Patent application number | Description | Published |
20080310186 | LIGHT EMITTING DEVICE WITH MICROLENS ARRAY - A method of manufacturing a micro-lens array and light-emitting device, comprising forming a first structured polymer film with close packed surface cavities having a mean diameter of less than 20 micrometers and a relatively lower surface energy surface, forming a transparent second structured film with an array of microlenses formed thereon corresponding to the cavities of the first structured film, wherein the second structured film comprises a relatively high surface energy material and has a refractive index greater than 1.45, and wherein the microlenses are randomly distributed, separating the second structured film with the micro-lens array from the first structured polymer film, and attaching the second structured film to a transparent substrate or cover of a light-emitting device through which light is emitted. Use of microlens arrays formed from relatively high surface energy materials enables matching refractive index of microlens array to that of light-emitting devices substrate or cover through which light is emitted and relatively high elastic modulus providing good scratch resistance. | 12-18-2008 |
20090092770 | Sensitized photochemical switching for cholesteric liquid crystal displays - The present invention relates to photo-tunable dopant compositions comprising a photo-reactive chiral compound capable of undergoing a photochemical reaction resulting in the loss of chirality, and a triplet sensitizer. The present invention also relates to a display comprising a substrate, a liquid crystalline layer thereon, wherein the liquid crystalline layer comprises a nematic host, at least one chiral dopant, a photo-reacted compound, and a triplet sensitizer, and at least one transparent conductive layer. The present invention also relates to a method of tuning a cholesteric liquid crystal material comprising providing at least one mesogenic compound, at least one triplet sensitizer, and at least one photo-reactive chiral compound; combining the at least one mesogenic compound, at least one triplet sensitizer, and at least one photo-reactive chiral compound to form a mixture; and irradiating the mixture for a period of time. | 04-09-2009 |
20090092907 | Sensitized photochemical switching for cholesteric liquid crystal displays - The present invention relates to photo-tunable dopant compositions comprising a photo-reactive chiral compound capable of undergoing a photochemical reaction resulting in the loss of chirality, and a triplet sensitizer. The present invention also relates to a display comprising a substrate, a liquid crystalline layer thereon, wherein the liquid crystalline layer comprises a nematic host, at least one chiral dopant, a photo-reacted compound, and a triplet sensitizer, and at least one transparent conductive layer. The present invention also relates to a method of tuning a cholesteric liquid crystal material comprising providing at least one mesogenic compound, at least one triplet sensitizer, and at least one photo-reactive chiral compound; combining the at least one mesogenic compound, at least one triplet sensitizer, and at least one photo-reactive chiral compound to form a mixture; and irradiating the mixture for a period of time. | 04-09-2009 |
20090316417 | Light-redirecting article - A method for forming a light-redirecting article is provided wherein a surface of a substrate is conditioned by applying a layer of an embedment material. A close-packed layer of microspheres is assembled using drying-assisted self-assembly and applied to the conditioned surface. Microspheres are then embedded halfway into the surface of the layer of the embedment material. | 12-24-2009 |
20100068418 | Sensitized Photochemical Switching for Cholesteric Liquid Crystal Displays - The present invention relates to photo-tunable dopant compositions comprising a photo-reactive chiral compound capable of undergoing a photochemical reaction resulting in the loss of chirality, and a triplet sensitizer. The present invention also relates to a display comprising a substrate, a liquid crystalline layer thereon, wherein the liquid crystalline layer comprises a nematic host, at least one chiral dopant, a photo-reacted compound, and a triplet sensitizer, and at least one transparent conductive layer. The present invention also relates to a method of tuning a cholesteric liquid crystal material comprising providing at least one mesogenic compound, at least one triplet sensitizer, and at least one photo-reactive chiral compound; combining the at least one mesogenic compound, at least one triplet sensitizer, and at least one photo-reactive chiral compound to form a mixture; and irradiating the mixture for a period of time. | 03-18-2010 |
20100224313 | LIGHT EMITTING DEVICE WITH MICROLENS ARRAY - A method of manufacturing a micro-lens array and light-emitting device, comprising forming a first structured polymer film with close packed surface cavities having a mean diameter of less than 20 micrometers and a relatively lower surface energy surface, forming a transparent second structured film with an array of microlenses formed thereon corresponding to the cavities of the first structured film, wherein the second structured film comprises a relatively high surface energy material and has a refractive index greater than 1.45, and wherein the microlenses are randomly distributed, separating the second structured film with the micro-lens array from the first structured polymer film, and attaching the second structured film to a transparent substrate or cover of a light-emitting device through which light is emitted. Use of microlens arrays formed from relatively high surface energy materials enables matching refractive index of microlens array to that of light-emitting devices substrate or cover through which light is emitted and relatively high elastic modulus providing good scratch resistance. | 09-09-2010 |
Patent application number | Description | Published |
20090222561 | Method, Apparatus and Computer Program Product Implementing Session-Specific URLs and Resources - Methods, apparatus and computer program products implement session-specific URIs for allocating network resources by receiving a request from a user for at least one network resource; assigning a session-specific URI to the at least one network resource for use in identifying the at least one network resource and controlling access to the at least one network resource; updating a network directory service with the session-specific URI; and communicating the session-specific URI to the user. The user communicates the session-specific URI to other participants in the session during which the at least one network resource will be used. After a pre-determined time, the session ends and the at least one network resource is de-allocated by, for example, changing the URI of the at least one network resource. Frequent changes of URIs hinder efforts by unauthorized individuals to gain access to network resources. | 09-03-2009 |
20100011421 | ENABLING AUTHENTICATION OF OPENID USER WHEN REQUESTED IDENTITY PROVIDER IS UNAVAILABLE - A method, system and computer program product for enabling authentication of an OpenID user when a requested identity provider is unavailable. A relying party receives a login request from the OpenID user, where the login request includes a username. The relying party reads a list of trusted identity providers that are associated with the received username and selects one of those identity providers. The relying party generating an OpenID identifier using an identification (e.g., Uniform Resource Locator) of the selected identity provider and the username. The relying party transmits an authentication request (request to authenticate the OpenID user) to the selected identity provider using the formed OpenID identifier. If the selected identity provider is unavailable, then the relying party selects another identity provider from the list of identity providers that are associated with the received username and repeats the above process. | 01-14-2010 |
20120210407 | ENABLING AUTHENTICATION OF OpenID USER WHEN REQUESTED IDENTITY PROVIDER IS UNAVAILABLE - A method and computer program product for enabling authentication of an OpenID user when a requested identity provider is unavailable. A relying party receives a login request from the OpenID user, where the login request includes a username. The relying party reads a list of trusted identity providers that are associated with the received username and selects one of those identity providers. The relying party generating an OpenID identifier using an identification (e.g., Uniform Resource Locator) of the selected identity provider and the username. The relying party transmits an authentication request (request to authenticate the OpenID user) to the selected identity provider using the formed OpenID identifier. If the selected identity provider is unavailable, then the relying party selects another identity provider from the list of identity providers that are associated with the received username and repeats the above process. | 08-16-2012 |
20120219144 | VIRTUALIZING HUMAN AGENTS ACROSS MULTIPLE LOCATIONS - Methods and arrangements for virtualizing human agents across multiple locations. A first agent is associated with a first contact center and a second agent is associated with a second contact center. An availability status of the second agent is published, both to the first contact center and to the second contact center. An incoming communication is accepted at the first contact center and a free status of the second agent is ascertained. The incoming communication is routed from the first contact center to the second agent. | 08-30-2012 |
20120246098 | Role Mining With User Attribution Using Generative Models - Applications of machine learning techniques such as Latent Dirichlet Allocation (LDA) and author-topic models (ATM) to the problems of mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements are provided. In one aspect, a method for performing role mining given a plurality of users and a plurality of permissions is provided. The method includes the following steps. At least one generative machine learning technique, e.g., LDA, is used to obtain a probability distribution θ for user-to-role assignments and a probability distribution β for role-to-permission assignments. The probability distribution θ for user-to-role assignments and the probability distribution β for role-to-permission assignments are used to produce a final set of roles, including user-to-role assignments and role-to-permission assignments. | 09-27-2012 |
20130097103 | Techniques for Generating Balanced and Class-Independent Training Data From Unlabeled Data Set - Techniques for creating training sets for predictive modeling are provided. In one aspect, a method for generating training data from an unlabeled data set is provided which includes the following steps. A small initial set of data is selected from the unlabeled data set. Labels are acquired for the initial set of data selected from the unlabeled data set resulting in labeled data. The data in the unlabeled data set is clustered using a semi-supervised clustering process along with the labeled data to produce data clusters. Data samples are chosen from each of the clusters to use as the training data. The selecting, presenting, clustering and choosing steps are repeated with one or more additional sets of data selected from the unlabeled data set until a desired amount of training data has been obtained, wherein at each iteration an amount of the labeled data is increased. | 04-18-2013 |
Patent application number | Description | Published |
20140196103 | GENERATING ROLE-BASED ACCESS CONTROL POLICIES BASED ON DISCOVERED RISK-AVERSE ROLES - Generating role-based access control policies is provided. A user-permission relation is generated by extracting users and permissions assigned to each of the users from a stored access control policy. A user-attribute relation is generated by mapping the users to attributes describing the users. A permission-attribute relation is generated by mapping the permissions to attributes describing the permissions. The set of risk-averse roles, assignment of the set of risk-averse roles to the users, and assignment of the permissions to the set of risk-averse roles are determined based on applying a risk-optimization function to the generated user-permission relation, the generated user-attribute relation, and the generated permission-attribute relation. A role-based access control policy that minimizes a risk profile of the set of risk-averse roles, the assignment of the set of risk-averse roles to the users, and the assignment of the permissions to the set of risk-averse roles is generated. | 07-10-2014 |
20140196104 | GENERATING ROLE-BASED ACCESS CONTROL POLICIES BASED ON DISCOVERED RISK-AVERSE ROLES - Generating role-based access control policies is provided. A user-permission relation is generated by extracting users and permissions assigned to each of the users from a stored access control policy. A user-attribute relation is generated by mapping the users to attributes describing the users. A permission-attribute relation is generated by mapping the permissions to attributes describing the permissions. The set of risk-averse roles, assignment of the set of risk-averse roles to the users, and assignment of the permissions to the set of risk-averse roles are determined based on applying a risk-optimization function to the generated user-permission relation, the generated user-attribute relation, and the generated permission-attribute relation. A role-based access control policy that minimizes a risk profile of the set of risk-averse roles, the assignment of the set of risk-averse roles to the users, and the assignment of the permissions to the set of risk-averse roles is generated. | 07-10-2014 |
20140304199 | ESTIMATING ASSET SENSITIVITY USING INFORMATION ASSOCIATED WITH USERS - Automatically estimating a sensitivity level of an information technology (IT) asset in one aspect may obtain information about an asset. Characteristics of the asset assigned based on the information may be compared with stored characteristics of known sensitive assets. A sensitivity level of the asset may be determined based on the comparing. | 10-09-2014 |
20140304821 | ESTIMATING ASSET SENSITIVITY USING INFORMATION ASSOCIATED WITH USERS - Automatically estimating a sensitivity level of an information technology (IT) asset in one aspect may obtain information about an asset. Characteristics of the asset assigned based on the information may be compared with stored characteristics of known sensitive assets. A sensitivity level of the asset may be determined based on the comparing. | 10-09-2014 |
20140359692 | Techniques for Reconciling Permission Usage with Security Policy for Policy Optimization and Monitoring Continuous Compliance - In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) identifying at least one of the policy items mapped in step (a) that is in violation of least privilege based on a comparison of an actual permission usage with the security policy; (c) identifying at least one of the policy items mapped in step (a) that increases operational risk; (d) verifying that policy constructs in the security policy are consistent with policy constructs inferred from the actual permission usage; and (e) identifying optimizations of the security policy based on output from one or more of steps (a)-(d). | 12-04-2014 |
20140359695 | Techniques for Reconciling Permission Usage with Security Policy for Policy Optimization and Monitoring Continuous Compliance - In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) identifying at least one of the policy items mapped in step (a) that is in violation of least privilege based on a comparison of an actual permission usage with the security policy; (c) identifying at least one of the policy items mapped in step (a) that increases operational risk; (d) verifying that policy constructs in the security policy are consistent with policy constructs inferred from the actual permission usage; and (e) identifying optimizations of the security policy based on output from one or more of steps (a)-(d). | 12-04-2014 |
20150033221 | SANITIZATION OF VIRTUAL MACHINE IMAGES - Sanitizing a virtual machine image of sensitive data is provided. A label for a sensitivity level is attached to identified sensitive data contained within each software component in a plurality of software components of a software stack in a virtual machine image based on labeling policies. In response to receiving an input to perform a sanitization of the identified sensitive data having attached sensitivity level labels contained within software components of the software stack in the virtual machine image, the sanitization of the identified sensitive data having the attached sensitivity level labels contained within the software components of the software stack in the virtual machine image is performed based on sanitization policies. | 01-29-2015 |
20150033223 | SANITIZATION OF VIRTUAL MACHINE IMAGES - Sanitizing a virtual machine image of sensitive data is provided. A label for a sensitivity level is attached to identified sensitive data contained within each software component in a plurality of software components of a software stack in a virtual machine image based on labeling policies. In response to receiving an input to perform a sanitization of the identified sensitive data having attached sensitivity level labels contained within software components of the software stack in the virtual machine image, the sanitization of the identified sensitive data having the attached sensitivity level labels contained within the software components of the software stack in the virtual machine image is performed based on sanitization policies. | 01-29-2015 |
20150067835 | Detecting Anomalous User Behavior Using Generative Models of User Actions - An apparatus for detecting abnormal behavior of users is disclosed. The apparatus identifies from a log of user activity, a first number of actions performed by a user over a first time period that match a pattern of user activity for a task associated with one or more roles of the users. The apparatus also identifies from the log of user activity, a second number of actions performed by the user over a second time period that match the pattern of user activity. The apparatus calculates an amount of deviation between the first number of actions and the second number of actions. The deviation identifies a difference between amounts of time spent in the one or more roles. The apparatus then determines whether the amount of deviation between the first number of actions and the second number of actions exceeds a threshold for abnormal behavior. | 03-05-2015 |
20150067845 | Detecting Anomalous User Behavior Using Generative Models of User Actions - A method for detecting abnormal behavior of users is disclosed. Processors identify from a log of user activity, a first number of actions performed by a user over a first time period that match a pattern of user activity for a task associated with one or more roles of the users. Processors also identify from the log of user activity, a second number of actions performed by the user over a second time period that match the pattern of user activity. Processors calculate an amount of deviation between the first number of actions and the second number of actions. The deviation identifies a difference between amounts of time spent in the one or more roles. Processors then determine whether the amount of deviation between the first number of actions and the second number of actions exceeds a threshold for abnormal behavior. | 03-05-2015 |
20150082377 | GENERATION OF ATTRIBUTE BASED ACCESS CONTROL POLICY FROM EXISTING AUTHORIZATION SYSTEM - Attributes relevant to at least one existing authorization system are identified. Noise removal from identified attributes of the at least one existing authorization system is performed. An attribute based access control (ABAC) policy is generated from remaining identified attributes to derive logical rules that grant or deny access. | 03-19-2015 |
20150188931 | DETECTING MALICIOUS CIRCUMVENTION OF VIRTUAL PRIVATE NETWORK - An embodiment directed to a method is associated with a VPN that may be used to access resource servers. Upon determining that the VPN has been accessed by a specified client, resource servers are identified, which each has an address and may receive traffic routed from the client through the VPN. The method further comprises sending a message corresponding to each identified resource server to the client, wherein the message to corresponding to a given one of the identified resources is intended to cause a response to be sent from the client to the address of the given identified resource server. Responses to respective messages sent to the client are used to determine whether a route for traffic from the client to the VPN has been compromised. | 07-02-2015 |
20150242486 | DISCOVERING COMMUNITIES AND EXPERTISE OF USERS USING SEMANTIC ANALYSIS OF RESOURCE ACCESS LOGS - Generating communities of users and discovering the expertise of those users are provided. Identifications of a plurality of users that accessed resources via a network, types of actions performed by the plurality of users on the resources, and names of the resources accessed by the plurality of users are extracted from retrieved resource access logs. The plurality of users are grouped into a plurality of different sets of users based on which resources were accessed and which type of actions were performed by each particular user within the plurality of users. The communities of users are generated based on each different set of users having a similarity with regard to the resources that were accessed and the types of actions that were performed by a particular set of users. | 08-27-2015 |
20150326594 | NETWORK DATA COLLECTION AND RESPONSE SYSTEM - Embodiments include a network data collection and response system for enhancing security in an enterprise network providing a user-supplied computing device with access to the network. A network data collection and response system tracks network activity of the device and maintains a device inventory recording the device type and configuration information for the device along with a resource utilization profile for the device. The network data collection and response system detects high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a data monitoring agent installed on the device and implements a response action to mitigate the high-risk or unauthorized network. | 11-12-2015 |