Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Authorization

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

726003000 - Network

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20090077634FIRMWARE UPDATE METHOD AND SYSTEM USING THE SAME - A firmware update method and a system using the same are provided. The firmware update system comprises a device, a storage unit comprising a boot block code, and a network interface controller. When the system boots, the device executes the boot clock code, and determines whether an update alert exists. When the system boots, the network interface controller connects to a web server via Internet, downloads firmware from the web server, and generates the update alert after the firmware is downloaded. In response to the update alert, the device selects the firmware to be updated as an active code to the storage unit. The systems reboots after the firmware is updated to the device.03-19-2009
20130031611CLOUD-ENABLED WEB-ENTRY SYSTEM FOR VISITOR ACCESS CONTROL - The present invention is for a web-enabled entry system for access control of visitors to a residential, commercial or institutional facility having or not receptionist at the entry point, where visitors to such facility should be authorized and/or the visit event should be recorded in a database. This web enabled entry system is for visitor self-registration, announcing and obtain access approval for coming into such facility by the means of a system including touch capable tablet computers, wireless communications, remote servers and methods to notify and validate users providing entry authorization. The system is also capable to provide video capture and streaming using a camera embedded in the tablet computer and with the use of an optional door controller the system allows remote opening of the door or gate. The system also can be optionally used to work in conjunction with a receptionist or guard that will assist the visitor, providing a temporary visitor badge. The system on this invention can replace the use of traditional unattended telephone entry (tele-entry) system or manned computer based visitor control systems typically assisted by a guard or receptionist.01-31-2013
20090210928METHOD AND A SYSTEM FOR MANAGING A USER RELATED ACCOUNT INFORMATION ASSOCIATED WITH APPLICATION SERVICES DISTRIBUTED OVER A DATA NETWORK - There is provided a method for managing a user related accounts, the method comprising: receiving user account information for use in connection with at least one application service associated with the user for which a user account management is required; receiving node identification information allowing for identifying at least one application node distributed over a data network, where the at least one application node stores the at least one application service; using the received node identification information for delivering to the at least one application node, through the data network, the user account information; and instead of requiring from the user any manual procedures, automatically processing, at the at least one application node, the delivered user account information, where the processing comprises, in connection with each one of the at least one application service, creating or accessing and updating a corresponding user account using the received user account information. There is further provided a system for managing a user related accounts associated with application services distributed over a data network.08-20-2009
20080244707WIRELESS TRANSMITTER IDENTITY VALIDATION IN A WIRELESS NETWORK - An apparatus, a method, and logic encoded in computer readable media that when executed operable to carry out the method. The method includes wirelessly receiving at a receiving station a signal transmitted from a transmitting station in a wireless network. The signal includes a network identifier, e.g., MAC address of the transmitting station. The method includes determining one or more RF waveform characteristics of at least a transient part of the received signal, decoding the received signal to determine the network identifier, e.g., MAC address, determining one or more behavior characteristics from the received signal; and using the decoded network identifier, e.g., MAC address and a combination of the one or more waveform characteristics and the one or more behavior characteristics to ascertain whether or not the network identifier, e.g., MAC address is a spoofed identifier, the ascertaining using historical samples of combinations for different network identifiers.10-02-2008
20100088750TERMINAL APPARATUS, SERVER AND SYSTEM THEREOF - A terminal apparatus is provided which can guarantee operation of a use condition bytecode while securing the degree of freedom for a service provider generating the use condition bytecode. A terminal apparatus (04-08-2010
20100017856BIOMETRIC RECORD CACHING - An apparatus, method and program product locally stores biometric data in response to a user accessing a network (01-21-2010
20130047215METHOD AND APPARATUS FOR TOKEN-BASED REASSIGNMENT OF PRIVILEGES - According to one embodiment, an apparatus may monitor a session that facilitates a user's access to a resource. The user may be granted a privilege associated with accessing the resource. The apparatus may detect a change associated with the privilege granted to the user in at least one token of a plurality of tokens. The apparatus may then communicate a token that represents the change, and receive a risk token associated with the token. The apparatus may then determine to revoke the privilege based on the risk token, and generate a second token that represents the determination to revoke the privilege. The apparatus may then communicate the second token to facilitate the revoking of the privilege.02-21-2013
20130031615SYSTEM AND METHOD FOR WLAN ROAMING TRAFFIC AUTHENTICATION - A system and method for recognising traffic generated from an authenticated a device roaming in a wireless local area network and related aspects are provided. An authentication server is arranged to authorise communications traffic originating from a wireless access point to use a roaming service, the traffic comprising an NAT translated IP address. The server first authorises a WLAN roaming device, and then processes a meta-data message received from a WLAN access point in which the source address of the message comprises the source address of the roaming device at the WLAN access point. The server then determines, from the information provided in the meta-data message when it is received by the authentication server, which includes at this point a NAT translated source address in the meta-data message what the NAT translated source address of traffic from said NAT translated source address. In this way, all traffic generated by the roaming device whilst that NAT translated IP address is valid is automatically authorised to use a roaming service to access the internet.01-31-2013
20130031614METHOD FOR REMOTELY LOCKING/UNLOCKING A MACHINE - A method for changing the status, locked or unlocked, of a target machine including a security service and a session management module includes receiving, by the security service, a query corresponding to a request to change the status of the target machine, the query including at least one piece of identification information from a user of a source machine; from the security service, verifying if access rights to the target machine related to the user of the source machine allow a change in the status of the target machine by the user; if so, sending, from the security service, a status change message to the session management module of the target machine and proceeding to the status change made by the session management module.01-31-2013
20130031613SECURE ACCESS TO CUSTOMER LOG DATA IN A MULTI-TENANT ENVIRONMENT - Systems and methods process log data relating to usage of a multi-tenant application server. An input module receives a request from a user that identifies requested log data by a particular user or tenant of the multi-tenant application system. A log query service automatically formats the database query for the requested log data based upon the request received from the user, and stores the formatted database query on the storage device. A batch server subsequently retrieves the database query from the storage device, submits the database query to the data analysis engine, obtains the requested information from the data analysis engine after the query is completed, and notifies the user that the requested information is available for output.01-31-2013
20130031612SERVER APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM - An information processing method for a server apparatus controlling access based on a role of a user and a scope as authority held by an authorization token for realizing a unified license management structure that does not reduce an overall performance of a cloud service even if a plurality of services collaborate with the cloud service.01-31-2013
20130031610Collaborative information management - A method is provided for implementing collaborative information management. Information collaboration entities are authorized to allow entity members thereof access to a collaborative information data structure. Each information collaboration entity is a different business entity than each other information collaboration entity. An entity member of each one of the information collaboration entities is authorized to maintain business process information associated therewith within the collaborative information data structure. The business process information of each one of the information collaboration entities is generated through a business process thereof. The business process information of each one of the information collaboration entities is useful as quality control information for a manufactured product of a particular one of the information collaboration entities. An entity member of a first information collaboration entity is authorized to access business process information of a second information collaboration entity that is maintained within the collaborative information data structure.01-31-2013
20100050238SYSTEM AND METHOD FOR A WPAN FIREWALL - Systems and methodologies for implementing Wireless Personal Area Network (WPAN) security are provided herein. As disclosed herein, firewall functionality can be implemented for a WPAN-capable device to control access to resources of the device over a WPAN. In one example, a WPAN protocol can be extended to include low-level access control measures that enable analysis of communication requests to and/or from a device prior to acting on the requests. As described herein, a WPAN firewall associated with a device can be configured to block, monitor, and/or log respective resource accesses to and/or from a WPAN. WPAN firewall functionality as described herein can be configured using mechanisms such as an Application Programming Interface (API) and/or a user control interface. Additionally, lateral regulation of security policies for a WPAN and one or more other networks utilized by a device can be provided.02-25-2010
20110191830Common Point Authoring System For The Complex Sharing Of Hierarchically Authored Data Objects In A Distribution Chain - The Common Point Authoring system functions to provide Livestock Informational Objects via the use of a centralized repository of uniquely identified, immutable Livestock Informational Objects. This system automates the authoring, maintenance, and distribution of the Livestock Informational Objects by using an Internet-based paradigm and a centralized repository of uniquely-identified, immutable Data Elements. The Common Point Authoring system provides a set of software modules that the manufacturers can use to author, maintain, and distribute Livestock Informational Objects and their customers, as Members of the system of Livestock Informational Objects, can use to retrieve, maintain, and distribute the Livestock Informational Objects. The system's interconnectivity allows for the use of an Internet-based paradigm for the purchase and sale among Members of the system of Livestock Informational Objects as commodities, and for reducing the burden costs among Members of compliance with government regulations.08-04-2011
20110191826SYSTEM AND METHOD FOR PROVIDING VIRTUAL USER GROUPS IN A NETWORK ENVIRONMENT - A method is provided in one example and includes communicating an access request to a network element, the access request is associated with network authentication relating to a subscriber. The method also includes receiving an access response that includes a profile associated with the subscriber. The profile can include a group attribute that defines the subscriber as being part of a group of subscribers sharing a network data plan, which defines a data allotment assigned to the group over a specified time interval. In more detailed embodiments, a unique data string sent by an Authentication, Authorization, and Accounting element is received, where the unique data string identifies a full set of subscribers belonging to the group. Data underutilization of a first subscriber is offset by data overutilization of a second subscriber, where a summation of the data underutilization and the data overutilization do not exceed the data allotment assigned.08-04-2011
20090193503Network access control - A Network Access Control (NAC) device has at least first and second network interfaces with first and second network addresses, respectively, for providing connection to the network, and a computer device interface for providing connection to a user's computer device. A first network channel is configured in the NAC device over the first network interface for providing transactions between the computer device and the network using first application software installed in the NAC device. A second network channel is configured in the NAC device over the second network interface for providing transactions between the computer device and the network using second application software installed in the computer device.07-30-2009
20100011418KEY CONTROL WITH REAL TIME COMMUNICATIONS TO REMOTE LOCATIONS - A key control system includes at least one premise, a lockbox capable of securing a key to the premise and at least one mobile telephone associated with a user and having a stored access device program capable of communicating an access request to the lockbox. The premise is subject to authorized access by others, such as the user, based on preferences of an approval party established with the system. If specified by these preferences, the mobile telephone automatically initiates a communication to a selected destination to request approval of the access request.01-14-2010
20130086648UPDATING RESOURCE ACCESS PERMISSIONS IN A VIRTUAL COMPUTING ENVIRONMENT - Methods, systems, and devices are described for updating resource access permissions in a virtual computing environment. In these methods, systems, and devices, a host computer system determines that a user associated with an existing session has moved from a first location associated with a first set of access permissions to a second location associated with a second set of access permissions. The second set of access permissions is applied at the host computer to the existing session based on the determination that the user has moved to the second location. The user is then allowed to access the existing session from the second location according to the second set of access permissions.04-04-2013
20110202980Lawful Authorities Warrant Management - A method is proposed for managing requests from Law Enforcement Agencies for interception or retention of data relating to a target user. The method detects a request of interception or retention on the target user and verifies whether an electronic warrant is activated with respect to the user.08-18-2011
20110202979SYSTEM AND METHOD FOR USING RESOURCES OF A COMPUTER SYSTEM IN CONJUNCTION WITH A THIN MEDIA CLIENT - A computer system including a processor and a memory for retrieving digital media content, storing the digital media content in the memory, and providing the digital media content to a thin media client is provided.08-18-2011
20110202975METHOD OF MANAGEMENT IN SECURITY EQUIPMENT AND SECURITY ENTITY - Method of managing security entities positioned to cut off an information stream within a network. The method includes designating an entity to act as a sponsor for a new ward wishing to join the network, requesting to connect the ward with the sponsor, said sponsor determining whether or not it accepts the connection. If the sponsor accepts the connection, then connecting the sponsor and disconnecting from the plurality of entities forming the network. At least one of the entities and the sponsor checking a security level of said ward. If at least one of the entities decides to trust said ward, then the sponsor transmits to the ward configuration information to enable the ward to enter into communication with the network. If at least one of the entities decides not to trust the ward, then the ward cannot access the network and an alarm is generated.08-18-2011
20120180111CONTENT OBJECT ENCAPSULATING CONTENT ITEMS FOR ACCESSING CONTENT AND ACCESS AUTHORIZATION INFORMATION - Provided are a method, system, and computer program product for a content object encapsulating content items for accessing content and access authorization information. User input of content items is received, wherein each content item indicates a network address and content type of content at the network address. The content items are added to a content object in a computer readable storage. User input is received of access authorization information indicating a user having authority to access the content object. The access authorization information is added to the content object. A user request is received for the content object from a client computer over a network. The access authorization information is processed to determine whether the user at the client computer initiating the request has authorization to access the content object. The content object is processed to generate a presentation page to return to the client computer in response to determining that the user of the client computer is authorized to access the content object.07-12-2012
20080256608Linking Between Internet Subscription Websites - A method and system for managing delivery of a web resource to a user on a web server. The method determines the identity of the user on the web server and retrieves the web resource from the web server. The method scans the web resource to identify links, such as hypertext links, in the web resource that refer to a target web resource. For each link, the method determines whether access is allowed or denied by the user to the target web resource. The method creates a copy of the web resource and deactivates each link in the copy of the web resource if access is denied by the user to the target web resource referred to by the link. The method then delivers the copy of the web resource to the user on the web server.10-16-2008
20080256611METHOD AND APPARATUS FOR RESOURCE LOCATOR IDENTIFIER REWRITE - A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.10-16-2008
20080256610SYSTEM AND METHOD FOR DYNAMIC ROLE ASSOCIATION - A pluggable architecture allows security and business logic plugins to be inserted into a security service hosted by a server, and to control access to one or more secured resources on that server, on another server within the security domain, or between security domains. The security service may act as a focal point for security enforcement, and access rights determination, and information used or determined within one login process can flow transparently and automatically to other login processes. Entitlements denote what a particular user may or may not do with a particular resource, in a particular context. Entitlements reflect not only the technical aspects of the secure environment (the permit or deny concept), but can be used to represent the business logic or functionality required by the server provider. In this way entitlements bridge the gap between a simple security platform, and a complex business policy platform.10-16-2008
20080256609Multiple User Credentials - A login shell and file/directory access checking supporting multiple user credentials are provided. The login shell receives user input from a particular user including login information for a plurality of user accounts for that particular user. The login shell authenticates the plurality of user accounts using the login information and retrieves a plurality of user credentials corresponding to the plurality of user accounts. This plurality of user credentials forms a multi-user credential. In response to a request for access to a file, the access rights to the file for the user are verified by verifying the access rights of the multi-user credential.10-16-2008
20080256607Extensible and programmable multi-tenant service architecture - An extensible, multi-tenant software-as-a-service business application platform is provided for hosting multiple organizations. Organization services are provided by virtual or physical servers with dedicated data stores assembled in scalable groups. Distributed interaction between components of the scalable groups may enable extensibility and reliability, while changes in locations of organization services are provided to the client(s) for seamless continuation of the client's access to the services. Customizable and dynamic APIs for accessing each organization's data and applications isolated from the others and pluggable third party authentication services may also be integrated into the platform.10-16-2008
20080256606Method and Apparatus for Privilege Management - A computer implemented method, apparatus, and computer program product for managing privileges on a data processing system. The process initiates a privilege monitor. All other entities in the data processing system are prevented from assigning privileges. The privilege monitor is the only entity authorized to assign privileges. The process monitors for requests for privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor.10-16-2008
20080256605Localized authorization system in IP networks - The invention provides a method for bootstrapping a local authorizer of a non-public access network. The local authorizer is arranged for granting access for a client device to the non-public access network. Therefore, the local authorizer includes a credentials database, which is used in authentication and authorization of the client device during access to services or resources of the non-public network. A secret knowledge of the client device is used for generating at least one set of credentials. The bootstrapping method includes the step of uploading the at least one set of credentials to the credentials database of the local authorizer. This upload is performed by the client device at least at first access of the client device to the non-public network. Then the credentials in the credentials database are used for authentication and authorization of the client device during access to the non-public access network.10-16-2008
20120246704MOBILE SOFTWARE ENTITLEMENTS MANAGER - A mobile entitlements manager implemented on a mobile device stores the software entitlements belonging to a user of the mobile device. The mobile device communicates with client computers on which the user wishes to run software applications. Messages are exchanged between the client and the mobile device to enable activation, continued running, and to deactivate client applications in accordance with the entitlements available to the user. The mobile entitlements manager updates its entitlement information by communicating with a remote entitlements server, and informs the entitlement server of the status of programs running on clients in communication with the device. The entitlements manager handles entitlements for multiple applications and for multiple licensed entities, such as individual users, sites, client computers, or organizations.09-27-2012
20120246701Programming, Verifying, Visualizing, and Deploying Browser Extensions with Fine-grained Security Policies - An environment is described which enables the generation, analysis, and use of secure browser extensions. Each browser extension includes an extension body and a policy expressed in a logic-based specification language. The policy specifies the access control and dataflow privileges associated with the extension body in a fine-grained manner by leveraging the structure and content of resources that are accessible to the browser extension. A suite of analysis tools for testing the safety of the browser extension includes a visualization module identifies features of a resource that are accessible to the policy. A static analysis module uses a static analysis technique to determine whether the extension body satisfies the policy. The environment also includes a conversion module for converting the browser extension, once deemed safe, into a form for use by a particular type of browser. The browser can execute that extension without performing runtime safety checks.09-27-2012
20130086647ENCRYPTION SENTINEL SYSTEM AND METHOD - An encryption sentinel system and method protects sensitive data stored on a storage device and includes sentinel software that runs on a client machine, sentinel software that runs on a server machine, and a data storage device. When a client machine requests sensitive data from the data storage device, the data storage device interrogates the sentinel software on the server machine to determine if this client machine has previously been deemed to have proper encryption procedures and authentication. If the sentinel server software has this information stored, it provides an approval or denial to the storage device that releases the data if appropriate. If the sentinel server software does not have this information at hand or the previous information is too old, the sentinel server interrogates the sentinel software that resides on the client machine which scans the client machine and provides an encryption update to the sentinel server software, following which data will be released if appropriate.04-04-2013
20130086643TAMPER PROOF MUTATING SOFTWARE - System and method is disclosed for protecting client software running on a client computer from tampering using a secure server. Prior to or independent of executing the client software, the system integrates self-protection into the client software; removes functions from the client software for execution on the server; develops client software self-protection updates; and periodically distributes the updates. During execution of the client software, the system receives an initial request from the client computer for execution of the removed function; verifies the initial request; and cooperates with the client computer in execution of the client software if verification is successful. If verification is unsuccessful, the system can attempt to update the client software on the client computer; and require a new initial request. Client software can be updated on occurrence of a triggering event. Communications can be encrypted, and the encryption updated. Authenticating checksums can be used for verification.04-04-2013
20100115590All Hazards Information Distribution Method and System, and Method of Maintaining Privacy of Distributed All-Hazards Information - An information distribution method includes: gathering all-hazards information into an information exchange from a first information source; gathering all-hazards information into the information exchange from a second information source; distributing the all-hazards information from the information exchange to a first independently-controlled alert network; distributing the all-hazards information from the information exchange to a second independently-controlled alert network.05-06-2010
20080282327NETWORK AUTHORIZATION STATUS NOTIFICATION - A system that enables network authorization status to be conveyed to the device requesting network services within or outside the scope of an authentication exchange is provided. The authorization status notification or information can be automatically generated or otherwise triggered by a request from the user or device. For instance, a query can be employed to solicit device authorization status related to a particular service or group of services. Additionally, authorization status notification can be automatically triggered based upon a change in the device authorization state.11-13-2008
20130086649METHOD AND DEVICES FOR SECURE COMMUNICATIONS IN A TELECOMMUNICATIONS NETWORK - The invention relates to a method for secure communications in a telecommunications network, said network comprising a group of servers S04-04-2013
20130086637INDIRECT AUTHENTICATION - Techniques are provided for granting authorization to restricted content on a display device from an authorizing device. In one embodiment, the display device may operate in a display mode where only unrestricted content is accessible. To access restricted content, the display device may transmit an authorization request signal to the authorizing device. The authorizing device, having received the authorization request, prompts an authorized user to enter an authentication input, such as a password or gesture, on the authorizing device. Upon verification of the authentication input, the authorizing device is authenticated. An authorization signal is transmitted to the display device, and the display device may operate in an authorized mode, having access to otherwise restricted content or functions.04-04-2013
20130086639MOBILE APPLICATION, IDENTITY INTERFACE - Techniques for managing identities are provided. In some examples, identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more identity management operations associated with an account of a service provider. Based at least in part on the requested operation and/or the particular service provider, an application programming interface (API) may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider.04-04-2013
20130086638SYSTEMS, APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM FOR RECORDING IMAGES ON A RECORDING MEDIUM - When authentication information is input via an IC card reader and includes predetermined information. A portable terminal corresponding to the authentication information is identified, and specific identification information that identifies an image-data file associated with the authentication information is extracted. The extracted specific identification information is transmitted to the identified portable terminal, and the portable terminal displays a list of the received specific identification information on its touch panel. The operation of a printing mechanism is controlled, so that the image-data file corresponding to the specific identification information that selected with a touch panel on the portable terminal is accessed, and an image defined by the image-data file defines is printed on a sheet.04-04-2013
20130086644METHOD AND APPARATUS FOR COMMUNICATION CONNECTION SERVICE - Methods and apparatus are provided for communication connection service. Identification information of a second device is acquired. An inquiry about whether to register the second device as a favorite device is displayed. A registration request message is sent to a server, when a request to register the second device as the favorite device is inputted in response to the inquiry. The registration request message includes the identification information of the second device. A registration response message is received from the server in response to the registration request message. A user interface of the first device is controlled to provide feedback informing of a success or a failure in registering the second device as the favorite device based on the registration response message.04-04-2013
20130086642OBTAINING A SIGNED CERTIFICATE FOR A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range.04-04-2013
20130086646Method to Safeguard the Authorized Access to a Field Device used in Automation-Technology - A method of safeguarding the authorized access to field a device used in automation-technology, wherein the field device comprises an internet protocol capable interface as well as an interface for near field communication. The method comprises a unique factory installed access code for an authorized field device user is stored in the field device or clearly assigned to the field device; before delivery of the field device from a field device supplier to a field device user The unique factory installed access code for an authorized field device user is read from the field device through the near field communication interface means of a mobile service unit with the use of a Security App, made available by the field device supplier, or through an alternatively made available, and secure, channel of communication; access authorization for the field device is established by means of the Security App for at least one authorized field device user; and operation of the field device is accomplished by the authorized field device user with the established access authorization by means of the mobile service unit or the internet protocol capable interface.04-04-2013
20130086645OAUTH FRAMEWORK - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.04-04-2013
20130081109Multi-Tenant Agile Database Connector - A module provides an interface between a multi-tenant database and a non-tenant-specific application instance such that the application instance sends data access commands to the module as if it is communicating with a single-tenant database. The module translates the non-tenant-specific data access command from the non-tenant-aware application into a multi-tenant data access command, as needed, without needing to alter the non-tenant specific application instance in any way. In this manner, a single-tenant application could be used by multiple tenants in a multi-tenant environment.03-28-2013
20130081113METHODS OF AND SYSTEMS FOR REMOTELY CONFIGURING A WIRELESS DEVICE - A particular method includes transmitting a message from a first device to a second device. The message includes first information associated with identification of the first device. The first information enables the second device to obtain access data. The method also includes establishing a first communication link between the first device and the second device based on the access data. The method further includes receiving, via the first communication link, second information associated with establishment of a second communication link between the first device and a third device. The method also includes configuring the first device to establish the second communication link between the first device and the third device based on the second information.03-28-2013
20130081112Global Terminal Management Using 2-Factor Authentication - A terminal management system for an enterprise network, having a terminal management server functionally connected to an enterprise network. The terminal management system includes at least one network device and a secure shell client that are also functionally connected to the enterprise network. The secure shell client establishes a temporary direct connection to the network device after being validated as having an approved secure connection module. This validation is accomplished by software modules running on the terminal management server. This temporary connection may be converted to a maintained direct connection if the software modules on the terminal management server determine that the secure shell client connected to the network device is the same one validated as having an approved secure connection module.03-28-2013
20130081111ENHANCED SECURITY FOR ELECTRONIC COMMUNICATIONS - Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user.03-28-2013
20130081110GLOBAL ACCESS CONTROL FOR SEGMENTED STREAMING DELIVERY - Various arrangements for controlling access to streaming media assets are presented. Transmission of segments of a media asset to a first user device may be commenced. During transmission of the media asset to the first user device, beaconing data from the first user device may be received and stored as session information. The first user device may no longer be permitted to receive the media asset at least partially due to the first user device no longer being authenticated. Transmission of a remainder of the plurality of media segments to the first user device may be ceased such that the first user device does not receive the media asset in its entirety.03-28-2013
20130086641System and method for validating users using social network or other information from a wed site - A system and method uses any or all of information of a user and/or user's activity at a second web site, information of the user's friends or other connections at the second web site, or registration information of the user, to determine whether to allow the user to communicate with other users of a first web site, prevent the user from communicating with other users of the first web site, or monitor the user's communications and allow or prevent the user from further communication based on the monitored communications at the first web site.04-04-2013
20130086640INFORMATION PROCESSING APPARATUS AND METHOD - A computer determines whether destination information is included in permission target information. The destination information indicates a destination to which a file stored in a storage device is transferred. The permission target information includes information indicating a target permitted to access the file. The computer prompts before the file is transferred, upon determining that the destination information is not included in the permission target information, a user to input whether to permit the transfer. The computer adds the destination information to the permission target information upon receiving, via an input device, a permission input for permitting the transfer. The computer transfers the file upon receiving the permission input.04-04-2013
20130036456CREDENTIAL PROVISION AND PROOF SYSTEM - A method of authenticating to a computer server involves a first authentication client transmitting an authentication token to the computer server via a first communications channel, and a second authentication client receiving a payload from the computer server via a second communications channel distinct from the first communications channel in accordance with an outcome of a determination of authenticity of the authentication token by the computer server.02-07-2013
20130036455METHOD FOR CONTROLLING ACESS TO RESOURCES - The invention enables a service provider to authorise a service to access a resource or function provided by a service provider based on a resource owner's consent, wherein the consent takes into account both to the identity of the service requesting the access and the identity of the user of the requesting service. The invention separates the service access process into a first step in which the requesting service is granted access on the condition that the access is made in the name of a defined user, and a second step in which the user of the requesting service authorises the requesting service to access the resource in the requesting user's name.02-07-2013
20130036454MANAGEMENT OF ACCESS IDENTIFIERS - Access to an on-line account management system is facilitated. A request is received to perform a first action using an on-line account management system. The request comprises a first access identifier. A global party identifier associated with the first access identifier is determined. Restriction information associated with the first access identifier and the global party identifier is accessed from a global party profile operable to store at least one of a time-based, a location-based, and a device-based restriction associated with actions capable of being performed using the on-line account management system. A processor determines whether the first action is permissible based on the restriction information associated with the first access identifier and the global party identifier.02-07-2013
20130036457Multiple Image Reverse Turing Test - In a Reverse Turing Test an applicant seeking access to a computer process is presented with an image containing human-readable data that is intended to be inaccessible to an automated process or bot. In an improved Reverse Turing Test the applicant is presented with multiple sub-images that have to be rearranged in order to yield the overall image. This does not substantially increase a human applicant's difficulty in dealing with the test, but makes it much more difficult for a bot to interpret the image.02-07-2013
20120210400METHOD OF MANAGING AUTHORIZATION OF PRIVATE NODE B IN A WIRELESS COMMUNICATION SYSTEM AND RELATED DEVICE - A method of managing authorization of a private node-B coupled to a packet core network terminal in a wireless communication system. The method includes performing positioning measurement for the private node-B to generate a position information of the private node-B, providing the position information for the packet core network terminal, determining authorization validity of the private node-B according to the position information and home network coverage of the private node-B, and then rejecting the authorization of the private node-B when the position information indicates that the private node-B is located out of the home network coverage.08-16-2012
20130042306DETERMINING MACHINE BEHAVIOR - When a user visits a webpage, the web browser obtains information of the user's operation behavior on the webpage and sends the obtained information of the operation behavior to the web server. The web server determines a weighted value of machine behavior based on obtained information of the user's operation behavior on the webpage. When the web server determines that the weighted value of machine behavior is not less than a defined threshold, it determines that user's operation behavior on the webpage is machine behavior.02-14-2013
20130042307COMMUNICATION METHOD AND INFORMATION PROCESSING SYSTEM - A communication method in an information processing system including a group of first information processing apparatuses that transmit data and a group of second information processing apparatuses that receive the data is disclosed. The communication method includes storing data subject to being transmitted to one of the second information processing apparatuses in a data storage by associating the data with identifier information of the second information processing apparatus, and performing transmission processing to transmit the stored data to the second information processing apparatus in response to reception of a first token generated by the second information processing apparatus serving as a generating source of the first token, the first tokens indicating a transmission right to transmit the data to the second information processing apparatus and being transferred between the group of the first information processing apparatuses and between the group of the second information processing apparatuses.02-14-2013
20100043061SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR PROVIDING FOR SECURE OFFLINE DATA TRANSFER BETWEEN WIRELESS SMART DEVICES - According to one aspect of the subject matter described herein, a method for registering wireless smart devices for secure offline data transfer is provided. The method includes, for an application configured to execute on a wireless smart device and that requires access to information regarding an account that does not reside on the wireless smart device, register, at a server having access to the information regarding the account, a first wireless smart device has an account owner device (AOD) for operating in an online mode for obtaining the information regarding the account from the server and for operating in an offline mode for transferring the information regarding the account to at least one additional device via a secure offline data transfer using near field communications (NFC). The method further includes registering, at the server, at least one second wireless smart device as an account sharer device (ASD) for operating in an offline mode for receiving the information regarding the account from the first wireless smart device via the secure offline data transfer using NFC.02-18-2010
20100043060METHOD, DEVICE, SYSTEM, TOKEN CREATING AUTHORIZED DOMAINS - This invention relates to a method (02-18-2010
20090158402SYSTEM AND METHOD FOR AUTHORIZING ACCESS REQUEST FOR HOME NETWORK - A system and method for authorizing an access request for a home network. The system includes at least one accessed device, at least one authorizing device and at least one authorizing proxy server, wherein a connection request managing module is provided in the accessed device, the authorizing proxy server includes an access request information forwarding module, an authorizing information forwarding module and an authorizing mode managing module. The method includes the authorizing proxy server receives an access request information of an accessing device that is acquired and transmitted by the accessed device; the authorizing proxy server forwards the received access request information to the authorizing device; after receiving the authorized information of the authorizing device, the authorizing proxy server feedbacks the authorized information to the accessed device; the authorized information is the information that is sent to the authorizing proxy server after the authorizing device determines the authorization according to the received access request information.06-18-2009
20090158401DOWNLOADABLE CONDITIONAL ACCESS SYSTEM AND CONTROLLING METHOD FOR THE SAME - A method and apparatus of supporting a fee-based broadcasting service in a Downloadable Conditional Access System (DCAS) is provided. A control method of a DCAS, the method including: receiving a Conditional Access (CA) image file from a Conditional Access System (CAS) server and receiving Integrated Personalization Server (IPS) access information from an IPS; providing an Authentication Proxy (AP) with information about the received CA image file; controlling the AP to provide a terminal with access information to the IPS and image installation information when the terminal joins a fee-based service based on verifying device information of the terminal; and controlling the IPS to enable the terminal to receive a CA image code of the terminal based on the access information and the image installation information.06-18-2009
20090158400WIRELESS COMMUNICATION TERMINAL, METHOD FOR PROTECTING DATA IN WIRELESS COMMUNICATION TERMINAL, PROGRAM FOR HAVING WIRELESS COMMUNICATION TERMINAL PROTECT DATA, AND RECORDING MEDIUM STORING THE PROGRAM - Security of a file or an application program saved in a wireless communication terminal is maintained. A process performed by the wireless communication terminal includes the steps of: detecting an access point for wireless LAN (Local Area Network) based on a signal sent from a wireless communication I/F; obtaining an SSID (and a MAC address) of the detected access point; referring to access management data stored in a hard disk based on the obtained SSID; and restricting access to the file or the program based on the access management data.06-18-2009
20090158399Method and apparatus for processing a multi-step authentication sequence - A method of automating an authentication sequence for accessing a computer resource comprising processing form information associated with the authentication sequence, wherein the authentication sequence comprises a plurality of queries associated with a plurality of web pages; and communicating a response to a portion of the authentication sequence using form information that corresponds to a query upon recognition of indicia of the portion of the plurality of web pages where the portion comprises the query.06-18-2009
20090158398ENABLING PROVIDER NETWORK INTER-WORKING WITH MOBILE ACCESS - Various example embodiments are disclosed herein. In an example embodiment, a method may comprise authenticating a subscriber based upon one or more messages received from a subscriber equipment, via an Access Network Gateway (ANG); sending an access authorization message to the ANG authorizing the subscriber equipment; and wherein the access authorization message includes an address of a tunnel endpoint node and a tunnel method identifier (ID) to be used by the ANG to establish a tunnel between the ANG and the tunnel endpoint node for the subscriber equipment.06-18-2009
20090158397Secure Push and Status Communication between Client and Server - Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway.06-18-2009
20100107226System and Methods for Providing Presence Services In IP Network - A system and methods are shown for providing presence state services in an Internet Protocol network. One exemplary system includes a central presence element configured to track and provide user presence state information, and a local presence element in communication with the central presence element and further in communication with a signaling entity. According to one embodiment, the local presence element is configured to create and manage local presence state authorization data generated based on user presence state information being received from the central presence element. Further, the local presence element is configured to authorize a user service request using the local presence authorization data before providing access to a service requested by the user in the user service request.04-29-2010
20100107225REMOTE SERVICE ACCESS SYSTEM AND METHOD - A wireless service access system and method are disclosed. One aspect of the disclosed system provides a remote device wireless access to one or more services over a communication network, the system comprising a network access module adapted for communicating wirelessly with the remote device and for receiving therefrom identifying data; and a service access module, communicatively linked to the network access module, for authenticating the remote device based on the identifying data and authorizing access to the one or more services thereto via the network access module.04-29-2010
20090119755SYSTEM AND METHOD FOR ROLE BASED ACCESS CONTROL OF A DOCUMENT PROCESSING DEVICE - The subject application is directed to a system and method for controlling access to a document processing device based on roles assigned to user groups. Each group of users has certain functions for which they are authorized to use a document processing device. The device determines the group to which the user belongs, and then determines those functions of the device for which the group is authorized. The device then compares the requested function with the authorized functions to determine if the group to which the user belongs is allowed to use the document processing device for the requested function. The document processing device then performs the authorized requested function or denies use of the device for an unauthorized function.05-07-2009
20090119752Method and system for transparent encryption and authentication of file data protocols over internet protocol - A method processing one or more files using a security application. The method includes a method processing one or more files using a security application. The method includes connecting the client to a proxy server, which is coupled to one or more NAS servers. The method includes requesting for a file from a client to the proxy server and authenticating a requesting user of the client. The method also includes authorizing the requesting user for the file requested; requesting for the file from the one or more NAS servers after authenticating and authorizing; and requesting for the file from the one or more storage elements. The file is transferred from the one or more storage elements through the NAS server to the proxy server. The method determines header information on the file at the proxy server and identifies a policy based upon the header information at the proxy server. The method also includes processing (e.g., decompressing the file, decrypting the file, and verifying the file) the file according to the policy. The method includes transferring the processed file to the user of the client.05-07-2009
20120185923DATA COMMUNICATION APPARATUS, DATA COMMUNICATION METHOD, DATA COMMUNICATION PROGRAM, AND STORAGE MEDIUM STORING THE PROGRAM - A data communication apparatus which is capable of preventing reception of undesired data by a destination without increasing the load on a network, etc. Data and a destination thereof are input. A sender ID related to a sender who sends the input data is input. The input data is sent to the input destination. A sender ID for data transmission to the input destination is permitted is stored as a permission ID. The input sender ID is collated with the stored permission ID. Whether to permit data transmission is determined according to the collation result.07-19-2012
20120167178Metadata Container-Based User Interface Flexibility - All metadata relevant to user interface functionality needed to provide a specific unit of business functionality can be stored in one of a plurality of autonomous metadata containers retained on at least one data storage device. After a subset of available business functionality to be provided to a user is determined, a set of the plurality of autonomous metadata containers required to provide the subset of available business functions can be identified. A user interface view can be generated to present a view associated with each of the set of the plurality of autonomous metadata containers, and the generated user interface view can be provided for display to the user. Related systems, articles of manufacture, and computer-implemented methods are described.06-28-2012
20130047220Method and system for multi-access authentication in next generation network - The disclosure provides a method for multi-access authentication in Next Generation Network (NGN), which includes: a network side authentication center generates an authentication vector after receiving user terminal information from a user terminal, wherein the user terminal information includes subscription information and multi-access information of the user terminal; the user terminal performs authentication on the network side after receiving an authentication request from the network side authentication center, and generates keying material and network side authentication information upon successful authentication, and sends the network side authentication information to the network side authentication center, wherein the authentication request includes authentication information; the network side authentication center performs authentication on the network side authentication information using the authentication vector, generates keying material according to the multi-access information of the user terminal upon successful authentication, and inform an access forwarding functional module of the keying material; the access forwarding functional module encrypts and decrypts access service information of the user terminal according to the keying material. The disclosure also provides a system of the method. The disclosure enhances the efficiency with which the user terminal accesses the network.02-21-2013
20130047218WIRELESS DEVICE AUTHENTICATION BETWEEN DIFFERENT NETWORKS - A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, and providing the device with a single-use token that can be used to sign on to a second network without requiring conventional re-authentication over the second network.02-21-2013
20130047217SYSTEMS AND METHODS OF MANAGING VIRTUAL WORLD AVATARS - Systems and methods of virtual world interaction, operation, implementation, instantiation, creation, and other functions related to virtual worlds (note that where the term “virtual world” is used herein, it is to be understood as referring to virtual world systems, virtual environments reflecting real, simulated, fantasy, or other structures, and includes information systems that utilize interaction within a 3D environment). Various embodiments facilitate interoperation between and within virtual worlds, and may provide consistent structures for operating virtual worlds. The disclosed embodiments may further enable individuals to build new virtual worlds within a framework, and allow third party users to better interact with those worlds.02-21-2013
20130047216INFORMATION PROCESSING APPARATUS, RESOURCE PROVIDING APPARATUS, AND INFORMATION PROCESSING SYSTEM - There is provided an information processing apparatus which the communication unit receives a usage request of a resource described in a first format from a program providing apparatus, the conversion unit identifies a resource providing apparatus having the resource as indicated and converts the usage request described in the first format into the usage request described in a second format that can be interpreted by the resource providing apparatus identified, the communication unit transmits the usage request described in the second format to the resource providing apparatus and receives a processing result of the usage request described in the second format from the resource providing apparatus, the conversion unit converts the processing result described in the second format into the processing result described in the first format, and the program execution unit performs an operation according to the processing result described in the first format.02-21-2013
20130047214METHOD AND APPARATUS FOR TOKEN-BASED COMBINING OF AUTHENTICATION METHODS - According to one embodiment, an apparatus may store a first and second subject token that indicate a first authentication method performed by the user and a second authentication method performed by the user respectively. The apparatus may detect at least one new subject token indicating at least one different authentication method performed by the user. The apparatus may then determine that a particular combination of subject tokens in the first subject token, second subject token, and the at least one new subject token indicates a privilege should be granted to the user, and facilitate the granting of the privilege to the user.02-21-2013
20130047213Method And Apparatus For Token-Based Token Termination - According to one embodiment, an apparatus may store a plurality of token-based rules that facilitate access to a risk-sensitive resource. The apparatus may further store a first token that may indicate that a user is accessing a non-risk-sensitive resource. The apparatus may receive a second token that may indicate that the user is attempting to access the risk-sensitive resource. In response to receiving the second token, the apparatus may apply the token-based rule to make an access decision whereby the user's access to the non-risk-sensitive resource will be terminated. The apparatus may then communicate at least one token representing the access decision.02-21-2013
20130047222Implementing secured, event-based layered logout from a computer system - A secure, layered logout of a user session is implemented in a management tool. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions that are enforced upon occurrence of an event. A succeeding security level in the set of security levels is reached upon occurrence of an event associated with that level, in which case the permissions associated with the level are then enforced against at least one object while the user session continues. As each next security level is reached, the set of permissions are then enforced, once again while the user session continues. The layered logout may enforce different permissions with respect to different objects. If the user takes no action, eventually a final security level will occur, at which point the user session is finally terminated.02-21-2013
20130047221METHOD AND APPARATUS FOR IMPROVED INFORMATION TRANSACTIONS - A mechanism gives users meaningful access to information while protecting the interests of publishers and creators of information including text, graphics, photos, executable files, data tables, audio, video, and three dimensional data and allows a user to review a document while connected to a network but prevents the user from downloading, printing, or copying the document unless a fee is paid. The user is allowed to review documents at a first cost basis, but only provides other access to documents, such as copying, printing, or downloading on a second cost basis. The user is also allowed to purchase a selectable portion of a document at a price based on the amount of material selected where that amount of material can include a portion of a document, an entire document, or an anthology of components of multiple documents.02-21-2013
20130047219ENTERPRISE-WIDE SECURITY SYSTEM FOR COMPUTER DEVICES - A system and method for securing data in mobile devices (02-21-2013
20090044253Managing unprotected and protected content in private networks - A method for managing unprotected and protected content in a private network, the method including the steps of: receiving content; retrieving metadata associated with the received content; determining whether the received content is unprotected or protected based on the associated metadata; for unprotected content, allowing the unprotected content to be selectively stored, managed and distributed in the private network based on the associated metadata; for protected content, identifying a content protection system associated with the protected content based on the associated metadata, and performing at least one of: displaying information to a user of the private network facilitating retrieval of one or more hardware/software components required by the associated content protection system; retrieving the one or more required hardware/software components; verifying that the one or more required hardware/software components are present in the private network, before allowing the protected content to be selectively stored, managed and distributed in the private network based on the associated metadata.02-12-2009
20110004924CHALLENGE-RESPONSE SYSTEM AND METHOD - A content-based authorisation method is described, wherein the method is operable to validate that a user has access to certain content. By having access to the content, the system is able to decide that the user is authorised to access the content, and may perform operations or set access rights accordingly.01-06-2011
20090328159Systems and Methods for Secure Printing - Apparatus, systems, and methods consistent with disclosed embodiments provide for the secure printing of documents. A first security data is associated with a document, which is printed to one of several secure trays coupled to a printer, if a second security level derived from the first security data is not lower than the first security level currently associated with the secure output tray. The first security data is matched with second security data obtained from an input device coupled to the printer. Access to the secure tray is granted if the second security data matches a subset of the first security data. In some embodiments, secure output trays on the printer may be dynamically assigned to different security levels corresponding to the security levels of documents printed to the secure output trays.12-31-2009
20090313681Preliminary Verification System which has a Authentication by Phone on the Internet Environment - A preliminary verification method under an Internet environment using a phone authentication service in a system including a first terminal, a web server, an authentication server, a host server, a call server and a second terminal, the method comprising the steps of: providing a preliminary transaction request generated from the first terminal to the authentication server through the web server; at the authentication server, transmitting the preliminary transaction request information to the host server, and providing preliminary transaction result information corresponding to the preliminary transaction request information from the host server to the first terminal; at the authentication server, in case of receiving a real transaction request generated from the first terminal, receiving and verifying the authentication information from the first terminal according to the electronic transaction approval, and requesting a phone authentication for the second terminal of the user of the authenticated first terminal to the call server; at the call server, generating an authentication call to the second terminal, receiving a one time password (OTP) number corresponding to the authentication call from the second terminal, generating an OTP number by the same number of an OTP device, and transmitting authentication completion information to the host server if the generated OTP number is the same with the received OTP number; and at the host server, performing the electronic transaction process according to the authentication completion information received from the call server.12-17-2009
20090307761ACCESS AUTHORITY SETTING METHOD AND APPARATUS - An access authority setting method includes: detecting an action including activation of a virtual machine, stop of the virtual machine or a movement of the virtual machine between physical servers; and setting access authority required for a state after the action to a related apparatus among a connection apparatus and a disk apparatus in a system. By dynamically setting the access authority to the connection apparatus or disk apparatus according to an operation state of the virtual machine, the unauthorized access is prevented and the improvement of the security is realized.12-10-2009
20090307760ELECTRONIC MAIL TRANSMISSION AND RECEPTION SYSTEM - An electronic mail transmission/reception system is provided, capable of maintaining the confidentiality of restricted attachments desired to be limited in destination, thereby ensuring the security of the restricted attachments. A system management server 12-10-2009
20090307759Temporary Domain Membership for Content Sharing - In accordance with one or more aspects, a first device receives a digital certificate of a second device. The first device generates a digitally signed temporary domain join request and sends the request to a domain controller. The domain controller generates, for the first device, a temporary domain certificate allowing the first device to temporarily consume content bound to the domain. The temporary domain certificate is sent to the first device, allowing the first device to temporarily consume content bound to the domain.12-10-2009
20090307757Method and System for Centralized Access Authorization To Online Streaming Content - The invention discloses a system to protect online streaming content by a content provider, by means of access authorization in the network operator's platform. The invention provides a solution to the problem of access authorization for streaming content, that is not exactly known with regards to description and/or location at the moment the access authorization is performed.12-10-2009
20090307756System of Electronic Document Repository which Guarantees Authenticity of the Electronic Document and Issues Certificates and Method of Registering, Reading, Issuing, Transferring, A Certificate Issuing Performed in the System - Provided are an electronic document repository system which guarantees authenticity of electronic document and issues certificates and methods of registering, reading, issuing, and transferring electronic documents in the system, and a method of issuing certificates in the system. The electronic document repository system includes an authentication module, a registration module, a reading module, an issuing module, and a certification module.12-10-2009
20090307755SYSTEM AND METHOD FOR FACILITATING CROSS ENTERPRISES DATA SHARING IN A HEALTHCARE SETTING - A method of sharing patient information including creating a release authorization containing sufficient information to identify a patient and information authorized for transmission, which is a subset of information stored by an electronic health record (EHR) entity for that patient; the release authorization associated with a patient or a person acting as a proxy for the patient; receiving a request from a recipient entity for information; identifying the subset of information associated with the release authorization to be transmitted from the EHR entity to the recipient entity; and transmitting the subset of information from the EHR entity to the recipient entity.12-10-2009
20120192254METHOD FOR PRODUCING AN ELECTRO-BIOMETRIC SIGNATURE ALLOWING LEGAL INTERACTION BETWEEN AND IDENTIFICATION OF PERSONS - A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly.07-26-2012
20120192252METHOD AND APPARATUS FOR AUTHORIZING A USER OR A USER DEVICE BASED ON LOCATION INFORMATION - A method comprises receiving a request for generating a challenge for a device or a user of the device. The method also comprises determining location information associated with the device. The method further comprises determining one or more characteristics that are detectable based, at least in part, on the location information. Furthermore, the method comprises generating the challenge based, at least in part, the one or more characteristics.07-26-2012
20090094682METHODS AND SYSTEMS FOR USER AUTHORIZATION - A method for controlling access to a system is provided. The method includes creating a role tree including a plurality of privileges, creating a resource tree including a plurality of resources, assigning at least one role for at least one resource to a user, and evaluating the plurality of privileges of the user for a requested service access based on at least one of a user role assignment, a user resource assignment, and a location of a device used by the user to request the service access.04-09-2009
20130074159Method and System for Sharing Mobile Security Information - Methods and systems for sharing mobile security information are disclosed. According to an embodiment, a method for sharing mobile security information includes: providing to a user of the mobile device an option to share the mobile security information, extracting content from mobile security information upon receiving the user's selection, and posting the extracted content to a social network service.03-21-2013
20130074158METHOD AND APPARATUS FOR DOMAIN-BASED DATA SECURITY - An approach is provided for a data application interface with improved security. The approach further involves processing a request for access to user data items to determine one or more associated domains and/or one or more access rules associated with the user data items. In one embodiment, the access rules specify criteria for determining one or more authorized domains and/or one or more users that have access rights to the user data items. The approach also involves determining whether to grant the access to the user data items based, at least in part, on a comparison of the determined domains against the criteria and/or access rules.03-21-2013
20130074163USER EQUIPMENT AND CONTROL METHOD THEREFOR - There is provided a User Equipment comprising: a content obtaining unit that obtains a content item that is not reproducible without permission data for enabling reproduction of the content item; a receiving unit that receives the permission data; a detecting unit that detects that the permission data indicates that a subscriber of a predetermined network operator is entitled to reproduce the content item using the permission data; a key obtaining unit that obtains key data from a module managing subscription information for the predetermined network operator by sending, to the module, information representing the predetermined network operator and information representing an authentication server for determining validity of the key data; a determining unit that determines whether or not the key data is valid by communicating with the authentication server; and a reproducing unit that reproduces the content item using the permission data if it is determined that the key data is valid.03-21-2013
20130074162METHOD FOR DYNAMICALLY AUTHORIZING A MOBILE COMMUNICATIONS DEVICE - Physically access-protected service access, such as a service flap having a mechanical lock, for example, are used to ensure the secure establishment of security check information. Logical access security to service functions is produced using the security check information via additional, decentralized service interfaces. For this purpose, it is not the mobile service device that is connected to the physically access-protected communications interface, but rather a second authentication module associated with the mobile service device. Security check information is provided by the authentication module for secure service access to the network via additional, decentralized communications interfaces of the network.03-21-2013
20130074161AUTHENTICATION IN HETEROGENEOUS IP NETWORKS - The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.03-21-2013
20130074160METHOD OF CONTROLLING INFORMATION PROCESSING SYSTEM, COMPUTER-READABLE RECORDING MEDIUM STORING PROGRAM FOR CONTROLLING APPARATUS - A method includes generating, by a relay apparatus, association information on the basis of access information such that a plurality of pieces of code included in a received application program are associated with information on permission for executing the plurality of pieces of code, and sending the received application program and the generated association information to a client apparatus configured to execute the received application program, receiving the received application program and the association information from the relay apparatus, and executing, by a client apparatus, a piece of code that is permitted to be executed and not executing a piece of code that is not permitted to be executed with reference to the association information when the client apparatus executes the plurality of pieces of code included in the received application program.03-21-2013
20130061290SYSTEM FOR SECURELY PERFORMING A TRANSACTION - A system and method for performing a transaction are described. A transaction request to perform a transaction is received. Authorization information necessary to perform the transaction is gathered and stored in a secure memory. The gathered authorization information is verified. A final command to perform the transaction is received. When the final command is received, the transaction is performed and the stored authorization information in the secure memory is erased.03-07-2013
20130061288METHOD FOR CONTROLLING TRUST AND CONFIDENTIALITY IN DAILY TRANSACTIONS OF THE DIGITAL ENVIRONMENT - The invention comprises a method for controlling trust and confidentiality during pervasive computing transactions supporting users' daily activities.03-07-2013
20130061293METHOD AND APPARATUS FOR SECURING THE FULL LIFECYCLE OF A VIRTUAL MACHINE - Systems and methods for securing a virtual machine are disclosed. Various embodiments of the systems and methods disclosed herein allow provisioning a trusted and secure computing environment to a user. Various embodiments enable securing a virtual machine during multiple states, such as during run time, construction time and rest time. In one embodiment, a virtualization infrastructure for securing a virtual machine includes a trusted computing base and a proxy virtual machine running on the virtualization infrastructure as a proxy of the trusted computing base, the trusted computing base being configured to cryptographically verify the proxy virtual machine to be authentic and to prevent unauthorized access to the proxy virtual machine. The proxy virtual machine may be configured to compute an exit state measurement of the virtual machine and to use the exit state measurement to prevent an unauthorized entry of the virtual machine into the virtualization infrastructure.03-07-2013
20130061292METHODS AND SYSTEMS FOR PROVIDING NETWORK SECURITY IN A PARALLEL PROCESSING ENVIRONMENT - A method of providing network security for executing applications is disclosed. One or more servers including a plurality of microprocessors and a plurality of network processors are provided. A first grouping of microprocessors executes a first application. The first application is executed using the microprocessors in the first grouping. The microprocessors in the first grouping of microprocessors are permitted to communicate with each other via one or more of the network processors. A second grouping of microprocessors executes a second application. At least one server has one or more microprocessors for executing the first application and one or more different microprocessors for executing the second application. The second application is executed using the microprocessors in the second grouping of microprocessors. One or more of the network processors prevent the microprocessors in the first grouping from communicating with the microprocessors in the second grouping during periods of simultaneous execution.03-07-2013
20120311681COMPLETION OF PORTABLE DATA CARRIERS - A method for completing at least one portable data carrier connected to a completion device, wherein a completion data set that is present on the completion device is introduced into the data carrier. A security module is connected to the completion device and different authorization data sets are provided on the security module. The security module includes a management application for managing the different authorization data sets. Each of the authorization data sets exactly specifies one completion, and each of the authorization data sets is exactly associated with one completion data set. The managing application on the security module monitors the completion of the at least one data carrier according to the specification in an authorization data set selected from the different authorization data sets.12-06-2012
20120311679Document Conversion And Network Database System - A network database system wherein clients of subscribing entities are authorized network access to reliable documents that are identified by each entity as being relevant to clients of that entity. Features that can be included in the system are customization of the documents to reflect sourcing by particular subscribers, automated formatting of the documents for storing in a network database, client access facilitated by subscriber-maintained databases, and the avoidance of cookies remaining on clients' computer hard drives following document access. Also disclosed is a method for processing repeated data requests on a distributed computer database.12-06-2012
20130061294NETWORK ATTACHED DEVICE WITH DEDICATED FIREWALL SECURITY - Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorised, and only if the request for network access is authorized, providing the network client with network access to the NAD.03-07-2013
20130061291Modular Device Authentication Framework - Systems, methods, and computer-readable media provide a requesting device with access to a service. In one implementation, a server receives a request to access a service, and the request includes a device type identifier of a device requesting access to the service. The server extracts the device type identifier from the request and determines a corresponding device type for the requesting device. An authentication module is selected from a plurality of authentication modules based on the device type identifier, and the selected authentication module implements an authentication scheme for the device type of the requesting device. The server authenticates the request using the selected authentication module to determine whether the requesting device is permitted to access the service, and provides access to the service based on at least a determination that the requesting device is authorized to access the service.03-07-2013
20130061289Secure Messaging - A secure messaging interface enables submission of messages to a messaging gateway via secure means over TLS. A destination mobile device(s) is notified of a pending secure message, and holds the secure message until it is retrieved by an authorized mobile device. The messaging gateway also provides push services for sending data to wireless devices. The secure messager enables sending devices to apply security to an individual message. Sending devices may include, e.g., an enterprise administration server; messages routed through an messaging gateway (MGW) portal; an user messaging application; or a user through a handset. The secured messages may include content as available today across any messaging protocol such as text, audio, video, binaries and images.03-07-2013
20130185773APPARATUS, SYSTEM, AND METHOD FOR MANAGING, SHARING, AND STORING SEISMIC DATA - Implementations described and claimed herein provide a system and methods for managing a flow of and access to proprietary data in a cloud storage array. In one implementation, a plurality of uploads of the proprietary data is received. An association of the proprietary data is maintained across the plurality of uploads. A role is assigned to a party with an interest in the proprietary data. The role is defined by a set of access permissions. The access of the party to the proprietary data is controlled based on the assigned role. The proprietary data may be multi-dimensional data sets, such as raw, processed, and/or interpreted seismic data sets.07-18-2013
20130185774Systems and Methods of Managing Access to Remote Resources - A method and system are provided for managing access to resources available remotely from at least one computing device. The resources include at least one software application and at least one hardware component. The method and system involve storing access level indicators for indicating different types of access; storing identifiers for identifying different users with access to the at least one computing device and possible access to the resources; for each resource and each identifier, storing an access level indicator for that resource and that user; and before granting access to a resource for a user seeking access to the resource, operating a processor to: determine an identifier identifying the user; determine the access level indicator stored in the storage module for the identifier and the resource; and if access is consistent with the determined access level indicator, grant access to the resource, otherwise, deny access to the resource.07-18-2013
20090055903INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - The present invention provides an information processing system, an information processing apparatus, and an information processing method, capable of reducing a load of user authentication on a user, when a specific operation is performed using a plurality of apparatuses. In an embodiment of the present invention, an authentication server searches a device group corresponding to devices identified by device identification information transmitted to the authentication server, and searches a workflow. Subsequently, the authentication server judges whether or not a workflow in operation exists, and, if exists, does not instruct password input but directly instructs device processing.02-26-2009
20090055902SECURE DELEGATION USING PUBLIC KEY AUTHENTICATION - A client is impersonalized to a plurality of servers using a middle-tier server. A common nonce associated with each of the plurality of servers is obtained and the common nonce is provided to the client. The common nonce signed by the client is received at the middle-tier server and provided as a signature for transactions from the client to the plurality of servers so as to authenticate the client to the plurality of servers.02-26-2009
20090055901De-Centralization Of Group Administration Authority - An embodiment of a network manager permits a resource group administrator (with resource group level permissions but without global permissions) to add a global object to his/her resource group as a managed object, without requiring the administrator to have a global permission, as discussed further below. An embodiment of the network manager permits a resource group administrator to also edit the configuration settings that are attached to his/her resource group without requiring the administrator to have a global permission.02-26-2009
20110047600SYSTEMS AND METHODS FOR PROVIDING A VIRTUAL WORLD COMMODITY DEVICE - The present invention describes methods and apparatus to enable efficient and protected interaction with a virtual world environment. An exemplary embodiment of the present invention provides a system including a virtual world commodity device including a housing and a memory. Furthermore, the system includes a product unique identifier stored in the memory of the virtual world commodity device. The virtual world commodity device is enabled to communicate with a virtual world environment to provide the product unique identifier and the virtual world environment provides a globally unique identifier to be stored in the memory of the virtual world commodity device.02-24-2011
20110047598DEVICE IDENTITY MATCHING - Devices are identified by their owners and authorization to network two or more devices is based on device ownership. Data structures such as address books can store information about an owner of a device and maintain an entry indicating that a particular entry identifies the owner of the device. Other entries in the address book are contacts of the owner. A host device can authorize a client for communication with the host based on a relationship between the owner of the client and the owner of the host as indicated by the presence of the contact information of the client's owner in the host's address book. Devices and can enable communication and sharing of services and levels of access permissions based on the relationship of the owners' of the respective devices.02-24-2011
20120117627Authority Control Systems and Methods - Authority control systems and methods are provided. The system at least includes a first electronic device and a second electronic device. The second electronic device is coupled to the first electronic device. The second electronic device receives an authority setting for the first electronic device, and transmits the authority setting to the first electronic device. The first electronic device determines an access control operation regarding the first electronic device towards the second electronic device according to the authority setting.05-10-2012
20120117626Business pre-permissioning in delegated third party authorization - A method to manage access to end user-protected resources hosted in a shared pool of configurable computing resources, such as a cloud computing environment, begins by registering a particular application or service into the environment. The application or service is one that is being permitted to access resources on behalf of end users via a delegated authorization protocol, such as OAuth. For at least one end user associated with the organization, a permission is set, preferably by an organization entity, such as an organization administrator. The permission determines whether the application or service is permitted to access one or more resources associated with the end user. Then, in response to a request by the third party application to access a resource, where the request is received via the delegated authorization protocol, the permission is then used to determine whether the third party application is permitted to access the resource.05-10-2012
20120117625SECURITY SYSTEM FOR COMPUTING RESOURCES PRE-RELEASES - Technology is provided for provisioning a user computer system with membership in a privilege set in order to execute a pre-release resource. Some examples of pre-release resources are alpha and beta versions of firmware or software which can be downloaded to user computer systems. The pre-release resources are associated with different privilege sets based on their security risk levels. In one example, a security risk level may represent a number of user computer systems at risk of an integrity failure of the pre-release resource. In other examples, the security risk may represent an operational layer of the user computer system affected by the resource or a level of security testing certification success for the pre-release resource. A privilege set identifier indicates membership in one or more privilege sets.05-10-2012
20130067541IMAGE PROCESSING DEVICE, ACCESS CONTROL METHOD AND COMPUTER READABLE RECORDING MEDIUM - An image processing device, comprises: a display part on which various types of information are displayed; a storage part for storing therein a variety of data; a first browser for accessing an external server and acquiring a web page from the external server, thereby causing the display part to display the acquired web page; a second browser for accessing the external server and acquiring the web page from the external server, thereby causing the display part to display the acquired web page, and that is permitted to access a predetermined storage region in the storage part; a browser boot part for starting up any one of the first and second browsers; and a controller for permitting an access request for the predetermined storage region in response to receipt of the access request from the running browser only when the browser running by the browser boot part is the second browser.03-14-2013
20130067538Context Aware Recertification - Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.03-14-2013
20130067542Connection authorization with a privileged access - Disclosed is a connection authorization method with an access privilege transferring algorithm for safely transmitting privilege information between virtual mobile management tool and communication endpoint gateway (CEG) server through embedded stub. Secret Shared Key (SSK) information is shared between the embedded stub and communication endpoint gateway server (namely, session mediation server) through VMM (Virtual Mobile Management) client. A stub that generates access privilege information transfers access privilege information to VMM tool. The stub applies a two-way communication channel between the session mediation server and the VMM tool by joining the generated privilege information and the SSK information to each other, thereby generating protected privilege information with which a third party or hacker who does not know the secret information is not capable of interfering. Exploiting the protected privilege information makes it possible to safely connect authorization with access privileges.03-14-2013
20130067544SYSTEM FOR AUTHENTICATION MANAGEMENT OF A SENSOR NODE HAVING A SUBSCRIPTION PROCESSING FUNCTION, AND A METHOD FOR OPERATING THE SYSTEM - The present invention relates to a system for authentication management of a sensor node having a subscription processing function, and a method for operating the system. Upon receiving information about a sensor node allocated with an IP address, the system supports the access of only authorized user equipment to a corresponding sensor node, which blocking any direct access of unauthorized user equipment to the sensor node, thereby strengthening the security of the sensor node. According to the present invention, a relay server receives subscription information from user equipment. The relay server checks permission validity of corresponding user equipment. If the user equipment has a valid permission, the relay server transmits the subscription information to a sensor node, and transmits subscription acceptance information to the user equipment. Then the sensor node transmits the collected and stored information to the user equipment having a valid permission.03-14-2013
20130067543PRINTER SERVER, PRINTER CONTROL METHOD, AND STORAGE MEDIUM - A system in an environment in which WSD is realized by employing SSL includes an authentication server that stores a certificate group which permits printer creation and printing to avoid a risk of spoofing. The system uses a printer having a certificate issued by an official certificate authority. In such a case, if verification on whether the certificate of the printer is included in the certificate group of the authentication server is performed for all printers, there may be a printer which becomes unable to print, or in which the time for performing the verification becomes a waste, depending on the printer. A printer type is thus set when creating the printer, and if the printer has a certificate issued by the official certificate authority, a printer server performs certificate authority (CA) verification with respect to the certificate.03-14-2013
20130067540TECHNIQUES FOR ACHIEVING STORAGE AND NETWORK ISOLATION IN A CLOUD STORAGE ENVIRONMENT - Techniques for achieving storage and network isolation in a cloud environment are presented. A single Internet Protocol (IP) address is presented to multiple storage tenants that use storage in a cloud environment. When each tenant accesses the IP address, a specific identity of the tenant is resolved and the storage stack for that tenant is sent to the tenant's storage machine having the tenant's storage. The tenant is directly connected to its tenant storage machine thereafter.03-14-2013
20130067539ACCESS CONTROL MANAGEMENT - The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.03-14-2013
20110023095SYSTEM AND METHOD FOR SUPPORTING SECURITY ADMINISTRATION - A transactional server is configured to receive a transactional procedure call from a client to initiate one or more transaction processes. Said transactional server includes a Lightweight Directory Access Protocol (LDAP) authentication server which is configured to forward the transactional procedure call from the transactional server to a distributed authentication server for authentication. When the transactional procedure call to initiate a transaction is received at the transactional server, the LDAP authentication server identifies a user associated with the transactional procedure call, determines that the distributed authentication server should authenticate the user, and initiates an LDAP session between the transactional server and the distributed authentication server. Then, after receiving from the distributed authentication server corresponding user information, the LDAP authentication server creates a token reflecting an authentication result based on the corresponding user security information, which is subsequently used to authenticate the client to participate in the transaction.01-27-2011
20110023094METHOD, APPARATUS, AND SYSTEM FOR PREVENTING ABUSE OF AUTHENTICATION VECTOR - A method for preventing abuse of an Authentication Vector (AV) and a system and apparatus for implementing the method are provided. Access network information of a non-3rd Generation Partnership Project (3GPP) access network where a user resides is bound to an AV of the user, so that when the user accesses an Evolved Packet System (EPS) through the non-3GPP access network, even if an entity in the non-3GPP access network is breached, or an Evolved Packet Data Gateway (ePDG) connected to an untrusted non-3GPP access network is breached, the stolen AV cannot be applied to other non-3GPP access networks by an attacker.01-27-2011
20110023093Remote Roaming Controlling System, Visitor Based Network Server, and Method of Controlling Remote Roaming of User Devices - An authorization assisting device sends to the VBN server an authorization request for access to the WAN by a requesting user device. A registration driver has a set of assignable IP address ranges for multiple routing realms, and assigns an IP address to a user device from a relevant IP address range depending on a routing realm from which communication from the user device is received. The assignable IP address ranges include one or more authorization address ranges from which the registration driver assigns an IP address to a user device whose authorization request is received from the authorization assisting device. An authorization module processes the authorization request to generate an authorization response granting or denying access to the WAN by the requesting user device based on registration data in a registration data store and the information in the authorization request.01-27-2011
20110023092Method and system of plug-in privilege control - A plug-in privilege control includes authorizing a plug-in, including assigning a plug-in identification number (PIN) to the plug-in wherein the PIN is used to identify an identification (ID) of the corresponding plug-in; notifying the plug-in about the PIN; storing information about the plug-in and a plug-in accessible service to a mapping of services; receiving a request for a service from the plug-in, wherein the request includes the PIN; retrieving the ID of the plug-in according to the PIN; and determining whether to allow the plug-in to access the service that it requested.01-27-2011
20110023091AUTHENTICATION, AUTHORIZATION AND ACCOUNTING SERVICES SOLUTION - Methods, systems and modules for Authentication, Authorization and Accounting (AAA) services. In one embodiment, session information is stored in an external database so that the information can be retrieved to continue a session using a different AAA server than the one which originated the session, and/or can be retrieved by non-AAA systems.01-27-2011
20110023090INTEGRATING SERVICE INSERTION ARCHITECTURE AND VIRTUAL PRIVATE NETWORK - Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker. The dynamic mapping facilitates providing differentiated services in the SIA by facilitating forwarding an IPSec packet received on the IPSec VPN tunnel from the user to a service node associated with the SIA service based, at least in part, on the IPSec SADB entry modified using the service information.01-27-2011
20120198521COMMUNICATION APPARATUS, COMMUNICATION APPARATUS SYSTEM, AND METHOD CONTROLLING RELAY APPARATUS - A service cooperation system is provided with a multi-function apparatus and a relay apparatus. The service cooperation system changes a disclosure condition of an album in which an electronic file is categorized and stored, for an electronic file storing service offered by the service provider. Without the need for a terminal apparatus such as a personal computer having a fulfilling web browser function, an image reading apparatus itself can perform uploading process, setting of an album of an upload destination and security setting/changing for an album, while notifying the user, who is authorized to a limited disclosure and to view the album, that the album has been updated.08-02-2012
20120233671SYSTEM AND METHOD FOR SELECTIVE PROTECTION OF INFORMATION ELEMENTS - A system and method for selective protection of information items is provided a one or more information elements in an information object may be identified. Selected information elements in an information object may be encrypted. Placeholders may replace selected information elements. Presentation of information included in the information object may comprise a presentation of placeholders substituting information elements. Contingent on an authentication, placeholders may be replaced by associated information elements. Contingent on an authentication, information elements may be viewed and/or manipulated.09-13-2012
20120233667EFFICIENT DATA STRUCTURES FOR MULTI-DIMENSIONAL SECURITY - Efficient data structures are generated to enforce permissions on a multi-dimensional representation in a performance management application. A model site is generated having at least one model with at least one dimension. User permissions and group permissions are set for the model. The user permission and the group permissions are deployed to a relational database. A collective user permission table is generated based on the user permissions and the group permissions. Thus, an end user may receive permissions associated with a model and permissions associated with particular dimensions of a model without an inefficient consumption of resources.09-13-2012
20120233665DEVICE REPUTATION - A user device is associated with a dynamic trust score that may be updated as needed, where the trust score and the updates are based on various activities and information associated with the mobile device. The trust score is based on both parameters of the device, such as device type, registered device location, device phone number, device ID, the last time the device has been accessed, etc. and activities the device engages in, such as amount of transactions, dollar amount of transactions, amount of denied requests, amount of approved requests, location of requests, etc. Based on a transaction request from the user device, the trust score and a network reputation score is used to determine an overall trust/fraud score associated with the transaction request.09-13-2012
20090013385Authorization System and Method - An authorization system and a method for the protection of digital content and subscriber integrity in a digital content distribution system. At least one subscriber management system is arranged to maintain subscriber identification data. A subscriber authorization system arranged to maintain subscriber entitlement data separately from the subscriber identification data. The subscriber management system is arranged to identify a subscriber upon receipt of a request by the subscriber to extract digital content, and to generate an order to the subscriber authorization system to entitle the subscriber to access to the requested digital content. The subscriber authorization system is arranged to, upon receipt of such an order, verify the subscribers entitlement to access to the requested digital content and if verified transmit to a system client associated with the subscriber an entitlement to access the requested digital content.01-08-2009
20090013386Peer discovery and connection management based on context sensitive social networks - In a method for automatically filtering communications, a networking request from an initiating party on an initiating communication device is received. The networking request pertains to a request for communication between the initiating communication device and a recipient communication device of a user over a communication channel. A determination is made of whether the communication channel to be used for the communication matches a communication channel for a previous communication between the initiating party and the user. It is automatically determined whether to grant the networking request, based at least in part on the determination of whether the communication channel for the communication matches the communication channel for the previous communication between the initiating party and the user. Other embodiments are described and claimed.01-08-2009
20090013384Deriving a Username Based on a Digital Certificate - One embodiment of a method for determining a username comprises obtaining a digital certificate from a first computer application requesting a service; authenticating the digital certificate of the first computer application; and retrieving the username from the digital certificate that is recognized by a second computer application performing the service as a user of the second computer application. Other methods and systems are also provided.01-08-2009
20090007242Access Control System and Method - Certain embodiments of the invention relate to an access control system defining one or more compartments and providing rules, which are applied to the compartment(s), to control access to network services by entities that are associated with a said compartment, the rules comprising at least a first kind of rule for controlling access to network services that use dynamically-assigned communications ports.01-01-2009
20090007241SECURE CONTENT DELIVERY SYSTEM - A secure streaming content delivery system provides a plurality of content servers connected to a network that host customer content that can be cached and/or stored, e.g., images, video, text, and/or software. The content servers respond to requests for customer content from users. The invention load balances user requests for cached customer content to the appropriate content server. A user makes a request to a customer's server/authorization server for delivery of the customer's content. The authorization server checks if the user is authorized to view the requested content. If the user is authorized, then the authorization server generates a hash value using the authorization server's secret key, the current time, a time-to-live value, and any other information that the customer has configured, and embeds it into the URL which is passed to the user. A content server receives a URL request from the user for customer content cached on the content server. The request is verified by the content server creating its own hash value using the customer server's secret key, the current time, a time-to-live value, and any other related information configured for the customer. If the hash value from the URL matches the content server's generated hash value, then the user's request is valid and within the expiration time period and the content server delivers the requested content to the user.01-01-2009
20090007240Systems and methods for conditional access and digital rights management - Conditional access (CA) and digital rights management (DRM) in digital media delivery, processing, and storage systems. Methods and apparatuses are provided for managing digital rights under the protection of multiple CA and/or DRM systems. Some embodiments provide secure and robust methods for bridging multiple DRM systems in the digital media content distribution and playback systems. The present invention simplifies content repurposing, after it has been bridged to a secondary DRM system, but still under the control of the original DRM system.01-01-2009
20090007238Method and Apparatus for Management and Updating of Distributed User Databases - The invention includes a method and apparatus for authenticating a visiting node in a wireless network. A method includes receiving a request to transfer a user database of a visiting node, obtaining the visiting node user database from the visiting node in response to a determination to update a master user database to include the visiting node user database, and merging the visiting node user database with the master user database. The request to transfer the visiting node user database is received, from the visiting node, at a primary authentication node of the network. The visiting node user database includes entries for users associated with the visiting node. The master user database includes entries for users associated with nodes authenticated by the primary authentication node of the network.01-01-2009
20130167206STORAGE SYSTEM, METHOD OF CONTROLLING ACCESS TO STORAGE SYSTEM AND COMPUTER SYSTEM - A plurality of servers is connected to a storage system via a network. A control unit in the storage system defines exclusive access groups from an address information of each access interface of the servers, defines logical volumes in which the server is permitted to access for each of the exclusive access groups, and controls the access to the volume of the server by a access list which defines correspondence between the server and the logical volume and the physical volume, which are permitted to access by the server.06-27-2013
20130167204METHOD FOR MANAGING ACCESS TO PROTECTED COMPUTER RESOURCES - A method for controlling access to protected computer resources provided via an Internet Protocol network that includes registering identity data of a subscriber identity module associated with at least one client computer device; storing (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module, and (iii) authorization data regarding the protect computer resources; receiving the identity data of a subscriber identity module, and a request for the protected computer resources; authenticating (i) the identity data of the at least one access server, and (ii) the identity data of a subscriber identity module; authorizing the at least one client computer device to receive at least a portion of the protected computer resources; and permitting access to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device.06-27-2013
20130167198Protocol for sequential rights transactions - Methods and apparatus, including computer program products, implement techniques for delivering a rights object granting one or more rights to a media object. The rights object has an associated return address, and the return address is usable to initiate a subsequent rights transaction relating to the rights granted by the rights object.06-27-2013
20130167199On-Demand Authorization Management - Methods and apparatus, including computer program products, are provided for authorization management. In one aspect, there is provided a computer-implemented method. The method may include receiving a request to authorize at least one user to at least one module of a system; mapping the received request to a semantic tag; processing, based on the semantic tag, the request to authorize the at least one user to determine whether to grant the at least one user access to the at least one module; and sending a response to the request to authorize the at least one user, wherein the response is in accordance with the result of the processing. Related apparatus, systems, methods, and articles are also described.06-27-2013
20130167200TECHNIQUES TO STORE SECRET INFORMATION FOR GLOBAL DATA CENTERS - Techniques to store secret information for global data centers securely are described. Various embodiments may provide a front end service for a back end data store. The front end service may be responsible for deployment, upgrade, and disaster recovery aspects, and so forth, of data center maintenance. Data centers may access data and data-related services from the back end data store through the front end service. Secrets that are needed to access secure data may be stored on behalf of the data centers without providing the secrets to the data centers. Other embodiments are described and claimed.06-27-2013
20130167202IMAGE PROCESSING APPARATUS - An image processing apparatus includes: a first acquisition unit acquiring input information from an outside for starting execution of an image processing function; a determination unit determining whether a specific apparatus connected through a network is logged in based on specific identification information corresponding to the input information; a first request unit requesting input of authentication information from the outside; and a function control unit controlling execution of the image processing function. When it is determined that the specific apparatus is not logged in, the first request unit requests the input of the authentication information from the outside. When it is determined that the specific apparatus is logged in, the function control unit permits the execution of the image processing function without the first request unit requesting the input of the authentication information from the outside.06-27-2013
20130167201REMOTE ACCESS TO A DATA STORAGE DEVICE - A method may be performed in a data storage device that stores one or more files and that is operatively coupled to any host device that is accessible to another device via a network. The method includes receiving an access request originating from the other device. The access request is received via a particular host device registered as a recipient of requests for access to the data storage device via the network while the data storage device is operatively coupled to the host device and while the host device is accessible via the network. The method also includes, in response to receiving the access request, sending a response with access information to the other device. The response is provided to the particular host device to be sent to the other device via the network.06-27-2013
20130167205CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS - This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.06-27-2013
20120240193SYSTEM AND METHOD FOR ASSIGNING PERMISSIONS TO ACCESS DATA AND PERFORM ACTIONS IN A COMPUTER SYSTEM - A method for setting permissions for a group of users of a computer system. The method includes receiving data that defines a role for a first group of users, the role including one or more permissions each defining a permitted activity of the first group of users with respect to data of users in a second group of users, and setting the one or more permissions based on the defined role.09-20-2012
20080295156SYSTEM, COMPUTER PROGRAM PRODUCT AND METHOD FOR SCANNING AND MANAGING DOCUMENTS11-27-2008
20080295155SYSTEMS, METHODS, AND MEDIA FOR MANAGING ELECTRONIC ASSET TAGS FOR ASSET DEVICES11-27-2008
20080295154METHOD AND SYSTEM FOR MANAGING MOBILITY OF ACCESS TERMINAL USING PROXY MOBILE INTERNET PROTOCOL IN A MOBILE COMMUNICATION SYSTEM, AND METHOD FOR ALLOCATING HOME ADDRESS OF ACCESS TERMINAL FOR THE SAME11-27-2008
20090031401ANNOTATIONS FOR ENTERPRISE WEB APPLICATION CONSTRUCTOR - A web-based application constructor can be used constructing a web display. The web-based application constructor can obtain data from heterogeneous data sources having Web Services schemas to produce the web display. The web display can contain page components and can display the data from at least some heterogeneous data sources. A versioning system can keep track of changes to page components, page layouts, searches, and text to allow users to make changes without administrative approval. Users can annotate page components, page layouts, records, and text with comments.01-29-2009
20090064284Method and System for Access to Material on a Web Site - A user connected to a first service mounted on a remote server is enabled to connect to a second service, on the same or another server, without new steps required for log-in, and optionally including the passing of parameters from the first to the second service that enable the second service to open in a manner appropriate to the state of the user's interaction with the first service at the moment of requesting the connection. In the case of the second service being provided from a second server, authentication is provided by means of an authentication broker, which provides a token that the operating system of the user's computer is induced (via its normal response to received messages) to embed in a request for service to the second server, which verifies the token by an exchange with the broker. In either case, once the connection with the second server is achieved, later repeated access may be enabled without the user having to go through the procedure required to enable such access from scratch.03-05-2009
20080271121EXTERNAL USER LIFECYCLE MANAGEMENT FOR FEDERATED ENVIRONMENTS - The present invention provides a generic technique that externalizes the management of a user session, particularly in the context of a federated environment. The invention obviates any requirement to design and implement special software (or any requirement to modify a previously installed plug-in) to enable third party SSOp-aware applications to manage the lifecycle of a user session. In an illustrative embodiment, the user session lifecycle is managed externally through an external authentication interface (EAI) that has been extended to enable any POC (or SSOp-aware application) to interface to a federated identity provider component using a simple HTTP transport mechanism. In the inventive approach, HTTP request and response headers carry the information that is used by the POC to initiate and later destroy a user session, and such information is provided by a federated entity without requiring use of a special authentication API.10-30-2008
20100050237GENERATING USER AND AVATAR SPECIFIC CONTENT IN A VIRTUAL WORLD - Generation of user and avatar specific content in a virtual world may include generating a local attribute object. The local attribute object may comprise attributes identifying at least one of the user's real world location and the user's avatar's virtual world location. Access to the local attribute object by virtual world operators may be controlled by the user and/or user's avatar. Specific content, based on the local attribute object, is presented to the user's avatar.02-25-2010
20100287601SYSTEM FOR MANAGING RIGHTS OF ACCESS TO AVIONIC APPLICATIONS AND DATA AND METHOD IMPLEMENTED BY THIS SYSTEM - A system for managing a user's access rights to avionic information, loaded onboard an aircraft, that includes at lease one identification device able to read the user's identity information contained on a personal card, and an avionic computer having means of managing access rights able to authenticate the user and determine access rights to avionic information based on the user's identity.11-11-2010
20120192253SYSTEM AND METHOD FOR CONTROLLING ACCESS TO INFORMATION STORED AT PLURALITY OF SITES - An external master portal system consisting of a standalone primary control interface referred to as a master portal which is network-connected to subordinate gateway controllers located at the peer connection points to the network, used to define and control the permitted transfer of data across a peer-to-peer network is disclosed. Further, control of the master portal can be provided to a third party whose data is only a part of broad range of data stored or used at any of the peer sites.07-26-2012
20120090018DIGITAL RIGHTS MANAGEMENT OF CONTENT WHEN CONTENT IS A FUTURE LIVE EVENT - A method and system for managing use of items having usage rights associated therewith including a point of capture system adapted to generate content of a future event when the event occurs, a content distributor adapted to generate a rights label having usage rights associated with content of the future event before the content is created, the rights label having a distribution key for encrypting the content as the content is generated, the distribution key being encrypted with a public key. The system also includes a license server adapted to generate a license associate with the content from the rights label before the content is generated, the license including the distribution key encrypted with the public key, and a content distributor adapted to distribute the license before the content is generated.04-12-2012
20110283341Facilitating Secure Communications - The claimed subject matter provides systems and methods for facilitating secure communications. The disclosed systems and methods can include components for receiving and processing user authentication information from users or other systems to selectively provide access to stored information. The stored information may be displayed on or accessed via interfaces that interact with components of the system. An embodiment provides for identifying an authentication framework to verify authentication data, authenticating a user using the identified authentication framework, receiving message data associated with at least one communications message, generating at least one outgoing message in response to the received message data, wherein the outgoing message differs from the received communications message, and providing access to content associated with the at least one communications message.11-17-2011
20110283343DEVICE FOR GENERATING A VIRTUAL NETWORK USER - A device for generating a virtual network user that can be used, for data protection purposes, as a pseudonym by which a physical person or legal entity can gain access to the Internet and engage services that can be implemented via the network. The network user is defined by a freely specifiable combination of real and/or arbitrarily specifiable attributes. The input of these attributes into the network access device (PC) of the user activates a transformation system which facilitates the generation of the data flows that implement the virtual network user and that can be saved with the temporal sequence of the data flow in a storage device of the transformation system. An access system allocated to an independent authority is provided, which upon activation can initiate the readout of such data from a memory allocated to the storage device of the transformation system.11-17-2011
20110283342THIN CLIENT-SERVER SYSTEM, THIN CLIENT TERMINAL, DATA MANAGEMENT METHOD, AND COMPUTER READABLE RECORDING MEDIUM - Provided are a thin client-server system, a thin client terminal, a data management method, and a computer readable recording medium capable of preventing data leakage when the thin client terminal is lost.11-17-2011
20110283340FLEXIBLE QUASI OUT OF BAND AUTHENTICATION ARCHITECTURE - To obtain user approval of network transactions at different levels of security, a network site selects a form in which a transaction with be presented to the user from a group of transaction presentation forms including presentation of the transaction in a browser pop-up window on a user network device, in a security software application window on the user network device, and in a security application window on another user network device. The network site also selects a type of approval of the transaction required from the user from a group of transaction approval types including approval requiring no action by the user after presentation of the transaction, the user to actively approve the presented transaction, and the user to sign the presented transaction. The transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to obtain approval of the transaction by the user.11-17-2011
20110283339METHOD AND APPARATUS FOR PROVIDING NETWORK SECURITY USING SECURITY LABELING - A method and apparatus for providing network security using security labeling is disclosed. The method includes comparing first security level information and second security level information, and indicating processing to be performed on the packet based on the comparing. The first security level information is stored in a security label of a packet received at a network node, while the second security level information is stored at the network node.11-17-2011
20110283338SENSOR-BASED AUTHENTICATION TO A COMPUTER NETWORK-BASED SERVICE - Sensor-based authentication technique embodiments are presented which generally employ sensor readings captured by a user's computing device (such as a mobile computing device like a cell phone, smart phone, PDA, and so on) to authenticate the user's access to a computer network-based service (such as a web-service) that is secured with traditional textual passwords. These traditional passwords are saved in an off-device password repository service. The aforementioned sensor readings are not cached on the user's computing device and are immediately streamed to the password repository service, where they are validated against a pre-arranged, known sensor-based password. If the validation succeeds, access to the password protected service is brokered by the password repository service on behalf of the user using the appropriate traditional password, and the user's computing device is granted access.11-17-2011
20090119754System, an Arrangement and a Method for End User Authentication - The present invention relates to a system for authentication of an end user of a user station arrangement (05-07-2009
20090138944METHOD AND APPARATUS FOR CAMOUFLAGING OF DATA, INFORMATION AND FUNCTIONAL TRANSFORMATIONS - A computer-representable object (including, without limitation, a cryptographic key, or a graph or a Boolean description of a system) is secured using a generalized camouflaging technique. The secured object need not be stored in the system, not even in encrypted form. Instead, the technique employs a composition function that regenerates the secured object when one inputs a valid password (which may be any computer-representable information held by a user). By regenerating the secured object each time a valid password is entered, there is no need to store the secured object. If one inputs an invalid password, the technique may generate an incorrect object, such that the user is unable to distinguish this incorrect object from the secured object. If the user tries to use the incorrect object, the user can be exposed as unauthorized, without the user's knowledge that he has been exposed.05-28-2009
20090210930METHOD OF AUTHENTICATING A CLIENT, IDENTITY AND SERVICE PROVIDERS, AUTHENTICATION AND AUTHENTICATION ASSERTION REQUEST SIGNALS AND CORRESPONDING COMPUTER PROGRAMS - A method is provided of authenticating a client to access a service provided by a service provider, whereby the service provider queries an identity provider to verify identity of the client and authorize access the service. The method includes: verifying using the identity provider to verify that an identity level corresponding to an earlier authentication of the client is stored with the identity provider, and granting service access authorization to the client, which is performed either (i) directly following the verification step when the identity level required is less than the stored identity level, or (ii) after the following steps when the identity level required is greater than the stored identity level or when no client authentication is available, namely requesting authentication of the client having the required identity level and replacing the stored identity level with the required identity level if the client is authenticated by the identity provider.08-20-2009
20110302635ENHANCING SECURITY IN A WIRELESS NETWORK - A method of enhancing security in a wireless mesh communication network operating in a process control environment and including a plurality of wireless network devices includes processing a join request from a wireless device wishing to join the wireless mesh communication network, providing a limited network functionality to the wireless device if the join request is granted, requesting a complete approval of the wireless device; and granting a full network functionality to the wireless device if the complete approval of the wireless device is received.12-08-2011
20110302636Method of Providing a Digital Asset for Distribution - Digital assets are distributed within an electronic network. An index of digital assets available for distribution over the electronic network is provided, where each digital asset has a first serial number associated with a first transfer within the network. The index can include a list of one or more locations for the digital assets, terms of use, etc. A second serial number is provided for the digital asset in response to a request for a second transfer of a digital asset. The second serial number can be embedded within the asset and transferred from a host server to a client device in response to a confirmation of acceptance of the terms of use.12-08-2011
20110302632Method and System for Supporting Visitor Access Via a Broadband Gateway - A method and system are provided in which a broadband gateway may enable a guest or visitor to access content available to the broadband gateway. The content may be received by the broadband gateway through one or more of a plurality of network access service providers that may provide separate physical layer access to the broadband gateway. After a visitor's device is connected to the broadband gateway, the broadband gateway may classify the device. Based on the classification, the device may be authorized to access a portion of the content received. Once the authorization process is complete, the appropriate content may be made available and transferred to the device. The authorization process may include the authentication of a device identifier and/or a user identifier. The authorized access may be time-limited, but may be renewed or enabled when a request is received within a determined period of time.12-08-2011
20110302634PROVIDING SECURE COMMUNICATION AND/OR SHARING OF PERSONAL DATA VIA A BROADBAND GATEWAY - A broadband gateway may manage confidential data associated with users in a home network managed and/or serviced by the broadband gateway. The broadband gateway may store the user confidential data broadband gateway in a distributed manner, wherein the confidential data may be divided into a plurality of portions and stored separately in multiple storage locations or devices. When users authorize the transfer of the confidential data, all portions may be communicated to enable aggregating them such that the confidential data may be obtained. The user confidential data may be encrypted. The broadband gateway may securely communicate and/or share the user confidential user data. This may be achieved by tracking communication of the user confidential data, by using tags incorporated into the data. The broadband gateway may also ensure that communicated confidential data is rendered unusable under certain conditions, based on use for various timing tags for example.12-08-2011
20110302631SYSTEMS AND METHODS FOR LOGGING INTO AN APPLICATION ON A SECOND DOMAIN FROM A FIRST DOMAIN IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT - A system and method for logging into an application across separate domains in a multi-tenant database environment is provided. The method may include receiving, by a server associated with a first domain, a substitute user request from a user of the first domain, the substitute user request including a request for the user of the first domain to become a user on a second domain, posting, to a server associated with the second domain, the substitute user request, and posting, by the server associated with the second domain, a new session identification allowing the user of the first domain to login to an application on the second domain.12-08-2011
20110302630IDENTITY MANAGEMENT VIA CLOUD - A system and method of maintaining a user profile for a handheld computer in a shared, scalable computing resource is described. The method includes receiving user profile data from the handheld computer at the shared, scalable computing resource, the user profile data comprising a user security factor. The user profile data is received via a secure wireless communication protocol having authentication of an identity of the handheld computer. The method includes storing the user profile data on the shared, scalable computing resource as a portion of a user profile, the user profile further comprising user preference data. The method further includes receiving the user security factor from a second computing device. The user security factor is received via a secure wireless communication protocol having authentication of an identity of the second computing device. The method further includes downloading user preference data to the second computing device.12-08-2011
20120011573SYSTEM AND METHOD FOR MANAGING INSIDER SECURITY THREATS - A defense mechanism module is provided for protecting a system from a privileged user. In some embodiments, a defense mechanism module can be integrated with the system such that all communications between the privileged user and the system first communicate with the defense mechanism module.01-12-2012
20120011572METHOD OF PERFORMING A SECURE APPLICATION IN AN NFC DEVICE - The invention relates to a method of executing a secure application in an NFC device, the method comprising steps during which: a contactless link is established between first and second NFC devices, the first NFC device transmits by the contactless link an identifier of a secure processor of the first NFC device, the second NFC device transmits by the contactless link an application identifier, the secure processor transmits by the contactless link first authentication data allowing the authentication of the secure processor of the first NFC device, the second NFC device transmits to an application server the first authentication data, the application server transmits to an authentication server the first authentication data and second authentication data) to authenticate the application and authorizes the two NFC devices to execute the application only if the secure processor and the application are authenticated.01-12-2012
20110289562METHOD FOR ENHANCING THE SECURITY OF THE MULTICAST OR BROADCAST SYSTEM - A method for enhancing the security of the multicast or broadcast system comprises the following steps: after having established the system parameter, the base station receives the register request message transmitted by the terminal, and the register request message carries the device identity information of the terminal; the base station registers the terminal according to the register request message and transmits the authorization key to the terminal after successful registration. By the base station establishing the specific system parameter, generating and awarding the corresponding terminal's key based on the parameter, the embodiment of the present invention can construct a secure network system of multicast or broadcast effectively and solve the security problem of the multicast or broadcast from the base station to the terminal in the network system.11-24-2011
20110289560Method And Apparatus To Bind A Key To A Namespace - A method includes identifying an application installed on a device as an authorized application of a certain domain, the application being signed with a private key; deriving a signer identity using a public key that forms a key pair with the private key; mapping the certain domain to another domain using a deterministic function map; making a request to the another domain to obtain a list of signer identities that are authorized to act on behalf of the certain domain; determining whether the signer of the application is in the list and, if it is, authorizing the application to act with the same privileges as granted in the certain domain. Apparatus and computer programs for performing the method are also disclosed.11-24-2011
20120090019Digital-Rights Management - A method and apparatus for digital-rights management is provided herein. Various forms of authorization are allowed, with each form of authorization being dependent upon an action taken on the digital content. In particular, when server-based authorization is unavailable, less-risky operations are allowed by performing an internal authorization scheme. Thus, higher security offered by a server-based DRM is required for risky actions, yet non-risky actions on the digital content may still be taken when the server is unavailable.04-12-2012
20110277017DATA DRIVEN ROLE BASED SECURITY - Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access.11-10-2011
20110296497Delegation-Based Authorization - Delegation-based authorization is described. In one example, a reference monitor receives from a first entity a request and a credential statement comprising a delegation of authority over a fact to a further entity. An authorization node then determines whether the further entity consents to provide the fact to the first entity and evaluates the request in accordance with an authorization policy and the credential statement. In another example, an assertion comprising a statement delegating authority over a fact to a further entity is received at an authorization node from a first entity. An authorization policy is then used to determine that the first entity vouches for the fact if each of these conditions are met: i) the first entity consents to import the fact from the further entity, ii) the further entity consents to export the fact to the first entity, and iii) the further entity asserts the fact.12-01-2011
20110296500Methods for Server-Driven Packet Congestion Control - Methods for congestion control by a AAA server are provided. In an embodiment of the invention a hint indicator is embedded in reply messages from a AAA server. In subsequent messages received by that AAA server, the AAA server determines when the hint indicator is present. Processing decisions for the subsequent message are based on the presence of the hint indicator. In another embodiment, a method for congestion control at the AAA server is provided. At the AAA server a message received from a network access server is stored and timestamped in an ingress message queue. A congestion state for the AAA server is determined based on an ingress queue state and a message age state. The message is processed based on the congestion state. In alternative embodiments, message processing is based on the congestion state, message type and number of round trip messages.12-01-2011
20110296501Connecting Devices to an Existing Secure Wireless Network - An intermediary device may be used to connect a telecommunications device to an existing secure network that is accessed by a computing device. The intermediary device may simplify connections to the secure network by connecting to the secure network without setting up a new connection to the secure network. The telecommunications device may connect to the computing device, via the intermediary device, using a secondary network, which enables the telecommunications device to access the secure network through the computing device. In some instances, the computing device may operate to bridge a connection with the telecommunications device and perform some or all of the functions of the intermediary device.12-01-2011
20110296499Security Context Passing for Stateless System Management - Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.12-01-2011
20110296498Fax authentication for secure fax transmission and of unwanted faxes - A system and a method of authenticating faxes are disclosed. The method includes receiving image data that includes at least one page to be transmitted by a sending fax device. An authentication code is generated at the sending fax device. The authentication code is transmitted to a receiving fax device. The receiving fax device determines whether the authentication code is one which is accepted. If it is, the receiving fax device authorizes commencement of the fax transmission.12-01-2011
20110296496System and Method for Maintaining Dual Identity in a Server Process - A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.12-01-2011
20110296495Redundant Credentialed Access to a Secured Network - A mobile communication device is configured to provide redundant credentialed access to one or more secured wireless communication networks. The mobile device obtains credentialed access to one of the secured networks by remotely using credentials stored in a credentialed communication device that is locally available (i.e., in the vicinity of the mobile device). Responsive to detecting the actual, or potential, compromise of the mobile device's credentialed access to that secured network, the mobile device switches to other credentials stored in a different credentialed device and obtains credentialed access to one of the secured networks by remotely using those other credentials. This switching occurs dynamically upon detecting the compromise of credentialed access, as well as automatically without requiring the mobile device's user to manually enter commands into the device's user interface.12-01-2011
20110173680METHOD AND SYSTEM FOR IMPLEMENTING DEFINABLE ACTIONS - A method and system is provided for use in business intelligence and reporting. The method and system are able to implement one or more definable actions when presented with data. The data may be produced by a business intelligence application. The actions may relate to activities performed by a user or an agent. The system comprises an action manager, a repository, a data association manager and an implementation engine. In one embodiment a data mining engine is provided. The system enables the availability of an action in response to the execution of analytic queries to be determined based on a relationship defined by the data association manager. If an action is available, an action definition is used to invoke a target in response to selection of the action by an entity, the invocation of the target including propagating data produced by an analytic engine into the target based on metadata to perform the action.07-14-2011
20110173681 FLEXIBLE AUTHENTICATION AND AUTHORIZATION MECHANISM - Techniques and tools for flexible authentication and authorization of services on a push framework. For example, a push notification framework allows services (social networking web services, etc.) to use either an authenticated access mode or an unauthenticated access mode, in order to push information to client devices (e.g., mobile devices). In the authenticated mode, the push framework requires registration of the service with the push framework before allowing the service to push notifications to client devices. Different authenticated modes are provided for third-party and first-party services. In the unauthenticated mode, registration is not required, but notifications are throttled, thereby limiting risk of abuse by unauthenticated services. This allows flexibility for services that use the push framework.07-14-2011
20130024913HOST DEVICE, MANAGING SERVER AND METHOD OF CONTROLLING IMAGE FORMATION THEREOF - A host device includes a user interface to receive user information to log in a managing server, a communication interface to transmit the user information to the managing server, a display unit, and a controller that, if login to the managing server is performed, controls the display unit to display information corresponding to an image forming apparatus connected to the host device.01-24-2013
20110302633Safe Internet Browser - The present invention provides a computer program product for implementing supervision functions for Internet browsing. The computer program product including a plurality of computer executable instructions stored on a computer readable medium. Wherein, the instructions when executed by a computer having a graphical user interface cause the computer to perform the steps of initiating a custom browser on the computer. The custom browser communicates with a centralized database of authorized content. The authorized content has one or more pictograms associated to the authorized content. The one or more pictograms are displayed on the graphical user interface of the computer. Authorized content is downloaded from the Internet onto the graphical user interface of the computer in response to the activation of the one or more pictograms.12-08-2011
20080216157Method, System and Computer Program Product for Providing Access Policies for Services - The invention relates to a method, system and computer program product for provisioning in a communications network. According to the method at least one request is received form a client system (09-04-2008
20100005512System and method for validating requests in an identity metasystem - An information processing system in a computer network comprising an edge system, an identity provider, a relying party and a tracing service, in which the tracing service relays a queue of information of authorized user activity from a relying party to an identity provider, which then can provide that activity information to the user.01-07-2010
20090193504Device Controller, System, and Method for Authenticated Printing - A device controller is connected with multiple terminals and with at least one input-output device via a network. The device controller has: a reception controller configured to perform first authentication according to data input from a first terminal and to cause the first terminal to obtain information on a specified series of processing based on a result of the first authentication; and an input-output controller configured to perform second authentication according to data input from a second terminal and to cause a specific input-output device selected out of the at least one input-output device to perform the specified series of processing, based on a result of the second authentication. The input-output controller allows the specific input-output device to perform the specified series of processing when the second terminal is selected in advance for the specific input-output device.07-30-2009
20090178119METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR PROVISIONING VLAN SERVICES IN A NETWORK - Provisioning VLAN services in a network patching system includes receiving a request to provide a VLAN service to an individual communication channel, determining whether a switch connector port connected to the individual communication channel via a patch cord is configured to provide the requested VLAN service, and initiating the requested VLAN service to the individual communication channel in response to determining that the switch connector port is configured to provide the requested VLAN service. Verification that a user associated with the individual communication channel is authorized to access the requested VLAN service may be performed prior to initiating the requested VLAN service. An administrator may be notified that a VLAN service has been requested and/or initiated. The user associated with the communication channel may be notified when the requested VLAN service has been initiated.07-09-2009
20100269159METHOD AND DEVICE FOR OPERATING AN AUDIO AND/OR VIDEOCONFERENCE WITH AT LEAST TWO PARTICIPANTS - The embodiments relate to a method for operating an audio and/or videoconference having at least two participants. A central computer, which controls the audio and/or videoconference, ascertains an identification datum of the participant initiating the conference. The central computer ascertains, on the basis of the identification datum from at least one database, which is coupled to the central computer, contact data of potential participants of the conference, the contact data being associated with the user. The contact data ascertained by the central computer are provided to the user initiating the conference as further conference participants for selection.10-21-2010
20100269157System and Method for User Control of Authorizing and Tracking Access to Electronic Records - A record holder accesses a coordinating server via a network. The coordinating server either itself stores or communicates electronically with one or more other servers that store electronic records (ER), including at least some associated with the record holder. Third-party record recipients are also connected via the network to the coordinating server and possibly also to the ER server(s). The user accesses the coordinating server, selects at least one of the recipients and specifies which of the electronic records, or portions thereof, that the user wishes that particular recipient to be able to access, possibly along with other access right parameters such as an access time or period. The recipient then accesses the coordinating server and/or one of the ER servers to retrieve electronic records of interest, which are made available according to the access rights and limitations pre-set by the user.10-21-2010
20100169955METHOD, APPARATUS AND COMPUTER PROGRAM - A method, and apparatus and computer program for enabling the method, the method comprising: detecting a user input at a first apparatus and, in response to the detection of the user input, selecting content wherein the content is stored at a remote server; establishing a communication link with a second apparatus wherein the second apparatus is different from the first apparatus; transmitting information indicative of the location of the selected stored content over the established communication link to the second apparatus; receiving identification information from the second apparatus over the established communication link wherein the identification information enables at least the user of the second apparatus to be identified; and transmitting information to the remote server to enable a user associated with the received identification information to access the selected stored content.07-01-2010
20100169954Wireless Access System and Wireless Access Method - A policy control device (07-01-2010
20130219468Connection Leasing for Hosted Services - Aspects herein describe brokering hosted resources in a virtual desktop infrastructure (VDI) using connection leases to reduce demand on connection brokers and to allow hosted services to be maintained even in the event of a broker outage. When a client device desires to connect to a hosted resource (e.g., a hosted desktop or a hosted application), the client device may present a lease token to the session host. The lease token is a self-sustaining package of data from which a session host can determine whether the requesting client device is authorized to access one or more resources hosted by that session host. The lease token may be cryptographically signed to ensure its contents have not been altered, and further that the lease token originated from a trusted source. Lease tokens may be stored independently from a connection broker, thereby still being usable if the connection broker goes offline08-22-2013
20100031324APPARATUS AND METHOD FOR DYNAMIC LICENSING ACCESS TO WIRELESS NETWORK INFORMATION - An apparatus and method for dynamically licensing access to wireless network information provides multiple third parties with selective access to network device information in real-time. Information is collected in real-time from a plurality of sensing and control devices configured in a network arrangement. Information may be collected from each of the sensing and control devices regardless of the communication protocol associated with the device. The collected information is stored and aggregated by a service broker, which selectively licenses access to the information, or subsets of the information, to one or more third parties.02-04-2010
20100269158SOCIAL NETWORKING SITE AND SYSTEM - Various methods and systems are described for use in operating and maintaining a user subscribed system, such as a website or network. For example, a social networking site or network is contemplated with a member account having one or more member profiles associated with his or her member account. In accordance with one embodiment of the invention, the described systems and methods may provide a user selective access to member-related information, such as topic-based electronic content associated with the member, member-related or identifying information, and other such information, in accordance with member selected categorization and/or organisation. Users may be categorized hierarchically into contact groups, such that access to member-related information by user in a given contact group depends on the permission rights granted to that contact group. The methods and systems described provide a scalable infrastructure to support large volumes of users and requests in a network while ensuring a high degree of fault tolerance, so as to minimize service interruptions and unexpected data loss, for example.10-21-2010
20100269156APPARATUS AND METHODS FOR PROVIDING AUTHORIZED DEVICE ACCESS - Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege.10-21-2010
20100071035METHODS AND SYSTEMS FOR SECURELY MANAGING VIRTUALIZATION PLATFORM - Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.03-18-2010
20130219469MOBILE DEVICE IDENTIFY FACTOR FOR ACCESS CONTROL POLICIES - A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.08-22-2013
20090049530Method, System, And Storage Medium For Validating Users Of Communications Services And Messages Transmitted - Exemplary embodiments of the invention relate to a method, system, and storage medium for validating users of communications services. The method includes generating records for communications service users by at least one service provider. The records store information relating to the communications service users including legal liability information, an originator type code, and a validation code assigned to selected originator type codes. The validation code facilitates validation of the communications service users. The method also includes storing the records in a subscriber classification database. The originator type code classifies the communications service users according to nature of use, communications type, business type, geography, and age.02-19-2009
20120110650Organizing Permission Associated with a Cloud Customer in a Virtual Computing Infrastructure - Organizing permissions to authorize a subject to perform an action on an object in a cloud computing environment is described. A plurality of permissions associated with a cloud customer is created. A first set of permissions from the plurality of permissions is associated with one or more objects. Each of the first set of permissions describes an action performed on an object. A second set of permissions from the plurality of permissions is associated with one or more users. Each of the second set of permissions describes an action to be performed by one or more users.05-03-2012
20120110649METHODS FOR INTERNET SECURITY VIA MULTIPLE USER AUTHORIZATION IN VIRTUAL SOFTWARE - A method for providing internet security via multiple user authorization in virtual software. Each of two users are provided with a non-transitory tangible storage medium. The first user inputs the storage medium into a local computer. If the first user is granted authorization by a second user, the first user can download at least one additional non-browser based application module into virtual memory of his local computer.05-03-2012
20120110648USER AUTHENTICATION SYSTEM AND PLANT CONTROL SYSTEM HAVING USER AUTHENTICATION SYSTEM - A plant control system may include a manipulation monitoring terminal that includes a local user authentication unit configured to authenticate a user who logs in the manipulation monitoring terminal and a domain controller that includes a domain user authentication unit and communicates with the manipulation monitoring terminal. The manipulation monitoring terminal may include a user authentication alarm unit configured to generate a security alarm when the local user authentication unit performs user authentication on the user in a state in which the domain controller is in normal operation.05-03-2012
20120110647MANAGING UNIQUELY TAGGED ITEMS USING THE INTERNET - The invention teaches managing an item in the Internet of Things, wherein the system comprises: an item registration module, configured to receive at least one registration information of the item, wherein the registration information of the item includes the item's unique number marked by an information sensing device and a tag of an external data source where related information of the item is located, the at least one registration information is from at least one external data source, the unique number is the same in the at least one registration information; a storage module, configured to store the item's registration information; and a query processing module, configured to receive a query to the related information of the item, and obtain the related information of the item from the external data source which corresponds to the external data source tag included in the stored registration information of the item.05-03-2012
20120110646ACCESS AUTHORIZING APPARATUS - An access authorizing apparatus includes a receiving unit, a first transmitting/receiving unit, a token issuer and a transmitting unit. A receiving unit receives first approval information indicating that access to the resource in the device has been approved by an access approver, from the first application via the network. A first transmitting/receiving unit transmits an access approval request including the first approval information to the access approving apparatus, and receives access enable/disable information indicating whether the access to the resource by the first application is permitted, from the access approving apparatus. A token issuer, when the access enable/disable information indicates that the access to the resource is permitted, issues token information that gives authority to access the resource to the first application. A transmitting unit transmits the token information issued by the token issuer, to the first application.05-03-2012
20120110645Server System and Method for Providing at Least One Service - The invention relates to a server system for providing at least one service. Said system having an interface for connecting a server to a user's computer, authentication means that are designed and provided for request personal identification data of a user who logs onto the server via the user computer and to permit the user computer access if authentication is successful, and a server protection system. The server protection system is designed and provides to compare additional user's computer specific identification data with identification data stored in advance on the server, after successful authentication by the authentication means, and to grant authorization to the user's computer to access the service or services depending on the comparison of the user's computer specific identification data. The invention also relates to a method for providing at least one service and the method for executing an application program.05-03-2012
20120110644GLOBALLY VALID MEASURED OPERATING SYSTEM LAUNCH WITH HIBERNATION SUPPORT - An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.05-03-2012
20120110643SYSTEM AND METHOD FOR TRANSPARENTLY PROVIDING ACCESS TO SECURE NETWORKS - Network access for a secure network is transparently provided to a wireless device using a social networking type of framework. An operator of a secure wireless network may register the network and access credentials for the network with a network access management system. The operator also may configure network access settings, such as designating a sharing level, that permits wireless devices meeting access criteria for the sharing level to use the network. Electronic devices belonging to social media contacts, such as family members and friends, may be associated with the registered network. When the associated devices or other qualifying devices are within communication range of the network, a client function in the device may coordinate with the network access management system to provide network access to the devices. The coordination may take place through a network different than the secure network, such as a cellular network to which the electronic device has subscription access. The network access may be established in a manner that is transparent to the user of the electronic device.05-03-2012
20120110641TRAFFIC STEERING SYSTEM - A method including receiving a session request to establish a network connection with a network; sending a session response to establish the network connection with the network; obtaining, by a traffic steering system, user profile information associated with a user sending the session request; and routing the network connection to a requested user destination via the traffic steering system based on the user profile information, wherein the user profile information includes user-specific preferences.05-03-2012
20090150979NETWORK SYSTEM, NETWORK METHOD, AND TERMINAL AND PROGRAM THEREFOR - A network system includes a first terminal having authority to access content, and a second terminal, wherein the first terminal comprises a first limited communication unit which performs limited communication with the second terminal, wherein the second terminal comprises a second limited communication unit which performs limited communication with the first terminal; and wherein the second terminal acquires certification information for authenticating access to the content from the first terminal, using the limited communication performed by the first and second limited communication units, if a predetermined relationship is confirmed between the first terminal and the second terminal.06-11-2009
20090150978ACCESS CONTROL OF CONTENT SYNDICATION - A content syndication access control solution is provided. An illustrative content syndication access control system comprises: a syndication subscriber for acquiring a authorized content syndication feed; content syndication providing means for authorizing the syndication subscriber according to a public key and submitting content to a syndication server; and the syndication server for performing an authorization on content items according to the public key and a symmetric key and encrypting the authorized content items and the symmetric key, and generating the content syndication feed according to the encrypted content items and the symmetric key. By means of the system, the granularity of access control can become finer, and the consolidated content feed maintains all access control information, so existing access control remains valid.06-11-2009
20080244706Method of and System For Generating an Authorized Domain - This invention relates to a system and a method of generating an Authorized Domain (AI)), the method comprising the steps of selecting a domain identifier (Domain ID) uniquely identifying the Authorized Domain, binding at least one user (P10-02-2008
20080244708UPDATING AUTHENTICATION SERVER LISTS FOR USERS ACCESSING SHARED ACCESS DEVICES - A method, service, system, computer program, etc., provides a list of acceptable authentication servers that a user could use to log in when accessing a networked device, such as a networked printer or document processing device. The embodiments include preparing a module, such as a dynamically loadable module (DLM) for use in the networked system accessed by the users. Each of the networked devices is enabled to accept the DLM. The embodiments forward the DLM to the networked devices as a print job along a print job submission path within the network. The networked devices recognize the DLM as a special job. Further, the networked devices use the DLM to install the XML file on each of the networked devices. Thus, the authentication server lists and authentication programs are updated within each of the networked devices using the DLM.10-02-2008
20130219473CONTROLLING ACCESS - To provide access to an account in an apparatus in response to a request to the account, the apparatus creates and forwards a challenge for this request and waits for a token signed by a centralized signing entity for the account, the token comprising access enabling data. When such a token is received, the apparatus validates the token, and only if the validation succeeds, enables access to the account.08-22-2013
20120036562Trusted License Removal in a Content Protection System or the Like - A digital license includes an identification of a removal service that can authorize removing such license. A client selects the license to be removed and the service, constructs a challenge including therein a challenge license identification block (LIB) identifying the license to be removed, and sends the challenge to the service. The service receives the challenge, stores at least a portion of the challenge in a database, constructs a response corresponding to the challenge and including therein a response LIB identifying the license to be removed and an identification of the service, and sends the response to the client. The client receives the response, employs the response LIB from the response to identify the license to be removed, and removes the identified license upon confirming that the identification of the service in the identified license matches the identification of the service in the response.02-09-2012
20090094685METHOD AND ARRANGEMENT FOR ACCESSING CALL NUMBER PORTABILITY DATA - The invention relates to a method for accessing MNP data, which is stored in an MNP memory in a mobile radio network, by a network-external data processing device. The network interface, which in terms of signal flow is arranged between the network-external data processing device and the MNP memory, checks whether the network-external data processing device is authorized to access the MNP data. If the authorization is present, an identification for a communication terminal is transmitted by the network interface from the network-external data processing device to the MNP memory, MNP data which is associated with the communication terminal is read from the MNP memory, and this MNP data is transmitted via the network interface to the network-external data processing device.04-09-2009
20090094684Relay server authentication service - A relay server authentication service for a relay server is described. An apparatus may include a proxy server to receive an authentication request for client authentication information from a first client to traverse a network address translation device. The apparatus may further include a relay server with a relay server authentication service module. The relay server authentication service module may be arranged to receive the authentication request from the proxy server, generate the client authentication information for the first client, and send an authentication response with the client authentication information to the first client through the proxy server. Other embodiments are described and claimed.04-09-2009
20090094683METHOD FOR AUTHENTICATING MOBILE UNITS ATTACHED TO A FEMTOCELL THAT OPERATES ACCORDING TO CODE DIVISION MULTIPLE ACCESS - The present invention provides a method involving a femtocell in communication with a secure core network such as an Internet Protocol Multimedia Subsystem (IMS) network. The method includes receiving, from the femtocell and at a first secure entity in the IMS network, a global challenge including information indicating a random number. The method also includes receiving an authentication response computed by a mobile unit based on the random number and the first key known by the mobile unit and not known by the femtocell. The method further includes determining, at the first secure entity, that the random number is a legitimate random number provided to the femtocell by the IMS network.04-09-2009
20090307758Method and apparatus to facilitate using a multicast stream to provide on-demand streaming content - A streaming content-on-demand service provider (12-10-2009
20110271328System And Method For Hosting A Social Network That Enables Granular Management Of The Privacy Of Posted Information - A system and method for hosting a social network that enables entities to particularly manage the privacy level of content posted on the social network. This may enable an entity to distribute news, congratulations, accolades, invitations, and/or other internal information within the social network to members, employees, students, investors, and/or other parties.11-03-2011
20110271327Authorized Application Services Via an XML Message Protocol - Disclosed are systems and methods to provide a persistent authorized server address space (ASAS). The ASAS can host components from product suites that are not able to execute in an authorized state. To host other product's components, the ASAS receives “messages” from the unauthorized product components in the form of a generic eXtensible Markup Language (XML) protocol. These messages may request product initialization/administration or performance of a function by the ASAS on behalf of the requesting product. Security constraints are also provided to ensure system and data integrity. Further, the ASAS is not tightly coupled to any requesting product so that flexibility of product update or update to the ASAS itself may not be unnecessarily constrained.11-03-2011
20100146594DATA NAVIGATION USING SET OF AUTHORISED FORUMS THROUGH INTERNET - The present method relates to navigating data via a set of authorized forums. The method includes authenticating the website using an identifying module by a user. Further, the method includes viewing one of a set of authorized forum from the displayed set of authorized forums by the authenticated user. Furthermore, the method includes selecting one of the authorized forums by navigating the website by the authenticated user.06-10-2010
20110167479ENFORCEMENT OF POLICIES ON CONTEXT-BASED AUTHORIZATION - Embodiments of the invention provide methods and systems for enforcing usage/context-based authorization. The method may include generating an authorization context for access to a resource. The access may include a first set of access parameters. The method may further store the authorization context associated with the resource, and intercept an access request for the resource. The access request may include a second set of access parameters. The method may further check the access request against the authorization context to determine if the second set of access parameters matches the first set of access parameters, and in response to the first set of access parameters matching the second set of access parameters, permit access to the resource in accordance with the second set of access parameters.07-07-2011
20110126269SYSTEM AND METHOD FOR VIRTUAL DEVICE COMMUNICATION FILTERING - Embodiments of the present invention are directed to a method and system for virtual device communication filtering. The method includes receiving, within an electronic system, an instantiation request for a first virtual device and determining whether the first virtual device and a second virtual device are allowed to communicate based on an authorization record datastore. The method further includes modifying an authorization record of the authorization record datastore. The modifying comprises setting an indicator of a data filtering module to filter communication between the first virtual device and the second virtual device. A response can then be sent to the instantiation request.05-26-2011
20110126265SECURITY FOR CODES RUNNING IN NON-TRUSTED DOMAINS IN A PROCESSOR CORE - A method and apparatus configure a trusted domain and a plurality of isolated domains in a processor core. Each isolated domain is assigned a unique domain identifier. One or more resources are associated with each isolated domain. The associations are stored as permissions to access physical addresses of resources. Code to be executed by a hardware device is assigned to one of the isolated domains. The domain identifier for the assigned isolated domain is written to the hardware device. When the hardware device executes the code, each instruction is logically tagged with the domain identifier written to the hardware device. An instruction includes request to access a physical address. The hardware device compares the domain identifier of the instruction with the permissions. If the permissions allow the domain identifier to access the physical address, then access to the resource at the physical address is allowed. Access is otherwise blocked.05-26-2011
20110138448METHOD AND APPARATUS FOR ENABLING MOBILITY IN MOBILE IP BASED WIRELESS COMMUNICATION SYSTEMS - A method is provided for providing secured mobile IP services to a mobile terminal which is currently associated with an access network different from its own home access network. The method is characterized by creating a virtual mobile node at an access network server of the current access network, which communicates with a Home Agent associated with the terminal's home mobile network and with one or more access points associated with the current access network, at which the mobile terminal is currently located.06-09-2011
20110197265METHOD AND APPARATUS FOR ENABLING A USER TO SELECT AN AUTHENTICATION METHOD - The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service.08-11-2011
20110197264SYSTEM AND METHOD FOR REMOTE MEDIA ACCESS - Embodiments of the present disclosure provide a system and method for remotely accessing media content. The method includes receiving authentication information originating from a communication device associated with a user. Media content that is stored on a media storage device associated with the user is also received. Digital rights management software is applied to the media content, and the received media content is communicated to the communication device.08-11-2011
20110197263SYSTEMS AND METHODS FOR PROVIDING A SPATIAL-INPUT-BASED MULTI-USER SHARED DISPLAY EXPERIENCE - Exemplary systems and methods for providing a spatial-input-based multi-user shared display session are disclosed herein. An exemplary system includes a spatial input subsystem configured to detect gestures made by a plurality of users within a physical user space associated with a display screen. The system further includes a shared display subsystem communicatively coupled to the spatial input subsystem and configured to authenticate the plurality of users, execute a multi-user shared display session that provides the plurality of authenticated users with concurrent control of a display on the display screen through the detected gestures, and control, based on a shared session heuristic, how at least one resource associated with the display is shared between the plurality of authenticated users during the multi-user shared display session. Corresponding systems and methods are also disclosed.08-11-2011
20090293104System and method for comprehensive management of company equity structures and related company documents withfinancial and human resource system integration - A system comprises business logic operable for managing and administering company entities, records, documents, equity instruments, and stakeholders, a database storing data associated with the business logic, integration logic operable to integrate the business logic and its associated data with existing enterprise systems and data associated therewith, and a graphical user interface presenting a hierarchical tree view of the company entities, records, documents, equity instruments, and stakeholders.11-26-2009
20100100942System and Method for Exchanging Information Regarding Financial Markets in a Moderated Environment - A method and system for exchanging information regarding financial markets in a moderated environment are disclosed. According to one embodiment, a computer-implemented method comprises granting an administrator access to a collaborative interface, wherein the collaborative interface is one for a financial group that accepts posts from registered group members and distributes posts to the registered group members upon submission of new posts, and wherein the administrator approves the distribution of each new post. One or more clients are granted access to the collaborative interface, wherein the administrator identifies a permission level for each client. Posts are received from the administrator or a client of the one or more additional clients, approval is received from the administrator to display the post, and the post is displayed.04-22-2010
20100100940System and Method for Supporting Multiple Identities for a Secure Identity Device - A multiple-identity secure device (MISD) persistently stores a single identification code (a “seed identity”). The seed identity need not be a network address, and may be stored in an integral memory of the device, or on an interchangeable card received in a physical interface of the MISD. The MISD is provided with a transformation engine, in hardware or software form, that is subsequently used to generate one or more unique identities (e.g., network addresses) from the stored seed identity using predefined logic. The generated identities may be dynamically generated, e.g., in real-time as needed after deployment of a device into possession of a subscriber/customer/user, etc., or may be securely stored in the MISD for subsequent retrieval. The transformation engine may generate a unique identity in accordance with an addressing scheme identified as a default setting, a global/network setting, or as determined from a received data transmission.04-22-2010
20090064283SYSTEM AND METHOD FOR AUTOMATIC SECURITY AUTHENTICATION IN WIRELESS NETWORKS - A system for automatic security authentication in a wireless network includes a server and a terminal. The terminal includes a processor, a first communications unit, and a second communications unit. The server includes a database, a control unit, and a third communications unit. The processor receives an identification code of an access point through the first communications unit, and sends a message to the control unit through the second communications unit. The message includes the identification code of the access point, a user account and a user password. The control unit sends an authentication code corresponding to the identification code according to data stored in the database to the processor through the third communications unit. After receipt of the authentication code, the processor automatically logs in to the access point through the first communications unit to activate a wireless network access function.03-05-2009
20100083352REMOTE ACCESS SYSTEM AND METHOD AND INTELLIGENT AGENT THEREFOR - The invention relates to remote access systems and methods using automatic speech recognition to access a computer system. The invention also relates to an intelligent agent resident on the computer system for facilitating remote access to, and receipt of, information on the computer system through speech recognition or text-to-speech read-back. The remote access systems and methods can be used by a user of the computer system while traveling. The user can dial into a server system which is configured to interact with the user by automatic speech recognition and text-to-speech conversion. The server system establishes a connection to an intelligent agent running on the user's remotely located computer system by packet communication over a public network. The intelligent agent sources information on the user's computer system or a network accessible to the computer system, processes the information and transmits it to the server system over the public network. The server system converts the information into speech signals and transmits the speech signals to a telephone operated by the user.04-01-2010
20100083351ACCESS CONTROL TO CONTENT PUBLISHED BY A HOST - Methods and systems for providing easy access to information and sharing are provided. Embodiments of the present invention enable a host to grant access to published content to one or more users in a manner in which the user(s) can scan small portions of information to decide which information is desired. The embodiments described herein enable, for example, a user to see a library of content that is larger than the storage capacity of the computing unit used by the user. The sharing of information is also secured through the use of auto-lock keys and the creation of abstract identities for the host and each user.04-01-2010
20090187976METHODS AND DEVICES FOR IMPROVING THE RELIABILITY OF COMMUNICATION BETWEEN AN AIRCRAFT AND A REMOTE SYSTEM - The object of the invention is methods and devices for improving the reliability of communication between an aircraft and a remote system. According to the invention, the aircraft transmits a request for verification of security to a remote system. Upon reception of the response to this request, comprising at least one indication pertaining to the security of the remote system, the aircraft analyzes this indication and decides to establish or not to establish data communication between the aircraft and the remote system. When a verification request is received, the remote system is verified and a response to the request is transmitted to the aircraft.07-23-2009
20100125894SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS THAT FACILITATE REMOTE ACCESS OF DEVICES IN A SUBSCRIBER NETWORK - Systems, methods and computer program products facilitate remote access to devices in a private subscriber network by subscriber-selected delegates. A request is received by a service provider from a delegate to access one or more devices in a private subscriber network. The service provider verifies whether the delegate is authorized by the subscriber to access the device, and displays device access information to the delegate in accordance with an access policy established for the delegate by the subscriber. The device access information includes an address to a web server associated with each device. The web server address comprises an IP address for the subscriber network and a port number associated with each device. The device access information includes login information for the device web server, such as a user ID and password, or SSO token.05-20-2010
20100100941CONTEXT-AWARE ROLE-BASED ACCESS CONTROL SYSTEM AND CONTROL METHOD THEREOF - A context-aware role-based access control system and a control method thereof. The context-aware role-based access control system includes: a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user, based on a preset context request condition; a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user; an information repository for storing a user profile and context information; and an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request. Accordingly, more efficient access control can be achieved in ubiquitous environments where the context of the user dynamically changes.04-22-2010
20100100939SECURE MOBILE PLATFORM SYSTEM - The present invention is directed toward a secure platform which enables mobile devices, such as a cell phones, smartphones, or PDAs, to have relationships with services or service providers that are controlled by the state of security on each device. In an embodiment, the platform is comprised of a server that receives data from security software on a mobile device regarding the device's security state. The platform enables access to a service to be granted, denied, or limited based on the security state of the mobile device. The platform may provide two-way communications between a mobile device and a service so that the platform can enforce access security both from the client to the service and from the service to the client. Furthermore, the platform allows services or service providers to evaluate the security state of a device independently of using the platform to communicate with the device.04-22-2010
20100100938METHOD AND APPARATUS FOR MANAGING SERVICE LISTS - A method and apparatus for managing service lists receives a service list and a security layer identifier at a device. The service list comprises at least two service identifiers. The method and apparatus determines whether the security layer is authorized for the device, and, for each service identified in the service list, when the security layer is authorized for the device the method and apparatus acquires each service in the service list that is not already installed in the device and enables each service in the service list that is not already enabled in the device.04-22-2010
20090049527METHOD AND SYSTEM FOR EXCHANGING DATA RESERVED FOR A USER - A method is provided to exchange data reserved for a user or a group of users with personal equipment. The method includes a step of short-distance communication of the data, for example of the NFC type, between the personal equipment and a secure terminal determined by an identification of the user and by a detection of the personal equipment in the vicinity of the secure terminal. The secure terminal preferably obtains the data from an integrated source by a secure end-to-end connection.02-19-2009
20120291101PROTECTED MODE FOR MOBILE COMMUNICATION AND OTHER DEVICES - An electronic device includes at least one memory unit, a plurality of applications residing on at least one of the memory units and a database residing on at least one of the memory units. The database is configured to store a record specifying a subset of the plurality of applications that are to be inaccessible to a user when in a protected mode of operation. The protected mode is designed for a user (e.g., child or friend borrowing the device) who can potentially use the device with setting that are configured under the primary user's (e.g. parent, device administrator) supervision. The device also includes a user interface through which a primary user and not other users can specify the subset of the plurality of applications to be included in the record. A processor is operatively associated with the memory unit, the database and the user interface. The processor is configured to switch, in response to a request from the primary user and not other users, between a normal mode operation in which all of the applications in the plurality of applications are available for use and the protected mode of operation.11-15-2012
20120291104PERSONAL CONTENT SERVER APPARATUS AND METHODS - Personal content server apparatus and associated methods that allow a user (e.g., cable or satellite network subscriber) to access content, such as a video program, from a location outside the subscriber's network. In one embodiment, a personal content server streams the content to the subscriber over a network connection from the local e.g., (subscription) network to a remote network upon authorization by a content manager process. Various access, business or operational rules are applied depending on the content and delivery mode; e.g., to live video broadcast, video-on-demand (VOD), or archived content from the subscriber's digital video recorder (DVR) or networked PVR. In another variant, reservation information (for example program or asset ID information) is cached at a headend or hub server, thereby obviating the subscriber (or the network) having to access the subscriber's premises device. In yet another variant, a “virtual” CPE experience is provided for the remote user.11-15-2012
20100138900REMOTE ACCESS OF PROTECTED INTERNET PROTOCOL (IP)-BASED CONTENT OVER AN IP MULTIMEDIA SUBSYSTEM (IMS)-BASED NETWORK - A service control method, device and system for allowing secure, remote access of protected IP-based content delivered over an IMS-based network to one or more devices within a home network. The method involves a remote access device transmitting a remote access request to a service control application in the IMS-based network, the service control application authorizing the remote access request based on a number of criteria, and forwarding the remote access request to the home network. The forwarded remote access request includes information that allows protected content requested by the remote access request to be transmitted from a home network device in the home network to the remote access device upon appropriate verification of the remote access device by the home network device using home network device DRM schemes. Remote access of the protected content can be allowed by relaxing proximity restriction requirements of the home network.06-03-2010
20090187974Push Artifact Binding For Communication In A Federated Identity System - A data processing system implements push artifact binding for communication in a federated identity system. A federated identity system in the data processing system comprises an initiator that handles a federated action by determining that a user is to be conveyed to a recipient, constructing an appropriate message request or assertion to be sent to the recipient, and sending the message as a push message over a back-channel communication pathway directed to the recipient's location. The federated identity system further comprises a recipient that handles the federated action by responding to the message by forming a Uniform Resource Locator (URL) to which the user can be directed. The initiator redirects the user to the URL specified in the recipient response.07-23-2009
20100125893TECHNIQUES FOR ENFORCING ACCESS RIGHTS DURING DIRECTORY ACCESS - Techniques for enforcing access rights during directory access are presented. Access rights are maintained at the container level of a directory tree for container objects within a cache. When security is set for a requester of a target, the container object cache is directly accessed along with rights assigned to the target and the security is calculated and then set against the requester.05-20-2010
20090276836METHOD AND SYSTEM, IN A PRESENCE AND INTERMEDIATION SYSTEM, TO TRANSFER FROM ONE OWNER TO AT LEAST ONE WATCHER - Method, in a presence and intermediation system, to transfer from one owner (11-05-2009
20090288147SYSTEM AND METHOD FOR MODIFYING SECURITY FUNCTIONS OF AN ASSOCIATED DOCUMENT PROCESSING DEVICE - The subject application is directed to a system and method for modifying at least one security function of an associated document processing device. Data representing security functions of the document processing device is stored in associated memory. Login data is then received from an administrator via an associated user interface. Selection data is received corresponding to a security function on the document processing device to be enabled. The selected security function is then selectively enabled via the document processing device. Enhanced mode selection data is then received from the administrator corresponding to an enhanced security mode of operation. Each security function associated with the enhanced mode is simultaneously enabled. Operations of the document processing device are thereafter controlled in accordance with each selectively enabled security function.11-19-2009
20090089862Cross domain delegation by a storage virtualization system - The present is a system and method for preserving user account security privileges during a migration or re-direction of data from one network attached storage (“NAS”) system to another. Certain NAS systems authenticate user accounts using Kerberos Delegation Technology. In addition, some NAS systems feature the ability to constrain delegation to certain services. While effective in limiting access and promoting network security, this constrained delegation restricts the ability of a storage virtualization system to migrate or re-direct data to other NAS systems, especially if the other NAS system resides or is identified by a different domain name. The present invention is a system and method for storing user account credentials that work with the former NAS system, and providing a way to translate these credentials to a new NAS system with a new domain, permitting seamless data migration and re-direction across domains.04-02-2009
20120297458REMOTE VIDEO SOURCE AUTHENTICATION PROTOCOL - A method and system of enabling slave software applications from a portable device via a vehicle interface system. The vehicle includes a first communication channel for exchanging data communications between the portable device and the vehicle interface system and a second communication channel configured to transmit video to the vehicle interface system. A mutual authentication is performed between the portable device and the vehicle interface system using the first communication channel based on identifying the portable device as an entity authorized to execute approved slave software applications. The portable device is authenticated over the second communication channel for verifying that the portable device is the authorized entity to transmit video over the second communication channel. The video is transmitted to the vehicle interface system over the second communication channel conditioned upon a successful authentication of the portable device over the second communication channel.11-22-2012
20120297460Method And System For Restricting Access To User Resources - A user's set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS). The client sends a request to the WGPS to access a service provided by a site in the garden. The site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. If the code lacks permission, the shell stops execution.11-22-2012
20120297462System, Method and Apparatus for Electronically Protecting Data and Digital Content - A system, method and apparatus for protecting sensitive data in a file that has been replaced with pointer(s) for each sensitive data. The sensitive data items are protected by restricting subsequent access to and use of the sensitive data items via the pointers by: receiving a first request for data stored in a file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers: sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.11-22-2012
20120297461SYSTEM AND METHOD FOR REDUCING CYBER CRIME IN INDUSTRIAL CONTROL SYSTEMS - User permissions for an industrial control system are stored in a unified permissions database connected to a network in common with the industrial control system. The permissions database stores user permissions for logical assets on or attached to the network. Physical devices used for industrial control are connected to the network via virtual control devices that convert messages from protocols used by the physical devices into the suite of internet protocols, and vice versa. Control of the physical devices is via a remote computer that permits control according to permissions stored in the database.11-22-2012
20080209521Location-Enabled Security Services in Wireless Network08-28-2008
20080209522Method, Apparatus, and Computer Program Product for Authenticating Subscriber Communications at a Network Server - An apparatus for authenticating subscriber communications at a network server includes a determining element and an identification element in communication with the determining element. The determining element may be configured to receive an incoming message. The identification extractor may be configured to extract a device identifier and an address identifier from the incoming message. The determining element may be further configured to determine whether the device identifier and the address identifier of the incoming message match both a registered device identifier and a registered address identifier associated with the registered device identifier, respectively.08-28-2008
20080209524Caching public objects with private connections - Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections.08-28-2008
20100229217SYSTEMS AND METHODS FOR CONTROLLING OPERATION OF A MOBILE STATION - Systems, apparatuses, and methods disclosed herein allow a requesting party to control use of another user's mobile station. In some aspects, a server is configured to communicate with a plurality of remote computer systems and target mobile stations. The server includes a memory device and a processor configured to access data and logic instructions embedded on the memory device. The server authenticates a requesting party accessing the computer server from one of the remote communication systems. The requesting party is not a user of a selected one of the target mobile stations. The server receives selective availability attributes for the selected one of the target mobile stations from the requesting party. The selective availability attributes indicate conditions under which the target mobile station is enabled or disabled to operate, and features that are available on the target mobile station under a plurality of conditions when the target mobile station is enabled. The server further determines when the target mobile station is operational and downloads the selective availability attributes to the target mobile station when the target mobile station is operational.09-09-2010
20110173678User and Device Authentication in Broadband Networks - A network component comprising at least one processor configured to implement a method comprising granting a user restricted access at a reduced rate without authenticating the user, attempting to authenticate the user, and granting the user unrestricted access at a full rate if the user authentication is successful. Included is a method comprising authenticating a user device, a user line, or both using a first communication, and authenticating a user using a second communication separate from the first communication. Also included is an apparatus comprising an access node (AN) configured to couple to an access network and communicate with a user equipment (UE) via the access network, wherein the UE is authenticated using either line authentication or device authentication based on the access network.07-14-2011
20110173683SYSTEM AND METHOD FOR PROVIDING CUSTOMIZED RESPONSE MESSAGES BASED ON REQUESTED WEBSITE - The invention describes a system, method and computer product to regulate user access to websites. The system receives a URL request by a user corresponding to a website that the user wishes to access. Thereafter, the system determines the associated group of the user and the associated category of the website. Subsequently, a message to be displayed to the user is determined based on the associated group of the user and the associated category of the website. The message is included in a block page and then displayed to the user.07-14-2011
20110173682System and Method for Wide Area Wireless Connectivity to the Internet - A system and method for managing access to a Wi-Fi system include redirecting an access request, comprising a user credential, from a wireless user device to an authentication server, obtaining, from a first database, a list of a plurality of authentication databases from which users may be authenticated, the list including a protocol required for communication with each of the authentication databases, transmitting a request to each of the listed authentication databases using the identified protocol, and permitting the user access to the Internet through the Wi-Fi system if the user is authenticated by at least one of the listed authentication databases.07-14-2011
20110173679RESOURCE ACCESS BASED ON MULTIPLE SCOPE LEVELS - A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted.07-14-2011
20130219472AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND NETWORK STORAGE APPLIANCE - An authentication system, an authentication method, and a network storage appliance are provided. The authentication system includes a client electronic device, the network storage appliance having an authentication proxy, and a directory server having an authentication service module and an account database. The client electronic device selects a data access service and transmits an encrypted data and a user data to the network storage appliance. The authentication proxy packs the encrypted data and the user data into an authentication login information and transmits the authentication login information to the directory server. The authentication service module receives the authentication login information and performs decryption and comparison on the authentication login information according to a corresponding authentication protocol and a corresponding account information in the account database, so as to determine whether the authentication is successful. Then, the authentication service module transmits an authentication response to the network storage appliance.08-22-2013
20130219471ESTABLISHING CONNECTIVITY BETWEEN AN ENTERPRISE SECURITY PERIMETER OF A DEVICE AND AN ENTERPRISE - A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device.08-22-2013
20130219470SYSTEMS AND METHODS FOR INTEGRATION OF BUSINESS APPLICATIONS WITH ENTERPRISE CONTENT MANAGEMENT SYSTEMS - Various arrangements for managing access to unstructured data are presented. A plurality of access requests may be received from a plurality of remote computer systems to a plurality of business entities stored by a content management server. In response to receiving a request for access to a business entity of the plurality of business entities stored by a content management server from a remote computer system, an identifier request may be transmitted to the content management server. A response from the content management server may be received in response to the identifier request. A resource locator that comprises the identifier may be created. The resource locator may be transmitted to the remote computer system for use in accessing the business entity.08-22-2013
20090276835SECURE CROSS-DOMAIN COMMUNICATION FOR WEB MASHUPS - A secure cross-domain communication system and method for facilitating secure communication between a website having a web mashup and websites having content that is to be placed on the web mashup. Embodiments of the system and method set the document domain variable of the mashup website and the websites to facilitate the secure communication. Mediator frames are used as an intermediary between a top frame (containing the web mashup) and untrusted frames (containing the website content to be included in the mashup). The type of setup technique used is dependent on the number of websites being used in the mashup. Once the secure communication is established, data exchange between the top frame and the untrusted frame is dependent on the types of services that that the browser supports.11-05-2009
20090282463EFFICIENT ATTACHMENT OF USER-SELECTED FILES TO E-MAIL FROM HANDHELD DEVICE - A wireless telecommunications system includes facilities in a wireless hand-held device (WHHD) that allows a user to browse files available to that user on storage devices in an enterprise network, and to identify one or more such files to be attached to an e-mail message to be composed on or transmitted from the handheld. The system includes facilities in an enterprise network, such as a file delivery server, that cooperates with the WHHD to provide the file browsing service. A mail agent cooperates with the WHHD, responsive to instruction from the handheld to send an e-mail message that is to contain an attachment, to request the file delivery server to retrieve the identified files and assemble an e-mail containing those files as attachments. The WHHD may receive from the user appropriate credentials needed to access files available to that user on storage devices in the enterprise network, and may forward the credential to the file delivery server and the mail agent. These components may use the credentials to provide the file browsing service and to retrieve the identified files.11-12-2009
20090288146SECURE CENTRALIZED BACKUP USING LOCALLY DERIVED AUTHENTICATION MODEL - A system and method for performing backup operations is provided. Mechanisms facilitate a secure centralized backup system with a locally derived authentication model. A local centralized storage server may generate an authentication model, including credentials, and create a share/directory for each client. Clients store their credentials and use them to access centralized storage. Credentials are maintained and provisioned locally. A remote host server may establish trust by providing a list of clients in a circle.11-19-2009
20090119753Connector and method for providing access to a data-processing network for a data-processing device - The invention relates to a connector and also to a method for providing access to a data-processing network for a data-processing device, wherein an individual, decentralized, and secure access to a data-processing network is provided and wherein data exchange between the device and the network is possible or granted only when the device has at least one predefined identification feature. The invention further relates to a method for configuring the connector according to the invention.05-07-2009
20100275247METHOD AND APPARATUS FOR AUTHORIZATION-DEPENDENT ACCESS TO MULTIMEDIA CONTENTS, AND A SYSTEM HAVING THE APPARATUS - A method, an apparatus and a system for authorization-dependent access to multimedia contents. A first terminal produces a first request for a multimedia content for an output of the multimedia content via the first terminal. A first authorization information item is used to check that the output of the multimedia content is authorized. The first terminal produces a second request for an output of the multimedia content via a second terminal. A check is carried out to determine whether to output a first security note via the first terminal. The output of the multimedia content takes place via the second terminal if the first security note is not to be output, or an input of a confirming acknowledgement for the first security note is identified by the first terminal.10-28-2010
20100287600Assigning User Requests of Different Types or Protocols to a User by Trust Association Interceptors - A Universal TAI handles multiple identifications by means of an internal lookup table. When authenticating and authorizing requests, from a pre-registered customer, that are serviced by an application server, a reverse proxy security server receives requests of different protocols and associates user identification information of a single user with different formats based on the types and protocols of the requests. The Universal TAI determines a fundamental identification of the user from a lookup table, substitutes the fundamental identification into the requests of different protocols for the same user principal, and passes the request with the fundamental identification to the application server.11-11-2010
20120297459ZONE MIGRATION IN NETWORK ACCESS - The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment.11-22-2012
20120297463SYSTEM FOR DISTRIBUTION PERMISSIONS FOR NETWORK COMMUNICATIONS - A system can control whether a recipient of an electronic message (e.g., a text message, a multimedia message, an e-mail message, etc.) with a forwarding-restricted attachment is permitted to forward the attachment to third parties can be implemented on the network without specialized hardware or software for the client devices. The sender of a text message may limit the downstream distribution of that text message through text message forwarding by associating a forwarding restriction flag with the message.11-22-2012
20110209204AUTOMATED PROVISIONING SYSTEM - A computer system comprising a number of components which make up an infrastructure with the system having a Directory 08-25-2011
20110202978METHOD AND APPARATUS FOR ENABLING A USER TO SELECT AN AUTHENTICATION METHOD - The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service.08-18-2011
20110202977INFORMATION PROCESSING DEVICE, COMPUTER SYSTEM AND PROGRAM - An information processing device includes: a connection monitoring unit performs determining whether a first external device is connected, and determining whether a receiving unit receives the request from the first or second external device, wherein when the connection monitoring unit determines that the first external device is not connected, a usage permission/prohibition determining unit updates the usage permission/prohibition information stored in a management table so that the usage permission/prohibition information indicates that use of a first virtual computer is prohibited, and wherein when the connection monitoring unit determines that the receiving unit receives the request from the second external device and that the first external device is connected, the usage permission/prohibition determining unit transmits, to the first external device, information that instructs the first external device to prohibit use of a second virtual computer.08-18-2011
20110202976AUTOMATIC WIRELESS SERVICE ACTIVATION IN A PRIVATE LOCAL WIRELESS SERVICE - A secondary Ethernet-like wireless communication system overlapped by a dominant Ethernet-like wireless communication system, and including radio access and communication for activation, association, and authentication of a wireless device in the secondary Ethernet-like wireless communication system. An automated private service activation (APSA) port is used for accepting access and communication requests of a wireless device seeking activation, association and authentication in the secondary Ethernet-like wireless communication system. The APSA port provides an access and communication channel for radiating signals at a level exceeding a signal level of the access and communication channel only within limited spatial constraints. In addition the APSA port provides space for receiving the wireless device for activation and communication in the secondary Ethernet-like wireless communication system.08-18-2011
20080216159System and method for electronic consent and delivery of financial and/or other transaction-related information - The present invention relates to a method and system for effectively and efficiently delivering financial and/or other transaction-related information to investors while complying with relevant governmental rules and regulations regarding notice, access and proof of delivery. The method and system of the present invention enable individual consent of electronic delivery of financial and/or other transaction-related information from investors and electronically delivering such information and/or documentation to the consented recipients. The system can manage and update investor lists for issuers and/or market intermediaries; prepare financial and other transaction-related information for review; replace or supplement hardcopy documents by disseminating such financial and other transaction-related information through an electronic delivery fulfillment system that complies with governmental rules and regulations; and enable real-time audit tracking of the electronic delivery to confirm both delivery and access of delivered information and to track corrupted electronic deliveries.09-04-2008
20110202974METHOD OF ACCESSING MEDICAL DATA AND COMPUTER SYSTEM FOR THE SAME - Some embodiments disclose a method of accessing medical data from two or more data sources. The method can include: receiving a first request for first data about a first patient from a first requestor, the first request for the first data includes a request for information regarding at least one of a bone of the first patient, an organ of the first patient, or a body tissue of the first patient; retrieving first access information about the first patient; retrieving second access information about the first requestor; determining whether to grant access to the first data by the first requestor at least partially based on the first access information and the second access information; retrieving the first data from a first source of the two or more data sources; and if the first requestor is granted access to the first data, transforming the first data into a visual depiction and transmitting the visual depiction of the first data to the first requestor. Other embodiments are disclosed herein.08-18-2011
20100275246METHOD AND A DEVICE FOR MAINTAINING AN ADDRESS TRANSLATION TABLE - The invention relates to a device for maintaining an address translation table, placed in series between a terminal and a third-party entity of a telecommunications network. According to the invention, such a device is adapted to verify the existence in the address translation table of an entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity and, if there is no entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity, to create a specific entry in the address translation table associating with a private address and a private port of the terminal in a private network connecting it to said device a public address and a public port of the terminal in the telecommunications network and an indication of the validity of the entry, this validity indication taking into account the first reception time.10-28-2010
20100005510ARCHITECTURE AND METHOD FOR CONTROLLING THE TRANSFER OF INFORMATION BETWEEN USERS - A system and method for marking and controlling the transfer of information between several users (01-07-2010
20100146592SYSTEMS AND METHODS FOR PROVIDING SESSION CONTINUITY ACROSS A CHASSIS MANAGEMENT CONTROLLER FAILOVER - A method for maintaining a continuous authenticated session in an information handling system including first and second chassis management controllers (CMCs) is provided. The first CMC receives user authentication information from a user, authenticates the user for a communication session based on the received user authentication information, generates session information regarding the communication session based at least on the received user authentication information, and stores the session information in memory accessible to the second CMC. Upon a failover from the first CMC to the second CMC, the second CMC automatically accesses the session information from the memory and uses the accessed session information to continue the communication session.06-10-2010
20120144453Identity based auditing in a multi-product environment - An identity of a user performing an operation with respect to an application is propagated, from a point at which the user authenticates, to one or more other applications in a multi-product environment. The application may be a management console associated with an information cluster. In an embodiment, an administrator logs on to a management console (using an identity) and invokes a management operation. The management console then performs a programmatic remote access login (e.g., using SSH/RXA) to one or more nodes using a system account, invokes an application, and passes in the identity. As the application performs one or more management operations, audit events are logged, and these events each contain the identity that has been passed in by the management console during the SSH/RXA login. The technique thus provides a method for identity-based auditing in an environment having a plurality of applications, where each application typically has a respective authentication process or mechanism and distinct identity registries.06-07-2012
20110209203PROTECTING CONFIGURATION DATA IN A NETWORK DEVICE - Configuration information for a network device may be associated with a protection state that may restrict the modification of portions of the configuration information that are set to the protected state. The network device may be configured using configuration information defined as a group of hierarchically arranged configuration statements. Permissions may be stored for the network device relating to users permitted to modify the configuration information. The permissions may include permission tags, or other information defining the protection state, associated with the configuration statements. Intended modifications to the configuration information may be processed based on whether the intended modifications affect configuration statements associated with one of the permission tags.08-25-2011
20110209201METHOD AND APPARATUS FOR ACCESSING MEDIA CONTENT BASED ON LOCATION - An approach is provided for providing a method for accessing media based on physical locations. A media access platform causes, at least in part, rendering of a user interface, the user interface corresponding to a geographical area and including one or more focal areas. Next, the media access platform determines media content available within the geographical area. Then, the media access platform also causes, at least in part, rendering of one or more representations of the available media content in the user interface.08-25-2011
20110209202METHOD AND APPARATUS FOR IDENTITY FEDERATION GATEWAY - Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified.08-25-2011
20100058446INTERNET MONITORING SYSTEM - A method and apparatus support defining user monitoring and restriction parameters; restricting usage in accordance with the restriction parameters; and reporting usage. More specifically, access to web sites is blocked if listed as a blocked site or if usage of a web site or web site category has exceeded a specified daily limit. The system specifically supports generation of displays to allow an administrator to select usage by web site or category in relation to the day of the week. Further, the administrator can define categories by specific web addresses and can specify search terms and associated blocking logic.03-04-2010
20080250476Method and Apparatus to Enable a Securely Provisioned Computing Environment - A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer.10-09-2008
20080250477SYSTEM AND METHOD FOR SECOND FACTOR AUTHENTICATION SERVICES - A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds.10-09-2008
20090265765System and Methods for Managing Trust in Access Control Based on a User Identity - System and methods for managing trust in access control are based on a user identity, in a Universal Plug and Play (UPnP) network. A device has an access control list (ACL), a trusted-to-identify access control list (TIA), and a first TIA management module configured to manage the TIA. A security console is communicatively coupled to the device via the network. The security console has a second TIA management module. The first TIA management module is able to implement an add request from the security console for adding an entry to the TIA. The entry includes a control point identity for a control point communicatively coupled to the device via the network.10-22-2009
20090265766Supplying Web Pages - A system is shown that supplies web pages from servers (10-22-2009
20090265764AGGREGATION AND USE OF INFORMATION RELATING TO A USERS CONTEXT - Information, called context information, relating to a current state of a user may be aggregated. In one implementation, the context information may include information that is automatically generated by communication devices of the user and information, submitted by the user, that relates to the user's state. The context information may be used by authorized context consumers.10-22-2009
20090049523METHOD AND SYSTEM FOR MULTIPLEXING MULTIPLE LEVEL SECURITY SERVER APPLICATIONS ON THE SAME INTERNET ADDRESS AND PORT - The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label.02-19-2009
20090049521Method and system for communication between a secure information storage device and at least one third party, and corresponding entity, device and third party - The disclosure relates to a method for communication between a secure information storage device and at least one third party with which information is exchanged. An entity ensures the management of a plurality of secure information storage devices to which said device pertains. The method includes the following steps: the entity places, in a secure container which is arranged in the device and specific to a third party, an authorisation for communication between the secure container and the given third party; the entity sends an identifier of the device, an address of the device, an identifier of the secure container, and the authorisation to communicate, to the give third party; the given third party attempts to establish communication with the secure container, using the address of the device, the identifier of the device, the identifier of the secure container, and the authorisation to communicate; and, before accepting said communication, the device checks that the authorisation to communicate transmitted by the third party is acceptable in view of the authorisation to communicate previously placed in the secure container by the entity.02-19-2009
20100095355INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - According to the present invention, a workflow desired by a user can be easily implemented without making any change or installing any application program in an image processing apparatus. An information processing apparatus includes a generation unit which generates setting information of a button related to execution of a work item, which is included in a screen displayed on an image processing apparatus according to a user, based on an activity corresponding to the work item and information of a user, who can execute the work item, acquired based on a role allocated to the work item, when the work item is generated that represents a work executed by a person in charge in an activity which is a work unit of a workflow executed in the image processing apparatus; and a transmission unit which transmits the setting information generated in the generation unit to the image processing apparatus.04-15-2010
20080282329CONTROLLING ACCESS TO NAME SERVICE FOR A DOMAIN NAME SYSTEM - A system and method is provided for using a DNS server operating on a wide area network to enable an authorized reception device to receive (or be provided with) restricted content data associated with a particular wide area network address and redefine the domain name associated with a particular wide area network address. In a preferred embodiment of the present invention, an authorization application is adapted to provide the reception device with user-verification data, receive from the reception device verification data, and provide the filtering application with authorization data. The filtering application, which operates similarly to prior art DNS server systems, is further adapted to receive filtered data (i.e., password-required data and/or pseudo-domain-name data) and authorization data in order to provide an IP address of the content server to the reception device via a wide area network, such as the Internet.11-13-2008
20080289008Method and Equipment for Controlling Access to Multicast Ip Flows - The invention relates to a method of controlling access to multicast IP flows. Following connection to a collection equipment by a user terminal, the method consists in: transmitting an access authorization request message from said collection equipment to an access control server; and, subsequently, upon successful verification of the user access right, transmitting an access authorization acceptance message comprising at least one multicast filter from the server to the collection equipment or, in the absence of a successful verification, transmitting an access refusal message from the server to the collection equipment in order to inhibit the connection of the user terminal. The invention is suitable for multicast broadcasting over an IP, Internet and/or corporate network.11-20-2008
20080289010Managing Secured Resources in Web Resources that are Accessed by Multiple Portals - A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.11-20-2008
20080289009Method and Apparatus for Controlling of Remote Access to a Local Network - The present invention is to ensure security of a local network, e.g., a home network from remote access while allowing remote access. In a method of the present invention, if a device on the local network is to be accessed remotely, user identifying information (and/or device identifying information) and connection information of a target device, that are accompanied by the access, are compared with information of registered allowance entries and whether to allow the access is determined based on the comparison result. According to the method, remote access to a device invoked by a user (and/or a remote device) whose remote access is not set to allowance is blocked while remote access invoked by a user (and/or a remote device) whose remote access is set to allowance is admitted.11-20-2008
20080289007System and Method for Granting Privileges Based on Location - A method grants privileges based on location. The method comprises determining a location of a mobile unit disposed within a coverage area of a network. The coverage area is separated into a plurality of zones. The method comprises determining a first zone in which the mobile unit is disposed. The method comprises granting access to a first privilege to the mobile unit, the first privilege being based on the first zone.11-20-2008
20080289006MEDIA FILE DISTRIBUTION SYSTEM AND METHOD - A file distribution method and system for distributing media files to authorized recipients. The method and system exploit the advantages of peer-to-peer file distribution protocols, such as BitTorrent, while maintaining security and control over the file distribution. A server farm containing a plurality of servers is placed behind the security of a distribution system, preventing unauthorized client devices from accessing the media files stored on the server farm. Media files are fragmented and stored on each of the plurality of servers within the server farm. Each server on the server farm features at least one IP address and each server is pre-seeded with a complete copy of the fragmented media file. Fragments are distributed to requesting authorized clients in accordance with a peer-to-peer file distribution protocol.11-20-2008
20080209525APPLICATIONS AND USES FOR SYSTEM AND METHOD OF CONTROLLING AND MONITORING COMPUTER PROGRAM USAGE - Embodiments of the present invention include applications for a method of modifying a computer program to control and monitor usage, e.g., for software protection, by dividing the computer program code into protected and unprotected parts. The policy may dictate the conditions under which the resource may be released. The policy may be associated, for example, with a particular copy of the computer program being executed, or it may be associated with a user identification (for example, as identified by a user name and password), or a time limitation, or a mode of use of the software, or other conditions placed on the set of parameters received from the user machine. The policy may be dictated statically, or it may be changed dynamically by a supervisor.08-28-2008
20120297457Interactive Malware Detector - An interactive detector that includes a challenger and authorizer. The challenger may send a challenge to a source application in response to an intercepted request intended for a destination application from the source application. The challenge may be configured to invoke an expected challenge response from component(s) of the source application. The authorizer may allow the request to proceed to the destination application if a received challenge response generated by the source application satisfies the expected challenge response.11-22-2012
20120297455TARGET-BASED ACCESS CHECK INDEPENDENT OF ACCESS REQUEST - A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.11-22-2012
20120297454Systems and Methods for Security Verification in Electronic Learning Systems and Other Systems - The embodiments described herein relate to security verification systems and methods. In some aspects, there is provided a security verification server comprising a server processor. The server processor is adapted to provide at least one account identifier, receive at least one command for execution, determine whether to activate one or more available additional permission sets to execute the received command, and if it is determined that one or more additional permission sets should be activated to execute the received command, activate those permission sets by executing the security verification processes associated therewith.11-22-2012
20100005514METHOD, SYSTEM AND SERVER FOR FILE RIGHTS CONTROL - A file rights control method, a file rights control system, and a server are described. The file rights control method includes: monitoring identity information of a file author; determining at least one authorization object of the file according to identity information of the file author; determining rights corresponding to different authorization objects of the file according to the identity information of the file author and the at least one authorization object of the file; and authorizing the at least one authorization object of the file according to the determined rights corresponding to different authorization objects of the file. A file rights control system and a server are further described. By using the embodiments of the present invention, the complexity of file authorization control operation is reduced, thus improving the working efficiency of users. Moreover, the authorization of a fine granularity and a higher security are ensured.01-07-2010
20100269160SYSTEM AND METHOD FOR MANAGING VIRTUAL USER DOMAINS - The present invention addresses the previous of lack of subscriber identity tracking and management for residential broadband lines and provides customized access and enhanced IP services for a subscriber's household members (virtual user domain) and his/her circle of extended families, relatives, and friends (multiple virtual user domains). Rather than treating a broadband link as a single connection with a single set of services and quality constraints, the present invention enables the subscriber to create multiple user profiles per broadband link; tailor activities such as web services to a specific user and group profile; provide restricted access to minors (e.g. allow only age appropriate content to be viewed); and facilitate connection at multiple access points on a carrier's edge network.10-21-2010
20080307504SYSTEM CONNECTIONS AND USER INTERFACES - This description relates to methods and systems for providing a connection from a first system to a second system using a server. In one embodiment, a method includes receiving a user input to establish a sharing service on a first data processing system (DPS) for a user of a second DPS; determining, in response to the user input, whether the user of the second DPS has an account with a service which includes a server which is capable of being coupled to the first DPS through a network; receiving from the server, if the account exists, authentication data for use in authenticating the user of the second DPS when the sharing service is enabled. Other methods and systems and computer readable media are described.12-11-2008
20080209523SHARING DATA OVER TRUSTED NETWORKS - Data is automatically shared over one or more contact networks which are interrelated by a trust relationship. The data can be shared using a network-based communication service and is stored as a data record in a local data store. The communication service may be implemented as an instant messaging, electronic mail, mobile phone or some other type of communication service. The data record can include data created by a user, a relevance value, a maximum share count and/or other data. The number of times that data may be shared may be configured by the user that generates the data. The relevance of the data may be updated each time the data is shared.08-28-2008
20080271125Authenticating a Requestor Without Providing a Key - A system for authenticating a requesting entity in a subnet communications environment includes determining a client identification of a client node associated with the requesting entity, and determining whether the requesting entity associated with the client node is acting in a supervisor capacity. A key to the requesting entity is returned from a resource provider node upon determining that the client identification of the client node indicates that the client node is permitted to access one or more resources of the provider node, and that the client node is acting in a supervisor capacity.10-30-2008
20080271122GRANULATED HARDWARE RESOURCE PROTECTION IN AN ELECTRONIC SYSTEM - A control logic secures access to an electronic system. The control logic comprises an initialization logic and an operational logic. The initialization logic allocates access rights individually among a plurality of hardware and/or operation elements in the electronic system and individually secures the plurality of hardware and/or operation elements with electronic and/or software-activated access. The operational logic responds to attempted access by a user to authenticate hardware and/or operation elements and enable operation of the hardware and/or operation elements upon authentication.10-30-2008
20080271123System and Method For Controlling Devices in a Home-Automation Network - A home-automation system (10-30-2008
20100146596Method And A Device For Improved Service Authorization06-10-2010
20100146593Secure Document Management - A method for providing secure document management includes receiving a document from a user having an associated security access profile and generating a security label to be stored as an attribute of the document. The security label includes a clearance component selected from an authorized subset of clearance components that are determined based on the security access profile associated with the user, and also includes one or more secondary security components selected from an authorized subset of secondary security components that are determined based on the clearance component of the security label and the security access profile associated with the user. The method includes storing the document in a document repository storing a plurality of documents each having an associated security label, and determining whether a third-party user is authorized to access the document based on a comparison of a security access profile of the third-party user and the security label associated with the document.06-10-2010
20120198523APPARATUS AND METHOD FOR MANAGING ACCESS AMONG DEVICES - Provided are a method, system, and computer storage device for managing zone information for devices in a network. A zone table includes entries indicating whether devices in at least one zone are permitted to communicate. An attributes table has attributes of the devices indicated in the zone table. A determination is made of attributes from the attributes table for devices indicated in the zone table entries as being permitted to communicate. The entries in the zone table indicating that devices can communicate are verified by determining whether the attributes for the devices indicated as permitted to communicate in the entries in the zone table are consistent with the determined devices being able to communicate. Information is outputted indicating whether the entries in the zone table indicating that devices can communicate are in error.08-02-2012
20130219476Authentication routing system and method for cloud computing service and authentication router - The disclosure discloses an authentication routing system and method for a cloud computing service and an authentication router. The method comprises the following steps: an authentication router registers a cloud computing service and saves the registration information of a cloud computing service registered successfully (08-22-2013
20090158396Secure Home-to-Vehicle Wireless Connectivity - A method for providing a secure communications link between a home PC and a vehicle through a wireless access point. The method includes providing a wireless connection between a vehicle communications system and the wireless access point and causing a user of the PC to initiate a communication with the vehicle communications system through the wireless access point so as to allow the user to send information to the vehicle from the home PC. The method also includes causing the vehicle communications system to send an authentication challenge to the PC, such as identifying a user name and password, to authorize the user to communicate with the vehicle communications system, and establishing a secure communications link between the vehicle communications system and the PC if the user responds to the challenge with a correct response.06-18-2009
20110271329CROSS-NETWORK REPUTATION FOR ONLINE SERVICES - A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score.11-03-2011
20130219475PORTABLE IDENTITY RATING - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores.08-22-2013
20130219474METHOD AND SYSTEM FOR PROVIDING SERVICE ACCESS TO A USER - A method and system for providing service access to a user, includes the steps of: 08-22-2013
20120036559SYSTEM, METHOD AND APPARATUS FOR SECURITY MANAGEMENT OF AN ELECTRONIC DEVICE - A system, method and apparatus for security management of an electronic device or subscriber are provided. In one aspect, the system includes a profile server and an inspection point server that are both connectable to a mobile electronic device. The mobile electronic device is configured to send contextual data such as location data or information pertaining to the identity of the subscriber from the device and into a network attached to the mobile electronic device. The profile server is configured to authorize (or deny authorization) the release of contextual data such as location data or information pertaining to the identity of the subscriber. The inspection point server is configured to intercept the contextual data such as location data or information pertaining to the identity of the subscriber being sent from the device and query the profile server to determine if the request was authorized.02-09-2012
20090165094Terminal activation method - The invention relates to a method for activating a terminal (06-25-2009
20090165095NETWORK CONNECTION TERMINAL AUTHENTICATION METHOD AND APPARATUS - A network connection terminal authenticating method that authenticates a terminal device demands communication with other terminal device in a computer network. The network connection terminal authenticating method include authenticating the terminal device outside a communication path between the terminal device and the other terminal device in response to a demand for communication of the terminal device with the other terminal device and determining whether communication with the other terminal device is permitted, and starting data transmission from the terminal device to the other terminal device when the terminal device is authenticated in the authenticating.06-25-2009
20090165093INFORMATION PROCESSING APPARATUS AND IDENTIFICATION CONTROL METHOD - According to one embodiment, an information processing apparatus includes a cabinet, a first storage module contained in the cabinet, a communication unit which is detachably inserted into the cabinet, equipped with a second storage module, and used for connecting to a communication line, a verification module which verifies identification information of the communication unit stored in the first storage module against that of the communication unit stored in the second storage module after receiving an instruction of activation of the information processing apparatus, a registration module which registers with the predetermined server unit for use of the communication unit when verification is performed against the identification information of the communication unit stored in the predetermined server unit and the use of the communication unit is determined to be matching.06-25-2009
20090165092Sustained authentication of a customer in a physical environment - A system for use in allowing a user to conduct one or more transactions at one or more touchpoints in a business facility includes an authentication component, a tracking component, and a control component. The authentication component is configured to authenticate the user as a person allowed to conduct the one or more transactions. The tracking component is configured to track the user's location within the facility as the user moves through the facility. The control component is configured (a) to receive authentication information from the authentication component, (b) to receive location information from the tracking component, (c) to use the location information to recognize that the user has moved into position to engage one of the touchpoints, and (d) to deliver a message to the touchpoint authorizing the touchpoint to engage in one or more transactions with the user.06-25-2009
20090133104Device Access Based on Centralized Authentication - Access control to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user, based on centralized access management information. Access control comprises receiving authenticated information for the walk-up user from the networked peripheral device at a centralized location, determining at the networked peripheral device a level of access to the networked peripheral device by the walk-up user based on received access management information for the walk-up user, and allowing the walk-up user to access the determined user-available features of the networked peripheral device based on the determined level of access.05-21-2009
20090187975SYSTEMS FOR AUTHENTICATING A USER'S CREDENTIALS AGAINST MULTIPLE SETS OF CREDENTIALS - Provided are systems for authenticating the identity of a user for use in a distributed computer network including multiple sets of access credentials. A user request, including the user's input credentials, is received, and then compared simultaneously to multiple sets of access credentials in order to verify the user's input credentials. When the user's input credentials are verified, the appropriate level of access authority is then determined, and proper access is granted to the user.07-23-2009
20090187977SERVICE VERIFYING SYSTEM, AUTHENTICATION REQUESTING TERMINAL, SERVICE UTILIZING TERMINAL, AND SERVICE PROVIDING METHOD - An object is to provide a service providing method capable of curbing rise of cost A service providing method according to the present invention is one for providing services A and B, which authenticates a user of an authentication requesting terminal in order to make service A available to the user and which determines whether service B is available to the user, in a state in which the user is authenticated about service A. When service B is determined to be available, a permission message is stored and a permission response based on the permission message for utilization of service B is transmitted to the authentication requesting terminal. Then the permission message on which a utilization request message from a service utilizing terminal is based, is verified, and, if it is in an available status, the service utilizing terminal is permitted to utilize service B. The use of the authentication result on service A obviates a need for provision of new authentication means for service B, so as to lead to reduction of cost.07-23-2009
20090187973SYSTEM AND METHOD FOR VERIFYING AN ATTRIBUTE IN RECORDS FOR PROCUREMENT APPLICATION - A system and associated method for verifying an attribute in records for a procurement application. The procurement application employs a database having a company profile record, a user profile record, and a requisition object record, among which share a company_code attribute as a target attribute that is desired to be valid. The company profile record has a validity attribute, and the requisition object record has a validity flag, to indicate validities of the value for the target attribute in respective record. A company profile configuration module configures the company profile record. A user profile verification module prohibits a user without a valid user profile from accessing the procurement application. A user profile cleanup program removes invalid user profile records from the database. A requisition object verification module checks out valid values for the company_code attribute from the company profile records and blocks modification to invalid requisition objects.07-23-2009
20090138945High-Performance Network Content Analysis Platform - One implementation of a method reassembles complete client-server conversation streams, applies decoders and/or decompressors, and analyzes the resulting data stream using multi-dimensional content profiling and/or weighted keyword-in-context. The method may detect the extrusion of the data, for example, even if the data has been modified from its original form and/or document type. The decoders may also uncover hidden transport mechanisms such as, for example, e-mail attachments. The method may further detect unauthorized (e.g., rogue) encrypted sessions and stop data transfers deemed malicious. The method allows, for example, for building 2 Gbps (Full-Duplex)-capable extrusion prevention machines.05-28-2009
20090138943TRANSACTION METHOD IN 3D VIRTUAL SPACE, PROGRAM PRODUCT AND SERVER SYSTEM - A method for carrying out a secure transaction in a 3D virtual space is desired from both an administrator side operating a facility and a user side. It is also desired to solve the problems such as the confidentiality of a transaction in the 3D virtual space and a phishing scam. In the present invention, a copy space of an original space of a facility in the 3D virtual space is created. Since only avatars permitted to enter the copy space can enter the copy space, a secure transaction can be carried out between the facility and a user avatar.05-28-2009
20090138942SECURE OVER-THE-AIR MODIFICATION OF AUTOMOTIVE VEHICULAR OPTIONS - A method and system are provided for secure over-the-air modification of vehicular options by a vehicle user. The system includes a vehicle and a secure server. The vehicle includes receiver circuitry for receiving and demodulating wireless signals and a controller coupled to the receiver. The secure server is accessible by the vehicle user and generates a vehicular option modification package for provision to the vehicle by generating option parameter modification instructions in response to user parameter modification requests from the vehicle owner and generating authentication information in response to unique server authentication information associated with the secure server. The vehicle's receiver demodulates received wireless signals to generate the vehicular option modification package and the vehicle's controller authenticates the vehicular option modification package and, when the vehicular option modification package is authenticated, modifies the vehicular options of the vehicle in response to the parameter modification instructions.05-28-2009
20090138941Method to enhance Principal Referencing in Identity-based Scenarios - A Principal Referencing method is described herein which enables an inviting principal-A to have access control over their shared resources by introducing a pair of user identifiers associated with an invited principal-B which are created and delivered during an invitation process. Each identifier is shared between two parties. The first identifier is shared between the Discovery Services (DS-A and DS-B) of both principals, invited and inviting. The second identifier identifies the invited principal-B as well, but it is shared between the inviting principal's web service provider (WSP-A) and the DS-A. Thus, the DS-A is the identifier switching point which isolates both identifier planes. The purpose of these two identifiers is to enable the invited principal-B to be referenced/identified during a discovery and access process without compromising her/his privacy by allowing anyone identifier to be shared between more than two parties. This is important since if an identifier was shared between more than two parties, then Liberty Alliance Project's privacy protection requirement would not be satisfied.05-28-2009
20090049528SYSTEM, METHOD AND APPARATUS FOR ESTABLISHING PRIVACY IN INTERNET TRANSACTIONS AND COMMUNICATIONS - A system for conducting a transaction with privacy on a wide area network, the system including a personal access device (PAD) associated with a subscriber to the system, the PAD storing a profile of the subscriber and generating commands, a privacy service provider (PSP) connected to the wide area network, the PAD being accessible by the PSP under first conditions set by the profile and the PSP being responsive to the commands from the PAD, a registered vendor (RV) connected to the wide area network, and a privacy shield network (PSN) connected to the wide area network, the RV being registered with the PSN and the PSN being structured to carry communications between the PSP and the RV related to the transaction under second conditions set by the profile. Advantageously, the PAD stores private data associated with the subscriber, and the PSP releases any of the private data to the RV only under the first and second conditions.02-19-2009
20090044256METHOD, COMPUTER PROGRAM AND APPARATUS FOR CONTROLLING ACCESS TO A COMPUTER RESOURCE AND OBTAINING A BASELINE THEREFOR - A plurality of computer messages are classified into clusters according to the behaviour of the computer messages in the context of a computer resource. For a new message of the plurality of computer messages, it is determined whether the cluster to which the new computer message is classified has been seen previously. A measure is then obtained of the probability that the cluster to which the next new message will be classified has been seen previously.02-12-2009
20090044255DEVICE AUTHENTICATION CONTROL METHOD, DEVICE AUTHENTICATION CONTROL DEVICE, AND BOAT - In a device authentication control method and device, when a connection device is connected to a network mounted on a boat, it is determined whether or not the connection device corresponds to an authentication-free device. If the connection device does not correspond to an authentication-free device, an authenticating action is performed on the connection device. If the connection device does correspond to an authentication-free device, the connection device is exempted from the authenticating action. In this way, when a connection device does not correspond to an authentication-free device, an authenticating action is performed, but when the connection device corresponds to an authentication-free device, the connection device is exempted from an authenticating action. As a result, it is possible to handle specific connection devices as authentication-free.02-12-2009
20090019529Method of Processing Authorization Messages Destined for a Plurality of Mobile Receivers and Method of Transmitting Such Messages - A method of transmitting authorization messages to a plurality of mobile receivers comprises the steps of defining at least one set of authorization messages, a first part of which, forming a first message category, is intended for a first group of mobile receivers, a second part of which, forming a second message category, is intended for a second group of mobile receivers; creating a first authorization message packet containing at least the first part of the set of authorization messages; creating a second authorization message packet containing at least the second part of the set of authorization messages; transmitting the first authorization message packet over a first service, without previously sending information indicating to which mobile receivers the message packets are directed; and transmitting the second authorization message packet over a second service without previously sending information indicating to which mobile receivers the message packets are directed.01-15-2009
20090019528METHOD FOR REALIZING NETWORK ACCESS AUTHENTICATION - A method for realizing network access authentication, wherein a network access authentication device pre-storing a system integrity value of a device waiting to access and a correspondence between each device waiting to access and its system integrity value. When the device waiting to access needs to access the network, it acquires its current system integrity value, and sends the current system integrity value to the network access authentication device; the network access authentication device judges whether the received current system integrity value of the device waiting to access and its stored integrity value of the device waiting to access are identical or not, and in a case where the received current system integrity value of the device waiting to access and its stored integrity value of the device waiting to access are identical, it determines that the network access is authenticated. As such, the network access device could determine the real status of the device waiting to access, and ensure the device accessing to the network is really secure, thereby ensuring the security of the network.01-15-2009
20090172786Encryption Sentinel System and Method - An encryption sentinel system and method protects sensitive data stored on a storage device and includes sentinel software that runs on a client machine, sentinel software that runs on a server machine, and a data storage device. When a client machine requests sensitive data from the data storage device, the data storage device interrogates the sentinel software on the server machine to determine if this client machine has previously been deemed to have proper encryption procedures and authentication. If the sentinel server software has this information stored, it provides an approval or denial to the storage device that releases the data if appropriate. If the sentinel server software does not have this information at hand or the previous information is too old, the sentinel server interrogates the sentinel software that resides on the client machine which scans the client machine and provides an encryption update to the sentinel server software, following which data will be released if appropriate.07-02-2009
20090064289METHOD OF AUTHENTICATING USER USING SERVER AND IMAGE FORMING APPARATUS USING THE METHOD - A method of authenticating a user using a server and an image forming apparatus using the same, the method including: transmitting, from an image forming apparatus to a first server that functions as an authentication server, user authentication information; determining if the first server authenticates the user based on the user authentication information; and transmitting, to a second server that processes image data, the user authentication information if the first server authenticates the user, wherein the second server authenticates the user based on the transmitted user authentication information authenticated by the first server. Thus, the user of the image forming apparatus can be automatically authenticated by the second server by authenticating the user on the first server.03-05-2009
20090064285ELECTRONIC INFORMATION MANAGEMENT DEVICE, COMPUTER READABLE RECORDING MEDIUM, METHOD FOR CONTROLLING ACCESS, AND METHOD FOR TRANSFERRING DATA - An electronic information management device includes: an associating unit that associates electronic information with first access right information with respect to each user, the electronic information being associated with an associated site so that the electronic information is stored at the associated site, the associating unit further associating the associated site with second access right information with respect to each user; a receiving unit that receives a request for access to the electronic information from a user; a determining unit that, when the receiving unit receives a request for access to the electronic information, determines the sum of the first access right information and the second access right information, and, based on the sum of the access right information, determines whether to allow the user to access the electronic information; and an access controlling unit that controls access to the electronic information in accordance with the determination result of the determining unit.03-05-2009
20090025061CONDITIONAL PEER-TO-PEER TRUST IN THE ABSENCE OF CERTIFICATES PERTAINING TO MUTUALLY TRUSTED ENTITIES - A method, apparatus, and electronic device for protecting digital rights are disclosed. A network interface may receive a rights representation for a set of digital content from a source entity. A processor may conditionally accept the set of digital content. A memory may store a local blacklist identifying the source entity if a rights event occurs.01-22-2009
20090025063Role-based access control for redacted content - Apparatus and methods are described for accessing redacted material based on user roles. An author designates portions of content as to-be-redacted. The author establishes various users roles able to access it and defines attributes or time constraints affecting the viewing/using. Upon electronically saving the content, the to-be-redacted portion is encrypted. An intermediary, such as a keytable service, mediates access between later users and the content. Upon identification of a role of a user attempting to interact with the content, and matching the role to one of the author-established roles, the encrypted redacted portion is decrypted. In this manner, users gain access to content based only on their role. The surrounding events are also loggable, traceable, and verifiable. A monitored connection between the user and the content, as well as various user interface options, are other noteworthy features. Computer program products and computing network interaction are also defined.01-22-2009
20090025064ACCESS AUTHENTICATION FOR DISTRIBUTED NETWORKS - The present invention provides an account management system and method for use within a computer network that allows for automated provisioning, configuration, and maintenance of the servers and other devices connected to a computer network. This account management system and method make use of a master directory structure which is replicated by way of a directory structure replication hub to multiple remote data centers in the form of multiple copies of a directory structure. The directory structure allows access to various customers, who may access information contained only within that particular customer's account. Authentication information for each of the customers is located within the copies of the directory structures contained at each customer data center, and therefore transmitting authentication information is not required.01-22-2009
20090025062Verifying authenticity of conference call invitees - A conference call server comprises a collection of computer-executable instructions for facilitating conference call authentication functionality. Computer-executable instructions are provided for authenticating a plurality of invitees to a conference call session during the conference call session. Authenticating the plurality of conference call invitees includes cryptographically verifying an identity of each one of the conference call invitees using information associated with a respective authentication certificate. Computer-executable instructions are provided for outputting identification information contained in the authentication certificate of each one of the conference call invitees in response to successful authentication thereof. The identification information is outputted to at least one of the conference call invitees.01-22-2009
20090013383MONITORING NETWORK SERVICE AFFECTING EVENTS, TAKING ACTION, AND AUTOMATING SUBSCRIBER NOTIFICATION - In one embodiment, a method includes identifying at least one parameter as being associated with a service provided to an entity, as for example a subscriber. The service is arranged to service the entity. The method also includes monitoring the parameter to determine if accessibility to the service by the entity is compromised, and invoking a notification mechanism to send a notification to the entity if it is determined that the accessibility to the service by the entity is compromised. The notification indicates that the accessibility to the service is compromised.01-08-2009
20110225630WIRELESS ROUTER SYSTEM AND METHOD - A wireless router employing a technique to couple a plurality a host services or host systems and a plurality of wireless networks. A method to route data items between a plurality of mobile devices and a plurality of host systems through a common wireless router. A point-to-point communication connection is preferably established between a first host system and a common wireless router, a mobile network message at a mobile device is generated, the mobile network message is transmitted via a wireless network to the common wireless router which in turn routes a data item component of the mobile network message to the appropriate host service.09-15-2011
20110225631INTERACTIVE NETWORKING SYSTEMS WITH USER CLASSES - A networking system may comprise a web site incorporating a combination of one or more of the following: a crediting system, a chat bidding system, a performance bidding system, a telephony switching system, a media interaction system, a display system, a photo management system, and a messaging system. The networking system may categorize each user of the web site into classes, including a featured class, a common class, a sponsored class, and a sponsoring class. The networking system may facilitate user interactions, some of which may be partially dependent on user classes. A featured user may opt to temporarily appear as a common user, thus activating an alternative user profile and hiding his featured status. A sponsored user may participate in interactions on the web site if a sponsoring user offers his credits to pay for the sponsored member's participation. Other aspects of the networking system are also disclosed herein.09-15-2011
20090025065Image output system - When image data is outputted in a special image processing apparatus which has printed confidential data before, a server confirms whether the user who has instructed output is a permitted user or an unpermitted user. If the user is a permitted user, the server permits printing. If the user is an unpermitted user, the server confirms whether a predetermined period has elapsed after the special image processing apparatus was used last. If the predetermined period has elapsed, the server permits printing. If the predetermined period has not elapsed, the server restricts output by stopping printing or by document filing for storing image data. Thus, by restricting use by an outside user, leakage of confidential data is prevented.01-22-2009
20090031403Methods and Apparatuses for Securely Operating Shared Host Computers With Portable Apparatuses - The present invention provides methods and apparatuses that utilize a plurality of portable apparatuses to securely operate a plurality of host computers. Each portable apparatus including an operating system and a list of software applications is installed in a removable data storage medium. An authorization procedure is implemented before establishing a connected-state operation between a portable apparatus and a host computer. The host computer loads the operating system in the portable apparatus into its random access semiconductor memory (RAM) through the established connected-state operation.01-29-2009
20090199274 METHOD AND SYSTEM FOR COLLABORATION DURING AN EVENT - A system and method for gathering data from a plurality of computer environments. The computer environments are authenticated, data is copied from the plurality of authenticated computer environments to a memory location, and access to the memory location is provided to a plurality of authenticated users. The data may be marked so that a user may determine which computer environment provided the data.08-06-2009
20090199275WEB-BROWSER BASED THREE-DIMENSIONAL MEDIA AGGREGATION SOCIAL NETWORKING APPLICATION - Systems and methods for social networking and digital media aggregation represented as a three-dimensional virtual world within a standard web browser are described. In one embodiment, multiple, independent groups of users interact with each other inside a dynamic, three-dimensional virtual environment. These groups may be mutually exclusive and members interact only with other members within the same group. In this manner, system architecture and server requirements may be greatly reduced, since consistent environmental state needs to be maintained only for a small number of interacting participants—typically less than one dozen.08-06-2009
20090199273Row-level security with expression data type - Systems, methods, and other embodiments associated with row level security for a database table are described. One example method includes detecting an access statement seeking access to a row in a database table for which row level security is active. The method includes adding a predicate to the access statement. The predicate is based on an access control expression associated with the row. The access control expression depends on an instance of an expression data type associated with the row. The method includes populating an attribute of the predicate, and controlling access to the row based on a computed value for the predicate.08-06-2009
20090049526METHOD, SYSTEM AND APPARATUS FOR ACCESSING A VISITED NETWORK - The embodiments of the present invention disclose a method for accessing a visited network. The method includes: a user selects a visited network and initiates an access request to a user information application apparatus; when the user information application apparatus detects that the visited network has changed, it obtains a list of authorized visited networks from a user information storage apparatus and checks whether the user is authorized to access the visited network; or the user information storage apparatus checks whether the user is authorized to access the visited network; if the user is authorized to access the visited network, the user information application apparatus returns an access accept response to the user, allowing the user to access the visited network. The embodiments of the present invention also disclose systems and apparatuses for accessing a visited network. The embodiments of the present invention make it possible to accurately check whether the user is authorized to access a visited network.02-19-2009
20090049525Platform for providing a social context to software applications - The present invention provides a system and method for providing a social context to software applications. According to one embodiment of the invention, a user of a social network authorizes access by an external software application to information available in the social network. At some time later, the user of the social network uses an application designed by a third-party software developer. The application contacts the social network provider for permission to access the information available in the social network. If access has been authorized, the application incorporates the information from the social network into its interaction with the user, providing a social context to the user's interaction with the application.02-19-2009
20090049524SYSTEM AND METHOD FOR PARTITIONING A MULTI-LEVEL SECURITY NAMESPACE - The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels.02-19-2009
20090049529Method Of Billing A Purchase Made Over A Computer Network - A method of effecting a sale over a computer network in which it is determined whether a user passes fraud control before effecting a sale over a computer network. Information associated with a method of payment, such as credit card information, debit card information, checking account information, a telephone service account, a cable television account, a utility service account, or an Internet service provider account, is requested from the user after the user passes the fraud control. Information associated with the method of payment is received from the user in real time. Method-of-payment information is communicated to a payment authorization database, which can be located locally or remotely. The method-of-payment information includes the received information associated with the method of payment. Payment authorization information associated with the method of payment is received from the payment authorization database. A sale transaction is completed when the payment authorization information is affirmative. Sale charge information associated with the sale effected over the computer network is transmitted to the payment authorization database when the sale transaction is complete. The sale charge information includes information for charging the method of payment an amount representing a charge for the sale.02-19-2009
20090044258COMMUNICATION METHOD AND SERVICE IN PERSONAL AREA NETWORK - The present invention provides a communication method and device in personal area network, the method for communication between device in a PAN includes: a central device in the PAN receives from a first device in the PAN a communication request for communication with a second device in the PAN; the central device authenticates the first device and the second device; and a point-to-point connection is established between the first device and the second device. Since no access to the access network and the core network is needed during security authentication, thus reducing the signaling traffic of the access network and the core network.02-12-2009
20090044257METHOD AND SYSTEM FOR ASSIGNING HOME AGENT - The invention discloses a method and system for assigning a home agent, and the method includes: indicating, by a visited network, to a home network that the visited network supports the home agent assignment; receiving, by the visited network, authorization information from the home network, the authorization information indicates the visited network is authorized for assigning the home agent; and sending, by the visited network, information about an address of the home agent to a mobile node. The invention can remedy the drawback that the home agent can be assigned to the mobile node only in the home network, thus improving the communication efficiency and reducing the delay. Further, an effective control can be enforced on assignment, so that the visited network can indicate to the home network whether it can support assigning of the home agent, and the home network can enforce a control on whether to perform assignment in the visited network.02-12-2009
20090044254Intelligent electronic document content processing - A network device includes a content processing module that is configured to perform intelligent document content processing, such as confidential information processing, content optimization and workflow optimization. The network device authenticates a user and determines electronic document data that is to be processed. The electronic document data may be created at the network device, e.g., by a scanning module on the network device, or at a client device, e.g., by a word processing application executing on the client device. The content processing module retrieves particular user preference data based upon the user authentication. The particular user preference data may specify confidential information preferences, content optimization preferences and/or workflow preferences. The content processing module performs intelligent document content processing on the electronic document data based upon the particular user preference data and generates processed electronic document data.02-12-2009
20110145892SYSTEM AND METHOD FOR CONTROLLING ACCESS TO AN ELECTRONIC MESSAGE RECIPIENT - A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging.06-16-2011
20110145891Securing Asynchronous Client Server Transactions - A method, system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.06-16-2011
20110145893WEB RESOURCE REQUEST PROCESSING - Improved approaches for providing secure remote access to email resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to email on a mail server within a private network through a common access point. The solution provided by the improved approaches allow not only native access to email resources but also robust authentication approaches.06-16-2011
20090064288HIGHLY SCALABLE APPLICATION NETWORK APPLIANCES WITH VIRTUALIZED SERVICES - An application network appliance with virtualized services is described herein. According to one embodiment, a packet of a network transaction is received from a client for accessing an application server of a datacenter, where the network element operates as an application services gateway of the datacenter. A context associated with the application server is identified based on the packet, including information that identifies application services to be performed on the packet and resources to be allocated for performing the application services. A context includes information representing a logical instance of physical resources of the network element shared by multiple contexts. One or more application services are performed on the packet using the resources identified by the context. Other methods and apparatuses are also described.03-05-2009
20090064287APPLICATION PROTECTION ARCHITECTURE WITH TRIANGULATED AUTHORIZATION - Application protection architecture with triangulated authorization is described herein. According to one embodiment, a packet of a network transaction is received at a network element from a client system over a first network for accessing a destined server of a datacenter over a second network, where network element operates as a security gateway to the datacenter. In response to the packet, one or more user attributes associated with a user of the client system are obtained from an identity store, where the user attributes include a user identifier that identifies the user and a machine identifier that identifies the client system. Authentication and/or authorization are performed on the packet using the user attributes to determine whether the user of the client system is eligible to access the destined server of the datacenter. Other methods and apparatuses are also described.03-05-2009
20090064286Methods and systems for internet security via virtual software - A method for providing internet security includes providing a storage medium including a first executable application module. In response to inputting the storage medium onto a local computer the first executable application module is loaded into virtual memory in the local computer. The first executable application module is executed, the first executable application module providing information identifying at least one remote server. Communication is performed between the local computer and the remote server using the information provided by the first executable application module. The remote server is instructed to send a second application module to the local computer. Upon receipt of the second application module, the second application module is loaded into virtual memory on the local computer. The second application module is executed from virtual memory and a prompt is displayed to the user.03-05-2009
20120079566SECURE OUT-OF-BAND MANAGEMENT OF COMPUTING DEVICES OVER A COMMUNICATIONS NETWORK - A method on a computer system for facilitating management of virtual machines in a private data center over a communications network can be provided. The method can include receiving, by a first computer in the private data center, a request via the communications network from a user for access to a subset of a plurality of virtual machines in the private data center. The method can further include executing a first authentication process by proxy between the user and the first computer and executing a second authentication process by proxy between the user and a second computer at the private data center. The method can further include establishing a secure, out-of-band connection between the user and the subset of the plurality of virtual machines in the private data network and restricting access of the user to the subset of the plurality of virtual machines according to permissions associated with the user.03-29-2012
20090083837STORAGE CONTROLLER FOR CONTROLLING ACCESS BASED ON LOCATION OF CONTROLLER - Provided is a controller in a computer system, the computer system including a plurality of data storage systems, and at least one controller for controlling access to data stored in the plurality of data storage systems, the each controller including: an interface coupled to the network; a processor coupled to the interface; and a storage unit coupled to the processor, in which: the storage unit holds attribute information indicating whether to permit access to the data; and the processor is configured to: receive a writing request of the data from a client computer coupled to the network; judge whether each of the each controller permits the requested writing based on the held attribute information and information of a location where the each controller is installed; and write the data in a data storage system controlled by a controller judged to permit the writing.03-26-2009
20080263639System for securing inbound and outbound data packet flow in a computer network - A method provides for control of access to network resources. A virtual identity machine resides in the network and is pre-authorized to access certain network resources. End users desiring access to those network resources attempt to logically connect to the virtual identity machines. If the logical connection attempt is successful, then the end user assumes the virtual identity of the virtual identity machine and has access to all of the same information that was available to the virtual identity machine.10-23-2008
20080263638AUTHORIZATION FOR ACCESS TO WEB SERVICE RESOURCES - A web service includes a protected resource. A requester requests access to the protected resource by sending a request to the web service. The web service prevents access to the web service until the request has been authorized by an authorizer. After the request has been authorized by the authorizer, the web service allows the requester to access the protected resource.10-23-2008
20080263636METHOD AND SYSTEM FOR VALIDATING ACTIVE COMPUTER TERMINAL SESSIONS - Systems, methods and program codes are provided wherein an analyzer analyzes input from a terminal device; ascertains human-like behavior; and terminates an active session, generates a time-out warning, manipulates an idle session timer or presents a challenge in response to a humanness likelihood determination or to a challenge result. In one aspect a keystroke analyzer and a command sequence analyzer determine whether the terminal device input is likely from a human user or from an automaton. In another aspect a Completely Automated Public Turing Test to tell Computers and Humans Apart challenge is presented. Timing characteristics include maximum generation rate, burstiness, and keystroke sequence delays, and command characteristics include a no-action-required characteristic and a query characteristic. A command sequence analyzer may have an affinity for a command line interface. Weighting algorithms or artificial intelligence routines may be applied to humanness likelihood outputs.10-23-2008
20080263635POLICY STORE - A method for obtaining resource restriction information of a client application's resource includes: receiving authentication information from one of a plurality of authentication modules; identifying a client application's resource and authentication module based on the received authentication information; locating a policy store that is associated with the identified client application's resource, the policy store containing resource restriction information for each of the plurality of authentication modules; and obtaining the resource restriction information associated with the identified authentication module from the policy store.10-23-2008
20080263637Information Distribution System and Terminal Device - A terminal device that can, when delivering information to an other terminal device, control delivery of the information from a primary delivery destination to a secondary delivery destination is provided. The terminal device stores a primary delivery condition regarding whether delivery of the information to the primary delivery destination is prohibited or permitted, and trustability showing a degree of trust of a user in the primary delivery destination. The terminal device judges whether or not to deliver the information to the primary delivery destination, by using the primary delivery condition. When judging to deliver the information, the terminal device calculates a secondary delivery condition using the trustability and the primary delivery condition, the secondary delivery condition regarding whether delivery of the information from the primary delivery destination to the secondary delivery destination is prohibited or permitted. The terminal device sends the generated secondary delivery condition to the primary delivery destination.10-23-2008
20110231908TECHNIQUES FOR PROJECT LIFECYCLE STAGED-BASED ACCESS CONTROL - Techniques for project lifecycle staged-based access control are provided. Access control rights are defined for a stage of a project's lifecycle. As requestors transition to the stage, the access control rights are enforced on top of any existing security restrictions. In an embodiment, selective resources are not visible to requestors within the stage in response to the access control rights.09-22-2011
20110231907METHOD AND APPARATUS FOR PROVIDING NETWORK SECURITY USING ROLE-BASED ACCESS CONTROL - A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.09-22-2011
20110231906INFORMATION PROCESSING APPARATUS, CONTENT MANAGEMENT METHOD, AND COMPUTER-READABLE NON-TRANSITORY RECORDING MEDIUM ENCODED WITH CONTENT MANAGEMENT PROGRAM - An information processing apparatus includes: a storage portion having a plurality of storage areas; an authentication portion for authenticating a user; a content setting portion for storing content set public by the authenticated user in a public storage area with no access restriction, of the plurality of storage areas of the storage portion, and for storing content set private into a personal storage area accessible only by the authenticated user, of the plurality of storage areas of the storage portion; and an access permission portion for, when a predetermined process is executed on the content set private stored in the personal storage area, making the content set private accessible by others through the public storage area.09-22-2011
20120144454APPARATUS FOR MANAGING AUTHORIZATION IN SOFTWARE-AS-A-SERVICE PLATFORM AND METHOD FOR THE SAME - An authorization management apparatus and method in a software-as-a-service (SaaS) platform is disclosed. The present invention provides an automated authorization management apparatus and method which can efficiently reduce errors by applying a basic authority of a virtual tenant, which is predefined for an application to be provided to a tenant, as it is to the tenant requesting the use of the application. Moreover, the present invention provides an authorization management apparatus and method which can provide services customized to various tenants by defining a role appropriate for the condition of each tenant and allocating an application resource for each role. The authorization management apparatus includes a user application access control device, an access control device for a user's resource, a virtual tenant authority definition device, and a tenant authority definition device.06-07-2012
20090178121 Method For Restricting Access To Data Of Group Members And Group Management Computers - The invention relates to a method for restricting the access to data of group members of a service subscriber group. Group members of a service subscriber group are each assigned an identifier. The data of the group members are assigned to the identifier in each case and the data of the group members are stored in a data memory (DS07-09-2009
20090210931Printing Apparatus Management System, Printing Apparatus Management Method, and Printing Apparatus Management Program - A printing apparatus management system includes: a printing apparatus which includes an IC tag performing wireless communication with the outside and a memory being connected to the IC tag; and a first information terminal which has at least a function of writing information in the memory through wireless communication with the IC tag. The first information terminal maintains authentication data used by the printing apparatus, writes the authentication data in the memory, and transmits the authentication data to another information terminal. In addition, the printing apparatus interrupts a predetermined function, when the authentication data is written by the first information terminal, and in a state where authentication data is written in the memory by the first information terminal or an information terminal other than the first information terminal in the interruption state, the printing apparatus makes the predetermined function effective, when the authentication data written by the first information terminal before the interruption state and the authentication data written by the first information terminal or the information terminal other than the first information terminal after the interruption state accord with each other.08-20-2009
20080289011Dualistic Microprocessor System for Purpose of Controlling Personal Computer Internet Communication Resource - A system comprising of both software on a target computer and software residing on a removable hardware device, (currently embodiment is a USB device) designed for the sole purpose of limiting and or controlling Internet (IP based network) communications, based upon the presence of the external device. The system utilizes a unique device descriptor along with a unique stored identifier of the Physical Control Node (PCN) for the purposes of enabling the target computer to discriminate devices. A unique identifier held within the computer allows the PCN to discriminate the target computer. Furthermore, allowed IP addresses are stored in the PCN and or computer for the purpose of allowing access to specific IP addresses while connected. Tertiary criteria can be stored within the PCN and or computer for the purposes of further defining system behavior i.e. calendar and time restricted behavior, while logging associated events.11-20-2008
20090222894Systems and Methods for Delegation and Notification of Administration of Internet Access - Disclosed are systems, methods, and computer readable media for delegating administrative rights to a third party in an Internet access control application comprising receiving a designation of a third party wherein the designation identifies the third party as a recipient of administrative rights in an access control application, and receiving a selection of administrative rights to be associated with the third party. Further, an invitation can be sent, or caused to be sent, to the third party. Acceptance of said invitation can be received. Also, administrative rights can be granted to the third party. The systems, methods, and computer readable media can be operable within a client/server architecture. Also disclosed are systems, methods, and computer readable media for notification of an access policy violation. Also disclosed are systems, methods, and computer readable media for administration of an access control application by a third party and access policy violation notification.09-03-2009
20090205022ADVANCED ACCESS CONTROL FOR MEDICAL AD HOC BODY SENSOR NETWORKS - A secure wireless network (08-13-2009
20090205021MANAGEMENT OF RIGHTS CLEARANCE NEGOTIATIONS AND BROKERING OVER A NETWORK - Managing negotiations to clear rights for using an asset. A rights requester requests approval through a broker to a rights holder, such as a film studio, to use an image or other asset in a project, such as an advertising campaign. The rights requester or broker provides initial terms, such as fee amounts, type of use, sample of use, territory, or other terms. The broker notifies the rights holder of the opportunity, and provides an interface that enables the rights holder to review, revise, forward, approve, or otherwise manipulate the opportunity. The interface also enables the rights holder to search, sort, filter, analyze, and obtain aggregated information on a number of opportunities. Based on such actions, the broker can propose additional or alternate terms or opportunities. The broker may also automatically accept a counter offer if the revised terms fall within predefined ranges. Alternatively, relays a requester's reply offer.08-13-2009
20090205019Mobile access to location-based community services - The present invention discloses a method of accessing a network service via a mobile end device of a user in a wireless network wherein a first localisation procedure is performed in order to ascertain a position of the mobile end device. The availability of the network service is determined if the mobile and device is within or is about to enter a predetermined zone in which the network service is available. Then, the number of users of said network service in said zone is determined by using a second localisation procedure. Dependent on the number of users of the network service in said zone, one or more parameters for access of the network service by the mobile end user are set.08-13-2009
20120198522Method for Information Editorial Controls - A method comprises the steps of submitting at least one comment regarding an editorially-controlled content to be published with the editorially-controlled content. The published comment is authored by a contributing member of an online community. A rating of the published comment is entered. The rating is determined by at least one reviewing member of the online community. Points are assigned within a predefined range for ratings of the published comment that exceeds a predetermined level. The points are assigned to the contributing member by an editor of the online community in which the points identify subject matter expertise for the contributing member. Awarded points are received in which the awarded points received by the contributing member comprise the points capped by a maximum number assigned to the editorially-controlled content.08-02-2012
20090210929INTER-PROCESS NETWORKING FOR MANY-CORE OPERATING SYSTEMS - Systems and methods that facilitate inter-process networking are described that can provide inter-process communication, firewall restrictions, process and host mobility, as well as parallelization of task performance. In various embodiments, a computer process can be provided with its own internet protocol address and network stack to facilitate inter-process networking. In further embodiments, a gateway process can facilitate process mobility, host mobility, and parallelization of task performance, as well as management of a host area network by facilitating inter-process communication between suitably configured processes.08-20-2009
20090222893LEGACY DEVICE REGISTERING METHOD, DATA TRANSFERRING METHOD AND LEGACY DEVICE AUTHENTICATING METHOD - A method of registering a legacy device, a method of transferring data, and a method of authenticating a legacy device are provided. The method of registering a legacy device by using a virtual client, which allows the legacy device to access a domain, includes: receiving unique information on the legacy device from the legacy device which requests the domain to register the legacy device; searching a registrable legacy device list including the unique information on the legacy device which can be registered in the domain for the unique information on the legacy device; and requesting a domain manager, which manages the domain, to register the legacy device, when the unique information on the legacy device is included in the registrable legacy device list, and not allowing the legacy device to be registered in the domain when the unique information on the legacy device is not included in the registrable legacy device list.09-03-2009
20110145895COMMUNICATION SYSTEM - A communication network (06-16-2011
20090254979Method of and System for Enforcing Authentication Strength for Remote Portlets - In a method of and system for enforcing authentication strength for remote portlets, a portlet is provided by a producer portal and consumed as remote portlet by a consumer portal. The producer portal defines an authentication strength level requirement for the portlet. A user requests the remote portlet from the consumer portal. The consumer portal authenticates the user with a particular authentication method that implies a particular authentication strength level. The producer portal authenticates the consumer portal with a particular authentication method that implies a particular authentication strength assertion level. The consumer portal requests the portlet from the producer portal with an assertion of the authentication strength level of the user. The producer portal rejects the request from the consumer portal if the authentication strength level of the user is less than the authentication strength level requirement for the portlet. The producer portal also rejects the request from the consumer portal if the authentication strength assertion level of the consumer portal is not high enough to assert the authentication strength level of the user. The producer portal accepts the request from the consumer portal only if the authentication strength level of the user is not less than the authentication strength level requirement for the portlet and the authentication strength assertion level of the consumer portal is high enough to assert the authentication strength level of the user.10-08-2009
20090205023PROVIDING COMMUNICATIONS USING A DISTRIBUTED MOBILE ARCHITECTURE - A communication apparatus is disclosed that includes a wireless transceiver and a computer readable storage medium. A mobile switching center (MSC) module is embedded in the computer readable storage medium. The MSC module includes an authentication, authorization, and accounting (AAA) module configured to support generation of a set of call detail records at the communication apparatus. A base station controller (BSC) module is also embedded in the computer readable storage medium. The communication apparatus is adapted to transmit Internet Protocol (IP) packet data received at the wireless transceiver to a second apparatus via a peer-to-peer IP connection.08-13-2009
20090205020INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD AND COMPUTER READABLE MEDIUM - An information processing apparatus includes a first setting section, and a second setting section. The first setting section sets, when a first user is in a first status which indicates the first user moves out from a first group, a first authority under which the first user is permitted to read out and prohibited to write into the first electronic information. The first setting section sets, when a second user is in a second status which indicates the second user moves into a second group, a second authority under which the second user is permitted to read out and prohibited to write into the second electronic information. The second setting section cancels, when the first user satisfies a first condition, the first authority. The second setting section changes, when the second user satisfies a second condition, the second authority into an authority based on the second group.08-13-2009
20090254978DELEGATED AUTHENTICATION FOR WEB SERVICES - Embodiments of the claimed subject matter provide a method and an apparatus for enabling delegated authentication for web services. Delegated authentication is provided without divulging the information the user requires to complete an authorization procedure of another web service or otherwise subjecting the user to unnecessary risk. Furthermore, delegated authentication is granted for a limited duration and access is subject to further limitations to prevent unnecessary intrusion to the user, the user's data, and the host web service.10-08-2009
20090254977Method and Apparatus for Communicating Information Between Devices - A network of devices permits data to be stored on the devices and subsequently searched and accessed from any other one of the devices. A plurality of channels are defined to distribute a plurality of access points throughout the network. A mechanism securely assigns authorizations to users to read or write from or to specified ones of the channels, which authorizations are capable of being checked by each of the access points. To write into a channel, a request is made to one of the access points which checks if the requesting user is authorized to write onto the requested channel. If appropriate, the data is associated with the requested channel. To search for data from a particular channel or group of channels, a search request is made to one of the access points which first checks the requesting user is authorized to read from the requested channel or group of channels. If appropriate it issues a corresponding search request or requests to a subset of the devices which checks to see if stored data satisfying the request exists there and, if so, the data is transmitted to the requesting user. Otherwise the search request is forwarded to another one or more of the devices.10-08-2009
20090276834SECURING RESOURCE STORES WITH CLAIMS-BASED SECURITY - The present invention extends to methods, systems, and computer program products for securing resource stores with claims-based security. From policy information, a resource store populates a security table of permissions. The permissions authorize resource access based on received claims. Sessions submit claims to the resource store. The resource store accumulates claims for a session into a claims list. From the claims list and the security table, the resource store filters out a subset of metadata including resource IDs for resources the session is authorized to access. Since the metadata corresponds to the session, any application using the session is given similar access to resources at the resource store.11-05-2009
20090276832Controllable Information Diffusion Method - A method of sending data via a communications network NTWK interconnecting terminals (T11-05-2009
20080313716ROLE-BASED ACCESS CONTROL TO COMPUTING RESOURCES IN AN INTER-ORGANIZATIONAL COMMUNITY - A method for controlling access to a plurality of computing resources in a distributed computing environment can comprise the steps of: an application role server, responsive to receiving a certificate request, authenticating the requester and issuing a digital certificate to the requester; an access control node, responsive to receiving a resource access request, granting access to the computing resource to the requester upon ascertaining the requestor's access privileges, or forwarding the resource access request to another access control node.12-18-2008
20080313712TRANSFORMATION OF SEQUENTIAL ACCESS CONTROL LISTS UTILIZING CERTIFICATES - The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.12-18-2008
20090249449PERSONAL CRITERIA VERIFICATION USING FRACTIONAL INFORMATION - A method for verifying the identity of users connected to a computer network comprises providing fractional information queries to users, wherein responses to these individual queries are not sufficient to identify the user. This method further comprises receiving responses to these fractional information queries and comparing these responses to data available from within a computer network. A set of potential matches to the user is generated according to these responses and is used in determining whether the set of potential matches is sufficient to identify the user.10-01-2009
20090249448METHOD AND APPARATUS FOR HANDLING SECURITY LEVEL OF DEVICE ON NETWORK - Provided is a method of controlling a security level of a device. The method includes: requesting a server to authenticate a device, wherein the requesting is performed by a second application installed in the device; generating a device-server session for communication between the server and the device, based on the authentication of the device by the server; requesting access to the server by using the generated device-server session, wherein the requesting is performed by a first application installed in the device; and receiving content from the server due to the first application accessing the server.10-01-2009
20090249447Information processing system and computer-readable recording medium - When a user makes a remote log-in to a server apparatus from a terminal apparatus, a password managing apparatus, which manages the name of a user of the server apparatus, his/her direct log-in password and transformation rule, displays an authentication purpose symbol sequence on a display apparatus. The user transforms the displayed sequence by his/her transformation rule and supplies, via the terminal apparatus, his/her user name and the post-transformation symbol sequence to the server apparatus, which then sends them to the password managing apparatus. If the result of applying the user's transformation rule to any authentication purpose symbol sequence generated in the past coincides with the post-transformation symbol sequence, the password managing apparatus sends the direct log-in password to the server apparatus to pass the remote log-in to the server apparatus by the terminal apparatus as a success.10-01-2009
20110145894PERSONAL SECURITY MANAGER FOR UBIQUITOUS PATIENT MONITORING - The present invention relates to a system and corresponding method for a secure end-to-end patient healthcare system which includes wireless medical sensors adapted to be attached to a patient's body and in communication with each other forming a body sensor network within a wireless medical sensor network including one or more body sensor networks; λ-secure keying means incorporated into each wireless medical sensor for enabling secure communications between the wireless medical sensors, and a personal security manager within the body sensor network and in communication with the wireless medical sensors within the body sensor network, the personal security manager providing secure communications with backend services and providing security relationships within the body sensor network by means of the λ-secure keying means, wherein the λ-secure keying means are such that a coalition of no more than λ compromised wireless medical sensors conceals a pairwise key between any two non-compromised wireless medical sensors and provides protection against node compromise until λ+1 wireless medical sensors have been compromised.06-16-2011
20100162366APPARATUS AND METHOD OF PROTECTING PRIVATE INFORMATION IN DISTRIBUTED NETWORK - Disclosed are methods and apparatus to protect private information in a distributed network. In the distributed network, a service request terminal may receive, from a service providing terminal, trust information related to a level of trust of the service providing terminal with respect to a desired service. Also, the service request terminal may verify whether to be provided with the desired service from the service providing terminal based on the trust information, thereby preventing private information of the service request terminal from being leaked. In addition, the service request terminal may easily verify the identity of the service providing terminal when the service request terminal re-visits the service providing terminal.06-24-2010
20100162365Internet-Based Group Website Technology for Content Management and Exchange (System and Methods) - Internet Based System and Methods for implementing a Group Website Technology Platform for Content Management and Exchange by providing institutions with the means for allowing: A) The Creation of the Educational Group (any group) composed by: A1) A Community Website for Professors (Teachers)/Projects/Education Officials, A2) A Community Website for Students, A3) Individual Website for Professors/Projects/Students. B) The Communication within the Educational Group: B1) Among entity websites (Community, Professors, Projects and Students), B2) To electronic mail via e-mail devices and/or text-messaging devices. These entity websites are independent Content Management Systems (CMS) reachable by their own domain names and/or any search engine. Each CMS includes their own security system, user-defined and predefined pages for forums, blogs, video libraries, marketplace, professional profiles, etc. Each CMS is connected to the Educational Group (GCMS) allowing the Management and Exchange of Content within the Group and among groups.06-24-2010
20100162364HIERARCHICAL STRUCTURE OF A NOTIFICATION SYSTEM INCLUDING RIGHTS BASED ON ROLES - A method for determining access privileges for transmitting mass notifications, is disclosed. The method includes storing information regarding user-level access privileges of a group to transmit a notification. The user group includes a user that inherits the user-level access privileges of the user group. The method also includes storing information regarding administrator-level access privileges of an administrator group, and permitting access to transmit the notification by the user based on the user's access privileges, the at least one notification, and the at least one recipient. The administrator group includes an administrator that inherits the administrator-level access privileges. The administration module is configurable by the administrator based on the administrator's access privileges. A system for determining access privileges for transmitting mass notifications is also provided.06-24-2010
20100162363INTEGRATED SERVICE IDENTITY FOR DIFFERENT TYPES OF INFORMATION EXCHANGE SERVICES - A service provisioning method includes providing a differentiated set of information exchange services to a user. In some embodiments, differentiation between or among the provided services may include differentiated access networks, differentiated physical network layers, and/or differentiated service providers. An integrated service identity may be generated and/or maintained by the service provider(s) or by a third party. The integrated services identity may enable the user to define preference settings applicable to the information exchange services, to process billable events and activity and to issue integrated statements encompassing all of the information exchange services provided to the user, and enabling the user to access customer support services for any of the information exchange services and further enabling the logging of all customer support activities to the integrated service identity.06-24-2010
20090260064METHOD AND PROCESS FOR REGISTERING A DEVICE TO VERIFY TRANSACTIONS - A user-oriented verification system and method provides for verification and fraud reduction in transactions. Users create verification accounts and register one or more devices with the account. Entity data provided by the user is selectively paired with device identifiers associated with registered devices. The entity/device pairs dictate the type and scope of transactions that may be entered into by each registered device. During a transaction, a requester provides entity/device information collected from a user to the verification system. If the entity/device information matches records stored by the verification system (i.e., the user has previously registered the device and associated selected entity information with the device) then the transaction is verified and notice is provided to the requester.10-15-2009
20080307502USER MESSAGE MANAGEMENT METHODS AND SYSTEMS - User message management methods and systems for use in an IPMI (Intelligent Platform Management Interface) system. A BMC (Baseboard Management Controller) receives a request to access a user message list in a storage unit from a console. The BMC performs operations by accessing at least one user message in the user message list based on the request.12-11-2008
20080307512Property Centric Real Estate Maps with Personalized Points of Interest - This patent describes a method for the Sellers of Real Estate to annotate, personalize and highlight the surroundings of their property-for-sale using graphical icons on a digital map. Potential buyers can view surroundings of Real Estate properties that are so annotated. This method describes a web-based, secure and personalized conduit that is established between the seller and all potential buyers. Also described is the method in which sellers can customize the process of annotating their property so that every subsequent annotation takes less time than the last.12-11-2008
20080307510Information processing apparatus and information processing method - A multifunction product, when receiving input of login name and password, requests an LDAP server to perform authentication by using a pre-set representative ID. If the authentication is successful, the multifunction product requests the LDAP server to search for user information (DN) with the use of the login name, and after acquiring the DN, requests the LDAP server to perform authentication with the use of the DN. If the authentication processing is successful, the multifunction product permits a search for user information stored in the LDAP server.12-11-2008
20080307505DETERMINING ROLES FOR AUTOMATED TASKS IN A ROLE-BASED ACCESS CONTROL ENVIRONMENT - A computer implemented method, apparatus, and computer program product for performing an automated task in a role-based access control environment. A set of roles is assigned to a user to form assigned roles, wherein the role-based access control environment allows the user to assume a subset of the assigned roles at a given time. Responsive to receiving a request to execute an automated task, an identity of the user creating the automated task is identified. Responsive to determining that the user creating the automated task is not logged in, a set of session roles are identified based on the identity of the user. A session is created for the automated task. The automated task is performed in the session using the set of session roles.12-11-2008
20080307503System and Method for Search Parameter Data Entry And Result Access In A Law Enforcement Multiple Domain Security Environment - A system and method for law enforcement query entry that enables universal platform access without requiring specialized platform software by utilizing a keystroke efficient lexicon for data entry that is converted to standardized search commands by a back end server and by displaying search results in accordance with user, platform, network, and data security constraints.12-11-2008
20080307508Method for using time from a trusted host device - A method for using time from a trusted host device is disclosed. In one embodiment, an application on a memory device receives a request to perform a time-based operation from an entity authenticated by the memory device, wherein the entity is running on a host device. The application selects time from the host device instead of time from a time module on the memory device to perform the time-based operation and uses the time from the host device to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.12-11-2008
20080307511Network invitation arrangement and method - Method and arrangement for enabling communications between an entity operating a network including a first user, and a second user includes sending a message from the first user to the entity informing the entity of identification information of the second user interested in joining the network, sending from the entity to the first user a key to allow the second user to communicate with the entity, providing a message from the first user directly to the second user containing the key, sending a message from the second user to the entity using the key, determining whether the key sent by the second user corresponds to the key provided by the entity to the first user, and if so enabling communications between the second user and the entity. The ability of the first user to obtain a key to enable the second user to join the network is time-limited.12-11-2008
20080307509METHOD AND APPARATUS FOR CONTROLLING HOME NETWORK DEVICES USING RICH SITE SUMMARY SERVICE - A method of controlling at least one home network device, in which a home network periodically connects to a rich site summary (RSS) server, fetches a control command for the at least one home network device, and controls the at least one home network device on the basis of the fetched control command.12-11-2008
20080307507Memory device using time from a trusted host device - A memory device for using time from a trusted host device is disclosed. In one embodiment, a memory device comprises a memory array and circuitry operative to provide a security system operative to authenticate an entity running on a host device, a time module that keeps track of time, and an application operative to perform a time-based operation, wherein the application is further operative to use time from the host device instead of time from the time module to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.12-11-2008
20080307506AUTHORIZATION FRAMEWORK - Embodiments of the present invention provide an authorization framework that can accept one or more pluggable authorization modules and the final authorization decision can be a collective decision of these modules based on some criteria. The authorization framework of the present invention can be used by an application to call upon one or more pluggable authorization modules, which can be configured externally by some mechanism, to make individual authorization decisions. The overall authorization decision by the authorization framework is cumulative decision of the individual modules based on some criteria that can be configured. Each pluggable authorization module can be configured to perform its own authorization decision making process that can be different from those of the other modules.12-11-2008
20100186069METHOD AND DEVICE FOR AUTHENTICATION AND AUTHORIZATION CHECKING ON LBS IN WIMAX NETWORK - A device for performing authentication and authorization checking on Location-based service (LBS) in Wimax network comprises a location assessment module (LA) adapted to performing location assessment, a location coordination and control module (LC) adapted to initiate LBS assessment, location calculation; a memory included in AAA and adapted to store LBS subscription information; an authentication processing module included in AAA and responsible for LBS authentication; an authorization list memory included in LS; and an authorization checking module included in LS and responsible for authorization checking on MO MS. Present invention provides a method for authentication and authorization checking on LBS in Wimax network. This strengthens security for LBS in Wimax network, protects privacy right of subscribers to LBS, and fills up the blankness in the current Wimax standards.07-22-2010
20100180322SYSTEM AND METHOD FOR FLOATING PORT CONFIGURATION - A system and method automatically configures the interfaces of an intermediate network device. A discovery process operating at the device detects the identity or type of network entities actually coupled to the device's interfaces. Utilizing the identity or type of detected entities, a look-up is performed to obtain a configuration macro specially defined for each detected network entity. The retrieved configuration macros are executed and applied at the respective interfaces. During operation, the intermediate network device continues to monitor the identity and type of entities actually coupled to its interfaces. If a change is detected, such as an entity moving from a first to a second interface, the specially defined configuration macro for that entity floats from the first to the second interface where it is executed and applied.07-15-2010
20100162367PERSONAL CONTENT SERVER APPARATUS AND METHODS - Personal content server apparatus and associated methods that allow a user (e.g., cable or satellite network subscriber) to access content, such as a video program, from a location outside the subscriber's network. In one embodiment, a personal content server streams the content to the subscriber over a network connection from the local e.g., (subscription) network to a remote network upon authorization by a content manager process. Various access, business or operational rules are applied depending on the content and delivery mode; e.g., to live video broadcast, video-on-demand (VOD), or archived content from the subscriber's digital video recorder (DVR) or networked PVR. Secondary content (e.g., promotions, advertisements, etc.) can also be selectively replaced if desired in order to make the remotely delivered content more appropriate to the remote user's context.06-24-2010
20100263026METHOD OF OBTAINING PROXY CALL SESSION CONTROL FUNCTION ADDRESS WHILE ROAMING - The present invention provides a method for obtaining a proxy call session control function address, comprising when a terminal accesses an IP multi-media subsystem through a world interoperability for microwave access (WiMAX) network in roaming scenarios, a visited authentication, authorization, and accounting server (V-AAA) of the terminal retransmitting an access request message sent by an access service network (ASN) or a dynamic host configuration protocol (DHCP) or a home agent (HA) of said terminal to a home authentication, authorization, and accounting server (H-AAA) of said terminal after receiving the access request message, and H-AAA finally deciding whether the P-CSCF is located in a visited network or a home network according to a roaming protocol and visited network capability, and returning the determined P-CSCF address information, included by H-AAA in an access accept message corresponding to said access request message, to the sender of said access request message through V-AAA.10-14-2010
20100263025MEHTODS AND APPARATUS TO PROVIDE LAYERED SECURITY FOR INTERFACE ACCESS CONTROL - Example methods and apparatus to provide layered security for interface access control are disclosed. A disclosed example method includes receiving a connect message in a first server from a client application to access at least one server endpoint, in response to receiving the connect message, opening a session between the at least one server endpoint and the client application if the session is authorized to be opened, receiving a request from the client application to open an endpoint that provides at least one of read access, write access, or subscribe access to at least one resource, opening the endpoint within the open session after determining that the client application is authorized to access the at least one resource via the endpoint, receiving a request from the client application to assign a selection of the at least one authorized resource to the endpoint, assigning the at least one selected resource to the endpoint, and granting the client application access to the at least one resource via the endpoint.10-14-2010
20100263024METHODS, APPARATUS AND SYSTEMS FOR ACCESSING VEHICLE OPERATIONAL DATA USING AN INTELLIGENT NETWORK ROUTER - Systems and methods are provided that allow more efficient access to vehicle health maintenance information within a vehicle. In addition, it is desirable to provide remote access to the health information by a plurality of users.10-14-2010
20090055900ENTERPRISE WIRELESS LOCAL AREA NETWORK (LAN) GUEST ACCESS - In one embodiment, detecting a wireless network access request, forwarding data associated with the detected wireless network access request to a first multipoint Generic Routing Encapsulation (mGRE) tunnel, receiving authentication information associated with the detected wireless network access request, receiving authentication status information for the detected wireless network access request, and forwarding data associated with the detected wireless network access request to a second multipoint Generic Routing Encapsulation (mGRE) tunnel connected to a predetermined internet protocol (IP) subnet when the received authentication status information includes a successful authentication, are provided.02-26-2009
20100192203CONTENT DISTRIBUTION WITH INHERENT USER-ORIENTED AUTHORIZATION VERIFICATION - The invention relates to a method for verifying the use authorization of an access to a communications service (07-29-2010
20100192202System and Method for Implementing a Secured and Centrally Managed Virtual IP Network Over an IP Network Infrastructure - A method and system for establishing secure IP communication, through a virtual IP network, between at least first and second nodes comprise an access manager for validating a communication request, initiated by one of the at least first and second nodes, for communication between the at least first and second nodes. The access manager further grants at least one unique identifier to each of the at least first and second nodes upon successful validation. A channel provides for secure IP communication between the at least first and second nodes through the virtual IP network using their respective at least one unique identifier.07-29-2010
20090271846Method and Device to Suspend the Access to a Service - The present invention concerns a device and method for suspending and renewing the authorization to a wireless station to use a service on the device. The device comprises wireless communication means, a memory and at least one service for access by at least one station also comprising wireless communication means, means for authenticating the wireless station, means for authorizing the authenticated station to access one of the at least one service. The device comprises means for suspending the authorized station to access the service; and in response to a user request on the device, renewing the access authorization to the service by the suspended station, without requiring any user interaction on the station.10-29-2009
20100263028METHOD FOR ASSIGNING NETWORK ADDRESSES, NETWORK AND NETWORK NODE THEREOF - A method for assigning network addresses is provided. When a mobile node (MN) moves to an access domain (AN) of a visited network, the method, in the visited network, includes: receiving a network access request sent by the MN; determining a home network of the MN according to user information of the MN, and sending an authentication request to the home network for authenticating the MN; receiving an authentication response returned by the home network, where the authentication response includes a local home of address (L-HoA) for identifying the AN where the MN is currently located; and assigning a local care of address (L-CoA) to the MN, where the L-CoA identifies position information of the MN in the current AN. Correspondingly, a network and a network node are provided. Thus, technical solutions can implement address assignment when the MN moves.10-14-2010
20100263027Method, Apparatus and System for Providing and Reading Feed Files - A Rich Site Summary or Really Simple Syndication (RSS) server includes: a Feed generating module, adapted to generate a Feed file according to user data and content data; a authorization setting module, adapted to set content authorization of accessing contents of the Feed file according to authorization information provided by a user; and a Feed sending module, adapted to send the Feed file to an RSS reader on a client. A RSS reader includes: an obtaining module, adapted to obtain the Feed file; a resolving module, adapted to resolve content authorization of the Feed file; and a displaying module, adapted to display contents of the Feed file according to the content authorization information of the Feed file. A method for providing Feed files and a method for reading Feed files are also disclosed. With the present invention, the authorization of reading Feed files is filtered, and the user requirements are fulfilled.10-14-2010
20100186068COMMUNICATION APPARATUS, COMMUNICATION CONTROL METHOD, AND PROGRAM - When a process (07-22-2010
20100154036SYSTEM AND METHOD FOR ENCAPSULATION OF APPLICATION ASPECTS WITHIN AN APPLICATION INFORMATION DATA FORMAT MESSAGE - A method and system for processing a data request from a watcher for a target at a server, the method receiving a request for information; searching through a policy for rules to be applied based on the watcher; applying any rules found by the searching, the rule causing a transformation of the information into at least one aspect interpretable by the watcher, the applying utilizing a presence information data format transformation; and returning the at least one aspect incorporated in a presence information data format.06-17-2010
20120124649Attachment method and system for Id-Loc-Split in an NGN - This disclosure provides an attachment method and system for ID-Loc-Split in an NGN, to implement an attachment process for an IPSPLIT-based ID-Loc-Split in an NGN, which can be combined well with various existing functional entities in the NGN, wherein a user identification is represented by a Host ID, and during the attachment process, a user is located through the Host ID, and during an authentication process, a key authentication method is provided to the Host ID; when location of the user changes due to its mobility or multihoming, the Host ID does not change; the application and connection of the transport layer is bound to the user identification, such that the application and connection will not be interrupted, and an ongoing communication session and service will not be interrupted, which guarantees the security of attachment and seamless handover when the location of a host changes due to its mobility or multihoming.05-17-2012
20120124647METHOD AND APPARATUS FOR SMALL FOOTPRINT CLIENTS FOR OPERATOR-SPECIFIC SERVICE INTERFACES - Techniques for small footprint operator-specific network services include determining to obtain and/or process operator data that indicates an operator of a service associated with user equipment. The techniques also include determining to obtain and/or process user data that identifies a user of the user equipment for a gateway provider different from the operator and different from the user. The techniques further include determining to send, to the gateway provider through the communications network, a first message that indicates the operator data and the user data for obtaining a service with an operator-specific interface. In some embodiments, the first message is sent after a random delay to decentralize traffic at the gateway. In some embodiments, the first message is sent when a predetermined fraction of battery life at the user equipment is sufficient to send the first message.05-17-2012
20100218238Method and system for access control by using an advanced command interface server - A method and system for allowing one or more users controlled access to at least one server from a plurality of servers by using an advanced command interface (ACI) server. The method and system include receiving a command at the ACI server from the one or more users to access the at least one server. Further, the method and system include comparing the command and impact of the command with a predefined set of criteria, which includes a plurality of skill and role levels corresponding to the one or more users. Subsequently, the command is transmitted from the ACI server to the at least one server for processing at the at least one server. The command is transmitted based on the predefined set of criteria. Thereafter, a response of the processed command from the at least one server is received. Finally, the method and system include forwarding the response of the processed command to the one or more users.08-26-2010
20090077635METHOD, APPARATUS AND SYSTEM FOR NETWORK SERVICE AUTHENTICATION - The invention discloses a method for network service authentication. The method includes: an AAA server receiving a network service authentication request which contains a user access device identifier; the AAA server determining whether the user is allowed to use the requested network service according to the user access device identifier and a preset correspondence between user access device identifier(s) and network service(s). The invention also discloses an apparatus and system for network service authentication. Based on the invention, a user's right to use the network service may be authenticated according to the user access device.03-19-2009
20100154035Personalized Interaction Using Codes - A method and nodes adapted to provide personalized multimedia services for users having registered a media player (06-17-2010
20100154034CREATING METHOD, INFORMATION INTRODUCING SYSTEM, CREATING APPARATUS, COMPUTER PROGRAM, AND RECORDING MEDIUM - There are provided a method and others capable of appropriately protecting literary works without requiring any operation by a web site administrator or a user. A web server transmits a content, copyright information on the content, and execution information for introducing the content to a creation device. The creation device receives the transmitted content, copyright information, and execution information. When the content is introduced in association with the transmitted execution information, the creation device extracts the copyright information on the transmitted content and transmits the address of the content and the extracted copyright information to a creation program for creating a web page.06-17-2010
20100235889APPLICATION PRODUCTS WITH IN-APPLICATION SUBSEQUENT FEATURE ACCESS USING NETWORK-BASED DISTRIBUTION SYSTEM - An improved system, device and method for accessing features of digital products with assistance from a product distribution site are disclosed. In one embodiment, a user of a client device may have previously acquired rights or permissions to access one or more supplemental features of one or more digital products (e.g., application programs). Typically, a user would purchase an application program and then sometime later also purchase supplemental features for use with the application program. In one implementation the supplemental features can be purchased using the application program with the assistance of a remotely located product distribution server. Sometime thereafter, in some cases, the user desires to make use of such previously acquired one or more supplemental features on another client device. For example, the user may wish or need to transfer from a former client device to a new client device. As another example, the user may wish to utilized (e.g., share) such previously acquired one or more supplemental features with another client device associated with the user, such as another client device within user's account.09-16-2010
20120036561METHODS AND SYSTEMS FOR SECURELY MANAGING VIRTUALIZATION PLATFORM - Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.02-09-2012
20120036558SECURE ACCESS MANAGEMENT AGAINST VOLATILE IDENTITY STORES - Embodiments of the present invention are directed to managing access to protected computer resources. More particularly, embodiments of the present invention provide systems and methods for modifying a user's ability to access a protected computer resource while the user is currently using the resource. If the privileges granted to a user for accessing the protected resource are altered, these alterations take effect in substantially real time. In an exemplary embodiment, a user data repository will initiate the process of altering the user's access privileges upon changes of data in the repository. In this way, it does not matter how or by whom the data in the repository is changed, but the change itself is sufficient to initiate a re-computation of a user's access privileges to the protected resource.02-09-2012
20100229221SYSTEM AND METHOD FOR CREATING A SECURE TRUSTED SOCIAL NETWORK - A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer- based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner.09-09-2010
20100205655NETWORK ACCESS CONTROL SYSTEM AND METHOD - A network access control system includes an information device that has access to a relay device which relays communication in a communication network, by the use of access information, and performs communication via the relay device, and a management unit that finds information devices, wherein when the found information device has no access to the relay device and is a second information device which is allowed to have access to the relay device by a first information device, the management unit transmits the access information to the second information device without a request for authentication.08-12-2010
20100218239Digital Content Counting System and Method - A digital content counting system and a method thereof are provided for achieving the credible transaction counting mechanism established between the owner of copyrights and the seller, to make the owner of copyrights and the seller collectively confirm the transaction information of the digital contents. The system comprises a sale subsystem, an authorization service subsystem and a transaction clearing subsystem; the sale subsystem and the authorization service subsystem authenticate each other; the transaction clearing subsystem and the authorization service subsystem authenticate each other; the transaction clearing subsystem authenticates the sale subsystem; the sale subsystem generates transaction request information according to a purchase list, sends the transaction request information to the authenticated authorization service subsystem, and records transaction success information; after receiving and confirming the transaction request information, the authorization service subsystem sends transaction success information to a client device, the sale subsystem and authenticated transaction clearing subsystem, sends an approach for obtaining an authorization file to the client device, records the transaction request information, and issues the authorization file; the transaction clearing subsystem records the transaction success information.08-26-2010
20100229218QUOTA MANAGEMENT FOR NETWORK SERVICES - A system and method for managing requests for system resources from a plurality of users. Usage data is maintained for each user with respect to a user quota and a system quota. Aggregate system usage data is also maintained. A user request is checked for compliance with a user quota. The request is checked for compliance with a system quota. If either quota is not complied with, a hint that indicates when to send a next request is determined and sent to the user. Compliance with the system quota may include use of a reservation system, in which the allowance of a request may be based on a user's system usage data, so that a user with lower usage is more likely to have a request accepted when the system is loaded.09-09-2010
20100211998System, Apparatus and Methods for Storing Links to Media Files in Network Storage - When a user purchases digital rights to a media file, or otherwise obtains the right to have a copy of the media file downloaded to the user's wireless device, a link to the media file that is stored in the media database is stored in a user storage database. When the user desires to have the media file downloaded to the user's wireless device, the user sends a request to the network. The network performs a check to determine whether the user is authorized to receive the requested media file, and if so, causes the requested media file to be downloaded to the user's wireless device where the media file is stored in the local memory of the wireless device for playback by the user on the wireless device.08-19-2010
20100211995COMMUNICATION SYSTEM, RELAY APPARATUS, TERMINAL APPARATUS AND COMPUTER READABLE MEDIUM - Authentication information for each communication destination and communication condition information are stored so as to be associated with each other in accordance with each communication destination designated by a request accepted by a server apparatus. Communication permission information containing authentication information of the communication destination is accepted from a requester. Communication condition information associated with authentication information contained in the accepted communication permission information is acquired. Determination is made as to whether or not communication requested by the requester is consistent with a condition indicated by the acquired communication condition information. When determination is made that the communication requested by the requester is consistent with the condition indicated by the acquired communication condition information, the communication from the requester is relayed to the requested communication destination via a virtual service private line which is set in advance.08-19-2010
20100146598Method, System and Apparatus for Processing Rights - A method for processing rights granted to an operator of a device or a group of devices using a rights object, wherein the method comprises at least the steps of receiving a rights object from the computer of a third party, generating at least one derived rights object based on the rights object received from the computer of the third party, and forwarding the at least one derived rights object to the device or individual devices from the group of devices. A system is provided which operates in accordance with the method. An apparatus that performs the method is also provided.06-10-2010
20100146597CONTENTS RETRIEVAL SYSTEM AND CONTENTS RETRIEVAL METHOD - In a contents retrieval system, when a publisher terminal uploads shared contents to a shared server, the shared server stores the shared contents in a contents area of a contents database, a partial data formation section forms partial data specifying the shared contents and stores the formed partial data in a partial data area, and a URL generation section forms a URL linked to the shared contents and stores the URL in a URL area. When the contents retrieval section receives partial data from the retriever terminal, it collates the received partial data with the partial data in partial data area of the contents database. When the partial data is found, the contents retrieval section replies a URL of the corresponding shared contents to the retriever terminal.06-10-2010
20100146595NETWORKING COMPUTERS ACCESS CONTROL SYSTEM AND METHOD - A method, system, and device for controlling access for networking computers or devices, including a controller (06-10-2010
20100242096MANAGING CONNECTIONS IN A DATA STORAGE SYSTEM - Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device.09-23-2010
20100242098NETWORK ATTACHED DEVICE WITH DEDICATED FIREWALL SECURITY - Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorized, and only if the request for network access is authorized, providing the network client with network access to the NAD.09-23-2010
20100251342COMMUNICATION APPARATUS, CONTROL METHOD FOR THE COMMUNICATION APPARATUS, AND STORAGE MEDIUM - In an apparatus, if it is detected that a condition is met to switch the apparatus from the normal power mode to a power saving mode that consumes less power than the normal power mode, a communication speed for the apparatus to communicate via a network is changed, an authentication process is executed, and the apparatus is switched from the normal power mode to the power saving mode when the authentication process is completed.09-30-2010
20110239277Method for Managing Computer Network Access - A client computer initiates a first communication session at a first network address and receives therefrom a second network address. The client computer then initiates a second communication session at the second network address and receives therefrom an access configuration including a control setting for a communication protocol capable of being utilized during a third communication session. Concurrent with the second communication session, the client computer initiates a third communication session at a third network address whereupon the conveyance of data to or from an instantiated process on the client computer via the third communication session is controlled based on the control setting for the communication protocol.09-29-2011
20100235888IMAGE FORMING APPARATUS, FUNCTION EXTENDING METHOD AND USER AUTHENTICATION SYSTEM - An image forming apparatus includes an user authentication part 09-16-2010
20100235887SYSTEM AND METHOD FOR QUEUING TO A CLOUD VIA A QUEUING PROXY - System and method for servicing queue requests via a proxy are described. In one embodiment, the system includes an enterprise queuing proxy (“EQP”) disposed within an enterprise computing environment and having an enterprise queue associated therewith; a cloud queuing proxy (“CQP”) disposed within a cloud computing environment, the CQP connected to a plurality of cloud queues each having associated therewith at least one queue service process listening on the cloud queue for queue requests to service; and a secure communications mechanism for interconnecting the EQP and the CQP. Upon receipt of a queue request from an enterprise service, the EQP evaluates the request against policy to determine whether to service it locally or remotely and, if the request is to be serviced remotely, forwards the request to the CQP via the secure communications mechanism. Upon receipt of the request, the CQP evaluates the queue request against policy to select one of the cloud queues to which to route the queue request for servicing.09-16-2010
20100235886AUTOMATED RELATIONSHIP MANAGEMENT FOR ELECTRONIC SOCIAL NETWORKS - A computer-implemented method of automatically managing relationships between a plurality of users within an electronic social network. The method includes monitoring interactions between the plurality of users in relationships within the electronic social network over time, and obtaining interaction information associated with the monitored interactions, and automatically updating and managing access privileges of users based on the obtained interaction information, to access profile information of respective users. The method ensures automated, adequate and dynamically changing representation of relationships in an ESN system, thereby greatly increasing the value of the ESN system to the user and ways to pro-actively maintain and improve existing relationships or prevent them from decaying.09-16-2010
20100235885Secure Client-Side Aggregation of Web Applications - A web browser client includes an aggregated web application runtime environment that controls access by a program fragment of an aggregated web application to a resource therein based upon the originating domain of the program fragment. To do so, the aggregated web application runtime environment appends an access attribute to the Document Object Model (DOM) node associated with the resource. This access attribute is associated with a plurality of access rights definitions where each access rights definition defines a set of access rights to the resource for program fragments originating from a domain with a specific access rights status. Accordingly, the aggregated web application runtime environment sets one or more access rights statuses of the originating domain of the program fragment, and thereafter, grants or denies the program fragment access to the resource based upon one or more sets of access rights defined for that program fragment.09-16-2010
20090106824Method of Securing Access to a Proximity Communication Module in a Mobile Terminal - A method of securing access to a near-field communication module (04-23-2009
20100211997AUTHENTICATING USER SESSIONS BASED ON REPUTATION OF USER LOCATIONS - User sessions are authenticated based on locations associated with a user account used for sending a request for creating a session. Examples of locations of a source of a request include a geographical location, a network address, or a machine cookie associated with a device sending the request. Locations of the request are compared with stored safe locations associated with the user account and a suspiciousness index is determined for the session. The level of authentication required for the session is determined based on the suspiciousness index. Locations are associated with a reputation based on past history of sessions originating from the locations. A location associated with a history of creating suspicious session is considered an unsafe location. Reputation of the location originating the session is used to determine the level of authentication required for the session.08-19-2010
20100211996PREVENTING PHISHING ATTACKS BASED ON REPUTATION OF USER LOCATIONS - User sessions are authenticated based on locations associated with a user account used for sending a request for creating a session. Examples of locations of a source of a request include a geographical location, a network address, or a machine cookie associated with a device sending the request. Locations of the request are compared with stored safe locations associated with the user account and a suspiciousness index is determined for the session. The level of authentication required for the session is determined based on the suspiciousness index. Locations are associated with a reputation based on past history of sessions originating from the locations. A location associated with a history of creating suspicious session is considered an unsafe location. Reputation of the location originating the session is used to determine the level of authentication required for the session.08-19-2010
20100251336FREQUENCY BASED AGE DETERMINATION - Human ability to perceive higher audio frequencies diminishes with age. Functionality can be implemented to use a combination of audio tones with varying frequencies to identify an age range to which a user belongs and accordingly control access to age dependent access controlled information and services. The user's ability to perceive one or more audio tones in the combination of audio tones depends on the user's age. Thus, different users, depending on the users' age, may perceive the same combination of audio tones differently. Such an age verification system based on human perception of audio tones can minimize the need for identification cards and a reliance on the user providing accurate age information. This can prevent the user from misinterpreting his/her age to access the age dependent access controlled information and can ensure that only an authorized user gets access to the age dependent access controlled information.09-30-2010
20100251344CONTROLLING ACCESS TO NAME SERVICE FOR A DOMAIN NAME SYSTEM - A system and method is provided for using a DNS server operating on a wide area network to enable an authorized reception device to receive (or be provided with) restricted content data associated with a particular wide area network address and redefine the domain name associated with a particular wide area network address. In a preferred embodiment of the present invention, an authorization application is adapted to provide the reception device with user-verification data, receive from the reception device verification data, and provide the filtering application with authorization data. The filtering application, which operates similarly to prior art DNS server systems, is further adapted to receive filtered data (i.e., password-required data and/or pseudo-domain-name data) and authorization data in order to provide an IP address of the content server to the reception device via a wide area network, such as the Internet.09-30-2010
20100251343METHOD AND SYSTEM FOR TRANSMITTING AUTHENTICATION CONTEXT INFORMATION - A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.09-30-2010
20100251341LOGIN PROCESS APPARATUS, LOGIN PROCESS METHOD, AND PROGRAM - An authority group definition (09-30-2010
20100251339Managing Security Groups for Data Instances - Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.09-30-2010
20100251338Predictive HTTP Authentication Mode Negotiation - A client system and a server system use a Hypertext Transfer Protocol (HTTP) authentication mode preference header to negotiate an HTTP authentication mode. The client system sends an HTTP request to the server system. In response to the HTTP request, the server system sends an HTTP response to the client system. The HTTP response includes an HTTP authentication mode preference header. The HTTP authentication mode preference header indicates whether a preferred HTTP authentication mode is connection-based HTTP authentication or request-based HTTP authentication. In subsequent HTTP requests to the server system, the client system uses the HTTP authentication mode indicated by the HTTP authentication mode preference header.09-30-2010
20100251337SELECTIVE DISTRIBUTION OF OBJECTS IN A VIRTUAL UNIVERSE - A method, product, and system are directed to selective distribution of a virtual universe in a virtual universe. In one embodiment, permission is granted to access the virtual universe, whereby a user navigates to a region. Metadata is detected in a user's profile. A virtual universe object is detected in the region. The virtual universe object includes a tag, which includes one or more fields. The tag and the metadata are compared. A level of similarity is detected between the tag and the metadata in the user's profile. Responsive to detecting the level of similarity between the fields included with the tag and the metadata in the user's profile, the virtual universe object is presented to the user. Either an acceptance or a rejection of the virtual universe object is received. Responsive to receiving an acceptance, the virtual universe object is included in the user's inventory.09-30-2010
20090049522SYSTEMS AND METHODS FOR MANAGING AND DISTRIBUTING USER PROFILES FOR SURGICAL SYSTEMS - A medical system is presented, where the system includes a medical profile directory configured to maintain a set of medical system profiles, a medical profile manager configured to update and maintain medical system profiles within the medical profile directory, and a server configured to interface with the medical profile manager to facilitate medical system profile maintenance. The server is configured to transmit information from at least one medical system profile to a surgical system, thereby enabling the surgical system to employ a current operational parameter within the medical system profile desired by a user.02-19-2009
20110016512METHOD FOR AUTHORISING A CONNECTION BETWEEN A COMPUTER TERMINAL AND A SOURCE SERVER - The disclosure relates to a method and a system for authorising a connection between a computer terminal and a source server, including an initialisation phase wherein: 01-20-2011
20100138901Managing Online Shop Using Instant Messaging System - A method and a system for managing an online shop use an instant messaging system to allow an auxiliary account to log in and manage an online shop of a primary account user. The primary account user creates an online shop in an online shop server, and associates itself with one or more auxiliary accounts in an instant messaging system. Upon authorization by primary account user to allow an auxiliary account to manage the online shop, the system records an authorization relation between the auxiliary account and the primary account. The authorization relation may be recorded in the instant messaging system. Based on the recorded authorization relation, the system allows a user of the authorized auxiliary account to manage the online shop system through the instant messaging system. An instant messaging server serving for this purpose is also disclosed.06-03-2010
20100122322METHOD FOR ADMISSION CONTROL OF MULTIPLE SERVICE FLOWS PAGING IN MOBILE PACKET DOMAIN - A method for paging admission control for multi-service flows in a mobile packet domain is provided and comprises steps of when authentication of a mobile station accessing a connectivity service network through an access service network succeeds, assigning a service flow paging strategy for a downlink service flow of the mobile station, and sending the service flow paging strategy to the access service network; receiving, by the access service network, downlink data of a mobile station in IDLE state from a home agent, searching for a downlink service flow to which the downlink data belong, and judging whether the service flow admits paging according to the service flow paging strategy, and if yes, initiating a paging flow triggered by the downlink data.05-13-2010
20100138902STANDING ORDER DATABASE SEARCH SYSTEM AND METHOD FOR INTERNET AND INTRANET APPLICATION - An internet and/or intranet based database search system and method for conducting searches of highly confidential records such as individual patient medical records and to automate the process of securing required approvals to make such records available to a properly authorized and authenticated requesting party. The system's central premise is that the patient has a fundamental right to the confidentiality of their personal medical records and should control that right through specific, informed consent each time that a party requests to receive them. It reinforces the widely held conception of privacy in general as well as of the sanctity of the doctor/patient relationship by granting the doctor the right, subject to the patient's express permission, to initiate a search request. At the same time, it provides an expedited and cost-efficient means for transfer of such records as demanded by many healthcare reform proposals and gives the repositories where these records are held the right to stipulate the specific terms and conditions that must be fulfilled before they will release documents entrusted to their care, thereby substantially reducing the risk of litigation alleging breaches of patient confidentiality. And it carries out all of these legitimate interests in a way that is fast, simple to use and easy to audit. The system optionally includes a billing mechanism to pay for any added cost associated with providing this additional protection; and in its preferred embodiment, is applicable to both digital as well as non-digital records.06-03-2010
20080301780ACCESS CONTROL NEGATION USING NEGATIVE GROUPS - The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.12-04-2008
20100095356SYSTEM AND METHOD FOR SETTING UP SECURITY FOR CONTROLLED DEVICE BY CONTROL POINT IN A HOME NETWORK - A system and method for setting up security of a controlled device by a control point in a home network are provided, in which authority to perform a function intended by a user is acquired through authentication between the control point and the controlled device, a security channel is created for performing the function, and a credential setting used by the user is synchronized among controlled devices in the home network.04-15-2010
20110113475NODE FOR A NETWORK AND METHOD FOR ESTABLISHING A DISTRIBUTED SECURITY ARCHITECTURE FOR A NETWORK - The invention relates to a node (05-12-2011
20100100943Permissions using a Namespace - Permissions using a namespace is described. In an embodiment, a namespace system includes a network resource that has a resource permission, and includes a namespace that has one or more members associated with the namespace. The namespace system also includes a namespace permission to permission the network resource to one or more of the members of the namespace.04-22-2010
20100088749SYSTEM AND METHOD FOR PERSONAL AUTHENTICATION USING ANONYMOUS DEVICES - A system and method for providing personal authentication is provided. The method comprises the steps of prompting a user of an electronic communication device to provide transaction or session input; establishing a session if the transaction or session input is valid; requesting electronic communication device to establish communication with one or more identity modules and one or more anonymous devices in the vicinity, if the electronic communication device is authorized; interrogating one or more identity modules and one or more anonymous device via electronic communication device and authentication server, after the communication is established between the electronic communication device, one or more identity modules and one or more anonymous devices; and activating the electronic communication device if the one or more identity modules and one or more anonymous devices are authenticated by the authentication server.04-08-2010
20110113474NETWORK SYSTEM SECURITY MANAGMENT - A network system loads operating system (OS) software that includes a switch role tool (SRT). The SRT provides the network system with security management capability that employs a hostname attribute within a user role definition. The user role definition provides for user restrictions to database information and other user actions within the network system. During a user login or switch role command, the security management method interrogates the login location or hostname of the login along with the user request. If that login meets the criteria that the network system stores as a user role attribute for that particular user, the network system allows the login request and action. If that login does not meet the criteria that the network system stores as a user role attribute for that user, the network system denies the login request. The network system grants the user an access privilege level that varies with the determined location or hostname from which the user attempts to login.05-12-2011
20090328158METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR PROVIDING SOFTWARE APPLICATION INVITATION - An apparatus for providing software application invitations may comprise a processor. The processor may be configured to receive an achievement in a software application and formulate at least one invitation to execute the software application. The processor may further be configured to send at least one invitation to at least one invitee. The invitation may include a means to access at least a portion of the software application. Associated methods and computer program products may also be provided. Also, apparatus, methods, and computer program products for processing received software applications invitation may be provided.12-31-2009
20090328157SYSTEM AND METHOD FOR ADAPTIVE APPROXIMATING OF A USER FOR ROLE AUTHORIZATION IN A HIERARCHICAL INTER-ORGANIZATIONAL MODEL - A system and method are provided for adaptive approximating of a user for role authorization in a hierarchical inter-organization model. The system includes an authorization redirector for receiving a request for an access control decision for a user. The system further includes an adaptive authorizer for dynamically determining, at run-time, a user role approximation for the user responsive to the request. The user role approximation is based on at least one of a system state and a system goal corresponding to a hierarchical inter-organizational model.12-31-2009
20100199331User profile or user account association with multiple computers - A method of switching a network access configuration associated with a first electronic system to a second electronic system via a network is described. The first electronic system is inoperable. The second electronic system replaces the first electronic system such that a user seamlessly transitions from the first electronic system to the second electronic system. The user continues to access the network resources using the second electronic system rather than the first electronic system.08-05-2010
20090254980METHOD OF PROVIDING ACCESS RIGHTS BASED ON DEVICE PROXIMITY AND CENTRAL ACCESS DEVICE USED FOR THE METHOD - Provided is method of providing access rights based on device proximity and central access device used for method. Method of providing access rights to mobile device includes: determining proximity showing how close mobile device is to central access device when mobile device connects to central access device in home network; and granting access right to mobile device according to determined proximity. Access rights used for protecting contents of various devices in home network can be seamlessly controlled, and in network, identity of person (identified by his/her device) can be generated and his/her access right can be properly controlled. In addition, there is no need to concern about leakage of data beyond the house and there is no need to try to change anything of set parameters for this purpose, and there is no need to try to protect data in a ubiquitous information network.10-08-2009
20090328156WORKFLOW BASED AUTHORIZATION FOR CONTENT ACCESS - The present invention extends to methods, systems, and computer program products for workflow based authorization for content access. A workflow can be triggered when a protection policy does not fully express an intended recipient's rights in protected content. A workflow processes relevant inputs to more fully express the intended recipient's rights in protected content. Workflows can provide policy item updates and authorizations decisions with respect to protected content. Through the use of workflows to make an authorization decision, access to information can become more flexible, allowing it to follow the desired flow of information throughout its lifecycle. This flexibility allows organizations to protect their information without worrying about the protection stopping the natural flow of business.12-31-2009
20090328155Master device for controlling application security environments - Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by using a slave device that will enable or disable protection for applications as required. The device supports one or more users, none or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges the processes running in that Application Security Environment have while that Application Security Environment is in that state.12-31-2009
20090328154ISOLATION OF SERVICES OR PROCESSES USING CREDENTIAL MANAGED ACCOUNTS - This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis.12-31-2009
20090328153USING EXCLUSION BASED SECURITY RULES FOR ESTABLISHING URI SECURITY - A solution for controlling access to Uniform Resource Identifier (URI) identified resources can receive a request for a resource identified by a URI. The URI associated with the request can be compared against at least one previously established security rule. The security rule can include an exclusion comparison operator and a regular expression defining a pattern. A determination as to whether to grant a requester access to the resource can be based at least in part upon results of the comparing of the URI against the previously established security rule.12-31-2009
20090328152METHOD OF ACCESS CONTROL IMPLEMENTED IN AN ETHERNET SWITCH - An access control system, having at least one access control unit for securing a physical area and controlling entry into and egress out of the physical area, and an Ethernet routing device, is disclosed. The Ethernet routing device includes an access controller for determining access privileges to the physical area; an Ethernet switching unit for directing network communications between multiple network devices; at least one Ethernet connector for connecting the at least one access control unit to the Ethernet routing device; and an access control message interpreter for reading messages received, by way of the Ethernet connector, from the at least one access control unit and providing access control information contained in the messages to the access controller for access privilege determination.12-31-2009
20090276833Provisioning Data Storage entities with Authorization Settings - A method and system for generating authorization settings that indicate whether host administrators using a host-based storage-management application are authorized to perform provisioning operations on data storage entities residing on a data storage system are disclosed. Accordingly, a storage-management application receives from an administrator an authorization setting indicating on a per-user basis a set of provisioning operations which can be performed with a data storage entity via the storage-management application. The authorization settings are then communicated from the host-based storage-management application to the storage system where the data storage entity resides, and the authorization settings are stored. A storage-management application executing on any host can then utilize the authorization settings to control which users are allowed to interact with certain data storage entities, and what specific interactions (e.g., provisioning operations) are allowed.11-05-2009
20110067090IMAGE DATA FORMING APPARATUS - An image data forming apparatus includes: an image data forming unit configured to form image data; a user authentication information forming unit configured to form user authentication information; a storage unit storing a program configured to be executed by a destination device to determine whether or not to permit outputting the image data from the destination device based on the user authentication information; an image file forming unit configured to form an image file including the image data, the user authentication information, and the program; and a communication control unit configured to transmit the image file to the destination device.03-17-2011
20090320102Methods for Distributing Information Using Secure Peer-to-Peer Communications - A method for providing access to secure peer-to-peer communications to a device can include receiving a request to join an interest group. The request can include a device identification number of the device. The method can further include determining access rights for the device. The access rights can include permission to access shared messages of the interest group. Additionally, the method can include providing an access key to the device. The access key can enable the device to access shared messages of the interest group.12-24-2009
20090320104Communications Network with Smart Card - Methods and systems are disclosed to enable a smart card having relatively low data rate and low computational power to control a high data rate communications channel without degradation of performance. The smart card and an associated monitor/interface, which can be implemented in a network access device, are interposed between transmitting and receiving nodes in a network, and configured to intervene when conditions of rules stored in the smart card are met. For example, the smart card can intervene when a packet header indicates sufficient change in information, such as the exceeding of a predefined threshold or a requirement for user authorization/authentication. In one mode of regulating packet flow, the smart card selectively enables or disables packet transmission, reception, or both, according to the rules stored therein. In another mode, the smart card, upon activation, provides rules and modifications for packet data, headers, or both. The rules and modifications can implement communication policies of the entity providing communication services to the user of the services, and can be stored in the smart card to prevent alteration or tampering.12-24-2009
20090320103EXTENSIBLE MECHANISM FOR SECURING OBJECTS USING CLAIMS - An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.12-24-2009
20090320101SYSTEM AND METHOD FOR AUTHENTICATING USERS IN A SOCIAL NETWORK - A system and method is provided that authenticates the identity of the person behind a username and stores that information in a manner that allows a first person communicating on a social network with a second person to confirm that the identity of the second person is known and authenticate without requiring the second person to reveal identity information (other than their user name/screen name) to the first person and vice versa.12-24-2009
20100223659METHOD AND SYSTEM FOR ENSURING AUTHORIZED OPERATION OF A COMMUNICATION SYSTEM AS A SECONDARY USER - A communication system (09-02-2010
20120246705Object-Based Access Control for Map Data - Embodiments allow access to geographic data objects on a per-object basis. A client may send a plurality of requests for geographic data to display within a view frustum. Map data may include a layer with a plurality of assets. Each request may be authenticated by an access control filter, which determines whether the user is authorized to view the data requested.09-27-2012
20120246703EMAIL-BASED AUTOMATED RECOVERY ACTION IN A HOSTED ENVIRONMENT - Email-based recovery actions may be provided. A request from a user to perform an action may be received. If the user is determined not to have permission to perform the action, a message may be sent to a second user to approve the requested action. If the second user approves the requested action, the requested action may be performed.09-27-2012
20120246702SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR ACCESS AUTHENTICATION - According to one aspect of the present disclosure, a method and technique for access authentication is disclosed. The method includes: responsive to receiving an access request from a user for a secure resource, logging an Internet Protocol (IP) address of the access request; transmitting a uniform resource locator (URL) to the user via an electronic mail message; responsive to receiving a request for the URL, logging an IP address corresponding to the URL request; and responsive to validating the IP address corresponding to the URL request with the IP address of the access request, providing access to the secure resource.09-27-2012
20090113524VIRTUAL UNIVERSE ACCOUNT PROTECTION - A protection mechanism(s) for a virtual universe account maintains integrity of the virtual universe account as well as the virtual universe. An avatar associated with a virtual universe account may be misappropriated and/or used inappropriately by a non-comporting user against the wishes or without the knowledge of the virtual universe account owner. A non-comporting user (i.e., a user not authorized to use the virtual universe account, an authorized user who misuses a virtual universe account, etc.) can use an avatar to perform potentially damaging and/or damaging activities in the virtual universe (e.g., destroy property, impact reputation associated with the virtual universe account, reduce value of the virtual universe account, etc.) Embodiments of the inventive subject matter detect when a user misappropriates and/or misuses a virtual universe account (i.e., detects a non-comporting user), and attempts to restore state of the virtual universe prior to the misuse and/or misappropriation.04-30-2009
20090113522Method for Translating an Authentication Protocol - A method of translating messages conforming to a first authentication protocol into messages conforming to a second authentication protocol during an authentication phase in which a peer, having an identity and seeking to access a resource of a network, is connected to an authenticator, said authenticator authorizing access to the network as a function of verification of the identity and rights of the peer effected by an authentication server as a function of authentication data received in messages conforming to the second authentication protocol. The translation method comprises: a step of receiving the identity of the peer in a message conforming to the first authentication protocol, a step of generating and sending a challenge, a step of receiving a first response that is a response to said challenge, generating a request for access to the network conforming to the second authentication protocol, and sending said request to the authentication server, a step of receiving a second response that is a response to said request and translating the second response to generate an authentication result conforming to the first authentication protocol.04-30-2009
20090113523TECHNIQUES FOR FLEXIBLE RESOURCE AUTHENTICATION - In various embodiments, techniques for flexible resource authentication are provided. A principal attempts to login to a target resource using first credentials. The target resource does not recognize the first credentials and in response thereto forwards the first credentials to an identity service. The identity service authenticates the principal via the first credentials and supplies second credentials to the target resource. The target resource recognizes and authenticates the second credentials and grants access to the principal.04-30-2009
20080282325Aaa Support for Dhcp - A basic idea is to use the AAA infrastructure to assign (S11-13-2008
20100223661Method, system, and apparatus for processing access prompt information - A method, system, and apparatus for processing access prompt information in an IP session are disclosed. The method includes: managing the state of an IP session in an IP session process, and providing access prompt information of the IP session, where the access prompt information includes an IP session termination cause, or advertisement information or accounting information of the IP session, or any combination thereof; adding the access prompt information to an IP session control signaling message; and sending the IP session control signaling message that carries the access prompt information to a receiver so that the receiver can perform corresponding operations according to the access prompt information.09-02-2010
20100223660PROVIDING MULTIMEDIA CONTENT WITH TIME LIMIT RESTRICTIONS - Users are provided limited access to multimedia programs. An administrator may require users to log in to begin a multimedia distribution session (e.g., a television program viewing session). The administrator may designate that certain users may access multimedia content only for an allotted amount of time during an approved viewing period. The administrator may also designate that a maximum amount of rollover time is carried to a future tracking period if an allotted amount of viewing time is not fully used for any tracking period.09-02-2010
20100223658Systems and Methods of Handling Access Control Violations - Systems and methods of reporting access violations in a network device are disclosed. One such method comprises setting a forwarding index field in a specific entry of an access control list (ACL) to reference a specific forwarding table entry (FTE). The specific FTE is the only FTE associated with reporting access violations. The method further comprises setting a next destination field in the specific FTE to indicate a copy-to-processor behavior. The method further comprises setting the next destination field in the specific FTE to indicate a drop behavior. The setting of the next destination field is responsive to a timeout on a timer associated with reporting access violations.09-02-2010
20080276304Method and System for Handling Content Delivery in Communication Networks - A system for handling transactions in a communication network, wherein the transactions include at least one technology-dependent request for a given content made by a requester to at least one server. The system operates based on an access content list including permit/deny access clauses regulating access of the requesters to the contents by the server. A processing module, configured for detecting the technology-dependent request, and extracting therefrom information identifying the requester making the request and the content requested, is provided. A corresponding technology independent access content entry, adapted to be checked against the access content list to derive permit/deny information concerning the request detected, can thus be generated. The request is handled as a function of the permit/deny information derived and thus, e.g., forwarded toward the server or either dropped or forwarded to an alternative destination. Access to the various contents delivered is thus controlled in a manner that is independent of the specific technologies used for delivering the media contents.11-06-2008
20080271124Secure Computer Use System - Methods and apparatus for ensuring the computer security of users of a computer system are described. A user is allocated a security grading relating to how secure their computer system (10-30-2008
20120144456METHOD OF RECEIVING, STORING, AND PROVIDING DEVICE MANAGEMENT PARAMETERS AND FIRMWARE UPDATES TO APPLICATION PROGRAMS WITHIN A MOBILE DEVICE - The present invention is a method for the efficient persistent storage of Device Management (DM) information on a mobile device. More specifically, the present design provides methods for applications to access and update this information consistent with the Open Mobile Alliance (OMA) DM standard.06-07-2012
20120144455AUDIO BASED HUMAN-INTERACTION PROOF - A method and system for allowing access to computer functions such as websites that utilizes a user's ability to recognize sounds is described. The method presents a user a series of sounds. Some of the sounds presented in the series are labeled as validation sounds. The user is asked to provide an input every time he or she hears the validation sound. The user must identify the sound within a specified length of time. The system disclosed comprises a user interface, a sound database module, a generation module, and a sound database module. The generation module creates the validation test file and expected answer. The answer confirmation module checks the input from the requesting computer and provides access to the computer function if the computer input from the requesting computer meets the required parameters.06-07-2012
20120144452MANAGED DISSEMINATION OF LOCATION DATA - A location provider manages dissemination of location data of a user to one or more third-party services, so that the user can take advantage of services offered by the third parties, without the associated burden of continuously granting or denying requests by the third party services to obtain location data of the user. A third-party service can obtain location information of a user from the location provider. Users may control circumstances in which the location provider is to share location data of the user with the one or more third-party services.06-07-2012
20090106822Using social networks while respecting access control lists - Techniques are described for use with social networks and associated access information, such as access control lists, indicating which users are allowed to access the social networks. The social networks represent relationships between users. The social networks and access control lists may be represented in a graph which is traversed in connection with performing different operations using the social networks.04-23-2009
20090106823System and method for remote access data security and integrity - A system and method for locating and accessing remote data over a computer network that provides data security and integrity. The system includes at least one data server located in a first region, at least one data server located in a second region, a first indexing and network management server providing authentication services for the at least one data server located in the first region, a second indexing and network management server providing authentication services for the at least one data server located in the second region, and a central registration server providing authentication services to the first and second indexing and network management servers, including maintaining valid public key certificates for each indexing and management server. A local server is authenticated by its regional indexing and management server, which provides an authentication passport to indexing servers, on behalf of the local server. Thus, a local server can be authenticated to remote data servers and can request information from the remote data servers. Methods of authentication and data integrity are also provided.04-23-2009
20090037983USER-CENTRIC AUTHENTICATION SYSTEM AND METHOD - A system for authenticating a user in a network. The authentication system includes a computer resource having secure data, an authentication computing system providing dynamic authentication of a user accessing the computer resource, and a user communication device for communicating between the user and the computer resource. The computing system presents a challenge for which a specified response is required based upon a pre-determined function. Access is then granted by the computing system upon providing the correct response to the presented challenge by the user.02-05-2009
20100306823Method and Apparatus for Controlling the Number of Devices Installed in an Authorized Domain - The number of devices installed in an Authorized Domain is controlled by a master device functionality. This master devices stores ceiling values for the total number Totaljimit of devices to be installed in the AD; the total number Localjimit of devices to be installed in a local proximity with the master device and the total number Remotejimit of devices to be installed remotely from said master device. The master device also stores current values of the number Local_count of devices installed in the AD in local proximity with the master device; and the number Remote_count of devices installed in the AD remotely from said master device. When a new device is to be installed in the AD, the ceiling values are checked with respect to the current values and it is checked whether the device is in local proximity with the master device to authorize or not its installation in the AD, either locally or remotely.12-02-2010
20100306829IMAGE FORMING APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION CONTROL METHOD, AUTHENTICATION CONTROL PROGRAM, AND COMPUTER-READABLE RECORDING MEDIUM HAVING AUTHENTICATION CONTROL PROGRAM - A disclosed image forming apparatus includes an authentication information reception unit configured to receive first authentication information input to the image forming apparatus, an authentication control unit configured to send the first authentication information to a first authentication apparatus connected to the image forming apparatus via a network and cause the first authentication apparatus to carry out a first authentication based on the first authentication information, and an authentication information recording unit configured to record, when the first authentication based on the first authentication information has succeeded, the first authentication information therein as second authentication information. In the image forming apparatus, the authentication control unit carries out, in a case where the first authentication apparatus is not available, a second authentication based on the second authentication information recorded in the authentication information recording unit in lieu of the first authentication based on the first authentication information.12-02-2010
20100306825SYSTEM AND METHOD FOR FACILITATING USER INTERACTION WITH A SIMULATED OBJECT ASSOCIATED WITH A PHYSICAL LOCATION - Systems and methods for facilitating user interaction with a simulated object that is associated with a physical location in the real world environment is herein disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, of identifying the simulated object that is available for access based on location data. The location data can include a location of a device in a time period, the device for use by a user to access the simulated object. One embodiment includes, verifying an identity of the user; and in response to determining that the user is authorized to access the simulated object, providing the simulated object for presentation to the user via the device.12-02-2010
20130133037INSERTING MEDIA CONTENT FROM MULTIPLE REPOSITORIES - Methods and systems for inserting media content from multiple media content repositories are disclosed herein. The method includes displaying indicia corresponding to a number of repositories within a user interface that is authorized to access all of the repositories, wherein the repositories may include a local repository and an online repository, or any combination thereof. The method also includes obtaining media content from any of the repositories via the user interface and inserting the media content into a location via the user interface.05-23-2013
20130133042BIOMETRIC AUTHENTICATION - An apparatus, method and program product locally stores biometric data in response to a user accessing a network (05-23-2013
20130133043AUTHENTICATION IN VIRTUAL PRIVATE NETWORKS - Systems and methods are provided for controlling access to a network. An access request is received from a client application running on a computing device for accessing a remote network. The access request is received over a secure virtual private network connection (VPN) connection established by a user-mode VPN client running in non-privileged user space of the computing device. The access request includes contextual information for use in authenticating a user to access a remote network, wherein the contextual information includes contextual information about the client application requesting access to the remote network. An authentication process is performed using the contextual information to authenticate the user, and a secure VPN connection is established between the client application and the remote network, if the user is authenticated.05-23-2013
20100306830Distributed Hierarchical Identity Management - A system and methods for identity management and authentication are provided herein. The present invention employs shadow domains to prove entity membership in an identity management system where responsibility for trust relationships is devolved to the user. The present invention additionally teaches doubly signed certificate transmission for authentication of assertions made by third parties in the identity management network.12-02-2010
20100306828Method for Secure Validation Utilizing Existing Validation Framework - Granting secure access to stored digital medical information to patients or healthcare providers facilitates information exchange in healthcare. Payment for healthcare services can be accomplished with a credit card or other electronic payment means. Each payment transaction is assigned a unique ID number by financial services computer systems, itself being transmitted with temporal information to the medical record system at the time of issuance. Receiving medical record system(s) incorporate the ID number into the validation process by requiring it during validation in defined time frame from issuance. When correctly entered in the time frame allocated, patient medical information is displayed on the requestor's computer screen. If the ID is not entered in the determined time frame, access if not granted. Transaction ID number usage therefore provides a temporal limit on access to the patient's medical information and serves as an additional validation mechanism.12-02-2010
20100306826METHODS AND SYSTEMS FOR IMPLEMENTING A SELF DEFENDING/REPAIRING DATABASE - This disclosure describes, generally, methods and systems for self defending and repairing a database. The method includes monitoring, at a database server, code modifications to a database management application. The database management application is configured to maintain the database. The method further includes determining that a code modification has occurred to the database management application. The method further includes checking the code modification for the presence of an authorization key, and in response to an invalid or non-existent authorization key, determining that the code modification is unauthorized. Further, the method includes quarantining the modified code in a secure storage location, and automatically accessing original code of the database management application and replacing the modified code with code from the original code of the database management application.12-02-2010
20100306824TRUST AND IDENTITY IN SECURE CALENDAR SHARING COLLABORATION - In some embodiments, a system includes a database of trust information that internalizes security and trust relationships between a first entity and a second entity in regards to scheduling, and a central trust manager operable to determine from the database of trust information whether a trust relationship exists between a first organization and a second organization, the central trust manager also being operable to provide availability information of a user of the first organization to a second user of the second organization, the central trust manager also being operable to determine whether the second user of the second organization is granted access to requested calendar data and the central trust manager also being operable to provide the requested calendar data.12-02-2010
20100313245AUTHENTICATION ENGINE FOR ENROLLMENT INTO A COMPUTER ENVIRONMENT - Embodiments of the invention are generally directed to a system and method for enrolling a user into an authentication system. In some embodiments of the invention, a user completes a first portion of the enrollment or setup process using a first computer environment, but is not permitted to complete the enrollment or setup process from the first computer environment. The system permits the user to complete the enrollment or setup process only from a second computer environment different from the first computer environment. In one embodiment, the second computer environment is any computer environment outside of the first computer environment.12-09-2010
20100319053DEVICES WITH PROFILE-BASED OPERATING MODE CONTROLS - A device (e.g., a phone) can be provided by an entity (e.g., a business) to a user (e.g., an employee). The device includes a profile manager that allows the user to configure a personal profile comprising any of applications, settings, and stored data. The device is also configurable with an entity profile determined by the entity that also may include applications, settings, and stored data. The user can select from operating modes comprising at least a personal mode, and a unity mode; an entity mode also may be available for selection. The profile manager, based on the selected mode, determines whether entity profile data and applications are available to the user, and which applications from either profile may conduct user-perceptible activities. The profile manager may periodically verify entity profile rights with a server, and if verification fails, then the profile manager can restrict entity profile data and applications access, regardless of operating mode.12-16-2010
20100281522ACCESS RIGHT MANAGING SYSTEM, ACCESS RIGHT MANAGING METHOD, AND ACCESS RIGHT MANAGING PROGRAM - An authentication device includes a user authentication certificate generation unit that issues to another device user authentication information on which information about a user is recorded; and a right transfer certificate/token generation unit that issues right transfer information and a token corresponding to the right transfer information to another device on the basis of information about a user to whom the right is transferred and a condition under which the right is transferred. A service proxy access device includes a token request unit that requests the issuing of the right transfer information and the token in order to access another device; and a user proxy access unit that accesses another service using the token. The service providing device includes a user authentication certificate request unit that acquires user authentication information from the authentication device using the token.11-04-2010
20100281523METHOD AND SYSTEM FOR NEGOTIATING NETWORK SERVICE - A method, system, terminal, and server for negotiating a network service are provided, which belong to the field of network access technology. The method includes: an AAA server for providing basic access (AAAn server) receives a network access identifier (NAI) from a terminal during an authentication process, where the NAI contains service identifier information of a service requested by the terminal. The AAAn server performs identity authentication on the terminal according to the NAI and information associated with the terminal stored in a database of the AAAn server. The AAAn server judges whether the terminal can obtain the requested service according to the service identifier information of the service requested by the terminal contained in the NAI after the terminal successfully passes the identity authentication. The system includes a terminal and an AAAn server. The technical solutions can simplify the negotiation process, and facilitate the network management and operation.11-04-2010
20130139222AUTHENTICATION OF MOBILE DEVICE - Disclosed are systems and techniques that generate one-time passwords in a banking server in order to authenticate a mobile device for transactional functions related to a user account. At least two one-time passwords are generated at the banking server and communicated to the mobile device via different communication pathways. A first communication pathway is encrypted and a second pathway is non-encrypted.05-30-2013
20130139224System and Method for Registering Users for Communicating Information on a Web Site - A system and method blocks or removes user accounts or complex information of user accounts that has or have a correspondence with complex information of other accounts or complex information on a blacklist.05-30-2013
20130139226Secure Authorization - Various embodiments provide an authorization approach that performs a safe and generally untraceable way that allows a user to complete an authorization securely. Various embodiments utilize a visual presentation that displays items, which can include symbols, letters, characters, numbers, logos, pictures, and the like. Throughout authorization, in at least some embodiments, the visual presentation is modified and the locations of items, such as touch-selectable items, are changed such that a pre-defined authorization sequence of items does not have the same serialized pattern of selection for purposes of authorization.05-30-2013
20100325702AUTHENTICATION-AUTHORIZATION SYSTEM FOR MOBILE COMMUNICATION TERMINAL AND METHOD THEREFOR - An authentication-authorization system for a mobile communication terminal and a method therefor are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system.12-23-2010
20100325700SYSTEM, METHOD AND APPARATUS FOR PROVIDING MULTIPLE ACCESS MODES IN A DATA COMMUNICATIONS NETWORK - A system, method and apparatus for providing multiple access modes in a data communications network includes a network access device having a plurality of input ports, a plurality of output ports, and a switching fabric for routing data received on the plurality of input ports to at least one of the plurality of output ports. Control logic within the network access device is adapted to determine whether a user device coupled to one of the plurality of input ports supports a user authentication protocol used by a host network. If the user authentication protocol is not supported, then the input port to which the network access device is coupled is placed in a semi-authorized access state that limits access to a pre-configured network accessible via the host network.12-23-2010
20100325701METHOD AND APPARATUS FOR MANAGING A USER - In the field of communications, a method and an apparatus for managing a user are provided. The method for managing a user includes the following steps. An identity of a user is authenticated. After the identity authentication of the user is successfully performed, a service router (SR) authenticates a management authority of the user. After the management authority authentication is successfully performed, service configuration management is performed according to the management authority of the user. As compared with the conventional art, by moderately authorizing the lower level user, the technical solutions can reduce the costs of operation and maintenance, improve the efficiency and solve the problem in time, thereby improving customer satisfaction.12-23-2010
20100325698Trusted and Secure Techniques for Item Delivery and Execution - Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, “trusted” virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI).12-23-2010
20100333178System and Method for Unique User Identification via Correlation of Public and Private Data by a Third-Party - The present invention is a system and method to provide the unique and persistent user identification of networked electronic devices (e.g., computers, mobile phones, game consoles, set-top boxes, etc.) and/or the users (the first-party) by correlating the public information received by a second-party with the private information available to a network access provider or other third-party and then the capability for the third-party to uniquely identify users/devices and provide data to second-parties. The invention is able to uniquely & persistently identify devices and users on a network without exchanging uniquely identifying information between the user/device and the content provider responding to the request (e.g., no reliance on passwords, cookies, challenge/response, encrypted strings.).12-30-2010
20100333179FILE SHARING SYSTEM AND METHOD - A file sharing system includes a web server, a first electronic device, and a second electronic device. The web server includes an authorizing module and a server storage module. The server storage module is capable of storing files uploaded from a first electronic device. The authorizing module is capable of recording an authorizing setting from the first electronic device to authorize a second electronic device to access the files in the server storage module.12-30-2010
20100333181SYSTEM AND METHOD FOR REMOTELY CONFIGURING A DESKTOP MAILBOX - A method and system for remotely configuring a desktop mailbox manager. A mobile node operable to communicate within a wireless network includes a remote desktop controller to generate configuration messages for transmission to a home node at which the desktop mailbox manager is located. When reconfiguration is required, reconfiguration criteria are formulated, usually at the direction of the user. The reconfiguration criteria are then used by the remote desktop controller to create a reconfiguration message, which is addressed for delivery to the home node. A network connection is established, and the reconfiguration message is transmitted. A network server associated with the base station through which the mobile node is communicating with the network routes the message to a server associated with the home node, utilizing an appropriate gateway if necessary. The message is stored on the server until the home node establishes communication and then the message is downloaded to the home node. In the home node, the message is used to reconfigure the desktop manager.12-30-2010
20100333177SYSTEM AND METHOD FOR IDENTIFYING UNAUTHORIZED ENDPOINTS - In embodiments of the present invention improved capabilities are described for identifying unauthorized endpoints. The present invention includes computer implemented methods and systems for actively polling and monitoring network devices, such as network routers and switches, to obtain information on any or all of the endpoints on a network with which the router or switch may have communicated. Address information acquired through polling is compared with an authorized endpoint list, which is generated from information reported to the store by security agents on the authorized endpoints and which is stored in a security compliance store, in order to identify unauthorized endpoints. Methods and systems disclosed herein also include remediation measures to be taken on the unauthorized endpoints. Related user interfaces, applications, and computer program products are disclosed.12-30-2010
20110010760COMMUNICATION APPARATUS, CONTROL METHOD OF COMMUNICATION APPARATUS, AND PROGRAM - If automatic setting of communication parameters is performed in an ad hoc network when a communication apparatus is connected to an infrastructure network, there is a possibility that infrastructure network information is leaked to the infrastructure network. When an instruction to start the automatic setting of communication parameters is issued, a network participation state of the communication apparatus is determined and the automatic setting of communication parameters is not performed during enterprise connection.01-13-2011
20110010758METHOD AND APPARATUS FOR ASCERTAINING DATA ACCESS PERMISSION OF GROUPS OF USERS TO GROUPS OF DATA ELEMENTS - A method for ascertaining access permissions of users to computer resources on a storage unit, the method including grouping users into a plurality of user groups wherein all members of at least one of the user groups have at least nearly identical user/resource access permissions to the computer resources, grouping resources into a plurality of resource groups wherein all members of at least one of the resource groups have at least nearly identical resource/user access permissions, ascertaining whether a given user is a member of a user group, if the given user is a member of a user group, ascribing to the given user the user/resource access permissions of the user group, ascertaining whether a given resource is a member of a resource group, and if the given resource is a member of a resource group, ascribing to the given resource the resource/user access permissions of the resource group.01-13-2011
20110030034URGENT ACCESS MEDICATION DISPENSING STATION - A medical supply station is disclosed. The medical supply station includes a securable compartment configured to hold medical supplies, and a controller. The controller is responsive to access information and is configured to selectively permit access to the securable compartment when the access information indicates the securable compartment is authorized for access, and restrict access to the securable compartment when the access information indicates the securable compartment is not authorized for access. The medical supply station also includes a critical access module configured to, upon actuation, bypass the access information required by the controller and permit substantially immediate access to the securable compartment. The medical supply station further includes an image capturing device, coupled to the critical access module, configured to capture at least one image of an area proximal to the medical supply station in response to actuation of the critical access module.02-03-2011
20110030036RUNNING A SOFTWARE MODULE AT A HIGHER PRIVILEGE LEVEL IN RESPONSE TO A REQUESTOR ASSOCIATED WITH A LOWER PRIVILEGE LEVEL - A request is received from a requester to run a first software module at a first privilege level, where the requester is associated with a second privilege level, and wherein the first privilege level is higher than the second privilege level. It is determined whether the first software module is valid to run at the first privilege level by checking for predefined content associated with the first software module. The first software module is run at the first privilege level on the computer in response to detecting the predefined content.02-03-2011
20110035788METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.02-10-2011
20100180321SECURITY SYSTEM AND METHOD FOR SECURING THE INTEGRITY OF AT LEAST ONE ARRANGEMENT COMPRISING MULTIPLE DEVICES - In order to provide a security system (07-15-2010
20110035790METHOD AND SYSTEM FOR SYNCHRONISING BOOKMARKS - Systems and methods for synchronising bookmarks between communications devices are provided. Bookmarks refer to user-defined and nicknamed URLs as local parameters in Browser software, also sometimes known as “Favourites”. Real-time synchronisation of bookmarks is accomplished through an application of “push technology”. Upon identifying a change in the set of bookmarks of a communications device, the communications device transmits an indication of the change to the network. The network uses push technology to push the indication to the other communications device. Once the indication is received by the other communications device, the other communications device updates its set of bookmarks according to the indication thereby achieving synchronisation. Synchronisation may be performed between two or more devices.02-10-2011
20110035789Determining a Trust Level of a User in a Social Network Environment - A system and method for determining a trust level for a non-approved user in a social network is described. The method includes monitoring requests for social network interactions between an approved user and the non-approved user and determining if each interaction requested is of a first type or a second type. The method further includes increasing a first trust value when the interaction requested is of the first type and increasing a second trust value when the interaction requested is of the second type. The method further includes determining the trust level based on the first trust value and the second trust value. The method further includes changing the status of the non-approved user to an approved user based on the trust level, the first trust value and/or the second trust value.02-10-2011
20110041164GENETIC PROFILING AND BANKING SYSTEM AND METHOD - A method is provided for determining whether a third party is authorized to access information representative of genetic data. This information representative of genetic data is associated with a physical sample and is provided in an accessible format. A set or access rights is received that define which third parties can access the information and how the information can be used. A third party requests to access the information for the purposes of performing a test. The request is compared to the access rights. If the third party is authorized, the test is performed on the information. If, however, the third party is not authorized, access is denied.02-17-2011
20110041163SYSTEMS AND METHODS FOR USER INTERFACE CONTROL - Enabling and disabling login access to a web-based application by examining automatic number identification (ANI) information from a received telephone call, associating the ANI information with a user account, determining a current state of login access to a web-based application for the user account, the state of login access being one of enabled and disabled, and notifying the web-based application to change the state of login access to the other of enabled and disabled depending on the then-current state of login access. The methodology may further include examining dialed number identification service (DNIS) information of the received call to determine which of the enabling or disabling actions to take, and/or to determine which of a plurality of accounts is to be effected by the desired change in state of login access.02-17-2011
20110041161Management of Ancillary Content Delivery and Presentation - Embodiments of the present invention address delivery of content, including advertising, in an online or networked digital environment. Undesirable content or content that needs to be removed from the digital environment may be eliminated through invocation of a ‘kill switch’ that terminates further delivery of the aforementioned content. The ‘kill switch’ may also eliminate certain instantiations of that content already delivered to end-user client devices. In order to lessen the need for termination of content following delivery to the digital environment, content developers and content providers may view content scheduled for delivery in digital environment ‘mock ups’ prior to actual delivery. Content developers and content providers, too, may control certain attributes related to content scheduled for delivery to further obviate post-delivery termination or modification.02-17-2011
20110041160SURGERY ROBOT SYSTEM OF SERVER AND CLIENT TYPE - A server-client type surgical robot system is disclosed. One aspect of the present invention provides a surgical robot system that includes a plurality of control clients, which generate control signals, and a surgical server, which is manipulated in correspondence with the control signals received from authenticated control clients. The server-client type surgical robot system can include a plurality of control clients for manipulating one surgical server, and incorporates security technology in server-client based robot surgery, to allow greater safety in performing surgery.02-17-2011
20110247053SERVER AUTHENTICATION - A method of authenticating a content-provider server, the method comprising: determining a domain name of the content-provider server; obtaining a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content-provider server and storing one or more IP addresses associated with the domain name; comparing the IP address of the content-provider server against the IP addresses of the fragment; and providing an indication that the IP address of the content-provider server is included or excluded from the fragment of IP addresses. Additionally, a client computer and server operable to implement the method are described.10-06-2011
20110119739SECURE CONSUMER PROGRAMMING DEVICE - A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.05-19-2011
20110119738IDENTITY MANAGEMENT FOR TRANSACTIONAL CONTENT - A method and system for managing access to transactional multimedia content based on hardware identification codes can include determining whether a user is entitled to a first service level or to a second service level and directing requests for transactional multimedia content to an appropriate server. The user of a client device can be authenticated by a certificate sent by the client device and received by a service provider. The certificate includes an indication of a unique hardware identifier for the client device. Access to the transactional content may occur over a public Internet protocol network if the client device is not directly connected to the service provider's private network and if the hardware identifier indicates the client device is authorized.05-19-2011
20110131634Digital Rights Management - A method for digital rights management includes receiving a selection input from a user, associating a customer number with a file based on the selection input, embedding the customer number and a file identifier associated with the file in the file, and sending the file with the embedded customer number and file identifier to the user. One embodiment includes receiving a customer number change request, revising the central database in response to the customer number change request, determining a new customer number responsive to the customer number change request, and embedding the determined new customer number in the file. Another embodiment includes receiving an authorization request associated with a file, determining an authorization based on the central database and authorization request, and sending an authorization notice response to the determined authorization.06-02-2011
20110131633SYSTEMS AND METHODS FOR PERMISSIONING REMOTE FILE ACCESS VIA PERMISSIONED LINKS - Permissioned links for a novel method of credentialing users and assigning permissions to the user using the link to access repositories holding or intended to hold digital files. The permissioned links comprise a unique identifier that can be correlated to a specific repository of digital files and permission set. Users using the permissioned links for access need not enter a login or password. Moreover, permissioned links are portable, allowing multiple users to access the repository of digital files using the same permissioned link.06-02-2011
20110093932METHOD AND SYSTEM FOR SUPPORTING MOBILITY SECURITY IN THE NEXT GENERATION NETWORK - The present invention discloses a method and system for supporting mobility security in a next generation network. In implementation of the method, a Transport Authentication and Authorization Functional Entity (TAA-FE) and a mobile agent functional entity are configured in the network, and a reference point for transmitting key material is established between the TAA-FE and the mobile agent functional entity; when a terminal moves, the mobile agent functional entity receives the key material from the TAA-FE, and performs security protection for signaling between the terminal and the mobile agent functional entity. The system comprises: a transport user profile functional entity, a TAA-FE, and a mobile agent functional entity. Applying the present invention, the mobility security on the transport layer in the next generation network is ensured.04-21-2011
20110093931Nodes of a Content Sharing Group, Methods Performed by the Nodes, and Computer Programs Executed in the Nodes - A content sharing group node of a content sharing group is disclosed. The content sharing node is arranged to receive a sharing right comprising boundaries of redistribution of the sharing right and content sharing group membership restrictions to further content sharing group nodes of the content sharing group, arranged to access the content according to the combined restrictions of the sharing right and a usage right, and arranged to re-distribute the sharing right within the boundaries of re-distribution of the sharing right and to restrict its content sharing group membership according to the sharing right, wherein the content sharing group is defined as the sharing right is redistributed. Methods and computer programs for content sharing are also disclosed.04-21-2011
20110093926SYNDICATION METHODOLOGY TO DYNAMICALLY PLACE DIGITAL ASSETS ON NON-RELATED WEB SITES - An automated method is provided for obtaining selected content for a web page that allows for syndication of digital assets. The selected content itself is not initially part of the web page. The web page includes script associated with the selected content. Upon receiving a web page that includes script associated with the selected content, the script is interpreted. A request is then formatted for obtaining the selected content from a remote site. The request includes a uniform resource identifier (URI) of the web page and a unique identifier of the selected content. The script includes a subscriber identifier and a content identifier, which, together, create the unique identifier of the selected content.04-21-2011
20110093924SYSTEM FOR COLLECTING AND ORGANIZING GAME STATISTICS, INFORMATION AND APPLICATIONS FOR DISTRIBUTION, ANALYSIS AND ENTERTAINMENT, AND METHOD - A web-based and accessible sports statistics, information and application system configured to establish a hierarchy of rights controlling access by users to sports statistics stored in the system, establish a hierarchy of permissions to be granted to users based on the hierarchy of rights, establish a hierarchy of reports that can be downloaded by users based on their rights and permissions, and permit synchronization of a team roster and team statistics between the user's database information on a personal computer with database information on the website database.04-21-2011
20110093923SYSTEM AND METHOD FOR ACCESS CONTROL OF NETWORK DEVICES ACROSS MULTI-PLATFORM ACCESS LISTS - A system for sharing a device between two independent software platforms and for access control of a network device across the two independent software platforms is provided. The system has a first computing device operating on a first software platform for authenticating at least a first user and accessing a first user's access list having at least one address of a second user. The system also has a second computing device operable with the same first user and a second different software platform. A destination across the first and the second software platforms is mapped to selectively control the device by the second user from the first user's access list with the second user operating on the second computing device.04-21-2011
20110214164ACCESS RIGHT CONTROL USING ACCESS CONTROL ALERTS - Systems and methods are provided for providing access controlled event subscription and notification and event access change alerts. In some embodiments, the systems and methods of the present invention operate within a SIP infrastructure. As such, SIP SUBSCRIBE messages and SIP NOTIFY messages are used for subscribing to and receiving notifications related to access control. According to some embodiments, event access change alerts are used in conjunction with access controlled event subscription to provide an efficient method for providing access controlled event subscription using current access control information.09-01-2011
20110214161METHODS, MEDIA, AND SYSTEMS FOR SECURING COMMUNICATIONS BETWEEN A FIRST NODE AND A SECOND NODE - Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.09-01-2011
20110088080Apparatus and Method for Authorization for Access Point Name (APN) Usage in a Specific Access - An apparatus and method for receiving a request for authorization and access from a requestor; determining the association of a care-of-address (CoA) in the request with an access technology used by the requestor; administering authorization rules based on the association of the care-of-address (COA) and the access technology; and determining either to allow access or to deny access to the requestor using results from administering the authorization rules.04-14-2011
20110088079Dynamically Constructed Capability for Enforcing Object Access Order - Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.04-14-2011
20100251340SYSTEM AND METHOD FOR MANAGING THIRD PARTY APPLICATION PROGRAM ACCESS TO USER INFORMATION VIA A NATIVE APPLICATION PROGRAM INTERFACE (API) - A method for managing third party application program access to user information via a particular native application program interface (API) is provided. The method includes providing a wrapped native API including a wrapper library and inspecting a third party application program for the presence of the wrapper library in an unmodified form. The application program is inspected to identify API calls. An identified API call to a circumventing API is instrumented by wrapping the circumventing API to generate a wrapped non-circumventing API and modifying the third party application program to redirect the identified API call from the circumventing API to the wrapped non-circumventing API. A request for a permission to access user information is received from the third party application program via the wrapper library executed on a user device. An authorization is received to provide the permission to access the user information, and the permission to access the user information is provided to the executed third party application program.09-30-2010
20100242095METHOD AND APPARATUS FOR MULTI-USER, MULTI-APPLICATION INTERNET ACCESS AUTHENTICATION AND CONTROL - Methods, system, computer program products and data structures are described to allow a client to be identified using a plurality of methods during the process of accessing Internet resources through a Proxy or Firewall device. The resultant plurality of methods combines to result in a specific user identification process via multiple data stores. These independent data stores are then quarried to identify a user via a network access process that would not commonly respond to a specific authentication process. A single aggregate data store of user identification information is created to facilitate a more effective search process.09-23-2010
20090100506System and Method for Managing Network Flows Based on Policy Criteria - A policy-based network flow management system and method. In one embodiment, various policy conditions are configured based at least in part upon source network conditions and multi-layer information (e.g., Layer 2, Layer 3, and so on) associated with network traffic. Where network traffic from a content requester is determined to satisfy a policy condition, a corresponding policy action is effectuated, e.g., dropping the network traffic, forwarding the network traffic, redirecting the network traffic, or queuing the network traffic.04-16-2009
20110093930Concept of Efficiently Distributing Access Authorization Information - A device for controlling a service access authorization for a user device with regard to an access-restricted service includes a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier when at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device.04-21-2011
20110093929METHOD, SYSTEM, AND TERMINAL FOR USING SUBSCRIPTION SERVICE CONTENT - A method and system for using subscription service content are provided. The method includes: receiving a registration request for using subscription service content transmitted from a user terminal, where the registration request carries an identifier (ID) of the user terminal; determining whether the registered number of the user terminals using the subscription service content registered by a user is greater than the maximum number of the user terminals permitted to use the subscription service content according to the ID of the user terminal, and if not, activating the user terminal according to the ID of the user terminal; and providing authorization for permission of using the service content for the activated user terminal. Through the provided technical solutions, a user is capable of conveniently using the service content at different terminals while unauthorized spread of the service content is avoided during network handover of a user equipment (UE).04-21-2011
20110093925Entitled Data Cache Management - Systems and methods are disclosed for managing an entitled data cache. A data server may generate and send entitled data to a data cache server. The data cache server, a server that may be located nearer to the user within a data provider's computer network, may receive and cache the entitled data. A permission server may store user's permissions and transmit the user's permissions to the data server and the data cache server. Upon receiving a request for data, the data cache server may retrieve the requested data from the cache and send a subset of the cached data which matches the user's permissions to the user, without the need to request the data from the data server.04-21-2011
20110093927METHOD OF AUTHORIZATION FOR A CELLULAR SYSTEM - A method and entity of authorising in a communication system are disclosed. The method includes using authorising data to reference other data to define an authorisation associated with the other data. The authorising data includes one of a data component, data group, or data element. Further, a user profile can be provided and includes a user profile data component and an authorisation data component. The authorisation data component or the user profile data component references another authorisation component. Access is authorised to data associated with the user profile data component in accordance with the authorisation data component.04-21-2011
20090031402METHOD AND APPARATUS FOR MANAGING ACCESS PRIVILEGE IN CLDC OSGI ENVIRONMENT - Provided are a method and apparatus for managing an access privilege of an application in a Connected Limited Device Configuration (CLDC) and Open Service Gateway initiative (OSGi) environment. The method includes: marking a privileged code in the application; executing the privileged code in a secured thread having a unique thread identifier; identifying the privilege code by mapping the unique thread identifier with an application identifier from a mapping table; checking a permission policy file to determine what kind of resource access privilege the identified privileged code has; and permitting the application to access the resources according to the determination results. Accordingly, when an application tries to access resources in a framework, an access privilege of the application can be managed so that no applications can maliciously access the resources by identifying the application by using the mapping table and checking the security policy file of the identified application.01-29-2009
20090031400SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR TRANSFERRING CONTENT FROM ONE DVR-EQUIPPED DEVICE TO ANOTHER - A headend for providing content over a broadband communication network, includes an input for receiving content to be broadcast to subscriber devices over the network. The headed also includes a multiplexer for multiplexing video streams received from the input and a modulator for modulating the multiplexed video streams onto the broadband communications network. A content authorization server is provided in the headend for authorizing transfer of selected content residing on a first subscriber device to a second subscriber device by sequentially transferring blocks of the selected content. The individual blocks are transferred to the second subscriber device and removed from the first subscriber device before subsequent blocks of the selected content are transferred.01-29-2009
20090172785PROVIDING MOBILITY MANAGEMENT USING EMULATION - A system and method are disclosed for providing mobility management among mobile nodes in a communication network. Emulation can be provided to allow a mobile node that uses mobile IP (MIP) to access and use a communication network that is based on proxy mobile IP (PMIP). A gateway can be used to terminate the MIP based protocol access from the mobile node and communicate with the PMIP based core network. Emulation can be provided on a gateway to provide communication from a internet protocol version 4 (IPv4) mobile node and a core network running internet protocol version 6 (IPv6). This allows the network operator to provide access to the deployed base of MIP or IPv4 mobile nodes.07-02-2009
20100017858SYSTEM AND METHOD FOR AUTHENTICATING COMPONENTS IN WIRELESS HOME ENTERTAINMENT SYSTEM - Configuration information is exchanged between a home entertainment system server and various wireless components by pushing a button on the server and a random button on a remote control device as it is pointed at the devices sought to be authenticated.01-21-2010
20100037300METHOD AND APPARATUS FOR NOTIFYING REMOTE USER INTERFACE CLIENT ABOUT EVENT OF REMOTE USER INTERFACE SERVER IN HOME NETWORK - An event notifying method includes determining whether a current home network, which is currently connected to a remote user interface server (RUIS) in a home network, is a user's home network selected by a user so as to be allowed to be notified of the event, selectively providing an event page to a remote user interface client (RUIC) selected by a user in the user's home network, and performing user authentication prior to providing the event page, thereby ensuring security of the user's private information.02-11-2010
20100037299Method, System, And Computer Program Product For Identifying An Authorized Officer Of A Business - A method, system, and computer program product are used to identify an authorized officer of a business. In accordance with an exemplary method, titles of executives associated with the business are received from a plurality of data sources. Each executive's title may be classified as authorized, non-authorized or undecided, and each executive's title classified as undecided may be further classified as authorized or non-authorized by using information on the business. For each executive, conformance across the data sources of the executive's title classification is assessed, and each executive is classified as being an authorized officer, a non-authorized officer or a potential authorized officer based on the title classification and the assessed conformance. A measure of confidence is associated with each executive classification.02-11-2010
20100011417SYSTEM AND METHOD FOR PRIVILEGE MANAGEMENT AND REVOCATION - The present disclosure relates generally to the management of privileges associated with certain applications that are accessible by users of electronic equipment, such as, for example, networked computers, mobile wireless communications devices, and the like. In particular, the disclosure is directed to systems and methods for managing privileges associated with particular applications and for revoking these privileges in a timely and robust manner. For example, the device keeps track of which applications get access to which privileges. When policies or application control changes, the system detects which privileges have been revoked for which applications. This can be accomplished by simply comparing the old set of privileges with the new set of privileges. For each revoked privilege for a given application, the system determines if the application has ever accessed that privilege in the past. If an application has accessed a privilege that is now revoked at any time in the past, the device is reset. To ensure that privileges that may be passed between applications are not overlooked, the device is arranged to perform a reset if any revoked privilege accessible by the device is one that may be passed between applications.01-14-2010
20100064347METHODS AND SYSTEMS FOR PROTECT AGENTS USING DISTRIBUTED LIGHTWEIGHT FINGERPRINTS - The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization's secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided. In one embodiment, a combined approach, utilizing both the local lightweight fingerprint database and a remote fingerprint server comprising registered fingerprints is used to achieve overall protection of the organization's secure information.03-11-2010
20100077459Network Attachment for IMS Systems for Legacy CS UE with Home Node B Access - A system and method for allowing legacy circuit switch user equipment (CS UE) to operate via a packet switch system, such as an IP Multimedia Subsystem (IMS) system, is provided. The mobility and session control aspects of communications with the legacy CS UE is separated. A user agent is placed in the receiving node (e.g., a home node B) that acts as the SIP agent for the CS UE for session control. An interworking function is provided to allow mobility between the macro CS network and the PS (e.g., IMS) network. Hand-back and hand-in procedures with service continuity are also provided.03-25-2010
20100037298Method and System for Protecting a Service Access Link - A method and a system for securing access to data stored in a remote content server (02-11-2010
20090217356Electronic permission slips for controlling access to multimedia content - An administrator controls viewer access to restricted multimedia programs using electronic permission slips. In response to a viewer's request to view a restricted multimedia program, the viewer may initiate the generation of an electronic permission slip that is sent to an electronic device associated with the administrator. The electronic permission slip may include text-based information, graphical information, audio information, and the like. The electronic permission slip may enable input of permission data regarding whether the viewer is allowed to receive the blocked program. In response to the administrator granting permission, a service provider network allows the viewer to access the restricted multimedia program.08-27-2009
20100058444METHODS AND SYSTEMS FOR MANAGING ACCESS IN A SOFTWARE PROVISIONING ENVIRONMENT - A provisioning server can be configured to associate user actions with users that have access to perform the associated user actions. The user actions can include any user action performed within or by the provisioning server, such as configuring the provisioning server, modifying provisioning objects in the provisioning server, accessing provisioning processes by the provisioning server, and the like. The association can be based on the identity of the users or a type of user (administrator, client, guest, etc.). Once a request is received for a particular user action, the provisioning server can be configured to enable the requested action if the requested action is associated with the requesting user.03-04-2010
20100071034SYSTEM FOR PREVENTING UNAUTHORIZED ACQUISITION OF INFORMATION AND METHOD THEREOF - A system including a server apparatus executes an application program and a client apparatus enabling a user to utilize the application program by communicating with the server apparatus based on an instruction of the user. The server apparatus includes: an output detection section for detecting output-processing which is processing of outputting data from the application program into a shared area; and an output control section for storing instruction information in the shares area, instead of storing the output data outputted from the application program therein, in response to the detection of the output-processing, the instruction information specifying an acquisition method by which an authorized client apparatus acquires the output data. The client apparatus includes: a reading detection section for detecting reading-processing which is processing of reading data from the shared area; and a reading control section which reads the instruction information from the shared area in response to the detection of the reading-processing, and which acquires the output data by the acquisition method specified by the instruction information.03-18-2010
20100064352MIXED ENCLAVE OPERATION IN A COMPUTER NETWORK - A method is disclosed for mixed enclave operation of a computer network with users employing a multi-level network security interface and users without any network security interface. Either the network security user selects or the network security interface automatically selects whether communications are permissible with other unsecured users. Where a mixed enclave operation is selected, the network security user identifies when communications are being undertaken with another secured user or a non-secured user. Communications with a non-secured user at a lower security level entail securing the data residing with the secured user from transmission back to the non-secured user.03-11-2010
20100064348APPARATUS AND METHOD FOR MANAGING ACCESS AMONG DEVICES - Provided are an apparatus, system composed of apparatuses in a chassis, and a method for managing access among a plurality of devices accommodated in a chassis. Setting information by the user on access between a first management unit including at least one device of said plurality of devices and a second management unit including at least one device of said plurality of devices is accepted. The first attribute information is acquired designating at least any one of an instruction issuing function and an instruction receiving function among the functions of said first management unit and the second attribute information designating at least any one of the instruction issuing function and the instruction receiving function among the functions of said second management unit. A determination is made as to whether or not said setting information is consistent with a combination of said first attribute information and said second attribute information. Information is outputted based on a determination result of the determination.03-11-2010
20100064351Universal Plug and Play Extender - The present invention relates to a solution for providing access to services and media content located in a local area network, e.g. a home network, via a web interface controlled by a universal plug and play (UPnP) control point device. The UPnP device is arranged to discover the services and media content available in the local area network and present this on the web interface for access from a public area network. The UPnP device may further be arranged to authenticate the user in order to secure the content and services from unauthorized access.03-11-2010
20100064350Apparatus and Method for Secure Affinity Group Management - Disclosed is a method for security management in a station. In the method, a pre-registered credential is received. The pre-registered credential has been associated with a network group by a registration entity. The station is established as a member of the network group based on the received pre-registered credential thereby effecting access rights with other member stations participating in the network group.03-11-2010
20100077458Apparatus, System, and Method for Responsibility-Based Data Management - An apparatus, system, and method are disclosed for responsibility-based data management. In one embodiment, the method may include the steps of: (i) receiving, from a network participant, a request to access an information set; (ii) setting a permission indicator in response to a determination that the network participant is associated with a group dissemination attribute that authorizes the network participant to access the information set; (iii) modifying the permission indicator in response to a determination that an exception rule modifies the group dissemination attribute; (iv) setting the permission indicator in response to a determination that the network participant is associated with a system position attribute that authorizes the network participant to access the information set; and (v) providing access to the information set in response to a determination that the permission indicator authorizes the network participant to access the information set.03-25-2010
20100077456OPERATOR DEVICE PROFILES IN A SURVEILLANCE SYSTEM - The present invention provides systems and methods for allowing an administrator to create device profiles, and map specific device profiles to specific operators. The system comprises a surveillance device to record an event, an administrator station for receiving a data stream corresponding to the event and for assigning the data stream to a device profile based on a plurality of attributes in the metadata of the stream, and a broadcast engine for mapping the data stream alongside a plurality of data streams within the device profile to an operator station. The method comprises recording an event within a secure area via a surveillance device, generating a data stream corresponding to the recorded event, applying a plurality of attributes for the data stream, transmitting the data stream to an administrator station, assigning the data stream to a device profile based in part on the plurality of attributes for the data stream, and mapping the data stream along with a plurality of data streams within the device profile to an operator station over a network.03-25-2010
20100064349SECURE TRANSMISSION AND EXCHANGE OF STANDARDIZED DATA - Standardized transmission of digital data with trusted and untrusted connections by translating non-native requests and or non-native responses to and from a normalized format or to a format needed for processing the request and or response configured in hub and spoke, star, direct, peer to peer or hybrid connections. Encryption is provided at multiple layers to establish non-repudiation for a security service that integrates external security applications into a single service.03-11-2010
20090094681METHOD AND SYSTEM FOR PROVIDING EXTENDED AUTHENTICATION - A method and system for extending an authentication of a wireless device are disclosed. For example, the method includes authenticating access to the wireless device via a first authentication. The method detects a bonded authentication device as a second authentication. The method permits access to the wireless device when the bonded authentication device is detected.04-09-2009
20100058447SERVICE AUTHORIZATION METHOD, SERVER, AND SYSTEM - The present invention relates to the field of communications, and provides a service authorization method, server, and system. The method includes the following steps. A request for using a service is received from a user terminal, and if the user terminal has not registered the requested service yet, a registration of the user terminal is performed automatically. If the registration is successful, the user terminal is allowed to use the requested service. A license control is performed during the registration of the user terminal. Through the method, server, and system provided by the present invention, users may subscribe to services more conveniently, thus reducing the capital expenditure of operators.03-04-2010
20100058443Confidential Presentations in Virtual World Infrastructure - Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture.03-04-2010
20110252459Multiple Server Access Management - An access management system receives an access request for a target computer from a client computer. The access request comprises a digital certificate belonging to a user. The access management system verifies the identity of the user by validating the digital certificate. When so verified, the user receives access privileges from a policy database. The access privileges contain one or more access attributes. The access management system evaluates the access request based the one or more access attributes and grants the user access to the target computer if all the one or more access attributes are satisfied.10-13-2011
20110162047Methods, Systems and Computer Program Products for Identity and Access Management - Methods of managing access to systems of an organization are provided. The methods include creating a unique identifier for a user, the unique identifier having an associated user profile for the user and being stored with the associated user profile in an identifier repository associated with the organization; requesting at least one account for the user on at least one system of the organization responsive to the creation of the unique identifier for the user, wherein the at least one account is defined based on the user profile of the user associated with the unique identifier; and generating the at least one account for the user on the at least one system of the organization responsive to the request. Related systems and computer program products are also provided herein.06-30-2011
20110162046Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device - An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.06-30-2011
20100071036METHOD AND APPARATUS FOR REDISTRIBUTION SYSTEM - A method and apparatus for distributing at least one of documents or data to their respective owners. The method comprising receiving at least one of the documents or the data from users, associating the at least one of the documents or the data with users' login, wherein the users are owners of their respective at least one documents or data, and simultaneously scheduling the distribution of the at least one of the documents or the data to their respective owners.03-18-2010
20100071037SYSTEM FOR RESTRICTING CONTENT ACCESS AND STORAGE - UIMID of a UIM 03-18-2010
20110154449System and Method of Multimedia Access - A method includes receiving an authorization from a multimedia distribution system of a multimedia distribution network at a multimedia receiver. The multimedia receiver includes a peripheral device interface, and the authorization identifies a peripheral device that is authorized to transfer content data via the peripheral device interface. The method further includes providing the peripheral device interface with access to a selectively inaccessible peripheral device driver that is associated with the peripheral device in response to receiving the authorization at the multimedia receiver.06-23-2011
20110083165Method and system for regulating, disrupting and preventing access to the wireless medium - A method for restricting one or more wireless devices from engaging in wireless communication within a selected local geographic region. The method includes receiving an indication comprising at least identity information. Preferably, the indication is associated with a selected wireless device, which is associated with an undesirable wireless communication within the selected local geographic region. The method includes selecting one or more processes directed to restrict the selected wireless device from engaging in wireless communication and performing a prioritized access to a wireless medium using at least one of one or more sniffer devices, which are spatially disposed within a vicinity of the selected local geographic region. The method transmits one or more packets from the at least one of one or more sniffer devices. Preferably, the one or more packets are directed to perform said one or more processes to restrict the selected wireless device.04-07-2011
20110083163Temporarily providing higher privileges for computing system to user identifier - A root user identifier of a computing system is disabled. Thereafter, and in response to determining that a problem with the computing system requires root privileges to the computing system to solve, a code patch for installation on the computing system is received from a third party. The code patch is installed on the computing system, resulting in a user identifier temporarily having the root privileges to the computing system. The user identifier is different than the root user identifier is. A password for the user identifier is provided to the third party to permit the third party to solve the problem with the computing system using the root privileges, via the user identifier temporarily having the root privileges to the computing system. The code patch is computer code installable on the computing system.04-07-2011
20110252460METHODS, APPARATUS AND SYSTEMS FOR AUTHENTICATING USERS AND USER DEVICES TO RECEIVE SECURE INFORMATION VIA MULTIPLE AUTHORIZED CHANNELS - Facilitating display of, and interaction with, secure user-centric information via a user platform operated by a user. A user identity is transmitted to an external computing device hosting an identity management server to authenticate the user. After authenticating, a desktop channel grid framework is displayed on the user platform. The channel grid framework includes multiple channels having respective contents represented as multiple user-selectable items, through which respective portions of the secure user-centric information are presented. At least some of the secure user-centric information in at least one channel is based on the user identity, and in displaying the at least one channel as a selectable item, the at least one channel is authenticated by the identity management server. In one example, the user platform also is authenticated, and multiple user-selectable items included in the channel grid framework is based on information access rights and/or security protocols respectively associated with the corresponding plurality of authorized channels, the user, and the user platform.10-13-2011
20110252458Information processing device, information processing method, and program - An IC card compatible with a DES scheme and an AES scheme having a security strength different from that of the DES scheme, includes an inhibition information receiving section for receiving inhibition information for inhibiting predetermined manipulation from being performed in a storage region of the IC card using the DES scheme from an issuing device using the AES scheme, an inhibition flag setting section for performing inhibition processing for inhibiting the predetermined manipulation by the inhibition information, a manipulation request receiving section for receiving a manipulation request from a service providing device or the issuing device, and a manipulation executing section for executing the requested manipulation if the requested manipulation does not correspond to the predetermined manipulation inhibited by the inhibition information.10-13-2011
20110099609ISOLATION AND PRESENTATION OF UNTRUSTED DATA - Architecture that provides a secure environment in which data (e.g., code, instructions, files, images, etc.) can be opened and run by a client application. Once opened the data can be viewed (in a “protected view”) by the user without incurring risk to other client processing and systems. Accordingly, the architecture mitigates malicious attacks by enabling users to preview untrusted and potentially harmful data (e.g., files) in a low risk manner. Files opened in the protected view are isolated from accessing key resources on the client computer and provides the user a safer way to read files that can contain dangerous content. The protected view also provides a seamless user experience. The user is unaware that the client is operating on data in a different mode and allows for the reduction of security prompts.04-28-2011
20100242097SYSTEM AND METHOD FOR MANAGING APPLICATION PROGRAM ACCESS TO A PROTECTED RESOURCE RESIDING ON A MOBILE DEVICE - A computer-implemented method for managing application program access to a protected resource residing on a mobile device is provided. The method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization. Data produced by the protected resource is cryptographically signed, and a notification is generated in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource. A system for managing application program access to a protected resource residing on a mobile device is further provided.09-23-2010
20110154450REMOTE OPERATION PROGRAM, METHOD AND TERMINAL APPARATUS - A remote-operated unit of a user terminal apparatus remote-operated through network from a remote terminal apparatus of a support staff sends image information of a changed portion to the remote terminal apparatus to display a business screen in an interlocked manner when a change is detected in the business screen displayed by a business processing unit with an image-information transmission unit. When an operation-information reception unit receives remote operation information of a mouse or keyboard from the remote terminal apparatus, a remote-operation prohibited region management unit refers to a remote-operation prohibited region table and prohibits remote operation if the remote operation information is within the operation prohibited region.06-23-2011
20110154448SERVER, CLIENT, LICENSE MANAGEMENT SYSTEM, AND LICENSE MANAGEMENT METHOD - A server carries out a network position check process for a client which requests to use a content, and the server generates a vicinity check information including a requirement for authorizing omission of the network position check process for the client when the client thereafter requests to use the content again after the network position check process determines that the client is located in a local area network where the server belongs. At least one of the server and the client retains the vicinity check information to determine based on the vicinity check information whether the network position check process can be omitted when the client thereafter requests to use the content again.06-23-2011
20110154446SYSTEM AND METHOD OF CONTROLLING IDENTITY PRIVACY IN A COMMUNICATION SESSION - A system and methods for controlling identity privacy in a communication session include processing, at a communication server, a request from a first participant of the communication session to add a second participant to the communication session. Based on the request, the communication server establishes a set of privacy rules related to the second participant that control sharing of identity information between the second participant and a third participant of the communication session.06-23-2011
20110154444METHOD AND APPARATUS FOR PROVIDING USER AUTHENTICATION BASED ON USER ACTIONS - An approach is provided for authenticating using user actions. A prompt is initiated on a display for an input to authenticate a user. The input is received as a sequence of user actions on the display. A predetermined sequence associated with the user is retrieved. The received sequence is compared with the predetermined sequence to determine a match. The user is declared to be authenticated based on the comparison.06-23-2011
20120304259METHOD AND APPARATUS FOR AUTHENTICATING A USER EQUIPMENT - The present invention relates to a Femtocell providing services to a UE, and it proposes a method for authenticating a UE registered in a first operating domain of a communication network (e.g. a mobile core network), when the UE requests the service provided by a second operating domain (e.g. a fixed access network, a backhaul network). An authentication server in the first operating domain allocates the needed information to access the service provided by the second operating domain for the UE, and stores. After receiving the needed information, the UE sends an authentication request message to an authentication server in the second operating domain, wherein the authentication server in the second operating domain forwards the authentication request message to the authentication server in the first operating domain.11-29-2012
20120304258AUTHORISED DATA RECORDING - To facilitate recording of data received from a non-trusted source entity, a trusted source entity, for example a user terminal or a user interface, sends to an operational center an authorization message authorizing the non-trusted source entity to send specific information messages. In response to the authorization message, the operational center creates an automatically verifiable authorization condition. When an information message arrives to the operational center, it checks, whether the message fulfills the condition, and if yes, records the data.11-29-2012
20120304257Access rights used for resource discovery in peer-to-peer networks - Secure resource discover in peer-to-peer networks involves creating a resource discovery record associated with a computing resource of a user device that is made available via the user device to peers of a peer-to-peer network. The resource discovery record describes the computing resource and may be independent of native service discovery mechanisms of the peer-to-peer network. An access right record is created that controls the ability of one or more contacts to gain access to the resource discovery record. The resource discovery record is sent to the one or more contacts via the peer-to-peer network. The one or more contacts can use the resource discovery record to access the computing resource via the peer-to-peer network in accordance with the access right record.11-29-2012
20120304256ELECTRONIC MAIL SYSTEM AND METHOD - A method of handling e-mail messages and a server for performing the method are disclosed. In the method comprises, receiving an e-mail message from a sender for delivery to a recipient, and delivering the message if the sender is included in a list of senders authorised for communication with the recipient. Otherwise, the method parses a destination e-mail address in the message to extract from it an authorisation code and if the authorisation code is an acceptable code, adding the sender to the list of senders authorised for communication with the recipient and delivering the message. In the method, any authorisation code has a validity that us limited for a specific length of time.11-29-2012
20110083168Framework of Media-Independent Pre-Authentication - This application describes, among other things, a framework of Media-independent Pre-Authentication (MPA), a new handover optimization mechanism that has a potential to address issues on existing mobility management protocols and mobility optimization mechanisms. MPA is a mobile-assisted, secure handover optimization scheme that works over any link-layer and with any mobility management protocol. This application also shows, among other things, an initial implementation of MPA in our testbed and some performance results to show how existing protocols could be leveraged to realize the functionalities of MPA.04-07-2011
20110083167Leveraging Collaborative Cloud Services to Build and Share Apps - The present invention includes systems and methods for retrieving information via a flexible and consistent targeted search model that employs interactive multi-prefix, multi-tier and dynamic menu information retrieval techniques (including predictive text techniques to facilitate the generation of targeted ads) that provide context-specific functionality tailored to particular information channels, as well as to records within or across such channels, and other known state information. Users are presented with a consistent search interface among multiple tiers across and within a large domain of information sources, and need not learn different or special search syntax. A thin-client server-controlled architecture enables users of resource-constrained mobile communications devices to locate targeted information more quickly by entering fewer keystrokes and performing fewer query iterations and web page refreshes, which in turn reduces required network bandwidth. Applications are built by leveraging existing collaborative cloud services that enable the maintenance and sharing of user content.04-07-2011
20110083166SYSTEM FOR ELIMINATING UNAUTHORIZED ELECTRONIC MAIL - A system for eliminating unauthorized email sent to a user on a network analyzes the sender address of incoming email and determines whether it is to be rejected by returning a standard “no such user” error code or accepted depending upon executing processing rules and analyzing managed lists of authorized senders. This provides an advantage over existing anti-spam filtering systems by intercepting unauthorized email before it reaches an existing email server or client. The system rejects all email unless authorized by using a standard “no such user” error code, and by redirecting the unauthorized email back to the sender or to a sender evaluation site. An ASL module captures authorized sender addresses from the user's outgoing email and other sources in order to update “authorized senders” lists. The system may employ a WBM procedure that notifies senders of rejected email to go to a separate website and register as valid senders after passing an interaction test that precludes automatic registration by a mechanical program. A destination proxy email address procedure allows subscribers to use temporary proxy addresses for receiving email expected from unknown sources and instantiates senders as authorized upon receiving the expected email to the proxy addresses. The unauthorized-email rejection component can be readily configured as a hardware or software appliance used in tandem with a conventional email server, email gateway, or firewall to an intranet, or as a software extension to an existing firewall system.04-07-2011
20110083164ASSOCIATING MULTIPLE SECURITY DOMAINS TO APPLICATION SERVERS - Multiple security domains can be created and associated with various scopes within the cell allowing security configurations of each scope to be managed collectively. Examples of scopes include the entire cell, one or more application servers, one or more applications, one or more clusters, one or more service integration buses, one or more nodes, etc. Security configurations associated with the security domains can be applied to the scopes based on a hierarchy of the security domains. In addition, new security domains may be created automatically based on security requirements of newly installed applications.04-07-2011
20110072496METHOD AND SYSTEM FOR USER ACCESS TO AT LEAST ONE SERVICE OFFERED BY AT LEAST ONE OTHER USER - A method of access by at least one second user, to at least one service offered by a first user is provided, which includes transmitting by the first user to the second user at least one invitation comprising an access level defined by the first user to allow said at least one second user to access said at least one service; verifying the content of said at least one invitation, delivering to the second user an access authorization to said at least one service, dependent on the access level; and requesting access to said at least one service by the second user, on the basis of the access authorization.03-24-2011
20110078769ELECTRONIC FILE BROWSING SYSTEM AND CONTROL METHOD THEREOF - An electronic file browsing system includes an electronic file delivery device and a file processing server. When document file browsing is requested from a mobile phone, a mobile phone access server in the file delivery device creates link information including session ID as authentication information and sends it to the mobile phone. Based on this link information, the mobile phone accesses the file processing server. The file processing server obtains session ID from the mobile phone and adds this session ID to the delivery request of the document file to the mobile phone access server.03-31-2011
20110078768METHOD FOR DATA TRANSMISSION BETWEEN SERVER AND CLIENT - A method is used for data transmission between a server and a client. The method includes the following steps. The server receives a request from the client through a network. The server determines if the client has access authorization. The server creates a background process when acquiring the access authorization. The server receives a data block and a status checking request from the client. The background process sends a data report to the client for each data block received. The server submits a status report in response to the status checking request.03-31-2011
20110078767USAGE CONTROL SERVICES PERFORMED IN AN END USER DEVICE - Systems and methods are disclosed for providing usage control of communication services within an end user device. A system in the network receives input from a controlling party defining usage restrictions for the end user device. The system then generates a usage control profile, and transmits the usage control profile to the end user device. The end user device then monitors activities in the device to identify a communication attempt (e.g., an incoming voice call). When a communication attempt is identified, the end user device processes the usage control profile to determine whether the communication attempt is authorized, and allows the communication attempt to continue if the attempt is authorized. If the attempt is not authorized, then the end user device blocks the communication attempt.03-31-2011
20110072495METHOD FOR USING RIGHTS TO CONTENTS - Disclosed herein is a method of checking whether or not a memory card including rights to contents is mounted in a terminal during a process of using the contents. The checking operation may be performed in synchronization with a timing at which a BCAST client within the terminal requests a traffic encryption key (TEK) to a DRM agent. In addition, there is disclosed herein a method of checking whether or not the memory card is mounted therein, as well as whether or not rights to the contents actually exist in the memory card.03-24-2011
20110041162METHOD AND APPARATUS FOR PROVIDING ENVIRONMENT FOR USE OF INTERNET-BASED SERVICE - An apparatus and method for improving the convenience and efficiency of use of the Internet and providing a fundamentally new environment for use of an Internet-based service through automation of authentication for Internet-based service are provided. The apparatus includes an authentication-authorization-accounting (AAA) agent which performs network access authentication such that a user terminal can access a network that the user terminal recognizes, and which performs user authentication required for using Internet-based services according to procedures in accordance with requirements predefined for a user's purpose, wherein the Internet-based services are provided over the Internet by a contents provider. Accordingly, it is possible to reduce costs to be spent on service preparation procedures which are not necessarily related to the actual use of services, and thus the convenience and efficiency of service can be improved.02-17-2011
20110061094Domain Isolation Through Virtual Network Machines - A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains.03-10-2011
20110061095Secure Web Based Transactions - Methods of securely performing online transactions are described which involve two independently controlled web servers. In order to complete a transaction, a user interacts concurrently with each of the two web servers and authentication may occur between the user and each web server and between web servers. Each of the two web servers provide data which is used to complete the transaction and the data provided by the first web server is communicated directly to the second web server for use in the transaction. In an embodiment, the first web server provides a web page which enables a user to specify a variable which is used in the transaction. This is communicated to the second web server which processes the transaction along with an identifier for the message. The identifier may be used in validating the variable before it is used in processing the transaction. Following completion of a transaction this may be reported in real time to the first web server.03-10-2011
20130160084SECURE OPERATING SYSTEM/WEB SERVER SYSTEMS AND METHODS - Systems and methods for securely operating web servers, operating systems, etc. Methods of embodiments include creating virtual roots for executive jails and corresponding administrative jails within parent operating systems. Embodiments also include setting privileges associated with each of the executive jails to disk read-only. Moreover, administrative jails are hidden from executive jails and the parent operating system is hidden from both sets of jails. Also, the methods include cross mounting user configuration information and/or applications from the administrative jails and in to the corresponding executive jails. Methods can include password protecting the administrative jails and/or restricting the executive jails from initiating outbound communications. Methods can also include storing security related syslog data in locations associated with parent file structure of the parent operating systems. Methods can also include storing web log related syslog data in locations associated with the administrative jails thereby providing, as desired, compliance/auditing reporting functions.06-20-2013
20130160089Advocate for Facilitating Verification for the Online Presence of an Entity - Some embodiments provide an advocate system to facilitate automated online presence verification for different entities on behalf of the entities. The advocate system places service providers on notice that profiles and information hosted by them and that form the online presence for a particular entity should first be verified with that particular entity. The advocate system further facilitates online presence verification by 1) directly or indirectly connecting the service providers that are placed on notice with the appropriate authoritative entities to facilitate the verification of the profiles and information, 2) selectively targeting service providers hosting profiles and information that are unverified, 3) automatedly verifying hosted profiles and information based on a verified profile lists and verified information that authoritative entities provide to a central repository. In so doing, the advocate system prevents potential damage to the authoritative entity's credibility while also mitigating potential for fraud, identity theft, etc.06-20-2013
20130160090COMMUNICATIONS METHODS AND APPLIANCES - Communications methods and appliances are described. According to one embodiment, a communications method includes prior to deployment of an appliance, establishing a trusted association between the appliance and a certificate authority, during deployment of the appliance, associating the appliance with a communications address of a communications medium, using the certificate authority, creating a signed certificate including the communications address of the appliance, announcing the signed certificate using the appliance, after the announcing, extracting the communications address of the appliance from the signed certificate, and after the extracting, verifying the communications address of the appliance.06-20-2013
20130160091SYSTEM AND METHOD FOR ASSOCIATING MESSAGE ADDRESSES WITH CERTIFICATES - A system and method for associating message addresses with certificates, in which one or more message addresses are identified and associated with a user-selected certificate that does not contain any e-mail addresses. In certain situations, a message may be encrypted using a certificate that does not contain an e-mail address that matches the e-mail address of the individual to which the message is to be sent, so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device.06-20-2013
20130160092Certified Email System and Method - A certified email system for providing a time stamp for a presented file, particularly when the presented file is an email. Preferably a demanding party receives the email; generates a unique HASH; digitally signs the unique HASH; and sends the signed HASH and a time-stamp request call to a web services time-stamp conduit (WSTC). The WSTC receives the request and signed HASH from the demanding party and obtains a time stamp. The WSTC sends the time stamp back to the demanding party, which sends a time-stamp notification to the original sender of the email and, optionally, the recipient(s) of the email. Multiple branded or customized demanding servers can efficiently run using one web services time-stamp conduit. An integrated detailed billing system capable of pass-through client billing, keyword search functionality, a multi-party content management system, and convenient web-based automated verification (file or HASH) services are provided.06-20-2013
20130160093METHOD AND NETWORK ENTITY FOR REGISTERING A USER ENTITY WITH A COMMUNICATION NETWORK VIA ANOTHER COMMUNICATION NETWORK - A network entity for registering a user entity with a first communication network, wherein the user entity and the network entity providing access to the first communication network are registered with a second communication network. The network entity has a transceiver for transferring at least one registration message for registering said user entity with the first communication network between the user entity and the network entity over the second communication network.06-20-2013
20110030038Auditing Authorization Decisions - The auditing of authorization decisions is facilitated by integrating or coupling an audit policy to access control decisions. In an example implementation, an audit policy of an auditing scheme is coupled to a semantic framework of an access control scheme such that the audit policy is specified using at least a portion of the semantic framework. In another example implementation, audit policy rules include audit content rules that specify what audit information from any of the inputs, the outputs, or the internal data of authorization decisions is to be included in an audit record. In yet another example implementation, a semantic of an audit trigger rule comports with a semantic framework of an access request and of a logical evaluation for an authorization decision.02-03-2011
20110030037ZONE MIGRATION IN NETWORK ACCESS - The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment.02-03-2011
20130167203METHOD AND SYSTEM FOR AUTHORIZING REMOTE ACCESS TO CUSTOMER ACCOUNT INFORMATION - System for authorizing a request for remote access to customer account information includes a server configured to receive the request via a network from a remote computing device, a database storing the customer account information accessible by the server, and memory accessible by the server and storing a customer notification program which, when executed by the server, performs steps for (a) identifying, responsive to the server receiving the request, the remote computing device by a device fingerprint and by a requesting location, (b) determining whether the device fingerprint matches any of a number of device fingerprints authorized to access the customer account information, and (c) sending, responsive to determining a mismatch between the device fingerprint and each of the previously authorized device fingerprints, a notification of the request to a customer-specified address, the notification indicating (i) the request, (ii) identity of the remote computing device, and (iii) the requesting location.06-27-2013
20100313246DISTRIBUTED PROTOCOL FOR AUTHORISATION - A decentralised, distributed approach to performing authorisation involves receiving an authorisation request at a service providing device, for example “Carol”, and then retrieving trust information from other peer devices in the network. The gathered information is used by the device “Carol” to make a well-informed authorisation decision.12-09-2010
20100306827Opaque Quarantine and Device Discovery - Embodiments described herein provide communication control features and functionality, but are not so limited. In an embodiment, a computing environment includes an access control component that can use a number of access states to control access to computing data and/or services. In one embodiment, a server computer can control access to data and/or services using a number of access states including, but not limited to: an allowed state, a blocked state, a device discovery state, and/or a quarantined state. Other embodiments are available.12-02-2010
20110154447SYSTEMS AND METHODS FOR AUTHENTICATING A USER OF A COMPUTER APPLICATION, NETWORK, OR DEVICE USING A WIRELESS DEVICE - A method and system for authenticating a user includes providing an invocation element capable of being activated by a single user action, receiving an indication that the invocation element has been activated, obtaining a location of a wireless device associated with the user, determining whether the wireless device is associated with an authorized user, approving the user to use the application based on a predetermined location criterion, and producing an indication that the user has been authenticated.06-23-2011
20110154445SYSTEMS TO PROVIDE BUSINESS INFORMATION OVER SOCIAL NETWORKS - Some aspects include registering a business application as a first user of an electronic social network comprising a plurality of users, data associated with each of the plurality of users, and associations between users representing data sharing relationships between associated users. Information to be shared with users of the electronic social network who are associated with the first user is determined, and the information is transmitted to the electronic social network for association with the first user. In some aspects, a request is received from the electronic social network to associate a second user of the electronic social network with the first user of the electronic social network, a correspondence between the second user of the electronic social network and a user of the business application is determined, it is determined whether the user of the business application is authorized to access the information to be shared with users of the electronic social network who are associated with the first user, and if it is determined that the user of the business application is authorized to access the information, the request is accepted from the electronic social network.06-23-2011
20100275245COMMUNICATION AUTHENTICATION USING MULTIPLE COMMUNICATION MEDIA - The invention provides a method, system, and program product for authenticating a first individual for communication with a second individual. In one embodiment, the invention includes receiving a first communication from the first individual via a first communication medium, rejecting the first communication, providing the first individual with information for communicating with the second individual via a second communication medium, receiving a second communication from the first individual via the second communication medium, and authenticating the first individual for communication with the second individual via at least one of the first and second communication medium.10-28-2010
20110252461METHODS, APPARATUS AND SYSTEMS FOR PROVIDING SECURE INFORMATION VIA MULTIPLE AUTHORIZED CHANNELS TO AUTHENTICATED USERS AND USER DEVICES - Providing secure user-centric information via one or more user platforms operated by one or more users. Multiple channels are configured and implemented, through which information relevant to a given user is presented for user interaction via one or more user platforms associated with the user. A user profile is established identifying user preferences and one or more platform identities. The user profile is managed to grant the user access to specific ones of the multiple channels. In one example, user(s) and user platform(s) are authenticated to receive respective portions of the secure user-centric information based on user identities and platform identities. If authenticated, channel information relating to one or more of the multiple channels is transmitted to one or more users/user platforms, based on information access rights and/or security protocols respectively associated with the corresponding channels, the user(s), and the user platform(s).10-13-2011
20100100944METHOD AND SYSTEM FOR FILTERING UNAUTHORIZED ELECTRONIC MAIL MESSAGES - A computer system and method for filtering unauthorized electronic mail messages that are sent by senders to a user. The system includes a list of the identifications of the senders who are authorized to send an electronic mail message to the user. When an electronic mail message is received, the system determines whether the sender of the electronic mail message is authorized by determining whether the identification of sender in the electronic mail message is in the list of the identifications of the senders who are authorized. When the sender of the electronic mail message is determined to be authorized, the system stores the electronic mail message in an Inbox folder. When the sender of the electronic mail message is determined to be not authorized, the system stores the electronic mail message in a Junk Mail folder. In this way, the electronic mail messages are automatically stored in the appropriate folder based on whether the sender is authorized so that the user can view the Inbox folder containing the electronic mail messages sent by authorized senders separately from the Junk Mail folder containing the electronic mail messages sent by unauthorized senders.04-22-2010
20080229394Method and System For Securely Protecting Data During Software Application Usage - Techniques for use in enterprise and similar computing systems securely protect data during software application use by generating private table seeds as a function of a predetermined parameters and private tables as a function of the private table seeds. Each of the private tables associates with a distinct one of the private table seeds, each of the private tables associates with a site. An enterprise table seed is formed using other parameters and an enterprise table is derived from the enterprise table seed. The enterprise table permits data communication throughout an enterprise. A string of characters allows accessing a global private information protection system which includes global tables for integrating the private tables, the enterprise tables, and the global tables into a runtime application program at a remote location and coordinating the user's use to control assure only secure use and prevent inadvertent disclosure of the protected information.09-18-2008
20080229392SYMBIOTIC HOST AUTHENTICATION AND/OR IDENTIFICATION - Embodiments of identifying and/or authenticating membership in a symbiotic network are disclosed.09-18-2008
20080229396ISSUING A COMMAND AND MULTIPLE USER CREDENTIALS TO A REMOTE SYSTEM - A login shell and command access checking supporting multiple user credentials are provided. The login shell receives a request to execute a command from a remote computer including a multi-user credential. The login shell authenticates the command access rights of the multi-user credential. In response to command access rights being granted, the command is executed.09-18-2008
20080229393Method and apparatus for access security services - One embodiment disclosed relates to a method for a switch to respond to a new client. A new client is detected at a port of the switch. The switch temporarily assigns the port to be an untagged member of a virtual local area network (VLAN) which is configured for unauthorized clients. Initialization services are provided to the new client via the unauthorized-client VLAN. The new client may be authenticated by way of an authentication session using the unauthorized-client VLAN. If the new client is authenticated, then the untagged membership of the port in the unauthorized-client VLAN is dropped, and the port is assigned to be an untagged member of a specified VLAN.09-18-2008
20120204239TERMINAL MANAGEMENT SYSTEM AND TERMINAL MANAGEMENT METHOD - A terminal management system and a terminal management method of the system determines whether to permit or prohibit the execution of a particular application software program in the information processing terminal in a space discriminated from an execution space of a general application software program on condition that a recording medium held by a member, and storing predetermined information is loaded on a general information processing terminal, and that the recording medium is authenticated in accordance with the predetermined information on a server side.08-09-2012
20120204240MULTI-APPLICATION MOBILE AUTHENTICATION DEVICE - (EN) The invention makes it possible to allow several applications to coexist in the same card; the implementation of the applications uses reading and writing of data by the reader in the same memory location. The invention is a method for exchanging data between a mobile authentication device 08-09-2012
20100077457METHOD AND SYSTEM FOR SESSION MANAGEMENT IN AN AUTHENTICATION ENVIRONMENT - A method for authentication. The method includes receiving a re-directed access request for a resource associated with a second authentication level, where a user has requested, the user is associated with a session, and the session associated with a first authentication level. The method further includes identifying a second authentication context using the second authentication level, generating an authentication request using the second authentication context, and sending the authentication request to an identity provider. In response the identity provider identifies an authentication scheme corresponding to the second authentication context, obtains authentication information from the user, authenticates the user using the authentication information, and generates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme. The method further includes receiving the assertion, associating the session with the second authentication level to generate an upgraded session to the user access to the resource.03-25-2010
20120204232System And Method For Managing Usage Rights Of Software Applications - The present invention disclose a system for securing managing usage rights of plurality of software applications in plurality of client computers devices to be authorized by a server application. The system comprises the following components: at least one client hardware component operatively associated with at least one computer device, said hardware component including at least one control segment and at least one application segment, where the control segment include a processor, communication port, memory and the application segments are arranged to include usage rights information of plurality of software applications and a provider hardware component operatively associated with at least one server, said provider hardware component including at least one control segment and at least one application segment, wherein said control segment include a processor, communication port and a memory, where said application segments are arranged to include software application license information of plurality of clients.08-09-2012
20120204235Updating Resource Access Permissions in a Virtual Computing Environment - Methods, systems, and devices are described for updating resource access permissions in a virtual computing environment. In these methods, systems, and devices, a host computer system determines that a user associated with an existing session has moved from a first location associated with a first set of access permissions to a second location associated with a second set of access permissions. The second set of access permissions is applied at the host computer to the existing session based on the determination that the user has moved to the second location. The user is then allowed to access the existing session from the second location according to the second set of access permissions.08-09-2012
20100005513Interoperable systems and methods for peer-to-peer service orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.01-07-2010
20100005511USAGE BASED AUTHORIZATION - Embodiments of the invention provide systems and methods for authorizing a request to access a resource based on a context of the request. According to one embodiment, a method of authorizing a request for a resource based on a context of the request can comprise receiving the request from a requester, identifying the context of the request, and determining whether to authorize the request based on the context of the request. In some cases, the request can include context information describing the context of the request. In such cases, identifying the context can be based at least in part on the context information from the request. Additionally or alternatively, context information describing the context can be requested and received in response to the request. In such a case, identifying the context can be based at least in part on the received context information.01-07-2010
20090328161Peer discovery and connection management based on context sensitive social networks - In a method for automatically filtering communications, a networking request from an initiating party on an initiating communication device is received. The networking request pertains to a request for communication between the initiating communication device and a recipient communication device of a user over a communication channel. A determination is made of whether the communication channel to be used for the communication matches a communication channel for a previous communication between the initiating party and the user. It is automatically determined whether to grant the networking request, based at least in part on the determination of whether the communication channel for the communication matches the communication channel for the previous communication between the initiating party and the user. Other embodiments are described and claimed.12-31-2009
20090328160ADMINISTRATION PORTAL - An administration portal for a network security server, including: (i) control elements allowing a user of a network to access respective services, such as email, spam filter, malware filter, and web browser control services, performed by the security server; and (ii) an administration module for maintaining permission attributes for users of the network, the attributes defining access to the control elements. The permission attributes have a delegation hierarchy so a managed security service provider can set a permission attribute for a user to administrator, and the user with an administrator permission attribute can set another user to have a user permission attribute. The permission attributes can also be set on a group basis for a group of said users. The attributes each have associated capability levels defining a level of access for the respective services.12-31-2009
20090313682Enterprise Multi-interceptor Based Security and Auditing Method and Apparatus - A method of auditing network communications and applying external policy controls enforced by network connectivity including the steps of caching a plurality of packets, tagging each packet with a unique identifier, assembling an array of packets into a readable payload and evaluating the payload contents.12-17-2009
20090241172Remote Disablement of a Communication Device - Systems, methods and computer readable media for remotely disabling communication devices. When a communication device is identified for disablement, a disable signal may be transmitted to the emergency communication device. If the emergency communication device receives the disable signal, the emergency communication device may authenticate the source of the disable signal. If the source of the disable signal has been authenticated, the emergency communication device may disable itself. Disablement may include physical destruction or physical alteration of hardware or software necessary for the communication device to operate. Disablement may also include being locked-out from access to or use of hardware or software necessary for the communication device to operate.09-24-2009
20110258684TEMPORARY USER ACCOUNT FOR A VIRTUAL WORLD WEBSITE - A computer system and method are provided that facilitate permitting temporary access to a website or other computer application in which temporary access is given to a generic virtual character and its corresponding user. Temporary access is made available through a temporary user account that is set up by the user. The temporary user account is active for a limited time and allows the user to learn about the website, for instance, via the generic virtual character. The generic virtual character has limited access to the website and in particular to various activities or areas on the website. Unlike temporary user account holders, users who have purchased a real world item and have created premium user accounts have full access to the website via their corresponding premium virtual characters. In addition, the system and method prevent at least some interaction between the generic virtual characters and the premium virtual characters.10-20-2011
20110258683APPARATUS AND METHOD FOR ACCESS VALIDATION - One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided.10-20-2011
20080289012SYSTEM AND METHOD FOR CREATING, EXECUTING, AND MAPPING SERVICE - A service creation system and a method thereof are provided. In creation of a new service, a combined abstract service logic is created in accordance with existing service classes in a class catalog of existing services to implement service-level reuse. A service execution system and a method thereof are also provided, and during the operation of an abstract service logic, the abstract service logic is converted into a concrete service logic, and then a service is accessed in accordance with the concrete service logic. An abstract service mapping system and a method thereof are further provided. With the invention, the efficiency and flexibility of service development can be improved, services on a service network can be developed and deployed simply and rapidly, and the normal operation of the service network can be ensured effectively.11-20-2008
20080320566Device provisioning and domain join emulation over non-secured networks - Proxy service that enables a domain join operation for a client over a non-secure network. The join operation is achieved with minimal security exposure by using machine identity information rather than user credentials. The proxy only uses permission associated with adding a new machine account to the enterprise directory, and not for adding a user account or take ownership of existing accounts. The proxy enables authentication based on actual machine account credentials to obtain a signed certificate, rather than conventional techniques such as delegation. Moreover, the enrollment process employs an original trust relationship between the device and the proxy rather than requiring or depending on public trust.12-25-2008
20080320565Open enhanced federation security techniques - Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed.12-25-2008
20090144808Collaborative Learning Space Portal - The embodiments of present invention provide a method of providing online community portal to improve communication and collaboration among authorized users of a wide range of learning communities of the portal and further presenting and sharing the information from diverse sources in a unified way. Collaborative learning space is created by authorized user based on the preference and administrative privileges provided to user and metadata is attached to the learning space. Users with similar profiles are invited the learning space through automatic pattern match and search. The authorized user of the learning space can interact, communicate, and collaborate, co-ordination and share the knowledge and data with other users of the learning space.06-04-2009
20090144809INFRASTRUCTURE-LESS BOOTSTRAPPING: TRUSTLESS BOOTSTRAPPING TO ENABLE MOBILITY FOR MOBILE DEVICES - Methods and apparatus for supporting a session in Mobile IP are disclosed. A Mobile Node sends a first Mobile IP message identifying the Mobile Node to a Home Agent, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session. A Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node is obtained or generated by the Mobile Node and the Home Agent, where the Mobile-Home authentication key is not valid after the session has ended or during another session. The Home Agent sends a second Mobile IP message to the Mobile Node, the second Mobile IP message including a lifetime associated with the session, wherein the lifetime indicates a lifetime of the key, thereby enabling the Mobile Node to register with the Home Agent using the Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session.06-04-2009
20080320567SYSTEM AND METHOD FOR PREVENTING WEB FRAUDS COMMITTED USING CLIENT-SCRIPTING ATTACKS - A method for detecting and blocking Javascript hijacking attacks, comprising checking if an incoming request belongs to a valid session established between a client and a trusted server. When said incoming request does belong to a valid session, it is checked if a Referer header of said incoming request includes a valid domain name. The incoming request is marked as suspicious, when said incoming request does not include a valid domain name. It is checked if a respective response of said suspicious incoming request includes a script code. A preventive action responsive to a user input is taken when said respective response includes a script code.12-25-2008
20110179468APPARATUS, AND AN ASSOCIATED METHOD, FOR FACILITATING SECURE OPERATIONS OF A WIRELESS DEVICE - An apparatus, and an associated method, facilitates security relating to installation of, such as downloading of, and application at a wireless device. When selection is made to install the application, a security decision is required of a trusted, third-party to install the application. A request is made of a trusted, third-party entity for the security decision. Responsive to the security decision, the application is either allowed to be downloaded to the wireless device or prohibited from being downloaded to the wireless device.07-21-2011
20110214162METHOD AND APPARTUS FOR PROVIDING COOPERATIVE ENABLEMENT OF USER INPUT OPTIONS - An apparatus for providing cooperative enablement or disablement of user input options may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured, with the processor, to cause the apparatus to perform at least receiving a first indication identifying any user input option to be enabled or disabled based on context information associated with a local device, receiving a second indication of any user input option to be enabled or disabled based on context information associated with a remote device, and providing enablement or disablement of user input options of the local device based on the first indication and the second indication. A corresponding method and computer program product are also provided.09-01-2011
20080313714Systems and methods for network authentication - Exemplary systems and methods for network authentication are provided. Exemplary systems include an application program interface configured for receiving a request for an authentication code, a code generator in communication with the application program interface, the code generator configured to generate the authentication code, and the application program interface further configured to receive the generated authentication code and allow an application to communicate digital data with a web-based social network. Further systems include the generated authentication code being received from a network device without an Internet browser and the received generated authentication code allowing an application to communicate digital data with a web-based social network for an extended period of time. Exemplary methods include receiving a request for an authentication code, generating the authentication code, receiving the generated authentication code, and allowing an application to communicate digital data with a web-based social network.12-18-2008
20090125986Secure launching of browser from privileged process - Methods and apparatus include securely launching a web browser from a privileged process of a workstation to minimize enterprise vulnerabilities. The workstation includes a web browser pointed toward a web server and a Logon API for use with a password/credential. An executable file is wrapped about the browser and imposes restrictions, such as preventing the writing to a registry or installing ActiveX controls. It also has functionality to prevent users from linking to web locations in other than an https protocol or following links beyond an original host. Upon indication of a forgotten password/credential, a DLL logs onto a user account which invokes the executable file to launch the web browser in the https protocol. Upon authentication of identity, the user changes their password/credential for later logging-on to the workstation via the Logon API, but in a capacity without the limited functionality or the imposed browser restrictions.05-14-2009
20090125988SECURE TRANSMISSION OF DIGITAL CONTENT BETWEEN A HOST AND A PERIPHERAL BY WAY OF A DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEM - A host securely transmits content to a peripheral thereof. The peripheral has a symmetric key (PK) and a copy of (PK) encrypted according to a public key (PU) of an entity ((PU(PK))). In the method, the host receives (PU(PK)) from the peripheral, and sends (PU(PK)) to the entity. The entity has a private key (PR) corresponding to (PU), applies (PR) to (PU(PK)) to obtain (PK), and sends (PK) back to the host. The host receives (PK) from the entity, encrypts at least a portion of the content according to (PK), and transmits the encrypted content to the peripheral. The peripheral may then decrypt the encrypted content based on (PK). A bind key (BK) encrypted by (PK) ((PK(BK))) may accompany (PU(PK)), where the content is to be encrypted according to (BK). Thus, (PK) is not revealed to the host.05-14-2009
20090125984SYSTEM AND METHOD FOR ESTABLISHING DATA CONNECTIONS BETWEEN ELECTRONIC DEVICES - A system and method is disclosed, including establishing of data connections between electronic devices. One embodiment provides a method for establishing a data connection between a first and a second electronic device, wherein establishing the data connection is authorized by executing at least one action with at least one physical tool.05-14-2009
20090125983Security key with instructions - There is described an automation system comprising at least one programmable logic controller with integrated web server, user interface means, and security means. It is configured to allow a complex and flexible presentation of data at the user interface means while reducing the communication load at the same time. For this purpose, the instructions for presentation of the data are stored within the security means.05-14-2009
20080313713AUDIO START SERVICE FOR AD-HOC MEETINGS - An audio start service method for enabling and scheduling ad hoc distributed meetings. Only a short (in some embodiments less than or equal to about 32 bits) unique device identification is needed to enable distributed meeting devices participating in the meeting to rendezvous at a common rendezvous network address. Once the participants know the unique meeting network address they can take part in the meeting, while others can join or leave the meeting. The data string is each device's unique identification that is encoded into an inaudible watermark and continuously exchanged between devices over the telephone network. A first distributed meeting device requests a network address from a distributed meeting server. This unique meeting network address then is sent to an audio start service that identifies “buddies” of the first device and sends out meeting invitations and the network address to other devices so they can join the meeting.12-18-2008
20080313711MANAGING STATUS AND ACCESS FOR A VARIABLE SOURCE CONTENT STREAM - In one embodiment, a method can include: receiving rules in an interoperability server, the rules being related to access control for an endpoint coupled to a variable source content stream via a multicast network; and sending to the endpoint using in-band controls of the variable source content stream via the multicast network: a description of content streams available for selection by the endpoint; a procedure for selecting an available content stream; and permission for accessing the selected content stream, the permission being based on the rules.12-18-2008
20090113525System and Method for Providing Secure Access to Wireless Wide Area Networks - A subscriber station with a secure element and an access control system combine to permit secure connections to a Wide Area Network, and to the terminal equipment within a customer premises network. A removable secure element provides a simplified upgradeability and portability of credentials to new hardware. Also, a terminal equipment device that does not have the ability to connect to the Wide Area Network gains the ability to connect to the Wide Area Network through any subscriber station with a secure element.04-30-2009
20080320564Method for Handling Event Triggers and Re-Authorization Triggers in Flow Based Charging - The present invention discloses a method for handling event triggers and re-authorization triggers in flow based charging. The method comprises: TPF determines whether the bearer event matches an event trigger, if the bearer event matches an event trigger, TPF requesting the charging rules from CRF, then TPF determines whether the bearer event matches a re-authorization trigger, if it matches, the TPF performing a re-authorization process, otherwise, ending the current process; if the bearer event does not match any event trigger, just determining whether the bearer event matches a re-authorization trigger, if it matches, the TPF performing a re-authorization process, otherwise ending the current process. In this way, only one interaction for re-authorization is needed between TPF and OCS, thus the re-authorization process is optimized when there is overlap between event triggers and re-authorization triggers, and the re-authorization process in flow based charging is improved.12-25-2008
20120204238Host Device and Method for Accessing a Virtual File in a Storage Device by Bypassing a Cache in the Host Device - A host device is provided comprising an interface configured to communicate with a storage device having a public memory area and a private memory area, wherein the public memory area stores a virtual file that is associated with content stored in the private memory area. The host device also comprises a cache, a host application, and a server. The server is configured to receive a request for the virtual file from the host application, send a request to the storage device for the virtual file, receive the content associated with the virtual file from the private memory area of the storage device, wherein the content is received by bypassing the cache, generate a response to the request from the host application, the response including the content, and send the response to the host application.08-09-2012
20120204237Host Device and Method for Accessing a Virtual File in a Storage Device by Bypassing a Cache in the Host Device - A host device is provided comprising an interface configured to communicate with a storage device having a public memory area and a private memory area, wherein the public memory area stores a virtual file that is associated with content stored in the private memory area. The host device also comprises a cache, a host application, and a server. The server is configured to receive a request for the virtual file from the host application, send a request to the storage device for the virtual file, receive the content associated with the virtual file from the private memory area of the storage device, wherein the content is received by bypassing the cache, generate a response to the request from the host application, the response including the content, and send the response to the host application.08-09-2012
20120204236Systems and Methods for User Access Authentication Based on Network Access Point - Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response.08-09-2012
20120204234INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND STORAGE MEDIUM STORING PROGRAM THEREOF - An information processing apparatus acquires, from a Web server, an operation screen for inputting authentication information, displays the acquired operation screen, and accepts authentication information input by a user. The apparatus then executes authentication processing using the accepted authentication information without transmitting the authentication information to the Web server, and authorizes, when the authentication succeeds, the user to use a function of itself.08-09-2012
20100313244METHODS AND APPARATUS FOR DISTRIBUTING, STORING, AND REPLAYING DIRECTIVES WITHIN A NETWORK - In one embodiment, a processor-readable medium stored code representing instructions that when executed by a processor cause the processor to receive a directive from a first client device, store the directive at a memory location, and send the directive to a second client device. The directive includes a directive description portion and a directive content portion. The memory location is associated with the first client device. The directive is configured to cause the second client device to update a context of a display operatively coupled to the second client device in response to the directive. The context being of a directive class associated with the directive description portion, and having a value associated with the directive content portion.12-09-2010
20090178120ELECTRONIC VERIFICATION SERVICE SYSTEMS AND METHODS - Systems and methods for authenticating an applicant. In one implementation, the applicant indicates to an acquirer an existing account for which the applicant wishes to be authenticated. The acquirer sends a message over an electronic funds transfer (EFT) network to an issuer of the account requesting a set of questions to ask the applicant. The issuer replies with a set of questions. The acquirer asks the applicant the questions, and forwards the applicant's answers to the issuer. The issuer compares the answers with known information relating to the account and decides, based on the comparison, whether the applicant is authenticated. The issuer then communicates its decision to the acquirer. Preferably, the messages and their associated replies are added to the set of messages handled by the EFT network, so that authentication may be handled in a standardized way without proliferating applicants' secret information.07-09-2009
20110055906METHOD FOR AUTHENTICATION AND VERIFYING INDIVIDUALS AND UNITS - A method is provided for authenticating and verifying individuals and units, wherein the data exchange between the units proceeds by means of relative data and/or encrypted data. The method is characterized in that the authentication and/or verification processes of individual and/or units are carried out by units that are allocated to individuals or that the authentication and/or verification processes of individuals and/or units are carried out by units authorized to authenticate and/or verify, a unit being authorized to authenticate and/or verify by the transmission of at least one copy of a power by a unit allocated to an individual through the unit allocated to the individual once the owner of the unit allocated to an individual is authenticated.03-03-2011
20110055905AUTHENTICATION APPARATUS AND COMPUTER-READABLE MEDIUM STORING AUTHENTICATION PROGRAM CODE - An authentication apparatus may include a storage unit, an analysis unit, and an authentication unit. The storage unit may be configured to store pieces of authentication information and an authentication order of the pieces of authentication information. The analysis unit may be configured to compare pieces of input information with the pieces of authentication information and to compare an input order of the pieces of input information with the authentication order. The authentication unit may be configured to authorize the pieces of input information if the comparison shows that the pieces of input information match the pieces of authentication information as necessary to authenticate and the input order of the pieces of input information matches the authentication order.03-03-2011
20110055904LICENSE AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - A license authentication system and method enabling authentication of an application to be installed in a client PC which is being incapable of communicating with the server which authenticates the application. A portable terminal performs license authentication of an application to be installed in a client PC in place of the server and gives the client PC a temporary right of use (step 03-03-2011
20110055903AUTHENTICATING USE OF A DISPERSED STORAGE NETWORK - At least one dispersed storage (DS) processing unit (03-03-2011
20110055902DYNAMIC AUGMENTATION, REDUCTION, AND/OR REPLACEMENT OF SECURITY INFORMATION BY EVALUATING LOGICAL EXPRESSIONS - Method, server, and computer product for modifying base permissions of access control lists (ACL) by evaluating logical expressions (LE). Base permissions are determined for a subject by comparing a name of subject against ACL entries for an object. ACL entries having LE entries are determined. LE entries are evaluated to determine which LE entries are true for LE attributes of the subject. Set operators of LE entries are combined to single union ACL, intersect ACL, and replace ACL. Replace operation performed to replace base permissions with replace ACL, resulting in first output. If no replace ACL, base permissions are the first output. Union operation is performed on first output and union ACL, resulting in second output. If no union ACL, first output is second output. Intersect operation performed on second output and intersect ACL, resulting in third output. If no intersect ACL, permissions of second output are the third output.03-03-2011
20110055901WIRELESS DEVICE FOR GROUP ACCESS AND MANAGEMENT - A system and method for establishing a group of wireless devices having shared media stored thereupon associates each group member device of the group of wireless devices, communicates with at least some of the group member devices of the group of wireless devices to identify shared media and upon receiving a request transmitted by a group member device of the group of wireless devices, supports access to shared media. The shared media may be stored on a different group member device, upon a managing server computer, or a media server. Upon a successful validation, the group member device that made the request is notified to facilitate the access to the shared media. The notification includes access information.03-03-2011
20110055900DISTRIBUTED AUTHENTICATION, AUTHORIZATION AND ACCOUNTING - In some embodiments, computer systems, storage mediums, and methods are provided for controlling a connecting device's access to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for authentication, authorization, and accounting of connecting devices connecting to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of authentication routing data and authorization policies among a plurality of computer networks. In yet other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of accounting among a plurality of computer networks.03-03-2011
20120204233SOCIAL NETWORK SYSTEM WITH ACCESS PROVISION MECHANISM AND METHOD OF OPERATION THEREOF - A method of operation of a social network system includes: receiving a service request for accessing a peripheral device revealed through a social graph of a social platform; determining a request type for matching the service request to a device service provided by the peripheral device; authorizing the device service through the social graph for accessing the peripheral device; and generating a service command based on the request type of the device service authorized for executing the device service for the peripheral device.08-09-2012
20090055899METHOD AND APPARATUS FOR OPTIMIZATION OF SIGCOMP UDVM PERFORMANCE - A mobile communication system that utilizes multiple access technologies achieves multiple session registrations by deriving a plurality of extended unique device identifications from a specific unique device identification (e.g., private user identification (PIID) stored on a subscriber identity module (SIM)) assigned to a user equipment. Each of the plurality of extended unique device identifications have the benefit of allowing multiple registrations with one or more access networks while allowing a home subscriber system to detect the one unique device identification embedded in the extended unique device identifications for authentication purposes. Thereby, a large population of deployed UEs and access network infrastructure may benefit without replacement by allowing a UE to maintain session continuity when transitioning between access networks, to select a preferred access technology when in overlapping coverage areas without session interruption, or to maintain multiple sessions (e.g., simultaneous Voice over IP (VoIP) and media streaming) with different access networks.02-26-2009
20100325699SYSTEM FOR PROVIDING AND MANAGING AN ONLINE COMMUNITY CONTAINING A WILL INFORMATION MANAGEMENT AND DISCLOSURE SYSTEM - A Community Website hosted on A Hosting Server maintained by a Hosting Entity and communicatively coupled to a network makes a Resource Center accessible to a plurality of members. The Resource Center has content generated by the members. A Content Management System can manage content on the Community Website so that a friendship tool allows the members to establish virtual friendships with one another “friend requests” and to add them to their virtual friendship network. The Content Management System contains a will information management and disclosure system for holding will information that it unseals in accordance with unsealing conditions registered in advance by a member and/or when the member has become unable to express his/her intentions and discloses to a predetermined recipient. The members enter as electronic information their deposit information in a rewritable manner via a depositor's terminal.12-23-2010
20100333180DATA PROCESSING APPARATUS THAT REGISTERS INFORMATION NOTIFICATION DESTINATION AND METHOD THEREFOR, AND STORAGE MEDIUM - A capable of preventing reception and processing of large data acquired based on a query string, thereby making it possible to prevent data reception and processing from affecting another event notification or registration request processing performed by the data processing apparatus. When a query string determination section determines that destination information for identifying a notification destination contains a specific character string, an event notification destination registration-determining section determines that the notification destination of information concerning the data processing apparatus is not to be registered in an event notification information-storing section. A Web service response-returning section returns a response indicating that the notification destination has not been registered, to an information processing apparatus connected to the data processing apparatus.12-30-2010
20080244711System and Method for Specifying Access to Resources in a Mobile Code System - Mobile code, such as an applet, is permitted to create a network connection with a content server on a network, without restricting the applet only to connections from the computer from which it was downloaded. This is achieved in accordance with the principles of the present invention by using network restriction software in the execution engine or runtime system under which the applet executes. When the applet attempts to create a network connection to a content server, the network restriction software checks a name file on the content server for the presence of an entry whose name corresponds to the name of the computer from which the applet was downloaded. If such an entry is present, then the network restriction software permits the network connection between the applet and the content server to be created. If not, the applet may not create a network connection with the content server.10-02-2008
20110010759PROVIDING A CUSTOMIZED INTERFACE FOR AN APPLICATION STORE - Embodiments of the present disclosure provide a system and method of providing customized access to an electronic storefront for downloading software for a mobile device based on authorization data stored on the mobile device. In one embodiment, mobile devices have stored one or more profile. Each profile is signed by a particular entity (a particular developer or enterprise) and includes authorization data authorizing one or more devices to install and use software associated with the entity. A content management application associated with the storefront (e.g., iTunes) identifies one or more storefronts associated with the entities of authorized profiles for a particular device upon access to the storefront and provides the entity storefronts to a user of the device based on the authorization data stored on the device. In one embodiment, a profile is authorized, e.g., using encryption and installed to the device by the particular entity. Software for which distribution is limited to those authorized by an enterprise or other entity is thus only available for download to a properly profiled and authorized device.01-13-2011
20110265151METHOD OF ADDING A CLIENT DEVICE OR SERVICE TO A WIRELESS NETWORK - A smart network host device automatically registers a device or service with a wireless network using identification information and an authorization credential associated with the device or service. The smart network host device obtains the requisite identification information and authorization credential from a network association apparatus associated with the specific device or service to be registered with the wireless network. The smart network host device performs the registration automatically once the smart network host device confirms that the device or service has been associated with the wireless network and a secure password authentication protocol is successfully performed by the smart network host device and the device or service. The network association apparatus may comprise an RFID tag.10-27-2011
20110265148SYSTEM AND METHOD FOR CREATING A SECURE TRUSTED SOCIAL NETWORK - A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer-based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner.10-27-2011
20110265147CLOUD-BASED BILLING, CREDENTIAL, AND DATA SHARING MANAGEMENT SYSTEM - A novel solution is provided that utilizes the two-credential characteristics of accessing cloud-hosted data in a portal-oriented enterprise-specific solution. Cloud computing resources may be accessed through a separate, enterprise-specific portal clients used to manage a set of cloud service accounts. Individuals (e.g., employees of the enterprise or company) may access cloud computing resources via an instance of the portal client, and any communication between individuals in an enterprise and cloud services may be facilitated through the portal. Each portal client may also be configured to be compatible with any cloud service vendor.10-27-2011
20100293603METHOD, DEVICE, AND SYSTEM FOR AUTHENTICATION - A method for authentication includes: a Gateway Mobile Station (G-MS) receives an authentication trigger message from a host, and sends the authentication trigger message to an authentication server through an Ethernet Convergence Sublayer (Eth-CS) to trigger authentication. A network system includes a G-MS, which is connected to a host and an authentication server in communicable mode. The G-MS is configured to: receive an authentication trigger message from the host and send the authentication trigger message to the authentication server through the Eth-CS. The authentication server is configured to: receive the authentication trigger message that the G-MS sends through the Eth-CS, and authenticate the host. A G-MS includes: a receiving unit, configured to receive an authentication trigger message from the host; and a sending unit, configured to send the authentication trigger message received by the receiving unit to the authentication server through the Eth-CS.11-18-2010
20100293602SYSTEM OPERATING UNDER WEB ENVIRONMENT AND METHOD OF CONTROLLING THE SAME - In a system which operates under a Web environment in which a service providing server controls the provision of a service with operating a Web server and a client apparatus provides service with operating a Web browser, which are connected via a network. The service providing server stores the history of a job for providing the service with the user ID of a user who requests the service, then acquires, from stored histories, a history having a user ID matched to the user ID of a user who sends a request to browse the history of a job. When the Web server receives the browsing request from the user of the client apparatus via the Web browser, the service providing server creates a file for distributing updated information based on the acquired history, and transmits the file to the Web browser.11-18-2010
20100293600Social Authentication for Account Recovery - A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.11-18-2010
20110126271METHOD AND APPARATUS FOR REGISTERING A DEVICE IN ACCESS POINT - Provided is a method of registering an unregistered device in an access point (AP) by using a registered device registered in the AP, the method including: transmitting a control signal for controlling the registered device to the registered device so as to transmit a mode change request, which requests the AP to change a mode to an authentication approval mode approving an authentication operation with the unregistered device, to the AP; transmitting a mode confirm request, which confirms whether an operation mode of the AP is the authentication approval mode, to the AP; receiving a mode confirm response as a response to the mode confirm request from the AP that receives the mode change request; and selectively performing an authentication operation with the AP, based on the received mode confirm response.05-26-2011
20110126268SYSTEM AND METHOD FOR AUTHORIZATION AND MANAGEMENT OF CONNECTIONS AND ATTACHMENT OF RESOURCES - Embodiments of the present invention are directed to a method and system for authorization management and resource attachment. The method includes receiving, within an electronic system, a notification of an emulated device operable to be provisioned and updating an authorization record of an authorization record datastore. The updating of the authorization record comprises updating routing information related to communication of the emulated device and a virtual device. The method further includes receiving a request for initial instantiation or reconnection of the emulated device with the virtual device and determining whether the emulated device and the virtual device are allowed to communicate based on the authorization record datastore. A response to the request for instantiation or reconnection can then be sent.05-26-2011
20110126266Method and system for authenticating subaccount users - There is provided a method and system for authenticating users to an application. The method comprises receiving a master account identifier corresponding to a master account associated with the application. The method further comprises determining if at least one subaccount is assigned to the master account. The method comprises requesting a master password if at least one subaccount is not assigned to the master account. Finally, the method includes requesting a subaccount identifier and a subaccount password if at least one subaccount is assigned to the master account.05-26-2011
20120311680Authorization and Authentication Based on an Individual's Social Network - In particular embodiments, a method includes accessing a graph structure comprising a plurality of nodes and edges where each node represents a user, receiving a request to transmit content related to a first user to a second user, and prohibiting transmission of the content to the second user if the first user and the second user are connected in the graph structure through a series of edges and nodes that comprises an unauthorized node.12-06-2012
20120311678CONTENT DELIVERY SYSTEM, CONTENT DELIVERY METHOD, APPLICATION SERVER SYSTEM, USER EQUIPMENT, AND RECORDING MEDIUM12-06-2012
20120311677METHOD, SYSTEM AND DEVICE FOR RESTRICTING FROM LOGGING INTO A CHAT ROOM - A method, a system, and a device for restricting from logging into a chat room, which belongs to the computer field including, receiving a request from a client corresponding to a chat room administrator for forcing a specified user to exit the current chat room, and sending the client corresponding to the specified user a command to force the specified user to exit the current chat room and changing the status information of the specified user into the restricted state to restrict the specified user into the specified chat room according to the request. The system includes a server and a user client. The user forced to exit the current chat room is prevented from re-entering the chat room and affecting other users therein, but can still enjoy the chat room services in the chat room so as to avoid the chat room losing users and improve the user experience.12-06-2012
20120311676SYSTEM AND METHOD FOR A GLOBAL DIRECTORY SERVICE - A system and method for facilitating the transfer of contact information between network subscribers said system including at least one server coupled to the network; at least one database coupled to the server; a plurality of subscriber terminals coupled to the network wherein each subscriber's terminal is configured to send contact information associated with a subscriber to the server in response to a request by said subscriber; wherein the request causes the subscriber's terminal to compile the contact information into an electronic business card object having one or more textual fields and map the one or more textual fields of the electronic business card to one or more object attributes contained in an electronic business card object and transmit the electronic business card object to the server for storage in the database is disclosed.12-06-2012
20120311675APPARATUS AND METHOD FOR GENERATING AND INSTALLING APPLICATION FOR DEVICE IN APPLICATION DEVELOPMENT SYSTEM - An operating method of a device for installing an application for a device includes receiving an application installation request including an application and an authentication token from an application development apparatus, and installing the application based on the authentication token, which includes serial numbers of devices authorized for the application.12-06-2012
20120311674Method and system for automatic generation of cache directives for security policy - An authorization method is implemented in an authorization engine external to an authorization server. The authorization server includes a cache. The external authorization engine comprises an authorization decision engine, and a policy analytics engine. The method begins when the authorization decision engine receives a request for an authorization decision. The request is generated (at the authorization server) following receipt of a client request for which an authorization decision is not then available at the server. The authorization decision engine determines an authorization policy to apply to the client request, applies the policy, and generates an authorization decision. The authorization decision is then provided to the policy analytics engine, which stores previously-generated potential cache directives that may be applied to the authorization decision. Preferably, the cache directives are generated in an off-line manner (e.g., during initialization) by examining each security policy and extracting one or more cache dimensions associated with each such policy. The policy analytics engine determines an applicable cache directive, and the decision is augmented to include that cache directive. The decision (including the cache directive) is then returned to the authorization server, where the decision is applied to process the client request. The cache directive is then cached for re-use at the authorization server.12-06-2012
20120311673MEDIA USAGE MONITORING AND CONTROL - Systems and methods of monitoring access to media content across disparate media devices are disclosed. Aspects relate to systems and methods that may be implemented to control access to media content. In one embodiment, rules may define usage parameters of a user for several types of media content and/or disparate media devices.12-06-2012
20120311672RESOURCE-CENTRIC AUTHORIZATION SCHEMES - A first request is received, at a service application programming interface (API) of an authorization server, to change a permission of a first role for accessing a first resource. In response to the first request, a first role-based permission data structure associated with the first role is accessed to identify an entry associated with the first resource, where the first role-based permission data structure includes entries corresponding to resources, respectively. Each resource is associated with one or more permissions for a user of the first role to access the corresponding resource. One or more permissions are updated in the identified entry associated with the first resource.12-06-2012
20120311671SYSTEMS AND METHODS FOR A SECURITY DELEGATE MODULE TO SELECT APPROPRIATE SECURITY SERVICES FOR WEB APPLICATIONS - In accordance with some aspects of the present disclosure, a method is disclosed that can include receiving, by a security delegate module, a set of user authentication credentials by an application running a first instance in a network for a user; determining, by the security delegate module, a type of the application; and selecting, by the security delegate module, a security service based on the set of user authentication credentials and the type of application.12-06-2012
20110138447Method, System and Device for Obtaining a Trust Type of a Non-3GPP Access System - The invention provides a method for obtaining a trust type of a non-3GPP access system comprising the following steps: a user equipment UE establishing a underlying link with a non-3GPP access system selected by the UE; the UE initiating an access authentication request and sending the identification information of the UE and the information of the non-3GPP access system to an Authentication, Authorization, Accounting server through the non-3GPP access system; the UE receiving a returned access authentication response and the trust type of the non-3GPP access system, and the trust type of the non-3GPP access system being determined by the AAA server based on the identification information of the UE, the information of the non-3GPP access system and the operator's strategy. The invention can realize that the trust type of the non-3GPP access system is determined and is informed to the UE by the AAA server during the access authentication performed by the UE, so that the UE can obtain the trust type of the non-3GPP access system.06-09-2011
20100192204Application Identity Design - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.07-29-2010
20110030035METHOD OF MANAGING AUTHORIZATION OF PRIVATE NODE B IN A WIRELESS COMMUNICATION SYSTEM AND RELATED DEVICE - A method of managing authorization of a private node-B for a packet core network terminal of a wireless communication system includes determining authorization validity of the private node-B according to network information and licensed band coverage of the private node-B, and then rejecting the authorization of the private node-B when the network information of the private node-B is out of the licensed band coverage of the private node-B.02-03-2011
20090064282METHOD FOR ORGANIZING ACTIVITIES IN ACTIVITY-CENTRIC COMPUTING NETWORKS - A method for organizing activities in an activity-centric computing network includes receiving access to activities associated with at least one user of the activity-centric computing network, granting access to public tag information associated with at least a portion of the activities, granting access to private tag information associated with at least a portion of the activities, and organizing activities based on at least the public tag information and the private tag information.03-05-2009
20110061092METHOD FOR APPLYING A PHYSICAL SEAL AUTHORIZATION TO DOCUMENTS IN ELECTRONIC WORKFLOWS - A system and method for applying a pre-existing physical seal authorization to documents provides for authentication of electronic documents using physical seals and without interrupting the electronic workflow. The system of the present invention includes a seal capture device coupled to a computer, and the computer coupled by a network to a paper-like document server. The seal capture device detects depression of a seal thereon and outputs the image of the seal and other metadata to the computer. The computer stores the metadata in its local log using a logging module. The computer also adds the image of the seal and other metadata to the electronic document being displayed. Finally, the computer sends the metadata for storage in the global log of the paper-like document server, and the authorized document to the next step in the electronic workflow. The paper-like document server stores the metadata in other servers or entangles the global log with the logs of other servers for additional security.03-10-2011
20100115589Apparatus for determining facsimile transmission authorizer and facsimile machine having the apparatus - In a facsimile machine having the function of authorization by the authorizer, an authorizer determining apparatus that can alleviate workload on the authorizers is provided, and a facsimile machine having such an authorizer determining apparatus is also provided. The authorizer determining apparatus for the facsimile machine includes a candidate selecting unit selecting, based on a sum of condition values of a plurality of attributes (such as sender, destination, and format of document to be transmitted) selected in advance for a facsimile transmission, a set of authorizer candidates consisting of possible authorizers having condition values not smaller than the sum, and an authorizer determining unit for determining an authorizer candidate having the lowest condition value among the set of authorizer candidates.05-06-2010
20100115588Prevent Unauthorised Subscriber Access Advertisement Service System - The present invent ion relates to a mobile advertisement system (05-06-2010
20100218237SYSTEMS AND METHODS FOR MANAGING THIRD-PARTY APPLICATION PROGRAMMING INTERFACE IN A COLLABORATION SPACE - Embodiments relate to systems and methods for managing third-party application programming interfaces in a collaboration space. A collaboration space, such as a wiki site, can host a set of collaboration tools and resources, including, for example, content tools, communication tools, and other resources for the users of the space. The collaboration space can also incorporate and expose a set of application programming interfaces, such as command and data-passing structures to permit users to invoke third-party applications and/or services from within the wiki site or other collaboration space. The set of applications/services be hosted on a remote server or co-hosted on the collaboration server, and can include, for instance, database, spreadsheet, media content, or other applications or services. The invoked applications/services can return data to the requesting user via the collaboration space. Users can subscribe to different applications and/or services available via the collaboration space.08-26-2010
20110179470NEAR REAL-TIME MULTI-PARTY TASK AUTHORIZATION ACCESS CONTROL - A method and apparatus are used in determining authorization to perform tasks in a computer environment, and specifically requiring multiple parties to authorize a task before access is granted. The present system provides for substantially real time communication to a second party authorizer when a task owner is attempting to perform a task.07-21-2011
20080313715NODE AUTHENTICATION - A system and method of accessing a service on a terminal node. The system includes a chain of nodes, the chain comprising a first node, one or more intermediate nodes, and the terminal node, the terminal node maintaining the service, wherein the first node is arranged to initiate an access request and to transmit the access request to an adjacent node, each intermediate node is arranged to authenticate the transmitting node and to transmit the access request to an adjacent node, and the terminal node is arranged to authenticate the transmitting node and to execute the access request.12-18-2008
20090125985Verifying electronic control unit code - A method and apparatus are provided for verifying authenticity of program code for an electronic control unit. In one implementation, a method is provided. According to the method, program code for an the electronic control unit is received. The method may access metadata embedded in the program code. The metadata may identify a source of the program code. The method may further communicate via a network with a server to determine a status of the program code. The method may verify the authenticity of the program code based on the source of the program code and the status.05-14-2009
20090300726ETHERNET SERVICE CAPABILITY NEGOTIATION AND AUTHORIZATION METHOD AND SYSTEM - Described herein are methods and systems for negotiating and authorizing one or more Ethernet and/or IP services among a plurality of network entities in a wireless communication system. In one embodiment, an Access Service Network Entity transmits Ethernet Service capability data to a Home Connectivity Service Entity. Optionally, the Ethernet Service capability data may include Ethernet Service capability data associated with a Visited Connectivity Service Entity. The Home Connectivity Service Entity then determines which Ethernet and/or IP Services are authorized for a particular mobile station associated with the Access Service Network Entity based upon the received Ethernet Service capability data, a subscriber profile, and a home network policy.12-03-2009
20090300724METHOD FOR MANAGING DOMAIN USING MULTI DOMAIN MANAGER AND DOMAIN SYSTEM - The present invention relates to a method of managing a domain employing a multi-domain manager and a domain system. The method of managing a domain employing a multi-domain manager includes designating a primary domain manager, configuring the domain by registering a domain device with the primary domain manager, designating at least one secondary domain manager of the domain devices, and managing the domain through conjunction of the primary domain manager and the secondary domain manager. Thus, domain management can be performed efficiently by employing a multi-domain manager.12-03-2009
20090300729PURCHASING PERIPHERAL SUPPORT IN A MEDIA EXCHANGE NETWORK - A system providing support for user transactions in a media exchange network is disclosed. An embodiment of the present invention may comprise a television display, storage, and a set top box, and may provide an interface device for receiving from a user associated authorization device, information for authorizing user transactions via a communication network. A user transaction may comprise the exchange, purchase, storage, or consumption of media such as, for example, audio, still images, video, and data. The communication network may comprise, for example, a cable infrastructure, a digital subscriber line infrastructure, a wireless infrastructure, and may be the Internet. The system may provide for the completion of the user transaction without divulging the identity of the user to a vendor.12-03-2009
20090300728ELECTRONIC MAIL TERMINAL APPARATUS, MAIL SERVER, CHECK CODE REGISTERING METHOD, AND MAIL RECEPTION PERMITTING METHOD - An apparatus includes: an address book to store mail addresses; an address registration unit to register a mail address of electronic mail in the address book; a check code generation unit to generate a check code from the mail address; and a check code transmission unit to transmit a mail reception permission notification including the check code generated from the mail address to a registration unit.12-03-2009
20090300727SERVER, INFORMATION PROCESSING METHOD AND PROGRAM - A server having an authority information storage configured to store therein authority information on an operation authority, a determination request information receiver configured to receive determination request information that is transmitted from a client and requests a permission/rejection determination on execution of a desired operation in the server or a client, a permission/rejection determination unit configured to make a permission/rejection determination in response to the determination request information received by the determination request information receiver based on the authority information, and a determination result information transmitter configured to transmit determination result information on a determination result made by the permission/rejection determination unit to the client that transmitted the determination request information.12-03-2009
20090300725ENABLING SYNCHRONOUS AND ASYNCHRONOUS COLLABORATION FOR SOFTWARE APPLICATIONS - A method for collaborating a first computer with a second computer. The method includes sending an invitation from the first computer to the second computer, and sending a list of permissions from the first computer to the second computer upon acceptance of the invitation. The list of permissions allows the second computer to access a limited portion of one or more data on the first computer. The method further includes performing an analysis on the limited portion of the data stored on the first computer by the second computer, and sending a notification from the second computer to the first computer, wherein the notification indicates that the analysis has been performed on the limited portion of the data.12-03-2009
20090300723SHARING PRIVATE DATA PUBLICLY AND ANONYMOUSLY - Sharing a secret that can later be revoked. A client sends data to a server that makes the data available to other clients. The data is shared generically without specifically identifying the client. The data can be considered quasi-secret data or data that is secret except for the anonymous sharing of the data. The client can later make the shared data private again by changing or deleting the sharing of the data.12-03-2009
20090300722SUPPORT FOR INTEGRATED WLAN HOTSPOT CLIENTS - The invention proposes a method and a network device comprising an operation entity (12-03-2009
20090293106METHOD AND APPARATUS FOR CONTROLLING WIRELESS NETWORK ACCESS PRIVILEGES BASED ON WIRELESS CLIENT LOCATION - An access point through which a wireless device attaches to a wireless network determines the access privileges that will be accorded to the device based on a criteria set, such as the ID and physical location of the device requesting network access, the access point through which the device is connected to the network and user credentials. The location of the device is determined by a location determination system using the signal strength of the device signal. The location information and ID information is provided to an access server that uses the criteria set to retrieve access privileges from a privilege database. The retrieved access privileges are then applied to the wireless device by means of the access point and other devices in the wireless network.11-26-2009
20090293105ACCESS CONTROL SYSTEM AND ACCESS CONTROL METHOD - An access control system and method is disclosed. The access control system and method includes a terminal and a server. The terminal determines whether to allow access to a requested website and generates a request to the server to download information from the requested website if the terminal determines to allow access. The server determines whether to allow the terminal access to the requested website and provides information from the requested website to the terminal. The server examines the request to determine whether or not the terminal has made a determination whether to allow access to the requested website. The terminal and server work in combination to determine whether to grant access to the requested website. And the server's determination whether to allow the terminal access is dependent on the server's determination of whether or not the terminal has made a determination whether to allow access to the requested website.11-26-2009
20100125895DOMAIN BASED AUTHENTICATION SCHEME - In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application.05-20-2010
20110167478METHOD AND APPARATUS FOR PROVIDING SIMULTANEOUS SUPPORT FOR MULTIPLE MASTER KEYS AT AN ACCESS POINT IN A WIRELESS COMMUNICATION SYSTEM - The described apparatus and methods include a wireless local area network (WLAN) access point having a wireless wide area network (WWAN) backhaul connection to provide a gateway between a LAN and a WAN. In one example, the access point may be a cellular telephone. Here, a processor in the access point is configured to generate a plurality of master keys, such that a plurality of access terminals may each utilize a respective one of the master keys to access the LAN. Further, the processor is configured to enable control of an allocation of resources to at least one of the access terminals.07-07-2011
20110191831Multiple Identity Management in an Electronic Commerce Site - In electronic commerce (e-commerce) sites that are executed on a single e-commerce application, a user's session is only associated with a single user identity for e-commerce site domain. Acting under a single identity across the site may not be desired. There may be requirements to associate an individual user with one or more separate identities within parts of the site. Aspects of the invention provide a method, system and computer program product for managing multiple user identities for a user of an electronic commerce (e-commerce) site. The method comprises defining the e-commerce site as one or more security domains; and in response to a user's request to invoke an operation of the e-commerce site: determining a one of the one or more security domains to which the operation relates; performing one of a) creating a session and b) reusing a session for the user automatically in accordance with the determined security domain, said session associated with a user identity and a role indicating privileges for invoking operations of the e-commerce site in at least the determined security domain; and persisting said session for reuse. The user's request may be received in association with one or more sessions persisted for the user and a one of the sessions selected in accordance with the determined security domain. In response, either a session may be created or reused. Persisting may comprise providing one or more cookies defining the session to the user for associating with a subsequent request. In accordance with a feature of this aspect, the e-commerce site may define each of the one or more security domains as a hierarchy of organizations and assets owned by the organizations and the determining a one of the one or more security domains to which the operation relates may comprise evaluating the user's request in accordance with the hierarchy.08-04-2011
20110191829Method for Storing Data, Computer Program Product, ID Token and Computer System - The invention relates to a method for storing data, having the following steps: establishing a first connection between a first ID token and a first computer system via a second computer system for reading at least one first attribute from the first ID token, establishing a second connection between a second ID token and the first computer system via the second computer system for reading at least one second attribute from the second ID token, sending the first and the second attributes from the first computer system to a third computer system, receiving the data from the third computer system by the first computer system, writing the data into the second ID token via the second connection by the first computer system in order to store the data in the second ID token, where the condition for writing the data is that also the first connection still exists, wherein the first and the second connection are respectively connection with end-to-end encryption and a connection oriented protocol.08-04-2011
20110191828AUTHORIZATION AND TRACKING OF MODIFICATIONS TO MEDICAL DEVICES - A system and method for authorizing and tracking a modification to a medical device are provided. The modification may be an installation of software or firmware, an upgrade of software or firmware, an enablement of a feature, and/or a disablement of a feature. The system includes a server for generating and transmitting an authorization key before the modification can be performed. The system also includes a device for generating a confirmation key and transmitting the confirmation key to the server after the modification has been performed. The server is configured for updating a database with information regarding the modification performed on the medical device. In this manner, the system avoids performing unauthorized modifications to a medical device and efficiently traces authorized modifications made to the medical device.08-04-2011
20110265150MEDIA ASSET/CONTENT SECURITY CONTROL AND MANAGEMENT SYSTEM - A system, method, apparatus, and computer readable storage medium provide the ability to deliver media content in a secure manner in a computer system. A storage repository stores media content and marketing assets for the media content. A server computer is coupled to the storage repository and enabled to provide access to the media content and marketing assets via a website accessible on the Internet worldwide to a user. A digital advertising publicity repository (DAPR) enables an administrator to define first access rights for the user to access the website and second access rights for the user to access the DAPR.10-27-2011
20100031325SYSTEM FOR ENABLING MULTIPLE EXECUTION ENVIRONMENTS TO SHARE A DEVICE - According to the present invention, there is provided a data processing system comprising: a dedicated physical device for access by a single client only; a shared physical device for shared access by multiple clients; a partition of a first type associated with the dedicated physical device, the first type partition comprising said single client and a first device driver for accessing the dedicated physical device; a partition of a second type associated with the shared physical device, the second type partition comprising a second device driver for accessing the shared physical device, and a back end driver for accessing the second device driver; and multiple partitions of the third type each comprising a respective one of said multiple clients and a front end driver for accessing the shared physical device via the second type partition. There is also provided a method of operating the data processing system comprising: executing a user application in the standard domain; and executing in the trusted domain, one or more predetermined operations, services and/or functions relating to the user application.02-04-2010
20100031326SYSTEM AND METHOD FOR MANAGING SUPERIOR/SUBORDINATE INTERACTIONS - A system and method for automating the creation, optimization and deployment of multimedia, interactive, mentoring communication modules (“MIPs”) is provided. Simplified interfaces allow superiors to generate MIPs and asynchronously deploy them to subordinates' mobile devices or personal computers. The completed MIP are automatically coded for optimal performance on specific mobile operating systems to which they are deployed. Automatic notifications are sent to registered subordinates upon deployment of a completed MIP. User configurable and system updatable management portals and subordinate portals are automatically generated to provide a user interface to enable mentoring interactions between the superior and subordinates. The MIPs allow custom tailoring of educational and developmental exercises. Performance of the exercises can be monitored by a superior for each of a plurality of subordinates.02-04-2010
20100031323Network Interface Device - There are methods and apparatus, including computer program products, for defining a policy including a set of rules for a packet forwarding device by receiving information sufficient to enable a first rule related to one of security or traffic management to be defined, and based on the received information, enabling a corresponding second rule related to the other one of security or traffic management to be defined.02-04-2010
20100031322SECURE PRINTING METHOD - A method for secure printing comprising receiving a user print request to print information from a computer terminal, wherein the computer terminal is located in a network and is assigned an internet protocol address, prompting the user for approval to instruct a designated printer to commence printing the print request, wherein the designated printer is connected to a network and is assigned an internet protocol address, determining whether the computer terminal and the designated printer are in the same network by comparing the first portion of the computer terminal's internet protocol address with the first portion of the designated printer's internet protocol address, and instructing the designated printer to commence printing if the computer terminal and the designated printer are determined to be in the same network.02-04-2010
20100031321Method and system for preventing impersonation of computer system user - A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided. The method comprises receiving a first request from a user to change the user's password on a target system to be changed, sending a “change password” request for the user to the target system, storing the user's new password, receiving a second request from the target system on behalf of the user for access to a sensitive resource, wherein the second request contains information about the user's password, and denying the second request if the information about the user's password is not consistent with the user's stored new password.02-04-2010
20100031320USER INDICATOR SIGNIFYING A SECURE MODE - Computer-readable media, computerized methods, and computer systems for alerting a user that an operating system has entered a secure mode is provided. Initially, inputs are received at an operating system residing in a default mode. Typically, the default mode allows applications running on the operating system to access the inputs. If the inputs are identified as a call to perform a protected operation, the operating system is transitioned from the default mode to the secure mode. Typically, the secure mode restricts the applications from intercepting the inputs. The transition to the secure mode is automatically communicated to the user via an indicator device. Generally, automatic communication includes providing a message from the operating system to the indicator device over a secure pathway that triggers the indicator device to generate a user-perceivable output. Accordingly, the operating system exerts exclusive control over the operation of the indicator device.02-04-2010
20100024009METHOD AND SYSTEM FOR DYNAMIC SECURITY USING AUTHENTICATION SERVER - Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring System, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network.01-28-2010
20100024008Managing Resource Allocations - Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.01-28-2010
20100024007AFFIRMING NETWORK RELATIONSHIPS AND RESOURCE ACCESS VIA RELATED NETWORKS - A technique for providing a prediction as to whether a resource will be accessible to a user is described. The technique can involve comparing asserted membership in a wireless realm with membership records. Advantageously, a user can be made aware of the likelihood of access to a resource before attempting to reach the resource.01-28-2010
20100024006HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT - Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a state manager that is used to identify and maintain the source associated with a client browser that submits requests to the state manager. The state manager can allow requests that are authorized and request authorization for requests that are not. The state manager can maintain the states associated with each domain to reduce the number of transaction needed to authenticate and/or authorize subsequent requests to the same domain or to different domains.01-28-2010
20100017857SYSTEM AND METHOD FOR EXECUTING INTERACTIVE APPLICATIONS WITH MINIMAL PRIVILEGES - A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system. The policy-based decision system makes its determination based on an analysis of the application requirements, an analysis of the data security and privacy concerns associated with the execution of the application, the identity of the user and user's role and any other policy considerations previously specified by an administrator. Once the determination as to the appropriate set of privileges to be afforded in the execution environment has been made, the execution environment is created and provisioned or a pre-existing execution environment possessing the requisite privileges is identified and the remote user is logged into the server-side account. The application-specific accounts may be audited by audit trail tools that provide evidence of policy enforcement.01-21-2010
20100017855State Saver/Restorer for a Geospatial Decision Management System - A geospatial decision management system (GDMS) can save the overall state of a user's experience at one point in time within a GDMS session so that the user can restore the overall state at a later time, such as by restoring a geospatial browser view (e.g., camera settings for rending the map on the display screen, layer state information, map location) and restoring the states of one or more instances of geospatially-referenced tools that were active at the time of the state save. Upon restore, the browser and tools are initialized with their saved states so that the user is presented with the same functionality, data, and browser view that were displayed and accessible at the time of the state save. Saved states are transportable and can also be sequenced and animated to allow presentation of a slide show of individual GDMS views.01-21-2010
20110219433TASK-BASED ACCESS CONTROL IN A VIRTUALIZATION ENVIRONMENT - Methods, systems, and techniques for task-based access control are provided. Example embodiments provide a task-based access control system “TBACS,” which provides task-based permissions management using proxy task objects. In one example embodiment, the proxy task objects encapsulate activities, comprising one or more privileges, each associated with an object upon which the privilege can act. In some examples, proxy task objects may be used with a virtualization infrastructure to delegate permissions to delegate users, real or automated. Proxy task objects may also be associated with their own user interfaces for performance of the corresponding activities.09-08-2011
20080282326CONTROL PRODUCTION SUPPORT ACCESS - A device creates a group for accessing a front door program that enables access to a secure resource, assigns, to the group, one or more permissions to perform one or more tasks associated with the secure resource, and adds a user to the group using identification information associated with the user, wherein the user is permitted to perform the one or more tasks based on the addition of the user to the group.11-13-2008
20120210399LOCATION-ENABLED ACCESS CONTROL LISTS FOR REAL-WORLD DEVICES - Systems and methods are disclosed for providing an accessor with access to an accessed device through a network. In one embodiment, location-based access control rights of the accessor to the accessed device are obtained. The location-based access control rights define at least one location criterion such that access rights are to be granted to the accessor for the accessed device when a location of the accessor complies with one or more of the at least one location criterion. Upon determining that the location of the accessor device complies with the at least one location criterion, the accessor device of the accessor is granted access to the accessed device through the network. In this manner, an administrator of the accessed device can regulate from where the accessor can access the accessor device.08-16-2012
20090113526Method and system for ensuring a sharing violation free environment for a trusted software agent - A method and system is provided by which a trusted software agent can perform in a sharing violation free environment, which reduces complexity and eliminates interference with applications. A method for handling sharing violations in a computer system comprises intercepting a request by an application for access to a file, capturing a sharing violation raised by the operating system due to the said request, determining whether the sharing violation is due to the trusted agent, and if so holding the request by the application for access to the file until the trusted agent no longer holds the file, and then reprocessing the request by the application for access to the file. The application is not aware that the sharing violation due to the trusted agent occurred, or that the request was pending and reprocessed as at the end of the process it receives a file handle as if a sharing violation did not occur.04-30-2009
20090007239Mobile IP Bulk Registration Revocation - Techniques for Mobile IP bulk registration revocation are described herein. According to one embodiment, a first mobile agent of a mobile IP network sends a registration revocation message to a second mobile agent of the mobile IP network. The registration revocation message includes information identifying multiple home IP addresses of multiple mobile nodes whose registrations are to be revoked. In response to the registration revocation, the second mobile agent terminates bindings of services associated with multiple mobile nodes identified by the multiple home IP addresses and sends an acknowledgement message to the first mobile agent. Other methods and apparatuses are also described.01-01-2009
20120042362System and Method for Performing Access Control - Rather than defining roles in terms of those resources and/or actions pertaining to the resources that are permitted to subjects having that role, it has been found that by instead defining a role by negative permissions, i.e. those resources and/or actions related thereto that are not permitted to subjects in that role, the evolution of a system is more convenient to manage. In this way, the system is only required to track and update the denied resources for particular roles. It has also been recognized that by defining a role in terms of negative permissions, i.e. what subjects in that role cannot do, malicious users can be thwarted from creating false user accounts since selecting functions associated with the resources takes permissions away rather than adds them.02-16-2012
20120042361METHOD AND SYSTEM FOR SECURING AGAINST LEAKAGE OF SOURCE CODE - Embodiments of the invention provide a method and a system of detecting source code in a message being sent over a digital communication network to secure against unauthorized leakage of source code. The message is intercepted on a network device, placed into a memory on the network device, and divided into one or more segments, wherein each segment includes a predetermined number of lines of text from the message. For each segment, one or more syntax rules of a programming language is applied to the segment and a predetermined number of context lines of text before the segment and/or after the segment, to determine which of the syntax rules of the programming language are matched in the segment. A determination of whether the text message includes source code is provided based on the syntax rules that were matched.02-16-2012
20110307941Method and apparatus to implement secured, layered logout from a computer system - A secure, layered logout of a user session is implemented in a web-based management tool, such as a middleware appliance. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions associated therewith and that are enforced upon a timeout. Preferably, each succeeding security level in the set of security levels is reached as time increases from an idle time associated with the user session. Upon expiration of a timeout associated with a security level, the set of permissions associated with the security level are then enforced against at least one managed object while the user session continues. As each next security level is reached, the set of permissions associated with the security level are then enforced (with respect to the managed object or against one or more other managed objects), once again while the user session continues. Each of the objects preferably is managed independently of at least one other object; thus, the layered logout may enforce different permissions with respect to different managed objects while at the time maintaining the user session. If the user takes no action, eventually a timeout associated with a final security level of the set of security levels will occur, at which point the user session is finally terminated.12-15-2011
20110307940INTEGRATED WEB APPLICATION SECURITY FRAMEWORK - Various embodiments of systems and methods for integrated web application security are described herein. A unified framework for authentication, authorization, and session management specifically separates credential gathering and authentication as two separate steps that may be extended independently. The credential gathering is done by specific credential providers, and the authentication is performed independently. In another aspect, login/logout processing is separated from the authentication logic. Session validators, credential providers, authenticators, authorizers may be run independently.12-15-2011
20110307942Method and Apparatus for Authorization of Customer Premises Equipment - A computer-implemented method for requesting content over a public network is described. A customer premises equipment (CPE) can receive a time-varying signal over a private broadcast network. The signal can be used to generate authorization information on the CPE for content access over the public network. When a request for content that must be served over the public network is made at the CPE, the validity of the authorization information can be verified before the request is sent to the content delivery system.12-15-2011
20090172784Apparatus and method for processing data broadcast signal - An apparatus and method for receiving and processing a data broadcast signal is disclosed. The apparatus receives a data broadcast signal including the application information table and the application, and authenticates the received application. The apparatus can execute a corresponding application only when the execution of the application is permitted according to the authentication result.07-02-2009
20090172787IMAGE PROCESSING SYSTEM CAPABLE OF RECORDING CAPTURED IMAGES FOR UNLIMITED RECORDING TIME - An image processing system of the present invention includes an authentication server and an archive server each connected to a mobile terminal through a network, wherein the authentication server transmits a first permission notification to the archive server and the mobile terminal to indicate that the mobile terminal is permitted to use an image processing service when the authentication server authenticates that the mobile terminal which requests a connection is a previously registered terminal, and the archive server which, upon receipt of the first permission notification from the authentication server and upon receipt of image data from the mobile terminal, preserves the received image data.07-02-2009
20090172783Acquiring And Using Social Network Information - Among other things, a user of a site is provided access to information about a person to whom the user has a connection. The connection is stored in a shared social network (SN) system controlled independently of the site. The information is displayed to the user of the site only in accordance with a permission of the person for whom the user has the connection.07-02-2009
20120042360MOBILE SERVICES TAILORED TO USER NEED - A system for controlling delivery of content to a user in a telecommunications network, includes: 02-16-2012
20110314518PREVENTING MULTIPLE BACKEND CALLS AT BROWSER LAUNCH DURING MOBILE BROADBAND PROVISIONING - To reduce or avoid multiple calls for authentication, during mobile device provisioning for broadband connectivity which might otherwise be caused by add-ons associated with a browser, a provisioning gateway or server system maintains a database of records of source addresses and associated mobile numbers. The records may also indicate time of last request from each address. In response to a new request, the system determines if there is a record for the source address. If there is a record, and in our example, if the record indicates that time since the last prior request is less than a threshold value, then the system continues provisioning processing for the device but without any communication with an authentication system. However, if there is no record or if the last request from a source address is older than the threshold, then the system communicates with the authentication system to obtain the directory number for the mobile device.12-22-2011
20120060207ROLE-BASED ATTRIBUTE BASED ACCESS CONTROL (RABAC) - Systems and methods are disclosed for receiving an access request from a user device, the access request including an identity claim for a user; evaluating a risk of access based on matching an attribute of the user device with attributes stored in a user information database; authenticating the access request based on the identity claim and the risk evaluation to determine an authentication confidence level; generating a token based on the confidence level and the attribute matched; producing an authorization response based on inputs from the token, a risk based access control, a role based access control, and an attribute based access control, in which the authorization response determines whether to allow access to a system, deny access to the system, or request additional input from the user device.03-08-2012
20120210401Device and Method for Managing Access Rights to a Wireless Network - A device and a method for managing access rights to a wireless network uses wireless connection devices advantageously based on a smart card, which enable the wireless connection to the network once connected to a terminal. These devices include devices for time and/or geographical management of access to the network and authentication device. These devices can be easily preprogrammed by the entity managing the service and then distributed to the users.08-16-2012
20110321140SYSTEM AND METHOD FOR AUTOMATICALLY LEARNING MAILBOX CONFIGURATION CONVENTIONS - A system and method automatically learns mailbox configuration conventions. The validator module determines a valid set of configuration parameters used for accessing an electronic mailbox of a user within a mail domain after receiving configuration information from the user that is limited in the configuration parameters required for accessing the electronic mailbox. A learner module accepts from the validator module a set of configuration parameters determined to be valid and generates configuration conventions for a mail domain. A database store is the generated configuration conventions. The validator and learner modules can be operative as part of a web server.12-29-2011
20120210398Enhanced Backup and Retention Management - An enhanced backup and retention management module associated with an entity may track access and changes made to configuration files that specify backup and/or retention policies for servers located on a network. The management module may also prevent unauthorized users from accessing or making changes to the configuration files. Additional features of the system may include a reporting capability that alerts appropriate personnel of who accessed and/or attempted to modify a backup/retention policy for a server, the name of the server whose policy may have been affected, and specific details of the file modifications that were made/attempted.08-16-2012
20120047562SOFTWARE APPLICATIONS DISTRIBUTION METHOD AND APPARATUS - The present invention provides for a method and apparatus for distributing digital information, such as software applications, to application users. By providing the digital information on unused memory space of a computer system, and providing a process for authorizing access to the information, the information can be efficiently and cost effectively transferred to users. Traditional inventory and distribution channel difficulties are avoided.02-23-2012
20120047561SECURING RESOURCE STORES WITH CLAIMS-BASED SECURITY - Methods, systems, and computer program products are provided for securing resource stores with claims-based security. From policy information, a resource store populates a security table of permissions. The permissions authorize resource access based on received claims. Sessions submit claims to the resource store. The resource store accumulates claims for a session into a claims list. From the claims list and the security table, the resource store filters out a subset of metadata including resource IDs for resources the session is authorized to access. Since the metadata corresponds to the session, any application using the session is given similar access to resources at the resource store.02-23-2012
20120047560Social Age Verification Engine - A social networking system obtains parental authorization from a parent for a child to access a computing resource, where the parent and the child are users of the social networking system. The child user may request the authorization by identifying a purported parent user. The social networking system attempts to verify the validity of the purported parent user's account, the age of the user associated with the purported parent's account, and/or the existence of a parent-child relationship between users of the accounts associated with the purported parent and the child. The social networking system makes these determinations, at least in part, using social and transactional information associated with the purported parent user's account and the child user's account in the social networking system. Upon verification of these items, the social networking system may allow the purported parent to provide authorization responsive to the child's request to access the computing resource.02-23-2012
20090125987DIGITAL RIGHTS MANAGEMENT - A method for distributing rights objects between a first device 05-14-2009
20120005729SYSTEM AND METHOD OF NETWORK AUTHORIZATION BY SCORING - A method and system of collecting data from a device seeking authorization for an association with a network, scoring the collected data in accordance with pre-defined criteria, comparing data about the device and request with a past history of requests for authorization by such device, and modifying the score based on such comparison.01-05-2012
20120005728MANAGING MEETING INVITATIONS TO SUB-INVITEES - A computer implemented method manages meeting invitations to sub-invitees. A meeting coordinating computer detects a meeting invitation being sent from a meeting moderator's computer to a primary invitee's computer. The meeting coordinating computer intercepts a response from the primary invitee's computer. This response contains a request for a sub-invitee to accompany the primary invitee to the meeting. If the sub-invitee is initially authorized by the meeting coordinating computer to attend the meeting, then a request is transmitted to the meeting moderator's computer for additional authorization to invite the sub-invitee to the meeting.01-05-2012
20110167477METHOD AND APPARATUS FOR PROVIDING CONTROLLED ACCESS TO A COMPUTER SYSTEM/FACILITY RESOURCE FOR REMOTE EQUIPMENT MONITORING AND DIAGNOSTICS - A hardware-software user connectivity control method and apparatus which provides a secure controlled access arrangement that enables only authorized users to obtain access to stored proprietary information and processing tools/applications on a computer-implemented global monitoring system/network (GMS) used to monitor and diagnose steam turbine power generator equipment and plants. An authentication challenging application (ACA) in the GMS sends a challenge sequence of code/numbers via a non-secure communications link/channel to an authentication response application (ARA) resident on a user/customer computer system. The ARA must respond via the same communications link/channel with an expected response code/number sequence to enable the user's access to the GMS otherwise the communications link/session is terminated. The ARA may optionally be stored on a portable flash memory dongle gaining direct access to the GMS locally. Additionally, a proprietary port connector device is needed when making a direct access connection locally via the GMS facility communications port.07-07-2011
20110167480TECHNIQUES FOR SECURE TRANSPARENT SWITCHING BETWEEN MODES OF A VIRTUAL PRIVATE NETWORK (VPN) - Techniques for secure transparent switching between modes of a virtual private network (VPN) are provided. A principal, via a client, establishes a VPN session in a first mode of operation with a server. The principal subsequently requests a second mode of operation during the same VPN session. The VPN session is transparently transitioned to the second mode of operation without any interaction being required on the part of the principal and without terminating the original VPN session.07-07-2011
20120011569SYSTEM AND METHOD FOR PROTECTING MAC CONTROL MESSAGES - A system to protect MAC control messages is presented. In one embodiment, the system comprises a processor, a memory coupled to the processor, and a communication device coupled to the processor to communicate wirelessly over multiple sub-channels in an orthogonal frequency division multiple access (OFDMA) wireless network. The communication device is operable to determine that a MAC control message is protected if an indicator within the MAC control message is set. The communication device validates, if the indicator is set, integrity of the MAC control message in conjunction with a CMAC (cipher-message authentication code) tuple concatenated with the MAC control message.01-12-2012
20120159581DISTRIBUTED MESH NETWORK - A device, method, and system are disclosed. In one embodiment a computing device resides in a mesh network. The device includes a first storage device that operates when the computing device is awake. The first storage device stores a last known list of peer computing devices in the mesh network. The device also includes a second storage device that operates regardless of whether any central processing unit in the computing device is awake or asleep. The second storage device includes a local block that stores a list of resources provided by the first computing device and a list of computing devices in the mesh network verified by the first computing device. The second storage device also includes a remote block that stores an unverified remote list of computing devices in the mesh network.06-21-2012
20120159580Method of Establishing Trusted Contacts With Access Rights In a Secure Communication System - A method of establishing trusted contacts with access rights in a secure communication system. The method includes establishing the trustworthiness of an untrusted call received from another end point in a secure communication system and storing information corresponding to the end point as a trusted contact entry in a database if the trustworthiness of the end point is established. Access rights of the trusted contact are determined and stored in the database and any time restrictions are determined and stored in the database.06-21-2012
20120011570WEB-BASED AID FOR INDIVIDUALS WITH COGNITIVE IMPAIRMENT - A system for assisting an individual with cognitive impairment including a display device adapted to connect to a remote server and a dedicated website hosted on the remote server and remotely accessible by an authorized individual dedicated to hosting content for the individual with cognitive impairment. A homepage is displayed on the display device. The homepage displays content provided by the dedicated website. A plurality of informational icons are provided on the homepage. The information icons are adapted to display content from the dedicated website. The authorized individual can modify and transmit content to the homepage through the website to be accessed by the individual with cognitive impairment through the display device.01-12-2012
20120011568SYSTEMS AND METHODS FOR COLLABORATIVE, NETWORKED, IN-CONTEXT, HIGH RESOLUTION IMAGE VIEWING - Systems and methods are provided for viewing portions of an image in high resolution and in context with a full image, which is displayed at a base resolution that is lower resolution than the resolution of the high-resolution image. Some embodiments provide for collaborative viewing of imagery, where the image viewing system can be configured to allow a first user to select an area of interest, resolution, and virtual lens shape and size on behalf of a second user or users, and the first user's selections can be saved for later use when the second user or users request the image. Embodiments that support this collaborative technique can be employed in collaborative or instructional applications.01-12-2012
20120011574GENERIC KEY-DECISION MECHANISM FOR GAA - A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function.01-12-2012
20120159577ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES - Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity.06-21-2012
20090172782Service Utilization Control Manager - Aspects of the invention allow mobile network users as well as mobile network providers to define policies that are managed across several applications and services. Thus, several application servers and network elements are coordinated to implement a service policy. More specifically, aspects of the invention define service level policies for any service be within an IMS based or non-IMS based wireless network implemented by SIP or non-SIP network elements.07-02-2009
20120117629RELAY APPARATUS, COMMUNICATION APPARATUS AND RELAY METHOD - A relay apparatus connected to a communication apparatus, a service providing apparatus and a browser-equipped apparatus, includes: a registering unit registering provisional registration information, the provisional registration information being used in an authentication procedure performed between the service providing apparatus and the browser-equipped apparatus; an acquiring unit acquiring permission information representing that use of the service is permitted, the permission information being issued by the service providing apparatus in the authentication procedure; a communication unit transmitting the provisional registration information to the browser-equipped apparatus; a receiving unit receiving input information transmitted from the communication apparatus, the input information being generated in response to the provisional registration information; and a communication unit transmitting the permission information to the communication apparatus which has transmitted the input information if the receiving unit receives the input information.05-10-2012
20120117628Global Account Lockout (GAL) and Expiration Using an Ordered Message Service (OMS) - A method, apparatus and computer program product for providing Global Account Lockout (GAL) using an Ordered Messaging Service (OMS) is presented. A database operation is received from a client, and a determination made regarding whether the operation contains an authentication mechanism. When the operation does not contain an authentication mechanism, then the operation is returned from. When the operation does contain an authentication mechanism, then the following steps are performed: locating the entry and checking its authentication mechanism, determining whether the authentication mechanism in the operation is good, sending a bind message to a GAL manager, checking and updating GAL state, committing updates to GAL state, and returning operation to the client.05-10-2012
20120017266SYSTEMS AND METHODS FOR PERMISSION ARBITRATED TRANSACTION SERVICES - Systems and methods disclosed allow a permitting party to share personal information with a receiving party. The receiving party may use the information to authenticate the permitting party, assess the permitting party, determine if the permitting party is compatible with one or more other users associated with the receiving party, or validate the permitting party. The permitting party may define how much of the permitting party's personal information is shared, and/or limit the use of the information for one or more specific purposes. A requesting party may also set up criteria for the types of information it wants to review along with the intended use of the information. The systems and methods disclosed also enables permitting parties the ability to grant requesting parties access to requested information.01-19-2012
20120023555WIRELESS ENVIRONMENTAL MONITORING OF GOODS - A system for wireless environmental monitoring of goods, the system comprising a portable environmental data logger and a portable computerized device, each comprising: a standard short-range radio module; and an authentication and security module, wherein said standard short-range radio modules of said logger and said computerized device are configured to communicate with one another over a standard wireless communication channel, and wherein said authentication and security modules of said logger and said computerized device are each configured to execute, over the standard wireless communication channel, a non-standard authentication routine for authenticating an identity of said computerized device to said logger, so as to provide said computerized device with data access to said logger based on a security profile assigned to said computerized device.01-26-2012
20120023557METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK - A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.01-26-2012
20120023556IDENTITY MANAGEMENT AND SINGLE SIGN-ON IN A HETEROGENEOUS COMPOSITE SERVICE SCENARIO - A server device that includes a memory to store identity information for a group of users, policy information, and context information for a group user devices. The server device also includes a processor to receive, from another server device, a request for login credentials, associated with a user of a user device, that enable a third party application to access a service provider on behalf of the user, the request including identity information associated with the user and context information associated with the user device; verify the identity of the user based on a determination that particular identity information is stored in the memory; authorize the disclosure of the particular identity information based on a determination that the context information matches particular context information stored in the memory and that the policy information permits the disclosure of the particular identity information; and send the particular identity information, that includes the login credentials, to the other server device based on the verified identity and the authorized disclosure.01-26-2012
20120023554SYSTEMS AND METHODS FOR PROVIDING A SMART GROUP - The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.01-26-2012
20120023553Static Analysis For Verification Of Software Program Access To Secure Resources For Computer Systems - A method includes, using a static analysis, analyzing a software program to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. The method also includes, in response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, outputting a result indicative of the analyzing. Computer program products and apparatus are also disclosed. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.01-26-2012
20120060206ROLED-BASED ACCESS CONTROL METHOD APPLICABLE TO iSCSI STORAGE SUBSYSTEM - A role-based access control method for a storage subsystem. The storage subsystem includes at least a first iSCSI target node and at least a first virtual storage device attached to the first iSCSI target node. The method includes: assigning a first role so that the first role has an authority to access the first iSCSI target node; assigning a first subject having the first role; and in login, authenticating a name and a password of the first subject to verify that whether the first subject is allowed to access the first iSCSI target node.03-08-2012
20120159579SYSTEM, METHOD AND DATABASE FOR MANAGING PERMISSIONS TO USE PHYSICAL DEVICES AND LOGICAL ASSETS - A system and method for storing user permissions for multiple disparate physical devices and systems in a unified permissions database connected to a network in common with the devices. The permissions database also stores user permissions for logical assets on or attached to the network.06-21-2012
20120159578METHODS AND APPARATUS TO CONTROL PRIVILEGES OF MOBILE DEVICE APPLICATIONS - Methods and apparatus to control privileges of mobile device applications are disclosed. A disclosed example method includes assigning a process identifier to an application on a mobile device, the process identifier generated by an operating system of the mobile device, determining via a digital certificate that the application is authorized to be executed on the mobile device and that the application is authorized to access a network interface of the mobile device, configuring a mandatory access control module of the mobile device to enforce access of the network interface by providing the process identifier to the mandatory access control module, and enabling the application to access the network interface.06-21-2012
20090019530Device-Specific Authorization at Distributed Locations - With the proliferation of wireless devices, seamless authentication of devices at distributed locations (e.g., so-called Wi-Fi hotspots) may be essential for convenient use of various devices at these locations. Previous methods for authentication relied on an account-based method using a username and a password inputted from a user. This method may be awkward for mass-distribution of devices. Various embodiments disclosed may provide an authorization client that communicates with one or more servers that relies on client software and message authentication codes for authorization of network access.01-15-2009
20110072494INTERFACE APPARATUS, CONTROL METHOD OF INTERFACE APPARATUS, CONTROL PROGRAM OF INTERFACE APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM STORING THE CONTROL PROGRAM - Various kinds of content items are dealt with by a single interface apparatus. A content processing apparatus 03-24-2011
20120072971DATA SHARING SYSTEM, SHARED DATA MANAGEMENT APARATUS, AND CONTROL METHOD OF SHARED DATA MANAGEMENT APPARATUS - The traffic amount of the radio communication is reduced and the load applied to the management side of the system is reduced, thereby making the data shared with only prescribed users in an efficient manner. There is provided a shared data management apparatus, for managing sharing of data stored in a plurality of data storage units, is provided with: a profile group management unit 03-22-2012
20120110651Granting Access to a Cloud Computing Environment Using Names in a Virtual Computing Infrastructure - Access to resources in a cloud computing environment having a plurality of computing nodes is described. A group of users is defined within the cloud computing environment. A first name is assigned to the group. At least one subgroup of users is defined from within the group. A second name is assigned to the at least one subgroup. The second name follows a hierarchical naming structure of the form/group/subgroup.05-03-2012
20120110642METHOD AND APPARATUS FOR GRANTING RIGHTS FOR CONTENT ON A NETWORK SERVICE - Techniques for granting rights for content on a social network to multiple users include determining first data. It is also determined to associate a first user identifier and at least a second user identifier with the first data. It is further determined to grant a right for the first data to a first user identified by the first user identifier and at least a second user identified by the second user identifier.05-03-2012
20110093928MANAGEMENT SYSTEM - A management system manages use of management object provided in facilities by using an information storage medium of a user. An entrance management apparatus, provided in the vicinity of an entrance of the facilities, stores use permission information for permitting the use of the management object on an information storage medium when the user enters the facilities. In the facilities, a use management apparatus, provided for each management object, controls availability or unavailability of the management object based on the use permission information stored on the information storage medium. Additionally, the use management apparatus stores, in the information storage medium, use information showing that the management object is used. Further, a room leaving management apparatus, provided in the vicinity of an exit of the facilities, manages leaving of the user based on the use information stored on the information storage medium. When the user leaves the facilities, it is controlled whether or not the user can leave the facilities, and use history information is stored, based on the use information.04-21-2011
20120079568CONFIGURABLE WEBSITE AND SYSTEM WITH ACCESS CONTROL AND SOCIAL NETWORK FEATURES - A web-based system allows for publishing a website with features and access configured on a user-by-user basis by the website owner to present personal data as well as social network feeds in a single interface. The website owner can update and manage his/her social media from the same page, as well as organize private data if desired. The system includes a messaging function, in accordance with which users can drop a message into the message service of a site owner, and it gets delivered to the site owner in exactly the manner specified by the site owner.03-29-2012
20120079567WIRELESS MANAGER AND METHOD FOR CONFIGURING AND SECURING WIRELESS ACCESS TO A NETWORK - The disclosure provides a wireless manager operable to receive a request from a mobile device to wirelessly communicate with a network, wherein the request may include information to dynamically identify a location associated with the mobile device. The wireless manager may be further operable to automatically associate the mobile device with an access zone comprising one or more physical or logical characteristics, compare the location associated with the mobile device to the access zone, and authorize the mobile device to wirelessly communicate with the network if the location associated with the mobile device indicates that the mobile device does not violate the access zone.03-29-2012
20130174223SYSTEMS AND METHODS FOR TEMPORARY ASSIGNMENT AND EXCHANGE OF DIGITAL ACCESS RIGHTS - Systems and methods are provided for assignment and exchange of temporary access rights, based on a physical or virtual proximity of user devices. A first user device may receive a temporary access right that enables access on a second user device to a content asset which the first user device is not authorized to access. In response to receiving the temporary access right, the first user device may enable access on the first user device to the content asset. Access to the content asset may be maintained after the first user device leaves the proximity of the second user device until the content asset is played back in its entirety. The proximity may be based on physical location or virtual connections through online services. The temporary access right may be requested from the second user device by the first user device or assigned to the first user device from the second user device and may limit the number of times that the content asset may be accessed on the first user device.07-04-2013
20110107403COMMUNICATION SYSTEM, SERVER APPARATUS, INFORMATION COMMUNICATION METHOD, AND PROGRAM - A communication system includes a terminal, a first server apparatus that manages the movement of the terminal, and a second server apparatus that performs authentication of the terminal. The first server apparatus uses AAA protocol to transmit a first message that includes a pseudo-NAI of the terminal to the second server apparatus. The second server apparatus both records the pseudo-NAI and true-NAI of the NAI of the terminal in association with each other and records maintenance function execution necessity information indicating whether a maintenance function must be executed for the terminal in association with the true-NAI of the terminal, and upon reception of the first message from the first server apparatus, uses AAA protocol to transmit a second message that contains the maintenance function execution necessity information that was placed in correspondence with the pseudo-NAI that was contained in the first message to the first server apparatus.05-05-2011
20110107402CLIENT SERVER SYSTEM, CLIENT APPARATUS AND SERVER APPARATUS DISPLAYING CONTENTS OF PROVIDED SERVICES - A client server system allowing easy selection of a provided service is provided. In the client server system, a server apparatus includes: an HDD storing a service ID and a user ID indicating a user who is logged in to the service in association with each other; a control unit searching for a service logged in by the user who is logged in to the MFP based on the information stored in the HDD, in response to an inquiry from MFP; and an LAN I/F transmitting the result of search by the control unit to the MFP. The MFP is adapted to include: an operation panel; an inquiry function of a control unit for inquiring of the server about the logged-in service; an LAN I/F receiving the result of search; and a display control function of the control unit, causing the operation panel to display an image indicating the logged-in service, based on the received result of search.05-05-2011
20110107401ESTABLISHING TRUST RELATIONSHIPS BETWEEN COMPUTER SYSTEMS - An offline trust system establishes a trust relationship between a trust authority computer system and a target computer system without relying on an active network connection between the computer systems. The offline trust system separates the trust establishment operation into a provisioning phase and a configuration phase. The provisioning phase can be performed entirely on the trust authority, while the configuration phase can be performed entirely on the target computer system requesting trust. The two phases can be performed at different times and do not assume any connection between the two computer systems. An administrator may perform the provisioning phase for many target computer systems at the same time. Thus, the offline trust system provides a way to establish trust between computer systems that is more reliable and less prone to failure.05-05-2011
20110107400METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR RECOVERING A PASSWORD USING USER-SELECTED THIRD PARTY AUTHORIZATION - A password recovery technique for access to a system includes receiving a request from a first party to recover the first party's password to access the system, receiving a selection of a second party from the first party, sending a message to the second party requesting that the second party authorize the request to recover the first party's password, receiving authorization from the second party for the request to recover the first party's password, and resetting the first party's password responsive to receiving authorization from the second party.05-05-2011
20100095354SECURE ACCESS OF ELECTRONIC DOCUMENTS AND DATA FROM CLIENT TERMINAL - An improved approach for secure access of electronic documents and data is provided.04-15-2010
20100095353SYSTEM AND METHOD FOR CONTENT ACCESS CONTROL - A system and method for managing access to content is provided. One example embodiment provides for a method including acts of identifying a filter of content based at least in part on the preferences a user and a subject presented in the content and presenting the content using the filter to the user. Another example embodiment provides for a system that includes a controller configured to identify a filter of content based on preferences of a user, to present content using the identified filter and to update the preferences of the user based on feedback from the user and the subjects presented in the content.04-15-2010
20110099608System and Method of Controlling Access to Information in a Virtual Computing Environment - In one embodiment the present invention includes a computer-implemented method comprising storing authorization data on a first client computer system, accessing virtual computing software from the first client computer system, accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system, sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system, and accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data.04-28-2011
20090133103Method and system for data security in an IMS network - A method and system to enhance the protection of the data in an user equipment and secure real time streaming of the data in the user equipment is disclosed. The method and system includes sending request by at least one user to access at least one application server. The user is provisioned to download a appropriate CMSC and a mapper into the user equipment from the application server. The method and system further comprises user sending request via an IMS network to download a data to the user equipment. The data is encrypted in the application server and is downloaded into the user equipment. The mapper identifies the appropriate CMSC, which may decrypt the data. Further, the data undergoes double decryption in real time within the user equipment before being presented in user interface. The double decryption is provisioned using the valid CMSC downloaded in the user equipment.05-21-2009
20090133102Optimized security association database management on home/foreign agent - Techniques for security association management on a home agent and a foreign agent are described herein. In one embodiment, in response to a first mobile network registration request from a mobile node, a remote authentication facility is accessed to retrieve a security association for the mobile node for authenticating and providing a first network connectivity to the mobile node, wherein the security association is associated with a lifespan. The security association is inserted in a local security association database to create a security association entry, wherein the security association entry includes the lifespan. A second mobile network registration request from the mobile node after the first network connectivity has been terminated is received and the security association entry in the local security association database that corresponds to the mobile node is used to provide authentication of the mobile node without having to access the remote authentication facility again if the lifespan associated with the security association entry is valid. Other methods and apparatuses are also described.05-21-2009
20120124650Reactive Authorization for Publications - Systems and methods for reactively authorizing publication of information by a third party are coordinated through the use of a presence server. The presence server communicates with other communication nodes/devices to determine and relay publication information. Publication requests that are initially unauthorized, from the perspective of the presence server, are resolved.05-17-2012
20120124651SECURE AND EFFICIENT AUTHENTICATION USING PLUG-IN HARDWARE COMPATIBLE WITH DESKTOPS, LAPTOPS AND/OR SMART MOBILE COMMUNICATION DEVICES SUCH AS IPHONES - A portable apparatus is removably and communicatively connectable to a network device to communicate authentication or authorization credentials of a user in connection with the user logging into or entering into a transaction with a network site. The apparatus includes a communications port to connect and disconnect the apparatus to and from the network device and to establish a communication link with the network device when connected thereto. A processor receives a secure message from the network security server via the port. The message has a PIN for authenticating the user to the network site, and is readable only by the apparatus. The processor either transfers, via the port, the received PIN to an application associated with the network site that is executing on the network device or causes the apparatus to display the received PIN for manual transfer to the application associated with the network site.05-17-2012
20120124648DUAL SCREEN PC - Systems for, and methods of, enabling selective control of resource of an electronic device having a display by a controlling electronic device having a display are disclosed. Selective control of the electronic device is implemented by the electronic device via a set of control permissions for a detected controlling device, based upon an identifier of the controlling device. A controlling device can be any electronic device having a processor, a memory, a display and a communication module. Enabling selective control of the display of an electronic device having a display, by a personal computer, enables the personal computer to operate as a dual screen personal computer.05-17-2012
20120317621CLOUD SYSTEM, LICENSE MANAGEMENT METHOD FOR CLOUD SERVICE - A screen to be presented to a customer administrator is generated according to the license status. Also, as a license status, a processing progress status is provided in which the customer administrator is prohibited to perform operations during asynchronous license status change processing.12-13-2012
20120317620Website visitor identification algorithm - An improved method for identifying and counting the unique visitors to a website, comprising the redundant storage of information about the visitor in a first-party cookie, a third-party cookie, and a Flash cookie, enabling the persistence of visitor identification even if one of the abovedescribed cookies or some information therein is deleted by the visitor or otherwise unavailable.12-13-2012
20120317626NETWORK RESOURCE ACCESS CONTROL METHODS AND SYSTEMS USING TRANSACTIONAL ARTIFACTS - Methods and systems are provided for use with digital data processing systems to control or otherwise limit access to networked resources based, at least in part, on transactional artifacts and/or derived artifacts.12-13-2012
20110126267METHOD AND APPARATUS FOR PROVIDING A CONTEXT RESOURCE DESCRIPTION LANGUAGE AND FRAMEWORK FOR SUPPORTING THE SAME - An apparatus for providing a framework for supporting a context resource description language may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus to perform at least receiving an indication of content loaded at a browser, parsing the content for context resource description language providing an identification of properties requested in association with a service from which the content was loaded, and providing property management with respect to the identified properties for provision to the service. A corresponding method and computer program product are also provided.05-26-2011
20120222093PARTIAL AUTHENTICATION FOR ACCESS TO INCREMENTAL DATA - Embodiments of the invention relate to partial authentication to access incremental information. An aspect of the invention concerns a method of authorizing access to information that comprises providing an initial segment of a password wherein the password includes password segments each associated with an incremental portion of the information. In response to the initial password segment satisfying an expected value, the method may authorize access to the information portion associated with the initial password segment. The method may authorize access to other information portions associated with subsequent segments of the password in response to the subsequent password segments satisfying respectively expected values.08-30-2012
20120222092CONTROLLING ACCESS TO MEDIA FOR AN ELECTRONIC DEVICE - An electronic device for controlling access to media is described. The electronic device includes a processor and instructions stored in memory. The electronic device obtains media information and determines remaining battery power. The electronic device also determines whether to restrict access to the media based on the media information and the remaining battery power. The electronic device restricts access to the media if it is determined to restrict access and presents the media on the electronic device if it is determined not to restrict access.08-30-2012
20120317625Dynamic Authentication in Secured Wireless Networks - Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.12-13-2012
20120317624METHOD FOR MANAGING ACCESS TO PROTECTED RESOURCES AND DELEGATING AUTHORITY IN A COMPUTER NETWORK - In a method, a consumer (12-13-2012
20120317619AUTOMATED SEAMLESS RECONNECTION OF CLIENT DEVICES TO A WIRELESS NETWORK - A host device for a wireless network may be configured to implement at least two virtual access points for connecting client devices to the wireless network. A user virtual access point enables a client device to connect to the wireless network and transmit network traffic to other devices connected to the wireless network. In addition, a setup virtual access point provides an additional access point to connect to the wireless network when network credentials for the user virtual access point, such as a service set identifier (SSID) or a password, are changed by a user. When a client device cannot find the user virtual access point based on a stored SSID or password, the client device may be configured to automatically reconnect to the setup virtual access point to request a new SSID and network credentials for the user virtual access point.12-13-2012
20120317622HARDWARE IDENTITY IN MULTI-FACTOR AUTHENTICATION AT THE APPLICATION LAYER - Device authentication is implemented at the application layer of a computer communication model to add a factor to user authentication without requiring any action by the user. User space applications, such as web browsers, e-mail readers, and such, can remain completely unaffected. Instead, the additional authentication factor is provided at the application layer, typically in an operating system, where protocols such as HTTP(s), FTP(s), POP, SMTP, SNMP and DNS are implemented. Authentication is performed by a challenge/response transaction and the client device's digital fingerprint is compared to a whitelist of digital fingerprints of authorized client devices.12-13-2012
20120317627TOOL, METHOD AND APPARATUS FOR ASSESSING NETWORK SECURITY - Tools and methods in which user interaction via a common user interface enables the assessing of network security prior to implementation of the network, as well as assessing the security of existing networks, portions of existing networks, or modifications to existing networks. A network security model useful in realizing the tools and methods is also disclosed.12-13-2012
20120317623Systems and methods for managing database authentication and sessions - Systems and methods enable remote (or “off-campus”) users complete authorized access to full-record content of 3rd-party databases subscribed to by the user's institution. More particularly, the present invention relates to a method and system that acts as a transparent conduit between the user and a remote database, managing relevant session/context information without the user's awareness and without the need for users to install plug-ins or configure browser proxies.12-13-2012
20120131646ROLE-BASED ACCESS CONTROL LIMITED BY APPLICATION AND HOSTNAME - In a Role Based Access Control (RBAC) system, an additional layer of access control is provided on a per-client basis on a centralized directory or database server. Access to privileged commands that are otherwise accessible by a user under a given role may be restricted by the additional layer of access control, depending on the client under which access is attempted. Thus, a user otherwise authorized to access a privileged command under an assigned role using one client may be restricted from accessing that command from a particular client system, even if another user having the same role is allowed to access that command using another client.05-24-2012
20120167179FLEXIBLE MULTIMEDIA PRIORITY SERVICES - Presented is a system and methods for allowing a user, through their end user device, to invoke and access on-demand and always-on time interval based multimedia priority services (MPS). The time interval can be specified by the user directly for the user's session or provided by a managing authority for a plurality of user sessions. The time interval can be specified as a period from user invocation forward or as a start time/date pair to an end time/date pair.06-28-2012
20120131648INFORMATION MANAGEMENT APPARATUS, INFORMATION MANAGEMENT METHOD, AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM - An information management apparatus includes a first control information setting unit that sets first control information for permitting use of information within a destination terminal to the information; a second control information setting unit that sets second control information for permitting the destination terminal to forward the information to the information; a displaying permitting unit that controls, when information set with the first control information is received from a source terminal, to permit the information to be used locally within an apparatus; and a forwarding permitting unit that controls, when information set with the second control information is received from a source terminal, to permit the information to be forwarded.05-24-2012
20120131649APPARATUS REGISTRATION METHOD AND SERVER DEVICE - In a method of registering an access permission from a first device to a second device to the second device over a network, when receiving via the network a connection request from the first device of which access permission is not registered, the second device rejects connection from the first device, and shifts to the first mode. In the first mode, the second device detects user's operation on the second device, and judges whether the detected user's operation is an operation regarding viewing of a reproduction signal from the second device. If the user's operation is not the operation regarding viewing, the second device shifts to the second mode for registering an access permission. If the user's operation is the operation regarding viewing, the second device does not shift to the second mode.05-24-2012
20120167182DEVICE INDEPENDENT AUTHENTICATION SYSTEM AND METHOD - A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client's communication device is issued a security token using standard HTML-INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.06-28-2012
20120167181IMAGE FORMING APPARATUS, IMAGE FORMING METHOD AND IMAGE FORMING SYSTEM - According to one embodiment, an image forming apparatus which is connected to a server via a communication line includes a control section which obtains a user ID and a password for user authentication, receives a restriction condition which regulates a character string for which use as the password is prohibited and a form thereof from the server, determines whether or not the password input meets the restriction condition, and displays a screen which prompts a change in the password when the restriction condition is not met.06-28-2012
20120167180CLOUD SERVER AND ACCESS MANAGEMENT METHOD - A cloud server stores information, such as a location data range, IP addresses, account names, and passwords of authorized clients. When receiving an access request from a client, the cloud server determines if location data of the client falls within the location data range and an IP address, an account name, and a password of the client matches corresponding information of any authorized client. If the location data of the client falls within the location data range and an IP address, an account name, and a password of the client match information of any authorized client, the cloud server determines that the client is an authorized client and permits the client to access the cloud server.06-28-2012
20120131647System and Methods for Facilitating Secure Communications on a Website - A system and methods for facilitating secure communications on a website are presented. The system comprising a security server configured to receive a secure message from a creator device is disclosed. The security server encodes the received message and sends the encoded message or a representation of the encoded message for posting on the website so that one or more users of the website have the ability to request that the security server make the message available after the encoded message has been decoded.05-24-2012
20120131645User Scriptable Server Initiated User Interface Creation - A computer-implemented method of providing user interfaces in association with network hosted computer scripts is disclosed. A group of selectable user interface elements is provided to a macro author. The elements include behavior that, when controls generated by the elements are selected by a computing device user, cause a web-connected server separate from the computing device to perform one or more operations. A selection by the macro author of a user interface element and an identification of one or more parameters for the element is received. Macro code to generate controls associated with the author-selected elements to be associated with a first macro is executed, the first macro stored to be called from and execute on computing devices different from the device used by the macro author. The macro code is stored and the generated macro code is provided for access by users of a hosted computer system.05-24-2012
20100242094IDENTIFICATION OF TELEMETRY DATA - Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server.09-23-2010
20120216259Network Connecting Device and Method - A network connecting device includes: a network device for connecting to the network; a profile generation determination section for determining whether or not to generate a profile including information necessary for forming a connection with the network; a profile generation section for generating the profile when the profile generation determination section determines to generate the profile; a profile management section for managing the profile generated by the profile generation section; and a network connection section for controlling the network device and connecting to the network, based on the profile managed by the profile management section.08-23-2012
20120216257LABEL PRIVILEGES - Methods, systems, and apparatus for managing labeling privileges. In one aspect, a method includes receiving label data defining a label to be associated with an image of a first user in a photograph, the first user identified by a first user identifier and the label data associated with a submitting user identifier; accessing data defining labeling privileges for the first user identifier, the labeling privileges being for second users identified by respective second user identifiers, and the labeling privileges defining, for each second user, a labeling privilege for the second user to label an image of the first user in a photograph; determining whether the submitting user identifier is included in the second user identifiers; in response to determining that the submitting user identifier is included in the second user identifiers: determining the labeling privileges for the user identified by the submitting user identifier, and processing the label accordingly.08-23-2012
20100205654Signalling Method for Communication Networks, Corresponding Network, Devices and Computer Program Product - A method is proposed, for use e.g. in the context of WiMAX networks supporting the CMIPv6 function, for allowing the ASN-GW to become aware of the status of a control procedure, the CMIPv6 mobility binding procedure. The ASN-GW is not directly aware of its result since the procedure implies a message exchange at the U-Plane level, where the ASN-GW implements only a routing function. Nevertheless the ASN-GW needs to know the status of the procedure since it has to perform some subsequent actions depending on that status. The method includes signalling the status via a signalling mechanism between the Access Service Network and the Connectivity Service Network, thus avoiding packet inspection at the U-plane by the Access Service Network Gateway.08-12-2010
20110179469CROSS-DOMAIN AUTHENTICATION - Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.07-21-2011
20120137348SYSTEM AND METHOD FOR ENCODING AND DECODING DATA AND REFERENCES TO DATA IN MACHINE-READABLE GRAPHICAL CODES - A system for decoding machine-readable graphical codes is provided. The system includes a graphical code reading device configured to read a graphical code and generate reference encoded source data. The reference encoded source data includes a first reference identifier and a second portion. The system also includes a computing device in electronic communication with the graphical code reading device. The computing device also includes a reference decoder configured to effect conversion of the reference encoded source data into source data. The source data includes first affiliated data in place of the first reference identifier. The first affiliated data may be longer in length than the first reference identifier. The source data also includes the second portion. The computing device also includes a software application configured to use the source data.05-31-2012
20120137349SAFE APPLICATION DISTRIBUTION AND EXECUTION IN A WIRELESS ENVIRONMENT - The present invention provides safe and secure application distribution and execution by providing systems and methods that test an application to ensure that it satisfies predetermined criteria associated with the environment in which it will execute. Furthermore, by using rules and permission lists, application removal, and a modification detection technique, such as digital signatures, the present invention provides mechanisms to safely distribute and execute tested, or untested, applications by determining whether the application has been modified, determining if it has permission to execute in a given wireless device environment, and removing the application should it be desirable to do so.05-31-2012
20120137347Method of and System for Implementing Privacy Control - A method and a system for implementing privacy control in a communication network are provided. The method comprises the steps of generating a first Request Verification Code (RVC) for each user request in a privacy server by means of parameter hashing or non-Parameter-hashing and forwarding the user request together with the first RVC to the SP; and verifying a second RVC and user privacy setting (s) in a privacy server, wherein the second RVC is received together with a further request from the SP. The system comprises an untrustworthy subsystem comprising at least one Service Provider (SP) for providing application service and a trustworthy subsystem comprising at least one mobile operator module for providing communication service, wherein the mobile operator module further comprises at least one mobile core network for providing user privacy control by means of Request Verification Code (RVC). According to the method and system of the invention, security and privacy control in a communications network has been greatly improved.05-31-2012
20120137346SYSTEM AND METHOD FOR CONTROLLING ACCESS BETWEEN BLUETOOTH DEVICES - A method and system is provided for using an access list stored on a memory of a first computing device, the access list for controlling communication between the first computing device and a plurality of computing devices in a Bluetooth communication network. The method comprises: initiating a restricted mode of operation on the first computing device, the restricted mode of operation configured to secure the access list to prevent subsequent unauthorized modification thereon, the access list including at least one entry representing at least one selected computing device of the plurality of computing devices being permitted to access the first computing device, the at least one entry comprising at least one identifier to identify the at least one selected computing device; in response to a connection request between the first computing device and a particular computing device of the plurality of computing devices, determining whether the particular computing device is on the access list; and preventing connection between the first computing device to the particular computing device in response to determining that the particular computing device is not on the access list.05-31-2012
20110185400SYSTEM AND METHOD FOR VERIFYING THE AGE OF AN INTERNET USER - A method of verifying the age of a prospective Internet user comprises establishing an age check account; receiving information about a user, the information including an alleged age of the user; sending the information to be verified; and receiving a notification that the information has been verified.07-28-2011
20110185399PARENT MATCH - A method of providing control preferences set by a person for a second person who is a prospective Internet user, the method comprising the steps of establishing a first account, the settings of the first account being stored in a database; establishing a second account, the settings of the second account being stored in the database; linking the first and second accounts such that control settings of the second account are determined through the first account; and viewing Internet content from the second account consistent with the control settings of the second account.07-28-2011
20100186067Methods for Secure Data Distribution - A method for secure distribution of data in an interchange network, comprises having a network in which data records stored on at least one computer; and including an authorization service, where the authorization service grants a contractor access to at least a portion of the data records; and a watermarking module that adds one or more artificial records to said portion. The artificial records cannot be distinguished from the data records by the contractor and are valid for processing in the same way as the data records.07-22-2010
20100175112SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCTS FOR ENABLING TRUSTED ACCESS TO INFORMATION IN A DIVERSE SERVICE ENVIRONMENT - A system, method, and computer program product for enabling mediated access to information controlled by one or more information repositories by one or more application service providers. The information controlled by the one or more information repositories is associated with one or more subscribers of information-based services offered by the one or more application service providers.07-08-2010
20100175111Computer-Implemented Method for Obtaining a Minimum Biclique Cover in a Bipartite Dataset - A method includes providing a bipartite graph having vertices of a first type, vertices of a second type, and a plurality of edges, wherein each edge joins a vertex of the first type with a vertex of the second type. A unipartite edge dual graph is generated from the bipartite graph, and a minimum clique partition of the edge dual graph is recursively determined. A biclique is then created in the bipartite graph corresponding to each clique in the minimum clique partition of the edge dual graph.07-08-2010
20120222096OPEN MARKET CONTENT DISTRIBUTION - A content distribution system for one or more user devices, including: an open market coordinator (OMC) configured to manage a user domain, wherein the one or more user devices are members of the user domain and have access to content associated with the user domain, and wherein an individual user device has access according to predetermined privileges, the access being valid while the individual user device is a member of the user domain and has an active status with the user domain; and a plurality of domain service providers (DSPs) in communication with the OMC, wherein the DSPs are configured to enforce the predetermined privileges applied to the one or more user devices, and wherein the OMC is configured to support the enforcement of the predetermined privileges among the DSPs.08-30-2012
20120174193METHOD FOR READING ATTRIBUTES FROM AN ID TOKEN - The invention relates to a method for reading at least one attribute stored in an ID token (07-05-2012
20120174194ROLE SETTING APPARATUS, AND ROLE SETTING METHOD - A role setting apparatus includes: an ACL classifying section configured to output an access rule category in which at least one permission and a plurality of user IDs are related to each other, wherein the permission is a combination of a resource ID used to identify a resource as an access object and an action defining permission or non-permission of an operation to the resource, and the plurality of user IDs identify a plurality of users that are access subjects; and an ID attribute storage section configured to store the plurality of user IDs and a plurality of attribute elements, which are related to each other; an role definition storage section configured to store the plurality of attribute elements and a plurality of role definition names, which are related to each other. A role mapping section is configured to acquire a common attribute. which is common to the plurality of user IDs, from the plurality of attribute elements stored in the ID attribute storage section based on the plurality of user IDs of the access rule category, acquire a first role definition name from the plurality of role definition names stored in the role definition storage section based on the common attribute, and relate the access rule category and the first role definition name.07-05-2012
20120174192Displaying A Known Sender's Identifier To A Recipient Of A Joint Senders' Message - An approach is provided in which a request is received from a requestor to send a new email message to one or more recipients on behalf of a selected joint sender group (JSG). The selected JSG includes multiple JSG members with one of the JSG members being the requestor. Permissions corresponding to the JSG are then retrieved and compared to the requestor and the contents of the new email message are identified. The new email message is then sent to the recipients in response to determining, based on the comparison, that the requestor has permission to send the new email message on behalf of the selected JSG. On the other hand, the sending of the new email message is inhibited in response to determining that the requestor lacks permission to send the new email message on behalf of the selected JSG.07-05-2012
20120174191METHOD FOR SECURE EXCHANGE OF CONTEXT DATA BETWEEN USERS AND DEVICES - A method for secure exchange of context data between users and devices is generally presented. In this regard, a method is introduced comprising receiving context data over a network link from a first device registered by a user, and selectively forwarding the context data without user input based on permissions previously established by the user. Other embodiments are also disclosed and claimed.07-05-2012
20100299726SECURITY TECHNIQUE FOR CONTROLLING ACCESS TO A NETWORK BY A WIRELESS DEVICE - The present invention relates to a method for protecting the security of a computer network which is accessed through the use of wireless devices, among other means. Specifically, the present invention pertains to a method of using user-specific biometric data to identify users of wireless devices such as PDAs and yet prevent use by unauthorized persons and prevent changing of the biometric data by unauthorized persons. The method also prevents unauthorized access, and facilitates authorized access, to computer networks. Control of access to the biometric data and control of access to the network can be maintained in the network administrator or other responsible body and thereby also offers security against theft.11-25-2010
20100299725WIRELESS LAN ACCESS POINT DEVICE AND UNAUTHORIZED MANAGEMENT FRAME DETECTION METHOD - A wireless LAN access point device is structured to perform frame-based data transmission and reception to and from a wireless terminal over a wireless communication path. The wireless LAN access point device has a communication module configured to transmit and receive a frame to and from the wireless terminal. In the wireless LAN access point device, when the communication module receives a predetermined management frame from the wireless terminal, an execution module performs a corresponding operation specified by the received management frame. In the wireless LAN access point device, when the communication module receives a frame, a sequence monitor module obtains a sequence number included in the frame. In the wireless LAN access point device, when a first sequence number obtained by the sequence monitor module and a second sequence number included in the received management frame satisfy a preset condition, an unauthorized frame judgment module identifies the received management frame as an unauthorized frame. This arrangement has the high versatility and effectively protects a wireless LAN network from unauthorized accesses.11-25-2010
20100299724User Interface for Providing Voice Communications Over a Multi-Level Secure Network - According to one embodiment, a computer system executing a computer program is coupled to multiple secure network domains configured in a multi-level security architecture. The computer program simultaneously establishes a voice connection with a first terminal configured on a first secure network domain and a second terminal configured on a second secure network domain. The computer program may then selectively couple an electroacoustical transducer to the first terminal or the second terminal, and generate an indicator on a user interface indicating the security level of the selected terminal.11-25-2010
20100299723System and Method for Automated Clock Wind Back Recovery - A method and system for automated clock wind-back recovery are disclosed. According to one embodiment, a computer-implemented method comprises requesting a license to access an application and storing a time anchor, the time anchor comprising a recent system time observation. Clock modification is detected, wherein detecting clock modification comprises comparing a license expiration date to a current system time. The time anchor is compared to a trusted time authority value, the trusted time authority value comprising the current system time and a tolerance. The time anchor is updated, clock modification is corrected, and access to the application is retrieved.11-25-2010
20130174226LEVERAGING A PERSISTENT CONNECTION TO ACCESS A SECURED SERVICE - Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection.07-04-2013
20130174225MESSAGING SYSTEMS AND METHODS - A third-party can subscribe to one or more electronic message group lists without joining the group lists by creating a trust relationship between the subscriber and a group list member. In particular, the subscriber can send a trust indicator to the group member, who can then determine whether to accept the trust indicator for all or specific groups that are associated with the group member, as appropriate. In at least one embodiment, the group member can send a trust indicator acceptance message to the subscriber that identifies the group member, and any or all group lists associated with the group member. The subscriber can then receive messages directed to the trusted group member or group lists, and can send group messages to the group lists subject to a receive setting associated with the group lists or group members of the group lists.07-04-2013
20130174227COMPUTER-READABLE MEDIUM, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING SYSTEM - An example system causes a computer of an information processing device including a restriction unit for restricting use of functions and a handwritten input receiving unit to carry out functions of requesting an input of a handwritten signature, sending, to a server, a result of a handwritten input which has been input in response to the request of the signature input, and receiving the input of authorization information which has been issued by the server that has received the handwritten input result and which shows that the use of the functions is authorized, and moreover cancelling the restriction by the restriction unit when the input of the authorization information is received.07-04-2013
20130174230Method and system for secure linking with authentication and authorization in a media exchange network - Certain embodiments of the invention may be found in a method for establishing a communication pathway for subsequent media exchanges between a television display in a first home and storage that contains media in a second home. The method may comprise securely receiving address correlation information associated with the television display in the first home and securely receiving address correlation information associated with the storage in the second home. Affirmative confirmation may be received and/or stored using the received address correlation information associated with at least one of the television display and the storage. The invention may also include verifying that affirmative information has been stored in association with any subsequent media exchanges.07-04-2013
20120216258Network Connecting Device and Method - In a network connecting device connectable to a network, a connection approval/disapproval determination section determines approval/disapproval of connection to a network in accordance with a connection approval/disapproval determination rule managed by a connection approval/disapproval determination rule management section. When there is a security problem in a content of the connection approval/disapproval determination rule if a connection is to be formed, the security problem is solved by having a user re-input authentication information in the content of the connection approval/disapproval determination rule.08-23-2012
20110191827Detecting Unauthorized Router Access Points or Rogue APs in the Wired Network - Detecting rogue access points (APs) or rogue router APs on the wireless network. An authorized access point (AAP) on a network collects wired MAC addresses of wired devices in its subnet, and also collects BSSIDs of wireless devices operating in its vicinity. A rogue is detected by correlating the OUI portion of MAC addresses and BSSIDs after filtering out authorized OUIs.08-04-2011
20120222095INFORMATION COMMUNICATION SYSTEM, INFORMATION COMMUNICATION METHOD, NODE APPARATUS AND RECORDING MEDIUM - A node apparatus of an information communication system in which a content is distributed and stored by an overlay network configured by a plurality of node apparatuses and which has a center server that manages the content to be submitted to the overlay network, the node apparatus includes: a first creation unit configured to create meta-information that is used in submitting the content to the overlay network; a transmission unit configured to transmit the meta-information created by the first creation unit to the center server; a first reception unit configured to receive the meta-information and an electronic signature verifying the meta-information, which is determined to be proper by the center server, from the center server, and a permission unit configured to permit the meta-information received by the first reception unit to be acquired on the overlay network.08-30-2012
20120222094METHOD AND ARRANGEMENT FOR ENABLING THE USE OF A CONSUMABLE UNIT - In a method for enabling the use of a consumable unit in a consumption device of a consumption arrangement, a first item of authorization information assigned to the consumable unit is transmitted from the consumption arrangement to a remote data center. The data center implements a first verification of the first item of authorization information and, as a function of this verification, a second item of authorization information assigned to the consumable unit is generated. The second item of authorization information is transmitted to the consumption arrangement, which implements a second verification of the second item of authorization information, dependent on which use of the consumable unit in the consumption device is enabled. The outcome of either the first or second verification is also used for an accounting for use of the consumable unit when, the first verification indicates that the consumable unit was previously unused.08-30-2012
20100058445SERVICE SHARING AMONG IMS USERS - Systems, methods, devices and software according to these exemplary embodiments provide techniques for sharing services among IMS users. An unsubscribed service, e.g., provided by another operator, can be accessed upon request and verification of authorization with an existing subscriber of that service.03-04-2010
20100050240WIRELESS NETWORK HAVING MULTIPLE SECURITY INTERFACES - A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.02-25-2010
20100050239AUTOMATED SERVICE PLATFORM PROSPECTING - Techniques for automated service platform prospecting are provided. A prospector process is sent out in advance to scout for potential network sites that provide computing infrastructure and computing services (platforms) to self-contained computing environments. The prospector process validates the potential network sites for use and gathers site characteristics that are used to configure the self-contained computing environments when they are to be installed and executed on those network sites.02-25-2010
20080216158Lawful Interception of Unauthorized Subscribers and Equipments - The present invention relates to methods and arrangements in a telecommunication system to override current access rights. The telecommunication system comprises an Access Point IAP; MSC, SGSN associated with a Configuration Unit ICU. The method comprises the following steps: —Receiving to the Access Point IAP; MSC, SGSN from the Configuration Unit ICU, a request (09-04-2008
20080216156Fault tolerant security system, method and apparatus - A security system comprises a host system, a plurality of master controllers and a plurality of sub-controllers, wherein each sub-controller is assigned a specific master controller as well as alternate master controllers for communication access upon failure of the primary master controller. The host, master controller and sub-controllers are all coupled by a series of primary communication networks and paths and have multiple alternative communication network paths which function should there be a failure of the primary communication network. The host system comprises system and application software, data storage devices and communication ports to support the application requirements of the master controller, sub-controller network and access control devices attached thereto necessary to support a fault tolerant network. The system is configured with backup communication networks between the components so that upon failure of one or more components or communication paths the function of the failed component or path is assumed by alternative predesignated components or paths such that the operations of the system is not interrupted.09-04-2008
20100275248Method, apparatus and system for selecting service network - The present invention relates to network communication technologies, and discloses a method, an apparatus, and a system for selecting a service network to improve network capabilities of serving the client. The method includes: receiving an address request message that carries service network selecting condition from a client or user; and judging whether preconfigured or stored service network configuration information meets the service network selecting condition, and forwarding the address request message to the service network that meets the service network selecting condition if the preconfigured or stored service network configuration information meets the condition. The apparatus includes: a message receiving and sending unit, a configuring unit, and a service network selecting unit. The embodiments of the present invention can select a service network for the client or user according to the requirements of the client or user, and improve the service capabilities of the network.10-28-2010
20120180113SYSTEM AND METHOD FOR PEER-TO-PEER HYBRID COMMUNICATIONS - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables two endpoints to directly establish and maintain a communication session after authenticating with an access server.07-12-2012
20120180112Lifecycle Management of Privilege Sharing Using an Identity Management Systen - A method, system and computer-usable medium are disclosed for managing the lifecycle of a shared privileged account. A proxy service is implemented with an Identity Management (IdM) system that defines and manages a plurality of identity services, which in turn manage a plurality of privileged accounts used to access a plurality of managed targets. Each of the identity services is mapped to a privilege group of the proxy service and an ID pool manager is implemented to manage sharing of the privileged accounts. A request is generated to access a managed target with a privileged account. A shared privileges module generates a shared ID authorization account and associates it with the requestor. The shared ID authorization account is populated with sign out information for a shared privileged account, which the requestor uses to access the corresponding managed target.07-12-2012
20120233664SECURING ASYNCHRONOUS CLIENT SERVER TRANSACTIONS - A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.09-13-2012
20100011416DOCUMENT STORAGE ACCESS ON AN UNSOLICITED TRANSFER BASIS - Systems and methods of the present invention allow a file owner to upload and store a file to a File Storage Area. Through a series of communications, a file owner may provide an intended file recipient access to the file without a request by a file requester. The file owner may grant permissions to access the file and notify the intended file recipient of the results.01-14-2010
20100011415SYSTEM AND METHOD FOR PROCESSING AN UPLOAD OF A PROGRAM WITH EXPORT COMPLIANCE INFORMATION - Disclosed herein are systems, methods, and computer readable-media for processing a program with export compliance information, the method including in a process of ingesting a program from a developer to an online store, presenting a request to the developer to indicate if the program contains encryption, upon indication that the program contains encryption, presenting an interface for the developer to upload an appropriate export compliance form, blocking the program from the online store if the appropriate export compliance form is not received, and upon receipt of the appropriate export compliance form, receiving and ingesting the program from the developer into the online store. In one aspect, the method further presents an interface to the developer to upload one export compliance form associated with multiple programs. In another aspect, the export compliance form is bundled with the program for distribution in the online store. The method can include blocking the program from the online store if the program does not meet one or more additional requirements. In one aspect, the appropriate export compliance form is transmitted to a reviewing body for approval before completely ingesting the program. The reviewing body may notify the developer of approval or rejection of the export compliance form.01-14-2010
20120272294ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD - A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.10-25-2012
20120272292METHOD AND APPARATUS FOR PROTECTING AGAINST ATTACKS FROM OUTSIDE CONTENT - A method and apparatus for protecting against attacks from outside content is described. In one example, a request is received from a user to access content from a second domain. An active session for the user with the second domain is searched for. If no active session is found, then an active session with a related first domain is searched for. If an active session is found with the first domain, then a session is established with the second domain based on the active session with the first domain. The requested content is then provided to the user based on the established session with the second domain.10-25-2012
20120272296METHOD AND SYSTEM FOR PROTECTING AGAINST THE EXECUTION OF UNAUTHORIZED SOFTWARE - In accordance with an embodiment of the present invention, a client device is protected against the execution of unauthorized software. The client includes a code authentication process that verifies the integrity of executable code, by generating and comparing a first hash value of the executable code with a known hash value of the original code. Furthermore, during boot-up, the client initializes a CPU exception vector table with one or more vector table entries. One or more, or all, of the vector table entries direct the CPU to execute the code authentication process prior to executing an event handler when an exception event occurs. Consequently, the code authentication process is virtually guaranteed to execute, thereby protecting against the execution of unauthorized code.10-25-2012
20090055904Distributed Authentication System and Distributed Authentication Method - [Subject] In a distributed authentication system, if a terminal including a plurality of communication devices changes a communication device to another communication device during using a service, the service under use can be used in succession, and the number of times for execution by the user can reduced.02-26-2009
20090055905ACCESS CONTROL LIST CHECKING - Method and system for dynamically checking an access control list during the data transfers between a client web browser and a web server. The method and system allow checking of access control list by an application firewall, independent from the web application. The rules, upon which the checking is based, can be easily updated without affecting the web application.02-26-2009
20090070858AUTHENTICATION COMPUTER AND PROGRAM - By utilizing representative embodiment of present invention, the security and convenient of personal authentication system are enhanced. An authentication computer comprising a processor, a memory and an interface: wherein the memory memorizes an user information; wherein the processor receives an authentication demand; wherein the processor allocates, to the received authentication demand, an e-mail address which hasn't been allocated to any authentication demand; wherein the processor receives an e-mail; wherein the processor receives an authentication result demand; wherein the processor specifies the authentication demand corresponded to the received authentication result demand; wherein the processor specifies a source e-mail address from the e-mail where a destination e-mail address is the e-mail address allocated to the specified authentication demand; wherein the processor refers to the user information to specify the user corresponded to the specified source e-mail address; and wherein the processor sends data corresponded to the specified user to the client computer.03-12-2009
20120185922Multimedia Management for Enterprises - The embodiments herein disclose a unified method of managing multimedia content in an enterprise using a system that is responsible for streaming, efficient storage, archival, analytics, authentication, creating, editing, sharing, broadcast, and encoding of the content. A unified multimedia appliance is provided within an enterprise cloud, and can provide a single interface for all users across multiple locations within an enterprise. The unified multimedia appliance provides a single appliance or software solution for managing multimedia needs of an enterprise. The appliance provides the convenience of a public cloud based service, but with enhanced security and control over the media content being used and distributed within the enterprise. This appliance could be hosted either inside the enterprise datacenter (private cloud) or could be hosted in the public cloud.07-19-2012
20120185921METHOD AND SYSTEM FOR PROVIDING PERMISSION-BASED ACCESS TO SENSITIVE INFORMATION - A method provides for permission-based access to personal information over a communication network. The method includes entering specified owner personal information in an owner terminal, by an owner, to establish a secure owner profile, which is stored in an owner database. The method also includes entering specified user personal information in a user terminal, by a user, to establish a secure user profile, which is stored in a user database. The method further includes entering a user request in the user terminal requesting permission to receive a designated piece of the owner personal information from the secure owner profile. A server determines whether to approve the user request; and provides permission to use the designated piece of the owner personal information to the user over the communication network after the user request is approved by the server.07-19-2012
20120185920SERIALIZED AUTHENTICATION AND AUTHORIZATION SERVICES - Requests for User Services on networked computers running on different platforms with different Authentication, Authorization and Auditing (AAA) Security Systems are processed through an AAA Services Manager Server and Web Services Servers. The AAA Services Manager Server communicates requests for User Services to Web Services Servers using corresponding URL Web addresses. Web Services correspond to their respective Authentication Security Systems and Authorization Security Systems through which User Services may be obtained. The Web Services Servers act to access, for User validation, the respective Authentication Security Systems and Authorization Security Systems according to their individual languages and computing platform requirements.07-19-2012
20120084841WEB-BASED SYSTEM FOR PUBLISHING OWNER CONFIGURABLE WEB SITES - A web-based system allows for publishing a website with features and access configured on a user-by-user basis by the website owner to present personal data as well as social network feeds in a single interface. The website owner can update and manage his/her social media from the same page, as well as organize private data if desired. The system includes a messaging function, in accordance with which users can drop a message into the message service of a site owner, and it gets delivered to the site owner in exactly the manner specified by the site owner.04-05-2012
20120084842CONFIGURABLE ELECTRONIC MESSAGING SYSTEM THAT MAINTAINS RECIPIENT PRIVACY - A messaging service allows message senders to reach a web site owner in the way the owner wants. Users authorized by the owner drop a message into the message service of a site owner, and it gets delivered to the site owner in exactly the manner specified by the site owner. The site owner can organize incoming messages by time, calendar, user, viewing method, etc. The site owner can receive messages in the way she wants, but all her friends need to know is one address, the owner's site address.04-05-2012
20120084840TERMINAL CONNECTION STATUS MANAGEMENT WITH NETWORK AUTHENTICATION - A network relay device includes a communication unit, an authentication processing unit, a DHCP snooping processing unit, and a terminal search processing unit. The authentication processing unit creates first information specifying an authenticated terminal device according to web authentication, and manages whether relay of communication data between a terminal device and a node on the specified network is permissible based on the first information. The DHCP snooping processing unit executes snooping of DHCP communication data between a terminal device and a DHCP server, and creates second information specifying a layer 3 address allocated to each terminal device. The terminal search processing unit specifies an authenticated terminal device based on the first information, specifies a layer 3 address allocated to the specified authenticated terminal device based on the second information, and causes the communication unit to send, to the specified layer 3 address, confirmation communication data.04-05-2012
20120084839SURVEILLANCE NETWORK SYSTEM - Embodiments of a sensor network system provide surveillance capabilities in multiple contexts/environments (e.g., military, commercial, scientific, civic, urban, wilderness, etc.). Network nodes may include devices such as sensors, network routers, network controllers, etc. Network sensors may be configured so that power management objectives are maximized. Network sensors (both individually and as a group) may be capable of intelligent and cooperative information gathering, so that the output of the sensor network does not contain high levels of irrelevant information. The network nodes may communicate among one another via one or more communication links, and in some cases, multiple routes between any two network nodes may be available. The sensor network may include aspects of both high data rate and low data rate network features. One or more network controllers may provide various network management capabilities, including management of network routing, information collection, information exportation, network configuration, etc.04-05-2012
20120084838METHODS AND SYSTEMS FOR MANAGING CONCURRENT UNSECURED AND CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - An endpoint, method, and authorization server are disclosed which can be used to allow concurrent secure and clear text communication. An endpoint includes a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication interface configured to send and receive data packets via a data communications network. The endpoint also includes a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access list defining a group of access permissions for a community of interest. The community of interest includes one or more users, and an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest. The endpoint also includes a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send and receive data packets via the data communications network. The driver is also configured to selectively split and encrypt data into a plurality of data packets to be transmitted via the data communications network based at least in part upon the contents of the one or more access lists.04-05-2012
20120084837Method and apparatus to implement secured, event-based layered logout from a computer system - A secure, layered logout of a user session is implemented in a web-based management tool, such as a middleware appliance. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions associated therewith and that are enforced upon occurrence of an event. A succeeding security level in the set of security levels is reached upon occurrence of an event associated with that level, in which case the set of permissions associated with the security level are then enforced against at least one managed object while the user session continues. As each next security level is reached, the set of permissions associated with the security level are then enforced (with respect to the managed object or against one or more other managed objects), once again while the user session continues. Each of the objects preferably is managed independently of at least one other object; thus, the layered logout may enforce different permissions with respect to different managed objects while at the time maintaining the user session. If the user takes no action, and as a result of the occurrence of the events, eventually a final security level of the set of security levels will occur, at which point the user session is finally terminated.04-05-2012
20120227091POLYMORPHIC ASSURED NETWORK - Described herein are devices and techniques for implementing a polymorphic network adapted to change network path configurations among a number of pre-determined network path configurations in response to a perceived threat. Such perceived threats can include detection of an unknown process, or simply according to some schedule, or randomly to prevent or otherwise reduce susceptibility to such perceived threats. Multiple (e.g., redundant) network communications paths can be pre-configured between two endpoints. Network communications between the two endpoints can be periodically redirected, for example, in response to a perceived threat or according to one or more rules and/or a schedule to otherwise avoid a perceived threat. A system adapted to permit such pre-configuration of multiple network paths can include an access restrictor in communication with a network configuration controller to prohibit unauthorized pre-configuration of the network paths.09-06-2012
20120227094SYSTEMS AND METHODS FOR SINGLE SIGN-IN FOR MULTIPLE ACCOUNTS - Systems and methods which facilitate single user sign-in for multiple accounts are shown. Embodiments create a single user base which maps users to multiple accounts. The use of a single set of credentials by the user is provided for according to embodiments irrespective of the applications associated with the various accounts having very different security protocols. A system hosting the shared user base preferably provides a single authentication point for multiple services. Embodiments an authenticator string, as may be passed between a client and bridge server and/or client and application, in order to enable user access, detect attacks with respect to a client conversation, etcetera. In addition to providing a shared user base for single sign-in, embodiments provide additional shared functionality and/or functionality not available from the applications themselves.09-06-2012
20120227093USER SENSITIVE FILTERING OF NETWORK APPLICATION LAYER RESOURCES - In one embodiment, a method includes receiving authorization data at a local node of a network. The authorization data indicates a particular network address of a different node in the network and an authenticated user ID of a user of the different node. Resource profile data is retrieved based on the user ID. The resource profile data indicates all application layer resources on the network that the user is allowed to access. The particular network address is associated at the local node with the resource profile data for the user. A request from the particular network address for a requested application layer resource on the network is blocked based on the resource profile data associated with the particular network address.09-06-2012
20120227092CONTROLLING USER ACCESS TO ELECTRONIC RESOURCES WITHOUT PASSWORD - Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.09-06-2012
20120227090WIRELESS COMMUNICATION TERMINAL - A wireless communication terminal may include a trigger receiving unit that receives a trigger for starting first setup process in a state in which the wireless communication terminal does not participate in wireless network, a transmitting unit that transmits an acquisition request of setup information representing a participation setup process performed by another wireless communication terminal after receiving the trigger, a receiving unit that receives a response including the setup information transmitted from the other wireless communication terminal receiving the acquisition request, and a control unit that performs control such that the transmitting unit transmits error information representing that wireless communication terminals performing the first setup process are detected to the wireless communication terminals, and performs control such that the participation setup process performed by its own wireless communication terminal is set as second setup process when responses including the setup information representing the first setup process are received.09-06-2012
20120227089APPARATUS AND METHOD FOR SHARING CONTENTS OF SOCIAL NETWORK SERVICE IN COMMUNICATION SYSTEM - A system, apparatus, and method in a communication system allow sharing contents of users by acquiring an access right even if there is no connection relationship in a Social Network Service (SNS). The system includes an SNS provider and a middleware server. The SNS provider provides the SNS and generates an authorization key and an authorization token according to an open authorization protocol. The middleware server obtains contents of a second user from the SNS provider by using an authorization key of the second user when a first user requests sharing SNS contents of the second user, and transmits the contents of the second user to the first user.09-06-2012
20120260318ACCESS TO A NETWORK FOR DISTRIBUTING DIGITAL CONTENT - A transmission of a digital content to a user terminal is managed by a network comprising a service subnetwork adapted for providing the terminal with a service token, and a digital contents distribution subnetwork which includes a control part and a transmission part. The control part of the distribution subnetwork receives a request from the user terminal for a digital content, indicating a service token. Next, if the service token is recognized as valid, an address relating to the distribution subnetwork is determined and a session token associated with said address is generated. A message indicating said address and the session token associated with said address is then transmitted to the user terminal.10-11-2012
20120260316Leveraging a Persistent Connection to Access a Secured Service - Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection.10-11-2012
20090019527Assent To Conditions For Network Access - A device that includes a first processor, a second processor, and an encryption module in communication with the first processor and the second processor may be used to accept conditions for access to the network. The first processor may receive condition data, and in response, may send an acceptance signal via the encryption module to the second processor. The second processor may receive the acceptance signal and, in response, may send acceptance data to a gatekeeper. The encryption module may block unencrypted data other than the acceptance signal from being communicated from the first processor to the second processor. The encryption module may support type 1 encryption.01-15-2009
20110126270Image Forming System, Image Forming Apparatus, and Method For Creating, Maintaining, and Applying Authorization Information - A user-manager server device includes: registration information on a local group including a domain user separately from a domain group managed by a directory server device, and authorization information on the domain group, the domain user, and/or the local group. When a logged-in user belongs to the local group, an authorization processing unit transmits the authorization information on the local group to a multifunction periphery (MFP) as the authorization information corresponding to the logged-in user. When the logged-in user does not belong to the local group, the authorization processing unit transmits the authorization information on one of the domain group and the domain user to the MFP as the authorization information corresponding to the logged-in user.05-26-2011
20120233666Network-Oriented Matrix Sharing For Genealogy And Social Networks Through Network-Role-Based Access Controls - A computer-implemented method for displaying social media content items using a network based browser. The method includes displaying a plurality of networks from a social media content database, the database including social media content items organized into networks, receiving a selection of a network from the plurality of networks from a user, comparing access control information for the selected network including determining role types authorized to view social media content items in the network to a role type associated with the user for that network, identifying a plurality of social media content items that can be displayed on the comparison, and displaying the identified social media content items.09-13-2012
20120233662ENHANCING COMMUNICATION - Among other things, from content of a communication composed by a user, a strategy is inferred for selecting target information related to the content. The strategy is used to select target information from a body of target information. And information about the selected target information is reported to the user.09-13-2012
20120233663SYSTEMS AND METHODS FOR ENABLING TEMPORARY, USER-AUTHORIZED CLONING OF MOBILE PHONE FUNCTIONALITY ON A SECURE SERVER ACCESSIBLE VIA A REMOTE CLIENT - Temporary, user-authorized cloning of physical mobile phone functionality via a secure server can enable physical mobile phone features to be accessed and controlled by a user from a remote client. A secure server can include mobile phone registration information, enable secure access by users via a remote client, maintain communication and synchronization with the mobile phone, receive data associated with the physical mobile phone when is not in communication with at least one of a supporting telecommunication network and the secure server, and enable the physical mobile phone user to obtain secure communication with the secure server via a remote client, access and manage cloned mobile phone data and communicate with third parties. Physical mobile phone user access to the secure server and cloned mobile phone functionality with the remote client can be terminated once the physical mobile phone user logs off of the secure server from the remote client.09-13-2012
20120233670METHOD AND SYSTEM FOR MANAGING SECURITY OBJECTS - A message that a user is requesting an access to a resource is received. The access is associated with a requested access level and is granted if an access path exists between the user and the resource for the requested access level. In response to the message reception, a first identifier of the user, a second identifier of the resource, the requested access level, and a first value that represents that the access to the resource was requested is stored in a record. All access paths usable to determine whether the user is authorized to access the resource are identified. Another security object including a flag to represent its usage in authorizing access to the resources is received. A decision is made with respect to whether the received other security object was used within one of the identified access paths as a function of its flag value.09-13-2012
20120233669METHOD AND APPARATUS FOR SECURE AUTHORIZATION - A method for authorizing access to a first computing device is provided. The method comprises the first computing device forming a challenge, encoding the challenge into a symbol, and displaying the symbol. The first computing device receives a request for access from a user. Access to the first computing device is allowed in response to provision of an access code to the first computing device by the user. The access code is formed by a server in response to capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server. The server forms a decision to allow access by the user to the first computing device.09-13-2012
20120233668Pluggable Allocation in a Cloud Computing System - In one embodiment, a cloud computing system provides user extensibility by providing a plugin interface for major systems. Plugin interfaces for a compute service, object service, network service, authentication and authorization service, message service, and image service are disclosed. One or more of the plugin interfaces can be used to alter the allocation of virtual to physical resources across multiple services. Compound services and smart allocation facilities are possible with user-directed modification.09-13-2012
20120233661Method and Apparatus for Regulating Electronic Mail Transmission through Account Verification - Methods and apparatus for regulating the transmission of electronic mail messages are provided. The type of account or necessary permissions to transmit the electronic mail messages to their destination is determined and the sender's account is queried to ensure it is of the proper type or has the necessary permissions. If so, the electronic mail message is sent to its destination. If not, the electronic mail message is held and the user is allowed to obtain the proper type of account or an account with the necessary permissions for delivery of the electronic mail message. In determining the proper type of account or necessary permissions, variables can include the geographic location of the electronic mail message's destination or the size of the electronic mail message and its attachments.09-13-2012
20120266218Differential Encryption Utilizing Trust Modes - Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.10-18-2012
20130019287METHOD AND APPARATUS FOR ENABLING A USER TO SELECT AN AUTHENTICATION METHOD - The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service.01-17-2013
20130019288METHOD AND ARRANGEMENT FOR MEDIA ACCESSAANM Holmgren; JimmyAACI LinkopingAACO SEAAGP Holmgren; Jimmy Linkoping SEAANM Kvarnstrom; BoAACI LinkopingAACO SEAAGP Kvarnstrom; Bo Linkoping SEAANM Lundgren; JohanAACI LinkopingAACO SEAAGP Lundgren; Johan Linkoping SE - A method and arrangement in a media server (01-17-2013
20130019286VALIDATING THAT A USER IS HUMAN - A method of validating that a user is human. A user question is generated using a computerized device. The user question is output to a user. A user response to the user question is received from the user. The user response is validated as having been provided by a human.01-17-2013
20130174229Web-Based Collaborative Framework - Embodiments of the present disclosure provide systems and methods for facilitating network communications. Briefly described, one embodiment of the system, among others, includes a server-based application configured to produce web pages for a web site in accordance with input received from a user; and an interface to the server-based application receiving selections of features which are available to be added to the web site in response to user prompts and to set access rights on which features are to be available to different roles of users. Other systems and methods are also provided.07-04-2013
20130174224INFORMATION PROCESSING APPARATUS AND UNAUTHORIZED ACCESS PREVENTION METHOD - An information processing apparatus includes nodes having a first node and a second node each of which includes a processor and a memory in which at least a part of area is set as a shared memory area, and an interconnect that connects the nodes. The first node transmits communication data to be transmitted to the second node by attaching identification information used for accessing a memory in the second node. The second node determines whether or not an access to the shared memory area in the memory in the second node is permitted on the basis of the identification information that is attached to the communication data transmitted from the first node and identification information stored in a storing unit and used for controlling permission to access, from another node, the shared memory area in the memory in the second node.07-04-2013
20090019531SYSTEM AND METHOD FOR WIRELESS LOCAL AREA NETWORK MONITORING AND INTRUSION DETECTION - Systems and methods for providing improved network security against unauthorized wireless devices are presented. A security component within in a wired portion of a computer network is provided. The security component is configured to control the bridging of network activity between the wireless portion and wired portion of the computer network. Using the security component, network traffic between the wireless and wired portions of the computer network for unknown wireless devices is passively monitored. Upon network traffic between the wireless and wired portions of the computer network for an unknown wireless device, the security component determines at least one identifying characteristic of the unknown wireless device by actively probing the device for an identifying characteristic. The security component determines at least one behavioral characteristic of the device according to the network traffic between the device and devices in the wired portion of the computer network. A device profile for the unknown wireless device is generated according to the identifying and behavioral characteristics, access privileges corresponding to the unknown wireless device according to the device profile are determined, and network traffic from the unknown wireless device is permitted to pass to the computer network according to the determined access privileges.01-15-2009
20080301782BROADCAST/MULTICAST SERVICE SYSTEM AND METHOD PROVIDING INTER-NETWORK ROAMING - A method of providing a broadcast/multicast (BCAST) service, the method including receiving, from a terminal, a request of access to a BCAST service, performing service authorization with a home network, delivering, to the terminal, a message including a rights object (RO) to access the BCAST service, if the terminal is authorized to receive the BCAST service as a result of the service authorization, and providing the BCAST service to the terminal that was authorized to receive the BCAST service.12-04-2008
20080301779Configuring Security Mechanisms Utilizing A Trust System - Implementations of configuring security mechanisms utilizing a trust system are described. In one implementation, a request to communicate is received at a protected device. Before permission to communicate can be granted, a list of trusted devices is accessed. If information, such as an identity or a secret, associated with the device sending the request to communicate correlates to information found on the list of trusted devices, then communication can be allowed. Otherwise, communication between the device and the protected device can be denied.12-04-2008
20080301778System And Method For Preventing Automated Programs and Unauthorized Users In A Network - A system for preventing an unauthorized user in a networked computing environment includes a client computer provided with a visual test upon a request transmitted through a network by the client computer for a service, wherein the visual test is displayed on a video display, wherein the visual test requires the performance of a predetermined action on a group of images displayed on the video display in order to gain access to the service, wherein the group of images comprises at least two images that are associated with each other.12-04-2008
20080301781METHOD, SYSTEM AND COMPUTER PROGRAM FOR MANAGING MULTIPLE ROLE USERID - In a data processing system it is necessary to make sure that only authorized users have access to system resources and normally not all the users can have access to all and to the same resources. The present invention provides a method and a system for controlling resources, handling multiple authorization roles with a single userID, and allows for movement between the roles without changing identity. This results in a clearer audit trail, and removes the need for extensive knowledge of the security system commands and for multiple steps to allow a step up or down in authorization.12-04-2008
20120266217Permitting Access To A Network - Method and communication system for permitting access to a network by sharing access credentials over the communication system between first and second communication clients executed at respective first and second user terminals of respective first and second users of the communication system. The access credentials are for accessing the network. The method comprises the first communication client causing the access credentials to be stored in a first store of the first user terminal or of the communication system, and the first user authorising the second user to access the access credentials stored in the first store. The second communication client accesses the first store and retrieves the access credentials on the basis of the second user's authorisation to access the access credentials stored in the first store. The second communication client stores the retrieved access credentials in a second store at the second user terminal, and the second communication client uses the access credentials stored in the second store to access the network, without conveying the retrieved access credentials to the second user in a form which is comprehensible to the second user.10-18-2012
20120240198COMPUTERIZED AUTHORIZATION SYSTEM AND METHOD - A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.09-20-2012
20110004925DATA PROCESSING WITH A POSTERIORI OR A PRIORI AUTHENTICATION - A method and apparatus are provided for processing data. The method includes a step of receiving, during a first communication session established with said server, a request formulated by a first user defining at least one processing operation to be executed on first data, and a step of executing said processing operation on said first data, during a second communication session established with said server after said first session for a second user. The step of executing is applied on condition that the second user has been authenticated via a strong authentication method during the second session and that a relationship between the first and second users has been verified.01-06-2011
20110004923METHOD AND SYSTEM FOR GENERATING USER GROUP IDENTIFIERS - A method and apparatus for generating user group identifiers using a permissions matrix is disclosed. The permissions matrix includes an entry that is associated with a row and a column of the permissions matrix. The row of the permissions matrix is indexed with a first role and the column of the permissions matrix is indexed with a second role. A data structure implementing such a method can include, for example, a user group identifier matrix. Alternatively, a method is disclosed in which the expiration of a user group identifier is detected. In such a case, the user group identifier is updated by accessing a user group identifier matrix.01-06-2011
20110004922User Specified Privacy Settings - Customized content sharing techniques are described. In an implementation, an input is accepted that describes a particular type of content. The input is provided via selection of one or more privacy settings for a user of a social network service. The input is also used to control which other users of the social network service are permitted to communicate content to the user.01-06-2011
20110131632Management system of technical literature data and method thereof - A management system of technical literature data and the method thereof are disclosed. According to the user's authority corresponding to the user identification, the invention reads out function items that can be accessed by the user. An operating interface displaying the function items, provides the user for manipulating function corresponding to the displayed function items so that multiple users can manage technical literature data together. This can efficiently share notes for the technical literatures, achieving the goal of studying a lot of technical literatures by division of labor and reducing system operation loading.06-02-2011
20120240202Communication Abuse Prevention - Communication abuse prevention techniques are described. In an implementation, a reputation level for a communication is determined based on relation information for a sender and an intended recipient of the communication. A challenge is invoked that is to be completed by the sender before the communication is sent. The challenge is selected based on the reputation level for the communication. The communication is caused to be available for access based on successful completion of the challenge. Access to the communication is inhibited in response to a subsequent determination of the reputation level that indicates that the reputation level for the communication has changed to a new reputation level prior to the communication being accessed by the intended recipient. The subsequent determination is based on additional information associated with the sender of the communication09-20-2012
20120240201System and Method for Providing Multimedia Services - A communications system and method is configured to provide multimedia services utilizing a signaling protocol such as a session initiated protocol (SIP), via a local access network. The method includes providing a local proxy having an internet protocol (IP) address, wherein the local proxy is integrated with the local access network. The method further includes providing a client device having a signaling protocol client, wherein the client device is coupled to a remote access network that is, external to the local access network. Additionally, the method includes initiating a session by the client device accessing the IP address of the local proxy.09-20-2012
20120240200LOCATION-TARGETED ONLINE SERVICES - Described are various implementations of location-targeted online services. When a user accesses the Internet from a supported location, he'll be able to use premium or exclusive online services (premium content, member-only discounts etc.) for free and without going through an elaborate subscription process. The location owner may promote these services before the user enters the location. Example: in addition to mentioning “free Internet”, the hotel owner can attract new customers by mentioning “free Netflix movies” or “free access to premium content, from Zagat reviews to stock reports”. It allows the location owner to utilize a network (WIFI) service provider as a means of increasing its core business and not just as a source of incremental advertisement income.09-20-2012
20120240199CONFIDENTIAL PRESENTATIONS IN VIRTUAL WORLD INFRASTRUCTURE - Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture.09-20-2012
20120240197Managing Tethered Data Traffic Over a Hotspot Network - Presented is a system and method for controlling access to a mobile hotspot on a mobile device utilizing a hotspot management application. The method includes detecting unauthorized data traffic over a tethered link between the mobile device and a tethered device by analyzing a signature of the unauthorized data traffic. Analyzing the signature of the unauthorized data traffic may be carried out utilizing a rules engine, where the rules engine is based on one or more carrier controlled tethering policies and one or more user controlled tethering policies. Detecting unauthorized data traffic may further include detecting an unauthorized tethering application on the mobile device utilizing a database of known unauthorized tethering applications. The method further includes controlling the unauthorized data traffic. The method additionally includes redirecting a user of the mobile device to a captive portal for authorized tethering plan support.09-20-2012
20120240196AUTOMATED SNIFFER APPARATUS AND METHOD FOR MONITORING COMPUTER SYSTEMS FOR UNAUTHORIZED ACCESS - An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus includes a processing unit. It includes a wireless network interface device and an Ethernet (or like) wired network interface device that are coupled to the processing unit. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from a wireless access point device that is operational about the selected local geographic region. A code is directed to performing connectivity test using one or more marker packets to determine connectivity status of the wireless access point device to network to be protected from intrusion. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.09-20-2012
20120240195APPARATUS, SYSTEM AND METHOD EMPLOYING A WIRELESS USER-DEVICE - Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction.09-20-2012
20120240194Systems and Methods for Controlling Access to Electronic Data - Access to an organization's electronic data is controlled by receiving login information for an individual, authenticating the individual based on the received login information, and granting permissions to the authenticated individual for a portion of an organization's electronic data. The granted permissions are associated with rote assignments for the individual, which role assignments are independent of any organizational structure, and may be granted to the individual for more than one role assignment based on the same authenticated login information. Further, an individual may be denied some role assignments to preclude access to certain portions of the organization's electronic data.09-20-2012
20120240192USING ENTITLEMENT CERTIFICATES TO MANAGE PRODUCT ASSETS - A server receives a consumer request from a client to access a product repository that is coupled to the server. The consumer request comprises an entitlement certificate and a uniform resource locator (URL). The server identifies at least one extended attribute object identifier in the entitlement certificate to determine whether the client is authorized to access the product repository. The at least one extended attribute object identifier has a corresponding URL in the entitlement certificate that specifies a location of the product repository that the client is authorized to access. The server grants the client access to the product repository based on a determination that the URL in the consumer request matches a URL in the entitlement certificate.09-20-2012
20080282328METHOD AND SYSTEM FOR MODELING OPTIONS FOR OPAQUE MANAGEMENT DATA FOR A USER AND/OR AN OWNER - Distributed Management Task Force (DMTF) management profiles, based on the Common Information Model (CIM) protocol, may be utilized to perform access authentication during opaque management data profile operations based on DMTF/CIM Role Based Authorization (RBA) profile and/or Simple Identity Management (SIM) profiles. Instances of CIM_Identity class may be utilized to enable validation of ownership and/or access rights, via instances of CIM_Role class and/or instances of CIM_Privilege class for a plurality of common users and/or applications. Quota related operations may be performed via “QuotaAffectsElement” associations between instances of CIM_Identity class and instances of the CIM_OpaqueManagementDataService class. The “QuotaAffectsElement” association may comprise “AllocationQuota” and/or “AllocatedBytes” properties to enable tracking and/or validating of quota related information within the opaque management data profile.11-13-2008
20110047601Electronic Content Distribution and Exchange System - An electronic content distribution and exchange system provides authenticated, reliable content downloads and tracking capabilities. Content is distributed to users through the invention's architecture. A user registers for the purchase of content through an interface on a client system or via a Web site. The purchase is for a license to the content, not for the content itself. A list of available content is displayed to the user through the client system or the Web site. The invention's central servers log the purchase of the content into a license database. The user accesses content through the client system's user interface where the user plays the content and controls its playback.02-24-2011
20110047599MICROMINIATURE PERSONAL COMPUTER AND METHOD OF USING THEREOF - A microminiature personal computer that is connected to external devices using standard interfaces for information input and output. The microminiature personal computer has an interconnected processor, a memory, a security module, and a connector. At least part of memory should be non-volatile to keep operating system, drivers to work with external devices, programs and data. The microminiature personal computer does all processing and all programs are running inside its memory while external device is used only for information input and output through a virtual window thus ensuring security of both systems and lack of unauthorized interaction between them.02-24-2011
20120324548MESSAGING SYSTEMS AND METHODS - A third-party can subscribe to one or more electronic message group lists without joining the group lists by creating a trust relationship between the subscriber and a group list member. In particular, the subscriber can send a trust indicator to the group member, who can then determine whether to accept the trust indicator for all or specific groups that are associated with the group member, as appropriate. In at least one embodiment, the group member can send a trust indicator acceptance message to the subscriber that identifies the group member, and any or all group lists associated with the group member. The subscriber can then receive messages directed to the trusted group member or group lists, and can send group messages to the group lists subject to a receive setting associated with the group lists or group members of the group lists.12-20-2012
20120324549PEER TO PEER SUBSCRIPTION SERVICE - Peer-to-peer approaches to servicing subscriptions to information feeds are generally disclosed. Network nodes may exchange information about information feeds that they can provide to other nodes, and other information about information feeds to which they may be interested in subscribing. Any of a variety of techniques may then be applied to allow the nodes to negotiate for feeds to which they may be interested in subscribing. For example, each node may apply algorithms that service feed subscriptions of other nodes on a prioritized basis, prioritized for example based on which other nodes service subscriptions in return.12-20-2012
20120324547Device, System, and Method of Accessing Electronic Mail - Device, system, and method of accessing electronic mail. For example, a computerized method includes: receiving an identifier of an email account, and a password; if the password matches a first reference password previously stored in association with said email account, then authorizing a substantially full access to said email account; if the password matches a second reference password previously stored in association with said email account, then authorizing a restricted access to said email account.12-20-2012
20120324546Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device - An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.12-20-2012
20120324545AUTOMATED SECURITY PRIVILEGE SETTING FOR REMOTE SYSTEM USERS - A method of secure communication involves determining that a remote system is trusted prior to authorizing secure communication therewith. A removable security device is coupled with a first system. When the first system communicates with a remote system securely, the remote system is evaluated to ensure that it is a trusted remote system prior to secure communication therewith being allowed.12-20-2012
20120324544INFORMATION PROCESSING APPARATUS, TERMINAL APPARATUS AND INFORMATION PROCESSING METHOD - This invention is directed to achievement of a content sharing with a high level of safety by restricting the other end of communication with which contents are shared.12-20-2012
20120324543SYSTEM AND METHOD FOR CREATING A SECURE TRUSTED SOCIAL NETWORK - A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer-based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner.12-20-2012
20120324542SYSTEMS AND METHODS FOR IMPROVED ACCESS TO AN ATTRACTION - The present invention is directed towards systems and methods for improved access to an attraction via a computing device of a user. A first computing device of a user records an identification code associated with an attraction. The first computing device transmits, to a second computing device, a request for access to the attraction, the request comprising the identification code. The first computing device receives, from the second computing device, an access authorization comprising an access code. The first computing device presents the access code to an attraction operator for access to the attraction.12-20-2012
20120324541METHOD AND SYSTEM FOR SUBSCRIBING TO SERVICES VIA EXTENDED UPNP STANDARD AND NASS TISPAN AUTHENTICATION - The present invention relates to a subscription method and system providing a modification of the UPnP standard, which by means of TISPAN delegated NASS authentication allows a user to play contents provided by a service provider via subscription by means of a control point which can be any consumer electronic device of the user. The modification of the standard is based on adding a field called ‘subscriptionURL’ and a variable called ‘subscriptionStatus’. These modifications, the association established by the TISPAN CLF module between the user IP and the user IMSI and the implementation of a UPnP device in the user equipment, allow subscribing to the services provided by several service providers.12-20-2012
20120324540SYSTEM AND METHOD FOR THE INTEROPERABILITY OF PERSONAL ELECTRICAL APPLIANCES - Systems for, and methods of, enabling selective control of resource of an electronic device having a display by a controlling electronic device wherein one device is housed within the other and each device having a display are disclosed. Selective control of the electronic device is implemented by the electronic device via a set of control permissions for a detected controlling device, based upon an identifier of the controlling device. A controlling device can be any electronic device having a processor, a memory, a display and a communication module. Enabling selective control of the display of an electronic device having a display, by a personal computer, enables the personal computer to operate as a dual screen personal computer.12-20-2012
20120324539DYNAMIC APPLICATION ADAPTATION IN SOFTWARE-AS-A-SERVICE PLATFORM - Dynamic application adaptation in software-as-a-service platform, in one aspect, may receive an access permission associated with a published shared data management data object in the software-as-a-service platform having shared data management and a plurality of applications deployed, look up one or more rules associated with one or more features of an application deployed on the software-as-a-service platform, based on the received access permission, and activate or deactivate said one or more features associated with said plurality of applications based on said one or more rules.12-20-2012
20120324538SYSTEM AND METHOD FOR DISCOVERING VIDEOS - A method is provided in one example and includes receiving network data from a plurality of users; identifying a data file within the network data; determining whether a particular user associated with the data file is authenticated for a communications platform; identifying an access right associated with the data file; and providing the data file to a video portal, wherein the access right associated with the data file is maintained as the data file is provided to the video portal.12-20-2012
20120272297CROSS-TRANSPORT AUTHENTICATION - An authentication controller coupled to a first communication port of a portable media device is allowed to provide authentication on behalf of an accessory device coupled to a second communication port of the portable media device. In one embodiment, a cross transport connector includes a connector configured to couple with an accessory and a connector configured to couple with a portable media device such that the accessory can be coupled to the second communication port of the portable media device. The cross-transport connector also includes an authentication controller. The authentication controller may request authentication from the media device over the first communication port of the portable media device. The request may also include an identifier of the second port, to which authenticated permissions obtained via the first port may be transferred.10-25-2012
20120272295METHOD AND SYSTEM FOR ENABLING AND CONTROLLING COMMUNICATION TOPOLOGY, ACCESS TO RESOURCES, AND DOCUMENT FLOW IN A DISTRIBUTED NETWORKING ENVIRONMENT - Described are a system and method for use by a computing device to transmit information over a communication medium. The computing device communicates over the medium according to a protocol stack having a plurality of protocol layers. Information having an identifier is received at a first protocol layer from a higher protocol layer in the protocol stack. The computing device determines whether to present the information to the network communication medium based on at least one term of a contract associated with the identifier. Upon determining to present the information to the communication medium, the computing device incorporates the identifier in the information before placing the information on the network communication medium.10-25-2012
20120272293COLLABORATIVE GATEWAY - A method and a system for monitoring and controlling remote devices are described. The system has a gateway, a web server, and a client device. The gateway is coupled to a security device. The web server has a management application configured to communicate with the gateway. The management application has a service manager module to enable additional services from the gateway and the security device. The client device communicates with the gateway identified by the web server. The gateway aggregates monitoring data from the security device and from other security devices respectively coupled to other gateways correlated with the gateway. The client device receives the aggregated monitoring data, controls the security device coupled to the respective gateway from a web-based user interface at the client device.10-25-2012
20120331525PORTAL BRAND MANAGEMENT - Apparatus, systems, and methods may operate to receive, from a node associated with a console owner, an authenticated access request for access to a network portal. Additional activities may include accessing a branding file associated with the console owner, and responsive to the receiving, generating a branded version of a graphical user interface having one or more background colors, a display structure, and a set of uncolored icons. The background color(s) and the icons may be selected based on information stored in the branding file. The branded version may be published to grant access to the network portal, displaying the uncolored icons in front of the background color(s) so that the background color(s) are visible through transparent portions of the uncolored icons. Additional apparatus, systems, and methods are disclosed.12-27-2012
20110219432System and Method for Controlling Access to an Electronic Message Recipient - A system and method for selectively allowing or denying access to a user coupled to an electronic communications network includes a receiver that receives an inbound message over the electronic communications network from a sender. The inbound message includes an identifier that is associated with a sender and an identifier that is associated with a recipient. The system also includes a processor that determines if the identifier associated with the recipient was previously generated by the user and is absent from a plurality of proxy identifiers associated with the recipient. The processor is further determines one of at least three security states associated with the inbound message. A first security state is indicative of allowing delivery of the inbound message to the user. A second security state is indicative of denying delivery of the inbound message to the user. A third security state is indicative of conditionally allowing delivery of the message to the user. Each of the three security states are associated with the sender identifier and the recipient identifier included in the inbound message.09-08-2011
20110239280DRM Protected Content Sharing - A system and method for transmitting protected real-time content from one user to another is described. In a first aspect, a user sends a Rights Object to another user. In a second aspect, a user sends a Rights Object to another user via an intermediate server for a multiparty communication. In this second aspect, the users may be able to switch between designated Rights Objects as needed.09-29-2011
20110239279DRM Protected Content Sharing - A system and method for transmitting protected real-time content from one user to another is described. In a first aspect, a user sends a Rights Object to another user. In a second aspect, a user sends a Rights Object to another user via an intermediate server for a multiparty communication. In this second aspect, the users may be able to switch between designated Rights Objects as needed.09-29-2011
20110239276METHOD AND SYSTEM FOR CONTROLLING CONTEXT-BASED WIRELESS ACCESS TO SECURED NETWORK RESOURCES - Information on the identity of each user connecting via a wireless device is obtained using a prior process of authentication and context information and/or the status of the user; a characteristics vector is generated for each user, which comprises the context information and/or the user status and a user profile. Permissions are assigned to each user, determining the type of secured network resources each user is permitted to access, depending on their characteristics vector; and a secured-network-resource access check is performed, enabling the transfer of data only to/from resources permitted for each user, as a function of the permissions assigned.09-29-2011
20110239275Centrally Managed Impersonation - Systems, methods and computer readable media for centrally managed impersonation are described. Examples include a system having a central server and a remote shell daemon running on a remote machine, wherein a trust relationship is established between the central server and the remote shell daemon. Examples also include a method wherein a user sends the management system a request to act upon a remote machine. The management system determines whether the user is authenticated for the requested action. Upon authentication, the management system identifies an impersonation policy based on user profile and the remote machine. The management system connects to the remote machine, impersonates an elevated privilege account if required, and executes the user action on the remote machine.09-29-2011
20120278864Monitoring Method and Device - The method of the invention comprises: 11-01-2012
20120278863AD-HOC USER ACCOUNT CREATION - A mechanism that allows a user to easily configure a rules engine to apply rules to decide which requests for access to a user's computer resources are to be granted and which are denied. A trusted token, such as a certificate of identity issued by a trusted third party authority that verifies identities of computer users, is included in a calling card object provided by the requesting user to the (server) computer that controls the resources desired by the requester. Additional conditions for access may be specified as desired by the user of the server computer.11-01-2012
20120278862METHODS AND SYSTEMS FOR AUTO-MARKING, WATERMARKING, AUDITING, REPORTING, TRACING AND POLICY ENFORCEMENT VIA E-MAIL AND NETWORKING SYSTEMS - A method for tracking the routing of an electronic document, including embedding a unique identifier within an electronic document and monitoring e-mail messages transmitted from senders to recipients, for detection of e-mail messages having the electronic document embedded therewithin or attached thereto, based on the unique identifier. A system and computer readable storage medium are also described and claimed.11-01-2012
20120278867SYSTEM FOR ONLINE COMPROMISE TOOL - An Activity Access Control (AAC) utility controls access to applications and devices by allowing an administrator to set terms of use/access regarding a applications and/or devices for a group of users, whose activity are monitored. The AAC utility also enables administrator and user access to a compromise facility via a centralized access point to establish or request changes to the terms of use/access. The AAC utility allows the administrator to dynamically update information and set terms based on real-time information collected during activity monitoring. Dynamic updates may also occur based on the monitored user's request, the priority of the requesting user(s), historical data, occurrence of a special event, completion of other internal or/external tasks, and/or pre-set limitations or thresholds. In addition, the AAC utility facilitates the real-time display or publishing of the terms of use, status information, and statistical information to users and the administrator.11-01-2012
20120331531CUSTOM DATA IMAGE BUILDING - A first server is configured to receive an image from a first client device. The image may include an instruction to provide a second client device with a computer file. The first server is further configured to store the image, receive a task query from the first client device, and provide a task query response to the first client device based on receiving the task query. The task query response may include an indication that the first server is storing a task associated with the second client device. The first server is further configured to receive an image request from the second client device, communicate with a second server to identify whether the second client device is authorized to receive the image, and provide, to the second client device, the computer file associated with the image based on identifying that the second client device is authorized to receive the image.12-27-2012
20110265149SECURE AND EFFICIENT LOGIN AND TRANSACTION AUTHENTICATION USING IPHONESTM AND OTHER SMART MOBILE COMMUNICATION DEVICES - To authenticate a user of a mobile communication device for login or transaction authorization, a first application on the device directs transmission of a request for authentication of the user to a security server. A second application on the device receives the request for authentication from the security server and directs presentation of the received request for authentication to the user by the device. The second application receives a user input to the device indicating that the requested authentication should proceed and in response directs transmission of an indication that the requested authorization should proceed, to the security server. In response to this latter transmission, the second application receives a PIN from the authentication server. The first application directs transmission of the PIN received by the second application to the network site, which validates the transmitted PIN, in order to authenticate the user or the transaction to the network site.10-27-2011
20120090017Secure Push and Status Communication between Client and Server - Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway.04-12-2012
20110277019SYSTEM AND METHOD FOR SECURE ACCESS OF A REMOTE SYSTEM - A system and method for providing a user with secure access to devices operatively connected to a network comprising at least one processing device that has access to a database. The database maintains information for each user of the system, such as the user's login credentials and access level or permissions, along with information corresponding to each network device, such as, for example, the device's login credentials, IP address, and port settings. The processing device authenticates each user and then provides each user with access to the network devices as defined by the data maintained in the database corresponding to the respective user and the network devices.11-10-2011
20110277018Apparatus and Method for Establishing a Peer-to-Peer Communication Session with a Client Device - The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the client device is received from the server by a host device, communication with the server is maintained, and authentication information from the client device is received by the host device. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device.11-10-2011
20110277016Method for managing shared accounts in an identity management system - This disclosure describes a method of and system for provisioning of shared account credentials to provide authorized access to shared or delegated accounts. Preferably, an enterprise single sign-on (E-SSO) system is used to manage the shared account or control delegation of account access, and preferably the shared or delegated account credential is not exposed to the end user. The described technique enables temporary delegation of account privileges to a member of a shared role. Using the described approach, an information technology (IT) account may be shared so that a user who needs to perform a shared duty can do so in the context of a shared role and without having control over the account itself. The approach facilitates delegating the use of a single account to one of a member of the shared role.11-10-2011
20120331526MULTI-LEVEL, HASH-BASED DEVICE INTEGRITY CHECKS - In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to cause a processor to receive, from a mobile device, a first signal including a hash value. The hash value can be based at least in part on a hardware component of the mobile device and a software module stored at the mobile device. The code can further represent instructions configured to cause the processor to send, to the mobile device, a second signal when the hash value matches a stored hash value associated with the mobile device, the second signal configured to grant, to the mobile device, access to a network.12-27-2012
20120331530AUTHENTICATION AND AUTHORIZATION IN NETWORK LAYER TWO AND NETWORK LAYER THREE - A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.12-27-2012
20120331529Persistent Key Access To Album - A method includes receiving a first request from a first user device to access a first resource that includes data for a second user account for which access to the data is restricted to authorized users, the first request including an authorization token and associated with a first user identifier that identifies a first user; determining that the first user identifier does not identify an authorized user and in response: determining that the first user identifier identifies an authorized user based on the authorization token, and provide the first resource to the first user device; receiving a second request for access to data to the second user account, the second request associated with the first user identifier; and based on the first user identifier being determined to identify authorized user, providing access to the data to the second user account in response to the second request.12-27-2012
20120331528APPARATUS, SYSTEMS AND METHODS FOR SECURE AND SELECTIVE ACCESS TO SERVICES IN HYBRID PUBLIC-PRIVATE INFRASTRUCTURES - Embodiments of apparatus, systems and methods facilitate deployment of distributed computing applications on hybrid public-private infrastructures by facilitating secure access to selected services running on private infrastructures by distributed computing applications running on public cloud infrastructures. In some embodiments, a secure tunnel may be established between proxy processes on the public and private infrastructures and communication between the distributed computing application and the selected services may occur through the proxy processes over the secure tunnel.12-27-2012
20120331527MULTI-LAYER, GEOLOCATION-BASED NETWORK RESOURCE ACCESS AND PERMISSIONS - In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to cause a processor to receive, from a mobile device, a first signal including a request to execute a command at a server. The code further represents instructions configured to cause the processor to receive, from the mobile device, a second signal including a user credential associated with a user account and determine, based on the user credential, a user role associated with the user account. The code further represents instructions configured to cause the processor to receive, from the mobile device, a third signal indicating a geolocation of the mobile device. The code further represents instructions configured to cause the processor to determine, based at least on the user role and the geolocation, whether the user account is authorized to execute the command. The code further represents instructions configured to cause the processor to, when the user account is authorized to execute the command, send a fourth signal such that the command is executed at the server.12-27-2012
20100229220System and method for theft and data recovery from lost portable devices - A system and method for theft recovery, data recovery, and privacy protection for portable devices with IP connectivity is implemented either according to a peer-to-peer or client-server model, with a serverless or a server-based infrastructure. In the P2P model, a distributed hash table (DHT) algorithm is used for storing and retrieving the device IP addresses and the device location coordinates when available. An authorized user can set a protected device into a locked mode or the device automatically enters into a locked mode after the device has been operated without proper authorization. In a locked mode, private data is deleted, transferred to a pre-selected storage system, alerts and location coordinates, when available, are to be sent to preselected accounts. Data on a lost portable device can be synchronized with a pre-selected storage system and be restored when the lost device is recovered.09-09-2010
20100229219DETECTING UNAUTHORIZED COMPUTER ACCESS - A machine executed method comprising at a first computer, receiving from a second computer a request to gain root-administrator access to an operating system (OS) of the first computer; the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the OS to a second state associated with the OS, wherein the second state is different than the first state and the second state indicates that root-administrator access to the OS was granted.09-09-2010
20110289563SERVICE PROVISION - A method and system for service provision, comprising: a web browser (11-24-2011
20110321139Online Protection Of Information And Resources - A computer implemented method and system for protecting information and resources in an online environment is provided. A process initialization monitor application monitors process initialization of a client application provided on a user's communication device. The client application identifies and authenticates one or more components operating on the communication device and one or more third party applications attempting to access the client application. The client application performs the authentication by performing a code integrity check integrated in the client application independent of the communication device, and grants access to the authenticated components and the authenticated third party applications. The client application protects information being processed, exchanged, stored, and displayed within the client application. The client application masks input information, encrypts a communication channel that transfers the input information, blocks attempts to monitor, intercept and manipulate information by unauthorized entities, and prevents access of certificates, resources, etc., by unauthorized entities.12-29-2011
20110321138Mask Based Challenge Response Test - A method for providing a challenge response test associated with a computer resource performed by a physical computing system includes, with the physical computing system, generating a challenge response test image comprising a plurality of well-formed construct elements forming a well-formed construct and a plurality of random construct elements, and providing a number of masks to be placed over the image, one of the number of masks configured to reveal the well-formed construct elements when placed over the image.12-29-2011
20110321137ACCESS CONTROL DEVICE, ACCESS CONTROL METHOD, PROGRAM, STORAGE MEDIUM, AND INTEGRATED CIRCUIT - An access control device for use in a system for providing users with a content access service, the access control device obtaining a content including one or more pieces of personal information, storing a plurality of pieces of personal information in correspondence with a plurality of pieces of first user information each of which indicates one of (i) a user who is permitted by a person related to a corresponding piece of personal information to access a content including the corresponding piece of personal information, and (ii) a user who is not permitted by the person related to the corresponding piece of personal information to access the content, and determining whether or not to give permission to access the content obtained by the obtaining unit, in accordance with a piece of first user information stored in the storage unit in correspondence with the piece of personal information included in the content.12-29-2011
20110321136GENERALIZED IDENTITY MEDIATION AND PROPAGATION - Provided are techniques for providing security in a computing system with identity mediation policies that are enterprise service bus (EBS) independent. A mediator component performs service-level operation such as message brokering, identity mediation, and transformation to enhance interoperability among service consumers and service providers. A mediator component may also delegate identity related operations to a token service of handler. Identity mediation may include such operations as identity determination, or “identification,” authentication, authorization, identity transformation and security audit.12-29-2011
20110321135METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR CONTROLLING ACCESS TO A RESOURCE - Methods, apparatuses, and computer program products are provided for controlling access to a resource. A method may include determining one or more request attributes associated with a request for access to the resource. The method may further include accessing an access control list associated with the resource. The access control list may include one or more access control attributes associated with the resource. The method may additionally include determining a permission defining one or more access abilities for the resource at least in part by comparing the request attributes to the access control attributes and, for any access control attribute corresponding to a request attribute, including an ability associated with the corresponding access control attribute in the permission. The method may also include determining whether to grant the request based at least in part on the determined permission. Corresponding apparatuses and computer program products are also provided.12-29-2011
20110321134Consigning Authentication Method - A method for sharing content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management includes receiving integrity information from a first client at a first trust level in the trust hierarchy at a second client at the first trust level, requesting permission to receive electronic content from the first client, receiving a determination regarding the requested permission, and communicating the determination to the first client. The first client obtained content from a policy enforcement point in the network. The request for permission is made to the policy enforcement point and the request includes the integrity information. The determination is received from the policy enforcement point and is based in part on the integrity information about the first client. The second client communicates to the first client the determination of whether the second client receives the content from the first client.12-29-2011
20110321133SYSTEM AND METHOD FOR AUTHENTICATING WEB USERS - Disclosed are systems and methods for authenticating web users. In one embodiment, a method includes sending the destination web page to the parent frame of the web browser, where the destination web page when processed by the web browser is operable to perform operations, including determining if the web user is authenticated with the content provider and generating a child frame associated with the parent frame if the web user is not authenticated with the content provider. The destination web page is operable to perform further operations, including requesting, by the child frame, an authentication web page from an authorization provider, receiving, by the child frame, the authentication data from the authorization provider, and receiving, by the parent frame, the authentication data.12-29-2011
20110321132SYSTEM, METHOD, AND POLICY ENGINE FOR GRANTING TEMPORARY ACCESS TO ELECTRONIC CONTENT - A system, method, and Policy Engine for granting a first user temporary access to a second user's electronic content. The Policy Engine receives a request originating from the first user to access the second user's content, and retrieves from a relationship database, relationship information regarding a relationship between the two users. If an access rule matching the relationship information is stored in the Policy Engine, the Policy Engine applies the access rule to control access by the first user for a period of time specified in the rule. If an access rule is not stored, the Policy Engine obtains the access rule from the second user. The Policy Engine allows access when the matching rule grants access and the matching rule has not expired, and denies access when there is no matching rule, when the matching rule does not allow access, or when the matching rule has expired.12-29-2011
20110321131SECURITY MODEL FOR WORKFLOWS AGGREGATING THIRD PARTY SECURE SERVICES - A method, system and computer program product for security model for workflows aggregating third party secure services. In one embodiment, a workflow model described in a workflow language is provided and configured to declare security requirements of a composite application integrating protected data from two or more external network resources. The method also incorporates providing an authentication service executing on at least one secure server computer. The authentication service is configured to conduct user authentication and authorization to access the protected data at the external network resources on behalf of the composite application executing on at least one host server computer according to the workflow language.12-29-2011
20110321130NETWORK LAYER CLAIMS BASED ACCESS CONTROL - Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).12-29-2011
20120102551System for Two Way Authentication - A system and method for online authentication having at least two levels of authentication has been disclosed. The two levels of authentication provide total security of privileged information by requiring users to authenticate themselves in two stages/levels. The first level of authentication involves simple alphanumeric password verification, which if successful, is followed by a second level of graphical password verification. The graphical password verification is based on the novel concept of challenging users with a dotted grid to enable users to create a non-definable vector pattern of definitive lines by sequentially joining pre-determined dots in the grid.04-26-2012
20120102550Wireless Device Network Association - A method for associating handheld calculators with a network host system of a classroom network that includes receiving a service set identifier (SSID) of the classroom network by a handheld calculator, wherein the SSID includes a network mode indicator, and operating the handheld calculator according to the network mode indicator. The method may also include operating the handheld calculator in a configuration mode in which the handheld calculator sends a request for association to the network host system, wherein the request includes a unique identifier of the first handheld calculator, and acceptance of the request by the network host system, wherein authentication information for the handheld calculator is stored by the network host system to indicate that the first handheld calculator is associated with the classroom network.04-26-2012
20120102549MEDIATING RESOURCE ACCESS BASED ON A PHYSICAL LOCATION OF A MOBILE DEVICE - One or more techniques are provided for causing a location of a screen image associated with a resource to be adjusted on a display device. The adjustment may be based at least in part on determining that a control element receives focus. The resource may be associated with an application, such as an email application that may be hosted remotely from a client device. Access to one or more resources may be controlled or mediated. Access rights may be based at least in part on a determination of a geographic location of a client device. When the client device is located in a safe area, the client device may be provided access to the resource. When the client device is not located in a safe area, the client device might not be provided access to the resource or might not be provided full access to the resource.04-26-2012
20120102548AUTHORITY DELEGATING SYSTEM, AUTHORITY DELEGATING METHOD, AUTHENTICATION APPARATUS, INFORMATION PROCESSING APPARATUS, CONTROL METHOD, AND COMPUTER-READABLE MEDIUM - An authentication apparatus receives an authority delegating request from an apparatus, acquires information of authorities possessed by the user from a storage unit, presents information of the acquired authorities to the user, and receives an instruction indicating which of the authorities possessed by the user is delegated to the apparatus. A storage unit stores, when the instruction to delegate the authority to the apparatus is received, an identifier required to uniquely identify the instruction and the authority instructed by the user to delegate, in association with each other. Authentication information indicating delegation of the authority is transmitted to the apparatus based on the instruction from the user.04-26-2012
20120102547METHOD AND SYSTEM TO DIGITALLY SIGN AND DELIVER CONTENT IN A GEOGRAPHICALLY CONTROLLED MANNER VIA A NETWORK - A method and system to digitally sign a content license associated with content, and to distribute content via a network in a geographically controlled manner, commences when a content requestor requests delivery of the encrypted content. A content delivery system performs a content to determine a geographic location associated with the content requestor. The content requestor authorization process may also determine geographic access criteria associated with the content, and whether the geographic location complies with the geographic access criteria. The content delivery system will release the content for delivery to the content requestor if the content location complies with the geographic access criteria.04-26-2012
20120291100AUTOMATIC RESOURCE OWNERSHIP ASSIGNMENT SYSTEM AND METHOD - A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates.11-15-2012
20120291102PERMISSION-BASED ADMINISTRATIVE CONTROLS - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing permission-based administrative controls. In one aspect, a method includes receiving an administrator-defined pairing that identifies a permission and one or more applications, and receiving a request from a requesting application to perform one or more operations that are associated with the permission. The method also includes determining whether the requesting application is identified in the pairing, and selectively allowing the requesting application to perform the operations based on determining whether the requesting application is identified in the pairing.11-15-2012
20100199332Access-Network to Core-Network Trust Relationship Detection for a Mobile Node - The invention provides a method for trust relationship detection between a core and access network for a user equipment. The gist is that a security tunnel establishment procedure is used so one entity, be it part of the core network or be it the user equipment itself, is provided with information to determine whether the access network is trusted or untrusted. The information may comprise a first IP address/prefix, which is initially assigned to the user equipment, upon attaching to the access network. The necessary information may further comprise a second IP address/prefix, which is an address/prefix that is allocated at a trusted entity of the core network. Depending which entity determines the trust relationship of the access network, it might be necessary to transmit either the first IP address/prefix or the second IP address/prefix or the first and the second IP address/prefix using the security tunnel establishment procedure.08-05-2010
20100199333SYSTEM AND METHOD FOR PROVIDING DEVICE MANAGEMENT SERVICE TO ELECTRONIC DEVICE HAVING NO BROADBAND COMMUNICATION MODULE - Disclosed is a system for providing an electronic device with a DM service, including: a DM server for providing the electronic device with the DM service; and a wireless terminal capable of being directly connected to the DM server for establishing a DM session while cooperating with the electronic device, generating an MO used for managing the electronic device with reference to a DDF of the electronic device if the wireless terminal receives the DDF of the electronic device from the electronic device through the DM session, and transmitting the generated MO to the DM server.08-05-2010
20100199330METHOD FOR PROVIDING SUBSCRIPTIONS TO PACKET-SWITCHED NETWORKS - Method for providing a subscription to an IP-based Multimedia Subsystem (IMS) for a first client of a packet-switched network is provided. The first client is identified by the same MSISDN number as a second, mobile client of a circuit-switched network. The method comprises the following steps: a) sending, by the first client, a register request to an IMS Server via the packet-switched network, b) sending, by the IMS server, a location query request to a register for the IMS user identities (HSS), c) requesting, by the register for the IMS user identities (HSS), the user subscription information of the circuit-switched network from the register for the circuit-switched network (HLR), d) sending, by the register for the circuit-switched network (HLR), to the register for the IMS user identities, the user subscription information of the second client, e) creating, by the register for the IMS user identities (HSS), a user IMS subscription information based on user subscription information of the second client.08-05-2010
20100199329ROUTER CONFIGURATION DEVICE DERIVATION USING MULTIPLE CONFIGURATION DEVICES - Systems and methods for managing router configuration devices in a secure data communication network are described herein. An illustrative system includes a plurality of programmed external configuration devices and a configuration device programmer. Each programmed external configuration device contains at least a portion of a definition of a secure data path between a first router and a second router. Each programmed external configuration device can be detachably coupled to a first router to create a secure data path between the first router and a second router. The configuration device programmer writes a secure data path definition into a selected external configuration device if a predetermined number of programmed external configuration devices are coupled to the configuration device programmer.08-05-2010
20130014226SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A system for and method of establishing a secure communication link is disclosed. The method comprises: (1) generating a Domain Name Service (DNS) request; (2) determining that the DNS request corresponds a first computer configured to communicate securely; (3) sending, based on the determination, a request to establish a secure communication link with the first computer configured to communicate securely, the request including an identifier of a client device used to determine whether the client device is authorized to communicate with the first computer; (4) receiving, in response to the request to establish a secure communication link, a resource used to establish the secure communication link; (5) automatically establishing the secure communication link using the received resource; and (6) communicating securely with the first computer over the established secure communication link.01-10-2013
20130014225COMMUNICATION APPARATUS, COMMUNICATION METHOD, SERVICE OFFERING APPARATUS, SERVICE OFFERING METHOD, COORDINATION APPARATUS, COORDINATION METHOD, PROGRAM, TRANSMISSION/RECEPTION SYSTEM, AND TRANSMISSION/RECEPTION METHOD - A communication apparatus includes an input part configured to input user identification information identifying a user ready to receive a service offered by a service offering apparatus via a network; an acquisition part configured to acquire device identification information from a coordination apparatus capable of offering the service in coordination with the service offering apparatus, the device identification information identifying the coordination apparatus; a transmission part configured to transmit to the service offering apparatus the user identification information input by the input part and the device identification information acquired by the acquisition part; a reception part configured to receive from the service offering apparatus authorization information indicating that the coordination of the coordination apparatus is authorized upon offering of the service responding to the transmission of the user identification information and the device identification information, and a notification part configured to notify the coordination apparatus of the authorization information received.01-10-2013
20130014231Anchor authenticator relocation method and system - The disclosure provides an anchor authenticator relocation method and system. The method includes: after an old authenticator accepts an anchor authenticator relocation request of a Mobile Station (MS), a new authenticator sends an authenticator relocation request to an AAA server; when the AAA server's verification on the new authenticator is passed and the old authenticator confirms that the new authenticator is trusted, the anchor authenticator is relocated to the new authenticator. The disclosure provides a detailed solution to perform anchor authenticator relocation without re-authentication.01-10-2013
20130014224METHOD, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR WIRELESSLY CONNECTING A DEVICE TO A NETWORK - A device wirelessly receives first and second identifiers contemporaneously from a network. The first identifier indicates that the network operates in a first mode that is not secure. The second identifier indicates that the network operates in a second mode that is secure. In response to wirelessly receiving the first and second identifiers, the device wirelessly connects to the network in the first mode to determine whether the network accepts the device for the second mode, irrespective of whether the network previously accepted the device for the second mode, and irrespective of whether the device already stores authentication information for the second mode. In response to determining that the network accepts the device for the second mode, the device wirelessly connects to the network in the second mode to securely communicate with the network in response to the authentication information.01-10-2013
20130014230APPLICATION IDENTITY DESIGN - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.01-10-2013
20130014229METHOD FOR PERFORMING DISTRIBUTED ADMINISTRATION - A master defines properties for a resource. The master assigns the properties to an owner. The owner associates the properties to an administrator object, the administrator object being an administrator of a company. The administrator can then associate the property to other objects associated with the company, thereby granting other company users access to the resource property.01-10-2013
20130014223SOCIAL CONTENT MONITORING PLATFORM APPARTUSES AND SYSTEMS - The SOCIAL CONTENT MONITORING PLATFORM APPARATUSES AND SYSTEMS (“Social-Watch”) transforms social media contents via Social-Watch components, into ad effects data. A system is disclosed, comprising: a memory; a processor disposed in communication with said memory, and configured to issue a plurality of processing instructions stored in the memory, wherein the processor issues instructions for: identifying a request to access user social media content; obtaining user authorization credentials to access user social media content; sending an access request with the obtained user authorization credentials to a social media platform; receiving social media content data from the social media platform; determining a type of the received media content data; tagging the received media content data based on the type according to a progressive taxonomy mechanism; receive a social media analytics request for an item; querying the tagged media content data based on key terms related to the item; and determining impression heuristics for the item based on query results.01-10-2013
20130014228AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.01-10-2013
20130014227SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A method of establishing a secure communication link comprises: (a) receiving a request that (i) includes an identifier of a client and (ii) was sent in response to a determination that a DNS request from the client corresponds to a first computer configured to communicate securely; (b) comparing the received client identifier to at least one stored client identifier; (c) determining, based on the comparison, whether the client is authorized to communicate with the first computer; (d) generating a resource used to establish the secure communication link between the client and the first computer; (e) generating a message in response to determining that the client is not authorized to communicate with the first computer; and (f) in response to determining that the client is authorized to communicate with the first computer, making the resource available to the client to automatically establish the secure communication link.01-10-2013
20130014222SOCIAL CONTENT MONITORING PLATFORM METHODS - The SOCIAL CONTENT MONITORING PLATFORM METHODS (“Social-Watch”) transforms social media contents via Social-Watch components, into ad effects data. A method is disclosed, comprising: identifying a request to access user social media content; obtaining user authorization credentials to access user social media content; sending an access request with the obtained user authorization credentials to a social media platform; receiving social media content data from the social media platform; determining a type of the received media content data; tagging the received media content data based on the type according to a progressive taxonomy mechanism; receive a social media analytics request for an item; querying the tagged media content data based on key terms related to the item; and determining impression heuristics for the item based on query results.01-10-2013
20100132016METHODS AND SYSTEMS FOR SECURING APPLIANCES FOR USE IN A CLOUD COMPUTING ENVIRONMENT - An originator of an appliance can independently secure the appliance for instantiation in the cloud, separate from the security level of the cloud. The originator can secure the appliance utilizing a secure rights application. The secure rights application can be configured to “wrap” an appliance in a security container. The security container can limit access to the applications and operating systems contained in the appliance, but allow the appliance to operate normally once instantiated in the cloud. The secure rights application can be configured to cryptographically secure the appliance in order limit the ability of unauthorized parties from accessing the components of the appliance while maintaining the functionality of the appliance.05-27-2010
20120151562METHOD, SYSTEM AND SERVER FOR AUTHORIZING COMPUTING DEVICES FOR RECEIPT OF VENUE-BASED DATA BASED ON THE GEOGRAPHIC LOCATION OF A USER - Methods, systems and servers are disclosed for authorizing access by a user of a service associated with an event at a venue and provided via a computer network based on a determined geographic location of the user. The location of the user can be determined, via a server, based on location information obtained from the held device utilized by the user. The computing device can be authorized to receive the service (e.g., video, concession information, advertisements, statistical information, etc.) based on the location information obtained from the hand held device.06-14-2012
20120151561METHODS AND APPARATUS FOR COMMUNICATING WITH GROUPS OF DEVICES SHARING AN ATTRIBUTE - Methods and apparatus for IPv6 based multicast are disclosed. An example method includes broadcasting a multicast group address advertisement instructing a recipient device to join an Internet Protocol multicast group, the Internet Protocol multicast group being associated with a physical attribute of the recipient device; and broadcasting a multicast message to the multicast address instructing the members of the multicast group to perform an action.06-14-2012
20120151560Portable Identity Rating - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores.06-14-2012
20130019281Server Based Remote Authentication for BIOSAANM Jacobs; William E.AACI BeavertonAAST ORAACO USAAGP Jacobs; William E. Beaverton OR USAANM Bhagia; SunilAACI OlympiaAAST WAAACO USAAGP Bhagia; Sunil Olympia WA USAANM Barsky; DmitryAACI San JoseAAST CAAACO USAAGP Barsky; Dmitry San Jose CA US - Techniques are provided for authenticating a user when accessing a Basic Input/Output System (BIOS) of a computing device. Access request information is received. An access information database is queried to authenticate the access request information with access information stored in the access information database. Validation information is received, indicating whether the access request information is authenticated, and permission is granted for access to settings of the computing device if the validation information indicates that the access request information is authenticated.01-17-2013
20130019285VALIDATING THAT A USER IS HUMAN - A method of validating that a user is human. A user question is generated using a computerized device. The user question is output to a user. A user response to the user question is received from the user. The user response is validated as having been provided by a human.01-17-2013
20130019284AUTOMATED WEB BASED APPLICATIONS WITH A WIRELESS COMMUNICATION DEVICE - A method for automating one or more web-based applications associated with unique identification (UID) displayed on objects and read with a wireless communication device able to connect to a remote server with no human intervention required after the UID is read is disclosed.01-17-2013
20130019283Virtual Private InternetAANM Rice; Joseph AllenAACI Ballston LakeAAST NYAACO USAAGP Rice; Joseph Allen Ballston Lake NY USAANM Castagna; Brandon MatthewAACI Mount HollyAAST NCAACO USAAGP Castagna; Brandon Matthew Mount Holly NC US - A virtual private internet may include various network components, including an enhanced service domain name server (DNS), an enhanced service router, and an enhanced service gateway, which all access service policy information stored in an enhanced service repository. The network components in the virtual private internet perform common service processing tasks for routing service requests across firewalls and other network boundaries. The network components also execute other service policies, such as logging, message format translation, and protocol bridging for each service request processed by the network. Updates to services may be implemented in the virtual private internet via changes to service policy information stored in the enhanced service repository.01-17-2013
20130019282Service Mediation FrameworkAANM Rice; Joseph AllenAACI Ballston LakeAAST NYAACO USAAGP Rice; Joseph Allen Ballston Lake NY USAANM Castagna; Brandon MatthewAACI Mount HollyAAST NCAACO USAAGP Castagna; Brandon Matthew Mount Holly NC US - A service mediation framework may allow each component within a computer network to perform common service processing tasks driven by standardized service policies stored within a centralized repository. In particular, an enhanced service domain name system (DNS) server, an enhanced service router, and/or an enhanced service gateway within the network may each access relevant service policies stored within an enhanced service repository to implement tasks such as security, content-based routing, logging, message format translation, and protocol bridging for each service request processed by the network. In addition, each network component may communicate through standardized formats, such as Extensible Markup Language (XML), to realize the end-to-end network solution.01-17-2013
20110162050System and Method for Transmission of Files Within a Secured Network - A system and method of distributing a file maintained on a first device in a secured network having at least the first and a second device is disclosed. Embodiments of the present invention provide for file synchronization within a secured network without requiring any alteration to the security of the secured network by opening up ports. Each device is located on a tier of the network. The top tier of the network that includes the first device is accessible to network administrators. Network administrators may add files into the system and the network administrators may generate a file privilege file. The file privilege file can include configuration information for a computer on a tier and may also include information about which files the computer at a specific tier has access to. The network will then propagate the file privilege file down from the first device through any intermediate devices and then onto the second device. Once the file privilege file has filtered through the secured network, the second device may receive a copy of any file authorized from the first device via a connection in the secured network. The second device may also propagate files up to the first device. Thus, on a regular basis the file privilege file and files are transferred up and down the tiers of the secured network.06-30-2011
20110162049ENTERPRISE-WIDE SECURITY SYSTEM FOR COMPUTER DEVICES - A system and method for securing data in mobile devices (06-30-2011
20110162048LOCAL DEVICE AWARENESS - Certain embodiments may take the form of a method of operating an electronic device to find and determine an identity of other local devices. The method includes transmitting electromagnetic signals from a first electronic device to find devices within a prescribed distance of the first device and receiving electromagnetic response signals from a second electronic device within the prescribed distance from the first electronic device. The method also includes identifying the second electronic device using information received in the electromagnetic response signals. Additionally, the method includes determining if the second electronic device is aware of other electronic devices and, if the second electronic device is aware of other electronic devices, obtaining identifying information of the other devices from the second electronic device.06-30-2011
20130024914AUTOMATIC DEVICE AUTHENTICATION AND ACCOUNT IDENTIFICATION WITHOUT USER INPUT WHEN APPLICATION IS STARTED ON MOBILE STATION - Disclosed procedures automatically identify a carrier-authorized mobile station and verify an account related identifier associated with the device, in response to start-up of an application in the device. Application start-up causes the device to send a request to an application server, with the device's current IP address, MTN and a device identifier such as MEID or ESN. The server queries an AAA system of the network to retrieve the MTN that has been assigned the IP address. If the retrieved MTN matches the MTN passed to the server in the request, the server queries a network database such as DMD for the device identifier associated with the MTN. A match of the device identifier retrieved from the network database with that passed to the server via the request indicates authenticity of the requesting device and its MTN.01-24-2013
20130024912APPARATUS AND METHOD FOR PROVIDING AUTHORIZATION BASED ENHANCED ADDRESS BOOK SERVICE IN MOBILE COMMUNICATION SYSTEM - Method and apparatus providing Enhanced Address Book (EAB) service in a mobile communication system includes performing an authorization procedure to share information with at least one other user; when sharing information of a user of the terminal is updated, identifying at least one other user authorized to receive the information of the user; and transmitting the updated information to a terminal of the at least one identified other user.01-24-2013
20080244710METHODS AND SYSTEMS FOR AUTHENTICATION USING IP MULTIMEDIA SERVICES IDENTITY MODULES - Systems and methods provide two levels of authentication for a user on an IMS-IPTV system. A first level of authentication validates an ISIM card (set-top box) with the network using, e.g., an IMSI comparison. A second level of authentication validates the user through comparing user entered information with information stored on the ISIM card. Additionally, methods for populating security information onto the ISIM card to facilitate the second level of authentication are described.10-02-2008
20080244709METHODS AND SYSTEMS TO ALLOW MULTIPLE SIP APPLICATIONS ON A SIP CLIENT THE ABILITY TO SELECT SPECIFIC APPLICATIONS AND FEATURES ON A SIP SERVER - A method is provided for a SIP client to select a SIP application and a SIP feature associated with the SIP application by sending a message to a remote SIP server that includes the identification of the SIP application and SIP feature. The message may be generated by the SIP client using SIP application configuration information stored on the SIP client. The SIP application configuration information includes information about SIP applications and associated features and where the SIP applications can be located. A further method is provided for a SIP enabled device, for example a SIP client or a SIP server, to be provided with SIP application configuration information by a configuration server. Various SIP enabled devices and a configuration server for implementing the methods are also described herein.10-02-2008
20080235771Method and System For Dynamic Adjustment of Computer Security Based on Network Activity of Users - A method, system, apparatus, or computer program product is presented for securing computational resources in a data processing system. A first user uses a first computational device, and a user security level is associated with the first user. Likewise, a second user uses a second computational device, and a user security level is associated with the second user. The computational resources on the first computational device are automatically reconfigured based on the second user security level of the second user. A computational security level may be assigned to a computational resource on the first computational device, and the computational security level is dynamically adjusted in response to detected network activity by the second computational device that is being used by the second user. Modified security-related parameters for reconfiguring computational resources on the first computational device are reconfigured based on the adjusted computational security level.09-25-2008
20080235770System and Method of Network Authentication, Authorization and Accounting - A network authentication, authorization and accounting system and a method thereof, wherein said system comprises: a subscriber device, via which a subscriber is connected with the network; an access server, connected with the subscriber device and designed to enable the subscriber device to access the network; an AAA server, connected with the access server and designed to collaborate with the access server to accomplish authentication, authorization, and accounting for the subscriber accessing the network; a service server, connected with the access server, designed to provide specific services, to exchange authentication and authorization information with the AAA server, and to interact with the subscriber device to provide the service; a service accounting server, connected with the service server, designed to collaborate with the service server to accomplish accounting for service resource use of the subscriber, and to send the accounting data to the AAA server. Accordingly, the present invention also discloses a network authentication, authorization and accounting method. The present invention enables a subscriber to access different types of services with only the subscriber identification information (user name and password) through a single identity authentication process, and supports centralized accounting.09-25-2008
20080229395Method and Apparatus for Using a Proxy to Manage Confidential Information - A method, apparatus, and computer usable code for managing confidential data. A request is received to access an application from a user, wherein the application includes logic to process the confidential data. One of a first interface or a second interface is selected based on an identification whether the user is permitted to see the confidential data to form a selected interface in response to receiving the request. A selected interface is presented to the user. The first interface presents the confidential information and second interface presents non-confidential information without presenting the confidential information. The second interface allows access to the logic in the application without accessing the confidential data.09-18-2008
20110247055TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.10-06-2011
20110247054METHODS AND APPARATUSES FOR SELECTING PRIVILEGES FOR USE DURING A DATA COLLABORATION SESSION - In one embodiment, a plurality of electronic devices participating in a data collaboration session are detected. A group, of a plurality of groups, is determined to which each of the plurality of electronic devices is associated. At least some of the groups correspond to companies. Based on the determined group to which each of the plurality of electronic devices is associated, one or more limitations are identified that restrict the recording of data shared during the data collaboration session. The identified one or more limitations are enforced on only some of the plurality of electronic devices participating in the data collaboration session, such that electronic devices associated with a group that corresponds to the first company are allowed to record the data collaboration session, yet an electronic device associated with a group that corresponds to a second company is prevented from recording the data collaboration session.10-06-2011
20110247052METHOD AND APPARATUS FOR MANAGING REMOTE ACCESS AUTHORITY IN UPnP REMOTE ACCESS SERVICE - A method for managing a remote access authority information of a remote access service server including receiving a remote access authority list from a remote access server for a first user and registering the remote access authority list, by the remote access service server; when the remote access service server receives a remote access authority addition request for a second user from a communication device of the first user, giving a remote access authority to the second user and renewing the remote access authority list; transmitting information of the remote access authority given to the second user to the remote access server of the first user in order to synchronize the renewed access authority list with the remote access server of the first user; notifying the communication device of the first user whether the remote access authority addition is successful.10-06-2011
20110247051SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PERFORMING ONE OR MORE ACTIONS BASED ON A DETERMINED ACCESS PERMISSIONS FOR A PLURALITY OF USERS - In accordance with embodiments, there are provided mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users. These mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users can enable improved data collection and analysis, enhanced client knowledge of system access, etc.10-06-2011
20130174228METHOD AND SYSTEM FOR IMPLEMENTING ZONE-RESTRICTED BEHAVIOR OF A COMPUTING DEVICE - A method for implementing zone-restricted behavior of a computing device includes identifying wireless access points using the computing device, determining a number of authorized wireless access points from the wireless access points identified by the computing device, determining that the computing device is located within a restricted access zone when the number of authorized wireless access points identified by the computing device exceeds a predetermined threshold of authorized wireless access points identified, and enabling a zone mode of the computing device when the computing device is determined to be located within the restricted access zone.07-04-2013
20080222708IMPLEMENTING ACCESS CONTROL FOR QUERIES TO A CONTENT MANAGEMENT SYSTEM - A system to generate an SQL sub-expression that implement access control rules stored in a library server. The SQL sub-expression is then merged with the SQL passed from an application program interface (API). The access control checking mechanism is implemented on the server side of the content management system. In this client/server environment, the query SQL statement is built in two layers: the API (client) layer and the server layer. The API sends the query string to the underlying stored procedure. The stored procedure then generates the access control logic based on the configuration parameters of the library server. This access control logic is dynamically added to the query string sent by the API. The stored procedure prepares, builds and executes this new query string as a dynamic SQL statement.09-11-2008
20080222707SYSTEMS AND METHODS FOR CONTROLLING SERVICE ACCESS ON A WIRELESS COMMUNICATION DEVICE - Methods, devices, systems and computer program products are provided for controlling access to services, content, applications and the like on a wireless communication device. In one aspect, wireless communication device-wide access control is provided such that unified access control may exist on the device; providing access control to more than one, and in some instances all, of the services and/or applications that are accessible on the device. Additionally, aspects provide for limiting or prohibiting access based on numerous access control factors, such as content type, service type, location of the device, time or any other device environmental characteristic. The methods, devices, systems and computer program products for content access control may be executed on the wireless communication device or they may be executed within the wireless network.09-11-2008
20080222706GLOBALLY AWARE AUTHENTICATION SYSTEM - A computer security monitoring method and system includes receiving input data, wherein the input data includes user account data associated with a user's security-related interaction with a particular network, security-related local network data associated with the particular network, and security-related external network data regarding security threats at one or more independent, external networks. The input data is analyzed to generate at least one composite security status score, wherein the analyzing includes an analysis of the user account data based on previously stored data associated with the user account, and an analysis of the security-related local and external network data to adjust the composite security status score when the analysis of the security-related local and external network data indicates an increased security threat. The method and system may produce human-readable output including an alert associated with the at least one composite security status score. Other features are disclosed.09-11-2008
20080222705SYSTEM AND METHOD FOR DELIVERING GEOGRAPHICALLY RESTRICTED CONTENT, SUCH AS OVER-AIR BROADCAST PROGRAMMING, TO A RECIPIENT OVER A COMPUTER NETWORK, NAMELY THE INTERNET - A system and method for delivering geographically restricted content, including but not limited to over-air broadcast programming, to a recipient over a computer network, namely the Internet. The content is only delivered over the computer network if the recipient's computer or network device requesting the content over the network is verified to be located in the geographically restricted area. A conventional tuner is employed by the recipient's computer to receive one or more over-air signals having a broadcast range deemed to be synonymous with the geographically restricted area for the requested content. If the tuner is able to receive such over-air signal(s), the requested content is delivered over the network to the recipient's computer. This is because the recipient is known to be physically located in the geographically restricted area by the ability of the tuner to receive the over-air signal(s).09-11-2008
20130179949SECURE EXCHANGE OF DIGITAL CONTENT - The invention includes delivering and monitoring digital content distributed to correctional facility inmates, giving supervisory authorities the ability to screen the incoming digital content. Digital content can include email, and stored and steamed video content, and can be scanned for keywords by supervisory authorities before delivery to an inmate. A computer kiosk can be used by inmates to view and record digital video content. A portable player is provided to inmates which can be used to play, and in some embodiments record, digital content. The player is issued to a particular inmate, and can only be used with respect to that particular inmate's digital content. The kiosk, and in some embodiments, the player, can be used to shop for items available at a store, for example a commissary.07-11-2013
20130179944Personal area network (PAN) ID-authenticating systems, apparatus, method - This invention comprises a system, apparatus, and method ensuring device adherence to security requirements for Personal Area Networks (PANs). Provided security services protect data communicated between PAN-hub-attached devices and their resident data. The invention provides cryptographic keys and certificates, to protect communications between PAN-hub-attached devices, and optional external devices. The invention provides cryptographic software complying with established security requirements for PAN networks. Users submit credentials using: (1) ID smartcards inserted into the PAN hub security apparatus, (2) a cellphone/SIM card, and/or (3) a PIN or password. Based on privileges, users securely access the PAN hub and authorized devices. The PAN hub apparatus ensures that communications between PAN network devices, external devices, and data-at-rest are cryptographically protected, complying with network security requirements. Optionally, the invention permits users and/or PAN network device(s) to obtain connectivity to external “non-PAN” devices. The method specifies cryptographically-secured communications between PAN network devices and external devices. This invention comprises a system, apparatus, and method ensuring device adherence to security requirements for Personal Area Networks (PANs). Provided security services protect data communicated between PAN-hub-attached devices and their resident data. The invention provides cryptographic keys and certificates, to protect communications between PAN-hub-attached devices, and optional external devices. The invention provides cryptographic software complying with established security requirements for PAN networks. Users submit credentials using: (1) ID smartcards inserted into the PAN hub security apparatus, (2) a cellphone/SIM card, and/or (3) a PIN or password. Based on privileges, users securely access the PAN hub and authorized devices. The PAN hub apparatus ensures that communications between PAN network devices, external devices, and data-at-rest are cryptographically protected, complying with network security requirements. Optionally, the invention permits users and/or PAN network device(s) to obtain connectivity to external “non-PAN” devices. The method specifies cryptographically-secured communications between PAN network devices and external devices.07-11-2013
20130179950NETWORK CONNECTION APPARATUS - A DLNA-capable network connection apparatus for communicating with other apparatus in a local network area supplied by an access point (AP) includes an AP detecting part for detecting an AP capable of wireless communication in a place in which the network connection apparatus is located, and a public control part for performing public control corresponding to the AP detected by the AP detecting part based on public setting information about publicity of the network connection apparatus set every AP.07-11-2013
20130179945Follow Location Handler and Selector Functionality in a Stateless Microkernel Web Server Architecture - A method of serving a resource to a client via a computer network is provided. The method may include providing a follow location handler logically positioned on a WAN side of an HTTP server. At the follow location handler, the method may include receiving a POST request from the client, and forwarding the POST request to the HTTP server. At the HTTP server, the method may include receiving the POST request, creating a modified data object based upon the form data, generating a link to the modified data object, and returning the link. At the follow location handler, the method may include intercepting the link to the modified data object from the server, sending a GET request to the server to retrieve the modified data object, and, in response, receiving the modified data object. The method may further include forwarding the modified data object to the client.07-11-2013
20130179946Linking Functionality for Encoding Application State in Linked Resources in a Stateless Microkernel Web Server Architecture - A method of serving a resource to a client via a computer network is provided. The method may include at an HTTP server system having a stateless microkernel architecture, the server system including one or more link resource servers, receiving an HTTP request for a resource from an HTTP client via a computer network, the request being to perform a resource operation, the resource operation being to retrieve the resource and send the resource to the requesting client, wherein the resource is a data object. The method may further include determining if the resource operation is authorized based on the request. If the resource operation is authorized, the method may include sending the resource operation to an object server associated with the resource identified by the request, in response receiving a data object from the object server, providing, via a linking engine, the data object to each link resource server of the one or more link resource servers, in response receiving one or more links from each of the one or more link resource servers, embedding the links in the data object, and sending the data object to the requesting client via the computer network.07-11-2013
20130179947SYSTEM AND METHOD FOR DECENTRALIZED ONLINE DATA TRANSFER AND SYNCHRONIZATION - A method of sharing data is disclosed. A request from a client node to access data in a share associated with a server node is received. A communication from a management nexus is received. The communication includes a confirmation of an identity of the client node and a confirmation of an authorization for the client node to access the data in the share associated with the server node. The client node is allowed to access the data in the share associated with the server node based on the communication from the management nexus. However, the data is not sent to the management nexus.07-11-2013
20130179948SHARING INFORMATION ON A NETWORK-BASED SOCIAL PLATFORM - A system and method for sharing information on a network-based social platform is provided. An indication is received from a first user to share information regarding an item on a network-based social platform. The network-based social platform is a platform that allows the first user to communicative couple with other users of the network-based social platform. Profile information of the first user is accessed. A determination of whether the first user is authorized to share the information is made. Based on the first user being authorized, an identifier for the item is added to a list of recommended items that is accessible view the network-based social platform.07-11-2013
20130145427AUTHORIZING APPLICATION ACCESS TO SECURE RESOURCES - An application submits a permission request to a resource server. In response to receiving the request, the resource server generates a user interface that asks the user to grant or deny the requested permissions. If the permissions are granted, data is stored indicating that the application has the requested permissions. When a runtime request for a resource is received, the resource server determines whether the request has been made by a user, by an application, or by an application on behalf of a user. If the request is made by an application only, the request is granted only if the application has permission to access the resource by way of a direct call not on behalf of a user. If the request is made by an application on behalf of a user, the request is granted only if both the user and the application have sufficient permission.06-06-2013
20130145428DENIAL OF SERVICE ATTACK RESISTANT INPUT PORT - An input port for a computer system may retain potentially authenticable requests for processing while removing other connection requests from an incoming queue or request pool. The input port may continue to receive new requests even during a denial of service attack, allowing potentially legitimate requests to be processed. In a typical embodiment, a first in, first out buffer may be used to receive and process connection requests. When the buffer is full, any request that comes from a device having a previous connection with the computer system may be retained for authentication, while removing requests that come from unknown devices. Some embodiments may retain a list of known devices associated with administrators or other known users, and the list may be updated as those users are authenticated.06-06-2013
20130145430ASSET STREAMING - A device streams assets to network-based storage in cooperation with servers administering the network-based storage. The servers manage and secure access to the stream of assets, on both an account level and an asset level, in accordance with asset metadata registered for the assets during streaming, and in accordance with account data associated with the assets being streamed and the device with which the assets are streamed. The servers operate to notify other authorized devices associated with the device that the assets are available to download, including initiating the download of assets automatically or in response to user input.06-06-2013
20130145432TRUST CONFERENCING APPARATUS AND METHODS IN DIGITAL COMMUNICATION - A conferencing application executing on a computerized appliance from a machine-readable medium, the computerized appliance coupled to one or more networks is provided, the application including functionality for responding to requests to join a conference, and for enabling requesters as participants, functionality for receiving and rendering text, voice or video data from each registered participant as text, voice or video data to be transmitted to individual ones of other participants, functionality for controlling which received text, voice or video data is transmitted to which participants, and functionality for receiving and executing instructions from a trust authority.06-06-2013
20130145433USING A LOCAL AUTHORIZATION EXTENSION TO PROVIDE ACCESS AUTHORIZATION FOR A MODULE TO ACCESS A COMPUTING SYSTEM - Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system. A memory stores information on a first validity range comprising position coordinates for a module seeking to access the computing system and a second validity range comprising position coordinates for a location authorization extension for a computing system. A determination is made of a first position signal from a first receiver of the module and of a second position signal from a second receiver of the location authorization module. Determinations are made as to whether the first position signal is within the first validity range and whether the second position signal is within the second validity range. The module is granted access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range.06-06-2013
20130145434Unattended Authentication in a Secondary Authentication Service for Wireless Carriers - A wireless device initiates a connection by sending an Unsolicited HTTP(s) POST that includes a user identity and credentials, not in response to a form that is provided to the wireless device from a secondary authentication service (2AS), so the 2AS does not have a session with the wireless device. An HTTP(s) session is handled by a home agent or enterprise home agent. The 2AS uses the user identity and credentials from the Unsolicited POST to complete interaction with a downstream identity management server, and takes appropriate action by either indicating to the home agent that authentication was successful and the device is authorized to use the private enterprise network resources protected by the 2AS process; or if the authentication was unsuccessful that the session(s) should be disconnected. In addition, the 2AS may communicate with the agent on the wireless device to send intermediate and final status of the attempt.06-06-2013
20130145435METHOD AND APPARATUS FOR PROVIDING ENHANCED SERVICE AUTHORIZATION - An approach is provided for authorizing one or more services from service providers in a communications network. The approach includes receiving a request from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider. Based, at least in part, on the secondary token identifier, a secondary token is identified; and then the secondary token is sent to the first service provider, wherein the first service provider and the second service provider belong to different trust domains and the first service provider can use the secondary token to access resources of the second service provider.06-06-2013
20130145436SYSTEM AND METHOD FOR RESTRICTING ACCESS TO NETWORK PERFORMANCE INFORMATION - A system and method for restricting access to network performance information associated with communications over a packet network. A request may be received from a user to access network performance information associated with communications of data packets over a packet network. A determination as to whether the user has permission to access the network performance information may be made. In response to determining that the user has permission to access the network performance information, the user may be enabled to access the network performance information; otherwise, the user may be prevented from accessing the network performance information. The network performance information may include information associated with communications of data packets including real-time content and non-real-time content.06-06-2013
20130145437PROTECTION AGAINST MALWARE ON WEB RESOURCES UTILIZING SCRIPTS FOR CONTENT SCANNING - A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications.06-06-2013
20130145438MOBILE EQUIPMENT AND SECURITY SETTING METHOD THEREOF - The present invention relates to mobile equipment and a security setting method thereof for improving security of an object accessible by a user and for providing an easy security setting for the user by controlling user rights for the object according to a security setting pattern of the user. To this end, mobile equipment according to an embodiment of the present invention comprises: a mode management unit which determines a security setting mode; a setting management unit which checks a preset security setting in the case that the security setting mode is a first mode, and checks a security setting corresponding to time or location in a security setting pattern in the case that the security setting mode is a second mode; and a right control unit which controls user rights for an object according to the checked security setting, wherein the security setting pattern is changed on the basis of information on the time or location.06-06-2013
20130145429System Utilizing a Secure Element - An electronic device includes a receiver configured to receive, from an entity, a request to perform a function. The electronic device also includes a secure element to verify the request to perform the function. The secure element includes hardware programmed with instructions to verify that a security of the secure element has not been breached. The secure element also includes software including instructions to determine an access right for the entity requesting performance of the function, and to perform the function when the hardware verifies that the security of the secure element has not been breached and the access right indicates that the entity is authorized to request performance of the secure function.06-06-2013
20120254953METHOD FOR PROVIDING AND OBTAINING CONTENT - In a data providing server, whether or not specified compressed content data generated by means of a specified compression coding method corresponding to terminal identification information has been stored in a content database is detected, according to content specifying data transmitted from a portable dedicated terminal. If the specified compressed content data has been stored, the data providing server reads and transmits this to the portable dedicated terminal. And if the specified compressed content data has not been stored, the data providing server generates the specified compressed content data by means of the specified compression coding method, and transmits this to the portable dedicated terminal.10-04-2012
20120254952INTERFACE DEVICE FOR AN INTELLIGENT ELECTRONIC DEVICE AND METHOD OF OPERATING AN INTERFACE DEVICE - The present invention relates to a system comprising an interface device (10-04-2012
20120254951PROVIDING PROTECTION AGAINST UNAUTHORIZED NETWORK ACCESS - A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.10-04-2012
20120254950Delivery control for messages communicated among end user communication devices - An exemplary method implemented by a first end-user communication device originates an electronic communication. User input is received to create information to be conveyed by the transmission of a digital packet having a header segment and a user data segment. The user data segment contains a user message and an acknowledgement command where the acknowledgement command conveys a request to a recipient device to authorize the sending of an acknowledgement reply message. Authorization of the sending of the reply acknowledgement message serving as a condition precedent to the recipient being able to view the corresponding received user message. Displaying a composition screen by which the user inputs the user message and can insert the acknowledgement command in a command field in the user data segment prior to transmission of the digital packet. The digital packet with the user data segment that contains the user message and the acknowledgement command is transmitted to a recipient device. Another embodiment includes a method implemented by a first end-user communication device that receives and processes such electronic communication.10-04-2012
20120254949METHOD AND APPARATUS FOR GENERATING UNIQUE IDENTIFIER VALUES FOR APPLICATIONS AND SERVICES - An approach is provided for adapting and regenerating identifiers for use in connection with applications and services available to a device. An identification generation platform receives a request to generate one or more identifiers associated with a device, a user of the device, or a combination thereof. At least one seed value associated with the device, the user of the device, or a combination thereof is determined. The platform then processes at least one seed value to cause, at least in part, a generation of the one or more identifiers.10-04-2012
20120254948METHODS AND SYSTEMS FOR AUTHENTICATING ONE OR MORE USERS OF A VEHICLE COMMUNICATIONS AND INFORMATION SYSTEM - In at least one embodiment, a system for authorizing use of a vehicle communication and information system may include one or more data processors configured to receive information associating one or more devices with a vehicle computer. The data processor(s) may be also configured to receive information identifying a user requesting authorization to command the vehicle controls from the one or more devices associated with the vehicle computer. The user(s) may be authorized to command the vehicle controls from the one or more devices associated with the vehicle computer based on performing an authentication process for authenticating the user, determining that the user is an authenticated user based on the authentication process, and enabling command of one or more vehicle controls from the one or more remote devices via the associated vehicle computer based on the user being authenticated.10-04-2012
20120254947Distributed Real-Time Network Protection for Authentication Systems - Information about security events detected by a group of protected web-connected resources is centrally managed in order to detect distributed attacks and slow paced attacks by providing to a plurality of web-connected resources a deployment component which couples to a native authorization service of each web-connected resource; receiving a plurality of security event reports from one or more of the deployment components by a command and control center computer; based on collected information from the plurality of security event reports, determining a threat level indicator across the plurality of web-connected resources using one or more analyses and metrics; and transmitting the threat level indicator to each of the web-connected resources.10-04-2012
20120254946ESTABLISHING PRIVILEGES THROUGH CLAIMS OF VALUABLE ASSETS - A service accessible by a set of entities may be provided to each entity at a different service level (e.g., with a different set of privileges) based on the privilege level of the entity. However, many users may attempt to perform malicious activities through the service, and may do so with impunity if the penalties of detection are inconsequential. Instead, privilege levels of entities may be established based on the claims of assets having identifiable value. Such claims may be established by submitting an asset identifier to the service, such as proof of a software license identified by the submission of a license key purchased at a substantial cost. The penalties of malicious activities performed by such users may include the invalidation of such asset identifiers. Establishing the privilege levels of respective entities in this manner raises the penalties, and hence the deterrence, of attempted malicious use of the service.10-04-2012
20120254945ENFORCING WEB SERVICES SECURITY THROUGH USER SPECIFIC XML SCHEMAS - A method of enforcing web security, by: (a) receiving an incoming request; (b) applying a plurality of XML customized schemas to the incoming request, and thereby: (c) simultaneously validating the incoming request and determining whether the incoming request is authorized; and then, (d) (i) processing the incoming request if the incoming request is both valid and authorized, (ii) sending the incoming request to an authenticator if the incoming request is valid but not authorized, or (iii) ceasing operation on the incoming request if the incoming request is not valid.10-04-2012
20120254955PERSONAL AUTHENTICATION METHOD, PERSONAL AUTHENTICATION SYSTEM, AND PORTABLE-TYPE COMMUNICATION TERMINAL - A personal authentication system includes a terminal enabled to perform a predetermined information processing process, a USB memory enabled to perform near field communication with a cell phone having an e-mail function through Bluetooth, and an authentication server. When the USB memory is loaded onto the terminal, USBID is read, and then transmitted from the terminal to the authentication server. The authentication server authenticates the USBID, and transmits an authentication key corresponding to the USBID to the corresponding cell phone if the USBID is authentic. The cell phone transmits the authentication key to the USB memory via Bluetooth. The received authentication key is transmitted from the terminal to the authentication server via the USB memory. The authentication server performs personal authentication by comparing the transmitted authentication key with the received authentication key to check for identification.10-04-2012
20120254954SYSTEM FOR MULTIMEDIA VIEWING BASED ON ENTITLEMENTS - An advertising control method is described. The method includes receiving an advertisement identification message (AIM) (10-04-2012
20130139221Web Authentication Support for Proxy Mobile IP - Techniques are provided for performing web authentication of mobile wireless devices that roam from a wireless wide area network to a wireless local area network. A redirect rule is invoked when a request is received from the mobile wireless device for world wide web access in order to obtain authentication for the mobile wireless device before permitting world wide web access. When a world wide web access request is received from the mobile wireless device, it is redirected to an authentication portal to allow a user of the mobile wireless device to enter user credentials to allow for world wide web access using the IP address.05-30-2013
20130139227Security Architecture For A Process Control Platform Executing Applications - A security component within a supervisory process control and manufacturing information system comprising a set of user roles corresponding to different types of users within the information system, a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles, and a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system. The security permissions within the supervisory process control and manufacturing information system are assigned at an object attribute level.05-30-2013
20130139225COMMUNICATION APPARATUS - A communication apparatus is configured to communicate with a service providing server. The service providing server provides a data upload service and, for each user, associate and stores authentication information for a user and an e-mail address for the user. The communication apparatus includes: a storage control unit storing specific authentication information for a specific user in a memory; an acquisition unit which, when an upload instruction for uploading target data to the service providing server is input from the specific user, uses the specific authentication information in the memory to acquire a specific e-mail address, which is stored in association with the specific authentication information, from the service providing server; and an upload unit that transmits a specific e-mail including the target data and the specific e-mail address as a transmission destination address, for uploading the target data to the service providing server.05-30-2013
20130091556METHOD FOR ESTABLISHING A SECURE AND AUTHORIZED CONNECTION BETWEEN A SMART CARD AND A DEVICE IN A NETWORK - It is provided a method a method for establishing a first secure and authorized connection between a smart card and a first device in a network, wherein the first device comprises a second secure connection to a second device, wherein the method comprises storing a first security data; transferring the first security data between the first device and the second device; providing the first security data at the first device; establishing a binding between the smart card and the first device via the first secure and authorized connection utilizing the first security data; authorizing the binding between the smart card and the first device; and sending a second security data from the smart card to the first device via the first secure and authorized connection whereas the second security data may be usable for authentication of the first device to the network.04-11-2013
20130091555COMMUNICATION RELAY APPARATUS, COMMUNICATION RELAY SYSTEM, COMMUNICATION RELAY METHOD, AND COMMUNICATION RELAY PROGRAM - This invention is directed to acquisition of a communication path for a mobile communication apparatus in a case of occurrence of communications beyond the capacity of a radio base station due to a communication trouble or the like.04-11-2013
20130091553METHOD AND APPARATUS FOR DETERMINING INPUT - A method and apparatus for determining an input are provided. The method includes authenticating an external device, when the external device approaches in a predetermined range; determining an area approached by the external device and determining whether the determined area is valid; and outputting a predetermined indication to a predetermined area related to the area approached by the external device.04-11-2013
20130091552AUTHENTICATION METHOD AND APPARATUS FOR USER EQUIPMENT AND LIPA NETWORK ENTITIES - An authentication method for user equipment (UE) and LIPA network entities is applicable to a cross-LIPA communication environment having an UE end, a visiting LIPA network entity end (LIPA04-11-2013
20130091551Social Processing Member Offering Fixed and Intelligent Services - A social networking system offers a variety of fixed and intelligent services and social device resources participating as members in a social network (SNET) group. Such members may include, for example, social billing and payment services, digital assistants and artificial intelligence functions, robotic control and training services, media content storage and playback services, data backup services, services that support distributed processes such as distributed research projects, networking elements such as network attached storage (NAS), firewalls, proxies, etc. In various embodiments, such services and resources may become available upon being selectively docked or otherwise associated (e.g., through docking of a supporting device) with a SNET group by a human member or third party via a docked user device. Selection of available services may be supported through a visual menu provided by a member device or support service.04-11-2013
20130091550SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO CONTENT DISTRIBUTED OVER A NETWORK - A computer-implemented method is provided for controlling use of a file on a user device. The method includes transmitting authentication information to a system and downloading the file from the system over the network upon successful authentication by the system. The method also includes limiting access of the file to a client application of the user device and preventing altering of the file, printing of the file and opening of the file outside of the client application. Notes corresponding to the file can be stored in a local storage area.04-11-2013
20130091549SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO CONTENT DISTRIBUTED OVER A NETWORK - A computer-implemented method is provided for controlling use of a file on a user device. The method includes transmitting authentication information to a system and downloading the file from the system over the network upon successful authentication by the system. The method also includes limiting access of the file to a client application of the user device and preventing altering of the file, printing of the file and opening of the file outside of the client application. Notes corresponding to the file can be stored in a local storage area.04-11-2013
20130091548SENDING DIGITAL DATA VISUALLY USING MOBILE DISPLAY AND CAMERA SENSOR - A system for establishing a connection between a first device and a wireless network includes a first control module, located on the first device, that receives encoded digital data. The encoded digital data corresponds to a plurality of images displayed sequentially on a display of a second device. Each of the plurality of images corresponds to a different portion of the encoded digital data. A decoder module, located on the first device, converts the encoded digital data into configuration data. The configuration data includes at least one of an identifier of the wireless network, an encryption key associated with the wireless network, and a password associated with the wireless network. The first control module uses the configuration data to establish the connection with the wireless network.04-11-2013
20130091554TERMINAL APPARATUS, SERVER APPARATUS, NETWORK SYSTEM, AND COMMUNICATION METHOD - A terminal apparatus according to an embodiment includes: a cookie memory unit that stores an Opt-allow cookie which is data set by a user and is data indicating whether use of user information regarding the user is permitted for each user information; a connecting unit that performs communication connection with a server apparatus that determines content to be delivered based on the user information; and a transmitting unit that transmits the Opt-allow cookie stored in the cookie memory unit to the server apparatus, when the server apparatus connected through the communication connection by the connecting unit receives the cookie.04-11-2013
20130091547Method and System for Enabling Non-Intrusive Multi Tenancy Enablement - A system for enabling non-intrusive multi tenancy enablement in an application may include a processing unit configured to, among other things, identify a data isolation mechanism available in said application, create a centralized multi-tenant database, generate a controlled provisioning layer to manage relationships between a set of consumers and a corresponding entity uniquely developed for said consumers, and generate a multi-tenant wrapper interface for managing relationship(s) between said consumers and instances of the application. The system may further include a memory unit configured to host said centralized customer database to manage users and associated access privileges in said application.04-11-2013
20130097674METHODS AND APPARATUSES TO PROVIDE SECURE COMMUNICATION BETWEEN AN UNTRUSTED WIRELESS ACCESS NETWORK AND A TRUSTED CONTROLLED NETWORK - A request for an IP address for a client device having a first identifier information is received from an AP device. The request for the IP address is associated with a first communication protocol. The first identifier information is compared to a second identifier information. The second identifier information is associated with a second communication protocol. The second communication protocol is different from the first communication protocol. The IP address for the client device based on comparing.04-18-2013
20130097673SYSTEM AND METHOD FOR ELECTRONIC TRANSACTION AUTHORIZATION - A system and a related method are disclosed for authenticating an electronic transaction. Input behavioral data is captured related to measured interactions with at least one input device. The input data is compared to probability distribution representations for a demographic group and for a wide population, performing the measured interaction(s). The system is configured to authenticate the electronic transaction based on the comparing.04-18-2013
20130097675POSITIONING SYSTEM FOR SERVER - A server includes a global positioning system (GPS) module, a network port, a baseboard management controller (BMC), and a physical layer (PHY) chip. The GPS module is used to transmit the position information of the server. The BMC is utilized to receive a user message from the network port, and obtain the position information according to the request from the network port when the user is authorized to access the server. The PHY chip is coupled to a network through the network port, and is employed to send the position information to the network port from the BMC.04-18-2013
20130104200APPARATUS AND METHOD FOR CONTROLLING ACCESS TO MULTIPLE SERVICES - An apparatus and a method are provided for controlling access to a plurality of services. An authentication request is received for requesting authentication about the plurality of services. Service authentication is performed for the plurality of services based on authentication information for the plurality of services provided from a service provider unit according to the authentication request. An access right to the plurality of services is acquired from the service provider unit.04-25-2013
20130104199Object and Resource Security System - According to the invention, a method for securing a plaintext object within a content receiver is disclosed. In one step, a secure portion of a secure object and a plaintext remainder of the secure object are received. Which portion of the secure object is the secure portion is determined. The secure portion is decrypted to provide a plaintext portion. The plaintext object that comprises the plaintext portion and the plaintext remainder is formed. The plaintext object is stored including authentication and authorization.04-25-2013
20130104198TWO-FACTOR AUTHENTICATION SYSTEMS AND METHODS - Systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device), eliminating the need to manually provide a response to future permission requests. Information necessary to determine whether the automation criterion is met is stored locally on the mobile device.04-25-2013
20130104197AUTHENTICATION SYSTEM - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access to the secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.04-25-2013
20130125213CENTRALIZED IDENTITY AUTHENTICATION FOR ELECTRONIC COMMUNICATION NETWORKS - A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user's identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user's identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users.05-16-2013
20130125211SYSTEM AND METHOD FOR PROVIDING DYNAMIC INSURANCE PORTAL TRANSACTION AUTHENTICATION AND AUTHORIZATION - Systems and methods are disclosed herein for managing electronic access to a plurality of computerized insurance services. A network interface is configured to receive a user identity provided by a user remote to the system and an access request from the user to access a selected computerized insurance service from the plurality of computerized insurance services. A memory stores computer executable instructions which, when executed by a processor, cause the system to determine a set of access rights for the user based on the user identity and an insurance-related role associated with the user identity and allow the user to access the selected computerized insurance service according to the access request only if the access requested is included in the determined set of access rights. At least two of the computerized insurance services are implemented on substantially different information platforms.05-16-2013
20130125217Authorization Control - The application describes an attestation system (05-16-2013
20130125212REMOTE DISPLAYING - Technologies are generally described for a remote displaying scheme configured to transmit display data stored in a source device to a target device for displaying the display data on the screen of the target device. In some examples, a method performed under control of a source device may include broadcasting to one or more target devices request information that comprises a request for displaying display data, obtaining permission information generated by a target device of the one or more target devices, the permission information based, at least in part, on the request information, transmitting to the target device an acknowledgement that a communication channel between the source device and the target device is established, the acknowledgement based, at least in part, on the permission information and transmitting to the target device the display data based, at least in part, on the permission information.05-16-2013
20130125210PERMISSION RE-DELEGATION PREVENTION - Methods and systems for preventing permission re-delegation among applications are disclosed herein. The method includes accepting a message requesting access to a user-controlled resource from a requester application at a deputy application and reducing a first permissions list of the deputy application to a second permissions list. The second permissions list includes an overlap of permissions between the deputy application and the requester application. Moreover, the method also includes sending the message from the deputy application to a computing system via an application programming interface (API), wherein the computing system is configured to reject the message if the second permissions list of the deputy application does not permit access to the user-controlled resource.05-16-2013
20130125216METHOD AND SYSTEM FOR MODELING OPTIONS FOR OPAQUE MANAGEMENT DATA FOR A USER AND/OR AN OWNER - Distributed Management Task Force (DMTF) management profiles, based on the Common Information Model (CIM) protocol, may be utilized to perform access authentication during opaque management data profile operations based on DMTF/CIM Role Based Authorization (RBA) profile and/or Simple Identity Management (SIM) profiles. Instances of CIM_Identity class may be utilized to enable validation of ownership and/or access rights, via instances of CIM_Role class and/or instances of CIM_Privilege class for a plurality of common users and/or applications. Quota related operations may be performed via “QuotaAffectsElement” associations between instances of CIM_Identity class and instances of the CIM_OpaqueManagementDataService class. The “QuotaAffectsElement” association may comprise “AllocationQuota” and/or “AllocatedBytes” properties to enable tracking and/or validating of quota related information within the opaque management data profile.05-16-2013
20130125215REMOTE APPLICATION PRESENTATION OVER A PUBLIC NETWORK CONNECTION - Web access over a public network for applications that operate on virtual desktops on a plurality of servers is facilitated. Through the web access the user is provided with the information necessary to establish a connection with an application by way of the virtual desktop. Applications that the user is authorized to access are determined and those applications that the user is not authorized to access are filtered out. The applications associated access control list is used for determining the user's access to discover an application.05-16-2013
20130125214AUTOMATIC PIN CREATION USING PASSWORD - A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password.05-16-2013
20130125209USER INTERFACE FOR SELECTION OF MULTIPLE ACCOUNTS AND CONNECTION POINTS - Embodiments of the present disclosure provide a user interface that enables a user to more easily identify servers that may be used to set access permissions for content items. The method and system described herein includes receiving user credentials that are associated with a user. In response to receiving the user credentials, one or more servers associated with the user credentials are displayed. The one or more servers are configured to manage information rights for a content item created by the user. Upon receiving a selection of one of the one or more servers, a list of one or more templates supported by the selected server is displayed to the user. The one or more templates identify information rights that may be applied to the content item.05-16-2013
20130133040SYSTEM AND METHOD FOR MANAGING AUTHORIZATION OF FUNCTIONS OF ELECTRONIC DEVICE - A system includes a base station, a number of electronic devices, and a server. The base station radiates wireless signal including a base station identifier for identifying the base station and an authorization code for setting authorization level for a function of the electronic device. The electronic device detects the wireless signal, determines the existence of a predetermined base station according to the base station identifier, analyzes the authorization code to determine the function and authorization represented by the authorization code, disables the determined function, receives user information in response to an authorization input, transmits the received user information to the server to retrieve the pre-set authorization level of the user of the electronic device, and enables the function in response to the authorization represented by the authorization code being equal or lower than the retrieved pre-set authorization level.05-23-2013
20130133039Method for statistical object identification - The present invention provides a mechanism to communicate an original object (05-23-2013
20130133038AUTHENTICATION FOR SOCIAL NETWORKING MESSAGES - A tool for verifying that a message received by a social networking service was sent by a bona fide owner of a social networking account who purportedly sent the message. The tool receives a message and it locates in the message a string that was entered into a message text field of the message. The string is compared with a registered authentication string for the bona fide owner of the account. If the string in the message matches the registered authentication string, the string is removed from the message and the message is forwarded to the social networking service. If the string in the message does not match the registered authentication string, the message is blocked from being forwarded to the social networking service.05-23-2013
20130133041Data Traffic Control in a Communication Network - A method and apparatus for controlling data traffic in a communications network. The server determines that network conditions are suitable for sending delay tolerant data traffic, and as a result of the determination, it transmits a grant message to at least one client device, the grant message informing the client device that it is permitted to send or receive delay tolerant data traffic.05-23-2013
20130133036REMOTE CONTROL OF DIALYSIS MACHINES - This disclosure relates to remote control of dialysis machines. In certain aspects, a method includes receiving a request for a network connection from a dialysis machine and establishing the network connection with the dialysis machine. The method also includes receiving, from a client device, a request to access the dialysis machine, authorizing the client device to access the dialysis machine, receiving, from the dialysis machine, information pertaining to an operation of the dialysis machine, and providing, to the client device, the received information.05-23-2013
20110061093TIME DEPENDENT ACCESS PERMISSIONS - A network object access permission management system useful with a computer network including at least one server and a multiplicity of clients, the system including an access permissions subsystem which governs access permissions of users to network objects in the computer network in real time and a future condition based permissions instruction subsystem providing instructions to the access permission subsystem to grant or revoke access permissions of the users to network objects in real time in response to future fulfillment of conditions which are established by an operator in advance.03-10-2011
20110219431SYSTEM AND METHOD OF QUALITY OF SERVICE ENABLEMENT FOR OVER THE TOP APPLICATIONS IN A TELECOMMUNICATIONS SYSTEM - A system, method, and node providing a predefined Quality of Service (QoS) level to an Over The Top (OTT) service provider in a telecommunications network. A User Equipment (UE) initiates an IP-based application session (e.g., Hyper Text Transfer Protocol (HTTP) session) with the OTT service provider by sending an application-dependent message toward an OTT application server. The method begins with a proxy node in the telecommunications network intercepting the application-dependent message. The proxy node then modifies the application-dependent message by adding a subscriber identification to the header of the application-dependent message. The proxy node forwards the modified application-dependent message to the OTT application server. The OTT application server then sends a request having the subscriber identification to the telecommunications network with a QoS requirement for the HTTP session. Next, a network policy node determines an appropriate QoS level for the subscriber. A network gateway then enforces the determined QoS level for the HTTP session with the OTT service provider.09-08-2011
20130097676MOBILE DEVICE MANAGEMENT - A device management method, is disclosed in which available features on a slave mobile device are managed (monitored or controlled) by a slave manager module commanded by a master device through secure messages exchanged between the two devices using respective electronic messaging capabilities on the two devices. Selection of the features of the slave mobile device to be controlled or monitored is facilitated on the master device through a master manager module resident thereon. The features that are controlled or monitored may comprise any user-accessible feature incorporated or installed on the slave mobile device and user access to the feature may be prevented according to at least one criterion, such as date of use, time of day of use, number of times of use, originator and recipient. User access to the feature may be prevented access to the user-accessible feature when usage limitations for the feature have been reached.04-18-2013
20110214163AUTOMATED ANALYSIS OF COOKIES - Techniques and tools relate to analysis of cookies. For example, techniques and tools are described for determining whether cookies stored on a computer in response to a particular event (e.g., the rendering of an advertisement in a browser) are authorized. In one implementation, a cookie analysis system includes a browsing simulator having a web browser and a virtual graphical environment. The browsing simulator renders web pages (e.g., automatically), including ad creative objects (e.g., objects that represent images, graphical animations, video clips, etc.) corresponding to advertisements in the web pages. The cookie analysis system creates test files for the ad creative objects. The cookie analysis system identifies and analyzes cookies (e.g., HTTP cookies, or other objects such as local shared objects) that are set in response to the rendering of ad creative objects.09-01-2011
20080201766Efficient data structures for multi-dimensional security - Efficient data structures are generated to enforce permissions on a multi-dimensional representation in a performance management application. A model site is generated having at least one model with at least one dimension. User permissions and group permissions are set for the model. The user permission and the group permissions are deployed to a relational database. A collective user permission table is generated based on the user permissions and the group permissions. Thus, an end user may receive permissions associated with a model and permissions associated with particular dimensions of a model without an inefficient consumption of resources.08-21-2008
20110225632TRUSTWORTHINESS DECISION MAKING FOR ACCESS AUTHENTICATION - There are provided measures for trustworthiness decision making for access authentication, for example relating to the trustworthiness of non-3GPP access networks within a 3GPP-compliant packet data system, exemplary comprising receiving an indication about a provisional trustworthiness of an access network, which provides packet data access for a roaming user, with respect to a visited network of said user from a network element of said visited network, determining the applicability of local breakout or home routing for each subscribed access point name of said user, and deciding about a final trustworthiness of said access network based upon the received provisional trustworthiness indication and the determined routing applicability for each subscribed access point name of said user.09-15-2011
20130145431INTEGRATED CIRCUITS AS A SERVICE - Technologies are generally described for provisioning and managing access to FPGAs as a service. In some examples, a system for allowing provisioning management for shared FPGA use and access control to enable a user's processes to access their custom programmed FPGA may accept user packages for compilation to an FPGA in communication with datacenter servers. The user packages may be imaged to the FPGA with an added management payload, and a driver and user key may be employed to allow selective access to the FPGA as a service for datacenter virtual machines. Together these elements allow a datacenter to provision rentable integrated circuits as a service (ICaaS). Additional services such as billing tracking, provision management, and access control may be provided to users allowing them to realize lower cost while the datacenter realizes greater return.06-06-2013
20110239278Verifying Access Rights to a Network Account Having Multiple Passwords - A computer-implemented system and method for verifying access to a network account are provided. A first user communication portal is associated with a user network account. A request to access the user network account is received from a second user communication portal. Security criteria related to the second user communication portal is determined. Access to the user network account is enabled upon receipt of a communication associated with the first user communication portal when the security criteria is of a predetermined value.09-29-2011
20120278866METHODS AND APPARATUSES FOR SECURELY OPERATING SHARED HOST COMPUTERS WITH PORTABLE APPARATUSES - The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, an authorization signature may also be utilized to authorize a connected-state guest operation environment in the host device.11-01-2012
20120278865METHOD, SYSTEM AND APPARATUS FOR IDENTIFICATION - One exemplary embodiment describes a method, system and apparatus for storing and providing data. A software application may be utilized on a smartphone or similar device to house data. The data may be accessed by a user to manipulate the data or view the data. The data may also be accessed by an authorized party, for example in the event of an emergency. The application and associated data may be accessed in a variety of manners and the data displayed or available may be adjusted by the user for security and appropriate usage.11-01-2012
20120278861METHOD FOR SECURELY CREATING A NEW USER IDENTITY WITHIN AN EXISTING CLOUD ACCOUNT IN A CLOUD COMPUTING SYSTEM - The invention proposes a method for securely creating a new user identity within an existing cloud account in a cloud computing system, said cloud computing system providing cloud services and resources, said cloud account comprising cloud user identities, said method comprising enabling a first user to access the cloud services and resources using a first security device, wherein it comprises authenticating to the first security device, creating a new user identity within the cloud account for a second user using the first security device.11-01-2012
20130152168WIRELESS CONNECTION METHOD AND DEVICE - A method, a device, and an access point are provided for obtaining network access. A method, comprising: receiving, by an access point device and from wireless device, a request for authorization to access a network through the access point; determining, by the access point, a distance between the access point and the wireless device; determining, by the access point, that the distance is less than a first threshold distance; using, by the access point, a first process to grant access to the network through the access point when the distance is less than the first threshold distance; and using, by the access point, a second process to grant access to the network through the access point when the distance is not less than the first threshold distance, where the first process is a different and less complex for granting access to the network than the second process.06-13-2013
20130152169CONTROLLING ACCESS TO RESOURCES ON A NETWORK - Disclosed are various embodiments for controlling access to data on a network. In one embodiment, a proxy service receives a request from a user on a client device to access a quantity of enterprise resources served up by an enterprise device. In response, the proxy service determines whether the user on the client device has been authenticated to access the enterprise resources. The proxy service also determines whether the client device from which the user requested the access is authorized to access the enterprise resources. Responsive to the determination that the user is authentic and that the client device is authorized, the proxy service associates a set of approved enterprise access credentials with the request and facilitates the transmission of the requested enterprise resources to the client device.06-13-2013
20130152170Region Access Platform, Mobile Positioning Method and System - A region access platform is disclosed in the present invention. The region access platform is set to: receive a positioning request from a positioning client; authenticate the positioning client; and after the authentication is passed, obtain a positioning result locally or from a Mobile Positioning Center (MPC) and return the positioning result to the positioning client. A mobile positioning method is also disclosed in the present invention and includes: a region access platform receiving a positioning request from a positioning client, authenticating the positioning client, and after the authentication is passed, acquiring positioning result locally or from a MPC and returning the positioning result to the positioning client. A mobile positioning system is also disclosed in the present invention. The present invention can facilitate the management and maintenance and also facilitates the operator to carry out a service.06-13-2013
20130152173METHOD, APPARATUS, AND COMPUTER-READABLE MEDIUM FOR CONTENT ACCESS AUTHORIZATION - An apparatus, computer-readable medium, and computer-implemented method for granting access to content are disclosed. An exemplary method includes receiving user credentials associated with a user from a device which has authorization to access content in a first content domain, determining whether the user associated with the user credentials has a license to access content in a second content domain, and granting temporary authorization to the device which allows it to access content in the second content domain based at least in part on the determination that the user associated with the user credentials has a license to access content in the second content domain.06-13-2013
20130152174METHOD, APPARATUS, AND COMPUTER-READABLE MEDIUM FOR CONTENT ACCESS AUTHORIZATION - An apparatus, computer-readable medium, and computer-implemented method for obtaining access to content are disclosed. The method includes transmitting user credentials associated with a user of a device, the device having authorization to access content in a first content domain, and receiving temporary authorization for the device to access content in a second content domain based at least in part on a determination that the user associated with the user credentials has a license to access content in the second content domain.06-13-2013
20130152171SYSTEM AND METHOD TO FACILITATE COMPLIANCE WITH COPPA FOR WEBSITE REGISTRATION - Embodiments of the present invention provide a third-party system that allows parents or authorized guardians to continually grant permissions to several websites and online services and provides a one-time-authentication process of the parent-child relationship. Through this system, the need to re-authenticate the parent-child relationship or for each online company to build their own authentication system and COPPA record keeping mechanisms can be reduced or eliminated. In addition, the embodiments provided herein may afford a service for managing COPPA compliance that is relatively easy for online companies to integrate into their online services and websites.06-13-2013
20130152172Entitled Data Cache Management - Systems and methods are disclosed for managing an entitled data cache. A data server may generate and send entitled data to a data cache server. The data cache server, a server that may be located nearer to the user within a data provider's computer network, may receive and cache the entitled data. A permission server may store user's permissions and transmit the user's permissions to the data server and the data cache server. Upon receiving a request for data, the data cache server may retrieve the requested data from the cache and send a subset of the cached data which matches the user's permissions to the user, without the need to request the data from the data server.06-13-2013
20100293601SHARED DEVICE IDENTITY MANAGER - A device receives an identity claim associated with a user of a shared device, and determines whether the identity claim is valid. The device also determines one of an individual identification or a group identification to affiliate with the shared device when the identity claim is determined to be valid. The device further provides one or more preferences and privileges to the shared device based on the one of an individual identification or a group identification affiliated with the shared device.11-18-2010
20120260320Device-Specific Authorization at Distributed Locations - A method includes receiving, at a client device, an authentication seed from a first network. The method also includes receiving a shared secret. The method further includes, in response to receiving the authentication seed, determining a network address of the client device. The method further includes computing a result of a one-way hash function of a combination of the network address, the authentication seed, and the shared secret. The method further includes transmitting the network address and the result of the one-way hash function to a server that provides access control of a second network coupled to the first network. The method further includes receiving permission from the server to access the second network.10-11-2012
20120260319MULTIPLE APPLICATION CHIP CARD HAVING BIOMETRIC VALIDATION - A smart card includes a plurality of application circuits that are each related to at least one application service securely contained within the card, each application circuit is energizable by an outside signal; a control unit making it possible to identify the energized application circuit and the related service and moreover to activate the service in response to activation authorization; and a biometric circuit for authenticating the user so as to generate the activation authorization.10-11-2012
20120260317Systems and Methods for a Notification System That Enable User Changes to Quantity of Goods and/or Services for Delivery and/or Pickup - Systems and methods are disclosed for automated notification systems. A representative method, among others, can be summarized by the following steps: monitoring travel data in connection with a mobile thing (MT) that is destined to pickup or deliver an item or service at a stop location; causing initiation of a notification communication session with a personal communications device (PCD) based upon the travel data; and during the notification communication session, enabling a party associated with the PCD to change one or more tasks associated with the pickup or delivery. A representative system, among others, comprises a computer or other automated system that is programmed or designed to perform the foregoing steps.10-11-2012
20120260315FIREWALLS FOR PROVIDING SECURITY IN HTTP NETWORKS AND APPLICATIONS - Systems and methods provide security to HTTP applications. Responses sent from a server, such as a web server, are analyzed and a signature is generated for each HTML object in that page. The signature is encrypted and sent to a client along with the contents of the page. When a client later sends a request, the system checks the signature associated with that request with the contents of the request itself. If the values, variables, lengths, and cardinality of the request are validated, then the request is forwarded to the web server. If, on the other hand, the request is invalidated, the request is blocked from reaching the web server, thereby protecting the web server from malicious attacks. The systems and methods offer security without being limited to a session or user.10-11-2012
20130139223SECURE NETWORK SYSTEM REQUEST SUPPORT VIA A PING REQUEST - Methods and systems for secure network system request (sysrq) via Internet Control Message Protocol (ICMP) are described. A remote computing system sends a query over a network to a target computing system and determines whether the target computing system is non-responsive to the query. When the target computing system is non-responsive to the query, the remote computing system sends an ICMP request to the target computing system over the network. The ping request includes a command to be performed by the target computing system and a key to verify authorization to perform the command.05-30-2013
20100319055RADIO COMMUNICATION APPARATUS AND RADIO COMMUNICATION METHOD - A radio communication apparatus executes communication by establishing a communication link according to a security level with other device. The radio communication apparatus sets a security level according to a type of service, and discriminates whether the security level is necessary for the communication with the other device. If the security level is necessary, the communication link according to the security level is established. If the security level is not necessary, security level is lowered and the communication link according to the lowered security level is established.12-16-2010
20100319054PORTABLE EMBEDDED LOCAL SERVER FOR WRITE-THROUGH CACHE - A method of facilitating, via an embedded local server, dynamic responses to requests originating from an application and directed to a server is disclosed. An intermediary intercepts requests responds to the requests with locally stored data. The intermediary may also forward requests to an embedded local server for processing based on local data.12-16-2010
20120284778CONTROLLING ACCESS TO A PROTECTED NETWORK - A system for controlling access to a protected network includes a network access control module coupled to the network and configured to restrict access to the network to an authorized user through a computer coupled to the network. The system also includes a communication device associated with the computer, which automatically transmits a unique identifier corresponding to the communication device to the network access control module when a user uses the communication device to request access to the network via the computer. When the network access control module receives the unique identifier it is configured to authenticate the communication device, to authenticate the user via the communication device when the communication device is authenticated, and when the user is authenticated, to submit log-on information to a log-on interface of the computer associated with the communication device so that the user can access the network via the computer.11-08-2012
20120284777METHOD FOR MANAGING DATA IN M2M SYSTEMS - A method enabling managing sensor devices data by aggregating them in virtual entities: Connected Objects (COs). Third Parties access those exposed data if and only if the Owner of those data grants the corresponding access rights. Since communication is bidirectional, Third Parties can also be granted to manage the device set belonging to those COs for which data access was granted. The method allows managing multiple remote devices, enabling systematic naming and addressing schemes to reach those devices. Eventually, the method enables charging procedures through an Object Charging Data Function entity, which finds out the right Object to be charged for and sends the bill to both Owner and Third parties for the provided services. Charging Objects (CHOs) are those COs exposed for the specific application of charging. A hierarchy is proposed (Organisational, Fundamental, Derived and Temporary CHO) enabling inheritance rules (Reverse and Direct) for access rights and/or charging policy.11-08-2012
20120284776Techniques for Providing Access to Data in Dynamic Shared Accounts - Techniques for providing access to data in dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic shared accounts. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a first user associated with an account, identify a second user to have access to the account associated with the first user in the event the first user is unavailable to access data or perform functions associated with the account, map the second user to the account, and provide the second user access to the account based on the mapping and with access privileges associated with the first user.11-08-2012
20130160085HOSTING EDGE APPLICATIONS AT THE EDGE OF A MOBILE DATA NETWORK - Mobile network services are performed in a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A breakout component in the radio access network breaks out data coming from a basestation, and hosts edge applications, including third party edge applications, that perform one or more mobile network services at the edge of the mobile data network based on the broken out data.06-20-2013
20130160087BEHAVIORAL FINGERPRINTING WITH ADAPTIVE DEVELOPMENT - Disclosed herein are example embodiments for behavioral fingerprinting with adaptive development. For certain example embodiments, one or more devices may: (i) determine at least one indication of utilization for at least one authorized user via at least one user-device interaction; and (ii) incorporate at least one indication of utilization into at least one behavioral fingerprint that is associated with at least one authorized user, with the at least one behavioral fingerprint including one or more indicators of utilization of one or more user devices by the at least one authorized user. However, claimed subject matter is not limited to any particular described embodiments, implementations, examples, or so forth.06-20-2013
20130160086SECURE CLIENT AUTHENTICATION AND SERVICE AUTHORIZATION IN A SHARED COMMUNICATION NETWORK - Functionality for secure client authentication and service authorization in a shared communication network are disclosed. A managing network device of a communication network causes a securely connected client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more service providers of the communication network. The managing network device executes the service matching process and securely matches the client network device with one of the service providers. The accounting network device executes the account authorizing process with the client network device and provides a service voucher to the managing network device authorizing one or more of the service providers to service the client network device. The managing network device transmits the service voucher to the matched service provider to prompt the matched service provider to service the client network device.06-20-2013
20130160088Authentication Via Motion of Wireless Device Movement - Motion of a wireless device is pre-registered as authentication credentials, then later matched, to provide motion-based authentication for access to software, service, etc. The wireless device may contain any number of gyroscopic, distance, positional or compass sensors—any or all of which are measured during a physical gesture or motion or the wireless device while the user is holding the wireless device. Recorded measurements of the specific motion then identifies the authorized user. If measurements of an attempted motion suitably matches the pre-registered and valid authentication credentials for the service or device, then the motioned wireless device is authenticated for use by the user. Such motion is difficult, if not impossible, for a user to pass on to another individual—even if they wanted to, making it the ultimate security technique.06-20-2013
20130160094OTA Bootstrap Method and System - An over-the-air (OTA) bootstrap method and system are described, including: when a connection between a user-registered terminal device and a device management (DM) server is finished, the terminal device sends a bootstrap confirmation message to a service center corresponding to port information of a valid service center pre-stored in the terminal device; the service center analyzes the bootstrap confirmation message to determine a device ID of the terminal device, connects with a DM server authorized by the service center, and searches for an OTA bootstrap record corresponding to the device ID in a database of the authorized DM server; if the service center fails to find the corresponding OTA bootstrap record in the database of the authorized DM server, the service center notifies the user that the terminal device has performed an OTA bootstrap with an unauthorized DM server. The present invention can improve the security of the OTA bootstrap.06-20-2013
20130185772DYNAMICALLY UPDATING A SESSION BASED ON LOCATION DATA FROM AN AUTHENTICATION DEVICE - Systems, devices, methods, and software are described for dynamically updating a session based on location data from an access device, such as an access card reader. In one example, a method of managing at least one centrally hosted virtual session may include: associating a user with a virtual session, a first terminal device, and a first location at a central server computer system; receiving a notification at the central server computer system that an access token associated with the user has been received at an access device associated with a second terminal device and a second location; associating the virtual session with the second location in response to the notification; and updating the virtual session at the first terminal device according to at least one location-based rule associated with the second location.07-18-2013
20130185776METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR MANAGING MEDIA CONTENT BY CAPTURING MEDIA CONTENT AT A CLIENT DEVICE AND STORING THE MEDIA CONTENT AT A NETWORK ACCESSIBLE MEDIA REPOSITORY - Media content is managed by defining a list of authorized recipients in a network accessible security information repository, recording media content at a client device, obtaining the list of authorized recipients at the client device, associating at least one of the authorized recipients with the media content, and transmitting the media content along with information identifying the at least one of the authorized recipients associated therewith from the client device to a network accessible media repository for storage therein. The media content includes audio, video, and/or image content.07-18-2013
20130185771NETWORK SYSTEM - A network system includes network relay devices including a master device for administrating the network system, and a member device to be administrated by the master device. When the master device receives an authentication request from an external terminal connected to the network system, the master device performs an authentication processing for authorizing or denying the authentication request. When the authentication request is authorized, one network relay device connected to the external terminal in the network system performs a communication-authorizing processing for authorizing a communication between the external terminal and the one network relay device, and performs a transmission processing for transmitting a communication authorization data to an other network relay device which is not connected to the external terminal in the network system. When the other network relay device receives the communication authorization data, the other network relay device performs the communication-authorizing processing.07-18-2013
20130185770METHODS AND SYSTEMS FOR PROVIDING ACCESS TO AN ONLINE SYSTEM - Methods and systems are provided for enabling access to a secure system from a remote system without directly logging into the secure system for debugging purposes. The secure system and the remote system may login to a host system with a session ID and establish a session. The secure system starts a Hyper Text Transport Protocol (HTTP) enabled debugger to enable debugging of the web browser traffic. The HTTP enabled debugger may be displayed on the remote system via the host system. The remote system may enter debug commands from a web browser on the remote system. The debug commands are then applied on the web browser of the secure system.07-18-2013
20130185769NEAR FIELD COMMUNICATION ELECTRONIC DEVICE, LOGIN SYSTEM USING THE SAME AND METHOD THEREOF - A near field communication (NFC) electronic device, a login system using the same and a method thereof are disclosed. The NFC electronic device includes a reading module, an embedded controller and a matching module. The reading module receives identification information transmitted from a readable component when the readable component approaches. The embedded controller is connected to the reading module and stores the identification information. The matching module is connected to the embedded controller and performs a matching authentication according to the identification information. If the matching authentication is successful, the matching module searches whether required account confidential information exists in a database according to the identification information. If yes, the matching module selects and transmits the required account confidential information to the embedded controller. The embedded controller outputs a hardware signal corresponding to the account confidential information to an application program of a user login screen.07-18-2013
20130185767CLUSTERED AAA REDUNDANCY SUPPORT WITHIN A RADIUS SERVER - In general, techniques are described for supporting interchassis redundancy (ICR) by a plurality of network access servers (NASes) that are members of an ICR. For example, techniques may be used to associate, within a RADIUS server, multiple NAS identifiers for the NASes with a single NAS identifier alias. The RADIUS server is configured to handle RADIUS protocol messages from any member of the ICR cluster as though the RADIUS protocol messages issued from a single NAS having the NAS identifier alias.07-18-2013
20130185775MULTI FACTOR AUTHENTICATION - In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.07-18-2013
20130185768Monetization of a Media Channel Network - The disclosed embodiments relate to a media or communication network or platform that facilitates communication via one or more media or communication channels. Moreover, the disclosed embodiments allow one or more third-party content sources to determine how their content is transmitted or conveyed, when their content is transmitted or conveyed, and/or which channels should be used to transmit or convey their content. One or more third-party content sources may, for instance, target one or more specific channels based on, for example, the one or more channel operators, the audience of the one or more channels, or the like. This allows one or more third-party content sources to leverage their content against channel operators or content from other third-party content sources. One or more third-party content sources may, for example, bid against other third-party content sources for the ability to transmit or convey their content via the one or more channels.07-18-2013
20110289561System and Method for Information Handling System Multi-Level Authentication for Backup Services - Access to backup information, such as at network attached storage compliant with NDMP, is managed by interfacing a backup authentication mechanism with a primary authentication system and responding to requests for backup information according to permissions defined by the primary authentication system. A data management application requests access to backup information with an NDMP MD5 hash and includes a domain name and password for an LDAP or AD authentication through a pluggable authentication module. Access to backup information is provided based upon the permissions associated with the domain of the primary authentication mechanism.11-24-2011
20110296502Methods and Systems for Network-Based Management of Application Security - To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a process's token. The rule includes an application-criterion set and changes to be made to the groups and/or privileges of a token. The rule is set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers. When a GPO containing a rule is applied to a computer, a driver installed on the computer accesses the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.12-01-2011
20110314523Out-of-band Tokens for Rights Access - Access to content may be administered by storing content, the content comprising one or more selections, accessing a passive optical out-of-band token associated with the content, determining an access right for the content based on the passive optical out-of-band token, and enabling access to the content in accordance with the access right.12-22-2011
20110314522Method and apparatus for relay node management and authorization - Methods and apparatuses are provided for deploying relay nodes in a communication network. A relay node can initially be wirelessly authenticated to a network entity using initial security credentials. In response to a successful authentication, the relay node is authorized to wirelessly communicate with the communication network for a limited purpose of configuring the relay node for relay device operations. The relay node can receive new security credentials from the communication network, and is subsequently re-authenticated to the network entity using the new security credentials. In response to a successful re-authentication, the relay node is authorized by the network to operate as a relay device for conveying traffic between one or more access terminals and the communication network.12-22-2011
20110314521COMPUTER READABLE MEDIUM STORING PROGRAM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - A computer readable medium storing a program causing a computer to execute a process is provided. The process includes obtaining note content information representing note content included in a note if the note has been input to registered information; obtaining user specification information for specifying a user who has input the note; causing the note content information and the user specification information to be stored in a memory in association with the registered information; and outputting at least one of the registered information, and the note content information and the user specification information stored in the memory to a user as a request source, and not outputting at least the user specification information if the user as the request source is different from the user who has input the note, in response to a request for outputting information from the user as the request source.12-22-2011
20110314520ONLINE SERVICE ACCESS CONTROLS USING SCALE OUT DIRECTORY FEATURES - Embodiments provide application and/or resource access control features of an online computing environment, but are not so limited. In an embodiment, a computer-implemented method provides access control features for an online application environment based in part on the use of a number of directory service instances isolated from direct customer access and deployed in a defined datacenter architecture. In one embodiment, a computing environment uses web-based access control features and a number of directory service instances having organizational units and corresponding mappings to maintain a support infrastructure as part of providing features of online application services to customers. Other embodiments are included and available.12-22-2011
20110314519APPARATUS, SYSTEMS AND METHODS FOR MEDIA CONTENT DELIVERY - A media content delivery system and method is operable to communicate an authorized single media content stream generated by a local programming provider (LPP) in a domestic market area (DMA) to a client facility, wherein the authorized single media content stream is multiplexed into a multi-media content stream with a plurality of other single media content streams generated by a plurality of other LPPS in the DMA. An exemplary embodiment identifies an authorized single media content stream of interest to a client; accesses the multi-media content stream communicated from a communication network at the client facility, unbundles the authorized single media content stream from the received multi-media content stream, and communicates the authorized single media content stream to a program content generation system operated by the client.12-22-2011
20130191882ACCESS CONTROL OF REMOTE COMMUNICATION INTERFACES BASED ON SYSTEM-SPECIFIC KEYS - A computer implemented method, computer program product, and computer system is provided for receiving a service request to obtain service from a second application, the service request including a client context and a signed ticket obtained by the first application from a system computer, validating the received signed ticket based on the key associated with the system, determining that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of one or more attributes of the received client context to an access control list associated with the second application, and sending a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application.07-25-2013
20130191883DEVICE NETWORK SHARING METHOD AND DEVICE CONTROLLING METHOD THEREOF - A device network sharing method and a device controlling method for sharing and controlling a device with a hardware identifier in a network structure system by connecting the device to the network structure system, letting the device log in a server by the hardware identifier of the device, and completing a verification of the device and announcing connection information of the device in the network structure system. Therefore, a client can complete networking settings of the device without complex networking setting steps. A user can use a controller to log in the server by the hardware identifier of the device, and then acquire connection information of the device, for setting or sharing the device. Thus, a client can search a device desired to be controlled in the network structure system without inputting the URL network address which cannot represent device properties.07-25-2013
20130191884IDENTITY MANAGEMENT WITH LOCAL FUNCTIONALITY - A user equipment (UE) may perform functions locally, such as on a trusted module that resides within the UE. For example, a UE may perform functions associated with a single sign-on protocol, such as OpenID Connect for example, via a local identity provider function. For example, a UE may generate identity tokens and access tokens that can be used by a service provider to retrieve user information, such as identity information and/or user attributes. User attributes may be retrieved via a user information endpoint that may reside locally on the UE or on a network entity. A service provider may grant a user access to a service based on the information that it retrieves using the tokens.07-25-2013
20110321129DISAMBIGUATING ONLINE IDENTITIES - Described herein are technologies pertaining to disambiguating identities/accounts over a plurality of online services. Public data streams pertaining to accounts of different online services are analyzed, and a determination is made that the accounts are owned by a same user. A searchable profile is generated for the user that comprises data that indicates that the user represented by the profile owns the accounts. The profile is claimable by the user such that the user is enabled to customize contents of the profile.12-29-2011
20120291105AUTHORIZATION OF SERVER OPERATIONS - An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.11-15-2012
20120291103PERMISSION-BASED ADMINISTRATIVE CONTROLS - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing permission-based administrative controls. In one aspect, a method includes receiving an administrator-defined pairing that identifies a permission and one or more applications, and receiving a request from a requesting application to perform one or more operations that are associated with the permission. The method also includes determining whether the requesting application is identified in the pairing, and selectively allowing the requesting application to perform the operations based on determining whether the requesting application is identified in the pairing.11-15-2012
20120011571Method And Apparatus For Cross DRM Domain Registration - A content moving device may provide content to plurality of different user devices using a plurality of different DRM systems. The content moving device provides for registration of the DRM systems associated with the user devices. The content moving device may verify a user device by a DRM ID associated with the user device. A domain size may be used to limit the number of content user devices that may be approved for access.01-12-2012
20120011567APPARATUS AND METHODS FOR CONTENT DELIVERY AND MESSAGE EXCHANGE ACROSS MULTIPLE CONTENT DELIVERY NETWORKS - Methods and apparatus for providing protected content to subscribers of a managed (e.g., MSO) network via a content source accessible via an internetwork such as the Internet. In one embodiment, a user accesses a programmer website, and requests content. The programmer determines whether the requesting user is permitted to access the content, and what rights or restrictions are associated with the user. This includes authenticating the user as a subscriber of the MSO, and determining the subscriber's subscription level. In another embodiment, a user's account with the MSO and programmer may be federated, thus a given user will have MSO-specific information regarding its identity (such as login information, GUID, etc.) and/or information regarding subscription level and service details, stored at the programmer. Messages received from the MSO representing permission for the user to access content may also be stored at the programmer site for later reference.01-12-2012
20120030734FEMTOCELL ACCESS PROVISIONING BASED ON SOCIAL NETWORK, PRESENCE, AND USER PREFERENCES - A system and methodology that facilitates user friendly, automatic and/or dynamic femtocell access provisioning based on social network, presence, and/or user preference information is provided. In particular, the system can includes femto access manager that can identify a list of ‘close friends’, to which the femtocell owner is likely to grant femtocell access, based on an analysis of access data (e.g., data from social networks, communication logs, calendars, address books, websites and/or blogs, transaction related data, and the like). Further, an access priority associated with each of the close friends can be determined based in part on location data, availability data, and/or predefined policies. Furthermore, the femto access control list, within the femto access point (FAP), can be populated, dynamically and/or automatically, with the highest priority friends from the close friends list.02-02-2012
20120030733ACCESSING RESOURCES OF A SECURE COMPUTING NETWORK - According to one embodiment of the present invention, a method for accessing resources of a secure computing network may be provided. The method may include receiving a request to allow a user to access a secure computing network. The user may be associated with an avatar that has a unique set of one or more identifiers that are associated with the user. A security clearance level of the avatar may be determined from the unique set of identifiers of the avatar. The avatar may be authorized to access one or more virtual compartments of the secure computing network according to the security clearance level of the avatar. The virtual compartment may comprise one or more resources of the secure computing network. The method may further include facilitating display of one or more resources of a virtual compartment accessed by the avatar.02-02-2012
20130198815Systems and Methods for Universal Enhanced Log-In, Identity Document Verification and Dedicated Survey Participation - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data, A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server.08-01-2013
20130198813CONFIGURATION METHOD, CONFIGURATION DEVICE, COMPUTER PROGRAM PRODUCT AND CONTROL SYSTEM - According to an aspect of the invention a configuration method for configuring a host device in a control system is conceived, in particular a building control system, wherein an authorized configuration device exchanges confidential configuration data with a radio frequency identification tag coupled to the host device, wherein, after the confidential configuration data have been exchanged and a corresponding configuration operation has been performed, access to the confidential configuration data by an unauthorized configuration device is precluded. According to further aspects of the invention a corresponding configuration device, a corresponding computer program product and a corresponding control system are conceived.08-01-2013
20130198816