50th week of 2013 patent applcation highlights part 63 |
Patent application number | Title | Published |
20130332989 | Watermarking Detection and Management - A method, system and non-transitory computer-readable medium product are provided for watermarking detection and management. In the context of a method, a method is provided that includes identifying at least one resource accessible to a user device and determining whether a watermark template is applied to the at least one resource accessible to the user device. The method further includes identifying at least one compliance rule and determining whether the at least one compliance rule is satisfied in response to a determination that the watermark template is applied to the at least one resource accessible to the user device. The method yet further includes performing at least one remedial action in response to a determination that the at least one compliance rule is not satisfied. | 2013-12-12 |
20130332990 | Enforcement Of Data Privacy To Maintain Obfuscation Of Certain Data - A computer-readable medium is disclosed that tangibly embodies a program of machine-readable instructions executable by a digital processing apparatus to perform operations including determining whether data to be released from a database is associated with one or more confidential mappings between sets of data in the database. The operations also include, in response to the data being associated with the one or more confidential mappings, determining whether release of the data meets one or more predetermined anonymity requirements of an anonymity policy. Methods and apparatus are also disclosed. | 2013-12-12 |
20130332991 | METHOD AND SYSTEM FOR DYNAMICALLY ASSOCIATING ACCESS RIGHTS WITH A RESOURCE - A method for dynamically associating, by a server, access rights with a resource includes the step of receiving, by the server, a request for a resource from a client. The server requests, from a policy engine, an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client. The server associates the resource with the plurality of access rights via a rights markup language. The server transmits the resource to the client with the identification of the associated plurality of access rights. An application program on the client makes an access control decision responsive to the associated plurality of access rights. The application program provides restricted access to the resource responsive to the access control decision. | 2013-12-12 |
20130332992 | METHODS AND SYSTEMS FOR IDENTIFYING A TRUSTABLE WORKFLOW BASED ON A COMPREHENSIVE TRUST MODEL - Methods and systems for identifying a trustable workflow based on a comprehensive trust model. One or more trustable links between two or more abstract services among a number of combinations of concrete services can be searched and the trustable link combined to realize an abstract workflow so as to construct a candidate trustable workflow space. The K trustable workflows can be determined by randomly selecting the trustable link with respect to each pair of connected abstract services and combining the selected trustable links. The trustable link in the workflow can be selected to be replaced with another candidate trustable link to provide a higher selection probability to the trustable link in a critical path. | 2013-12-12 |
20130332993 | Controlling Device - A controlling device may acquire setting information regarding a wireless setting for a wireless communication currently being set in a wireless communication device. The controlling device may determine, using the setting information, whether the wireless setting indicates a first authentication method in which an authentication is performed by an authentication server or a second authentication method in which an authentication is performed by a device with which the wireless communication performing unit performs a wireless communication directly. The controlling device may provide a first screen to a displaying unit in a first case where a determination is made that the wireless setting indicates the first authentication method. The controlling device may provide a second screen which is different from the first screen to the displaying unit in a second case where a determination is made that the wireless setting indicates the second authentication method. | 2013-12-12 |
20130332994 | EMPLOYING PHYSICAL LOCATION GEO-SPATIAL CO-ORDINATE OF COMMUNICATION DEVICE AS PART OF INTERNET PROTOCOL - A current physical location value associated is incorporated with a communication device as part of internet protocol (IP). An IP management component obtains current physical location information of a wireless communication device and modifies the IP address to incorporate the current physical location value corresponding to the current physical location of the communication device as part of the IP address of the communication device to prevent undesired intrusions by hackers, as communications associated with the communication device are routed to/from the communication device that is at the current physical location. If the communication device moves to a new location, the IP management component can perform a new IP address modification to modify the IP address to incorporate a new physical location value associated with the communication device. | 2013-12-12 |
20130332995 | SYSTEM AND METHOD FOR USING MACHINE READABLE CODE TO COMMISSION DEVICE APPLICATIONS - A system for using machine readable code to commission a device application includes a controller, an image capturing device, and at least one processor. The at least one processor is programmed to receive an image acquired from the image capturing device, wherein the image includes a code, the at least one processor is also programmed to access information from the code, and send the information accessed from the code to the controller, wherein the information enables the controller to commission a device application. | 2013-12-12 |
20130332996 | SYSTEM AND PROCESS FOR MANAGING NETWORK COMMUNICATIONS - A communication protocol and system is disclosed for network communications between a data service residing on a client that provides network communications between one or more mobile applications on a source and a network based on a process number. The shared data service communicates with a data service plug-in on the server side associated with the process number, in order to handle requests from the mobile applications that access the network through the data service. Predetermined network connection, priority, and additional rules can be used to control what plug-in can be reached through what type of network connection. | 2013-12-12 |
20130332997 | COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS - Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, a managed device receives an address of a management device. The managed device has stored therein a pre-configured unique identifier of an authorized management device and a digital certificate assigned to the managed device prior to installation of the managed device within a network. A tunnel is established between the devices. The management device has stored therein a digital certificate assigned to the management device prior to installation of the management device within the network. The digital certificate of the management device is received by the managed device. Prior to allowing the management device to use the tunnel to perform management functionality in relation to the managed device, a unique identifier included within or associated with the digital certificate of the management device is confirmed with reference to the pre-configured unique identifier. | 2013-12-12 |
20130332998 | SERIALIZED AUTHENTICATION AND AUTHORIZATION SERVICES - Requests for User Services on networked computers running on different platforms with different Authentication, Authorization and Auditing (AAA) Security Systems are processed through an AAA Services Manager Server and Web Services Servers. The AAA Services Manager Server communicates requests for User Services to Web Services Servers using corresponding URL Web addresses. Web Services correspond to their respective Authentication Security Systems and Authorization Security Systems through which User Services may be obtained. The Web Services Servers act to access, for User validation, the respective Authentication Security Systems and Authorization Security Systems according to their individual languages and computing platform requirements. | 2013-12-12 |
20130332999 | Method for Using Java Servlets as a Stack Based State Machine - A client module downloaded by web browser from a server receives authentication information to open a smart card in a card reader and to initiate a secure network connection to a first server module running on a server. The client module calls a second server module running on the server. And the client module receives a new application for the smart card. Then the client module causes the smart card to delete an old application and load the new application. Each of the operations performed by client module occurs in a single session. | 2013-12-12 |
20130333000 | SYSTEM AND METHOD FOR A STORAGE AREA NETWORK VIRTUALIZATION OPTIMIZATION - A method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions. The programming instructions are operable to determine one or more optimal mappings between a server layer and a storage layer through a network layer based on performance metrics of one or more ports of at least one of the server layer, the storage layer and the network layer. | 2013-12-12 |
20130333001 | Mobile IPv6 Authentication and Authorization Baseline - Various embodiments describe an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated. A Mobile Node-AAA authenticator option is added to the Binding Update message. The Home Agent generates the Mobile Node-AAA authenticator as a shared secret that it communicates as authentication data to the RADIUS AAA server on the home network. The RADIUS AAA server authenticates the communication and generates an Access-Accept message with a Mobile Node-Home Agent authenticator option. After receipt at the Home Agent, a Binding Update message with the Mobile Node-Home Agent authenticator option is transmitted from the Home Agent to the Mobile Node to use as an authenticator. | 2013-12-12 |
20130333002 | DYNAMIC AUTHENTICATION IN ALTERNATE OPERATING ENVIRONMENT - Systems and methods that employ dynamic credentials across distinct authentication standards can be used to reduce the burden associated with repeated re-authentication. A utility can be employed during logon in an alternate operating environment that stores information from the logon dynamically and generates a credential file that is employed to grant access to a resource without repeating the earlier logon procedure, even if the device changes its user state. After processes requiring resource access are complete, or when an allowed time expires, the granted access is revoked and the device returns to a default or standard authentication technique. | 2013-12-12 |
20130333003 | SYSTEMS AND METHODS FOR IMPLEMENTING MULTI-FACTOR AUTHENTICATION - A computer-implemented method for implementing multi-factor authentication may include 1) receiving, as part of a secondary authentication system, an authentication request from a client system, 2) redirecting the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request, 3) receiving an assertion of the first authentication from the client system that demonstrates that the first authentication was successful, and 4) performing a second authentication with the client system in response to receiving the assertion of the first authentication. Various other methods, systems, and computer-readable media are also disclosed. | 2013-12-12 |
20130333004 | CLIENT COMPUTER, REMOTE CONTROL SYSTEM, AND REMOTE CONTROL METHOD - A client computer that is connectable to a host computer by a network, includes a communication part to communicate with the host computer; a user input part; a system part to perform a function depending on an application; and a controller to control the system part to be put into a locking state to stop performing operations input by a user from the user input part if a locking signal is received from the host computer through the communication part, and to control the communication part to unlock the locking state if an unlocking signal is received from the host computer through the communication part. | 2013-12-12 |
20130333005 | CLOUD SERVICE SYSTEM BASED ON ENHANCED SECURITY FUNCTION AND METHOD FOR SUPPORTING THE SAME - The present invention relates to cloud service supporting technology. Particularly, a cloud service system based on an enhanced security function includes a terminal that includes a trusted platform therein and is configured to perform security authentication based on encrypted information provided by the trusted platform, to perform normal authentication based on preregistered ID and password information, and to use a cloud service according to the security authentication and the normal authentication, and a cloud service apparatus that is configured to provide the cloud service to the terminal after completing the security authentication and the normal authentication with the terminal that includes the trusted platform therein. The service apparatus, the terminal, and a method for supporting them are also disclosed. | 2013-12-12 |
20130333006 | ENTERPRISE TRIGGERED 2CHK ASSOCIATION - A method of operating a security server to securely transact business between a user and an enterprise via a network includes receiving, at the security server from an enterprise with which the user is currently connected via the network, a request of the enterprise to activate a secure communications channel over the network between the user and the security server. The request includes contact information for contacting the user via other than the network. The security server, in response, transmits an activation code for delivery to the user via other than the network and in a manner corresponding to the received contact information. The security server receives, from the user via the network, an activation code and compares the received activation code with the transmitted activation code to validate the received activation code. The secure communications channel is then activated based on the validation of the received activation code. | 2013-12-12 |
20130333007 | Enhancing Password Protection - A mechanism is provided for enhancing password protection. A combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system. | 2013-12-12 |
20130333008 | ENHANCED 2CHK AUTHENTICATION SECURITY WITH QUERY TRANSACTIONS - A security server receives a request of a user to activate a secure communications channel over the network and, in response, transmits an activation code for delivery to the user via another network. The security server receives an activation code from the user network device via the network, compares the received activation code with the transmitted activation code to validate the received activation code, and activates the secure communications channel based on the validation. The security server next receives a query including a question for the user from an enterprise represented on the network, transmits the received enterprise query to the user network device via the secure communications channel, and receives, from the user network device via the secure communications channel, a user answer to the transmitted enterprise query. The security server then transmits the received user answer to the enterprise to further authenticate the user to the enterprise. | 2013-12-12 |
20130333009 | DYNAMIC TRUST CONNECTION - A network authentication system authenticates a connection-request based on a manner that the connection-request traverses the network. In client-server terminology, a server authenticates a client request for connection by examining one or more sequences of network entities (or network nodes) that form entity-patterns. The client pseudo-randomly selects entities of the network to be redirectors that redirect a received connection-request to further redirectors and/or the server. The client generates a different connection-request for each of the redirectors, and each redirector does the same for each of the further redirectors. This results in substantially unique connection-requests transmitted by each entity of the network in connection with the user request. Thus, redirector patterns are substantially unique and may be used for authentication. | 2013-12-12 |
20130333010 | Enhancing Password Protection - A mechanism is provided for enhancing password protection. a combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system. | 2013-12-12 |
20130333011 | SOFTWARE PIN ENTRY - A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. | 2013-12-12 |
20130333012 | NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key. | 2013-12-12 |
20130333013 | SECURITY DEVICE PROVISIONING - The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource. | 2013-12-12 |
20130333014 | Open Platform for Mobile Collaboration - A platform is provided which facilitates collaboration among a plurality of users on a project (such as the exploration for oil or natural gas on an oil rig), data set and/or data stream. The platform ( | 2013-12-12 |
20130333015 | BIOMETRIC CLOUD COMMUNICATION AND DATA MOVEMENT - An apparatus, method, system, and computer accessible medium are disclosed. In one embodiment the apparatus includes a first computing device having a processor coupled to memory. The apparatus also includes a first biometric reader unit to determine biometric signatures, the biometric reader unit communicatively coupled to the computing device. The memory stores a plurality of data files. The apparatus also includes a bio-packet generation unit to generate a packet comprising a first bio-identifier, the first bio-identifier comprising at least one biometric signature of a user. Finally, the apparatus includes a bio-packet transmission unit to send the generated packet to a remote server. | 2013-12-12 |
20130333016 | WIRELESS SESSION CONFIGURATION PERSISTENCE - A wireless access point employs a wireless configuration database for retrieving a stored wireless profile corresponding to a subscriber device from a remote location that enables the user to establish an Internet connection using their subscriber device with the same network identifiers and settings employed from the home wireless profile. The network identifier is typically an SSID (Service Set Identification), and labels the wireless configuration using a mnemonic name familiar to the user. The wireless configuration also denotes authentication and security (pas sphrase) tokens required for access, and would therefore enable the user to sign on at the remote wireless access point using the passphrase already known from their home WiFi arrangement. Subsequent attempts automatically establishing a connection to the subscriber device upon detection and authentication using the retrieved wireless profile without broadcasting an open SSID receivable by other wireless devices within range. | 2013-12-12 |
20130333017 | METHOD AND APPARATUS FOR AUTHENTICATING LOCATION-RELATED MESSAGES - A method and an apparatus protect location-related messages which are transmitted from a provider to a plurality of temporally changing recipients and receiver devices in a plurality of localities in each case. The method and apparatus are distinguished by the fact that key certificates for signed messages are issued only in a location-related manner and are thus valid only in a particular defined local environment. | 2013-12-12 |
20130333018 | Portable Security Device and Methods for Secure Communication - Disclosed a portable personal security device and methods for secure communication. In one example, the personal security device may wirelessly connect to a user device and collect information about the user device. The personal security device may then assess security characteristics of the user device based on the collected information. When the user device is determined to be unsecure, the personal security devices may instruct the user to use a secure internet application of the personal security device instead of an unsecure internet application of the user device. In addition, the personal security device may instruct the user to use a secure data input device of the personal security device instead of an unsecure data input device of the user device. The personal security device then receives via the secure data input device a user input data for the secure internet application, and transmit it to the user device. | 2013-12-12 |
20130333019 | INTEGRATED SECURITY SWITCH - An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network. | 2013-12-12 |
20130333020 | Method and Apparatus for Unlocking an Electronic Device that Allows for Profile Selection - A method and apparatus for unlocking an electronic device that allows for profile selection includes the electronic device storing a plurality of profiles, each of which is associated with a different unlocking pattern, and receiving a first pattern input generated from motion upon a user interface of the electronic device. The method further includes the electronic device determining that the first pattern input matches an unlocking pattern associated with a first profile of the plurality of profiles and performing an unlocking procedure. | 2013-12-12 |
20130333021 | PREVENTING MALICIOUS SOFTWARE FROM UTILIZING ACCESS RIGHTS - In a first embodiment of the present invention, a method for enabling a device to block malicious software is provided, comprising: creating a super-user account as a new account for an operating system running on a device; and altering security rights of the operating system so that all accounts other than the super-user account of the operating system running on the device have only read access to key sections of the operating system. | 2013-12-12 |
20130333022 | Sharing Content Online - A method of providing a degree of authentication for a content link presented to peer user(s) by a sharing user via the Internet. The method includes, at a server, associating the content link with authentication data provided by the sharing user, and storing the associated content link and authentication data in a storage location. A redirection link that links to the stored associated content link and authentication data is presented to a peer user via a user interface of a client computer of the peer user. Upon submission of an access request from the client computer to the redirection link, the content link and the authentication data is delivered to the client computer. The authentication data is presented to the peer user via the user interface and the peer user is able to choose, via the user interface, to submit an access request to the content link. | 2013-12-12 |
20130333023 | ELECTRONIC PAPER WITH MODE SWITCH UNIT - Provided is electronic paper that includes an imaging sheet for displaying content, a memory for storing the content, a mode switch unit for manually setting an operation mode of the electronic paper, and a controller for performing at least one operation from a plurality of operations including encryption of the content stored in the memory, deletion of the content stored in the memory, deletion of content displayed on the imaging sheet from a screen, and display of a lock screen that requires input of a password on the imaging sheet, according to an operation mode that is set by a user using the mode switch unit. | 2013-12-12 |
20130333024 | RANDOM VALUE IDENTIFICATION DEVICE, RANDOM VALUE IDENTIFICATION SYSTEM, AND RANDOM VALUE IDENTIFICATION METHOD - It is not possible to identify a suitable random value that can increase the validity of data after adding a random data and causing the concealment of original data values. | 2013-12-12 |
20130333025 | SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL - A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level. | 2013-12-12 |
20130333026 | MALICIOUS MESSAGE DETECTION AND PROCESSING - Malicious message detection and processing systems and methods are provided herein. According to some embodiments, the messages are emails and the method for processing emails may be facilitated by way of an intermediary node which may be cloud-based. The intermediary node may be communicatively couplable with an email client and an email server. The intermediary node may execute a method that includes analyzing a link included in an email to determine if the link is associated with a potentially malicious resource, and replacing the link with an alternate link to a trusted resource if the link is associated with a potentially malicious resource. | 2013-12-12 |
20130333027 | DYNAMIC RIGHTS ASSIGNMENT - In a first embodiment of the present invention, a method for blocking malicious software in an operating system, comprising: receiving a command to open a file; determining a file association for the file, wherein the file association points to a dynamic rights assignment module; evaluating what process issued the command to open the file; determining if the process that issued the command to open the file is known to be safe; when it is determined that the process that issued the command to open the file is not known to be safe, prompting a user whether to run in protected mode; when the user indicates that protected mode should be run, creating a temporary user of the operating system; and running a program associated with the file association for the file, as the temporary user. | 2013-12-12 |
20130333028 | Dashboards for Displaying Threat Insight Information - Dashboards for displaying threat insight information are provided herein, as well as systems and methods for generating the same. According to some embodiments, methods for providing a threat dashboard may include locating metrics regarding a malicious attack against a targeted resource, where the metrics indicate instances where users were exposed to the malicious attack or instances where a cloud-based threat detection system prevented the user from being exposed to the malicious attack. The method may also include rendering a threat dashboard for a web browser application of a client device, where the threat dashboard includes the located metrics. | 2013-12-12 |
20130333029 | TECHNIQUES FOR TRAFFIC DIVERSION IN SOFTWARE DEFINED NETWORKS FOR MITIGATING DENIAL OF SERVICE ATTACKS - A method for mitigating of denial of service (DoS) attacks in a software defined network (SDN). The method comprises receiving a DoS attack indication performed against at least one destination server; programming each network element in the SDN to forward a packet based on a diversion value designated in a packet diversion field, upon reception of the DoS attack indication; instructing at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server to allow diversion of the packet to a security server; and instructing edge network elements in the SDN to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server. | 2013-12-12 |
20130333030 | VERIFYING SOURCE OF EMAIL - A system is configured to generate an email with a main hyperlink and a verification hyperlink; transmit the email to an email account of a user; receive an indication of a selection of the verification hyperlink; and transmit a confirmation message to a recipient device of the user when the verification hyperlink is selected. | 2013-12-12 |
20130333031 | DYNAMIC CODE INSERTION AND REMOVAL FOR STATIC ANALYSIS BASED SANDBOXES - Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted. | 2013-12-12 |
20130333032 | NETWORK BASED DEVICE SECURITY AND CONTROLS - Protection against security attacks involves monitoring network traffic for a computing device security attack and determining whether there is a security event, using one or more network based security tools. Next, it is determined whether an event pattern involving two or more security events meets a predetermined criteria. Upon determining that there is a security attack, corrective action is tailored, based on the type of the computing device, the operating system of the computing device, the type of security attack, and/or the available protection tools. A course of action is performed depending on whether an account of the computing device includes a security protection service. If there is a security protection service, a message is sent over a secure link to the computing device. This message includes the corrective action to cure the computing device from the security attack. | 2013-12-12 |
20130333033 | SOFTWARE PROTECTION MECHANISM - Techniques for detecting malware activity are described. In some examples, a method for monitoring executing software for malware may include monitoring behavior of software during execution. Based on comparison of the monitored behavior and corresponding expected behavior derived from analysis of the software, it may be determined that the monitored behavior deviates from the expected behavior in accordance with a predetermined trigger. An appropriate action may be initiated in response. | 2013-12-12 |
20130333034 | Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion - Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system: and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines. | 2013-12-12 |
20130333035 | METHOD AND APPARATUS FOR DETECTING SCANS IN REAL-TIME - A method and apparatus for detecting scans are described. In one example, a plurality of flows is allocated into a plurality of bins associated with different source internet protocol (SIP) addresses. A set of bin characteristics for at least one bin of the plurality of bins is generated if the at least one bin reaches a predefined flow capacity. Afterwards, the set of bin characteristics is compared to a scan characteristics list to determine if a potential scan exists. | 2013-12-12 |
20130333036 | SYSTEM, METHOD AND PROGRAM FOR IDENTIFYING AND PREVENTING MALICIOUS INTRUSIONS - Computer system, method and program product for identifying a malicious intrusion. A first number of different destination IP addresses, a second number of different destination ports and a third number of different signatures of messages, are identified from a source IP address during a predetermined period. A determination is made that in one or more other such predetermined periods the source IP address sent messages having the first number of different destination IP addresses, the second number of different destination ports and the third number of different signatures. Based on the determination that in the one or more other such predetermined periods the source IP address sent messages having the first number of different destination IP addresses, the second number of different destination ports and the third number of different signatures, a determination is made that the messages are characteristic of a malicious intrusion. | 2013-12-12 |
20130333037 | METHODS, SYSTEMS, AND MEDIA FOR DETECTING COVERT MALWARE - Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: receiving a first set of user actions; generating a second set of user actions based on the first set of user actions and a model of user activity; conveying the second set of user actions to an application inside the computing environment; determining whether state information of the application matches an expected state after the second set of user actions is conveyed to the application; and determining whether covert malware is present in the computing environment based at least in part on the determination. | 2013-12-12 |
20130333038 | EVALUATING A QUESTIONABLE NETWORK COMMUNICATION - Identifying a questionable network address from a network communication. In an embodiment, a network device receives an incoming or outgoing connection request, a web page, an email, or other network communication. An evaluation module evaluates the network communication for a corresponding network address, which may be for the source or destination of the network communication. The network address generally includes an IP address. The evaluation module determines one or more properties of the network communication, such as time of day, content type, directionality, or the like. The evaluation module then determines whether the properties match or are otherwise allowed based on properties specified in the white list in association with the IP address. | 2013-12-12 |
20130333039 | Evaluating Whether to Block or Allow Installation of a Software Application - A programmable device for which an application is to be installed analyzes permissions requested by the application and other application information to assist the user in deciding whether to allow installation of the application. The analysis may either block or allow the installation, or may provide a calculated risk level to the user and request a decision. Application information, such as a category of application, typical permissions requested by similar applications, and trustworthiness of the application source, in addition to whitelists and blacklists may be employed as part of the analysis and evaluation of the permissions. As a result, the user need not be burdened with overly technical information and may make a better informed decision on installation. | 2013-12-12 |
20130333040 | Kernel-Level Security Agent - A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities. | 2013-12-12 |
20130333041 | Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion - Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system; and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines. | 2013-12-12 |
20130333042 | STORAGE SYSTEM AND STORAGE SYSTEM MANAGEMENT METHOD - The present invention removes a computer virus-infected benchmark file by re-creating the benchmark file referenced by a reference-source file. One or more clone files, which serve as reference files, reference a clone-source file, which serves as the benchmark file. In a case where it has been determined that the clone-source file is infected with a computer virus, only the clone file referencing the infected area is subjected to a virus check and repaired. A new clone-source file is configured based on the repaired clone file and the clone-source file (b). The old clone-source file, which is infected with the computer virus, is deleted (c). | 2013-12-12 |
20130333043 | Mechanism to Calculate Probability of a Cyber Security Incident - An Archetype Software Invention which calculates the probability of a cyber security incident for a given computer by correlating the distribution of computer program files with the occurrences of security incidents across a large number of computers. | 2013-12-12 |
20130333044 | VULNERABILITY-BASED REMEDIATION SELECTION - A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a given vulnerability identifier to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier; and/or a given remediation to determine at least two vulnerabilities mapped thereto. | 2013-12-12 |
20130333045 | SECURITY LEVEL VISUALIZATION DEVICE - A security level of each service is calculated and visualized. The device includes a security level calculation unit and a security level visualization unit. The security level calculation unit receives information regarding security of the service from a plurality of sensors as observation information, and calculates a security level of each service based on the received observation information and a security level calculation policy. The security level visualization unit outputs the security level of each service, based on the security level calculated by the security level calculation unit and configuration information of the service. Further, the security level calculation policy has a service, a user using the service, and an observation item to be observed in the service. The security level calculation unit calculates the security level in association with the user of the service and the service, based on the security level calculation policy. | 2013-12-12 |
20130333046 | SYSTEM AND METHOD OF AUTOMATICALLY DETECTING OUTLIERS IN USAGE PATTERNS - A system and method for detecting an outlier in a usage pattern comprises a computer accessible to perform an operation. The system includes an audit forensics engine having an outlier detection module. When an instance occurs where the operation is performed, audit trail data is captured related to the operation. The outlier detection module determines for the instance where the operation is performed whether the instance is an outlier in a usage pattern based on a comparison of the audit trail data to the usage pattern. | 2013-12-12 |
20130333047 | ELECTRONIC COMMUNICATION SECURITY SYSTEMS - Embodiments of the invention relate to methods increasing the security of electronic messages. | 2013-12-12 |
20130333048 | IDENTITY MANIPULATION DETECTION SYSTEM AND METHOD - The present invention provides, in at least one embodiment, a device, system, and method for resolving the identity of at least one person and listing their identity information attributes. The system detects intentional and improper falsifications of the person's personal identity information. The system calculates a manipulation score that indicates the likelihood that the person intentionally and improperly attempted to manipulate their identity information. The manipulation score can be based on the number, type, and systematic nature of the person's variations in their identity information. The system also calculates a collection of identity manipulation attributes that describe explicitly the manner of the improper manipulation, such as the number of Social Security numbers used. | 2013-12-12 |
20130333049 | DATA PROTECTION METHOD FOR PORTABLE ELECTRONIC DEVICE AND COMPUTER PROGRAM PRODUCT FOR THE SAME - A data protection method for a portable electronic device and a computer program product for the same are applicable to a portable electronic device operating on a Linux operating system. A storage region of the portable electronic device is partitioned to provide a specific partition for storing data to be protected. The specific partition will be mounted, and the data to be protected will be displayed, only if the data to be protected contains an execution command, otherwise the specific partition will be unmounted. Hence, the specific partition is only available when it is confirmed that the data to be protected contains an execution command. Accordingly, unspecific commands, such as file browsing, cannot enable the mounting of the specific partition, thereby hiding the specific partition and enhancing the security of the data to be protected. | 2013-12-12 |
20130333050 | METHOD FOR PRODUCING A SECURED DATA OBJECT AND SYSTEM - A method is provided for producing a secured data object by means of a data processing device. The method includes: generating a data representation value in each case at the end of an interval having a first interval length which is assigned to the data sets of the respective interval of first length, receiving a first time stamp assigned to the respective data representation value, storing the respective data representation value together with the assigned first time stamp, generating an interval representation value in each case at the end of an interval having a second interval length which is greater than the first interval length which is assigned to the data representation values of the respective interval of second length, receiving a second time stamp assigned to the respective interval representation value and storing the respective interval representation value together with the associated second time stamp. | 2013-12-12 |
20130333051 | RANDOM VALUE IDENTIFICATION DEVICE, RANDOM VALUE IDENTIFICATION SYSTEM, AND RANDOM VALUE IDENTIFICATION METHOD - When concealing the value of original data by adding a random value to the value of the original data, this random value identification device acquires a user identifier and an attribute name of an attribute of information relating to a user, identifies the correlation between the attributes indicated by the attribute name, acquires at least one attribute value of the attributes of the user identified by the user identifier, and generates a random number for each attribute within a random value range identified on the basis of the identified correlation and the acquired attribute value. | 2013-12-12 |
20130333052 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM - An information processing system includes an external system having an external server managing public information, and an internal system having an internal server managing secure information and a terminal outputting information. The external server sends an information generating module to the terminal at an acquisition request source, and the terminal executes the received information generating module, in order to generate information to be provided, using the public information acquired from the external server and the secure information acquired from the internal sever. | 2013-12-12 |
20130333053 | METHOD FOR PROTECTING FIRMWARE BEING UPDATED - A method for protecting firmware being updated is applicable to an electronic device installed with an open operating platform and applicable to a firmware update tool having a preset unlocking password. The method includes an unlocking step and a specific password generating step. In the specific password generating step, the unlocking password is updated according to the difference between product serial number-related information at the point in time of delivery of an electronic device. Although the preset unlocking password in the source code of the firmware update tool is disclosed, nobody other than the electronic product users and the electronic device manufacturers knows the first unlocking password and the second unlocking password. Accordingly, the method provides a security mechanism for the electronic device and the firmware update tool. | 2013-12-12 |
20130333054 | POST-DOWNLOAD PATIENT DATA PROTECTION IN A MEDICAL DEVICE - Patient data is stored in a medical device, such as an external defibrillator, and may be transferred, or downloaded, from the medical device to a computing device for storage or analysis. In response to the transfer, the medical device protects the patient data so that at least a subset of users cannot access the patient data from the medical device. The other device to which patient data is transferred from the medical device may be remote from the medical device or may be configured to be part of the medical device. The device to which the patient data is transferred from the medical device can be a remote computing device like a computer or server and/or may include or may be an intermediary data management device (DMD). The medical device may be a wearable medical device, such as a wearable defibrillator or a wearable automatic external defibrillator (AED). | 2013-12-12 |
20130333055 | SYSTEM AND METHOD FOR TRANSFERENCE OF RIGHTS TO DIGITAL MEDIA VIA PHYSICAL TOKENS - A system and method for transferring digital content includes a physical token incorporating a Near Field Communication (“NFC”) tag that represents a virtual gift of digital content such as an eBook. The tag can include a Uniform Resource Locator (URL) that can be used to gain access to the electronic content which can be stored on a remote server. A unique identifier on the tag is associated with gifted digital content. This association is preferably stored on a remote server in the “cloud”. A user receiving the physical and places it on or next to their electronic device, which includes an NFC receiver, and the device reads the tag and connects to the remote server. The remote server validates the information on the token and provides the user with access to the digital content, such as downloading the digital content to the user's electronic device. | 2013-12-12 |
20130333056 | SYSTEM AND METHOD FOR CHANGING ABILITIES OF A PROCESS - A system and method wherein a set of privileges assigned to a process may be modified responsive to a request. The modification may apply to one or more abilities within the set of privileges and may be applied during execution of the process subsequent to the process creation time. Accordingly a process may be created with a default set of privileges and subsequently the privileges may be modified (e.g. to include a sub-set of the default privileges) thereby mitigating the risk of malicious exploitation of the process through attack. | 2013-12-12 |
20130333057 | Humanized Non-Human Animals with Restricted Immunoglobulin Heavy Chain Loci - Mice, embryos, cells, and tissues having a restricted immunoglobulin heavy chain locus and an ectopic sequence encoding one or more ADAM6 proteins are provided. In various embodiments, mice are described that have humanized endogenous immunoglobulin heavy chain loci and are capable of expressing an ADAM6 protein or ortholog or homolog or functional fragment thereof that is functional in a male mouse. Mice, embryos, cells, and tissues having an immunoglobulin heavy chain locus characterized by a single human V | 2013-12-12 |
20130333058 | Pluripotent Cells From Rat and Other Species - Pluripotent cells are derived and maintained in a self-renewing state in serum-free culture medium comprising a MEK inhibitor, a GSK3 inhibitor and an antagonist of an FGF receptor. | 2013-12-12 |
20130333059 | HOX COMPOSITIONS AND METHODS - The present invention relates to compositions to treat HOXB7 related disorders. The invention also relates to methods treating HOXB7 related disorders. The invention further relates to kits for treating HOXB7 related disorders in a subject. The invention further relates to methods of identifying novel treatments for treating HOXB7 related disorders in a subject. | 2013-12-12 |
20130333060 | GREEN TRANSGENIC FLUORESCENT ORNAMENTAL FISH - The present invention relates to transgenic green ornamental fish, as well as methods of making such fish by in vitro fertilization techniques. Also disclosed are methods of establishing a population of such transgenic fish and methods of providing them to the ornamental fish industry for the purpose of marketing. | 2013-12-12 |
20130333061 | ISOLATED NOVEL NUCLEIC ACID AND PROTEIN MOLECULES FROM SOY AND METHODS OF USING THOSE MOLECULES TO GENERATE TRANSGENIC PLANTS WITH ENHANCED AGRONOMIC TRAITS - This disclosure provides purified nucleic acids and polypeptides. Also provided are transgenic plants, seeds, and plant cells containing DNA for expression of the proteins that are useful for imparting enhanced agronomic trait(s) to transgenic crop plants, methods of making such plants and methods of making agricultural commodity including seeds and hybrid seeds from such plants. | 2013-12-12 |
20130333062 | SOYBEAN VARIETY A1037425 - The invention relates to the soybean variety designated A1037425. Provided by the invention are the seeds, plants and derivatives of the soybean variety A1037425. Also provided by the invention are tissue cultures of the soybean variety A1037425 and the plants regenerated therefrom. Still further provided by the invention are methods for producing soybean plants by crossing the soybean variety A1037425 with itself or another soybean variety and plants produced by such methods. | 2013-12-12 |
20130333063 | SOYBEAN VARIETY A1036413 - The invention relates to the soybean variety designated A1036413. Provided by the invention are the seeds, plants and derivatives of the soybean variety A1036413. Also provided by the invention are tissue cultures of the soybean variety A1036413 and the plants regenerated therefrom. Still further provided by the invention are methods for producing soybean plants by crossing the soybean variety A1036413 with itself or another soybean variety and plants produced by such methods. | 2013-12-12 |
20130333064 | SOYBEAN VARIETY A1035398 - The invention relates to the soybean variety designated A1035398. Provided by the invention are the seeds, plants and derivatives of the soybean variety A1035398. Also provided by the invention are tissue cultures of the soybean variety A1035398 and the plants regenerated therefrom. Still further provided by the invention are methods for producing soybean plants by crossing the soybean variety A1035398 with itself or another soybean variety and plants produced by such methods. | 2013-12-12 |
20130333065 | MIRLO LETTUCE VARIETY - A new lettuce variety designated ‘Mirlo’ is described. ‘Mirlo’ is a butterhead lettuce variety exhibiting stability and uniformity. | 2013-12-12 |
20130333066 | DROUGHT TOLERANT PLANTS - The present specification teaches the generation of drought tolerant plants. The present disclosure enables manipulation of a phenotypic characteristic referred to herein as “stay-green” to generate drought tolerant plants by recombinant, mutagenic and/or breeding and selection methods. Plant management practice systems to increase crop yield and harvest efficiency in water-limited environments are also taught herein. | 2013-12-12 |
20130333067 | PRAIRIE CORDGRASS (SPARTINA PECTINATA) CULTIVAR 'SAVOY' FOR A BIOENERGY FEEDSTOCK PRODUCTION - A new synthetic cultivar of prairie cordgrass designated ‘Savoy’ is described. ‘Savoy’ is well adapted to the lower Midwest environment of the United States of America, and has a higher biomass yield potential than presently available commercial prairie cordgrass cultivars, such as ‘Red River’. In particular, compared to ‘Red River’, the cultivar ‘Savoy’ has higher mass per tiller, more leaves per tiller, higher shoot height and longer, wider leaves containing more biomass per leaf. | 2013-12-12 |
20130333068 | Genes and uses for plant enhancement - Transgenic seed for crops with enhanced agronomic traits are provided by trait-improving recombinant DNA in the nucleus of cells of the seed where plants grown from such transgenic seed exhibit one or more enhanced traits as compared to a control plant. Of particular interest are transgenic plants that have increased yield. The present invention also provides recombinant DNA molecules for expression of a protein, and recombinant DNA molecules for suppression of a protein. | 2013-12-12 |
20130333069 | Disease Resistant Plants - The present invention relates to a plant, which is resistant to a pathogen of viral, bacterial, fungal or oomycete origin, wherein the plant has an increased homoserine level as compared to a plant that is not resistant to the said pathogen, in particular organisms of the phylum Oomycota. The invention further relates to a method for obtaining a plant, which is resistant to a pathogen of viral, bacterial, fungal or oomycete origin, comprising increasing the endogenous homoserine level in the plant. | 2013-12-12 |
20130333070 | SMALL INTERFERING RNAS WITH TARGET-SPECIFIC SEED SEQUENCES - Disclosed are methods for design and synthesis of siRNA libraries, siRNA libraries produced thereby, siRNA molecules, and uses thereof. | 2013-12-12 |
20130333071 | Plant Genome Sequence and Uses Thereof - The present invention is in the field of plant biochemistry and genetics. More specifically the invention relates to nucleic acid molecules from plant cells, in particular, genomic DNA sequences from rice plants and nucleic acid molecules that contain markers, in particular, single nucleotide polymorphism (SNP) and repetitive element markers. In addition, the present invention provides nucleic acid molecules having regulatory elements or encoding proteins or fragments thereof. The invention also relates to proteins and fragments of proteins so encoded and antibodies capable of binding the proteins. The invention also relates to methods of using the nucleic acid molecules, markers, repetitive elements and fragments of repetitive elements, regulatory elements, proteins and fragments of proteins, and antibodies, for example for genome mapping, gene identification and analysis, plant breeding, preparation of constructs for use in plant gene expression, and transgenic plants. | 2013-12-12 |
20130333072 | POLYPEPTIDES HAVING GLUCOAMYLASE ACTIVITY AND POLYNUCLEOTIDES ENCODING SAME - The present invention relates to isolated polypeptides having glucoamylase activity and isolated polynucleotides encoding the polypeptides. The invention also relates to nucleic acid constructs, vectors, and host cells comprising the polynucleotides as well as methods of producing and using the polypeptides. | 2013-12-12 |
20130333073 | Compositions and Methods for Enhancing Plant Photosynthetic Activity - Methods for improving the efficiency of photosynthesis in plants exposed to suboptimal light conditions. Photosynthesis enhancement is achieved by transformation and expression of one or more exogenous chromophores in the chloroplast of plants or in the cytoplasm under the control of a transit peptide which directs it to the chloroplast or a compartment within the chloroplast. Preferred chromophores have excitation max in the green-yellow light spectrum. Chains of chromophores can be used to capture and emit light from one to the other until the emitted wave length is in the range that can be efficiently utilize by the native light harvest complex. | 2013-12-12 |
20130333074 | ENHANCER OF CELL DIVISION - The present invention relates to a polypeptide (BIG1) and variants thereof capable of enhancing the rate of cell-division of a microorganism or plant cell, as well as nucleic acid molecules encoding said polypeptides, vectors comprising said nucleic acid molecules and host cells transformed or transfected with said vectors and expressing said polypeptides. The BIG1 polypeptide which has been identified in the marine centric diatom | 2013-12-12 |
20130333075 | PLANT-DERIVED POWDER FOR FOOD AND PLANT PROTECTION, AND METHODS FOR PREPARATION - The present invention is referred to a method of production of plant powder for use in food and plant protection, preferentially obtained from plant crops of the Brassicaceae family (Crucifers). Also, the present invention is referred to a plant powder obtained by the procedure of the invention and the use of the plant-derived powder in food and plant protection as herbicide and insecticide. Moreover, this invention is referred to a foodstuff that incorporates the plant powder of the invention in edible forms either in solids, beverages, food supplements or additives, as well as a plant pest control product (herbicide and insecticide) that incorporates the plant powder of the invention. | 2013-12-12 |
20130333076 | ATOMIC FORCE MICROSCOPY CONTROLLER AND METHOD - A method for determining a loop response for an apparatus for an atomic force microscope is disclosed. The method comprises: determining a loop response for an on-surface movement of a cantilever over a frequency range; determining a loop response for an off-surface movement of the cantilever over the frequency range; and adjusting an output of the controller at a frequency based on the loop response for the off-surface movement. An atomic force microscopy system is disclosed. | 2013-12-12 |
20130333077 | Integrated Microscope and Related Methods and Devices - An embodiment includes an integrated microscope including scanning probe microscopy (SPM) hardware integrated with optical microscopy hardware, and other embodiments include related methods and devices. | 2013-12-12 |
20130333078 | Variety of olive tree named 'OAC 22" - A new and distinct olive tree used primarily for oil production that exhibits a compact growth habit, uniform and continuous production level, and high amounts of oleic acid content. | 2013-12-12 |
20130333079 | Apple tree named 'MAC 2137' - A new and distinct apple tree named ‘MAC 2137’ is disclosed. The new apple is notable for its attractive appearance, superb texture, improved flavor and early ripening. | 2013-12-12 |
20130333080 | Prunus plant named 'Chestnut Hill' - A new and distinct | 2013-12-12 |
20130333081 | Lemon tree named '7ELS1' - ‘7ELS1’ is a new and distinct lemon tree notable for its high quality fruit with very few or no seeds. | 2013-12-12 |
20130333082 | Yucca plant named 'Yugosta02' - A new and distinct | 2013-12-12 |
20130333083 | Ruellia plant named 'R10--108' - ‘R10-108’ is a new | 2013-12-12 |
20130333084 | Ruellia plant named 'R10-102' - ‘R10-102’ is a new | 2013-12-12 |
20130333085 | Peperomia plant named 'Hope' - A new and distinct | 2013-12-12 |
20130333086 | Dracaena plant named 'Fudrafut' - A new and distinct | 2013-12-12 |
20130333087 | Heuchera plant named 'Fire Alarm' - A new and distinct | 2013-12-12 |
20130333088 | Kniphofia plant named ' Orange Vanilla Popsicle' - A new and distinct | 2013-12-12 |