Patent application number | Description | Published |
20080301798 | Apparatus and Method for Secure Updating of a Vulnerable System over a Network - An apparatus interposed between a vulnerable system and a network for secure updating of the system includes an internal interface connected to the system; an external interface connected to the network; and one or more filter modules for filtering out specific incoming network packets to block possible network attacks. The filtering may comprise filtering out all incoming TCP SYN packets; filtering out all incoming TCP SYN packets and UDP packets; and/or only allowing packets pertinent to any outgoing connection initiated by the system. | 12-04-2008 |
20090008445 | VIRTUAL MEMBERSHIP CARD SYSTEM AND PROVIDING METHOD, AND VIRTUAL MEMBERSHIP CARD READING METHOD - A method for providing virtual membership cards whereby by a card broker generates a virtual membership card based on the information of a card issuer and the information of a user and sends the virtual membership card to the mobile terminal of the user though a communication network. A virtual membership card system includes a membership management module, for managing card issuer account information, card user account information, and the virtual membership card information and a virtual membership card management module, including a card generation module, for generating a virtual membership card based on the information of the card issuer and the information of the user and a card distribution module, for sending the virtual membership card to the mobile terminal of the user though a communication network. With the present invention, merchants can easily issue, validate and maintain their membership cards, and the user may retrieve, use and manage his/her membership card at any place and at any time. | 01-08-2009 |
20090089262 | METHOD OF DYNAMICALLY PROVIDING A COMPOUND OBJECT'S SOURCE INFORMATION DURING IT'S DEVELOPMENT - A method and system for dynamically providing a composite source information report whenever source information of a composite object is updated. The system includes a subscription handler for receiving a subscription request and generating a subscription query, a means for determining whether source information of an element in a composite object has been edited (added, deleted and/or modified), a source information determining handler for automatically determining source information of an element in a composite object and a composite source information report generation handler for generating a composite source information report and providing the report to users. The system further comprises an authentication handler, an editing handler, an editing monitor, a source information recording handler, subscription source information retrieving handler and a server database. | 04-02-2009 |
20090300359 | APPARATUS AND METHOD FOR SECURELY SUBMITTING AND PROCESSING A REQUEST - An apparatus and a method for securely submitting a request and an apparatus and a method for securely processing a request. The apparatus for securely submitting a request includes a request pre-submitting component and a request confirmation component. The request pre-submitting component sends a request with a unique identifier to a server and sends an alarm message containing the unique identifier and a request description to the request confirmation component. The request confirmation component contains a key inaccessible to other components in a client. It pops up a request confirmation window, on which the request description is displayed, in response to the alarm message and generates a request confirmation message associated with the request by using the key and the unique identifier. | 12-03-2009 |
20090327411 | PROTECTING WEB APPLICATION DATA - A method, system and an article of manufacture tangibly embodying a computer readable program for protecting Web application data between a server and a client. A response created by the Web application for the client is backed up and modified by adding capturing code for capturing a user action, user data of the client, or combination thereof. The modified response is sent to the client and a request submitted by the client and the user action and/or user data captured by the capturing code is received. A verifying request is generated according to the received user action and/user data captured by the capturing code and the backup of the response. The request submitted by the client is verified according to the verifying request and the verified request is sent to the Web application of the server. | 12-31-2009 |
20090327745 | SECURE APPARATUS AND METHOD FOR PROTECTING INTEGRITY OF SOFTWARE SYSTEM AND SYSTEM THEREOF - Provided is a secure apparatus for protecting the integrity of a software system and a method thereof. The apparatus comprises: a template repository for storing templates required for generating an agent template; a template generator for randomly selecting one template from said template repository and generating a new agent template according to the selected template; and a transceiver for sending said new agent module to an external apparatus communicating with said secure apparatus to update a current agent module which is running in said external apparatus, wherein said current agent module is used to verify the integrity of said software system running in said external apparatus. The secure apparatus can protect software in an insecure environment with a high software protection level to prevent the software from being tampered or bypassed. | 12-31-2009 |
20100017868 | METHOD AND SYSTEM FOR CONFIGURING A RULE FILE FOR FIREWALL OF WEB SERVER - A method, a system, and a computer program product embodying computer readable code for configuring a rule file for a Web application firewall. The method includes: blocking a response created by a Web application; modifying the response by adding capturing code for capturing a regular expression and an associated parameter value embedded in the response while being executed; sending the modified response to the browser; receiving a request submitted by the browser and at least one regular expression and an associated parameter value captured by the capturing code; determining a parameter name and a regular expression associated with the same parameter value, and configuring the rule file of the firewall by use of the determined parameter name and regular expression associated with one another as a filtering rule. | 01-21-2010 |
20100020882 | Barbell Lifting for Wavelet Coding - A method for encoding motion-compensated video data includes generating, for a current frame, a high-pass wavelet coefficient based on a function of pixels in a temporally adjacent frame. The operations are repeated for multiple pixels in an array of pixels in the current frame to form an array of high-pass wavelet coefficients. A low-pass wavelet coefficient is generated based on a function of the high-pass wavelet coefficients. A system for coding video data includes a temporal wavelet decomposition module decomposing a pixel into a high-pass coefficient by performing a discrete wavelet transform on the pixel, a function of pixels in a previous frame, and/or a function of pixels in a subsequent frame. The system includes a motion estimation module generating motion vectors associated with the pixels in the previous frame and in the subsequent frame. | 01-28-2010 |
20100049792 | METHOD AND SYSTEM FOR PROVIDING RUNTIME VULNERABILITY DEFENSE FOR CROSS DOMAIN INTERACTIONS - A runtime vulnerability defense method, system, and computer readable article of manufacture tangibly embodying computer readable instructions for executing the method for cross domain interactions for a Web application. The method includes: creating a first and second iFrame object by the Web application which belong to a lower domain; creating an object ◯ by the first iFrame object; sharing the created object ◯ by the second iFrame object; promoting the domain of the second iFrame object to an upper domain; creating in the shared object ◯ a source accessing function for submitting to a third party server a request to access the content of the third party server; and creating in the shared object ◯ a sanitization function for sanitizing the response received from the server. | 02-25-2010 |
20100095277 | METHOD FOR SOURCE-RELATED RISK DETECTION AND ALERT GENERATION - A method and system for detecting a source-related risk and generating an alert concerning the source-related risk are disclosed. Criteria of the source-related risk are defined. Thresholds associated with the source-related risk are defined. Every operation on an object is detected. If an operation on an object satisfies a criterion among the criteria or if the operation causes to exceed a threshold among the thresholds, an alert is generated for the operation. | 04-15-2010 |
20100104129 | EMBEDDING AND DETECTING WATERMARKS - A watermark embedding method for embedding a secret message sequence in a document. The techniques include obtaining layout information of the document, extracting a digest of the document by using a Hash function, calculating embedded positions where the secret message sequence is embedded in the document, and dispersedly hiding the secret message sequence in each of the calculated embedded positions by altering the layout of the document. Also provided is a watermark embedding apparatus, a corresponding watermark detecting method and apparatus, and a method and system for detecting document integrity. The integrity of documents in various forms can be detected, and secret information to be hidden can be embedded therein and extracted therefrom. The techniques described are not limited to the document either in soft copy or in hard copy and have good robustness. | 04-29-2010 |
20100281311 | METHOD AND SYSTEM FOR RECONSTRUCTING ERROR RESPONSE MESSAGES UNDER WEB APPLICATION ENVIRONMENT - A computer-implemented method and system for reconstructing a response message to an improper accessing request in a web application environment. The method includes: obtaining the URL of a web application to be accessed by the improper accessing request and the error parameter information of the improper accessing request; obtaining a response template based on the obtained URL of the web application to be accessed; and merging the obtained error parameter information of the improper accessing request with the obtained response template to generate a reconstructed response message for the improper accessing request. The system includes: a message obtaining device; a response message template obtaining device; and a response message merging device. | 11-04-2010 |
20100333167 | Adaptive Rule Loading and Session Control for Securing Network Delivered Services - Mechanisms are provided for handling client computing device requests with adaptive rule loading and session control. The mechanisms partition a set of rules, into a plurality of filter sets with each filter set having a different subset of the set of rules and being directed to identifying a different type of attack on a backend application or service. A subset of filter sets is selected to be used to validate client computing device requests received from client computing devices. The selected filter sets are applied to requests and/or responses to requests. The mechanisms dynamically modify which filter sets are included in the subset of filter sets based on an adaptive reinforcement learning operation on results of applying the selected filter sets to the requests and/or responses to requests. | 12-30-2010 |
20110099482 | INTERACTIVE MANAGEMENT OF WEB APPLICATION FIREWALL RULES - A computer implemented method, information processing system, and computer program product manage web application firewall rule configuration. A web application is analyzed. A set of data elements within the web application is identified. Each data element in the set of data elements stores information that is sent from a web client to a web server. Each data element in the set of data elements is analyzed. A data type is associated with each data element in the set of data element. The data type describes a type of data stored by the data element. A web application firewall rule recommendation is automatically generated for each data element based at least on the data type associated therewith. | 04-28-2011 |
20110191855 | IN-DEVELOPMENT VULNERABILITY RESPONSE MANAGEMENT - In-development vulnerability response management, in one aspect, may detect a code instance that matches a vulnerability pattern; generate one or more hints associated with the code instance in response to the detecting; retrieve an action response to the code instance that matches a vulnerability pattern; and associate the retrieved action response with the code instance. | 08-04-2011 |
20110271353 | PERFORMING AUTHORIZATION CONTROL IN A CLOUD STORAGE SYSTEM - A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system. | 11-03-2011 |
20120158786 | PERFORMING AUTHORIZATION CONTROL IN A CLOUD STORAGE SYSTEM - A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system. | 06-21-2012 |
20120304249 | METHOD AND APPARATUS FOR SECURITY VALIDATION - A computer-implemented method, apparatus, and article of manufacture for security validation of a user input in a computer network application. The method includes: providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component; validating the user input based on at least one of the security rules; determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as a first class of users; determining, in response to detecting the user input violation and that the violated security rule has been provided to the pre-validation component, the user as a second class of users; and performing different security protection actions to the first and second class of users. | 11-29-2012 |
20120304275 | HIERARCHICAL RULE DEVELOPMENT AND BINDING FOR WEB APPLICATION SERVER FIREWALL - At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided. | 11-29-2012 |
20130007747 | METHOD AND APPARATUS FOR MANAGING A WORKING TASK BASED ON A COMMUNICATION MESSAGE - A method for managing a working task based on a communication message. The method may include the steps of: in response to receiving a communication message, matching the communication message using a matching rule; determining an application managing a working task associated with the communication message according to the matching result; prompting the user to perform an operation on the application managing the working task. | 01-03-2013 |
20130007749 | METHOD AND APPARATUS FOR MANAGING A WORKING TASK BASED ON A COMMUNICATION MESSAGE - Disclosed is an apparatus for managing a working task based on a communication message. The apparatus may include a rule matching module configured to, in response to receiving a communication message, match the communication message using a matching rule. An application determining module is configured to determine an application managing a working task associated with the communication message according to the matching result. A prompting module is configured to prompt the user to perform an operation on the application managing the working task. | 01-03-2013 |
20130019314 | INTERACTIVE VIRTUAL PATCHING USING A WEB APPLICATION SERVER FIREWALLAANM Ji; PengAACI BeijingAACO CNAAGP Ji; Peng Beijing CNAANM Luo; LinAACI BeijingAACO CNAAGP Luo; Lin Beijing CNAANM Sreedhar; Vugranam C.AACI Yorktown HeightsAAST NYAACO USAAGP Sreedhar; Vugranam C. Yorktown Heights NY USAANM Yang; Shun XiangAACI BeijingAACO CNAAGP Yang; Shun Xiang Beijing CNAANM Zhang; YuAACI BeijingAACO CNAAGP Zhang; Yu Beijing CN - A plurality of templates for web application server firewall rules are generated. A vulnerability report for the web application is obtained. At least one web application server firewall rule is generated, using the vulnerability report and at least one of the plurality of templates. The at least one web application server firewall rule is tested. The at least one web application server firewall rule is deployed to run on the web application server firewall. | 01-17-2013 |
20140013245 | Method and Apparatus For Controlling Display of Information Flow of Social Networking Application - A method and apparatus for controlling the display of information flow of a social networking application, where the social networking application displays a user interface for human-machine interaction at run time. The method includes displaying an information flow of the social networking application in the user interface, receiving a content item selected from the information flow by a user, determining whether the user requires to screen off the associated message of the content item, and screening off the associated message in the information flow displayed in the user interface in response to determining that the user requires to screen off the associated message of the content item. | 01-09-2014 |
20140196141 | HIERARCHICAL RULE DEVELOPMENT AND BINDING FOR WEB APPLICATION SERVER FIREWALL - At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided. | 07-10-2014 |
20140214831 | INTEGRATING SMART SOCIAL QUESTION AND ANSWERS ENABLED FOR USE WITH SOCIAL NETWORKING TOOLS - Embodiments include a program product and a method for providing responses to questions provided on a social media site. The method includes receiving, via a processor, a user question from a social networking site and decomposing and filtering the user question so that it can be further analyzed. The method also includes generating a list of most closely matched potential responders based on analysis of the user question and sending the most closely matched potential responders the user question. Upon receiving responses back from the most closest matched potential responders, these responses are aggregated by the processor in a final response format. | 07-31-2014 |