Patent application number | Description | Published |
20080263352 | Authentication system and method - A security protocol for use by computing devices communicating over an unsecured network is described. The security protocol makes use of secure data provided to a peripheral memory device from a server via a secure connection. When the peripheral memory device is coupled to a computing device that attempts to establish a secure connection to the server, the secure data is used to verify that the server is authentic. Similarly, the secure data assists the server in verifying that the request to access the server is not being made by a malicious third party. | 10-23-2008 |
20090044250 | Embedded Self-Contained Security Commands - A set of commands is provided to a system for execution in order to modify a security related aspect of the system. The system executes the set of commands absent an intervening command being executed. | 02-12-2009 |
20090049301 | Method of Providing Assured Transactions by Watermarked File Display Verification - Electronic transactions employing prior art approaches of digital certificates and authentification are subject to attacks resulting in fraudulent transactions and abuse of identity information. Disclosed is a method of improving electronic security by establishing a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a predetermined portion of the request from the institution for a signature upon a personalized device that cannot be intercepted or manipulated by malware to verify that the request as displayed upon the user's primary computing device is valid. | 02-19-2009 |
20090094597 | Portable firmware device - A method of providing new functionality to an electronic product is provided. The new functionality for the electronic product being installed via a new firmware load from a memory card. The new firmware load being released to the electronic product upon the provision of an authentication by the user of the electronic product that matches the authentification credentials stored within the memory card. In a further embodiment of the invention the authentication further supports the transfer of additional content relating to the authenticated user thereby providing the electronic device with a “personality” determined by the user. In another embodiment of the invention the new firmware load is “personalized” to the memory card such that it cannot be illegally duplicated or copied thereby allowing vendors to provide via the Internet new functionalities for electronic products on a procurement basis. | 04-09-2009 |
20090106556 | Method of providing assured transactions using secure transaction appliance and watermark verification - Disclosed is a method of improving electronic security by establishing a path between a user and a secure transaction appliance. The secure transaction appliance receiving information destined for the user which includes a tagged portion, said tagged portion triggering the secure transaction appliance to forward the information to the computer from which the request was issued, and to seeking an electronic signature to verify the content or transaction by transmitting a watermark, tagged portion of the content, or similar electronic content. The secure trusted path providing the user with the tagged portion incorporating additional elements such as a watermark, or in some embodiments only the additional elements, upon a personalized security device associated with the user making interception or manipulation more complex and difficult. | 04-23-2009 |
20100005317 | Securing temporary data stored in non-volatile memory using volatile memory - Temporary digital data received for storage in non-volatile memory are encoded using a key stored in volatile memory. The encoded digital data are then stored in the non-volatile memory. As long as there has been no interruption of supply of power to the volatile memory, the key is available enabling decoding of the encoded digital data stored in the non-volatile memory. Upon interruption of supply of power to the volatile memory the key is erased. Absent the key, access to the encoded digital data stored in the non-volatile memory is prevented. | 01-07-2010 |
20100031372 | METHOD AND SYSTEM FOR SECURE FLEXIBLE SOFTWARE LICENSING - When executing a licensing management application, data indicative of licensing privileges of a software application for simultaneous execution on a subset of a plurality of computers are received from a licensor of the software application. The data indicative of licensing privileges comprise data indicative of a licensing key. For each of a plurality of users a peripheral licensing device is provided and the data indicative of a licensing key are then stored in memory thereof. Data indicative of a total number of users—equal to a number of the subset—are determined and provided to the licensor, or storage of the licensing key is prevented, when the total number is greater than a predetermined number of the subset. After execution of the licensing management application and provision of each of the users with a respective peripheral licensing device, each of the users is enabled to execute the software application by interfacing the peripheral licensing device with one of the computers, after which the data indicative of a licensing key are retrieved and the software application is executed. | 02-04-2010 |
20100031373 | METHOD AND SYSTEM FOR SECURE FLEXIBLE SOFTWARE LICENSING - When executing a licensing management application, data indicative of licensing privileges of a software application for simultaneous execution on a subset of a plurality of computers are received from a licensor of the software application. The data indicative of licensing privileges comprise data indicative of a licensing key. For each of a plurality of users a peripheral licensing device is provided and the data indicative of a licensing key are then stored in memory thereof. Data indicative of a total number of users—equal to a number of the subset—are determined and provided to the licensor, or storage of the licensing key is prevented, when the total number is greater than a predetermined number of the subset. After execution of the licensing management application and provision of each of the users with a respective peripheral licensing device, each of the users is enabled to execute the software application by interfacing the peripheral licensing device with one of the computers, after which the data indicative of a licensing key are retrieved and the software application is executed. | 02-04-2010 |
20100100966 | METHOD AND SYSTEM FOR BLOCKING INSTALLATION OF SOME PROCESSES - A method includes providing a processor comprising memory for storing of blacklist data therein and memory for storing of programming data therein for execution on the processor. Version data indicative of a version of first programming data is retrieved from memory external to the processor. The version data is compared with blacklist data stored within the processor. When the blacklist data is indicative of the version data indicating a version of the programming data that is blacklisted, then the processor other than executes the first programming data. | 04-22-2010 |
20100186084 | REMOVABLE MEMORY STORAGE DEVICE WITH MULTIPLE AUTHENTICATION PROCESSES - A method comprises providing first user authentication data of a user and comparing the first user authentication data to first stored template data. When the comparison is indicative of a match, a first session is provided, which supports one of user access for retrieving first data that are stored within a peripheral memory storage device and user access for modifying a data content of the peripheral memory storage device. The first session does not support the other one of user access for retrieving first data that are stored within the peripheral memory storage device and user access for modifying a data content of the peripheral memory storage device. During the first session, second user authentication data of the same user is provided and compared to second stored template data. When the comparison is indicative of a match, a second session is provided, which does support the other one of user access for retrieving first data that are stored within the peripheral memory storage device and user access for modifying the data content of the peripheral memory storage device. | 07-22-2010 |
20100226585 | METHOD FOR DISPLAYING ENCODED IMAGE DATA - A method for displaying encoded image data includes providing data in an encoded form, the data when displayed forming a two-dimensional image. Using a decoding cellular automaton rule and a predetermined secret key, the data is processed through a plurality of iterations to obtain the data in a non-encoded form. A series of images resulting from the processing, and ending in the two-dimensional image, is displayed in time-sequence. The series of images contains information that is insufficient for determining the secret key, given knowledge of each one of the decoding cellular automaton rule, the data in the encoded form and the data in the non-encoded form | 09-09-2010 |
20110078347 | METHOD AND SYSTEM FOR SUPPORTING PORTABLE DESKTOP - A method is disclosed for a portable peripheral memory storage device. The peripheral memory storage device is coupled with a workstation. In a first mode of operation, a portion of the peripheral memory storage device is mounted on the workstation for operation therewith as a storage medium in a first mode of operation. In a second other mode of operation data within the peripheral memory storage device is used to support a personal desktop on the workstation. | 03-31-2011 |
20110078428 | PORTABLE DESKTOP DEVICE AND METHOD OF HOST COMPUTER SYSTEM HARDWARE RECOGNITION AND CONFIGURATION - A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device causes on a first boot, the host computer system to recognize hardware devices connected thereto, and to configure hardware configuration files of the portable desktop O/S in accordance with the recognized hardware. Once the hardware configuration files have been configured, the system is rebooted. On the second boot, the host computer determines that the portable desktop has been configured for its hardware, and initiates start-up of the portable desktop. | 03-31-2011 |
20110078785 | METHOD AND SYSTEM FOR SUPPORTING PORTABLE DESKTOP WITH ENHANCED FUNCTIONALITY - A method is disclosed for a peripheral portable desktop device. The peripheral portable desktop device is coupled with a workstation. In a second mode of operation, a portion of the peripheral portable desktop device is operatively coupled with the workstation for operation therewith to provide an ancillary function. In a first mode of operation data within the peripheral portable desktop device is used to support a personal desktop on the workstation. | 03-31-2011 |
20110078787 | METHOD AND SYSTEM FOR PROVISIONING PORTABLE DESKTOPS - A method is disclosed for provisioning of a peripheral portable desktop device. The peripheral portable desktop device is coupled with a workstation. A data file relating to an image for being stored within the peripheral portable desktop device is provided. The image includes secured data that is other than accessible absent user authorization data of a virtual user. Within the peripheral portable desktop device is stored data reflective of the image. A first user is then authorized to the peripheral portable desktop device by providing first user authorization data. For the first user is created a user account secured based on the first user authorization data. The account of the virtual user is accessed via the user account and the user account is configured to access the account of the virtual user upon access to the user account. | 03-31-2011 |
20110205020 | Method for improving false acceptance rate discrimination for biometric authentication systems - A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate. A user may input one or more biometric samples, where a portion of the biometric samples are inputted in a predetermined sequence, selecting from among a plurality of available processing units, a set of processing units which will generate intermediate results from the processing of the biometric samples, processing at least a portion of the biometric samples by the selected set of processing units to provide intermediate results, verifying the predetermined sequence, and arbitrating the intermediate results to generate a final result which at least meets a predetermined security policy. Various embodiments provide for a security token to perform at least a portion of the processing or the arbitration function. | 08-25-2011 |
20120060036 | Method of Providing Transactions Employing Advertising Based Verification - A method of improving electronic security establishes a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a first predetermined portion of a branded watermark, for instance an advertisement, provided from the institution in conjunction with the request, and a second predetermined portion of the branded watermark being provided upon a personalized device that cannot be intercepted or manipulated by malware, allowing the user to verify that the request as displayed upon the user's primary computing device is valid. | 03-08-2012 |
20120233358 | DEVICE AND METHOD FOR VERIFYING CONNECTIVITY - A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device once authenticated provides access to a portable desktop application that provides a beat signal to the portable desktop device. In an absence of the beat signal, the portable desktop device prevents access to the portable desktop application and/or data associated therewith. | 09-13-2012 |
20120324234 | FLEXIBLE METHOD OF USER AUTHENTICATION - A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorisation methods each requiring data only from available user information entry devices. The user then selects one of the determined authorisation methods for use in user authorisation. Optionally, each authorisation method is associated with a security level relating to user access to resources. Once the authorisation method is selected, the user provides user authorisation information in accordance with a determined user authorisation method and registration proceeds. | 12-20-2012 |
20120324545 | AUTOMATED SECURITY PRIVILEGE SETTING FOR REMOTE SYSTEM USERS - A method of secure communication involves determining that a remote system is trusted prior to authorizing secure communication therewith. A removable security device is coupled with a first system. When the first system communicates with a remote system securely, the remote system is evaluated to ensure that it is a trusted remote system prior to secure communication therewith being allowed. | 12-20-2012 |
20130067457 | METHOD AND SYSTEM FOR INSTALLING PORTABLE EXECUTABLE APPLICATIONS - According to the invention, a first executable environment is provided. The first executable environment is for execution within an operating system environment of a host computer system. The first executable environment is not an emulator for emulating any of another processor and another operating system. A software application is provided for installation and execution within the operating system environment. The software application is for fixed installation and not for installation in a portable fashion for being ported from one host computer system to another. The software application is then installed within the first executable environment, the installed software application installed within a removable peripheral memory storage device for execution within the first executable environment. | 03-14-2013 |
20130179676 | CLOUD-BASED HARDWARE SECURITY MODULES - A cloud-based hardware security device (HSM) providing core security functions of a physically controlled HSM, such as a USB HSM, while allowing user access within the cloud and from a user device, including user devices without input ports capable of direct connection to the HSM. The HSMs can be connected to multi-HSM appliances on the organization or user side of the cloud network, or on the cloud provider side of the cloud network. HSMs can facilitate multiple users, and multi-HSM appliances can facilitate multiple organizations. | 07-11-2013 |
20130219164 | CLOUD-BASED HARDWARE SECURITY MODULES - A cloud-based hardware security device (HSM) providing core security functions of a physically controlled HSM, such as a USB HSM, while allowing user access within the cloud and from a user device, including user devices without input ports capable of direct connection to the HSM. The HSMs can be connected to multi-HSM appliances on the organization or user side of the cloud network, or on the cloud provider side of the cloud network. HSMs can facilitate multiple users, and multi-HSM appliances can facilitate multiple organizations. | 08-22-2013 |
20130262864 | METHOD AND SYSTEM FOR SUPPORTING SECURE DOCUMENTS - A secure document is formed having a first secure section for being accessed by a first target. The first secure section includes encrypted data displayable within the document and for forming part of the displayed secure document. The secure document also includes a first security section for use in decrypting of the first secure section. The first security section has first section security data secured therein by first target security data that is accessible to the first target. Also, the first section security section is for being displayed within the document. Another secure document is formed having a reference to secure content, which reference can be decoded, whereupon a user can be authenticated, and the secure content downloaded and viewed by the authenticated user. | 10-03-2013 |
20130339716 | PORTABLE DESKTOP DEVICE AND METHOD OF HOST COMPUTER SYSTEM HARDWARE RECOGNITION AND CONFIGURATION - A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device causes on a first boot, the host computer system to recognize hardware devices connected thereto, and to configure hardware configuration files of the portable desktop O/S in accordance with the recognized hardware. Once the hardware configuration files have been configured, the system is rebooted. On the second boot, the host computer determines that the portable desktop has been configured for its hardware, and initiates start-up of the portable desktop. | 12-19-2013 |
20140150092 | METHOD AND APPARATUS FOR SECURE CREDENTIAL ENTRY WITHOUT PHYSICAL ENTRY - A method and apparatus are disclosed wherein a portable memory storage device is provided for interfacing with a communications port of the computer system. During operating system start up of the operating system of the computer, fields relating to security of the operating system are prompted for. The portable memory store retrieves from memory therein data for populating said fields and provides same to the computer system mimicking a data entry device other than a portable memory store. | 05-29-2014 |
20140156981 | PREBOOT ENVIRONMENT WITH SYSTEM SECURITY CHECK - Booting an operating system that includes a secure preboot environment that performs integrity checks against security threats. A computer system boots to a preboot environment, which performs integrity checks and other anti-malware operations. Once the preboot environment finishes, the system reboots into a regular environment. The preboot environment can reside on a secure portion of a flash memory, with a computer system booting therefrom; or the preboot environment can reside securely in the computer system. The preboot environment includes integrity checks for a regular environment, and anti-malware programming. Once the preboot environment is done, the computer system reboots into a regular environment, such as from the flash memory or on the computer system. The integrity checks confirm that files in the regular environment are unchanged or uninfected. The integrity checks include determining the accuracy of a trusted system configuration on the computer system, such as using a TPM. | 06-05-2014 |
20140156982 | BOOTABILITY WITH MULTIPLE LOGICAL UNIT NUMBERS - Bootability of a computer system with multiple LUNs. A flash device powers-on into a default LUN, from which the system boots, maintaining any other LUNs unavailable. The first LUN reconfigures the system to remove itself as the available LUN, to load a second LUN as the only available LUN, and to reboot the computer system into the newly available second LUN. The second LUN reconfigures the system to load any additional LUNs, such as removable storage on the flash drive. Upon reconfiguration, the system includes multiple LUNs. The second LUN includes an interpolated LUN driver, which exposes additional LUNs before operation of other device drivers. The interpolated LUN driver takes control during boot-up, exposing any available LUNs before the regular environment's operating system. | 06-05-2014 |
20140157362 | RECOVERING FROM UNEXPECTED FLASH DRIVE REMOVAL - Techniques for recovering from unexpected removal of (or other unexpected power loss) a flash memory device from a computer system. An interpolated device driver notes whenever the flash memory device is unexpectedly removed, or otherwise unexpectedly powers off or enters a locked state. If the flash memory device is reinserted, the interpolated device driver reinitializes the flash memory device, and satisfies any flash memory device security protocol, so the flash memory device and the computer system can be restored to their status just before unexpected removal. The interpolated device driver caches requests to the flash memory device, and when status is restored to just before removal, replays those requests to the flash memory device, so the flash memory device responds to those requests as if it had ever been removed. The computer system does not notice any break in service by the flash memory device due to removal and reinsertion. | 06-05-2014 |