Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Authorization

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

726016000 - Stand-alone

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
726019000 Credential usage 294
726018000 Credential management 110
726020000 Tokens (e.g., smartcards or dongles, etc.) 63
Entries
DocumentTitleDate
20110179482SECURITY SWITCH - System and method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation. The system comprises an isolated switch, included fully or partially within an envelope of the personal device. The isolated switch cannot be affected in its operation by either the device core or the peripheral device. The switch may be operated by an authorized user of the personal device either preemptively or in response to a detected threat. In some embodiments, the isolated switch includes an isolated controller which can send one or more signals to the peripheral device and/or part of peripheral device. In some embodiments, the isolated switch includes an isolated internal component and an isolated external component, both required to work together to trigger the isolated switch operation. In some embodiments, the isolated switch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device.07-21-2011
20130031622STATIC ANALYSIS FOR VERIFICATION OF SOFTWARE PROGRAM ACCESS TO SECURE RESOURCES FOR COMPUTER SYSTEMS - Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.01-31-2013
20120266234Network Traffic Routing - A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.10-18-2012
20090193515COMMUNICATION DEVICE - With regard to data, stored in mobile phone 07-30-2009
20090193514METHOD, SYSTEM AND MOBILE DEVICE EMPLOYING ENHANCED USER AUTHENTICATION - The described embodiments relate generally to methods and systems for user authentication for a computing device. In one embodiment, the method comprises: enabling receipt of input in relation to selection of a plurality of authenticators for consecutive use by the computing device to authenticate a user; and storing reference information identifying the selected plurality of authenticators in a memory of the computing device. The computing device may comprise a mobile device.07-30-2009
20100083367Secure Partitioning of Programmable Devices - According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory and a logic unit. The logic blocks are grouped into one or more partitions. The memory stores authentication and partition information uploaded to the programmable logic device prior to partition programming. The logic unit authenticates programming access to the one or more partitions based on the authentication information and controls programming of the one or more partitions based on the partition information.04-01-2010
20080256625System and Method for Enhanced Layer of Security to Protect a File System from Malicious Programs - A system and method for providing an enhanced layer of security to protect the file system from malicious programs are provided. An additional layer of security for protecting data and to minimize successful attacks by malicious programs is provided. This additional layer uses the feature of code signing to verify that the code is from a source which the code claims to be from, and also that the code has not been tampered with by a malicious party. The file system provides a feature by which certificates are mapped to portions of a file system, e.g., files/directories, such that only programs that are certified by those certificates are able to read/modify those portions of the file system.10-16-2008
20090158421Security Analysis Method - A computer system comprising a receiving means for receiving an input of at least one user parameter a storage means for storing at least one template; a matching means for matching the at least one user parameter to a template; a locking means for locking the at least one user parameter to the matched template; and a providing means for providing an output of a user identification according to the matched template.06-18-2009
20100333194System, Method, and Apparatus for Capturing, Securing, Sharing, Retrieving, and Searching Data - This present invention relates to a system, method and apparatus for scientists and researchers and others to capture, secure, share, retrieve and search captured data. Said system and method is able to: fully-integrate hardware and software, required to seamlessly capture data inputs; combine edit and display functions from devices into one single edit and display platform; compile captured inputs from devices into text-searchable and tag-able data that can be displayed, edited and searched on one platform; compile captured inputs from devices into text-searchable and tag-able data that can be searchable by using free-text search, advanced search modules, or a combination thereof; provide advanced search modules that can search based on embedded text in files, tags tied to images or files, parallel image search and other intelligent parameter-based search formats; and can be provided as a hosted application, available via a wire line or wireless on-demand service, also referred to as Software as a Service (SaaS) delivery method.12-30-2010
20120185933USER ACCOUNT FOR SYSTEM PROTECTION OR RECOVERY - In one embodiment, a data processing system includes a guest account that is configured to assist in the protection and recovery of the data processing system when it is lost or stolen. In one embodiment, the guest account can allow Internet access and can include a web browser to allow the guest, who might be a thief, to use the system to browse the Internet. While such use occurs, the system can perform actions specified by an authorized user of the system, and such actions can include determining a location of the system and transmitting the location to the authorized user, erasing data on the system, displaying a message, capturing an image, etc.07-19-2012
20120167201IMAGE FORMING APPARATUS AND CONTROL METHOD FOR IMAGE FORMING APPARATUS - An image forming apparatus includes a display unit, a login information storage unit, a login information reception unit, a login authentication unit, an authorization limitation information storage unit, an execution instruction reception unit, a control unit and an execution permission determination unit. The authorization limitation information storage unit stores functions permitted to be executed by the logged-in user and a default user, who is a non-logged-in user. The control unit executes a function in accordance with an execution instruction received by the execution instruction reception unit. The execution permission determination unit determines whether the function indicated in the received execution instruction is a default function that is permitted to be executed by the default user, causes the control unit to execute the function if the function is the default function, and displays the login screen on the display unit if the function is not the default function.06-28-2012
20120167200SYSTEM AND METHOD FOR A BUSINESS DATA PROVISIONING FOR A PRE-EMPTIVE SECURITY AUDIT - Embodiments of the present invention may provide a system and method for business data provisioning for a pre-emptive security audit. In one aspect, a method embodiment may comprise the steps of identifying the business resources as expressed in business terms, ensuring that applications dealing with (parts of) the business resources are aware of the link to the resource, transmitting the information about the used business resources throughout the call stack up to the UI, making use of the highest access enforcement point possible where it can be ensured that access to the protected resource is only done through either authorized users or trusted code, and having this access enforcement point taken over by a framework to ensure adequate protection even in extensibility scenarios.06-28-2012
20130047251Method and Apparatus for Token-Based Context Caching - According to one embodiment, an apparatus may receive a token that indicates a change that occurs during a session. The session may facilitate access to a resource. The token may indicate a risk token should be computed. The apparatus may determine, from the token, a first set of attributes. The first set of attributes may include attributes required to compute the risk token. The apparatus may determine that a cache contains a set of cached attributes. The apparatus may examine an attribute in the set of cached attributes, and determine the attribute in the set of cached attributes is not in the first set of attributes. The apparatus may then remove the attribute in the set of cached attributes from the cache.02-21-2013
20130047252Picture Gesture Authentication - In one embodiment, a picture signature password system may use a picture signature password to determine access to a computing device or service. A display screen 02-21-2013
20090320125SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR COMPUTER SECURITY - Embodiments of the present invention provide systems and methods that enhance the security various processes are provided, as well as machines, computer-readable media and processes that employ or allow employment of such systems.12-24-2009
20120192267ACCESS CONTROL DATA EDITING SUPPORT DEVICE AND METHOD - A computer-readable, non-transitory medium recording an access control data editing support program for causing a computer to implement a procedure. The procedure includes changing log information containing a record having an authorization result of first access authorization determined based on access control data and a content utilized for determining the first access authorization every time an access agent accesses an access target, and changing the access control data based on the changed log information, and determining second access authorization by applying the changed access control data to the content utilized for determining the first access authorization indicated by the log information and generating determination result information containing an authorization result of the second access authorization and a content utilized for determining the second access authorization.07-26-2012
20130074178PREVENTING ACCESS OF A HOST DEVICE TO MALICIOUS DATA IN A PORTABLE DEVICE - A storage device comprising a memory, a controller, and a host interface operative to connect with a host. The memory contains data locations that are controllable by a protection application which is executable on a host. When the host interface is operatively coupled to a host, data locations in the memory are accessible to an operating system of the host under permission from the protection application. The controller communicates with the protection application running on the host for allowing the protection application access to data locations in the memory. Upon a host request for access to a data location, the controller determines if permission to access the requested data location is acquired from the protection application. The permission is based on a determination by the protection application that the data location does not contain malicious data.03-21-2013
20130061315Storage Device with Accessible Partitions - A detachable storage device can comprise a memory, circuitry, and a user interface. The memory may comprise a storage partition. The circuitry may be configured to authorize access to the storage partition to a digital device when the detachable storage device is coupled to the digital device based, at least in part, on a user code. The user interface may be configured to receive the user code while the detachable storage device is within a detached state and provide the user code to the circuitry to allow access to the storage partition.03-07-2013
20130061314SECURE SOFTWARE INSTALLATION - Embodiments of the present disclosure provide methods and systems for securely installing software on a computing device, such as a mobile device. In one embodiment, the device executes an installer that securely installs the software. In order to perform installations securely, the installer configures one or more secure containers for the software and installs the software exclusively in these containers. In some embodiments, the installer randomly determines the identifiers for the containers. These identifiers remain unknown to the software to be installed. Instead, an installation framework maintains the correspondence between an application and its container. Other methods and apparatuses are also described.03-07-2013
20090271861Data processing apparatus and access control method therefor - A data processing apparatus according to the present invention includes: peripheral devices each including a plurality of registers each storing a preset value or data; a processing unit to output access authority information indicative of a first access authority level or a second access authority level, which is an access authority level lower than the first access authority level, according to a program to be executed, and to output an access address to specify a specific register; and a peripheral device protection circuit connected to the processing unit and receiving the access authority information and the access address so as to control access of the processing unit to the peripheral devices. The peripheral device protection circuit controls whether to permit the access to the specific register specified by the access address, based on the access authority level indicated by the access authority information.10-29-2009
20130067564ACCESS MANAGEMENT SYSTEM - An access rights management system is presented in which a mobile device may be allowed to access corporately held data in a flexible manner but in which the security and integrity of the data is maintained. The mobile device is provided with a rights adjustment module which modifies the access rights for locally stored corporate data in dependence on the connectivity of the mobile device with a corporate server.03-14-2013
20130067565IMAGE FORMING APPARATUS, ACCESS CONTROL METHOD, ACCESS CONTROL PROGRAM AND COMPUTER READABLE INFORMATION RECORDING MEDIUM - An image forming apparatus provided with an interface for a portable information recording medium, has an access control part carrying out access control, for respective ones of a plurality of resources which the image forming apparatus has, based on access control information defining whether or not usage thereof by a user is allowed, wherein the access control part carries out access control based on the access control information stored in the portable information recording medium.03-14-2013
20130067563APPARATUS AND METHOD FOR MANAGING PERMISSION INFORMATION OF APPLICATION - A method for managing permission information of an application in a mobile terminal includes detecting a reference event associated the application, determining a type of the reference event, determining permission information of the application, determining whether to execute an operation of the application based on the permission information, and storing operation performance information related to the operation of the application in a database. A terminal includes an application layer to detect an event associated with a change in permission information of a first application and a second application, and a framework layer to determine whether permission information of the first application is changed with respect to the second application, to determine an event type associated with the change in the permission information, to determine permission information of the first application and the second application, and to determine whether to execute a security program.03-14-2013
20090013401Access Control System And Method - Certain embodiments of the invention relate to an access control system for controlling access to file system objects stored in a digital file system store. The system provides a first compartment rule type for granting a first permission to an entity, associated with a respective compartment to which the rule is applied, to lookup a directory object in a directory path and list the contents of the said directory object, and a second compartment rule type for granting a second permission to an entity, associated with a respective compartment to which the rule is applied, to lookup a directory object in a directory path and not to list the contents of the said directory object.01-08-2009
20130167222USING A CALL GATE TO PREVENT SECURE SANDBOX LEAKAGE - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for enveloping a thread of execution within an IDT-based secure sandbox. In one aspect, embodiments of the invention provide that a request is received from an application, the request being generated using an application programming interface of a device driver. After the request is received a call gate descriptor for a call gate is added to a segment descriptor table for the application. The call gate descriptor specifies: (a) that the call gate can be called from a first privilege level of the application; and (b) that the call gate requests a second privilege level higher that the first privilege level. A call gate selector for the call gate descriptor is provided to the application in response to the request.06-27-2013
20130014250WIRELESS COMMUNICATION DEVICE WITH PASSWORD PROTECTION AND RELATED METHOD - A wireless communication device (and its related method of operation) includes, if invoked, password protected access to data stored therewithin and/or to normal device operations and further includes duress password checking logic that automatically causes a duress message to be sent if a duress password has been entered. The duress message is preferably sent without maintaining any user accessible indication of such sending. It is also preferred that the password checking logic automatically cause an end-of-duress message to be sent if a normal password is entered after a duress password has been entered. A plurality of different duress passwords may be entered into a duress password portion of data memory in the device.01-10-2013
20110277030SYSTEM AND METHOD FOR AUTHENTICATION OF INPUT DEVICES - Systems and methods are provided for authenticating an input device subsystem for operation with a host. One method includes storing a table comprising challenges and a plurality of values indicative of authentic responses to the plurality of challenges. A selected challenge is then communicated between the input device subsystem and the host. A challenge response is derived based on the selected challenge and a hashing algorithm, and the challenge response is communicated between the input device subsystem and the host. The challenge response and one or more of the values is used to determine whether the challenge response is authentic. Functionality of the input device subsystem with the host is selectively enabled if the challenge response is authentic.11-10-2011
20120233689SYSTEM AND METHOD FOR EFFICIENTLY SECURING ENTERPRISE DATA RESOURCES - Some embodiments provide a system and method that secures access to data objects of an enterprise that includes multiple data objects and multiple user applications that access data attributes of the data objects. In some embodiments, secure access is provided via a secure resource that secures access to data attributes of at least two objects by defining access control permissions for the secure resource and applying the defined access control permissions to the data attributes of the secure resource.09-13-2012
20090282473OWNER PRIVACY IN A SHARED MOBILE DEVICE - Systems and methods that regulate range of access to personal information of a mobile unit's owner. The access control component can designate granularity for access levels and/or a spectrum of access modes—(as opposed to a binary choice of full access or no access at all). Such access can be based on a spectrum and/or discrete trust relationship between the owner and user of the mobile unit. A profile definition component can exploit an owner's trust relationships to designate levels of security. The profile definition component can further define a profile based on a set of applications, such as entertainment mode, browser mode, and the like.11-12-2009
20100005522Digital transmission system (DTS) for computer security - This invention describes a hand held digital transmitter to transmit a signal as light (visible and invisible) or sound (audible and inaudible) or other digitized code for alphanumeric in any language, special characters or symbols or graphic or pictures or any combination thereof, to the computer system that is equipped with a compatible digital receiver and transmitter card. This card can transmit and receive the said signals and codes and a software driver and/or firmware for the operation, management and maintenance of this security system. Upon verification, of the transmitted code, by the computer system, access is granted. The computer system then transmits a randomly selected new code of any combination of the codes or signals stated above to the transmitter for storage in the said transmitter. The said transmission from the computer cannot be stored in any other hand held transmitter located within range of the transmission.01-07-2010
20090158422Image Forming Device and Image Forming Program - The present invention is an image forming device capable of executing an authentication print printing. The image forming device includes: an authentication print detecting unit which detects whether to execute a job as the authentication print printing by referencing predetermined data; an authentication unit; a user authentication unit which outputs the result of the user authentication; a job executing unit; a user interface; and a user interface input mode switching unit which switches an information input/output mode of the user interface, wherein, an instruction to execute a first process can be received, and wherein the first process includes processes in which: the execution of the authentication print printing starts based on the result of the user authentication output by the user authentication unit; and the result of the user authentication is invoked so that the information input/output mode of the user interface is switched to a login mode.06-18-2009
20090133119MASTER DEVICE AND DATA PROCESSING SYSTEM - A certification result obtained by a master device 05-21-2009
20130219488ELECTRONIC DEVICE AND METHOD FOR UNLOCKING ELECTRONIC DEVICE - A method for unlocking an electronic device, a first image in a first area and a second image in a second area selected on a touch panel of the electronic device are received. The method combines the first image and the second image to obtain a selected combination image, and unlocks the electronic device upon the condition that the selected combination image is stored in a storage unit of the electronic device.08-22-2013
20090276846Multi-Function Apparatus and Method of Restricting Use of Multi-Function Apparatus - A multi-function apparatus which has plural functions and is used by direct use through an operation panel and remote use through a communication network, the multi-function apparatus includes: a use setting unit which sets use or non-use of at least some functions of the multi-function apparatus in accordance with a user attribute indicating a direct-use user or a remote-use user; and a use restriction unit which permits a user desiring to use the at least some functions to use the at least some functions on condition that the user attribute of the user is set to be usable by the use setting unit.11-05-2009
20090064314Method and Apparatus for Implementing Parental Controls for a Portable Media Device - Methods and apparatus which allow parents to control the access of their children to features of a portable electronic device are disclosed. According to one aspect, a method for controlling the use of features associated with a portable electronic device includes setting at least one constraint associated with access to a feature of the portable electronic device and processing a user request to access the feature. The method can also include determining whether the constraint indicates that the feature is currently accessible to the user, and permitting access to the feature when the indication is that the feature is currently accessible to the user. Finally, access to the feature can be denied if the indication is that the feature is not currently accessible to the user.03-05-2009
20080271139DETERMINATION OF ACCESS CHECKS IN A MIXED ROLE BASED ACCESS CONTROL AND DISCRETIONARY ACCESS CONTROL ENVIRONMENT - A computer implemented method, apparatus, and computer program product for access control in a mixed discretionary access control and role based access control environment. In one embodiment, an execution access for a command is determined using a set of role based authorizations for a user invoking the command. In response to a determination that the user invoking the command is authorized based on the set of role based authorizations, a privilege in a set of privileges associated with the command is raised. Raising the privilege in the set of privileges bypasses discretionary access control checks. In response to a determination that the user invoking the command is unauthorized based on the set of role based authorizations, an execution access for the command is determined using a set of discretionary access mode bits associated with the command.10-30-2008
20100083366Blocking Computer System Ports on Per User Basis - An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted.04-01-2010
20090187985METHOD FOR DETERMINING RANGE OF AVAILABLE FUNCTIONS OF INFORMATION APPARATUS - According to an aspect of an embodiment, a method of controlling an information apparatus has performing authentication of a user of the information apparatus, performing authentication of an administrator of the information apparatus, determining a range of available functions of the information apparatus corresponding to successful authentication of the user and the administrator and permitting the user to utilize the range of available functions of the information apparatus.07-23-2009
20090288160INTEGRATED CIRCUIT WITH SECURE BOOT FROM A DEBUG ACCESS PORT AND METHOD THEREFOR - An integrated circuit (11-19-2009
20080209544Device security method using device specific authentication - A method for improving security to a computer system, and a computer system with improved security, that performs the steps of interrogating at least one device in communication with the computer system to gather a device identifier uniquely identifying the device, compares the device identifier with a list of identifiers to determine a level of trust, and regulates communication between the device and the computer based upon the level of trust.08-28-2008
20080209543Methods, systems, and products for identity verification - Methods, systems, and products are disclosed for identification verification. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified.08-28-2008
20090119771ACCESS MANAGEMENT FOR MESSAGING SYSTEMS AND METHODS - An exemplary system includes an access management facility and a message processing facility communicatively coupled to the access management facility. The access management facility is configured to generate and activate an access code, and initiate providing of the access code to a potential message source. The message processing facility is configured to receive an incoming message, determine whether the incoming message includes the access code, deliver the incoming message to a user if the incoming message is determined to include the access code, and not deliver the incoming message to the user if the incoming message is determined not to include the access code. In certain implementations, the access code is used in conjunction with a set of authorized message sources for selectively filtering the incoming message. In certain implementations, at least one tool is provided, the tool being configured to enable the user to manage the access code.05-07-2009
20110209212AUTHORIZATION SCHEME TO MINIMIZE THE USE OF UNAUTHORIZED MEDICAL DEVICE DISPOSABLES ON A MEDICAL DEVICE INSTRUMENT - Systems, methods, apparatus, and computer readable media are provided for disposable component authentication with respect to a biological fluid processing device instrument. An example instrument authentication system includes a computer facilitating configuration and operation of the biological fluid processing instrument using a disposable component. A first interface is provided by the computer and is used by a service technician to configure the biological fluid processing instrument for a number of disposable components and to provide a service technician with a validation code. A key generator is to accept the validation code from the service technician and generate an authentication key in response to the entered validation code. A second interface is provided by the computer, the second interface prompting the service technician to enter an authentication key, wherein the authentication key authorizes use of a certain number of disposable components for the biological fluid processing instrument.08-25-2011
20080244731Thin client computer with fingerprint identification structure - A thin client computer with a fingerprint identification structure of the present invention comprises a motherboard, a case, a faceplate and a fingerprint reader. The case is designed for holding the motherboard. The faceplate is placed to cover the case. The faceplate has a coupling hole on a lateral surface. The fingerprint reader is coupled into the coupling hole on the lateral surface of the faceplate, and connected with the motherboard for reading a fingerprint. The fingerprint reader is located on the lateral surface of faceplate in such a manner that the thin client computer can read the fingerprint easily no matter whether the thin client computer is placed horizontally or vertically. After verifying the fingerprint, the user is authorized to boot up or shut down the thin client computer.10-02-2008
20080244730SECURITY CAPABILITY WITH AN INPUT DEVICE - The present invention provides apparatuses and methods for providing security for a secured unit with a security code. The secured unit may be locked to prevent an unauthorized user from accessing the secured unit. In order to unlock the secured unit, a user enters a sequence of strokes through an input device, e.g., a circular input device. A security module extracts stroke information from the entered strokes and unlocks the secured unit when the extracted stroke information matches the security code. Stroke information may be indicative of the locations of the start and end points and the direction of each stroke. A security code is configured for a secured unit by a user entering a sequence of strokes through an input device. The security code is determined from stroke information. The stroke information may be verified by the user re-entering the sequence of strokes.10-02-2008
20080250493Method, System and Computer Program for Automating Configuration of Software Applications - A solution (10-09-2008
20090293115AUTHORIZATION SYSTEM OF NAVIGATION DEVICE AND ASSOCIATED AUTHORIZATION METHOD - An authorization system of a navigation device includes a first identification (ID) module and a second ID module. The first ID module is arranged to perform authorization for a first portion of the navigation device, and the second ID module is arranged to perform authorization for a second portion of the navigation device. The first and the second ID modules perform bidirectional authorization of the first and the second portions, and further determine behavior of the navigation device according to a result of the bidirectional authorization. An associated authorization method for controlling the navigation device is further provided.11-26-2009
20080282342METHODS AND APPARATUS FOR ACCESSING RESOURCES USING A MULTIPROCESSOR IN A TRUSTED MODE - A system and method are disclosed which may include entering a secure mode by a processor, whereby the processor may initiate a transfer of information into or out of the processor, but no external device may initiate a transfer of information into or out of the processor; sending a DMA (direct memory access) command including at least one authorization code from the processor to at least one trusted data storage region external to the processor; evaluating the authorization code; and enabling the processor to access at least one trusted data storage location within the trusted data storage region if the authorization code is valid.11-13-2008
20100043069Authorized Authorization Set in RBAC Model - The Authorized Authorization Set System comprising a modified operating system, a command table containing authorized authorization sets, and a modified RBAC security system, eliminates the need for inherited privileges that must be passed to subcommands in order for the command to run. The modified operating system accesses a table containing authorized authorization sets which identify the privileges for all subcommands within a command. When a user is assigned an accessauth for a command, and a sub-command is a privileged sub-command, the privileged sub-command is only run when the accessauth of the sub-command is included in the authorized authorization set of the command.02-18-2010
20100275255PERSON CENTRIC SYSTEM AND METHOD TRANSFORMING HEALTH DATA TO HEALTH RISKS DATA - Constrained by a permissions wall and a security wall, the method and the system execute a risk transformation which transforms lay users health data sets to lay users risks data sets, outputs lay users risks data set, can output lay users best practice data sets corresponding to lay users risks data sets, can output lay users educational data sets corresponding to lay users risks data sets, and can output for research users research compilations from lay users health data sets and from lay users risks data sets.10-28-2010
20100275256Switching an Application, User, and Security Context Based on Device Orientation - A computer is adapted for changing one or more of the application, security, or user contexts based on the orientation of a component, such as a monitor. Changing the context responsive to the reorientation allows two or more users to use the same hardware to complete a transaction requiring at least two perspectives, for example, buyer and seller. In the background, transaction end points may be changed as well as establishment of a secure channel for supporting confidentiality of a user and their personal information. The computer so equipped may be applicable to many situations involving two parties, such as hospitals, personnel/human relations, banking, government benefits, and retail.10-28-2010
20080244732Password protection for file backups - Various embodiments of a system and method for performing file backup operations are described. The method may operate to enable a user of a computer system to provide a password or other authentication information to associate with files on the computer system, e.g., in order to protect files that are backed up. For example, when the user (or another person or software agent) attempts to restore or otherwise access a backup copy of a password-protected file, the user may be prompted to enter the password. The method may operate to verify that the entered password matches the password associated with the file before granting permission to restore the file.10-02-2008
20080271138SYSTEM AND METHOD FOR OPTIMIZING DATA OVER SIGNALING TRANSMISSIONS - A system for optimizing data over signaling (DoS) transmissions in wireless communications system is disclosed. The system comprises at least one access network and at least one access terminal. The at least one access network is adapted to determine location of the at least one access terminal through communication between the at least one access network and the at least one access terminal, and adapted to transfer data between the at least one access network and the at least one access terminal.10-30-2008
20100138913MESSAGE ADMINISTRATION SYSTEM - Methods and systems for message administration are described. In one embodiment, an application request for an application associated with an administration tool may be accessed. The application request may be associated with a user. The application may be deployed on a system machine. A particular access level of a plurality of access levels may be identified for the user on the administration tool. The particular access level may identify functionality of the administration tool available to the user. A determination of whether to allow processing of the application request based on the particular access level may be made. When the application request meets the particular access level, communication with the system machine from the administration tool may be made based on the application request. The system machine may be capable of processing the application request. Additional methods and systems are disclosed.06-03-2010
20090165119METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING POWER CONTROL SECURITY FEATURES - A method, apparatus and computer program product are provided for power control security features. More particularly, the utilization of a supplemental power source can be permitted or prevented based on a comparison of access information to security information. In some embodiments, utilization of the supplemental power source can include the ability to charge a battery.06-25-2009
20090133118METHODS AND SYSTEMS FOR AUTOMATED AUTHENTICATION, PROCESSING AND ISSUANCE OF DIGITAL CERTIFICATES - A computer system and process for issuing digital certificates use domain-control vetting to issue certificates. A requestor requests a certificate from a certificate authority, which identifies at least one approver to approve issuance of the digital certificate. If approved, the certificate authority accepts the request, creates and signs the certificate, and the signed certificate is sent to the requester.05-21-2009
20090138963Information processing apparatus and method of controlling program execution of same - A CPU contained in an information processing apparatus in accordance an exemplary embodiment of the present invention outputs an access request including first access destination address information by a first program, and outputs a check request including second access destination address information when the execution program is switched from the first program to a second program as a result of a program call from the first program to the second program. A protection setting check portion contained in the information processing apparatus checks whether or not the check request including the second access destination address information conforms to protection setting for the first program based on memory protection information that is established in a memory protection information storage portion to detect a violation by a memory access request by the first program.05-28-2009
20090031417KVM switch, information processing apparatus,and computer readable recording medium - A KVM switch is connectable to a plurality of information processing apparatus and a plurality of consoles used for operating the plurality of information processing apparatus. A storing portion stores first user-limiting information which defines access permission or access no-permission to each information processing apparatus for each user. An acquiring portion acquires second user-limiting information which defines access permission or access no-permission to each information processing apparatus for each user, from each information processing apparatus. A controlling portion controls access to each information processing apparatus for each user based on the first user-limiting information and the second user-limiting information.01-29-2009
20090199292CONTROL DEVICE, CONTROLLED DEVICE, AND CONTROL METHOD - A control device communicating with a controlled device to control the controlled device includes a first memory to store first authentication information for activation of the controlled device, a second memory to store a key for encryption, a generator to generate third authentication information by encrypting second authentication information transmitted by the controlled device in response to the first authentication information using the key stored in the second memory, a transmitter to transmit the first authentication information or the third authentication information to the controlled device, and a memory controller to store the second authentication information or the third authentication information as first authentication information for next authentication in the first memory.08-06-2009
20090276848DEVICE AUTHENTICATION APPARATUS, SERVICE CONTROL APPARATUS, SERVICE REQUEST APPARATUS, DEVICE AUTHENTICATION METHOD, SERVICE CONTROL METHOD, AND SERVICE REQUEST METHOD - A device authentication apparatus, including: a device identification information acquisition unit configured to acquire identification information specific to a device; a connection protection unit configured to protect a connection with the device; and an identifier generation unit configured to combine all or some of the device-specific identification information, a device identification information type representing a type of the device-specific identification information, and a protection method type representing a type of a protection method used by the connection protection unit to generate an identifier for a pair of the connected device and a connection environment.11-05-2009
20090249476Using Multi-Touch Gestures to Protect Sensitive Content Using a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) - The invention described herein uses a multi-touch manager for authorizing multi-touch devices by first providing a multi-touch test to a multi-touch device. In turn, the multi-touch manager receives a multi-touch response from the multi-touch device. The multi-touch manager then compares the multi-touch response with a multi-touch answer and authorizes the device based upon the comparison.10-01-2009
20120198544SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO AN ELECTRONIC DEVICE - A method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match. When authenticating the user, the method and system consider the possibility of the user being legitimate but subject to duress or force by a computer hacker.08-02-2012
20120079588Methods, Systems, and Products for Identity Verification - Methods, systems, and products verify identity of a person identification verification. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified.03-29-2012
20120079587ELECTRONIC DEVICE WITH WEBCAM SECURITY FUNCTION AND METHOD THEREOF - An electronic device with a webcam security function includes an input unit, a power supply unit, a webcam, a thin film transistor liquid crystal display (TFT-LCD) and a processing unit. The processing unit includes a receiving module, a detection module and a power control module. The receiving module receives an input operation from the input unit. The detection module detects whether the received input operation matches a predetermined input operation. The power control module controls the power supply unit to supply power to the TFT-LCD when the received input operation matches the predetermined input operation, thus enabling light to pass through the TFT-LCD to the webcam.03-29-2012
20090150990INTEGRATED ACCESS AUTHORIZATION - A facility for performing an access control check as an integral component of an operating system and utilizing a centralized policy store is provided. The facility executes as an integral part of an operating system executing on a computer and receives an authorization query to determine whether a principal has authorization to access a resource. The facility applies a policy maintained in a centralized policy store that is applicable to the principal to determine whether authorization exists to access the resource. If authorization does not exist, the facility denies the authorization query and records an indication of the denial of the authorization in an audit log. The facility may trigger events based on the auditing of authorization queries. The facility may also record an indication of authorization to access the resource in the audit log. The facility may additionally determine whether the authorization query is a request for authorization to perform an inherently dangerous operation, and record an indication of an authorization to perform the inherently dangerous operation in the audit log.06-11-2009
20090205041Emergency Information Access on Portable Electronic Devices - Improved techniques for facilitating emergency access to one or more contacts stored on a portable electronic device are disclosed. One or more contacts on the portable electronic device are designated as emergency contacts. While the portable electronic device is password-locked, a request to display the one or more emergency contacts on the password-locked portable electronic device is received. Without requiring a password, the one or more emergency contacts are displayed on the portable electronic device.08-13-2009
20090210937CAPTCHA ADVERTISING - An automated method performed by a content host computer determines whether a client user is a human. A request for access to content residing on the content host computer is received from a client user. One or more advertising video clips are presented to the client user. An entire authenticating reference pass phrase is communicated to the client user in exactly one advertising video clip. An input passphrase is received from the client user. The input pass phrase is compared to the authenticating reference pass phrase. If the comparison shows identity, the client user is granted access to the requested content.08-20-2009
20090254987INFORMATION PROCESSING APPARATUS, COMPUTER-READABLE RECORDING MEDIUM, OUTPUT CONTROL METHOD AND SYSTEM - An output control apparatus and method in which at least either a first access authority at a first level or a second access authority at a second level that is higher than the first level may be set according to a user. The method includes referring to a first storage unit that stores authority information indicating an access authority level of a current user, selecting composing information stored in a second storage unit in association with the user to which the access authority is set from the second storage unit when the authority information indicates the first access authority, composing the selected composing information and output target data generated based on an output instruction by the current user, and outputting composed data of processing results by the composing.10-08-2009
20090254986Method and apparatus for processing and displaying secure and non-secure data - A data processing apparatus is disclosed that comprises: at least one processor; a display for displaying data processed by said at least one processor; at least one display buffer for storing an array of display elements for subsequent output to said display, said display elements being secure display elements for displaying secure data and non-secure display elements; and a user interface; wherein said at least one processor is operable to execute at least one untrusted process and at least one secure process, said at least one secure process having access to secure data; said data processing apparatus further comprising: a secure user input for receiving a user input, said received user input not being accessible to said at least one untrusted process; and said data processing apparatus being responsive to an input received at said secure user input to transform data to be displayed on said display such that said secure display elements and said non-secure display elements are transformed differently to each other.10-08-2009
20090222907DATA AND A COMPUTER SYSTEM PROTECTING METHOD AND DEVICE - The process for protecting data and computer systems includes: 09-03-2009
20090241183DYNAMIC DOCUMENT MERGING METHOD AND SYSTEM - A document merging method and system. The method includes receiving by a computing system from a first user, a plurality of documents and a command for tagging portions of each document according to various parameters. The computing system assigns identification tags to the portions of each document. The computing system receives from a second user, a command for generating a merged document. The computing system receives a selection of a first identification tag associated with a first document and a selection of a second identification tag associated with a second document. The computing system generates a merged document comprising a first portion of the first document and said second portion of the second document. The computing system stores the merged document.09-24-2009
20090260076WORKFLOW MANAGEMENT APPARATUS AND WORKFLOW MANAGEMENT METHOD - A server apparatus generates a folder for content to be transmitted from an image processing apparatus, and sets a path of the folder to the image processing apparatus as a destination of sending of the content. The user is allowed to select one destination of sending set in a display panel of the image processing apparatus, and the image processing apparatus sends the content to the selected destination of sending.10-15-2009
20080307520System and method for ensuring security with multiple authentication schemes - System for authenticating a user for logon to a content manager running on top of a database manager. A connect procedure connects the user to a database manager; and then a logon procedure logs on the user to the content manager selectively responsive to the user connecting to the database manager; the user being authenticated by a third party by way of a user exit or a trusted logon environment and privilege; or the user being authenticated by the content manager.12-11-2008
20100169965Enabling a service to return lost laptops - A method, system, and computer-readable storage medium for providing a unique identifier for a computer system and a message from a service external to the computer system, such as a laptop return service, for display when the computer system is powered on. The computer system is configured to restrict functionality until the service authorizes restoration of full functionality of the computer system. The message includes contact information for the laptop return service and, when the service is contacted, the service sends an instruction to return the computer system to full functionality. Other embodiments are described and claimed.07-01-2010
20080229407INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND MEDIA STORING A PROGRAM THEREFOR - A disclosed information processing apparatus makes it possible for a user to perform a desired operation easily by displaying operation candidates based on an operation history. The apparatus comprises a storage unit in which an operation history table is stored, the table associating tasks with operations. A user who performs an operation is authenticated by a user authentication unit. Task information concerning the authenticated user is acquired by a task acquisition unit. Based on the acquired task information, an operation candidate presenting unit presents operation candidates by referring to the operation history table. The operation history table is updated by a history management unit in accordance with an operation designated by the user.09-18-2008
20100263044INFORMATION PROCESSING APPARATUS, CONTROL METHOD OF INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - In a case where image data stored in an information processing apparatus is output to an image processing apparatus, lowering of security level due to a difference of the authentication level between authentication units of the respective apparatus can be restricted. A control method for controlling an information processing apparatus for outputting image data to an image processing apparatus that permits a use of the image data provided that a user authentication unit authenticates a user includes selecting an image processing apparatus that serves as an output destination of the image data among a plurality of image processing apparatuses, determining whether an authentication level of a user authentication unit necessary for permitting a use of the selected image processing apparatus is lower than an authentication level of the authentication unit necessary for permitting a use of the information processing apparatus, and restricting an output of the image data to the selected image processing apparatus in a case where it is determined that the authentication level is lower.10-14-2010
20100263043METHOD AND DEVICE FOR SECURE TEST PORT AUTHENTICATION - A device includes a first test port coupled to a first test device, a second test port coupled to a second test device, a resource, and a security controller coupled to the first and second test ports. The security controller is operable to authenticate the first test device prior to authenticating the second test device, and, in response to authenticating the first test device, permit the first and second test devices to access the first resource.10-14-2010
20120198543ACCESSIBLE FILES - A computer implemented method for accessing one or more files including scanning a storage device using a processor for one or more signed files in response to the storage device coupling to a machine, authenticating one or more of the signed files, and configuring the processor to access accessible files from the storage device in response to authenticating one or more of the signed files.08-02-2012
20100186081Portable Communication Terminal and Use-Enabled/Disabled Control Method - To provide a mobile communication terminal which can improve security. A mobile telephone device (07-22-2010
20090064313APPARATUS AND METHOD FOR MONITORING COMMUNICATIONS - A system that incorporates teachings of the present disclosure may include, for example, a server having a controller to transmit a tracking request to a session information retriever for a targeted user of a network with the session information retriever storing session information for users of the network and with the tracking request having identification information associated with the targeted user, transmit a query to the session information retriever for relevant session information associated with the targeted user with the relevant session information being selected by the session information retriever from the session information based at least in part on the identification information associated with the targeted user and with the relevant session information being stored in a single file associated with the targeted user, and receive at least a portion of the relevant session information transmitted from the session information retriever. Other embodiments are disclosed.03-05-2009
20100251356IMAGE PROCESSING APPARATUS, IMAGE PROCESSING CONTROL METHOD AND COMPUTER READABLE MEDIUM - An image processing apparatus includes: an image processing unit; a processing unit that performs predetermined processing under the control of the information processing unit; a reading unit that performs an operation of reading authentication information at intervals of a predetermined time under the control of the information processing unit; an authentication unit that authenticates a user based on the authentication information read by the reading unit under the control of the information processing unit; a permission unit that permits the predetermined processing to be performed by the processing unit on the condition that the authentication is completed by the authentication unit; and a change unit that changes the time interval for the reading unit to perform the reading operation in accordance with the status of processing to be executed.09-30-2010
20100058462MULTIPLE USER ACCOUNTS FOR MANAGING STORED INFORMATION IN AN IMPLANTABLE MEDICAL DEVICE SYSTEM - Techniques for managing stored information in an implantable medical device system using multiple user accounts are described. An implantable medical device system may provide a general user account and a set of authenticable user accounts. In some examples, the general user account does not require a user of a programmer in an implantable medical device system to enter user identity information to manage information stored in the implantable medical device system. The general user account may be permitted to perform a subset of actions available to an authenticable user account. In some examples, an authenticable user account may rollback changes made to the stored information by the general user account. An authenticable user account may also be able to synchronize changes made to the stored information across all or some of the user accounts.03-04-2010
20100100955SYSTEM AND METHOD FOR SECURE OS ACCESS IN AN ECMA-SCRIPT VIRTUAL MACHINE - In an ECMAScript (JavaScript) Virtual Machine, applications are isolated from the operating system by defining an application context for each application. A root application context is defined that binds scripted objects of the root application context to equivalent native objects of the virtual machine. Other application contexts may send events on an event bus via the root application context to request resources of the operating system. The root application context determines the security privileges of the application context with respect to the requested resource, and is the only application context that is able to interact with the operating system.04-22-2010
20100071057REAL-TIME EQUIPMENT BEHAVIOR SELECTION - At creation, a state machine of an industrial control configuration can be hard-coded with a number of states in a hierarchical manner. Once implemented into the configuration, it can be desirable for the states, interpretations of the states, and the like to be modified in accordance with particular desires and processes. Therefore, a user can select a change to a hierarchical rule set of the state machine while the state machine is part of the configuration and the change can be implemented.03-18-2010
20090328196AUTHORIZATION FOR TRANSIENT STORAGE DEVICES WITH MULTIPLE AUTHENTICATION SILOS - In a transient storage device (TSD) with multiple authentication silos, a host computing device connected to the TSD is configured by the TSD to discover and act upon various types of authentication information in the silos. One or more logical combinations of authentication silos are switched to the authenticated state to grant access to an associated storage area. A particular ordering of authentication silos may be required to achieve a valid combination of authenticated silos. Ordering may be suggested by configuration information in the TSD. Ordering may also be based upon whether or not user input is required for authenticating a given authentication silo, the environment of use of the TSD, or a hierarchy from most trusted to least trusted authentication silo. With this information, the host proceeds with the most efficient authentication sequence leading to a grant of access to the storage area.12-31-2009
20090276847Multi-Function Apparatus and Method of Restricting Use of Multi-Function Apparatus - A multi-function apparatus which has plural functions includes: an authentication information acquiring unit which acquires authentication information on a user desiring to use the functions by use of an authentication information inputting unit; a use restriction unit which determines whether the user desiring to use the functions has use authority on the basis of the acquired authentication information, and permits using the functions on condition of determining that the user has the use authority; a mode control unit which acquires operation information formed by the user and transfers a mode of the multi-function apparatus to a basic operation setting mode, when the operation information is accompanied with basic operation setting of the multi-function apparatus; and a log-out control unit which maintains the functions so as to be used by prohibiting a log-out process, when the multi-function apparatus is in the basic operation setting mode at the time of detecting the log-out operation of the user.11-05-2009
20090178134SYSTEM AND METHOD FOR BLOCKING INTERNET ACCESS AND/OR APPLICATIONS - The present invention generally relates to a system and method for selectively blocking computer application access and, specifically, to a system and method for blocking Internet access and/or applications when a specified string of characters is entered from a keyboard or other input device. Specifically in one embodiment is provided a system for selectively blocking computer application access of a selected user, which includes a blocking program configured to monitor keystrokes of said user, a predefined database of keystrokes, the program continuously monitoring said user keystrokes and comparing them to said database of keystrokes, and a predefined action when said user keystrokes match said database keystrokes. The predefined action can be to block Internet access or terminate an Internet connection, or Internet protocol, or computer application.07-09-2009
20120246716METHOD, APPARATUS AND SYSTEM FOR OBTAINING USER INFORMATION - A method, apparatus and system for obtaining user information are disclosed by the present invention. The present invention solves the problem of lower security of user information. The method includes: obtaining the interactive state of the service requester in the service request process, wherein the interactive state is used for indicating the specific state in which the service requester and its service are during the process of interaction with each other; determining if the interactive state of the service requester, in the process of requesting the service, meets the preset access-authorized-policy of the user information in the service request; when the interactive state of the service requester, in the process of requesting the service, meets the preset access-authorized-policy of the user information in said service request, obtaining the user information and sending the user information to the service.09-27-2012
20100223666Method, SOA registry and SOA repository for granting a user secure access to resources of a process - The present invention relates to a method for granting a user (U09-02-2010
20090064315APPARATUS AND METHOD FOR AUTOMATICALLY CONVERTING USER INTERFACE - An apparatus and a method are provided for automatically converting a user interface (UI). A Bluetooth-automatic authentication function is performed so as to automatically convert a current set UI to a stored UI corresponding to an authenticated Bluetooth terminal. In order to automatically convert UI of a terminal which is automatically authenticated in a short communication mode, at least one terminal ID for automatic authentication and UI configuration information corresponding to the terminal ID are set. When a terminal ID for automatic authentication is searched in a short distance communicating mode, a terminal corresponding to the searched terminal ID is automatically authenticated. The present UI configuration information corresponding to the automatically authenticated terminal is automatically applied to a current terminal UI, so that a current UI such as a main screen and a main menu category can be automatically converted to a preset UI corresponding to each authenticated Bluetooth terminal.03-05-2009
20100325720System and Method for Monitoring Attempted Network Intrusions - A system for monitoring attempted intrusions into a secure private network (SPN) includes a transceiver adapted to receive a device identifier over a public network from a network node, the device identifier based on a user-configurable parameter and a non-user-configurable parameter of the network node, and a processor coupled to the transceiver and to memory storing executable code. When executed, the code enables the processor to: access a database of authorized device identifiers corresponding to known network nodes, allow, in response to the received device identifier matching one of the authorized device identifiers, the network node to access the SPN, deny, in response to the received device identifier not matching one of the authorized device identifiers, the network node from accessing the SPN and categorize a connection attempt as an unauthorized connection attempt, and store information regarding the unauthorized connection attempt in local or remote memory.12-23-2010
20110023112Authentication Method, Authentication Device and Computer-Readable Medium Storing Instructions for Authentication Processing Capable of Ensuring Security and Usability - An authentication method in a system having a display and a storage device is provided. The authentication method includes the steps of registering an object selected for each user from among a plurality of visually distinguishable objects prepared in advance as a key object in the storage device; and presenting the plurality of objects to the display, accepting selection of an object by a user to be authenticated, and performing authentication based on matching/mismatching of the selected object with the key object registered in association with the user. The step of registering includes a step of determining a degree of freedom of selection of the object at the time of registration of the key object according to a degree of overlapping of the key object already registered in the storage device.01-27-2011
20100251357DATA TRANSMITTING SYSTEM AND METHOD, DRIVE UNIT, ACCESS METHOD, DATA RECORDING MEDIUM, RECORDING MEDIUM PRODUCING APPARATUS AND METHOD - A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data).09-30-2010
20110035797METHOD AND DEVICE FOR CONTROLLING USER DIALOG ON TECHNICAL EQUIPMENT - A method and a device for controlling user dialogues on a technical installation that is to be controlled or to be maintained, for example, a cash dispenser or a deposit refund device. According to said method or said device, a calculating unit evaluates the data relating to the state of the technical installation and in accordance with said data, emits at least one visual request consisting of textual and/or pictorial instructions (INSTR, CHK) for a user who controls the technical installation. The method processes the data using a directed graph (GRPH) comprising nodes (1000, . . . , 1300 . . . ) and edges (INSTR; CHK) connecting the nodes. Said nodes relate to different maintenance conditions of the installation, and the edges relate to the instructions (INSTR; CHK) for the user for transferring the installation from one of the nodes to another node.02-10-2011
20110055917VALID ACCESS TO MOBILE DEVICE APPLICATION - A method in a mobile device, for verifying valid access to at least one software application comprised in the mobile device. The mobile device comprises a unique hardware manufacturer identity code. The at least one software application comprises a list of at least one valid unique hardware manufacturer identity code. First, a request to access to the at least one software application is received. Then it requests the unique hardware manufacturer identity code of the mobile device. The next step is to receive the unique hardware manufacturer identity code and to extract at least a part of the identity code identifying the manufacturer of the mobile device. The extracted part of the identity code with valid codes comprised in the software application is compared. If the extracted part of the identity code corresponds to the valid code, access to the at least one software application is provided to the user.03-03-2011
20100154052DATA DELIVERY SYSTEM, DATA DELIVERY DEVICE, DATA DELIVERY METHOD AND RECORDING MEDIUM ALLOWING DATA DELIVERY CONVENIENT FOR USERS - A CPU obtains a leading page of data stored in an HDD and executes delivery. Then, the CPU determines whether a single-delivery stop command is received or not. When the CPU determines that the single-delivery stop command is received, it executes the single-delivery stop processing. The CPU determines whether an all-delivery stop command is received or not. When the all-delivery stop command is received, the CPU executes all-delivery stop/resume processing. When the all-delivery stop processing command is not received, CPU determines whether a predetermined period has elapsed or not. When the predetermined period has elapsed, the CPU obtains a next page and executes next data delivery.06-17-2010
20110119756Method Of Managing Usage Of A Workstation And Desktop Management System Therefor - Embodiments can disclose a method of managing usage of a workstation. The method can include: performing a desktop management sequence; performing a start-up sequence; displaying a login graphic on a screen of a monitor of the workstation; receiving first login information from a user; validating the first login information to check if the user is authorized to use the workstation; if the user is authorized to use the workstation, performing an autolaunch sequence, where performing the autolaunch sequence can include starting one or more pervasive computer applications; checking to see if the one or more pervasive computer application is active; if at least one first application of the one or more pervasive computer applications is not active, restarting the at least one first application of the one or more pervasive computer applications; receiving one or more instructions to logout from the user; and closing the one or more pervasive computer applications. Other embodiments are disclosed herein.05-19-2011
20110119757Method and apparatus for performing login by mobile station in wireless communication system - There are provided a method and apparatus for performing a login by a Mobile Station (MS) in a wireless communication system. In an Internet Protocol Multimedia Subsystem (IMS) network in a wireless communication system, an MS transmits a temporary login request to an IMS server by using a subscriber identity (ID) as a virtual Private Identity (PRID) and receives information about registered PRIDs that are associated with the subscriber ID. The MS determines whether at least one of PRIDs managed by the MS is unregistered in the IMS server. If at least one of the managed PRIDs is unregistered in the IMS server, the MS performs login to the IMS server using one of the managed PRIDs that is unregistered in the IMS server. If none of the managed PRIDs are unregistered in the IMS server, the MS performs login to the IMS server using one of the managed PRIDs that is registered.05-19-2011
20090077653Graphical Image Authentication And Security System - A method and system for protection of and secure access to a computer system or computer network from a portable device. The method includes the steps of receiving a first login account identifier, such as a user name from a user in communication with the computer system or network. A determination is made if the user is recognized and enrolled from the first login account identifier. If the user is recognized, a series of randomly generated visual images is displayed including one visual image from an image category which has been pre-selected by the user upon enrollment. An image category identifier is randomly assigned to each visual image in the series. An image category identifier is entered and received. If the login account identifier and the image category are validated, access is permitted to the computer system or network from the portable device.03-19-2009
20100031342Method and system for providing secure video data transmission and processing - A system and method for secure graphics processing employing an operating system that supports multiple independent levels of security (MILS) is described. A video queuing mechanism is provided in conjunction with a cross domain guard to receive extended graphics language video inputs from multiple input applications in multiple security enclaves. Without accessing sensitive data, a function manages desired format and mode selections of the displays, coordinates the execution of multiple graphics applications that produce the needed video content, as well as communicate with a one or more high assurance render functions regarding how to draw each video output's content in a secure and easily certifiable manner.02-04-2010
20090217372PRESET SECURITY LEVELS - A preset security level system and a method for utilizing the preset security level system. The system includes a plurality of security levels, each of which enables a different level of security. Each of the security levels has associated therewith security features, such that low security level features are associated with a low security level, etc. The system and method enable a system administrator to select a desired security level, which selection automatically results in the activation of the associated security features, rather than manually activate each desired security feature.08-27-2009
20090217371SYSTEM AND METHOD FOR DYNAMIC CREATION OF PRIVILEGES TO SECURE SYSTEM SERVICES - A system, method, and program product is provided that allows new privileges to be dynamically added to an operating system. Entities are assigned roles and these roles are associated with various authorizations. Authorizations are associated with privileges, including the new privilege. A request is received to dynamically add the new privilege to the operating system. The operating system then dynamically adds the new privilege to the system. A software service is installed that requires the new privilege. A request to execute the installed software service is received from an entity that is running on the operating system. The operating system allows the entity to execute the installed software service in response to determining that the entity has been granted the privilege. However, if the entity has not been granted the new privilege, then the operating system inhibits execution of the software service by the entity.08-27-2009
20100058463METHOD OF EXCHANGING DATA BETWEEN TWO ELECTRONIC ENTITIES - A method of exchanging data between a first electronic entity and a second electronic entity includes the following steps: 03-04-2010
20100058461EMBEDDED SYSTEM WITH AUTHENTICATION, AND ASSOCIATED AUTHENTICATION METHOD - An embedded system with authentication includes: a system read only memory (ROM), a processing circuit and an authentication circuit. The system ROM is arranged to store a boot code. In addition, the processing circuit is arranged to process at least according to the boot code in order to perform operations of the embedded system. Additionally, the authentication circuit is arranged to perform authentication on a command script in order to determine whether the command script is authenticated, and is arranged to prevent the command script from being executed by the processing circuit when the authentication circuit determines that the command script is not authenticated, wherein the command script is received from outside a chip where the system ROM, the processing circuit and the authentication circuit are positioned.03-04-2010
20100071058ELECTRONIC DEVICE AND CONTROLLING METHOD OF ELECTRONIC DEVICE - The present invention provides an electronic device for performing a typical processing by storing a predetermined operating procedure and reproducing the stored operating procedure that controls suspending storing information related to an authentication, which includes a control unit, when an operation requiring a predetermined authentication is performed at the time when the predetermined operating procedure is stored.03-18-2010
20100077473API CHECKING DEVICE AND STATE MONITOR - An API checking device 03-25-2010
20110093948NON-INTRUSIVE BACKGROUND SYNCHRONIZATION WHEN AUTHENTICATION IS REQUIRED - A non-modal notification user interface element is displayed persistently but unobtrusively such that a user may easily determine that authentication credentials are required by a background synchronization process. The non-modal notification is configured such that it may be ignored by the user such that their workflow is not interrupted. The background synchronization continues to synchronize the data it can even though the background synchronization may require authentication credentials for a subset of the data to be synchronized. The user may select the non-modal notification user interface element at any point in time in order to supply the required authentication credentials. The non-modal notification is removed from the display when there are no further authentication credentials required.04-21-2011
20120304283BROKERED ITEM ACCESS FOR ISOLATED APPLICATIONS - A broker module of a computing device receives requests from an isolated application to access one or more items of an item source. In response to a request, storage item objects representing items of the item source are generated and returned to the isolated application for each item of the item source that the isolated application is authorized to access. Whether the isolated application is authorized to access a particular item can be based on particular item sources and/or particular item locations.11-29-2012
20110061100METHOD AND APPARATUS FOR CONTROLLING ACCESS - An approach is provided for controlling access based at least in part on augmented reality. Images and/or signals representing motion by a user in a physical environment are received. An electronic determination is made whether the motion corresponds to a predetermined motion. Access is granted to a resource based at least in part upon the determination.03-10-2011
20110030051AUTONOMIC MANUFACTURING OPERATOR AUTHORIZATION ADJUSTMENT - Operator authorizations are autonomically adjusted in many ways to automatically account for many different variables. Operator authorization may be adjusted according to an operator's past activity record so previous experience is not lost when the operator is rehired. Operator authorization may be adjusted according to the operator's quality and performance. Operator authorization may also be adjusted by recognizing similar operations to those the operator is authorized to perform, and authorizing the operator to perform one or more similar operations. Operator authorization may also be adjusted to a lesser level or may be revoked for an operation based on the passage of time. A manufacturing system may efficiently track operators taking into account different activity periods, the passage of time, the operator's performance, and similar operations to autonomically adjust the authorization of the operators as needed.02-03-2011
20090320124APPARATUS AND METHODS FOR DYNAMIC PICTORIAL IMAGE AUTHENTICATION - Apparatus, systems and methods are provided for facilitating user authentication in a computing system based on pictorial discernment of images displayed to a user. Multiple images are displayed to a user, with each image having one or more distinguishing characteristics. Each symbol of the user's password is associated with a particular characteristic included in one of the displayed images. The user is properly authenticated if they select the images having the characteristics corresponding with the symbols of the user's password.12-24-2009
20090126006SECURING CPU AFFINITY IN MULTIPROCESSOR ARCHITECTURES - In an embodiment of the present invention, the ability for a user or process to set or modify affinities is restricted in order to method for control a multi-processor environment. This may be accomplished by using a reference monitor that controls a process' capability to retrieve and set its or another process' affinity. This aids in the prevention of security breaches.05-14-2009
20080289031INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREOF - Access right information of a login user is acquired, and an object accessible by the login user is identifiably displayed on an area corresponding to the user. When a collaboration mode in which a plurality of users log in and make a cooperative work is set, an object accessible by each login user is identifiably displayed on an area corresponding to each user.11-20-2008
20080320587Secure Pairing for Wired or Wireless Communications Devices - Pairing is achieved between a host communications device and a peripheral communications device, in order to establish an ad hoc wireless or wired network. A device identification, relating uniquely to the peripheral device, is displayed on the host device. In order to accept the pairing, the user confirms that th.—device identification displayed on the host device matches that printed on the peripheral diwice, and then completes the pairing procedure by pressing a key on the peripheral device, or, if Near Field Communication (NFC) techniques are implemented in the devices, by placing the peripheral device in contact with, or sufficiently close to, the host device. Thus, secure pairing is achieved, without requiring a complex user interface on the peripheral device.12-25-2008
20130198834METHODS AND SYSTEMS FOR DEVICE DISABLEMENT - A method for disabling a device associated with a virtual identity may include receiving, from the device, a request to use the virtual identity, where the request that may include a passcode guess and a device identifier. The method may also include determining that the passcode guess does not authorize use of the virtual identity and incrementing a number of incorrect passcode guesses received within a time interval. The method may additionally include determining that the number of incorrect passcode guesses received within the time interval is greater than or equal to a threshold. The method may further include storing an indication that subsequent requests associated with the device identifier should not authorize use of the virtual identity.08-01-2013
20110078785METHOD AND SYSTEM FOR SUPPORTING PORTABLE DESKTOP WITH ENHANCED FUNCTIONALITY - A method is disclosed for a peripheral portable desktop device. The peripheral portable desktop device is coupled with a workstation. In a second mode of operation, a portion of the peripheral portable desktop device is operatively coupled with the workstation for operation therewith to provide an ancillary function. In a first mode of operation data within the peripheral portable desktop device is used to support a personal desktop on the workstation.03-31-2011
20110119758APPARATUS FOR MOBILE DATA PROCESSING - A mobile data processing device includes a permanent memory configured to store an operating system bootable from the permanent memory. The device includes a connection configured to connect the device and a personal computer. The connection is configured so that the personal computer loads the operating system from the permanent memory during booting. The device includes at least one integrated network adapter. The device includes a hardware system. The hardware system is configured to at least one of encrypt and decrypt content stored in the permanent memory. The device includes a housing configured to be portable.05-19-2011
20120311697METHOD FOR EXECUTING AN APPLICATION IN A RESTRICTED OPERATING ENVIRONMENT - A user is presented with one or more user-level permissions in a human understandable language, where the one or more user-level permissions represent one or more application-level permissions requested from an application for accessing one or more resources. A security profile is generated having one or more operating system (OS)-level permissions based on at least one of the user-level permissions authorized by the user. The security profile is enforced to restrict the application to accessing the one or more resources based on the OS-level permissions.12-06-2012
20120311696Override for Policy Enforcement System - A policy enforcement system may have a mechanism for assisting a user in obtaining an exception to a given policy. The mechanism may collect information from the user as to why the exception is requested, then manage the exception throughout a security system. An exception policy may define the conditions when a user may be granted an exception automatically, as well as when the exception may be granted only through an approval process. An exception created by the mechanism may be logged in an audit file so that each exception is documented. Different exceptions may be defined for different conditions and each exception may have one or more paths by which the exception may be granted. The policy enforcement system may be used for any type of access control to any resource, including URL resources, physical peripherals or networks, data or applications, or any other resource.12-06-2012
20090300754Protecting a Program Interpreted by a Virtual Machine - A method of protecting a program interpreted by a virtual machine comprises the inclusion of interference operations during the execution of each program instruction. The scrambling operations are selected according to a program digest, so as to vary when a single instruction belongs to two different programs. In this way, any attempt at reverse engineering from side channels is made possible.12-03-2009
20090293116Accessing Protected Content In A Rights-Management Architecture - A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content. The client components include an object which accesses encrypted content, an object that parses the license and enforces the rights in the license, an object which obtains protection software and data that is individualized for the client and/or the persona operating the client, and a script of instructions that provides individualization information to a distributor of content so that the content may be individualized for the client and/or its operating persona. Content is generally protected by encrypting it with a key and then sealing the key into the content in a way that binds it to the meta-data associated with the content. In some instances, the key may also be encrypted in such a way as to be accessible only by the use of individualized protection software installed on the client, thereby binding use of the content to a particular client or set of clients.11-26-2009
20090260075SUBJECT IDENTIFICATION - A system for authenticating the identity of a subject comprises: means for receiving information on subject behaviour comprising one or more events, means for allocating confidence levels to the event or events comprised in the received behaviour information and for extracting an overall confidence level on the basis of the allocated confidence level or levels and processing means for deciding on the identity of the subject on the basis of the overall confidence level. The system may include a device for collecting information relating to one or more events forming part of the behaviour of a subject and for providing the information to a separate unit to determine the identity of the subject.10-15-2009
20100024029Battery And Authentication Requesting Device - An authentication requesting device which includes a battery connecting section to be connected to a battery and a receiving section to be supplied with power from an external power source when connected to the external power source, and executes an authentication process for authenticating a battery connected to the battery connecting section, where the authentication requesting device is arranged to change the authentication process depending on whether or not the receiving section is being supplied with power from the external power source.01-28-2010
20100024028Wireless mobile device with user selectable privacy for groups of resident application programs and files - An exemplary method implemented by a wireless mobile device provides user selectable access to programs and files defining items that are resident on the mobile device. Screen icons associated with a privacy group are visually differentiated from icons associated with a public group. On receiving a user first input to initially access one of the items, where the first input is the first attempt by the user to access any item since a power up activation of the mobile device, determining whether the first input is a request to access an item associated with the privacy group or public group. If the sought access is to one item associated with the privacy group, a request is displayed on the screen requesting the user to enter a predetermined group privacy password and access is inhibited to the item unless the predetermined group privacy password is input to the mobile device by the user. The same predetermined group privacy password is required to initially access any of the items associated with the privacy group. If the sought access is to one item associated with the public group, the first user input is permitted to be conveyed to the associated one item causing the one item associated with the public group to be accessed without requiring an input by the user of the group privacy password.01-28-2010
20100017873Secure communication over virtual IPMB of a mainframe computing system - In general, techniques for secure communicating over a virtual IPMB of a mainframe computing system are described herein. More specifically, the mainframe computing system comprises a plurality of independent computing cells communicatively coupled together by a network interconnect and that form a plurality of partitions. Each partition is a logical association of one or more of the cells to define a single execution environment. Each cell further executes a virtual intelligent platform management interface (IPMI) protocol to define and configure a respective logical intelligent platform management bus (IPMB) for each of the partitions. Each of the IPMBs logically interconnects with each of the other cells included within the same partition, and each is defined for communication of IMPI messages over the network interconnect. The cells securely communicate the IPMI messages between each of the one or more other cells of each partition via the respective logical IPMB of each partition.01-21-2010
20100293611WIRELESS LIFT GATE CONTROL SYSTEM - A lift gate system is provided which in one implementation has a lift gate assembly including an actuator for actuating a lift gate, a main controller configured for controlling the actuator, and a wireless transceiver for receiving an operation command. The system further has a wireless controller including an authorization controller configured for checking that an operator is authorized to operate the lift gate, the wireless controller configured such that upon authorization of the operator by the authorization controller, the wireless controller may wirelessly transmit an operator command to the main controller for controlling operation of the lift gate accordingly.11-18-2010
20090138964Subscriber management system - The present invention is directed to a system and methods for creating and maintaining subscriber accounts to access digital media content. In one preferred embodiment, accounts and sub-accounts are created with access restrictions being selectively imposed among the accounts and sub-accounts. When the accounts are used to gain access to digital media content (e.g., video on demand), such restrictions may take the form of spending limits, viewing content, and viewing times. In another preferred embodiment, the spending of each account is tracked and a debit posted upon the first occurrence of either the account attaining a selected spending limit, or a selected interval of time elapsing. In another embodiment, account holders are grouped based on a shared characteristic. Targeted marketing is then presented to the group based on the shared characteristic.05-28-2009
20090172807METHOD AND APPARATUS FOR MANAGING MULTIPLE SECURITY PROTOCOLS AND USERS FOR IMAGING DEVICES - Methods and apparatus contemplate a system for securing imaging devices on a network by allowing a system administrator to apply different security protocols to specific functions of an imaging device. This allows a system administrator to customize the functions of the imaging device by restricting the particular functions to only those users who need them, as opposed to the global security policies currently required. The system uses a computer program product, including executable instructions, which can be stored on the imaging device itself, a network server, and/or some other device attached to the network. The computer program product can be installed directly from the manufacturer, through computer readable media, or by downloading. The product interfaces directly with the imaging device to determine what imaging functions are present and to set what security protocols are required to access those functions.07-02-2009
20120066760ACCESS CONTROL IN A VIRTUAL SYSTEM - A method comprises determining a set of one or more authorizations associated with a role of a user responsive to the user entering a command with a parameter, wherein the command with the parameter is to be implemented via a first virtual partition that is configured to control access to a plurality of virtual input/output (I/O) devices by a plurality of other virtual partitions. The first virtual partition and the plurality of other virtual partitions are instantiated on a same system. The method includes determining that the role is authorized to execute the command based on the set of one or more authorizations. The method also includes determining that the role is authorized to execute the command with the parameter responsive to determining that the role is authorized to perform the command. The method includes executing the command with the parameter via the virtual partition.03-15-2012
20120011585AUTHENTICATION SYSTEM FOR INSTRUCTION PROCESSING APPARATUS, IMAGE FORMING APPARATUS, AUTHENTICATION CONTROL METHOD, AND AUTHENTICATION CONTROL PROGRAM - An authentication system for an instruction processing apparatus includes first and second authentication portions each for performing user authentication at the time of using the instruction processing apparatus, and a controller which makes the first authentication portion execute the user authentication and switches from the first authentication portion to the second authentication portion when the user authentication by the first authentication portion cannot be established.01-12-2012
20120023573METHOD, APPARATUS AND SYSTEM FOR ACCESS MODE CONTROL OF A DEVICE - A method, apparatus, and system for accessing at least a portion of a device based upon an access input. An access input is received. The access input includes information for gaining access to one or more functions of the device. A user access mode of the device is changed from a first access mode to a second access mode based upon at least in part on the access input. An application is selected in the device in response to changing from the first access mode to the second access mode. At least a portion of the output of the selected application is provided.01-26-2012
20120159610MEMORY PROTECTION AND SECURITY USING CREDENTIALS - A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.06-21-2012
20120159609PASSWORD ENTRY USING MOVING IMAGES - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method, an authentication video is displayed on a display. In response to receiving an input at a point in time in the video that matches a pre-selected time reference point, positive authentication is indicated.06-21-2012
20110072509Wireless Controller Device - A remote wireless device is provided that operates a user interface specific to a particular target application or device. The wireless device receives information regarding the status or operation of the target's application, and uses that information to determine what information and controls to present to the remote user. The remote user views information regarding the target application, and makes desired control selections using the available controls. The wireless device generates a message according to the control selections, and transmits the message to the target device. The target device acts responsive to the control message, and updated operational information may be sent to the remote wireless device.03-24-2011
20120124662METHOD OF USING DEVICE MOTION IN A PASSWORD - Processing a password in a mobile computing device may be accomplished by sensing movement of the mobile computing device by an accelerometer of the mobile computing device in three dimensional space; capturing first directional motion information representing the movement as at least a portion of an entered password; comparing the entered password to a password previously stored in the mobile computing device, the stored password comprising second captured directional motion information; and allowing access to the mobile computing device by a user when the entered password matches the stored password. The movement of the mobile computing device required for the password may be set by the user during a password training phase of operating the mobile computing device.05-17-2012
20120317638METHOD AND DEVICES FOR MANAGING PERMISSION REQUESTS TO ALLOW ACCESS TO A COMPUTING RESOURCE - Methods and devices for managing permission requests to allow access to a computing resource are disclosed herein. In one example embodiment, the method comprises: for an application to be installed on the computing device, determining an application category that the application is associated with, and retrieving a common permissions list for the application category, wherein the common permissions list identifies at least one computing resource that applications associated with the application category are configured to access; during an installation of the application on the computing device, determining one or more computing resources on the computing device that the application is configured to access when the application is executed on the computing device; determining which computing resources, of the one or more computing resources on the computing device that the application is configured to access when the application is executed on the computing device, are not identified in the common permissions list; and for each computing resource that the application is configured to access when the application is executed on the computing device that is not identified in the common permissions list, providing, in a user interface of the computing device, a permission request to allow the application to access the computing resource.12-13-2012
20090133117Authentication Frequency And Challenge Type Based On Application Usage - An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.05-21-2009
20090133116Time Information Management System - A rights validator system for controlling access to content, the system including a query processor to receive a rights query and to provide a result to the rights query based on an estimated time, and a time-based query response module operationally connected to the query processor, the time-based query response module being operative to determine the estimated time as a function of a most recently updated time, and a plurality of indications of elapsed time since the most recently updated time, the indications of elapsed time being from a plurality of different sources of time indication. Related apparatus and methods are also included.05-21-2009
20120222109PROVIDING A DECLARATION OF SECURITY REQUIREMENTS TO A SECURITY PROGRAM TO USE TO CONTROL APPLICATION OPERATIONS - Provided are a computer program product, system, and method for providing a declaration of security requirements to a security program to use to control application operations. The application communicates to the security program a declaration of security requirements indicating application actions designated to be performed with respect to resources in the computer system. The application is executed to perform application operations in response to communicating the declaration of security requirements to the security program. During the execution of the application, the actions are performed with respect to the resources at the computer system indicated in the declaration of security requirements.08-30-2012
20120254986Providing particular level of access to one or more items in response to determining primary control of a computing device - A computationally implemented system and method that is designed to, but is not limited to: determining which of a plurality of users detected in proximate vicinity of a computing device has primary control of the computing device; and providing a particular level of access, via the computing device, to one or more items, the particular level of access to be provided to the one or more items being in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.10-04-2012
20120137360SYSTEM AND METHOD FOR ACCESS CONTROL AND IDENTITY MANAGEMENT - A mechanism for the flow of access by derivation is provided. An access point may be any object, such as files or functions, to which the access recipient is granted access rights by the access provider. Access is typically represented by a relationship object referencing the access provider function, the access recipient function, and the access point object, and a set of access rights. This membership access relationship object is typically represented as a subtype of the access relationship. When a membership access relationship is created, typically a new associated persona function is generated, representing the new identity created for the access recipient function while serving as a member of the access point function. When a persona function is invited to be a member in another function, that in turn generates a membership and a second persona that is derived from the first persona, resulting in identity derivation.05-31-2012
20100175126System And Method For Registration Of An Electronic Device - A method for registering an electronic device includes receiving from a point-of-sale interface a transaction code and purchaser information associated with a purchase of an electronic device. While the transaction code is associated with the purchase of the electronic device, it does not uniquely identify the electronic device purchased. The method also includes receiving from the electronic device the transaction code and a device identifier that uniquely identifies the electronic device. The purchaser information and the device identifier are associated via the transaction code for registering the electronic device.07-08-2010
20120174210Trusted Communications With Child Processes - A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.07-05-2012
20100299744SERVICE BINDING METHOD AND SYSTEM - A method and system of binding content is disclosed. A non-volatile storage device creates a secure communication channel with a service provider system via a host device, and obtains a content access authorization. The host device facilitates the establishment of the secure communication channel. A removable device in communication with the host is bypassed when establishing the secure communication channel. The authorization may be based on identification information transmitted by the non-volatile storage device to the service provider system over the secure communication channel. The identification information may identify the non-volatile storage device, the host device, or the subscriber to the service provider system. The service provider system, in turn, may use the identification information to determine the type of authorization (if any) to send to the non-volatile storage device. The non-volatile storage device processes requests received from the host device to access the content according to the received authorization.11-25-2010
20110191845WIRELESS COMMUNICATION DEVICE WITH DURESS PASSWORD PROTECTION AND RELATED METHOD - A wireless communication device (and its related method of operation) includes, if invoked, password protected access to data stored therewithin and/or to normal device operations and further includes duress password checking logic that automatically causes a duress message to be sent if a duress password has been entered. The duress message is preferably sent without maintaining any user accessible indication of such sending. It is also preferred that the password checking logic automatically cause an end-of-duress message to be sent if a normal password is entered after a duress password has been entered. A plurality of different duress passwords may be entered into a duress password portion of data memory in the device.08-04-2011
20100050250INFORMATION PROCESSING DEVICE, DATA PROCESSING METHOD, AND PROGRAM - An information processing device includes: a local memory unit for storing data including an encrypted content; a memory for storing data including key information used to reproduce the encrypted content; and a data processing unit performing a process of writing data to the local memory unit and the memory, and a process of reproducing the encrypted content, wherein the data processing unit performs a process of writing encrypted content downloaded from a server or encrypted content copied from a medium to the local memory unit, and performs a process of decoding the encrypted content or a validity authenticating process using the data stored in the local memory unit and the data stored in the memory when reproducing the encrypted content written to the local memory unit.02-25-2010
20130174248PORTABLE DATA-STORAGE DEVICE CONFIGURED TO ENABLE A PLURALITY OF HOST DEVICES SECURE ACCESS TO DATA THROUGH MUTUAL AUTHENTICATION - A portable data-storage device configured to enable a plurality of host devices secure access to data through mutual authentication. The portable data-storage device includes a storage-device enclosure, a data-storage medium, a data-writing element, a data-reading element, and an electronic authenticator. The data-writing element and the data-reading element are configured to write data to, and to read the data from, the data-storage medium. The electronic authenticator is configured to mutually authenticate the portable data-storage device with a first host device, and at least a second host device. The electronic authenticator is configured to enable secure access to the data on the data-storage medium by the first host device and by the second host device, if the electronic authenticator mutually authenticates the portable data-storage device with the first host device and with the second host device. A method and system configured to enable host devices secure access to data are also provided.07-04-2013
20100011438Role-Based Privilege Management - In one embodiment, a computer implemented method for role-based privilege management is provided. The computer implemented method receives a transformation request from a requester to form a received request, and identifies a target environment of the received request. The computer implemented method determines whether the target environment matches a predefined environment in a set of role-based privileges and, responsive to a determination that the target environment matches a predefined environment in the set of role-based privileges, maps the parameterized privileges from the set of role-based privileges to the target environment and performs the request.01-14-2010
20090055922Method and Apparatus for Enabling Content to be Shared Among Multiple Devices in a Secure Environment - A Master device (e.g., a SIM card) is configured with information regarding one or more Slave devices (e.g., SIM cards) that are associated with the Master device. The Master device is installed in a user device that receives content files and access and usage rights from a content provider. The Master device identifies one or more Slave devices that are associated with the Master device and transmits content files and the rights data to the Slave devices. A user device in which a Slave device is installed receives the content files and rights data sent by the Master device. The Slave device extracts a key from the rights data and provides the key to a decryption component of the user device, which uses the key to decrypt the content file.02-26-2009
20120260333IMAGE PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND COMPUTER-READABLE STORAGE MEDIUM STORING PROGRAM FOR IMPLEMENTING THE METHOD - An image processing apparatus capable of reducing the frequency of a user's inputting work for authentication information to improve the convenience. When the number of the logged-in users is one, the logged-in user is set as an executor of the predetermined function, and when the number of the logged-in users is two or more, the user is caused to select one of the logged-in users to set the selected one as the executor of the predetermined function.10-11-2012
20120260332PROVIDING NOTICE OF PATENT AND OTHER LEGAL RIGHTS - A system for providing notice of legal rights corresponding to a computing device includes presenting a notice to the user through an I/O interface. The notice is in response to an attempt by a user to access at least one feature of the device through the I/O interface of the device and the notice further indicates that the device is subject to legal rights under a legal instrument. An acknowledgement of the legal rights is presented through the I/O interface. If the user selects the acknowledgement, the user is allowed to access at least one feature of the device. The user is prevented from accessing the at least one feature of the device if the user does not select the acknowledgement.10-11-2012
20120233688INFORMATION PROCESSING APPARATUS AND DISPLAY CONTROL METHOD - According to one embodiment, an information processing apparatus includes a wireless communication device, a display, a logon process module, and a display control module. The logon process module is configured to cause the display to display a logon screen, in a logon process of identifying a user account which uses an operating system. The display control module is configured to cause the display to display, together with the logon screen, an access point list indicative of an access point detected by the wireless communication device.09-13-2012
20080313730EXTENSIBLE AUTHENTICATION MANAGEMENT - A system and method for controlling access to a resource permits an administrator to make changes to access policies at a server level without having to update client code unless and until such updated code is actually needed by a client. Customizable, plug-in gates are provided to permit administrators fine grained control over access policy definition. The most updated versions of corresponding gate clients used to display the gates are identified to client systems when an access request is made. The updated gate clients are downloaded if and when requested by a client system that has not already stored the updated gate clients locally. The user's responses to gate challenges are compared to responses presented by the user at registration. If the responses meet the access policy's threshold for accuracy, the user is permitted to access the resource.12-18-2008
20080307521IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM FOR PERFORMING ACCESS CONTROL OF DOCUMENT INCLUDING TWO-DIMENSIONAL CODE - An object of the present invention is to improve usability of a copying machine. In order to achieve the object, an image processing apparatus according to the present invention has: accepting unit that accepts setting of a function from a user; first obtaining unit that obtains information of a function usable by the user; second obtaining unit that obtains information of a usable function by using a two-dimensional code of a document as an object of the function; and first executing unit that, even when the function that the accepting unit accepts setting thereof from the user is not included in the information of the usable function obtained by the first obtaining unit, executes on the document the function that the accepting unit accepts setting thereof when the function is included in the information of the usable function by the second obtaining unit.12-11-2008
20080301803Tailored System Management Interface - Processes and techniques for tailoring operations management in a system are described. The processes and techniques allow a user to customize operations management based on the user's function within a system and the particular tasks that the user wishes to accomplish. Simplified user interfaces can be created by scoping the interfaces based on user profiles, preferences and system components.12-04-2008
20110004933Context Sensitive Dynamic Authentication in A Cryptographic System - A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user. This confidence level is compared with a required trust level which is based at least in part upon the requirements of the second user, and the authentication result is based upon this comparison.01-06-2011
20120240222Methods and systems for preventing security breaches - A security payload is attached to a received binary executable file. The security payload is adapted to intercept application programming interface (API) calls to system resources from the binary executable file via export address redirection back to the security payload. Upon execution of the binary executable file, the security payload replaces system library export addresses within a process address space for the binary executable file with security monitoring stub addresses to the security payload. Upon the binary executable computer file issuing a call to a given API, the process address space directs the call to the given API back to the security payload via one of the security monitoring stub addresses that is associated with the given API. The security payload then can assess whether the call to the given API is a security breach.09-20-2012
20120240220METHOD AND SYSTEM FOR CONTROLLING DATA ACCESS ON USER INTERFACES - A system for controlling access to data at the user interface level includes a device permissions manager to manage user access to data on a device including a device permissions comparator configured to receive a plurality of user profiles corresponding to users in proximity to the device and including user permissions to the data, and to generate a comparison of the user permissions. The device permissions manager also includes a device access controller configured to control access to the data on the device in response to the comparison of the user permissions.09-20-2012
20120240221PROVISIONAL ADMINISTRATOR PRIVILEGES - A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally.09-20-2012
20110239292SYSTEM AND METHOD OF SECURITY FUNCTION ACTIVATION FOR A MOBILE ELETRONIC DEVICE - A system and a method are provided for activating one or more security functions of a mobile electronic device. The system and method provide for the activation of one or more security functions when the mobile electronic device is stored in a mobile electronic device holder. Security functions include, for example, closing a data item currently being displayed on the mobile electronic device, erasing decrypted information stored on the mobile electronic device, locking the mobile electronic device, and performing a secure garbage collection operation.09-29-2011
20120331547Static Analysis For Verification Of Software Program Access To Secure Resources For Computer Systems - Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.12-27-2012
20120278882ACCESSORY DEVICE AUTHENTICATION - An authentication controller coupled to a first communication port of a portable computing device is allowed to provide authentication on behalf of an accessory device coupled to a second communication port of the portable computing device. In one embodiment, a dongle that includes an authentication controller can be coupled with the portable computing device. Accessory devices can also be coupled with the portable computing device through other ports, including wireless ports. The dongle can provide cross-transport authentication for accessories that do not include authentication controllers. Once the dongle had been properly authenticated, the permissions granted to the dongle port can be transferred to a communication port coupled with an accessory.11-01-2012
20120278881DOMAIN AWARE TIME-BASED LOGINS - A method may comprise determining, in an operating system instance, that a login access is being attempted by a user at an access time on an object. A domain identifier associated with the user may be determined. A set of one or more domain identifiers may be accessed that may be associated with the object and that identify one or more domains. One or more domain isolation rules may be accessed and evaluated that may be associated with the operating system instance for permitting an attempted login access to the object based on whether a domain identifier associated with the user is one of the domain identifiers in the set of domain identifiers associated with the object for during a time period. A permit or deny indication may be returned based on whether or not login access is permitted on the object at the access time.11-01-2012
20120090021Platform Specific Application Building - Disclosed are new approaches for building an application for a specific platform. Source code files may be compiled to an intermediate module and transmitted to a build server along with metadata describing a target operating environment. The build server selects an application template including an application shell suitable for the target operating environment. The application shell may be bound to the intermediate module by modifying the application shell to verify a signature of the intermediate module prior to executing it. The application shell may include a binary executable for executing the intermediate module in the target environment. Also disclosed is an approach for providing access to an application on a subscription or trial basis.04-12-2012
20120291119ACCESS CONTROL AT A MEDIA SERVER - A method, system and apparatus for controlling access to a media server are provided. A browse request is received at a computing device, from a remote computing device to browse a memory structure including content files. Authentication of the remote computing device is initiated. Prior to the remote computing device being authenticated, a response is transmitted to the remote computing device indicative that the memory structure is empty of the content files, regardless of actual content of the memory structure. After the remote computing device is authenticated, a further response is transmitted to the remote computing device indicative of the actual content of the memory structure.11-15-2012
20100199347Method and Apparatus for Authenticating Usage of an Application - Methods and apparatuses, including computer program products, are described for authenticating the usage of an application. A request to execute an application is received from a user device. The application is executed based on the request. An application-level usage indicator is received from the user device. The application-level usage indicator corresponds to current operation of the application by a user and comprises at least (i) user input commands and (ii) passive usage metrics. The identity of the user is determined by comparing the application-level usage indicator with a pre-established user profile wherein the user profile is associated with previous operation of the application by the user and comprises at least (i) user input commands and (ii) passive usage metrics. Execution of the application is terminated at the user device if the identified user is not entitled to use the application according to the user profile.08-05-2010
20130014249SECURE DEVICE SHARING - A device and method for placing the device in a locked state having an associated set of permitted tasks so as to permit the device owner to share the device with others but maintain security over aspects of the device. A task change request is evaluated to determine whether the requested task is permitted and, if so, the requested task is allowed; if not, then an authorization process is invoked to prompt the user to input authorization data. Upon verification of the authorization data, the device may be unlocked and the requested change implemented. The permitted tasks may designate specific applications, specific operations or functions within applications or at the operating system level, one or more currently open windows, and other levels of granularity.01-10-2013
20130014248Mobile application security system and method - A system for authenticating the user of a computing device comprises an authorized user directory. Each record is uniquely associated with an authorized user and includes at least a computing device ID value that is a globally unique value assigned to the authorized user's computing device, a group of unique depictions such as photographs, an identification of a key depiction. Portions of each image form fiducials recognizable by the user. The record further includes trace pattern verification data representing continuous trace strokes between pairs of the fiducials within the key depiction. To authenticate, the group of images are displayed to the user. The user must first select the key image and secondly trace continuous trace strokes between the pairs of fiducials to match the trace pattern verification data.01-10-2013
20110162065CLIENT APPARATUS AND A METHOD THEREFOR - To limit access to a document according to a plurality of types of access authorities set to the document when a server apparatus for limiting access to the document having a setting of a plurality of types of access authorities to operate the document cannot limit access to the document according to the access authority, an apparatus includes a conversion unit configured to convert a document into a plurality of documents having a setting corresponding to each of the plurality of types of access authorities, and a generation unit configured to merge the plurality of documents formed through conversion by the conversion unit, so as to be handled as one document, to generate one merged document.06-30-2011
20110162064System and Method for Providing Convergent Physical/Logical Location Aware Access Control - A method for enforcing physical access control and logical access control may include: (i) controlling access of a person to a physical location based on a physical access credential associated with the person provided to a physical access control system; (ii) controlling access of the person to an information system and an enterprise service based on a logical access credential associated with the person provided to a logical access control system; (iii) receiving information from the physical access control system regarding the physical access credential; (iv) receiving information from the logical access control system regarding the logical access credential; (v) determining an approximate location of the person based on the physical access credential and the logical access credential; and (vi) blocking unauthorized access between the physical access control system and the logical access control system by a first firewall.06-30-2011
20080235787IMAGE FORMING APPARATUS, CONTROL METHOD OF THE APPARATUS, AND CONTROL PROGRAM OF THE APPARATUS - When an enabler key 09-25-2008
20080222719Fine-Grained Authorization by Traversing Generational Relationships - Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource.09-11-2008
20080222718Secure operating system loader - In one embodiment a computing device comprises a processor, a memory module coupled to the process and comprising logic instructions stored in a computer readable medium which, when executed, configure the processor to initiate boot operations in a computing device, present an authentication challenge when authentication is required to boot the computing device, continue boot operations in response to a successful response to the authentication challenge, and invoke an error routine in response to an unsuccessful response to the authentication challenge.09-11-2008
20120254985Providing greater access to one or more items in response to determining device transfer - A computationally implemented method includes, but is not limited to: determining that a computing device associated with a first user and that was in possession of a second user has been transferred from the second user to the first user; and providing at least greater access via the computing device to one or more items in response to determining that the computing device has been transferred from the second user to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.10-04-2012
20130091564SYSTEMS AND METHODS FOR MITIGATING THE UNAUTHORIZED USE OF A DEVICE - The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a method includes detecting that a security compromise event has occurred for a mobile device. The method also includes altering a function of the mobile device in response to the security compromise event to mitigate loss of control by an authorized user. Altering the function of the mobile device includes denying access to data stored on the mobile device.04-11-2013
20130091563METHOD AND APPARATUS FOR IMPROVED DIGITAL RIGHTS MANAGEMENT - A method and apparatus for improved digital rights management is provided.04-11-2013
20130091562COMPUTER - It is an object of the present invention to provide a technique for managing, in a file system that stores past images of a data file, access right to the past images.04-11-2013
20130097696DATA SECURITY SYSTEM - Various exemplary embodiments relate to a method of identifying unauthorized access to a data file on an unauthorized machine. The method includes: modifying the data file to include surreptitious code, the surreptitious code executing on a machine when the data file is opened or otherwise used by the machine; and receiving information transmitted by the surreptitious code, wherein the surreptitious code includes instructions for: gathering information about the executing machine, determining whether the executing machine is an unauthorized machine, and transmitting the information if the executing machine is an unauthorized machine. Various exemplary embodiments relate to a non-transitory machine-readable storage medium, the storage medium including instructions for: executing surreptitious code when the medium is accessed by a computing device; gathering information about the computing device; determining whether the computing device is an authorized machine; and transmitting the information if the computing device is an unauthorized machine.04-18-2013
20130097695Dynamic Profile Switching Based on User Identification - A method for dynamic switching of user profiles on a computing device. The computing device is coupled to at least one image-sensing device and can be configured using a plurality of stored user profiles. The method includes receiving at least one image from the at least one image-sensing device and generating a current user value based on the at least one received image. The method further includes determining if the current user value corresponds to at least one stored user value corresponding to a stored user profile. If the current user value corresponds to at least one stored user value, the method includes retrieving the stored user profile and configuring at least some programs operating on the computing device using the retrieved user profile. If the current user value does correspond to at least one stored user value, the method includes configuring the computing device using an alternative method.04-18-2013
20130097694PROTECTING AN ELECTRONIC DEVICE AGAINST UNATHORIZED HARDWARE USE - Embodiments of the present invention provide an approach for protecting electronic devices against the use of unqualified and/or unauthorized (e.g., “grey market”) hardware components. Specifically, in a typical embodiment, a hardware component that a user is attempting to use with an electronic device will be detected. Then, the device information associated with the hardware component (e.g., serial number, vital product data (VPD), etc.) will be identified from the hardware component (e.g., as stored therein).04-18-2013
20130145456SYSTEM AND METHOD FOR AUTHENTICATING CODE EXECUTING ON COMPUTER SYSTEM - A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another.06-06-2013
20090165120Mobile Terminal for a Traffic Information System, and Method for Activating an Access Control Device in a Mobile Terminal - Disclosed is a mobile terminal characterized by a first manipulation unit (06-25-2009
20130160108EXTENSIBLE AND/OR DISTRIBUTED AUTHORIZATION SYSTEM AND/OR METHODS OF PROVIDING THE SAME - In certain example embodiments, an extensible and/or distributed security system is provided. In certain example embodiments the security system provides authorization to a resource of a first application. In the first application, a security context is created and a client is authenticated to the first application. A request is accepted in the first application to access at least on resource. The first application communicates with an authorization application to determine authorization to the at least one resource. In the authorization application, an authorization process is executed which communicates with another application that defines a step of the authorization process for this resource. Based on that step, it is determined whether the first application allows access to the at least one resource for the client.06-20-2013
20110314537AUTOMATIC CONSTRUCTION OF HUMAN INTERACTION PROOF ENGINES - Human Interaction Proofs (“HIPs”, sometimes referred to as “captchas”), may be generated automatically. An captcha specification language may be defined, which allows a captcha scheme to be defined in terms of how symbols are to be chosen and drawn, and how those symbols are obscured. The language may provide mechanisms to specify the various ways in which to obscure symbols. New captcha schemes may be generated from existing specifications, by using genetic algorithms that combine features from existing captcha schemes that have been successful. Moreover, the likelihood that a captcha scheme has been broken by attackers may be estimated by collecting data on the time that it takes existing captcha schemes to be broken, and using regression to estimate the time to breakage as a function of either the captcha's features or its measured quality.12-22-2011
20110321155DIGITAL SIGNAL PROCESSING APPARATUS - If content is transmitted/received through a digital signal bus, protection of copyright causes a problem because of no deterioration in quality. Accordingly, authentication is required. The quantity of information to be processed is, however, so large that a long time is required for authentication. Accordingly, both achievement of handling property as in conventional analog connection and protection of copyrighted content without user's awareness become an object. The foregoing object can be achieved by authentication which is executed, for management of copyright, among apparatuses connected to the digital signal bus when the apparatuses are powered on or connected to the digital signal bus or when an input terminal connected to the digital signal bus is selected. The object can be further achieved by an encryption key shared among these apparatuses.12-29-2011
20110321154SYSTEMS AND METHODS FOR GENERATING CONSTRAINTS FOR USE IN ACCESS CONTROL - In one embodiment the present invention includes a computer-implemented method for generating constraints for use in an access control system. In one embodiment, roles, document types, and permissions are stored in a 3-D model, such as a matrix or table. The 3-D model is converted to 2-D models, where users are inserted for roles and documents are inserted for document types. The 3-D model and 2-D models represent access rights. Supplemental information about the access rights is added to the 2-D tables. In one embodiment, attribute exploration is used to generate supplemental information. Constraints are generated from the 2-D tables for use in controlling access rights in a computer system.12-29-2011
20120066761Method and apparatus for selectively enabling a microprocessor-based system - A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value. In this manner, the designer or distributor of the system can determine, at the time of manufacture or distribution, the conditions and circumstances under which the system may be operated.03-15-2012
20130205385PROVIDING INTENT-BASED ACCESS TO USER-OWNED RESOURCES - An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism.08-08-2013
20130205386METHOD AND SYSTEM FOR VERIFICATION OF HUMAN PRESENCE AT A MOBILE DEVICE - A method and system is provided for verifying human presence at a mobile device. The method includes receiving a request for verification. Further, the method includes sending a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenge to the mobile device. Further, the method includes receiving a response to the CAPTCHA challenge. Finally, the method includes verifying the human presence by matching the response received to the CAPTCHA challenge sent.08-08-2013
20090049541IMAGE FORMATION APPARATUS, FUNCTION EXTENSION METHOD, AND A COMPUTER READABLE STORAGE MEDIUM HAVING FUNCTION EXTENSION PROGRAM STORED THEREIN - An image formation apparatus: previously stores first information allowing functions that a plurality of users are authorized to use, respectively, to be determined, receives second information input to determine a user, the second information allowing that user to be determined, determines from the previously stored first information a normal function that the determined user is authorized to use, is set to make the determined normal function available, receives third information input from a first storage medium having the third information stored therein, to determine an extended function, the third information allowing the extended function to be determined; and is set to make the determined extended function available in addition to the normal function set available.02-19-2009
20130212674SYSTEM AND METHOD FOR SIGNATURE PATHWAY AUTHENTICATION AND IDENTIFICATION - A computer-implemented security system and method provides signature pathway authentication and identification. The system and method include establishing a user-defined cognitive signature pathway through multiple graphical zones of a graphical user interface. The signature pathway enables authorized user access to an otherwise secured location. Subsequent entries of the signature pathway entered via the graphical user interface are then validated. For all valid entries of the signature pathway, user access is allowed to the secured location.08-15-2013

Patent applications in class Authorization

Patent applications in all subclasses Authorization