one or more items, the particular level of access to be provided to the one or more items being in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.10-04-2012
20120254940AUTHENTICATING ONLINE USERS WITH DISTORTED CHALLENGES BASED ON TRANSACTION HISTORIES - A method for authenticating a user by a service provider includes providing at least one network, providing at least one processor, and using the at least one network and processor to receive user identification data from the user, generate and display to the user a Captcha-like challenge based on at least one previous transaction involving and known by the user and the service provider, receive a response to the challenge from the user, and determine whether the user is authentic based on the response.10-04-2012
20080216155Image forming apparatus - An image forming apparatus is provided that is capable of preventing a print data from being leaked even where a user forgets to print out the print data with which an authentication data is attached. The image forming apparatus of the present invention has: a network interface receiving the print data, the authentication data, and an importance degree data; a hard disk drive storing the print data, the authentication data, and the importance degree data received by the network interface; an operation panel with which the user inputs the authentication data that is used to authenticate the print data; an authentication control unit comparing the authentication data stored in the hard disk drive with the authentication data input by the user; a control comprising a print processing unit controlling print processing of the print data stored in the hard disk drive based on the comparison result; and a time management unit measuring a time for which the print data is stored in the hard disk drive, wherein the control unit deletes the print data based on the importance degree data and the time for which the print data is stored in the hard disk drive.09-04-2008
20130139220Systems and Methods for Using A Domain-Specific Security Sandbox to Facilitate Secure Transactions - Computer systems, methods, and computer readable media for facilitating a secure transaction are provided in which a client application is executed on a client computer. The client application initiates a request to a first domain comprising (i) a credential for the client application, (ii) a transaction identifier that uniquely identifies the request, and (iii) optionally, an identification of a user of the client application. Responsive to this request, the client receives a validated transaction module from the first domain. The client application loads the validated transaction module into a separate domain security sandbox that is segregated from memory space in which the client application is run. The validated transaction module conducts a validated transaction between the second domain and the validated transaction module. Separately, through the client application, a determination is made as to whether the transaction is complete by querying the first domain.05-30-2013
20130174221AUTHENTICATION SERVER, AUTHENTICATION METHOD AND COMPUTER PROGRAM - There is provided an authentication server including: a network access authenticating unit and an address notifying unit wherein the network access authenticating unit receives, from an authentication relay connected to a network, a first authentication message for a communication device existing under the authentication relay, and execute network access authentication process with the communication device, and the address notifying unit notifies the communication device of the server's address information in accordance with a result of the network access authentication process.07-04-2013
20130174219Dynamically Updating Current Communication Information - A method, system and computer readable media for dynamically updating current communication information, for enabling access to current communication based upon biometric information and/or for allowing communication information to be associated with biometric information and then allowing this communication information to be provided to desired recipients.07-04-2013
20130097672Security Interface for a Mobile Device - A method and device are described which provide a security interface, preferably for a mobile device. The security interface provides user-selectable non-secure data that is displayed without the need for a password. The non-secure data is preferably updated on a regular basis, and can be obtained from different sources, as selected by a user. The secure data can be accessed after successful authentication, such as a positive password verification. Additional non-secure data, related to the displayed non-secure data, can preferably be accessed, with or without a need for a password. An indication can be provided to inform a user that secure data has been updated, without the need to access such secure data. The security interface is preferably enabled after a predetermined timeout period. The interface allows the device to operate in three data access states: a controlled access state; a verification state; and a full access state.04-18-2013
20130097671DEVICE AND METHOD FOR INTERFACING AT LEAST ONE DATA STORAGE AND TRANSMISSION TERMINAL WITH AT LEAST ONE DATA TRANSMISSION MEDIUM - The invention relates to a secure interfacing device (04-18-2013
20130097670SYSTEM AND METHOD FOR SERVER-BASED IMAGE CONTROL - In one embodiment, a server-implemented method for providing an image file. The server receives a uniform resource locator (URL) containing identification of a requested image file for display within the browser of a user, the URL including criteria specified by one or more parameters relating to the size and/or format of the image file to provide. The server determines whether a cached version of the requested image file satisfying the one or more criteria exists. If so, then the server provides the cached version of the requested image file for display within the browser of the user. If not, then the server (i) generates a processed image file by modifying a stored version of the requested image file based on the one or more criteria; (ii) stores a cached version of the processed image file; and (iii) provides the processed image file for display within the browser of the user.04-18-2013
20130097669Behavioral fingerprint controlled theft detection and recovery - A computationally implemented method includes, but is not limited to: determining a behavioral fingerprint associated with a network accessible user of one or more devices, the behavioral fingerprint providing a current status of the network accessible user; and disabling the one or more devices automatically as a function of the determined behavioral fingerprint. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.04-18-2013
20130104195Method and System to Optimize Efficiency when Managing Lists of Untrusted Network Sites - A computer readable storage medium including a set of instructions executable by a processor, the set of instructions operable to determine if a network location included in a request to connect to the network location, is included in a first list of untrusted network locations stored on the client computer and send a request to determine if the network location is included in a second list of untrusted network locations stored remotely from the client computer when it is determined that the network location is not included in the first list.04-25-2013
20130104194METHOD AND SYSTEM FOR GRANT MANAGEMENT AND DEVELOPMENT CYCLE OPTIMIZATION - An apparatus, method, and system for federating grant management, project management, and funding in a web-based environment are disclosed. The apparatus, method, and system may include a module for receiving an electronic submissions of at least one grant proposal, a module for pestablishing a permission structure governing access to the at least one grant proposal, a module for providing a virtual collaboration space for the review process of the at least one grant proposal, a module for tracking a funding amount for the at least one grant proposal, a module for measuring statistical information based on parameters associated with the at least one grant proposal, and a module for generating reports based on the measured statistical information.04-25-2013
20130104196RESTRICTING ACCESS TO HARDWARE FOR WHICH A DRIVER IS INSTALLED ON A COMPUTER - Users of a computer are prevented from directly accessing certain hardware for which a driver is installed on the computer. The users are provided a limited, indirect manner to access the hardware for a specific purpose or to do a specific job. One example of such hardware is a wireless hardware communication interface. The wireless activity of the computer may be restricted so that the wireless hardware communication interface is prevented from communicating with any devices compatible with the wireless hardware communication interface other than one or more specific devices.04-25-2013
20130125208PORTABLE SECURITY DEVICE AND METHODS OF USER AUTHENTICATION - Disclosed a portable security device and methods for secure user authentication. The security device stores operating system agents that enable communication with user devices that have different operating systems. The security device also stores user authentication data for accessing different Internet resources by the user devices. The security devices connects to the user device using an operating system agent corresponding to the operating system of the user device, and receives from the user device a request to access an Internet resource. The security device select user authentication data associated with the requested Internet resource, and obtains the requested Internet resource using the selected user authentication data.05-16-2013
20130125206METHOD AND APPARATUS FOR BROKERING SERVER AND DEVICE AND COMPUTER-READABLE STORAGE MEDIUM FOR EXECUTING THE METHOD - A method and apparatus for brokering a communication connection between a device and a push server for providing a push service irrespective of a protocol difference between the device and the push server, and a computer readable storage medium for executing the method. The method includes: authenticating a connection between at least one device and a brokering apparatus based on protocol information relating to the at least one device; and if data is received from the server when the at least one device is connected to the brokering apparatus, modifying the data received from the server based on a protocol relating to the at least one device, and transmitting the modified data to the at least one device, wherein the brokering apparatus performs the modifying.05-16-2013
20130125205METHOD AND SYSTEM FOR REDIRECTING A REQUEST FOR IP SESSION FROM A MOBILE DEVICE - A request for establishing an IP session from a mobile device to be activated and connected to a cellular network is redirected to a web portal or platform of the cellular network. When the mobile device sends an authentication request for requesting establishment of an IP session to the cellular network, the mobile device receives a restricted IP address from the cellular network if the mobile device is not currently authorized for communication via the cellular network. A reverse domain name system lookup is performed on the restricted IP address to find a host name of a web portal or platform of the cellular network corresponding to the restricted IP address. The mobile device determines whether or not redirection of an IP communication request to the web portal or platform of the cellular network is to occur based on the host name.05-16-2013
20130125207NETWORK SECURITY DEVICE AND METHOD - The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user.05-16-2013
20130133032System and Method for Capturing Network Traffic - In certain embodiments, a method includes receiving, by a capture device, traffic flows transmitted by a plurality of client devices, each of the traffic flows being associated with one of the plurality of client devices and comprising encrypted data. The method further includes receiving, by the capture device, flow information communicated from a proxy server communicatively coupled to the capture device, the flow information comprising an identification of a particular traffic flow and a session key associated with the particular traffic flow. The method further includes storing, by the capture device, encrypted data of the particular traffic flow identified by the flow information supplied by the proxy server; storing, by the capture device, the session key associated with the particular traffic flow; and discarding, by the capture device, any of the plurality of received traffic flows not identified in the flow information received from the proxy server.05-23-2013
20130145426Web-Hosted Self-Managed Virtual Systems With Complex Rule-Based Content Access - A computer-based service provides methods and apparatus for a user to manage a collection of information that the user wishes to share with, or distribute to, one or more designated recipients, typically at a future time, where the user controls the contents of the collection, and the times and rules under which the collection, or portions of the collection, may be accessed by, or delivered to, the one or more designated recipients; and where the resources for storing, retrieving, processing and communicating the collection of information is logically centralized and remote from the user.06-06-2013
20110061091Method and System for Intermediating Content Provider Website and Mobile Device - In one embodiment, a method of facilitating communication between a first content provider website and a mobile device includes obtaining first information from the content provider website via a first network at a web server, the first information not including any email message, where the obtaining includes pulling by way of a back end portion of the web server the first information from the content provider website. The method also includes processing in at least one of the back end portion and a front end portion of the web server the first information so as to provide processed first information, and transmitting a notice of new content in the first information from the front end portion of the web server onto a push channel established on either the first network or a second network for receipt by the mobile device.03-10-2011
20110219428ELECTRONIC APPARATUS AND TERMINAL - According to one embodiment, an electronic device connected to an authentication device through a first communication network, and further connected to another electronic device through a second communication network, wherein the electronic device executes authentication of the electronic device and another electronic device by data delivery/receipt conforming to a predetermined procedure between the electronic device and the authentication device through the first communication network, and data delivery/receipt between the electronic device and another electronic device through the second communication network.09-08-2011
20100281520ATTRIBUTE INFORMATION AUTHENTICATION APPARATUS, ATTRIBUTE INFORMATION AUTHENTICATION METHOD, AND STORAGE MEDIUM FOR STORING COMPUTER PROGRAM - A present server transmits to a second user terminal attribute information authentication request information for requesting authentication of attribute information registered by a first user when a predetermined request is received from a first user terminal. Also, the server registers authenticated information in association with the attribute information of the first user when the authentication information, which indicates that the attribute information registered by the first user has been authenticated, has been received. When a request is made to view the attribute information of the first user, the existence of the authenticated information is determined, and if the authenticated information is registered, attribute authentication display information is generated and transmitted so as to be visually and identifiably displayed on the user terminal to indicate that authenticated information exists.11-04-2010
20080209518Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session - A method performed in an intrusion detection/prevention system, a system or a device for determining whether a transmission control protocol (TCP) segment in a TCP connection in a communication network is acceptable. The TCP connection can include TCP segments beginning with a three way handshake. A TCP segment can include a field for a timestamp. A timestamp policy of plural timestamp policies is identified, the timestamp policy corresponding to a target associated with the segments in a TCP connection. A baseline timestamp is identified based on a three way handshake in the TCP connection. Segments in the TCP connection are monitored. The segments in the TCP connection are filtered as indicated in the timestamp policy corresponding to the target, the timestamp policy indicating whether the segments are to be filtered out or forwarded to the target by comparing the timestamp of the segments to the baseline timestamp.08-28-2008
20080201765METHOD AND APPARATUS FOR AUTHENTICATING A COMMUNICATION DEVICE - A method and apparatus for authenticating a communication device is disclosed. An system that incorporates teachings of the present disclosure may include, for example, an authentication system having a controller element that receives from a communication device over a packet-switched network a terminal ID and a request to authenticate said communication device, generates a first registration ID, stores the first registration ID and a first communication identifier, transmits the first registration ID to the communication device, receives from an interactive response system a second communication identifier and a second registration ID that the interactive response system received during a communication session with the communication device over a circuit-switched network, and authenticates the communication device in response to detecting a match between the first and second communication identifiers and the first and second registration IDs. Additional embodiments are disclosed.08-21-2008
20110239274Methods for acouiring an internet user's consent to be located and for authenticating the identity of the user using location information - A method and system for acquiring an Internet user's consent to be geographically located via at least two independent sources of geographical information while at least one independent source of geographical information is the wireless location of said Internet user's communication voice device. The method does not require any user intervention other than the user's interaction with an Internet site via the Internet user's Internet browser.09-29-2011
20120278857METHOD FOR UNLOCKING A SECURE DEVICE - The present invention provides a method for unlocking a secure device (11-01-2012
20120278855COMMUNICATION APPARATUS, AUTHENTICATION APPARATUS, COMMUNICATION METHOD AND AUTHENTICATION METHOD - A communication apparatus transmits an authentication frame to an authentication apparatus and receives a response frame for response to the authentication frame from the authentication apparatus so that an authentication process is performed for the communication apparatus by the authentication apparatus. In the communication apparatus, a transmitting section transmits an authentication frame to the authentication apparatus using a multicast address as a transmission destination address, and if a reception determining section determines that the response frame is not received from the authentication apparatus, a transmission destination address changing section changes the transmission destination address from the multicast address to a broadcast address, and the transmitting section transmits the authentication frame that has the transmission destination address changed to the broadcast address to the authentication apparatus.11-01-2012
20130152166System And Method For Trusted Pair Security - A system for and method of protecting a resource is presented. The system and method include a trusted pair consisting of an initiator and a receiver. The receiver faces outward and is connected to a network, such as the Internet. The initiator is connected to the protected resource. In establishing a connection between the initiator and the receiver, the initiator initiates all communications. This configuration simplifies environment management, improves security including access controls, and facilitates deployment of internet-facing resources by changing the traditional model of component-to-component connection.06-13-2013
20130152167APPARATUS AND METHOD FOR IDENTIFYING WIRELESS NETWORK PROVIDER IN WIRELESS COMMUNICATION SYSTEM - To check security of an Access Point (AP) in a wireless communication system, an operating method of a terminal includes, before completing connection to the AP, receiving a frame that informs the terminal of existence of the AP; extracting security test information from the frame; and testing the security of the AP using the security test information.06-13-2013
20100293599Systems and Methods for Controlled Transmittance in a Telecommunication System - Systems and methods for authenticating digital assets in relation to a telecommunications network. In various cases, the systems include a network interface device associated with a customer premises. The network interface device includes a local authentication authority operable to authenticate one or more digital assets maintained in relation to the customer premises. In some cases, a global authentication authority can authenticate the network interface device, and implicitly authenticate the one or more digital assets. Many other cases and/or embodiments are disclosed herein.11-18-2010
20120260311METHOD, MOBILE TERMINAL AND SYSTEM FOR PROVIDING DIFFERENT AUTHENTICATION VALUES ACCORDING TO CONTACT METHOD OF MOBILE TERMINAL - System and method of authenticating a terminal. An authentication system which provides an authentication value specified by a tilt angle of a terminal, includes a terminal which measures the tilt angle, and a short-range communication reader which receives the tilt angle and terminal identification data from the terminal by using short-range communication and which generates the authentication value based on the tilt angle. The short-range communication reader authenticates the terminal based on the authentication value.10-11-2012
20100319052DYNAMIC CONTENT PREFERENCE AND BEHAVIOR SHARING BETWEEN COMPUTING DEVICES - A remote user persona is received at a computing device. The computing device includes a local user persona having a plurality of subsets relating to preferences of a user of the computing device. The remote user persona is synchronized with the local user persona at the computing device and, accordingly, the behavior of the computing device is adjusted.12-16-2010
20120284774REMOTE SLIDE PRESENTATION - Techniques for remotely viewing a presentation are disclosed. In accordance with these techniques, a host device executing a presentation application makes a presentation available over a network. In one embodiment, a remote device receives presentation data corresponding to a currently displayed slide of the presentation. The remote device may then display a representation of the currently displayed slide at the remote location.11-08-2012
20120284775METHOD FOR PROVIDING IP SERVICES TO A USER OF A PUBLIC NETWORK - A method for providing IP services to a user of a public network is disclosed. The user accesses the public network using a user equipment which supports a first set of IP services. The network provides a second set of IP services. A third set of IP services, included in a first set and second set of IP services, is identified and the user is allowed to access a plurality of IP services of a third set. A public network suitable to implement the method is also disclosed.11-08-2012
20120284773Network Access Points in Key Distribution Function - Network access node for a terminal integrated wirelessly into the network, including: 11-08-2012
20130160080APPARATUS AND METHOD FOR VERIFYING APPLICATION USER - Apparatus and a method for verifying application users includes an application installed in user equipment, a communication unit configured to communicate to verify a user of the application, and a control unit configured to select a user verification type for the application from a plurality of user verification types, based on a predetermined condition, and control the communication unit based on the selected user verification type to perform user verification. The apparatus and method provide a number of types of verification against various cases which wound otherwise allow no verification, depending on whether SMS messages can be transmitted, application provider policies, etc., so that users of applications can be verified in a fast and convenient manner.06-20-2013
20130160081System and Method for Concurrent Address Allocation and Authentication - A method for coordinating network entry of a device includes authenticating the device coupled to the controller, and allocating an address for the device, wherein allocating the address for the device occur concurrently with but independently of authenticating the device. The method also includes completing the network entry of the device upon successful completion of authenticating the device and allocating the address for the device.06-20-2013
20130160082Medical Device Connectivity to Hospital Information Systems Using Device Server - The present invention employs a system and method to allow for connectivity of a plurality of medical devices in a health care setting. The present invention utilizes a device server which may connect the plurality of medical devices to a hospital information system. The system may identify and authenticate a medical device and provide an administrator or privileged user accessing the information received from the medical device at a remote location. It is contemplated that the system utilizes a device server to connect the plurality of medical devices to the hospital information systems.06-20-2013
20130185766COMMUNICATIONS RELAY APPARATUS - A communications relay apparatus for relaying communications between an electronic control unit (ECU) connected to the apparatus via an in-vehicle local area network (LAN) and an external device connected to the apparatus via a communication path different from the in-vehicle LAN. In the apparatus, a data transfer unit forwards relay data received from the ECU to the communication path and forwards relay data received from the external device to the in-vehicle LAN. But the data transfer unit is inhibited from forwarding reprogramming data for reprogramming the ECU received from the external device to the in-vehicle LAN. An authentication unit authenticates a vehicle user, and when the vehicle user is successfully authenticated, then permits the data transfer unit to forward the reprogramming data to the in-vehicle LAN.07-18-2013
20110289557MANAGING SECURITY IN A NETWORK - A method of managing security in a network is described. A data anomaly at a first location on a network is detected. A source of this data anomaly is identified. The source is compared with a plurality of access control policies, wherein each of the plurality of access control policies comprises at least one access restriction instruction associated with one or more sources. Based on the comparing, the source is associated with a corresponding one of the plurality of access control policies.11-24-2011
20110289555Mechanism for Utilization of Virtual Machines by a Community Cloud - A mechanism for utilization of virtual machines by a community cloud is disclosed. A method of the invention includes authenticating a virtual machine (VM) to be joined to a cloud environment managed by a central administrative computing device as a cloud computing resource, wherein the VM is operating on a workstation that is not a dedicated cloud computing resource, updating a database of VMs utilized as cloud computing resources with information of the VM related to its operational status, and providing instructions for the VM to operate as a cloud computing resource, the instructions based on current demand for cloud services of the cloud environment and an overall current supply of cloud computing resources presently available in the cloud environment.11-24-2011
20110314517Communication system, authentication device, control server, communication method, and program - A configuration that can perform access control for each user/client, without arranging an Authenticator or an EAPoL pass switch at each location. A forwarding node processes a packet between a supplicant and a prescribed authentication device, in accordance with a processing rule that has been set. The authentication device performs a prescribed authentication procedure with the supplicant and notifies a result thereof to a control server. In a case where an authentication procedure with the authentication device succeeds, the control server creates a first forwarding path between the supplicant and a destination node, and transmits a processing rule for a packet received or transmitted between the supplicant and a destination node, following the first forwarding path, in at least one forwarding node in the first forwarding path.12-22-2011
20110314516TECHNIQUES TO SHARE BINARY CONTENT - Techniques to share binary content are described. An apparatus may comprise a first related client having a message platform with a file share feature and an object store, the file share feature operative to retrieve a data object for a publishing client having a defined relationship with the first related client and a second related client, the first related client to send the data object to the second related client on behalf of the publishing client, and the object store operative to store and manage the data object using a unique name identifier received with the data object. Other embodiments are described and claimed.12-22-2011
20130191881CLUSTER ARCHITECTURE FOR NETWORK SECURITY PROCESSING - A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.07-25-2013
20110321127TRANSACTIONAL SERVICES - Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.12-29-2011
20120005727METHOD FOR USER TERMINAL AUTHENTICATION AND AUTHENTICATION SERVER AND USER TERMINAL THEREOF - Provided are a method for user terminal authentication and authentication server and user terminal thereof. The method includes receiving authentication request information for accessing a network from the user terminal, processing a EAP authentication procedure according to the authentication request information, transmitting a message related to the EAP authentication procedure to the user terminal, wherein the message includes network rejection information when network rejection is triggered, and the network rejection information includes network rejection reason information and control information for the user terminal to cope with the network rejection.01-05-2012
20090150977SECURE REMOTE MANAGEMENT APPLIANCE - A computer network management system with an embedded processor, an analog communication means and a digital interface for network management provides a system for remotely and securely managing a network. Backup power in the form of an uninterrupted power supply, or other power means as appropriate, allows the modem to provide power outage notification to a remote site. The system further provides authentication and authorization capabilities for security purposes.06-11-2009
20120030732THIRD-PARTY-SECURED ZONES ON WEB PAGES - There is provided a method that includes storing a plurality of image elements of a seal media object in respective files in an authentication server system, each of the image elements is selected from the group consisting of: a layer of the seal media object, a still image portion of the seal media object, and a moving image portion of the seal media object. Authenticating at least a portion of a web page, upon opening of the web page in a browser, by the authentication server system. Delivering to the browser, by the authentication server system, files for assembly and display of the image elements on the web page as the seal media object upon authenticating.02-02-2012
20120030731System and Method for Local Protection Against Malicious Software - A method in one example implementation includes intercepting a network access attempt on a computing device and determining a software program file associated with the network access attempt. The method also includes evaluating a first criterion to determine whether the network access attempt is permitted and blocking the network access attempt if it is not permitted. The first criterion includes a trust status of the software program file. In specific embodiments, the trust status is defined as trusted if the software program file is included in a whitelist of trustworthy program files and untrusted if the software program file is not included in a whitelist. In more specific embodiments, the method includes blocking the network access attempt if the software program file has an untrusted status. In further embodiments, an event is logged if the software program file associated with the network access attempt has an untrusted status.02-02-2012
20130198805METHODS AND APPARATUS FOR MANAGING NETWORK TRAFFIC - Methods, apparatus, and computer readable storage medium for authenticating assertions of a source are disclosed. In one aspect, a method for authenticating an assertion of a source in an environment of distributed control include receiving a notification of the assertion; determining an entity responsible for maintaining an authenticated list of assertions by the source based on a first trusted public record, determining an assertion authenticator for the entity based on a second trusted public record, determining one or more assertions of the source from the assertion authenticator, and authenticating the assertion based on the determined one or more assertions.08-01-2013
20130198806INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND AUTHENTICATION METHOD - An information processing system, which is implemented by one or more information processing apparatuses, includes a first receiving unit configured to receive a first user identifier and a first organization identifier via a network from an external apparatus and a first authentication unit configured to perform authentication based on the first user identifier and the first organization identifier by referring to a storage unit storing one or more second user identifiers in association with second organization identifiers. The first authentication unit performs authentication by identifying an organization identifier matching the first organization identifier within the second organization identifiers and identifying a user identifier matching the first user identifier within the second user identifiers associated with the matching organization identifier.08-01-2013
20130198804Peer-to-Peer Service Designer - A peer-to-peer communication system, including a service manager for managing peer-to-peer services, a zone manager for managing zones, each zone including at least one peer-to-peer service and a window display layout therefor, and a privacy manager for restricting access to a zone, to a select group of users. A method is also described and claimed.08-01-2013
20120036557WI-FI ACCESS METHOD, ACCESS POINT AND WI-FI ACCESS SYSTEM - The present invention discloses a Wi-Fi access method, access point and a Wi-Fi access system. It is related to the field of communication technology and is devised for realizing the security access of a Wi-Fi device with relatively low costs. The Wi-Fi access method comprises: receiving an access request initiated by a wireless client terminal; sending an access prompt to an access point user based on the access request; receiving an access control instruction returned by the access point user; when the received access control instruction is a permitting access instruction sent by the access point user, performing access processing and establishing a Wi-Fi connection between the wireless connection terminal and the access point based on the permitting access instruction; or denying the access of the wireless client terminal based on a denying access control when the received access control instruction is the denying access instruction sent by the access point user. The present invention may cause a Wi-Fi device to access an access point (AP).02-09-2012
20120297449AUTHENTICATION METHOD - There is provided a method (11-22-2012
20120042359INFORMATION PROCESSING SYSTEM, WEB SERVER, INFORMATION PROCESSING APPARATUS, CONTROL METHODS THEREFOR, AND PROGRAM - This invention provides an information processing system which sets a validity period of authentication in an Web application provided by a Web server activated from an information processing apparatus in accordance with the logout transition time in the information processing apparatus, a Web server, an information processing apparatus, and control methods therefor. To accomplish this, a Web application activated on a Web server acquires the information of the logout transition time set in an information processing apparatus, and updates the validity period of authentication in the Web application in accordance with the acquired logout transition time. The Web application receives the notification of an operation event occurring in an MFP in addition to an operation event on the Web application, and properly resets a timer for the validity period of authentication in the Web application.02-16-2012
20120066743INFORMATION PROCESSING APPARATUS, SCREEN TRANSMITTING METHOD, AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM ENCODED WITH SCREEN TRANSMITTING PROGRAM - An information processing apparatus includes a storing portion, an authentication portion to authenticate a user using one of the one or more user apparatuses on the basis of identification information received from the user apparatus; a selecting portion to select, as main data, a piece of data from among one or more pieces of data stored in a presentation area which is a predetermined one of the plurality of storage areas; a screen generating portion to generate an access screen including an image of the selected main data; an access detecting portion to detect an access to the presentation area; and a screen transmitting portion, when the access detecting portion detects an access to the presentation area by the authenticated user, to transmit the generated access screen to the one of the one or more user apparatuses that is used by the authenticated user.03-15-2012
20120066742COPY CONTROL METHOD - The usability while performing copy control can be enhanced in the case of recording a digital broadcast program for which recording of one generation is permitted (“Copy One Generation”). When an output route in the case of copying digital contents from a first recording apparatus to a second recording apparatus is via LAN, authentication is executed between the first recording apparatus and the second recording apparatus. The capability of a move process with a predetermined copy number of multiple copies being kept is confirmed, and dedicated key information is shared to be used for encryption and decryption of the digital contents moved with the predetermined copy number of multiple copies being kept. Then, the digital contents recorded and managed in the first recording apparatus is added with the information about the predetermined copy number of multiple copies, and transmitted.03-15-2012
20130205370MOBILE HUMAN CHALLENGE-RESPONSE TEST - Methods and systems for verifying whether a user requesting an online account is likely a human or an automated program are described. A request for an online account may be received from a mobile device. A human challenge-response test adapted for displaying on a mobile device is displayed on the mobile device. Upon viewing the human challenge-response test, the user enters the user's solution to the human challenge-response test on the mobile device. A response hash value is created based on the user's solution. The response hash value is sent to an account request server for verification.08-08-2013
20130205369DIRECT MODE COMMUNICATION SYSTEM AND DISCOVERY INTERACTIVE METHOD THEREOF - A direct-mode communication system having a user direct-mode communication apparatus and a serving direct-mode communication apparatus is provided. The user direct-mode communication apparatus connects to an operating server, and authenticates with the operating server to obtain a user authenticated identification. The serving direct-mode communication apparatus connects to the operating server, and authenticates with the operating server to obtain a serving authenticated identification. The user direct-mode communication apparatus broadcasts a discovery signal based on the user authenticated identification. The serving direct-mode communication apparatus receives the discovery signal after the user direct-mode communication apparatus enters a default serving range, and provides interactive information to the user direct-mode communication apparatus according to the discovery signal and based on the serving authenticated identification.08-08-2013
20120096519Methods and Apparatuses for Avoiding Denial of Service Attacks By Rogue Access Points - Methods and apparatuses are provided for avoiding denial of service attacks by rogue access points. A method may include attempting to verify activation of access stratum security by an access point based at least in part upon integrity protection information included in a received security mode command message sent by the access point, wherein a radio connection has been established with the access point. The method may further include detecting an occurrence of a security activation deadlock. The method may additionally include determining that a predefined number of security activation deadlocks with the access point have occurred. The method may also include identifying the access point as a rogue access point based at least in part upon the determination that a predefined number of security activation deadlocks with the access point have occurred. Corresponding apparatuses are also provided.04-19-2012
20120096518Secure Provisioning Methods And Apparatus For Mobile Communication Devices Operating In Wireless Local Area Networks (WLANs) - A method for use in enabling a mobile communication device for communication involves establishing communication with an IEEE 801.11 device which is configured to operate as an access point; while communicating with the IEEE 801.11 device: participating in an authentication procedure with the IEEE 802.11 device; after positive authentication from the authentication procedure, participating in a provisioning procedure with the IEEE 802.11 device for receiving information for programming in the mobile communication device; and communicating with use of the programmed information in the mobile communication device.04-19-2012
20120096517SYSTEM AND METHOD FOR PROVIDING A SECURE CONNECTION BETWEEN NETWORKED COMPUTERS - Embodiments disclosed herein provide a system, method, and computer program product for obtaining secure connectivity between networked computing devices. The invention comprises utilizing a network protocol inherent to an operating system on a client device to automatically set up and establish a transient secure network connection endpoint on the client device. The act of utilizing can be a result of a server device responding to a connection request from the client device. The act of establishing the transient secure network connection endpoint on the client device creates a transient secure network connection between the server device and the transient secure network connection endpoint on the client device without manual intervention or configuration by a user at the client device. Secured access by the client device to one or more network devices is permitted until the transient secure network connection between the server device and the client device is severed.04-19-2012
20130212645INFORMATION AUTHENTICATION METHOD AND INFORMATION AUTHENTICATION SYSTEM - At a time of enrollment, a client terminal: generates a feature polynomial from biometric information for enrollment; multiplies the feature polynomial by a prescribed integer; stores a helper polynomial obtained by multiplying an inverse polynomial of a template polynomial, a polynomial having a small norm; and transmits the template polynomial to an authentication server. The authentication server stores the template polynomial in a storage unit. At a time of authentication, the client terminal: generates a feature polynomial from biometric information for authentication; multiplies the helper polynomial by the feature polynomial; adds a random polynomial having a small norm to the authentication polynomial; and transmits the authentication polynomial to the authentication server. The authentication server determines whether or not the biometric information for enrollment and for authentication can be authenticated, based on the result obtained by multiplying the authentication polynomial by the template polynomial.08-15-2013
20130212644NETWORK STIMULATION ENGINE - Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.08-15-2013