Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Subclass of:

726 - Information security


Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
726017000 Authorization 658
20120246714Dynamic Password Strength Dependent On System State - An approach is provided by detecting password entries by a user of a system with each of the password entries corresponding to a password entered when invoking a password enabled application on the system. A password strength is calculated corresponding to each of the detected password entries. A strongest password is identified based on the password strength calculations. A device lock request is received from the user of the system, with the device lock request being received at a user interface, such as a GUI control. The system is set into a locked state. The locked state prevents data stored on the information handling system from being accessed while the information handling system is in the locked state. The system is subsequently unlocked by entry of the identified strongest password by the user.09-27-2012
20120246713METHOD AND APPARATUS FOR CONTROLLING ACCESS OF A SECURE DIGITAL MEMORY CARD - A method for controlling access of a secure digital memory card includes inserting the secure digital memory card into a card reader; an electronic device performing an application program to detect whether a first password is stored in the secure digital card when a write protection function of the secure digital memory card is enabled; inputting a second password when the first password is not stored in the secure digital memory card; and sending a first command embedded with the second password to disable a read access function of the secure digital memory card.09-27-2012
20130086671INFORMATION TERMINAL DEVICE AND METHOD OF PERSONAL AUTHENTICATION USING THE SAME - An information terminal device is provided that may use the input functionality of a touch panel to remove the restriction on the use thereof, for example, release the key lock. The information terminal device (04-04-2013
20130081133SYSTEM AND METHOD FOR UNLOCKING AN ELECTRONIC DEVICE - A system and a method facilitating the unlocking of a locked touch screen device. In a preferred embodiment, the device is an e-reader device. The system and method provides a device unlock screen that simulates turning a page in a book rather than sliding a dead bolt lock or moving some other object from one place to another on the locked screen.03-28-2013
20120216276SECURE PORTABLE OBJECT - The invention relates to a secure portable object of the smart card type comprising (a) an object body and (b) a micro-module comprising a processor and at least one memory in which a first application executed by a first execution engine in a first execution space is stored. The invention is characterised in that a second application is further stored in the said at least one memory, where the said second application is executed by a second execution engine distinct from the first execution engine, in a second execution space distinct from the first execution space. The invention particularly applies to smart cards.08-23-2012
20120185932Sensing and Secure Processing - A first and second apparatuses, first and second computer programs and first and second methods are provided. The first apparatus comprises: an interface; and a secure processor configured to control the interface to provide a request, to the second apparatus, requesting information from one or more sensors of the second apparatus. The request may be a data structure comprising an element having one of a multiplicity of predetermined configurations, each configuration identifying at least one of a plurality of sensors. The second apparatus comprises: a further interface; one or more sensors; and a processor configured to receive via the further interface the request, from the secure processor of first apparatus, requesting information from at least one sensor identified in the request. The processor is configured to process the request, to determine whether the second apparatus comprises the at least one sensor identified in the request.07-19-2012
20120185931APPARATUS, METHOD, AND COMPUTER PROGRAM PRODUCT FOR ACCESS CONTROL TO A MOBILE TERMINAL - An apparatus, computer program product, and method are disclosed for access control to a mobile terminal. A use end event is generated indicating an end of use of a mobile terminal. Acceleration of the mobile terminal is binarized by the mobile terminal after the use end event is generated to one of a first value indicating a stationary state and a second value indicating a moving state. A use start event is generated indicating a start of use of the mobile terminal. A movement preparation period is measured from a time at which the use end event is generated to a time at which a transition from the first value to the second value occurs. Use authentication is requested in response to the use start event and in response to the movement preparation period exceeding a first threshold.07-19-2012
20120167199COMPUTING DEVICE WITH GRAPHICAL AUTHENTICATION INTERFACE - A computing device with a graphical authentication interface in which the device displays a base image and authenticates a user when a pre-selected element in a secondary image overlying the base image is aligned with a pre-selected element in the base image.06-28-2012
20120167198Resource Protection from Unauthorized Access Using State Transition Histories - A resource protection program, apparatus, and method for protecting resources to be processed on a computer. The resource protection program causes a computer to implement: a preparatory function as a function for preparing multiple defined state transition histories and multiple defined actions, both of which are associated with each other, wherein each of the defined state transition histories defines a state transition history of the computer upon execution of predetermined access to a predetermined resource, and each of the defined actions defined to be executable when a transition is made from a defined state to the next defined state; and an action execution function for selecting, upon execution of the real access to the real resource, a defined action associated with a marched defined state transition history from among one or more defined actions to execute die defined action selected.06-28-2012
20120167197ENABLING GRANULAR DISCRETIONARY ACCESS CONTROL FOR DATA STORED IN A CLOUD COMPUTING ENVIRONMENT - Enabling discretionary data access control in a cloud computing environment can begin with the obtainment of a data request and response message by an access manager service. The response message can be generated by a data storage service in response to the data request. The access manager service can identify owner-specified access rules and/or access exceptions applicable to the data request. An access response can be determined using the applicable owner-specified access rules and/or access exceptions. Both the response message and the access response can indicate the allowance or denial of access to the requested data artifact. The access response can be compared to the response message. If the access response does not match the response message, the response message can be overridden to express the access response. If the access response matches the response message, the response message can be conveyed to the originating entity of the data request.06-28-2012
20130047250Methods of On-Chip Memory Partitioning and Secure Access Violation Checking in a System-on-Chip - Systems and methods for partitioning memory into multiple secure and open regions are provided. The systems enable the security level of a given region to be determined without an increase in the time needed to determine the security level. Also, systems and methods for identifying secure access violations are disclosed. A secure trap module is provided for master devices in a system-on-chip. The secure trap module generates an interrupt when an access request for a transaction generates a security error.02-21-2013
20090044267Method and Apparatus for Preventing Loading and Execution of Rogue Operating Systems in a Logical Partitioned Data Processing System - A method, apparatus, and computer instructions for managing operating systems. A request from an operating system is received in the multi-partitioned data processing system to register for access to hardware in the multi-partitioned data processing system. The request includes a key code for the operating system. A determination is made as to whether the operating system is an authorized operating system using the key code in response to receiving the request. The operating system is registered if the operating system is the authorized operating system. Otherwise, the operating system is terminated.02-12-2009
20120192265PORTABLE COMPUTING SYSTEM AND PORTABLE COMPUTER FOR USE WITH SAME - A computing system comprising a pocket personal computer and a reader are disclosed. The pocket PC is pocket-sized and comprises flash memory, and optionally a processor and a GPS chip. The reader includes a monitor, a keyboard with docking port and an optional processor and at least one input/output USB connector. A user cannot interact with the pocket PC without the reader. The credit card size and capabilities of the pocket PC allows a user to easily carry virtually their entire computer in a pocket for use anywhere there is a reader. In addition, the pocket PC provides security against unauthorized use, even if lost or stolen. A password or fingerprints are required to access to the device, the circuit board may be coated with a protective coating and the system may include an RFID tag and RFID reader.07-26-2012
20120192266Mask Based Challenge Response Test - A method for providing a challenge response test associated with a computer resource performed by a physical computing system includes, with the physical computing system, generating a challenge response test image comprising a plurality of well-formed construct elements forming a well-formed construct and a plurality of random construct elements, and providing a number of masks to be placed over the image, one of the number of masks configured to reveal the well-formed construct elements when placed over the image.07-26-2012
20120192264PRINTER CAPABLE OF AUTHENTICATING USER, PRINT MANAGEMENT SYSTEM INCLUDING THE PRINTER AND COMPUTER READABLE DEVICE STORING USER AUTHENTICATION PROGRAM - In a printing apparatus, a controller authenticates a user with using first authentication information, and printing is allowed according to successful authentication using the first authentication information and printing is prohibited according to failed authentication using the first authentication information. The controller determines whether an authentication request condition is satisfied, and according to determination that the authentication information request condition is satisfied, the controller requests a user to input second authentication information and authenticates the user with using the second authentication information. Printing is allowed according to successful authentication using the second authentication information, and printing is prohibited according to failed authentication using the second authentication.07-26-2012
20090094694COMMUNICATION APPARATUS - A communication apparatus is disclosed. The communication apparatus includes a destination information storing unit which stores a destination name and destination information corresponding to the destination name, an operating screen displaying unit which displays information of operations of the communication apparatus, and a destination information non-display determining unit which determines whether the destination information is not to be displayed on the operating screen. When a destination name stored in the destination information storing unit is displayed and the destination name is selected as a destination, the operating screen displaying unit displays the destination information together with the destination name on the operating screen. When the destination information non-display determining unit determines that the destination information is not to be displayed on the operating screen, the destination information non-display determining unit does not display the destination information on the operating screen.04-09-2009
20090276844Method and Apparatus for Secure Hardware Analysis - A Hardware Analysis Module (“HAM”) embedded in an integrated circuit (IC) implements a dedicated hardware-controlled access control procedure. The secure hardware analysis features are unlocked by a key unit subject to successful completion of an access control procedure. The access control procedure prevents unlocking of the secure hardware analysis features by an unauthorized or compromised key unit by including an embedded control command in an authentication challenge sent by the HAM to the key unit during the access control procedure.11-05-2009
20090271860AUTHENTICATOR APPARATUS - An authenticator apparatus which makes it difficult for an unauthorized user to masquerade and enhances safety includes an authenticating information holding unit (10-29-2009
20110023111CONNECTION DEVICE AUTHENTICATION - A method and apparatus are provided for a secure interconnect between data modules, including a security apparatus within a secured data connection device installed with a security chip. The connection device may be authenticated prior to enabling a stacking feature. Authentication of a connection device may be used to ensure the quality and performance of the connection device and the data modules.01-27-2011
20090265779TIME-SWITCH DEVICE AND METHOD FOR THE SAME - A time-switch device and method for the same is provided. The time-switch device mainly comprises a microprocessor unit, and an input element and a key secret element that are connected to the microprocessor unit. The microprocessor unit is connected to a data storage unit storing the time switch method and to a power control unit to control the connected host turning ON or OFF in a predetermined time of the schedule set in the time switch method stored in the time-switch device. Thus, the time-switch device and method for the same may not only force a user to use the host in a limited service time, but also prevent data in the host from being leaked.10-22-2009
20130167221Motion-based authentication for a gesture-based computing device - A motion-based authentication method is operative in a mobile computing device having a display interface and that includes an accelerometer. Normally, the device software includes a locking mechanism that automatically locks the display interface after a configurable timeout. The authentication method operates to un-lock the display interface (and thus allow the user access to the device) by movement of the device in a predetermined series of physical movements and without display-based entry of a password or other access code on the display itself. In this manner, the user can un-lock the device without display-based entry of a password (on the display itself) by simply holding the device and performing the necessary movement(s) to generate the unique code.06-27-2013
20120240218METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR RESUMING A SUSPENDED SESSION - Methods, apparatuses, and computer program products are provided for resuming a suspended session. A method may include determining a presence of a user within a predefined proximity of a workstation. The method may further include, responsive to determining the presence of the user, causing pre-retrieval of stored session state information for a suspended session associated with the user before the user enters credential information for logging onto the workstation. Corresponding apparatuses and computer program products are also provided.09-20-2012
20130167220Secure Operation of Transitory Computer Applications - A security application is described for determining conditions within a computer application that would create the desire to allow or disallow access to certain system functions or features by the application. The security application analyzes the conditions and sets a lock that enables the application to perform only certain types of actions that would be considered secure by the security application.06-27-2013
20090031416Authenticating a Computer Device at the User Level - The invention concerns authentication of a user device (01-29-2009
20110283352Method and Apparatus for Migrating a Virtual TPM Instance and Preserving Uniqueness and Completeness of the Instance - A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.11-17-2011
20130219487CONTROL SYSTEM AND SECURITY CONTROL METHOD - A moving state detecting section 08-22-2013
20090288159Method and Apparatus for Secure Authorization - A method for authorizing access to a first computing device is provided. The method comprises the first computing device forming a challenge, encoding the challenge into a symbol, and displaying the symbol. The first computing device receives a request for access from a user. Access to the first computing device is allowed in response to provision of an access code to the first computing device by the user. The access code is formed by a server in response to capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server. The server forms a decision to allow access by the user to the first computing device.11-19-2009
20100037312SECURE COMPUTING ENVIRONMENT TO ADDRESS THEFT AND UNAUTHORIZED ACCESS - Techniques for securing a client. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules that execute in the BIOS of the client. The policy data describes one or more policies which the client should follow. When an operating system agent detects that a condition, specified by a particular policy of the one or more policies, has been met, the operating system agent performs one or more actions specified by the particular policy, such as disabling the client, retrieving a file from the client, erasing a file from the client, or encrypting a file on the client. The operating system agent is one or more software modules that execute in the operating system of the client.02-11-2010
20120110661TWO-WAY AUTHENTICATION - A method for activating a physiologic sensor (05-03-2012
20120110660TIME-DOMAIN REFLECTOMETRY USED TO PROVIDE BIOMETRIC AUTHENTICATION - An electronic device includes one or more Time-Domain Reflectometor (TDR) channels and a security block embedded at a silicon or software level to measure human electrical impedance and characteristics for biometric identification and provide biometric authentication.05-03-2012
20130185787Safely Executing an Untrusted Native Code Module on a Computing Device - A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.07-18-2013
20100125905Method and Apparatus for Associating User Identity - In accordance with an example embodiment of the present invention, an apparatus, comprising a processor configured to associate a first virtual screen with a first user identity receive input for transitioning from the first virtual screen to a second virtual screen, and associate the second virtual screen with a second user identity based at least in part on the input is disclosed.05-20-2010
20120036573Drag-and-Tag Authentication - A drag-and-tag authentication apparatus includes an electronic device, a setting mechanism and an authentication mechanism. The electronic device includes a processor, a display electrically connected to the processor, an operation unit electrically connected to the processor, and a power supply electrically connected to the processor. The setting mechanism is electrically connected to the processor and includes first and second selection units operable for selecting literal and graphic items. The authentication mechanism is electrically connected to the processor and includes literal items and graphic items. Some of the literal items can be located and define a polygonal region. Some of the graphic items can be located and covered by the polygonal region for authentication.02-09-2012
20100083365Apparatus and method to harden computer system - In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification. Other embodiments are disclosed and claimed.04-01-2010
20100125904COMBINING A MOBILE DEVICE AND COMPUTER TO CREATE A SECURE PERSONALIZED ENVIRONMENT - A mobile device, such as a mobile phone, smart phone, personal music player, handheld game device, and the like, when operatively combined with a PC, creates a secure and personalized computing platform through configuration of the mobile device's CPU (central processing unit) and OS (operating system) to function as an immutable trusted core. The trusted core in the mobile device verifies the integrity of the PC including, for example, that its drivers, applications, and other software are trusted and unmodified, and thus safe to use without presenting a threat to the integrity of the combined computing platform. The mobile device can further optionally store and transport the user's personalization data—including, for example, the user's desktop, applications, data, certificates, settings, and preferences—which can be accessed by the PC when the devices are combined to thus create a personalized computing environment.05-20-2010
20090064312SYSTEM, METHOD AND PROGRAM FOR PROTECTING INFORMATION ON COMPUTER SCREEN - Whenever a drawing command is executed, a computer system having a graphic user interface such as a multi-window system determines, from the logical operation pattern of the drawing command, what kind of information is inherited by a drawing result from the drawing command, preferably without performing a complicated step such as an image process. At the same time, the computer system controls information flow of an image outputted to a screen by managing labeled area maps which correspond one to one to images on the screen and in a memory.03-05-2009
20090276845PROGRAMMABLE DISPLAY DEVICE, AND CONTROL SYSTEM - A programmable display device includes a communication driver, a file system process unit that accesses the portable storage medium storing backup/restore target information that includes a target control device and target setting information respectively specifying the control device on which the backup/restore process is performed out of the control devices connected to the programmable display device and setting information, and a setting-information obtaining/writing process unit that accesses the control device via the communication driver based on the backup/restore target information and performs the backup/restore process of the setting information by accessing the portable storage medium via the file system process unit.11-05-2009
20080216169SETTING APPARATUS, SETTING METHOD, PROGRAM, AND RECORDING MEDIUM - A setting apparatus sets any of authorization for and prohibition of access to data with a hierarchical structure. The setting apparatus includes: an object selection unit for selecting at least one object from a plurality of objects constituting the hierarchical structure; a pattern selection unit for selecting at least one pattern from a plurality of patterns, each of which determines a relative position in the hierarchical structure to the object selected by the object selection unit; and an access control policy setting unit for setting any of authorization for and prohibition of access to the object selected by the object selection unit and each of objects at the relative position to the selected object, which relative position is determined by the pattern selected by the pattern selection unit.09-04-2008
20080244729INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND COMPUTER READABLE MEDIUM - An information processing apparatus includes a communication section, a control section, an operating section, a storage section. The control section sends identification information of a first user to an external apparatus connected through the communication section. The operating section allows the first user to request at least one function. The storage section stores approver authentication information of an approver previously registered. When the communication section fails to receive, from the external apparatus, information indicating what function the first user is permitted to request as a response to the identification information of the first user, the control section authenticates a second user based on the stored approver authentication information. The control section executes the function requested by the first user when an authentication result shows that the second user is the approver.10-02-2008
20090083847EMBEDDED AUTHENTICATION SYSTEMS IN AN ELECTRONIC DEVICE - This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).03-26-2009
20090178133ELECTRONIC SYSTEM WITH ACCESS CONTROL - An electronic system includes an input device and an electronic device, and a switching device connected between them. The switching device allows and disallows access of the input device to the electronic device in response to a security signal. The input device is connected to the electronic device when the switching device is activated. The input device is disconnected from the electronic device when the switching device is deactivated.07-09-2009
20120079586METHOD AND APPARATUS FOR DIFFERENTIATED ACCESS CONTROL - A method for differentiated access control on a computing device, and the computing device, the method including starting a timer on the computing device; resetting the timer if activity occurs on the computing device prior to the expiration of the timer; and preventing a subset of applications from being launched or enabled on expiry of the timer.03-29-2012
20080263655INFORMATION-PROCESSING APPARATUS, METHOD FOR CONTROLLING INFORMATION-PROCESSING APPARATUS, AND STORAGE MEDIUM - The present invention can control a logout procedure of each user according to an operation state and provides an information-processing apparatus with enhanced security and excellent usability. A method for controlling an information-processing apparatus capable of maintaining a state in which a plurality of users has been logged in to the information-processing apparatus comprises causing a display unit to switch an operation screen for a user who currently logs in to the information-processing apparatus between an active state and an inactive state where the user can or cannot operate the screen respectively; automatically logging out the user of the information-processing apparatus when a predetermined time has elapsed; and controlling so as not to automatically log out a user whose operation screen is in the inactive state of the information-processing apparatus when the predetermined time has elapsed.10-23-2008
20090249474SYSTEM AND METHOD FOR ADJUSTING THE SECURITY LEVEL OF A REMOVABLE MEDIUM - A method of adjusting a security level of a removable medium, including receiving a unique identification (ID) of a removable medium, a name of a file being processed, and a requested operation, determining the security level of the removable medium, determining a security level of the file being processed, and one of increasing and decreasing the security level of the removable medium based on the determined security level of the file being processed. Further, security levels of removable media are mapped to security zones which are subsequently used to allow or prevent transportation of a removable medium inside or outside of certain boundaries.10-01-2009
20090249475AUTHENTICATION SYSTEM, ELECTRONIC APPARATUS, ELECTRONIC APPARATUS AUTHENTICATION METHOD, AND COMPUTER-READABLE RECORDING MEDIUM HAVING AUTHENTICATION PROGRAM RECORDED THEREON - An authentication system includes a communication unit that originates a call on the basis of an entered telephone number, a vibration reception unit that receives vibrations generated by a portable device in response to an incoming call, vibration pattern registration unit registering a vibration pattern, and an authentication unit that performs authentication by determining whether or not a vibration pattern of the vibrations received by the vibration reception unit matches the vibration pattern registered in the vibration pattern registration unit.10-01-2009
20100186080PROTECTION SYSTEM AND METHOD OF OPERATION THEREIN - A system comprises one or more slave elements operably coupled to a plurality of master devices. A central protection function is operably coupled to a first communication bus and configured to control data flow between the one or more slave elements and the plurality of master devices via the communication bus.07-22-2010
20090077652Contents Execution Device Equipped With Independent Authentication Means And Contents Re-Distribution Method - The present invention particularly relates to a digital content providing service method and a content execution device for the same, for maximizing user convenience and maintaining a sufficient level of security using a smart card. The inventive content execution device includes an independent authentication unit for storing a tool necessary for executing content; an authentication support module for providing a data communication channel between the smart card and an external broadcasting server; a tool agent for calling the tool stored in the independent authentication unit; and a content execution unit for executing content data received from the external broadcasting server. The content execution device included in a content authority management system of the present invention employs the smart card for user authentication and/or content playing tool management. Accordingly, a user can freely executing his/her licensed content in different content execution devices by conveniently removing and reinserting the smart card, without separate measures. Moreover, according to the present invention, a user can effectively use content from different broadcasters.03-19-2009
20100242107Image Processing Device - A low-cost Multi Function Peripheral (MFP) prevents a user from forgetting to cancel an authenticated state. The MFP includes a scanner unit, a printer unit, a touch screen, and a reset key for initializing various settings. When the user is authenticated, the MFP accepts various operations. Under a state in which the user is authenticated, when the reset key is operated, a control unit executes a logout process.09-23-2010
20100235904INFORMATION PROCESSING SYSTEM AND PROCESSING METHOD THEREOF - When a plurality of information processing apparatuses that have an authentication function cooperate to execute a job, user authentication information is transmitted from a cooperative information source processing apparatus to a destination cooperative information processing apparatus that execute the cooperative job. A user account is created at the destination cooperative information processing apparatus based on the transmitted authentication information. When the cooperative information source processing apparatus notifies execution of a cooperative job to the destination cooperative information processing apparatus, authentication information that is authenticated at the cooperative information source processing apparatus is transmitted to the destination cooperative information processing apparatus. The destination cooperative information processing apparatus creates a user account based on the authentication information, and executes the cooperative job using the created user account.09-16-2010
20100242108METHOD AND SYSTEM FOR MEMORY PROTECTION AND SECURITY USING CREDENTIALS - A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.09-23-2010
20100212007SYSTEMS AND METHODS FOR ACCESS CONTROL - The disclosure describes various systems and methods for access control. One such method includes providing an access control module that is capable of operating at least a first carrier frequency and a second carrier frequency. In addition, the method includes providing a first access credential that operates at the first carrier frequency, and providing a second access credential that operates at the second carrier frequency. Various other systems, methods and features are also described herein.08-19-2010
20100138912System and method for authenticating an end user - A method for authenticating an end user. The method begins by generating a login field in response to receiving an authentication request from an end user. The login field comprises a plurality of colored nodes containing a first subset of nodes matching both color and location to a second subset of nodes residing in a transparent credit card being controlled by the end user. Next the method determines the authenticity status of the end user by comparing data received from the end user with the first subset of nodes. The end user having generated the data by overlaying the transparent credit card on top of the login field and selecting at least one colored node. Each node being selected according to a function utilizing both static and dynamic variables. Finally, the method sends the determined authenticity status to the end user via an output device.06-03-2010
20090320123METHOD AND APPARATUS FOR USER RECOGNITION EMPLOYING MOTION PASSWORDS - A method and apparatus are disclosed that authenticate a user of a mobile device with motion sensors. During a learning session, the user initializes the mobile device by providing a motion sample. The mobile device extracts motion features that are unique to the user and converts them to parity bits and to a password shadow. During a recognition session, a motion pattern is gathered from the user moving the mobile device as if it were a virtual pen. The mobile device then uses the stored parity bits to correct small differences between motion patterns exhibited by the same user at different times. The mobile device converts the corrected motion pattern into a motion password that is compared with the stored password shadow. A user is authenticated only if the two values coincide. The system erases the generated motion password.12-24-2009
20120246715RECORDING DEVICE AND CONTROL METHOD THEREFORE - One embodiment provides a recording device, including: a data storage module; an authentication information storage module configured to store authentication information; a receiving module configured to receive authentication information from a higher level apparatus; an authenticating module configured to perform authentication of access to the data storage module by comparing the received authentication information with the stored authentication information; a command tendency storage module configured to store a command tendency; a command tendency determinator configured to determine whether or not a command tendency relating to commands being transmitted from the higher level apparatus is similar to the previously-stored command tendency; and a use disabling module configured to render the data stored in the data storage module substantially unusable based on a determination of the command tendency determinator.09-27-2012
20100223665SYSTEM AND METHOD FOR PROVIDING A VIRTUAL BINDING FOR A WORM STORAGE SYSTEM ON REWRITABLE MEDIA - A virtual binding system ensures that the WORM logic for protecting data immutability cannot be circumvented, effectively guaranteeing WORM property of a WORM storage system composed of rewritable magnetic hard disks. To close the security hole between the rewritable media and the WORM logic, virtual binding securely authenticates the legitimacy of a WORM logic controller before granting data access on a WORM storage media. Furthermore, the system verifies the legitimacy of the WORM logic controller during data access. This approach virtually binds together the WORM logic controller and the WORM storage media even though the WORM logic controller and the WORM storage media may be physically separate.09-02-2010
20090106832COMPUTER SYSTEM AND PROGRAM CREATING DEVICE - A mobile telephone 04-23-2009
20110023110Interactive Video Captcha - Provided is a Captcha Access Control System (CACS) for generating an improved captcha that are based, in one described embodiment, upon a command in one format and a response in a different format, one or both of which are rendered in a format that is difficult for an automated system to interpret. A computer system or program to which a user is requesting access generates a textual or audible command. A video device captures the user's response and transmits the response to a response evaluation device. Based upon an analysis of the transmitted video and a comparison between the analyzed video and the command, the computer or program either enables access or denies access.01-27-2011
20130145454PORTABLE INFORMATION TERMINAL, ITS CONTROL METHOD AND PROGRAM - Disclosed are a portable information terminal for materializing limitation of its use more effectively and method and program for controlling the terminal The portable information terminal comprises a mail address storing unit for storing mail addresses, a mail reception unit for receiving mails, a certification information generation unit for generating certification information and a terminal lock controlling unit for limiting a predetermined function or operation, wherein when a mail address of an originator of transmission of a mail received by the mail reception unit coincides with an address stored in the mail address storing unit, the predetermined function or operation is limited by certification information the certification information generating unit generates.06-06-2013
20110119754GAMING DEVICE HAVING HARD DRIVE BASED MEDIA AND RELATED METHODS - Various embodiments are directed to a gaming device that uses an internal hard drive for primary media storage. The software is installed on the hard drive without requiring physical access to the hard drive including, but not limited to, removal or replacement of the hard drive. According to one method, an install flash program is used to format and/or reformat an internal hard drive. Additionally, the install flash program is used to install media stored on a removable storage device onto the internal hard drive.05-19-2011
20110247065SIMULTANEOUS SCREEN UNLOCK AND OPERATION INITIATION - An electronic device such as a smart phone or personal computer, adapted to both unlock and to execute at least one step of a standard operation such as placing a telephone call, responsive to the user executing only one input command The input command may comprise moving a slider on a touch screen, entering a predetermined combination of alphanumeric characters, and the like. The input command may also comprise hand drawing a symbol on the screen, whereupon the electronic device will execute a matching procedure similar to character recognition to authenticate the symbol. Authentication may then unlock the device and execute the at least one step of the standard operation.10-06-2011
20110119755INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM AND COMPUTER READABLE RECORDING MEDIUM - In an information processing apparatus having a service mode for a service person to carry out maintenance of the apparatus enters for carrying out the maintenance, a registration page is provided for registering the service person as a service person in charge of the maintenance of the apparatus, and an input page is provided for inputting authentication information required for the service person that is registered in the registration page as a person in charge of the maintenance of the apparatus to enter the service mode.05-19-2011
20090100515INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, RECORDING MEDIUM AND INFORMATION PROCESSING METHOD - A receiving unit receives information selected by a user on an operating screen. A detecting unit detects a function executing part corresponding to the information received by the receiving unit. A determining unit determines that the user authentication is required when a function is to be executed, when “the user authentication is required” is set for at least any one of a function allocated to a function executing part that is detected by the detecting unit, the function allocated to another function executing part, and the operating screen that includes the function executing part to which the function is allocated. A function executing unit executes a function allocated to the function executing part selected by the user, wherein the user is authorized to execute the function.04-16-2009
20090300753METHOD FOR PREVENTING DATA IN A COMPUTER SYSTEM FROM BEING ACCESSED BY UNAUTHORIZED USER - A computer system is provided comprising a non-volatile storage medium and a processor. The processor acquires authentication information from a first removable storage device, stores the authentication information into the non-volatile storage medium, and forbids data access of the computer system when detecting that a second removable storage device has been inserted and identification data of the second removable storage device is different from the authentication information.12-03-2009
20090038002CONTROLLING IMAGE FORMING FUNCTION - An apparatus, method, system, computer program and product each capable of controlling addition of a printing function or controlling use of the printing function are disclosed.02-05-2009
20090217370SAFE FILE TRANSMISSION AND REPUTATION LOOKUP - Safe file transmission and reputation lookup. As a part of the safe file transmission and reputation lookup methodology, a data file that is to be made available to a data file receiver is accessed and it is determined whether the data file needs to be provided a protective file. The data file is wrapped in a protective file to create a non-executing package file. Access is provided to the non-executing package file where the associated data file is prevented from being executed until data file reputation information is received.08-27-2009
20100077472Secure Communication Interface for Secure Multi-Processor System - A secure communication interface for a secure multi-processor system is disclosed. The secure communication interface can include a secure controller that is operable to transfer data between a first memory that is directly accessible by a first (master) processor and a second memory that is directly accessible by a secure second (slave) processor in the multi-processor system. One or more control and status registers accessible by the processors facilitate secure data transfer between the first memory and a memory window defined in the second memory. One or more status and violation registers shared by the processors can be included in the secure communication interface for facilitating secure data transfer and for reporting security violations based on a rule set.03-25-2010
20100058460SYSTEM AND METHOD FOR AUTHENTICATING AN END USER - A method for authenticating an end user. The method comprising receiving a first userID and a first password from an end user. Next, attempting to authenticate the end user using the first userID and the first password provided. Finally, sending an error message to the end user in response to failing to authenticate the end user using the first userID and the first password wherein the error message comprises a first option and a second option. The first option comprising a first key combination that if entered would allow the end user to enter a second password and authenticate using the first userID and the second password. The second option comprising a second key combination that if entered would allow the end user to enter a second userID and a third password and authenticate using the second UserID and the third password.03-04-2010
20100071056METHOD AND SYSTEM FOR MULTI-PROTOCOL SINGLE LOGOUT - A method for multi-protocol logout. The method includes receiving, by a first identity provider, a logout request from a user agent, wherein the first identity provider executes in a federation manager, and initiating a logout on a service provider associated with the first identity provider based on the logout request by the first identity provider. The method further includes identifying, by the federation manager, a plurality of identity providers associated with the user agent, wherein the plurality of identity providers communicate using heterogeneous federation protocols, and initiating, by the federation manager, a logout on each of the plurality of identity providers based on the logout request using the plurality of heterogeneous federation protocols. The method further includes initiating, by the plurality of identity providers, a logout of each service provider corresponding to the plurality of identity providers, identifying a status of each logout, and sending the status to the user agent.03-18-2010
20110154478ELECTRONIC DEVICE SECURITY - An apparatus comprises logic to manage data access in an electronic device by performing operations, comprising detecting at least one of a motion, vibration or change in orientation of the electronic device and in response to a detection, implementing a security policy for the electronic device. Other embodiments may be described.06-23-2011
20120304282INFORMATION PROCESSING APPARATUS - According to one embodiment, an information processing apparatus is provided. The information processing apparatus includes: a body case; 11-29-2012
20120304281METHOD AND APPARATUS FOR AUTHENTICATING A NON-VOLATILE MEMORY DEVICE - An apparatus and method for authenticating a Non-Volatile Memory (NVM) device are provided. A host device that authenticates the NVM device transmits challenge information for authentication to the NVM device, receives pieces of authentication information in response to the challenge information from the NVM device, and authenticates the NVM device using the pieces of authentication information by the host device. The pieces of authentication information are generated based on the challenge information and secret key information stored in the NVM device.11-29-2012
20120304280PRIVATE AND PUBLIC APPLICATIONS - Designating applications for public access or private access on a computing device is disclosed. An application on the computing device is designated for private functionality or public functionality. A security wall is enforced with respect to the application if the application is designated for private functionality, wherein enforcing the security wall includes preventing access to the application until a security input is received. Access to the application is provided if the application is designated for public functionality, wherein providing access to the application includes allowing a user to access the application without receiving the security input from the user.11-29-2012
20110030050IMAGE FORMING APPARATUS - An image forming apparatus having a plurality of functions and executing a function designated from the plurality of functions includes a display device for displaying a function selection image allowing a user to designate any of the plurality of functions. The display device displays a first group of functions of which frequency of use is higher than a prescribed threshold value, and a second group of functions of which frequency of use is not higher than the threshold value, on mutually different function selection images, with a display item indicating that functions are displayed distinguished from each other. The image forming apparatus further includes: a designating device receiving a user input designating any of the plurality of functions displayed by the display device; and an image forming unit executing the function designated by the input received by the designating device.02-03-2011
20110154479IMAGE FORMING APPARATUS AND IMAGE FORMING METHOD - According to one embodiment, an image forming apparatus includes, a log authentication information acquiring unit configured to acquire log authentication information indicating whether or not to control browse of a job log in each image forming apparatus, a user authentication unit configured to execute user authentication of a user operating the browse of the job log and acquire a result of the user authentication, a log browse right information acquiring unit configured to acquire log browse right information indicating whether or not to limit the browse of the job log for the user, and a control unit configured to control the browse of the job log, based on the log authentication information, the log browse right information and the result of the user authentication that are acquired.06-23-2011
20080229406Method and apparatus for exclusively controlling a device in a home network - A method and apparatus exclusively control a device in a home network. A control point requests exclusive control authority from the device. In response to the request the control point receives an identifier (RID) used to successfully authenticate the exclusive control authority. The control point then acquires the exclusive control authority and controls the device. Accordingly, it is possible to prevent other control points from interfering with the device so as not to perform an operation which is not desirable for the control point that acquires the exclusive control authority over the device.09-18-2008
20090328195Authentication and Access Protection of Computer Boot Modules in Run-Time Environments - Methods and systems to authenticate and load a plurality of boot logic modules in corresponding access protected memory regions of memory, and to maintain the access protections in run-time environments. Access protection may be implemented with access control list (ACL) policies expressed in terms of page boundaries to distinguish between read, write, and execute access requests.12-31-2009
20090241182System and Method for Implementing a One Time Password at an Information Handling System - A system and method are provided which substantially reduce the disadvantages and problems associated with previous methods and systems for generating an OTP at an information handling system. An OTP is generated at an information handling system hardware or firmware layer upon detection of a predetermined input trigger, such as a key combination. The OTP is provided for authentication independent of an operating system or applications running on the information handling system.09-24-2009
20100333193System and Method for Protecting Data with Multiple Independent Levels of Security - A data security system includes a single central processing unit (CPU), a plurality of different security zones corresponding to different levels of security classification, a plurality of operating systems, a communications interface, a global zone, and a memory coupled to the plurality of security zones and the global zone. The CPU includes a plurality of processing cores and each security zone is associated with a different one of the processing cores. The global zone is communicatively coupled to the communications interface and the plurality of security zones, and is associated with a different one of the processing cores than the plurality of security zones. The global zone directs communications between the communications interface and the plurality of security zones. Each processing core executes a separate one of the plurality of operating systems, thereby providing separate processing capability on the single CPU for each of the different levels of security classification.12-30-2010
20130198831IDENTIFIER GENERATION USING NAMED OBJECTS - A candidate identifier for a process is generated and an attempt is made to have a named object created that has a name that is the candidate identifier. In response to the attempt succeeding and the named object being created, the candidate identifier is used as an identifier for the process. In response to the attempt not succeeding and the named object not being created, the generating and attempting are repeated.08-01-2013
20130198833SECURELY EXECUTING AN APPLICATION ON A COMPUTER SYSTEM - A method of and system for securely executing an application on a computer system such that a user of the computer system cannot access or view unauthorized content available on the computer system or accessible using the computer system. To securely execute an such method and system may terminate any unauthorized processes executing (i.e., running) on the computer system application prior to execution of the application, and may configure the application such that unauthorized content cannot be accessed, including configuring the application such that unauthorized processes cannot be initiated (i.e., launched) by the application. Further, such system and method may terminate any unauthorized processes detected during execution of the application, and may disable any functions of the computer system that are capable of accessing unauthorized content, including disabling any functions capable of initiating processes on the computer system. The application being securely executed may be any of a variety of types of applications, for example, a browser application or an application for receiving answers to questions of an examination (i.e., an exam-taking application). Securely executing an application may be used for any of a variety of purposes, including, among other purposes, to assist preventing students from cheating on exams, to assist preventing students from not paying attention in class, to assist preventing employees from wasting time at work, and to assist preventing children from viewing content that their parents deem inappropriate.08-01-2013
20120311695METHOD AND APPARATUS FOR DYNAMIC MODIFICATION OF AUTHENTICATION REQUIREMENTS OF A PROCESSING SYSTEM - Authentication requirements for a user to access a processing system may be dynamically modified based on status information received from sensors coupled to the processing system. The processing system may receive a request for access to the processing system by the user. The processing system determines an authentication policy based at least in part on the status information, and presents authentication requirements to the user based at least in part on the authentication policy.12-06-2012
20120030753MULTIPROTOCOL COMMUNICATION AUTHENTICATION - A method for authenticating a transmission between a first and a second circuit transiting through at least one third circuit, wherein: data are transmitted from the first to the third circuit, and from the third to the second circuit; a first signature of the data is calculated by the first circuit; at least a second signature of the data is calculated by the third circuit; at least one first portion of the first signature is transmitted by the first circuit to the third one; and the second signature is transmitted by the third circuit to the second one, a portion of this signature being distorted in case of a failure of authentication of the first portion of the first signature by the third circuit.02-02-2012
20110093947IC CHIP, INFORMATION PROCESSING APPARATUS, SYSTEM, METHOD, AND PROGRAM - An IC chip, an information processing apparatus, system, method, and program are provided. An IC chip includes an authentication control unit configured to authenticate a request using authentication information. The request and/or the authentication information is received from outside the IC chip.04-21-2011
20100333192Secure storage - A portable security storage unit is described, which comprises a firewall, access to networks and a hard drive external to a computer. A hard drive manager allows access to the external hard drive and provides encryption, decryption of data passing to and from the external hard drive as well as restore capability. The computer, which hosts the storage security unit, is coupled to the storage security unit by a USB connection, and the firewall and the hard drive manager are USB connected internal to the security storage unit.12-30-2010
20110258697IMAGE PROCESSING APPARATUS AND USER AUTHENTICATION METHOD FOR IMAGE PROCESSING APPARATUS - An image processing apparatus includes a first authentication unit configured to authenticate a user, a second authentication unit configured to authenticate the user, an operation unit configured to receive an operation from the user, a logout unit configured to set the user in a logout state in which the user is unauthenticated, if a predetermined time has passed without the operation unit receiving any operation from the user while the user is authenticated by the first authentication unit or the second authentication unit, and a change unit configured to change the predetermined time to a second time shorter than a first time, if the user is unauthenticated by the second authentication unit while the user is authenticated by the first authentication unit and the second authentication unit.10-20-2011
20110126279INFORMATION PROCESSING APPARATUS, SOFTWARE INSTALLING METHOD, AND RECORDING MEDIUM - An information processing apparatus includes a communication unit that transmits and receives information to and from an IC chip of a recording medium, an authentication processing unit that executes mutual authentication processing with the IC chip, a list-display-screen outputting unit that reads identification information and usage control information and causes a display to display a list display screen, a selection input unit that receives a selection input from a user, a software reading unit that reads data of software selected according to selection input from the data area, an installation processing unit that causes the authentication processing unit to execute the authentication processing, reads key information necessary for installing the software, and executes installation processing for the software, and a usage-control-information updating unit that accesses the IC chip and updates the usage control information corresponding to the software.05-26-2011
20110154480SECURE CONTROLLER FOR BLOCK ORIENTED STORAGE - A storage controller includes a command pointer register. The command pointer register points to a chain of commands in memory, and also includes a security status field to indicate a security status of the first command in the command chain. Each command in the command chain may also include a security status field that indicates the security status of the following command in the chain.06-23-2011
20100024027Client-side security management for an operations, administration, and maintenance system for wireless clients - An Operations, Administration, and Maintenance (OA&M) 01-28-2010
20100017872USER INTERFACE FOR MOBILE COMPUTER UNIT - A computer readable medium storing a computer program with computer program code, which, when read by a mobile computer unit, allows the computer to present a user interface for the mobile computer unit. The user interface includes a touch sensitive area in which a portion of a first window and a portion of a second window are displayed. The user scrolls the first window when an object touches a corresponding location in the touch sensitive area at which the first window is displayed, and scrolls the second window when an object touches a corresponding location in the touch sensitive area at which the second window is displayed. The user interface displays a plurality of keys which are selected when an object touches a corresponding key location and are activated when the object applies additional pressure to the corresponding key location. Alternatively, the key is activated when an object touches its corresponding location. The user interface presents keys in a manner facilitating entry of Chinese characters using stroke and Pinyin input.01-21-2010
20090172806SECURITY MANAGEMENT IN MULTI-NODE, MULTI-PROCESSOR PLATFORMS - Multi-node and multi-processor security management is described in this application. Data may be secured in a TPM of any one of a plurality of nodes, each node including one or more processors. The secured data may be protected using hardware hooks to prevent unauthorized access to the secured information. Security hierarchy may be put in place to protect certain memory addresses from access by requiring permission by VMM, OS, ACM or processor hardware. The presence of secured data may be communicated to each of the nodes to ensure that data is protected. Other embodiments are described.07-02-2009
20120210419SECURITY MANAGEMENT FOR AN INTEGRATED CONSOLE FOR APPLICATIONS ASSOCIATED WITH MULTIPLE USER REGISTRIES - A system for security management for applications associated with multiple user registries can include an integrated console configured to host a one or more applications or resource objects in corresponding realms. The system also can include one or more roles mapped to different ones of the resource objects and also to different users permitted to access the integrated console. The system yet further can include a user relationship system having associations with multiple different ones of the roles. Finally, the system can include console security management logic programmed to manage authentication for the users using realm of the resource object while not requiring a separate user registry for the integrated console.08-16-2012
20120210418SECURITY ELEMENT HAVING AN ELECTRONIC DISPLAY DEVICE FOR DISPLAYING SECURITY-RELEVANT INFORMATION OR PATTERNS - A security element having an electronic display device, particularly a digital display for representing security-relevant information or patterns is provided, wherein the represented information or patterns changes or change over time due to an algorithm and/or external influences. A method for marking, identifying or authenticating objects or living beings is provide, with the living being or object being provided with a security element having an electronic display device, particularly a digital display for representing security-relevant information or patterns, whereby the represented information or patterns changes or change over time due to an algorithm and/or external influences.08-16-2012
20120159608PASSWORD ENTRY USING 3D IMAGE WITH SPATIAL ALIGNMENT - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned, at least one of the base image reference point and the overlay image reference point having coordinates in three dimensions.06-21-2012
20120233687SECURE METHOD FOR CONTROLLING THE OPENING OF LOCK DEVICES BY MEANS OF A COMMUNICATING OBJECT SUCH AS A MOBILE PHONE - The method consists in: a) generating by an application software (SWA) a message forming a key (DKE) comprising an encrypted data field containing a time-stamping or sequencing time marker; b) transferring the message to a portable communication device (CD), held by a user; c) transmitting the message, by short-range transmission, from the communication device to a reading interface (ERED) coupled to a lock device (LOCK); d) analyzing the message by decrypting the data field and checking the consistency of the time marker with an inner clock of the interface or with a sequence number memorized in the interface; and e) in case of compliant message, sending from the interface to the lock device a digital accreditation (OPEN) stored in memory in the interface and to operate the lock device unlocking upon recognizing the compliance of said digital accreditation.09-13-2012
20100205666ELECTRONIC COMPUTER SYSTEM SECURED FROM UNAUTHORIZED ACCESS TO AND MANIPULATION OF DATA - In general, the invention relates to a method for securing a computer system. The method includes monitoring an operating system in the computer system and trapping, in response to the monitoring, a process system call where the process system call originated in a host executing in the computer system. Responsive to the trapping, an isolated user environment (IUE) is created in the computer system. Creating the IUE includes allocating memory and persistent storage for the IUE. In addition, the IUE includes a file system filter driver (FSFD) configured to redirect Input/Output (I/O) calls originating from the IUE to the persistent storage, and a network interface/NDIS hook component configured to control network traffic originating from the IUE and destined for the IUE. The method further includes, after creating the IUE, loading the process system call into the IUE and executing the process system call in the IUE.08-12-2010
20120137359Method For Storing (Hiding) A Key In A Table And Corresponding Method For Retrieving The Key From The Table - A method is provided for storing/retrieving a key in a table, the method for storing a key comprising providing a table comprising a plurality of entries, each selected from a group consisting of random words and random strings; providing a question to a user; receiving from the user a corresponding secret answer; receiving the key to store in the table; determining a position in the table using the received corresponding secret answer and at least one table entry and storing the key at the determined position.05-31-2012
20110185416METHOD AND APPARATUS FOR AUTHENTICATING A PERSON BY THEIR TYPING PATTERN USING THE LOCAL DISTRIBUTION OF KEYS ON A KEYBOARD - The present invention relates to a method and an apparatus for authenticating a person by means of their typing pattern, wherein, evaluation of key actuation takes account of the local position of the actuated keys (07-28-2011
20130174247Photo Combination Lock - A simple, customizable and intuitive virtual combination unlock method and system. More specifically, an unlock system and method is disclosed which includes a virtual combination lock, where the virtual combination lock includes several rows of user-selectable images such as pictures or icons as the virtual combination wheels. In certain embodiments, the images are accessed via the user's database. To unlock the device, the user touches and drags pre-selected images into alignment with each other. Security can be adjusted by changing the number of images that need to be aligned to unlock the device.07-04-2013
20100011437APPARATUS AND METHOD FOR STORING EVENT INFORMATION FOR AN HVAC SYSTEM - An apparatus for storing event information relating to operation of an HVAC system includes: (a) at least one memory controller coupled with the HVAC system for receiving the event information; and (b) at least one memory unit coupled with the at least one memory controller. A first memory unit of the at least one memory unit is configured for receiving first selected information of the event information for accessing by at least one of a first party and a second party. A second memory unit of the at least one memory unit is configured for receiving second selected information of the event information for accessing by the second party.01-14-2010
20120084853INFORMATION PROCESSING APPARATUS AND METHOD FOR RESTRICTING ACCESS TO INFORMATION PROCESSING APPARATUS - An information processing apparatus includes: a body casing; a first connector provided in the body casing; a setting module; and a security module. The setting module is configured to set a security level to be applied to the information processing apparatus based on a type of a device connected to the first connector. The security module is configured to restrict access to the information processing apparatus according to the set security level.04-05-2012
20120227103INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus disposed on a shopping cart, comprises a display section; an input section; a position acquiring section of the shopping; a detecting section configured to detect the moving or the stopping of the shopping cart; a counting section configured to count a duration time of the stop state of the shopping cart while the detecting section detects the stopping of the shopping cart; an operation-lock control section configured to read a standby time and limit the display operation of the display section and the accepting operation of the input section.09-06-2012
20080301802Trust-Based Link Access Control - An apparatus, program product and method control access to linked documents on a computer based on a calculated determination of the trustworthiness of such linked documents, so that user navigation to untrusted documents from a document with which such untrusted documents are linked can be deterred. Basing link access control on document trustworthiness permits owners, authors, developers, publishers, etc. of documents, for example, to avoid potential difficulties such as embarrassment, confusion or legal liability as a result of the content of linked-to documents under the control of third parties.12-04-2008
20120240217Computer Security - Computer security processes include displaying information elements on a computer display screen. Some of the information elements are mapped to corresponding parameters. The computer security processes also include receiving a selected information element from the information elements displayed on the computer display screen, and determining a value of a parameter associated with the selected information element based on a condition. The value of the parameter is changeable according to changes in the condition. The computer security processes further include comparing the selected information element with the value of the parameter, and upon determining the value of the parameter matches the selected information element, providing a user with access to a system resource.09-20-2012
20120240219INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - When receiving an access request to a resource of a first application from a second application, a resource management unit transfers an authentication result for the first application included in the access request to the first application, and when receiving a determination result on whether access of the second application to the resource is permitted from the first application, the resource management unit returns the determination result to the second application.09-20-2012
20110047613SYSTEMS AND METHODS FOR PROVIDING AN ISOLATED EXECUTION ENVIRONMENT FOR ACCESSING UNTRUSTED CONTENT - A sandbox tool can cooperate with components of a secure operating system to create an isolated execution environment for accessing untrusted content without exposing other processes and resources of the computing system to the untrusted content. The sandbox tool can allocate resources (storage space, memory, etc) of the computing system, which are necessary to access the untrusted content, to the isolated execution environment, and apply security polices of the operating system to the isolated execution environment such that untrusted content running in the isolated execution environment can only access the resources allocated to the isolated execution environment.02-24-2011
20120272311METHOD FOR AUTHENTICATING A USER ON A COMPUTING UNIT - The invention relates to a method for authenticating a user on at least one computing unit, in particular a data processing and/or communication device, comprising a graphical user interface unit having a graphical user interface and at least one input device, wherein the at least one graphical user interface comprises at least one symbol storage area having a plurality of graphical symbols and at least one symbol positioning area having a plurality of defined positions.10-25-2012
20120278880Secure Time/Date Virtualization - A system is provided that includes a processor and a system memory coupled to the processor, the system memory stores at least one application for execution by the processor. The system also includes logic coupled to the processor, the logic providing a secure time reference. The processor selectively accesses the secure time reference to generate a virtual time reference for the at least one application.11-01-2012
20120331546INTELLIGENT STYLUS - An intelligent stylus is disclosed. The stylus can provide a stylus condition in addition to a touch input. The stylus architecture can include multiple sensors to sense information indicative of the stylus condition, a microcontroller to determine the stylus condition based on the sensed information, and a transmitter to transmit the determined condition to a corresponding touch sensitive device so as to cause some action based on the condition.12-27-2012
20120102564CREATING DISTINCT USER SPACES THROUGH MOUNTABLE FILE SYSTEMS - A method and a processing system for creating distinct user spaces. In a platform originally intended to be a single user platform, for each of a plurality of users, at least one mountable element can be uniquely assigned to the user and data associated with the user can be stored to the assigned mountable element to create a multi-user platform.04-26-2012
20120291118IMAGE PROCESSING SYSTEM, IMAGE PROCESSING APPARATUS AND COMPUTER-READABLE RECORDING MEDIUM - An image processing apparatus capable of executing a task including a plurality of processes includes the following units: an acquisition unit that acquires the security levels of the plurality of processes based on security-level information that defines the security level of each process; a specification unit that specifies a lowest-level process that is a process having a lowest security level, from among the plurality of processes; and a notification unit that notifies a user of information regarding the lowest-level process.11-15-2012
20130014247METHOD AND SYSTEM FOR AUTHENTICATING AN ACCESSORY - A method, system, and connector interface for authenticating an accessory, the method includes performing a first authentication operation on the accessory by the media player, where an authentication certificate is validated; and performing a second authentication operation on the accessory by the media player, where an authentication signature is validated. According to the system and method disclosed herein, the media player and accessory may utilize a plurality of commands utilized in a variety of environments such as within a connector interface system environment to control access to the media player.01-10-2013
20130019304Method and apparatus for detecting and dealing with a lost electronics deviceAANM CAI; LukaiAACI Redondo BeachAAST CAAACO USAAGP CAI; Lukai Redondo Beach CA USAANM Menendez; Jose R.AACI San DiegoAAST CAAACO USAAGP Menendez; Jose R. San Diego CA USAANM Silverstein; Roy BenjaminAACI San DiegoAAST CAAACO USAAGP Silverstein; Roy Benjamin San Diego CA USAANM Parameswaran; RajkrishnanAACI San DiegoAAST CAAACO USAAGP Parameswaran; Rajkrishnan San Diego CA US - Techniques for detecting and dealing with a lost electronics device are disclosed. In one design, the device may autonomously determine whether it is lost. The device may destroy at least one component to render it inoperable and may perform other actions in response to determining that it is lost. In another design, the device may determine available battery power of the device upon determining that it is lost, select at least one action in a list of possible actions based on the available battery power, and perform the selected action(s). In yet another design, upon determining that it is lost, the device may prevent access to information on the device based on a secondary security key, which is not used for encrypting information during normal operation. In yet another design, the device may notify at least one contact and may perform at least one additional action upon determining that it is lost.01-17-2013
20110162063METHODS AND APPARATUS FOR PROVIDING ACCESS TO VEHICLE ELECTRONIC SYSTEMS - One embodiment is directed to providing access between external systems and embedded vehicle electronic systems. That is, an interface module may receive information from a system external to the vehicle, determine an embedded system of the vehicle to which to provide the information, and provide the information to the embedded system. Similarly, the interface module may receive information a embedded electronic systems of a vehicle, determine a system external the vehicle to which to provide the information, and provide the information to the external system.06-30-2011
20130024929TRUST LEVEL ACTIVATION - An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.01-24-2013
20130024931DOWNLOADABLE COMMUNICATION SOFTWARE TOOL FOR FLASH MEMORY DEVICE - A flash memory device is provided that includes an operating system. The operating system has security features such as password protection and/or encryption. Further, the host computer to which the flash memory device is removably attached does not retain any electronic trail of the attachment, usage, communication, or other activity by the flash memory device. The operating system operates on the host computer without the host computer being able to detect and store information related to the operation of the flash memory device. An email service is also provided including timed deletion of emails between registered users. A browser is provided that has auto-populating multi-search, as well as tabbing capabilities. Cloud capabilities are provided, including a desktop run from the cloud as well as a browser run from the cloud. A clickless user interface is provided.01-24-2013
20130024930Executing Functions of a Secure Program in Unprivileged Mode - Executing functions of a secure program in unprivileged mode. A program may be executed in a supervisory mode. The program may call multiple functions. Each function may be executed in a unprivileged mode. Additionally, each function may be executed in a respective constrained environment or sandbox. Each constrained environment may be dedicated to or customized for the respective function. For example, each constrained environment may have a set of privileges that are based on the respective function executing within the constrained environment.01-24-2013
20130179964SECURITY REUSE IN HYBRID INFORMATION HANDLING DEVICE ENVIRONMENTS - Systems, methods and products directed toward providing security in hybrid information handling device environments are described herein. One aspect an information handling device comprising: one or more processors; and one or memories storing program instructions accessible by the one or more processors; wherein, responsive to execution of program instructions stored in the one or more memories, the one or more processors are configured to: ascertain a resume request for resuming to a secondary operating environment; and prior to resuming the information handling device to the secondary operating environment, initiate a primary operating environment security application. Other embodiments are described herein.07-11-2013
20120254984Selective item access provision in response to active item ascertainment upon device transfer - A computationally implemented method includes, but is not limited to: determining that a computing device used by a first user has been transferred from the first user to a second user; ascertaining, in response to said determining, which of one or more items that are at least conditionally accessible through the computing device are active; and providing one or more selective levels of access to the one or more items based, at least in part, on said ascertaining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.10-04-2012
20120254983Selective item access provision in response to active item ascertainment upon device transfer - A computationally implemented method includes, but is not limited to: determining that a computing device used by a first user has been transferred from the first user to a second user; ascertaining, in response to said determining, which of one or more items that are at least conditionally accessible through the computing device are active; and providing one or more selective levels of access to the one or more items based, at least in part, on said ascertaining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.10-04-2012
20120254982SYSTEM AND METHOD FOR PROTECTING AND SECURING STORAGE DEVICES USING BELOW-OPERATING SYSTEM TRAPPING - In one embodiment, a system for securing a storage device includes an electronic device comprising a processor, a storage device communicatively coupled to the processor, and a security agent. The security agent is configured to execute at a level below all of the operating systems of the electronic device, intercept a request to access the storage device, identify a requesting entity responsible for initiating the request, and utilize one or more security rules to determine if the request from the requesting entity is authorized. In some embodiments, the security agent is configured to determine whether the request involves a protected area of the storage device. If the request involves a protected area of the storage device, the security agent may be configured to allow the request if the requesting entity is authorized to access the protected area of the storage device.10-04-2012
20120254981Access restriction in response to determining device transfer - A computationally implemented method includes, but is not limited to: determining that a computing device used by a first user has been transferred from the first user to a second user; and restricting access via the computing device to one or more items in response to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.10-04-2012
20130091561EXECUTING COMMANDS PROVIDED DURING USER AUTHENTICATION - A mobile device may receive commands during confirmation of an identity of an individual access the device or secure data on the device. The commands may instruct the mobile device to perform security-related functions. For example, when the individual is under duress when logging in to the mobile device, the individual may perform a gesture indicating to the mobile device to change the password. The mobile device then changes the password for the individual to a secondary password. If a thief then takes the mobile device from the individual, the thief will no longer have access to the mobile device using the password provided by the individual under duress.04-11-2013
20130097693APPARATUS AND METHOD FOR AUTOMATIC UNLOCKING OF PORTABLE TERMINAL - A method automatically unlocks a portable terminal. The method includes collecting specific information by the portable terminal at a current location, and if the specific information satisfies a pre-set condition, automatically unlocking the terminal.04-18-2013
20130125231Method and system for managing a multiplicity of credentials - A wireless key device is configured to execute a digital credential management method to manage a plurality of digital credentials. According to this digital credential management method, the wireless key device polls an access terminal for an access terminal identification which uniquely identifies the access terminal. The wireless key device identifies a filter based on the access terminal identification, and selects a subset of the plurality of digital credentials based on the filter. The wireless key device renders a list of the subset of the plurality of digital credentials on a display, receives a user input selecting one of the subset of the plurality of digital credentials, and transmits the selected credential to the access terminal.05-16-2013
20130145453Multi Mode Operation Using User Interface Lock - A system and a method are disclosed for a computer implemented method to unlock a mobile computing device and access applications (including services) on a mobile computing device through a launcher. The configuration includes mapping one or more applications with a guest access code. The configuration receives, through a display screen of a mobile computing device, an access code, and determines whether the received access code corresponds with the guest access code. The configuration identifies the mapped applications corresponding to the guest access code and provides for display, on a screen of the mobile computing device, the identified applications.06-06-2013
20130145455METHOD FOR ACCESSING A SECURE STORAGE, SECURE STORAGE AND SYSTEM COMPRISING THE SECURE STORAGE - It is described a method for accessing a secure storage of a mobile device, the method comprising: providing a generic interface for accessing the secure storage; accessing the secure storage using the generic interface by a first application of the mobile device; accessing the secure storage using the generic interface by a second application of the mobile device. Further, a corresponding secure electronic storage and a system is described.06-06-2013
20100275254SYSTEM AND METHOD FOR SELECTING AN EXTERNAL USER INTERFACE USING SPATIAL INFORMATION - A method and system for selecting an external user interface using spatial information is described. In one configuration the floor space of a mailroom is mapped using a two dimensional grid. At least one machine is located on the mapped grid and an associated control zone is defined for that particular machine. The machine includes a wireless transceiver for providing user interface access. An external portable processor with a wireless transceiver is provided with user interface logic for the machine. A user then moves the external portable processor into the control zone of the machine. An indoor positioning system is utilized to provide relative or absolute position information relating to the machine and the external processor. The system determines that the external processor is in the machine control zone and allows the external processor to function as a user interface for the machine.10-28-2010
20120278879AUTHENTICATING HUMAN INTERFACE DEVICE - (EN)The invention relates to an authentication device (TK) set to identify itself to a computer (PC) as a native human interface device. It also relates to a system comprising an authentication device (TK) and a computer (PC), as well as to a method to have a computer (PC) recognize an authentication device (TK).11-01-2012
20130152192RESTRICTING ACCESS TO THE RESOURCES OF A TERMINAL - A portable computer terminal having an operating system configured to switch from a first state to a second state in response to a first command from a user and to switch from the second state to the first state in response to a second command from the user, the second command including inputting an identification code of the user, the operating system being capable, in the first state, of causing execution in interactive manner of an application selected from a set of applications, the operating system being capable, in a second state, of causing execution in interactive manner of an application of said set of applications in compliance with an access condition, wherein the access condition is determined as a function of said first command.06-13-2013
20110321153SECURITY MECHANISM FOR INCREASED PERSONAL DATA PROTECTION - Apparatus, systems, and methods provide a mechanism to enhance the management of data security in a system for users of the systems. Various embodiments include apparatus and methods to manage security of data in an electronic system on an application-by-application basis. Such application-by-application basis can be applied in addition to managing data security globally in the electronic system. Additional apparatus, systems, and methods are disclosed.12-29-2011
20120030752Computer keyboard with ultrasonic user proximity sensor - A terminal for a computer system includes a keyboard incorporating modules for performing two factor authentication (TFA) for log-on of a user. TFA preferably combines a fingerprint scan with the proximity of a previously enrolled Bluetooth device that typically accompanies the user, such as a wireless phone or headset. The keyboard also includes an ultrasonic proximity detector aimed to detect the presence of the user at the keyboard and to terminate log-on when the user leaves the keyboard. The keyboard processor may be used as an encryption engine to encode all keystroke data and authentication/log-on transactions with the computer system.02-02-2012
20130198832MULTILEVEL PASSCODE AUTHENTICATION - Mechanisms are provided to efficiently and effectively authenticate a user of a device. Passcode information such as passwords, pins, and access codes are obtained along with biometric information to periodically authenticate a user of a device. A user identity confidence score may be generated and continually modified by using data such as passcode information, biometric information, and/or user physical interaction characteristics information. If the user identify confidence score falls beneath a particular threshold, additional user authentication information may be requested.08-01-2013
20120096542PORTABLE CONFIDENTIAL ACCOUNT INFORMATION MANAGEMENT DEVICE - In one general aspect, a portable confidential account information management device is disclosed that includes a biometric sensor, keyboard, processor, and storage. The storage includes account information storage including fields that each include an account identifier field and a password field. It also includes program storage including native account management software responsive to the biometric sensor and the keyboard to enable retrieval of contents of the account identifier field and password field for selected accounts. A display screen is responsive to the account management software and operative to display retrieved contents of the account identifier field and the retrieved password field for the selected accounts. In another aspect, removable portable data storage device port is responsive to the storage to store backup copies of information. Disclosed devices can be designed to improve security by isolating them from external access or connectivity.04-19-2012
20130212672EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION ON A POINT-TO-POINT INTERCONNECT SYSTEM - Methods and apparatus for initiating secure operations in a microprocessor system are described. In one embodiment, a system includes a processor to execute a secured enter instruction, and a chipset to cause the system to enter a quiescent state during execution of the secured enter instruction.08-15-2013
20130212673ENTERING A SECURED COMPUTING ENVIRONMENT USING MULTIPLE AUTHENTICATED CODE MODULES - Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.08-15-2013
20130212671Security-Enhanced Computer Systems and Methods - In general, the invention provides a computer architecture designed for enhanced data security. In embodiments, the architecture comprises two sub-systems, each with their own processing units and memories, and a defined set of interfaces that interconnect the two sub-systems and the external world. One sub-system is designed to provide a familiar environment for running computer applications. The other sub-system is designed to provide a secure bridge between the first sub-system and users via input and output devices.08-15-2013

Patent applications in class Stand-alone

Patent applications in all subclasses Stand-alone