25th week of 2013 patent applcation highlights part 79 |
Patent application number | Title | Published |
20130160081 | System and Method for Concurrent Address Allocation and Authentication - A method for coordinating network entry of a device includes authenticating the device coupled to the controller, and allocating an address for the device, wherein allocating the address for the device occur concurrently with but independently of authenticating the device. The method also includes completing the network entry of the device upon successful completion of authenticating the device and allocating the address for the device. | 2013-06-20 |
20130160082 | Medical Device Connectivity to Hospital Information Systems Using Device Server - The present invention employs a system and method to allow for connectivity of a plurality of medical devices in a health care setting. The present invention utilizes a device server which may connect the plurality of medical devices to a hospital information system. The system may identify and authenticate a medical device and provide an administrator or privileged user accessing the information received from the medical device at a remote location. It is contemplated that the system utilizes a device server to connect the plurality of medical devices to the hospital information systems. | 2013-06-20 |
20130160083 | METHOD AND DEVICE FOR CHALLENGE-RESPONSE AUTHENTICATION - Method of performing a challenge-response process, comprising, in this sequence, the steps of a) providing a first challenge-response pair ( | 2013-06-20 |
20130160084 | SECURE OPERATING SYSTEM/WEB SERVER SYSTEMS AND METHODS - Systems and methods for securely operating web servers, operating systems, etc. Methods of embodiments include creating virtual roots for executive jails and corresponding administrative jails within parent operating systems. Embodiments also include setting privileges associated with each of the executive jails to disk read-only. Moreover, administrative jails are hidden from executive jails and the parent operating system is hidden from both sets of jails. Also, the methods include cross mounting user configuration information and/or applications from the administrative jails and in to the corresponding executive jails. Methods can include password protecting the administrative jails and/or restricting the executive jails from initiating outbound communications. Methods can also include storing security related syslog data in locations associated with parent file structure of the parent operating systems. Methods can also include storing web log related syslog data in locations associated with the administrative jails thereby providing, as desired, compliance/auditing reporting functions. | 2013-06-20 |
20130160085 | HOSTING EDGE APPLICATIONS AT THE EDGE OF A MOBILE DATA NETWORK - Mobile network services are performed in a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A breakout component in the radio access network breaks out data coming from a basestation, and hosts edge applications, including third party edge applications, that perform one or more mobile network services at the edge of the mobile data network based on the broken out data. | 2013-06-20 |
20130160086 | SECURE CLIENT AUTHENTICATION AND SERVICE AUTHORIZATION IN A SHARED COMMUNICATION NETWORK - Functionality for secure client authentication and service authorization in a shared communication network are disclosed. A managing network device of a communication network causes a securely connected client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more service providers of the communication network. The managing network device executes the service matching process and securely matches the client network device with one of the service providers. The accounting network device executes the account authorizing process with the client network device and provides a service voucher to the managing network device authorizing one or more of the service providers to service the client network device. The managing network device transmits the service voucher to the matched service provider to prompt the matched service provider to service the client network device. | 2013-06-20 |
20130160087 | BEHAVIORAL FINGERPRINTING WITH ADAPTIVE DEVELOPMENT - Disclosed herein are example embodiments for behavioral fingerprinting with adaptive development. For certain example embodiments, one or more devices may: (i) determine at least one indication of utilization for at least one authorized user via at least one user-device interaction; and (ii) incorporate at least one indication of utilization into at least one behavioral fingerprint that is associated with at least one authorized user, with the at least one behavioral fingerprint including one or more indicators of utilization of one or more user devices by the at least one authorized user. However, claimed subject matter is not limited to any particular described embodiments, implementations, examples, or so forth. | 2013-06-20 |
20130160088 | Authentication Via Motion of Wireless Device Movement - Motion of a wireless device is pre-registered as authentication credentials, then later matched, to provide motion-based authentication for access to software, service, etc. The wireless device may contain any number of gyroscopic, distance, positional or compass sensors—any or all of which are measured during a physical gesture or motion or the wireless device while the user is holding the wireless device. Recorded measurements of the specific motion then identifies the authorized user. If measurements of an attempted motion suitably matches the pre-registered and valid authentication credentials for the service or device, then the motioned wireless device is authenticated for use by the user. Such motion is difficult, if not impossible, for a user to pass on to another individual—even if they wanted to, making it the ultimate security technique. | 2013-06-20 |
20130160089 | Advocate for Facilitating Verification for the Online Presence of an Entity - Some embodiments provide an advocate system to facilitate automated online presence verification for different entities on behalf of the entities. The advocate system places service providers on notice that profiles and information hosted by them and that form the online presence for a particular entity should first be verified with that particular entity. The advocate system further facilitates online presence verification by 1) directly or indirectly connecting the service providers that are placed on notice with the appropriate authoritative entities to facilitate the verification of the profiles and information, 2) selectively targeting service providers hosting profiles and information that are unverified, 3) automatedly verifying hosted profiles and information based on a verified profile lists and verified information that authoritative entities provide to a central repository. In so doing, the advocate system prevents potential damage to the authoritative entity's credibility while also mitigating potential for fraud, identity theft, etc. | 2013-06-20 |
20130160090 | COMMUNICATIONS METHODS AND APPLIANCES - Communications methods and appliances are described. According to one embodiment, a communications method includes prior to deployment of an appliance, establishing a trusted association between the appliance and a certificate authority, during deployment of the appliance, associating the appliance with a communications address of a communications medium, using the certificate authority, creating a signed certificate including the communications address of the appliance, announcing the signed certificate using the appliance, after the announcing, extracting the communications address of the appliance from the signed certificate, and after the extracting, verifying the communications address of the appliance. | 2013-06-20 |
20130160091 | SYSTEM AND METHOD FOR ASSOCIATING MESSAGE ADDRESSES WITH CERTIFICATES - A system and method for associating message addresses with certificates, in which one or more message addresses are identified and associated with a user-selected certificate that does not contain any e-mail addresses. In certain situations, a message may be encrypted using a certificate that does not contain an e-mail address that matches the e-mail address of the individual to which the message is to be sent, so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device. | 2013-06-20 |
20130160092 | Certified Email System and Method - A certified email system for providing a time stamp for a presented file, particularly when the presented file is an email. Preferably a demanding party receives the email; generates a unique HASH; digitally signs the unique HASH; and sends the signed HASH and a time-stamp request call to a web services time-stamp conduit (WSTC). The WSTC receives the request and signed HASH from the demanding party and obtains a time stamp. The WSTC sends the time stamp back to the demanding party, which sends a time-stamp notification to the original sender of the email and, optionally, the recipient(s) of the email. Multiple branded or customized demanding servers can efficiently run using one web services time-stamp conduit. An integrated detailed billing system capable of pass-through client billing, keyword search functionality, a multi-party content management system, and convenient web-based automated verification (file or HASH) services are provided. | 2013-06-20 |
20130160093 | METHOD AND NETWORK ENTITY FOR REGISTERING A USER ENTITY WITH A COMMUNICATION NETWORK VIA ANOTHER COMMUNICATION NETWORK - A network entity for registering a user entity with a first communication network, wherein the user entity and the network entity providing access to the first communication network are registered with a second communication network. The network entity has a transceiver for transferring at least one registration message for registering said user entity with the first communication network between the user entity and the network entity over the second communication network. | 2013-06-20 |
20130160094 | OTA Bootstrap Method and System - An over-the-air (OTA) bootstrap method and system are described, including: when a connection between a user-registered terminal device and a device management (DM) server is finished, the terminal device sends a bootstrap confirmation message to a service center corresponding to port information of a valid service center pre-stored in the terminal device; the service center analyzes the bootstrap confirmation message to determine a device ID of the terminal device, connects with a DM server authorized by the service center, and searches for an OTA bootstrap record corresponding to the device ID in a database of the authorized DM server; if the service center fails to find the corresponding OTA bootstrap record in the database of the authorized DM server, the service center notifies the user that the terminal device has performed an OTA bootstrap with an unauthorized DM server. The present invention can improve the security of the OTA bootstrap. | 2013-06-20 |
20130160095 | METHOD AND APPARATUS FOR PRESENTING A CHALLENGE RESPONSE INPUT MECHANISM - An approach is provided for presenting a challenge response input mechanism on a device. A user receives a challenge (e.g., a CAPTCHA, a password prompt, a login prompt, etc.) when attempting to access a service and/or a resource wherein the user has to provide a response before access to the service or to the resource is granted. Further, one or more applications on the user device and/or at a service provider present a combination dial/slider on the user device whereby the user may interface with the input mechanism for constructing a response to the challenge. | 2013-06-20 |
20130160096 | SYSTEM AND METHOD OF PORTABLE SECURE ACCESS - An access system and method to establish communication with a customer system via a port is provided. The system can comprise a secure access key that can provide a communication link to the port on the customer system, and a footprint module. The footprint module can block connectivity via the port with the customer system unless the footprint module detects the secure access key as having a first authentication to connect to the customer system. A client device can communicate with the secure access key to get a second authentication from the secure access key to create a connection for communication via the secure access key with the customer system. The system can further comprise a user authentication module that requires a third authentication of a user to operate the client device to communicate over the secure connection via the secure access key with the customer system. | 2013-06-20 |
20130160097 | METHODS, APPARATUS, AND COMPUTER PROGRAM PRODUCTS FOR SUBSCRIBER AUTHENTICATION AND TEMPORARY CODE GENERATION - A mechanism is provided for providing temporary generated codes by a server. Responsive to triplet authentication of a device to service provider network, a server receives an initial code from the device to request a temporary generated code. The server verifies the triplet authentication of device. The server determines whether there is a user account match to the initial code. The server determines a corresponding application server based on the initial code and the user account match. The server generates a temporary generated code to access the application server. The temporary generated code is transmitted to both the application server and the communication device, is set to expire at a preset time, is generated to allow the user access to a single session on the application server, and is generated to expire after the temporary generated code is input to access the single session on application server. | 2013-06-20 |
20130160098 | FAMILIAR DYNAMIC HUMAN CHALLENGE RESPONSE TEST CONTENT - Embodiments of the invention are directed to human challenge response test delivery systems and methods. Specifically, embodiments of the present invention are directed to secure human challenge response test delivery services of configurable difficulty for user devices. One embodiment of the present invention is directed to methods and systems for implementing a familiar and dynamic human challenge response test challenge repository created from transaction data. The dynamic human challenge response test challenge repository may be created by a server computer receiving a plurality of transaction data. Challenge items may be extracted from the transaction data using an extraction algorithm. Furthermore, in some embodiments a challenge message may be sent to a requestor, a verification request may be received, and the verification request may be compared to the challenge message. Another embodiment may be directed at using user information in a human challenge response test to mutually authenticate a user and a service provider. | 2013-06-20 |
20130160099 | TOKEN BASED SECURITY PROTOCOL FOR MANAGING ACCESS TO WEB SERVICES - Token based techniques for managing client access to individual methods or resources provided by an application or service can be implemented at the application server hosting the application or service. Such techniques include performing client authentication and authorization based on information associated with the client as specified in a security token generated for the client. The security token associated with the client enables a service provider to monitor and control client access to the methods of the service on an individual basis. | 2013-06-20 |
20130160100 | METHODS AND SYSTEMS FOR INCREASING THE SECURITY OF NETWORK-BASED TRANSACTIONS - A method for enhancing the security of systems and resources involved in conducting network-based transactions on mobile communications devices includes comparing authentication data requested to be captured from a user as part of an authentication transaction against authentication data anticipated by the user to be captured during the authentication transaction. The method also includes authenticating the requested transaction when the user decides that the requested authentication data agrees with the anticipated authentication data, and conducting a network-based transaction from a mobile communications device, if the user is authorized, after successfully authenticating the identity of the user. | 2013-06-20 |
20130160101 | Wireless Communication Systems and Methods - Embodiments of the invention provide methods, devices and computer programs arranged to control provisioning of device-to-device (D2D) communication services in a communication network. One embodiment includes an apparatus including a processing system arranged to cause the apparatus to: assign a credential of a first type to a first D2D device; store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of a D2D communication service; transmit data indicative of the credential of the first type for reception by the first D2D device, said credential being for use in verification of said D2D communication service to be provided by the first D2D device to a second, different, D2D device; and maintain an operative state for the D2D communication in dependence on said association. | 2013-06-20 |
20130160102 | Fully Electronic Notebook (ELN) System And Method - A system, for record keeping in scientific, industrial, and commercial applications where records are used to document inventions and discoveries, such as in a research laboratory. Such systems are referred to in the applicable field as Electronic Laboratory Notebooks (ELNs). The system deploys data validation and signature validation modules to ensure data integrity and satisfy legal requirements for signature and witnessing documents in a completely paperless environment. | 2013-06-20 |
20130160103 | IMAGE COLLECTION BASED INFORMATION SECURITY METHOD AND SYSTEM - An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled. | 2013-06-20 |
20130160104 | ONLINE ACCOUNT ACCESS CONTROL BY MOBILE DEVICE - Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. A user verification query message can be sent to the mobile device. A user verification response message can be received from the mobile device. The user verification response message can include verification information that is different from login information for the online account. The user verification response message can be verified by comparing the verification information to stored information. If the user verification response message is successfully verified, the action indicated in the access control message can be performed on the online account. | 2013-06-20 |
20130160105 | CONFIGURING IDENTITY FEDERATION CONFIGURATION - A method and apparatus for configuring identity federation configuration. The method includes: acquiring a set of identity federation configuration properties of a first computing system and a set of identity federation configuration properties of a second computing system; identifying one or more pairs of associated properties in the first and the second sets, where the pairs of associated properties include one property from each set of identity federation configuration; displaying, properties that need to be configured manually from the each sets of identity federation configuration properties, where the properties that need to be configured manually do not include the property in any pair of associated properties for which the value can be derived from the value of another property in the pair; automatically assigning a property that can be derived from the value of another property; and providing each computing systems with each set of identity federation properties. | 2013-06-20 |
20130160106 | BASIC ARCHITECTURE FOR SECURE INTERNET COMPUTERS - A method of securely controlling through a private network a computer protected by a hardware-based inner access barrier or firewall and optionally configured to operate as a general purpose computer connected to the Internet, comprising: two separate network connections separated by an inner hardware-based access barrier or inner hardware-based firewall protecting a private network connection configured for connection to a private network of computers but not protecting a public network connection configured for connection to a public network configured to include the Internet, the method including the step of controlling at least one operation of the computer, the control being provided through the private network and the operation involving data and/or code transmitted to the public network. Another method includes the step of controlling an operation of a second or third private protected unit of the computer, the control being provided through a second or third private network, respectively. | 2013-06-20 |
20130160107 | SIGNAL TRANSFER POINT FRONT END PROCESSOR - In an SS7 network, each of a plurality of Signal Transfer Points is fronted by a front-end processor (STP-FEP) that has a network presence. The STP-FEP implements at least the MTP2 layer of the SS7 protocol stack and implements security rules at the MTP2 and MTP3 layers. | 2013-06-20 |
20130160108 | EXTENSIBLE AND/OR DISTRIBUTED AUTHORIZATION SYSTEM AND/OR METHODS OF PROVIDING THE SAME - In certain example embodiments, an extensible and/or distributed security system is provided. In certain example embodiments the security system provides authorization to a resource of a first application. In the first application, a security context is created and a client is authenticated to the first application. A request is accepted in the first application to access at least on resource. The first application communicates with an authorization application to determine authorization to the at least one resource. In the authorization application, an authorization process is executed which communicates with another application that defines a step of the authorization process for this resource. Based on that step, it is determined whether the first application allows access to the at least one resource for the client. | 2013-06-20 |
20130160109 | METHOD AND DEVICE - A method and device for user authorization is presented herein. The authorization device may be integrated in a display interface configured to receive an infrared input signal. The device may include a means for converting the infrared signal into an electric signal. The device may further include a processor configured to analyze the electrical signal. The processor may further be configured to provide an authorization of a user based on the analysis of the electrical signal. | 2013-06-20 |
20130160110 | Device Locking with Hierarchical Activity Preservation - Techniques are described for device locking with activity preservation at a specified level within a multi-level hierarchy of device states. Such locking enables a user to share a device with another user while specifying a particular level of access to the device, such as access to a particular class of applications, a specific application, or a specific task within an application. Determination of the authorized activity may be based on a currently active application, or on the particular user gesture. The level of functionality made available may be based on the number of times a user gesture is repeated. Gestures may include a selection of a hardware or software control on the device, issuance of a voice command, and the like. | 2013-06-20 |
20130160111 | Device and Method for Use of Real-Time Biometric Data To Control Content and Device Access - A device and method for unobtrusively conducting security access checks via biometric data. The device and method obtains biometric data in response to a request for content and initiates a security clearance process that is substantially unobservable to an individual with clearance to access the requested content. | 2013-06-20 |
20130160112 | CONTROLLER AND METHOD OF STORAGE APPARATUS - According to one embodiment, a controller for controlling a connected storage apparatus includes a storage unit and a control unit. The control unit acquires a password input by a user, judges whether or not the password is consistent with a password previously registered in the storage unit, cancels authentication data that is stored in the storage unit and enables reading and writing toward the storage apparatus of data and allows the formatting toward the storage apparatus in a condition that the password is consistent with the password previously registered in the storage unit, and disables reading and writing toward the storage apparatus of data and formatting toward the storage apparatus in a condition that the password is not consistent with the password previously registered in the storage unit. | 2013-06-20 |
20130160113 | COMPUTING APPARATUS AND METHOD FOR OPERATING APPLICATION - Computing apparatus and method for operating an application are provided. The computing apparatus includes: a communicator which communicates with a paired external device; a storage unit in which applications are installed; a controller which, if one of the applications installed in the storage unit is selected, controls the communicator to request login information corresponding to the selected application from the external device and, if the login information is received from the external device, performs a login by using the login information; and a display unit which displays an operation screen corresponding to the selected application. Therefore, a user further easily and conveniently uses services of applications respectively installed devices. | 2013-06-20 |
20130160114 | INTER-THREAD COMMUNICATION WITH SOFTWARE SECURITY - A circuit arrangement and method utilize a process context translation data structure in connection with an on-chip network of a processor chip to implement secure inter-thread communication between hardware threads in the processor chip. The process context translation data structure maps processes to inter-thread communication hardware resources, e.g., the inbox and/or outbox buffers of a NOC processor, such that a user process is only allowed to access the inter-thread communication hardware resources that it has been granted access to, and typically with only certain types of authorized access types. Moreover, a hypervisor or supervisor may manage the process context translation data structure to grant or deny access rights to user processes such that, once those rights are established in the data structure, user processes are permitted to perform inter-thread communications without requiring context switches to a hypervisor or supervisor in order to handle the communications. | 2013-06-20 |
20130160115 | SANDBOXING FOR MULTI-TENANCY - Systems and methods according to various embodiments disclose a worker process manager adapted to spawn one or more worker processes on a server and to load an application on each of the worker processes. The worker process manager is adapted to isolate the one or more worker processes from each other and to control resource usage by the worker processes. A resource manager is adapted to detect applications that overuse system resources. The worker process manager is adapted to isolate worker processes and to control resource usage using one or more of the following techniques: least-privilege execution, messaging isolation, credentials isolation, data isolation, network isolation, fair share resource usage, and managed runtime security. Heuristic algorithms are used to detect applications that frequently overuse system resources that are unchargeable and that cause system unresponsiveness. | 2013-06-20 |
20130160116 | DATA SECURITY SEEDING SYSTEM - In one aspect of the invention there is provided a system for tracking seed data that has been inserted into a secured private information database listing. The system includes a network, computer, and database. Incoming communications to the network are monitored and are matched to a phone number, credit card number, address, email, or fax number that corresponds to the seed data. Depending on the incoming communication software is configured to track and store third party identification information. The information is sent to a user to determine if the incoming phone call was conducted by breaching the secured private information database listing. | 2013-06-20 |
20130160117 | IDENTIFYING REQUESTS THAT INVALIDATE USER SESSIONS - An illustrative embodiment of a computer-implemented process for identifying a request invalidating a session excludes all marked logout requests of a Web application, crawls an identified next portion of the Web application and responsive to a determination, in one instance, that the state of the crawl is out of session, logs in to the Web application. The computer-implemented process further selects all crawl requests sent since a last time the crawl was in-session, excluding all marked logout requests and responsive to a determination that requests remain, crawls a selected next unprocessed request. Responsive to a determination, in the next instance, that state of the crawl is out of session and the selected request meets logout request criteria, the computer-implemented process marks the selected request as a logout request. | 2013-06-20 |
20130160118 | Methods, Communication Networks, and Computer Program Products for Monitoring, Examining, and/or Blocking Traffic Associated with a Network Element Based on Whether the Network Element Can be Trusted - A communication network is operated by determining whether a network element can be trusted and monitoring traffic associated with the network element based on whether the network element can be trusted. At least some of the monitored traffic may be selected for examination based on the degree of trust for the network element. At least some of the monitored and/or examined traffic is selected to be blocked based on the degree of trust for the network element. | 2013-06-20 |
20130160119 | SYSTEM SECURITY MONITORING - A computing device may receive netflow data that includes information corresponding to network-side activity associated with a target device. The computing device may evaluate the netflow data based on a netflow signature to identify potentially malicious activity. The netflow signature may include information corresponding to two or more network events occurring in a particular order. The computing device may report, to another computing device, that potentially malicious activity, corresponding to the network data, has been detected based on the evaluation of the netflow data. | 2013-06-20 |
20130160120 | PROTECTING END USERS FROM MALWARE USING ADVERTISING VIRTUAL MACHINE - Techniques are disclosed for an AdVM (Advertising Virtual Machine) system, modules, components and methods that provide multiple layers of ad security for end-users. AdVM browsers isolate, monitor and restrict ads in sandboxes. AdVM browsers are configurable to monitor, report abuse and restrict ad performance based on configurable parameters such as system usage, security, privacy, inadvertent clicks, required ad ratings, permissions (whitelisting) and denials (blacklisting). AdVM browser abuse reports are used to generate profiles, whitelists and blacklists for ads, advertisers and other ad participants, which AdVM browsers use to allow or deny ad performances. Publishers assist AdVM browsers with ad detection by declaring ads in content. Ad security is improved by participation of advertisers, ad networks and an ad quality authority in creating trusted or rated ads that can be selected and verified over untrusted or unrated ads. Improving end-user trust in online advertising protects both end-users and legitimate online advertising. | 2013-06-20 |
20130160121 | METHOD AND APPARATUS FOR DETECTING INTRUSIONS IN A COMPUTER SYSTEM - The present invention provides a method and apparatus for detecting intrusions in a processor-based system. One embodiment of the method includes calculating a first checksum from first bits representative of instructions in a block of a program concurrently with executing the instructions. This embodiment of the method also includes issuing a security exception in response to determining that the first checksum differs from a second checksum calculated prior to execution of the block using second bits representative of instructions in the block when the second checksum is calculated. | 2013-06-20 |
20130160122 | TWO-STAGE INTRUSION DETECTION SYSTEM FOR HIGH-SPEED PACKET PROCESSING USING NETWORK PROCESSOR AND METHOD THEREOF - A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment. | 2013-06-20 |
20130160123 | Methods, Systems, and Computer Program Products for Mitigating Email Address Harvest Attacks by Positively Acknowledging Email to Invalid Email Addresses - A method of detecting and responding to an email address harvest attack at an Internet Service Provider (ISP) email system includes counting a number of failed email address look-ups during a single Simple Mail Transfer Protocol (SMTP) session associated with an originating Internet Protocol (IP) address and responding to the originating IP address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold. | 2013-06-20 |
20130160124 | Disinfection of a File System - A method for determining appropriate actions to remedy potential security lapses following infection of a device by malware. Following detection of infection of the device the device undergoes a cleaning operation. As part of the cleaning operation infected electronic files and any other associated files or objects are removed from the device. From timestamps associated with the infected files and associated files and objects, either directly or from another source such as an anti-virus trace program, the time of infection can be estimated. This allows the system to reference timestamps on the device to determine the source of the infection. Additionally, if the type of infection is identified timestamps on the device can be used to determine where there are particular areas of vulnerability due to user actions on the device. | 2013-06-20 |
20130160125 | METHOD AND SYSTEM FOR RAPID SIGNATURE SEARCH OVER ENCRYPTED CONTENT - A method for detecting malware includes dividing data to be scanned for malware into at least a first data segment and a second data segment, dividing a signature corresponding to an indication of malware into at least a first signature segment and a second signature segment, performing a relationship function on the first signature segment and the second signature segment yielding a first result, performing the relationship function on the first data segment and the second data segment yielding a second result, comparing the first result and the second result, and, based on the comparison, determining that the data includes information corresponding to the signature. The relationship function characterizes the relationship between at least two information sets. | 2013-06-20 |
20130160126 | MALWARE REMEDIATION SYSTEM AND METHOD FOR MODERN APPLICATIONS - A system is described for remediating a malicious modern application installed on an end user device. In an embodiment, the system includes an antimalware program executing on the end user device that can detect and attempt to remediate the malicious modern application, an operating system executing on the end user device that is configured to interact with the antimalware program for the purpose of facilitating the establishment of a connection between the end user device and an application support system in response to determining that the antimalware program has detected and attempted to remediate the malicious modern application, and the application support system that can perform remediation operations beyond those that can be performed by the antimalware program. | 2013-06-20 |
20130160127 | SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE OF PDF DOCUMENT TYPE - Disclosed herein is a PDF document type malicious code detection system for efficiently detecting a malicious code embedded in a document type and a method thereof. The present invention may perform a dynamic and static analysis on JavaScript within a PDF document, and execute the PDF document to perform a PDF dynamic analysis, thereby achieving an effect of efficiently extracting a malicious code embedded in the PDF document. | 2013-06-20 |
20130160128 | APPLICATION MONITORING THROUGH COLLECTIVE RECORD AND REPLAY - Methods and systems for application monitoring through collective record and replay are disclosed herein. The method includes recording a number of execution traces for an application from a number of user devices at a runtime library, wherein the number of execution traces relates to non-deterministic data. The method also includes replaying the number of execution traces to determine whether a behavior of the application creates a security risk. | 2013-06-20 |
20130160129 | SYSTEM SECURITY EVALUATION - A computing device may receive external activity data corresponding to a target system. The external activity data may include information corresponding to network-side information relating to the target system. The computing device may identify suspicious external activity, corresponding to the external activity data, based on an activity watchlist. The activity watchlist may include information corresponding to external activity systems associated with known sources of malicious activity. The computing device may generate a system security report based on the suspicious external activity identified. | 2013-06-20 |
20130160130 | APPLICATION SECURITY TESTING - In one implementation, an attack surface identification system defines an interface description of an application during execution of the application. The interface description is then provided to a scanner. | 2013-06-20 |
20130160131 | APPLICATION SECURITY TESTING - In one implementation, an application security system accesses an attack description and a data set from an application. The data set based on an attack data set. The application security system correlates the data set with the attack description, and reports a security vulnerability for the application if the data set satisfies the attack description. | 2013-06-20 |
20130160132 | CROSS-SITE REQUEST FORGERY PROTECTION - Various embodiments of systems and methods for Cross-Site Request Forgery (XSRF) protection are described herein. An XSRF protection framework provides rich configuration possibilities for protection using an XSRF token. In one aspect—XSRF encoding is performed for a set of URLs according to a configuration and then a token validation is performed for incoming requests to protected resources. In another aspect—XSRF token leakage via the referrer header to external URLs is prevented. | 2013-06-20 |
20130160133 | Code Base Partitioning System - The subject disclosure is directed towards partitioning a code base of a program into a trusted portion and an untrusted portion. After identifying sensitive data within the code base using annotation information, one or more program elements that correspond to the sensitive data are automatically transformed into secure program elements that can be retained in the untrusted portion of the code base. Cryptographic techniques are used to minimize a potential size of the trusted portion of the code base. Source files for the trusted portion and the untrusted portion are generated. | 2013-06-20 |
20130160134 | METHOD AND DEVICE FOR MANAGING A SECURE ELEMENT - A method and system for managing, from a communication device, a secure element for contactless transactions such as mobile payment applications. The communication device includes a memory for storing one or more device applications. The method includes determining that an application stored on the secure element does not have an association with any of the device applications, and in response to the determining, sending a communication to a server to delete the application from the secure element. | 2013-06-20 |
20130160135 | METHOD AND APPARATUS FOR PERFORMING DOWNLOADABLE DIGITAL RIGHTS MANAGEMENT FOR A CONTENT SERVICE - A method and system are provided for performing downloadable Digital Rights Management (DRM) for a content service. The method includes receiving, from a service provider, a Content Access Token (CAT) issuance request for specific content, wherein the CAT issuance request includes information about devices mapped to account information of a user that has purchased the specific content; issuing a CAT; and delivering the CAT to the devices mapped to the account information. | 2013-06-20 |
20130160136 | DATA SECURITY IN A MULTI-NODAL ENVIRONMENT - A data security manager in a multi-nodal environment enforces processing constraints stored as security relationships that control how different pieces of a multi-nodal application (called execution units) are allowed to execute to insure data security. The security manager preferably checks the security relationships for security violations when new execution units start execution, when data moves to or from an execution unit, and when an execution unit requests external services. Where the security manager determines there is a security violation based on the security relationships, the security manager may move, delay or kill an execution unit to maintain data security. | 2013-06-20 |
20130160137 | ENVIRONMENTAL CONDITION IDENTIFYING TYPE LICENSE CONSUMPTION SYSTEM AND METHOD, AND FUNCTION PROVIDING SERVER AND PROGRAM - A license consumption system includes an information device on which application software operates based on a given license; and a function providing server which grants the license to the information device. The function providing server stores the license and an operating condition for granting the license, when attempting to start the application software, the information device transmits to the function providing server a licensing request of the application software and an operating environment of the information device, and the function providing server compares an operating condition of the application software corresponding to the requested license with the operating environment of the information device, and grants the license to the information device when the operating environment satisfies the operating condition. | 2013-06-20 |
20130160138 | NETWORK INFORMATION COLLECTION AND ACCESS CONTROL SYSTEM - An approach is provided for collecting and controlling access to network information. A network information anonymizer receives network information associated with a device, separates the network information into anonymized network information and user identifiable information, and enables access to the anonymized network information independently of the user identifiable information based on a privacy setting. | 2013-06-20 |
20130160139 | Volume Encryption Lifecycle Management - Aspects of the subject matter described herein relate to encryption lifecycle management. In aspects, an orchestrating agent is installed on a device upon which encryption management is desired. During the lifecycle of the device, the orchestrating agent facilitates performing actions to protect the data of the device. For example, at certain points during the actions, the orchestrating agent may deduce the presence of external entities needed to perform the actions and interact with those entities to protect the data. During its facilitating activities, the orchestrating agent may also escrow protector data to use to unlock the data for legitimate stakeholders of the data. | 2013-06-20 |
20130160140 | MACHINE-TO-MACHINE COMMUNICATIONS PRIVACY PROTECTION METHOD AND SYSTEM, MACHINE-TO-MACHINE COMMUNICATIONS SERVICE MANAGEMENT ENTITY, AND RELATED DEVICE - Embodiments of the present invention provide a machine-to-machine communications privacy protection method and system, a machine-to-machine communications service management entity, and a related device. The method includes: after receiving a location access message, determining, by a service management entity and according to locating information, an entity that performs privacy inspection; and triggering, by the service management entity, the entity that performs privacy inspection to perform privacy inspection. The M2M service management entity determines in advance the entity that performs privacy inspection and triggers the entity that performs privacy inspection to perform privacy inspection. Therefore, with the method provided in the present invention, message interaction on an mId interface is reduced, thereby reducing a message overhead. In this way, a network load is reduced, and especially for a wireless network with an air interface, benefit that reduction of a signaling overhead brings is greater. | 2013-06-20 |
20130160141 | Multi-User Login for Shared Mobile Devices - In particular embodiments, two or more users are provided with personalized experiences while using a shared mobile computing device. A login interface is presented for a plurality of users of the shared mobile computing device. When an indication of a login action by a first user of the plurality of users is detected, access to restricted information associated with any other user of the plurality of users is disabled. Cached information associated with the first user is retrieved from a local data store. A personalized user interface is then presented, based on the cached information. Updates to information and/or content may be cached and/or stored remotely. When an indication of a logout action by a first user of the plurality of users is detected, particular information and/or content is flushed from the local data store. | 2013-06-20 |
20130160142 | Track Changes Permissions - Various features and processes related to document collaboration are disclosed. In some implementations, animations are presented when updating a local document display to reflect changes made to the document at a remote device. In some implementations, a user can selectively highlight changes made by collaborators in a document. In some implementations, a user can select an identifier associated with another user to display a portion of a document that includes the other user's cursor location. In some implementations, text in document chat sessions can be automatically converted into hyperlinks which, when selected, cause a document editor to perform an operation. | 2013-06-20 |
20130160143 | PROCESSING MACHINE WITH ACCESS CONTROL VIA COMPUTER NETWORK - A control device controlling a processing machine receives from an external source initial data which includes at least identification data identifying the source of the initial data. The control device transmits the identification data via a connection to a computer network to a computer that is part of a computer cluster and receives authorization data from the computer or from another computer of the computer cluster. The control device allows or denies the user access to the internal data of the control device depending on the authorization data. | 2013-06-20 |
20130160144 | ENTITY VERIFICATION VIA THIRD-PARTY - Among other things, one or more techniques and/or systems are provided for verifying an identity of an entity via a third-party authentication system. As an example, an entity may be logged into a website and may have certain access permissions given the manner within which the entity was logged into the website. The entity may attempt to access, via the website, protected data owned by the website and/or owned by a third-party (e.g., social networking website). If the access permissions presently associated with the entity do not allow the entity to access the protected data, a request may be made to the third-party authentication system (e.g., operated by the social networking website) to verify the identity of the entity before increasing the access permissions to grant the entity access to the protected data. | 2013-06-20 |
20130160145 | SYSTEM AND METHOD FOR ASSET LEASE MANAGEMENT - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for asset lease management. The system receives, from a client device associated with a user profile, a lease start request for an asset for which the user profile is authorized. The system identifies a number of available slots for progressively downloading content. If the number of available slots is greater than zero, the system assigns an available slot from the number of available slots to the client device to yield an assigned slot. The system transmits security information, a lease key, and a lease duration associated with the assigned slot to the client device in response to the lease start request, wherein the security information and lease key allow the client device to start a progressive download of the asset for the lease duration. At the end of the lease, the system terminates the lease and releases the assigned slot. | 2013-06-20 |
20130160146 | STARTUP TIMES OF STREAMING DIGITAL MEDIA PLAYBACK - Techniques are provided for streaming digital media content. In one embodiment, metadata associated with a digital media content title is retrieved prior to receiving any user request to play the digital media content title. Upon receiving a user request to play the digital media content title, a license is requested based on the retrieved metadata. Upon receiving the license, streaming playback of digital media content title begins. | 2013-06-20 |
20130160147 | PROTECTED APPLICATION PROGRAMMING INTERFACES - Mechanisms are provided to allow particular parties and applications access to protected application programming interfaces (APIs) without the use of security domains. Trusted parties and applications may have access to protected APIs while unfrosted parties and applications may be restricted to a more limited set of APIs. Public keys associated with individual applications that are used to enforce licensing policies can be repurposed for use in a verification process to prevent unauthorized access to APIs. A credential storage manager can be used to maintain permission and certificate information. An application authorization manager may access credential storage and maintain trusted application information. | 2013-06-20 |
20130160148 | SYSTEMS, METHODS, AND PROGRAM APPLICATIONS FOR SELECTIVELY RESTRICTING THE PLACESHIFTING OF COPY PROTECTED DIGITAL MEDIA CONTENT - Systems, methods, and program products are provided for selectively restricting the transmission of copy protected digital media content from a computer system, over a network, and to a remote display. In one embodiment, a method includes the steps of capturing digital media content rendered on the local display by a media player application executed by the computer system; determining whether the media player application is accessing copy protected digital media content; and, if the media player application is not accessing copy protected digital media content, converting the captured digital media content to a media stream and transmitting the media stream over a network for presentation on a remote display. | 2013-06-20 |
20130160149 | ENCRYPTION KEYPAD CAPABLE OF PREVENTING ILLEGAL DISASSEMBLY - An enhanced encryption keypad ( | 2013-06-20 |
20130160150 | METHODS FOR IDENTIFYING COMPOUNDS THAT MODULATE LISCH-LIKE PROTEIN OR C1ORF32 PROTEIN ACTIVITY AND METHODS OF USE - The invention provides methods for reducing diabetes susceptibility in a subject and methods for increasing the expression of LL or CLORF32 in a subject. The invention further provides a method for identifying an agent which modulates expression of an Ll RNA or Clorf32 RNA comprising contacting a cell with an agent; determining expression of the Ll RNA or Clorf32 RNA in the presence and the absence of the agent; and comparing expression of the Ll RNA or Clorf32 RNA in the presence and the absence of the agent, wherein a change in the expression of the Ll RNA or Clorf32 RNA in the presence of the agent is indicative of an agent which modulates the level of expression of the RNA. | 2013-06-20 |
20130160151 | TRANSGENIC ANIMAL AS A MODEL FOR IDENTIFYING ADULT STEM CELLS, AND USES THEREOF - The present invention relates to the use of a transgenic non-human animal, such as a mouse, expressing a reporter gene detectable by a chromogenic, luminescent or fluorescent signal which identifies the cells that express Pw1, or of Pw1-expressing cells or tissues isolated therefrom, as a model for screening a candidate substance for its ability to stimulate adult stem cells, or for monitoring cell aging. | 2013-06-20 |
20130160152 | Hyperactive Piggybac Transposases - The present invention provides PiggyBac transposase proteins, nucleic acids encoding the same, compositions comprising the same, kits comprising the same, non-human transgenic animals comprising the same, and methods of using the same. | 2013-06-20 |
20130160153 | Humanized Light Chain Mice - Non-human animals, tissues, cells, and genetic material are provided that comprise a modification of an endogenous non-human heavy chain immunoglobulin sequence and that comprise an ADAM6 activity functional in a mouse, wherein the non-human animals express a human immunoglobulin heavy chain variable domain and a cognate human immunoglobulin λ light chain variable domain. | 2013-06-20 |
20130160154 | WATERMELON VARIETY WAS-45-2158S - The invention provides seed and plants of the watermelon line designated WAS-45-2158S. The invention thus relates to the plants, seeds and tissue cultures of watermelon line WAS-45-2158S, and to methods for producing a watermelon plant produced by crossing a plant of watermelon line WAS-45-2158S with itself or with another watermelon plant, such as a plant of another line. The invention further relates to seeds and plants produced by such crossing. The invention further relates to parts of a plant of watermelon line WAS-45-2158S, including the fruits and gametes of such plants. | 2013-06-20 |
20130160155 | Methods to Identify Soybean Aphid Resistant Quantitative Trait Loci in Soybean and Compositions Thereof - The present invention is in the field of plant breeding and aphid resistance. More specifically, the invention includes a method for breeding soybean plants containing quantitative trait loci that are associated with resistance to aphids, | 2013-06-20 |
20130160156 | METHOD FOR DOWN-REGULATING GENE EXPRESSION IN FUNGI - The present invention concerns methods for controlling and/or preventing fungus infestation on a cell, organism, substrate or material via dsRNA mediated gene silencing. The methods of the invention are particularly used to alleviate pathogenic fungal infestation on plants, plant materials or seeds. Suitable fungal target genes and fragments thereof, expression cassettes, dsRNA molecules, host cells expressing the dsRNA, compositions and transgenic plants and plant cells are provided. | 2013-06-20 |
20130160157 | USE OF NON-AGROBACTERIUM BACTERIAL SPECIES FOR PLANT TRANSFORMATION - The invention relates to methods for | 2013-06-20 |
20130160158 | MANIPULATION OF GLUTAMINE SYNTHETASES (GS) TO IMPROVE NITROGEN USE EFFICIENCY AND GRAIN YIELD IN HIGHER PLANTS - The present invention provides polynucleotides and related polypeptides of the protein GS. The invention provides genomic sequence for the GS gene. GS is responsible for controlling nitrogen utilization efficiency in plants. Glutamine synthase sequences are provided for improving grain yield and plant growth. The invention further provides recombinant expression cassettes, host cells and transgenic plants. | 2013-06-20 |
20130160159 | GEMINI VIRUS REPLICATION INHIBITOR - A replication inhibitor, which is an agent for inhibiting replication of a geminivirus, and comprises a zinc finger protein that can specifically bind to at least full length of stem loop region DNA of the geminivirus, or a part thereof, and can inhibit formation of a stem loop structure. | 2013-06-20 |
20130160160 | METHOD FOR SUSTAINABLE TRANSGENE TRANSCRIPTION - The present invention relates to constructs and methods for improving expression of transgenes in plants, animals and humans. | 2013-06-20 |
20130160161 | INHIBITION OF SNL6 EXPRESSION FOR BIOFUEL PRODUCTION - The invention provides compositions and methods for inhibiting the expression of the gene Snl6 in plants. Plants with inhibited expression of Snl6 have use in biofuel production, e.g., by increasing the amount of soluble sugar that can be extracted from the plant. | 2013-06-20 |
20130160162 | Nucleic Acid Molecules Encoding Plant Proteins in the C3HC4 Family and Methods for the Alteration of Plant Cellulose And Lignin Content - Polynucleotides, nucleic acid constructs, and methods are disclosed for the modification of cellulose and/or lignin content in plant tissues. Plants are genetically engineered with a gene encoding a C3HC4 protein, which leads to increased cellulose content when over-expressed in the plant vascular system. Plant transformants harboring the C3HC4 protein gene show increased content of cellulose and/or decreased lignin content, traits that are thought to improve hardwood trees for cellulose extraction during pulping and papermaking. | 2013-06-20 |
20130160163 | NUCLEOTIDE SEQUENCES AND CORRESPONDING POLYPEPTIDES CONFERRING MODULATED GROWTH RATE AND BIOMASS IN PLANTS GROWN IN SALINE CONDITIONS - The present invention relates to isolated nucleic acid molecules and their corresponding encoded polypeptides able confer the trait of improved plant size, vegetative growth, growth rate, seedling vigor and/or biomass in plants challenged with saline conditions. The present invention further relates to the use of these nucleic acid molecules and polypeptides in making transgenic plants, plant cells, plant materials or seeds of a plant having plant size, vegetative growth, growth rate, seedling vigor and/or biomass that are improved in saline conditions with respect to wild-type plants grown under similar conditions. | 2013-06-20 |
20130160164 | CROP GRAIN FILLING GENE (GIF1) AND THE APPLICATIONS THEREOF - Novel crop grain filling genes (GIF1) and the applications thereof are presented in the invention. The GIF1 genes can be applied to control grain filling, enhance crop yield or quality, or improve disease resistance or storage stability of crop grains. A method for improving crops is also presented in the invention. The GIF1 genes shows valuable potentials in controlling crop yield, quality, storage, and resistance to diseases. | 2013-06-20 |
20130160165 | Plants Having Enhanced Yield-Related Traits and Method for Making the Same - The present invention relates generally to the field of molecular biology and to the methods for enhancing various economically important yield-related traits in plants. More specifically, the present invention relates to a method for enhancing yield-related traits in plants by modulating expression of a nucleic acid encoding an OsRSZ33 RRM polypeptide or a growth-related protein (GRP) having at least 25% amino acid sequence identity to SEQ ID NO:251 or a ZPR polypeptide. The present invention also relates to plants having modulated expression of a nucleic acid encoding an OsRSZ33 RRM polypeptide or a growth-related polypeptide as defined herein or a ZPR polypeptide. Such plants have enhanced yield-related traits relative to controls. The invention also provides hitherto unknown OsRSZ33 RRM-encoding nucleic acids or GRP-encoding nucleic acids or a ZPR polypeptide, and constructs comprising the same, which are useful in performing the methods of the invention. | 2013-06-20 |
20130160166 | ORAL INSULIN THERAPY - This disclosure relates in part to synthesizing a cleavable proinsulin construct in transgenic plants by chloroplast expression. | 2013-06-20 |
20130160167 | WATERMELON VARIETY NUN 01007 WMW - The present invention relates to plants and plant parts of a watermelon variety NUN 01007 WMW, seeds from which the plant can be grown and seedless fruit produced on the plant, as well as vegetative reproductions of NUN 01007. Further, the invention relates to natural or induced phenotypic variants of the plant, such as mutants or somaclonal variants. | 2013-06-20 |
20130160168 | METHOD FOR SEED DEVITALIZATION - The invention provides a method for devitalizing plant seed, the method comprising the steps of hydrating a viable whole plant seed and freezing the hydrated whole plant seed. The invention further provides a collection of devitalized whole plant seed wherein the integrity of genomic DNA and protein within the devitalized plant seed is preserved. | 2013-06-20 |
20130160169 | FUNGAL DESATURASE AND ELONGASE GENES - The invention is directed to isolated polynucleotide and polypeptides of the CoD5, CoD6 and CoE6 genes from | 2013-06-20 |
20130160170 | Methods and Compositions for Goss' Wilt Resistance in Corn - The present invention relates to the field of plant breeding. More specifically, the present invention includes a method of using haploid plants for genetic mapping of traits of interest such as disease resistance. Further, the invention includes a method for breeding corn plants containing quantitative trait loci (QTL) that are associated with resistance to Goss' Wilt, a bacterial disease associated with | 2013-06-20 |
20130160171 | Floribunda rose plant named 'Meinoplius' - A new and distinct variety of Floribunda rose plant is provided that abundantly forms on a substantially continuous basis attractive double red-purple blossoms having a lighter coloration on the under surface. The vegetation is strong and a compact bushy growth habit is displayed. Exceptional resistance to common rose diseases has been observed. The plant is well suited for providing distinctive attractive ornamentation in the landscape. | 2013-06-20 |
20130160172 | Nectarine tree, burnecttwentyfive - A new and distinct variety of nectarine tree ( | 2013-06-20 |
20130160173 | Phalaenopsis orchid plant named 'Brunello' - A new and distinct | 2013-06-20 |
20130160174 | Helleborus plant named 'ABCRD01' | 2013-06-20 |