Patent application number | Description | Published |
20090049510 | SECURING STORED CONTENT FOR TRUSTED HOSTS AND SAFE COMPUTING ENVIRONMENTS - Techniques for protecting content to ensure its use in a trusted environment are disclosed. The stored content is protected against harmful and/or defective host (or hosted) environments. A trusted security component provided for a device can verify the internal integrity of the stored content and the host before it allows the content to come in contact with the host. As a counter part, a trusted security component provided for the host can verify and attest to the integrity of the host and/or specific host computing environment that can be provided for the content stored in the device. The trusted security component provided for a device effectively verify the host integrity based on the information attested to by the trusted security component provided for the host. If the trusted security component trusts the host, it allows the trusted host to provide a trusted host computing environment trusted to be safe for the content stored in the device. A trusted host can effectively provide a safe virtual environment that allows a content representing a copy (or image) of an original computing environment to operate on the host computing system to give a similar appearance as the original computing environment. | 02-19-2009 |
20090106628 | SAFE COMMAND EXECUTION AND ERROR RECOVERY FOR STORAGE DEVICES - Techniques for execution of commands securely within a storage device are disclosed. Integrity of a command interpreter is verified before allowing it to execute commands within the storage device. The integrity of the commands can also be checked to safeguard against various threats including, for example, malicious attacks, unintentional errors and defects that can adversely affect stored content and execution. Error recovery techniques can be used to reconstruct the command interpreter and/or commands that are found to be defective. In addition, secure techniques can be used to obtain trusted versions of the command interpreter and/or commands from an authenticated external source. | 04-23-2009 |
20090125974 | Method and system for enforcing trusted computing policies in a hypervisor security module architecture - A method and system for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor. Upon receiving a request from a subject for access to an object, TC-related attribute values are obtained for the subject and the object based on a virtualized trusted platform module (vTPM). Access control decisions are the made based at least on the TC-related attribute values and TC-related policies. | 05-14-2009 |
20090199296 | DETECTING UNAUTHORIZED USE OF COMPUTING DEVICES BASED ON BEHAVIORAL PATTERNS - Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components. | 08-06-2009 |
20090265756 | SAFETY AND MANAGEMENT OF COMPUTING ENVIRONMENTS THAT MAY SUPPORT UNSAFE COMPONENTS - Techniques for managing and protecting computing environments are disclosed. A safe computing environment can be provided for ensuring the safety and/or management of a device. The safe computing environment can be secured by a safe component that isolates and protects it from unsafe computing environments which may also be operating. As a result, various security and management activities can be securely performed from a safe computing environment. A safe computing environment can, for example, be provided on a device as a safe virtual computing environment (e.g., a safe virtual machine) protected by a safe virtual computing monitor (e.g., a safe virtual machine monitor) from one or more other virtual computing environments that are not known or not believed to be safe for the device. It will also be appreciated that the safe components can, for example, be provided as trusted components for a device. As such, various trusted components (or agent) can operate in a trusted computing environment secured from interference by components that many not be trusted and perform various security and/or management tasks alone or in connection, for example, with other trusted components (e.g., trusted serves). | 10-22-2009 |
20090271844 | SAFE AND EFFICIENT ACCESS CONTROL MECHANISMS FOR COMPUTING ENVIRONMENTS - Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System). | 10-29-2009 |
20090300049 | VERIFICATION OF INTEGRITY OF COMPUTING ENVIRONMENTS FOR SAFE COMPUTING - Improved verification techniques for verification of the integrity of various computing environments and/or computing systems are disclosed. Verifiable representative data can effectively represent verifiable content of a computing environment, thereby allowing the integrity of the computing environment to be verified based on the verifiable representative data instead of the content being represented. Verifiable representative data can effectively include selected portions of the content (e.g., selected content which may be of general and/or specific security interest) and can be generally smaller than the verifiable content it represents. As such, it may generally be more efficient to use the verifiable representative data instead of the content it represents. Verifiable representative data can also be organized. By way of example, unstructured content (e.g., a configuration file written in text) can be effectively transformed based on a scheme (e.g., an XML schema) into a structured text-based content written in a structured language (e.g., XML). Verifiable organized representative data can be organized in accordance with various organizational aspects including, for example, structural, semantics, parameter verification, parameter simplification, and other organizational rules and/or preferences. Organization of verifiable organized representative data can be verified as an additional measure of its integrity, and by in large the integrity of a computing environment and/or system being effectively represented by the verifiable representative data. | 12-03-2009 |
20090300348 | PREVENTING ABUSE OF SERVICES IN TRUSTED COMPUTING ENVIRONMENTS - Methods and systems for regulating services provided by a first computing entity, such as a server, to a second computing entity, such as a client are described. A first entity receives a request for a service from a second entity over a network. The first entity determines whether the second entity has a trusted agent by examining an attestation report from the second entity. The first entity transmits a message to the second entity. The trusted agent on the second entity may receive the message. A response is created at the second computing entity and received at the first entity. The first entity then provides the service to the second entity. The first entity may transmit an attestation challenge to the second entity and in response receives an attestation report from the second entity. | 12-03-2009 |
20090319801 | Security-Enhanced Storage Devices Using Media Location Factor in Encryption of Hidden and Non-Hidden Partitions - Methods and devices for increasing or hardening the security of data stored in a storage device, such as a hard disk drive, are described. A storage device provides for increased or hardened security of data stored in hidden and non-hidden partitions of a storage medium in the device. An algorithm may be utilized for deriving a key that is used to encrypt or decrypt text before it is read from or written to the hard disk. The algorithm accepts as input a specific media location factor, such as an end address or start address of the block where the text is being read from or written to, and a secret key of the storage component. The output of the algorithm is a final key that may be used in the encryption and decryption process. Thus, in this manner, the final key is dependent on the location of the block where the data is being written or read, thereby making it more difficult to tamper with the data, which may be stored in a hidden or non-hidden partition of a hard disk. | 12-24-2009 |
20090323962 | SECURE MULTICAST CONTENT DELIVERY - In one embodiment, a method for establishing a secure multicast channel between a service provider and a terminal is provided. A request is received from the service provider for a configuration of the terminal. A configuration of the terminal at a first time is sent to the service provider. A security key is obtained, wherein the security is bound to the configuration of the terminal at the first time. Then the security key is decrypted using a configuration of the terminal at a second time, wherein the decryption fails if the configuration of the terminal at the second time is not identical to the configuration of the terminal at the first time. A secure multicast channel is then established with the service provider using the security key. | 12-31-2009 |
20090328141 | AUTHENTICATION, IDENTITY, AND SERVICE MANAGEMENT FOR COMPUTING AND COMMUNICATION SYSTEMS - Improved techniques for obtaining authentication identifiers, authentication, and receiving services are disclosed. Multiple devices can be used for receiving service from a servicing entity (e.g., Service Providers). More particularly, a first device can be used to authenticate a first entity (e.g., one or more persons) for receiving services from the servicing entity, but the services can be received by a second device. Generally, the first device can be a device better suited, more preferred and/or more secure for authentication related activates including “Identity Management.” The second device can be generally more preferred for receiving and/or using the services. In addition, a device can be designated for authentication of an entity. The device releases an authentication identifier only if the entity has effectively authorized its release, thereby allowing “User Centric” approaches to “Identity Management.” A device can be designated for obtaining authentication identifiers from an identity assigning entity (e.g., an Identity Provider). The authentication identifiers can be used to authenticate an entity for receiving services from a servicing entity (e.g., a Service Provider) that provides the services to a second device. The same device can also be designated for authentication of the entity. The device can, for example, be a mobile phone allowing a mobile solution and providing a generally more secure computing environment than the device (e.g., a Personal Computer) used to receive and use the services. | 12-31-2009 |
20100030964 | METHOD AND SYSTEM FOR SECURING INSTRUCTION CACHES USING CACHE LINE LOCKING - A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves providing security critical instructions to indicate a security critical code section; and implementing an I-cache locking policy to prevent unauthorized eviction and replacement of security critical instructions in the I-cache. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor. | 02-04-2010 |
20100030967 | METHOD AND SYSTEM FOR SECURING INSTRUCTION CACHES USING SUBSTANTIALLY RANDOM INSTRUCTION MAPPING SCHEME - A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves maintaining a different substantially random instruction mapping policy into an I-cache for each of multiple processes, and for each process, performing a substantially random mapping scheme for mapping a process instruction into the I-cache based on the substantially random instruction mapping policy for said process. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor. | 02-04-2010 |
20100106976 | REPRESENTATION AND VERIFICATION OF DATA FOR SAFE COMPUTING ENVIRONMENTS AND SYSTEMS - Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value. By effectively dividing the data into multiple portions in multiple processing streams and processing them in parallel to determine multiple hash values simultaneously, the time required for hashing the data can be reduced in comparison to conventional techniques that operate to determine a hash value for the data as a whole and in a single processing stream. As a result, the time required for integrity verification can be reduced, thereby allowing safe features to be extended to devices that may operate with relatively limited resources (e.g., mobile and/or embedded devices) as well as improving the general efficiency of device that are or will be using safety features (e.g., Trusted Computing (TC) device). | 04-29-2010 |
20100117873 | INTEGRATING HASHING AND DECOMPRESSION OF COMPRESSED DATA FOR SAFE COMPUTING ENVIRONMENTS AND SYSTEMS - Techniques for hashing and decompression of data are disclosed. Hashing and decompression of compressed data can be integrated in order to effectively hash and decompress the compressed data at the same time. The integrated hashing and decompression techniques of the invention are useful for any computing environment and/or system where compressed data is hashed and decompressed. The invention is especially useful for safe computing environment and/or system (e.g., a Trusted Computing (TC) computing environment) where hashing decompression of compressed data can be routinely performed. The Integrity of a computing environment and/or system can be protected by integrating the decompressing and hashing of the compressed data or effectively hashing and decompressing the compressed data at the same time. A combined hashing and decompression function can be provided based on conventional hashing and compression functions by integrating their similar components and in an efficient manner. | 05-13-2010 |
20100121927 | SECURE INTER-PROCESS COMMUNICATION FOR SAFER COMPUTING ENVIRONMENTS AND SYSTEMS - Techniques for Inter-Process Communication (IPC) in a more secure manner are disclosed. A communication component operating outside of an operating system can obtain operating-system data pertaining to processes that also operate outside of the operating system. The operating-system data can be more reliable than information that may have been provided by the processes, thereby allowing more secure IPC and consequently a more secure computing environment and/or system. A communication component can also be operable to make control decisions regarding the IPC data (e.g., IPC messages) based on the information provided and/or originated by the operating system (or operating-system data) and/or effectively provide the operating-system data pertaining to a sender process to its intended recipient process. A recipient process can also be operable to obtain the operating-system data pertaining to a sender process. Moreover, a recipient process can make control decisions regarding the IPC data originated by the sender process based on the operating-system data effectively provided and/or originated by the operating system rather than the sender process, thereby allowing the recipient process to make control decisions based on information provided by a more reliable (e.g., Trusted) source. | 05-13-2010 |
20100122314 | ACTIVE ACCESS MONITORING FOR SAFER COMPUTING ENVIRONMENTS AND SYSTEMS - Techniques for controlling access are disclosed. The techniques can be used for reference monitoring in various computing systems (e.g., computing device) including those that may be relatively more susceptible to threats (e.g., mobile phones). Allowed access can be disallowed. In other words, permission to access a component can be effectively withdrawn even though access may be on-going. After permission to access a component has been allowed, one or more disallow access conditions or events can be effectively monitored in order to determine whether to withdraw the permission to access the component. As a result, allowed access to the component can be disallowed. Access can be disallowed by effectively considering the behavior of a component in the aggregate and/or over a determined amount of time. By way of example, a messaging application can be disallowed access to a communication port if the messaging application sends more messages than an acceptable limit during a session or in 4 hours. Disallow-access policies, rules and/or conditions can be defined and modified, for example, by end-users and system administrators, allowing a customizable and flexible security environment that is more adaptable to change. | 05-13-2010 |
20100131590 | EXTENDING THE CAPABILITY OF COMPUTING DEVICES BY USING DYNAMICALLY SCALABLE EXTERNAL RESOURCES - Techniques for extending the capabilities of computing environments and/or systems are disclosed. A scalable and dynamic external computing resource can be used in order to effectively extend the internal computing capabilities of a computing environment or system. The scalable and dynamic external computing resource can provide computing resources that far exceed the internal computing resources, and provide the services as needed, and in a dynamic manner at execution time. As a result, a computing device may function with relatively limited and/or reduced computing resources (e.g., processing power, memory) but have the ability to effectively provide as much computing services as may be needed, and provide the services when needed, on demand, and dynamically during the execution time. | 05-27-2010 |
20100131592 | EXECUTION ALLOCATION COST ASSESSMENT FOR COMPUTING SYSTEMS AND ENVIRONMENTS INCLUDING ELASTIC COMPUTING SYSTEMS AND ENVIRONMENTS - Techniques for assessing the cost of allocation of execution and affecting the allocation of execution are disclosed. The cost of allocation of execution to or between a first computing device (e.g., a mobile device) and one or more computing resource providers (e.g., one or more Clouds) can be determined during runtime of the executable code. It will be appreciated that a computing system can operate independently of the first computing device and one or more computing resource providers and provide execution allocation cost assessment as a service to the first computing device and/or one or more computing resource providers. Execution allocation cost can be assessed (or determined) based on execution allocation data pertaining to the first computing device and/or one or more computing resource providers. By way of example, power consumption of a mobile device can be used as a factor in determining how to allocate individual components of an application program (e.g., weblets) between a mobile phone and a Cloud. The invention is especially suited for Elastic computing environment and systems. In an Elastic computing environment, scalable and dynamic external computing resources can be used in order to effectively extend the computing capabilities beyond that which can be provided by internal computing resources of a computing system or environment. | 05-27-2010 |
20100131966 | FLAT OR EXTENDED ARCHITECTURE USING AN INTEGRATED APPLICATION AND OPERATING SYSTEM COMPONENT FOR COMPUTING SYSTEMS AND ENVIRONMENTS - An architectural model can use integrated and/or flat (or extended) approaches. An “integrated application and OS” component can effectively integrate at least one computer application program with one or more OS functions, in an integrated approach. The integrated application and OS component can be provided in or as an upper level system (or layer) in relation to a lower level system (or layer). The lower level system can include an OS operable to perform a reduced set of operating system functions not including one or more functions that can be performed by the integrated application and OS component of the upper layer. Furthermore, the OS may be specialized and/or optimized for the components of the upper level system including the integrated application and OS component. By way of example, the OS may be specialized and/or optimized for Web-based and/or Browser-based applications of the integrated application and OS component. In a flat approach, one or more components can be provided as adjacent components in an upper level, thereby allowing effective extension of the upper level to accommodate various needs including, for example, the need for new hardware, or customization for a particular situation. An adjacent component can, for example, include one or more operating system components not provided by the OS (e.g., Device Drivers) and/or one or more functions that are not provided by the operating system (e.g., application management, security and/or isolation of applications), effectively serve as an interface to another adjacent layer and/or the OS, or provide Real-Time Operating System (RTOS). | 05-27-2010 |
20100162240 | CONSISTENT SECURITY ENFORCEMENT FOR SAFER COMPUTING SYSTEMS - Security can be enforced in a consistent manner with respect to various computing environments that may be operable in a computing system. Consistent security criteria can be generated, based on input security criterion, in a computer readable and storable form and stored in a computer readable storage medium, thereby allowing the consistent security criterion to be effectively provided to a computing system for enforcement of the input security criterion in a consistent manner with respect to, for example, (a) a first executable computer code effectively supported by an Operating System (OS), and (b) a second computer code effectively supported by the Virtual Computing Environment (VCE). A Trusted Component (TC) can effectively provide a consistent security criterion as a part and/or form that is suitable for a particular computing environment. The TC can, for example, be an automated tool that performs various functions including: verifying the consistency of security criteria, generation and deployment of consistent security criteria, and transformation of security criteria to parts and/or forms suitable for various computing environments. In addition, a Virtual Computing Environment (VCE) can obtain from the Operating System (OS) one or more security criteria. The Virtual Computing Environment (VCE) can be operable in a Trusted Computing Environment (TCE) and interface with a Trusted Operating System (TOS) that effectively enforces Mandatory Access Control (MAC), thereby allowing the Virtual Computing Environment (VCE) to leverage the security provided by the OS. The OS can, for example, be a Security-Enhanced Linux (SELinux) Operating System operating as a Trusted Component in a Trusted Environment that includes a Trusted Security Agent (TSA) operable to deploy consistent security criteria. | 06-24-2010 |
20100293559 | SHARING INPUT/OUTPUT (I/O) RESOURCES ACROSS MULTIPLE COMPUTING SYSTEMS AND/OR ENVIRONMENTS - Techniques for achieving Input/Output I/O coalition across multiple computing systems and/or environments (e.g., computing devices) are disclosed. I/O coalition can be achieved by allowing one or more internal I/O devices of a first computing device to be effectively shared with a second computing device while one or more I/O devices of the second computing device is effectively shared with the first computing device. An Input-Output Coalition Management (IOCM) system can be provided for each the computing devices to facilitate I/O coalition between them. An IOCM system can, for example, be provided as Virtual Input-Output Computing Environment (VIOCE). By way of example, one or more Virtual Machines (VMs) can be provided to effectively support one or more Virtual Device Drivers (VDDs). An IOCM system can also be provided as and/or by an Operating System (OS). Furthermore, an IOCM system of a first computing device can be operable to switch between: (i) use of a first I/O device of the first computing device, (ii) use of a second I/O device of a second computing device, and (iii) use of a third I/O device of a third computing device. | 11-18-2010 |
20110004574 | EXECUTION ALLOCATION COST ASSESSMENT FOR COMPUTING SYSTEMS AND ENVIRONMENTS INCLUDING ELASTIC COMPUTING SYSTEMS AND ENVIRONMENTS - Techniques for allocating individually executable portions of executable code for execution in an Elastic computing environment are disclosed. In an Elastic computing environment, scalable and dynamic external computing resources can be used in order to effectively extend the computing capabilities beyond that which can be provided by internal computing resources of a computing system or environment. Machine learning can be used to automatically determine whether to allocate each individual portion of executable code (e.g., a Weblet) for execution to either internal computing resources of a computing system (e.g., a computing device) or external resources of an dynamically scalable computing resource (e.g., a Cloud). By way of example, status and preference data can be used to train a supervised learning mechanism to allow a computing device to automatically allocate executable code to internal and external computing resources of an Elastic computing environment. | 01-06-2011 |
20110004916 | SECURELY USING SERVICE PROVIDERS IN ELASTIC COMPUTING SYSTEMS AND ENVIRONMENTS - Access permission can be assigned to a particular individually executable portion of computer executable code (“component-specific access permission”) and enforced in connection with accessing the services of a service provider by the individually executable portion (or component). It should be noted that least one of the individually executable portions can request the services when executed by a dynamically scalable computing resource provider. In addition, general and component-specific access permissions respectively associated with executable computer code as a whole or one of it specific portions (or components) can be cancelled or rendered inoperable in response to an explicit request for cancellation. | 01-06-2011 |
20110282940 | CLOUD-BASED WEB WORKERS AND STORAGES - In accordance with one aspect of the invention, web workers and local storages can be extended to a cloud-based environment. This allows web workers to be executed on any of a number of different cloud platforms located in a cloud, leveraging available resources to provide a quicker and more efficient processing environment for the various web workers. The present invention also provides these functionalities in a way that is transparent to not just the user, but also to the web page developer as well, eliminating the need for the web page developer to be aware of the cloud-based environment and design the web page for use therewith. | 11-17-2011 |
20120166806 | Method and Apparatus to Use Identify Information for Digital Signing and Encrypting Content Integrity and Authenticity in Content Oriented Networks - A content router comprising storage configured to cache, in a content oriented network (CON), a content object with a signature signed by a publisher based on a known identity to a subscriber; and a transmitter coupled to the storage and configured to forward the content object with the signature upon request to the subscriber, wherein the subscriber uses the signature to verify one of the content object's integrity and the content object's authenticity based on the known identity without verifying a trust of a publisher key for the publisher, and wherein the known identity is trusted by the publisher and does not require verifying trust from the publisher. | 06-28-2012 |
20120174181 | Method and Apparatus to Create and Manage a Differentiated Security Framework for Content Oriented Networks - A network component comprising a receiver configured to receive a signed content item and an associated security information from a publisher, wherein the security information indicates which group from a plurality of groups is allowed to access the signed content item, a storage unit configured to cache the content item and the associated security information, a processor to implement procedures to enforce security policies defined by the security information, and a transmitter configured to send the signed content item from the cache to a subscriber when the subscriber is a member of a group indicated by the security information as authorized to access the signed content item. | 07-05-2012 |
20120180126 | Probable Computing Attack Detector - A probable computing attack detector monitors electrical power consumption of a computing device. Task data may be acquired for at least one task operating on the computing device. A predicted electrical power consumption may be calculated for the computing device employing a user-centric power model and the task data. A probable attack may be detected when the electrical power consumption disagrees with the predicted electrical power consumption by a determined margin. | 07-12-2012 |
20120204224 | Method and Apparatus for a Control Plane to Manage Domain-Based Security and Mobility in an Information Centric Network - A networking system comprising a virtual group controller in an information centric network configured to enable mobility and security for a plurality of users groups of the information centric network, a plurality of user groups coupled to the virtual group controller and associated with the users, a plurality of agents that are each associated with one of the user groups, and a database for trusted service profile coupled to the virtual group controller, wherein the virtual group controller is configured to interact with the agents to enable mobility for the user groups using a server-less domain-based naming scheme. | 08-09-2012 |
20120265884 | EXECUTION ALLOCATION COST ASSESSMENT FOR COMPUTING SYSTEMS AND ENVIRONMENTS INCLUDING ELASTIC COMPUTING SYSTEMS AND ENVIRONMENTS - Techniques for assessing the cost of allocation of execution and affecting the allocation of execution are disclosed. The cost of allocation of execution between a first computing device (e.g., mobile device) and one or more computing resource providers (e.g., Clouds) can be determined during runtime of the code. A computing system can operate independently of the first computing device and a computing resource provider and provide execution allocation cost assessment. Execution allocation cost can be assessed based on execution allocation data pertaining to the first computing device and computing resource providers. Power consumption of a mobile device can be used as a factor in determining how to allocate individual components of an application program between a mobile phone and a Cloud. In an Elastic computing environment, external computing resources can be used to extend the computing capabilities beyond that which can be provided by internal computing resources. | 10-18-2012 |
20120297088 | Selective Content Routing and Storage Protocol for Information-Centric Network - A network component comprising a receiver configured to receive an advertisement for a content name for content associated with a list of secured router identifiers (SRIDs) that indicates a plurality of content routers authorized for routing and caching the content, a processor configured to determine whether to flood the advertisement to a plurality of neighboring nodes if a locally assigned SRID is included in the list of SRIDs received in the advertisement or to drop the advertisement otherwise, a transmitter configured to flood the advertisement on a plurality of ports coupled to the neighboring nodes, and a storage configured to cache received content if the received content is associated with the locally assigned SRID. | 11-22-2012 |
20120317655 | Method for Flexible Data Protection with Dynamically Authorized Data Receivers in a Content Network or in Cloud Storage and Content Delivery Services - A networking system comprising an application service that runs on a cloud infrastructure and is configured to receive dual encrypted content from a content provider and re-encrypt the dual encrypted content to enable dynamic user group control for group-based user authorization, and a cloud storage service coupled to the application service and configured to store the dual encrypted content from the content provider and the re-encrypted dual encrypted content from the application service, wherein the application service and the storage service are configured to communicate and operate with a content delivery service that uses a content delivery network (CDN) to deliver the re-encrypted content to one or more users in a group authorized by the content provider. | 12-13-2012 |
20130016695 | Method and Apparatus for Seamless Mobility Techniques in Content-Centric Network - A networking system for a content-centric-network (CCN)/named-data networking (NDN) comprising a first point of attachment (PoA) configured to communicate with a mobile node (MN) and maintain a forwarding state for the MN to support seamless mobility for the MN, and a second PoA configured to communicate with the MN and obtain the forwarding state for the MN from the first PoA after a handoff of the MN from the first PoA to the second PoA, wherein the forwarding state is used to exchange a plurality of interests and a plurality of data responses between the MN and the CCN/NDN. | 01-17-2013 |
20130039249 | Seamless Mobility Schemes in Named-Data Networking Using Multi-Path Routing and Content Caching - A content-centric-network (CCN)/named-data networking (NDN) system to support seamless mobility for a mobile node (MN) comprising a first point of attachment (PoA) configured to indicate to the MN that attaches to the first PoA one or more neighbor PoAs and to multicast an interest for content from the MN to the neighbor PoAs in a CCN or NDN when the MN starts a handoff procedure, and a second PoA from the one or more neighbor PoAs of the first PoA configured to receive the multicast interest from the first PoA, forward the interest to the CCN or NDN, receive content data from the CCN or NDN, and forward the content data to the MN. | 02-14-2013 |
20130060962 | Generalized Dual-Mode Data Forwarding Plane for Information-Centric Network - A networking system comprising a content router for an information-centric network (ICN) comprising a content store (CS), a pending interest table (PIT), a forwarding information base (FIB), and a plurality of interfaces, and configured to receive and forward interest from one or more users and data from one or more applications via the interfaces using a dual-mode data forwarding plane, and a plurality of next hop nodes of the ICN coupled to the content router and configured to forward the interest and data to the content router via the interfaces, wherein the dual-mode forwarding plane forwards the interest and data using the FIB without the CS and PIT for conversational traffic and using the CS, PIT, and FIB for content dissemination traffic. | 03-07-2013 |
20130205387 | Method and Apparatus to Authenticate a User to a Mobile Device Using Mnemonic Based Digital Signatures - A user device comprising a processor configured to enable a mnemonic based digital signature scheme for user authentication that is based on a combination of one or more secrets and one or more actions implemented on the user device and associated with the secrets, and a device input system coupled to the processor and configured to detect the actions implemented on the user device. Also disclosed is an apparatus comprising a processor configured to implement a mnemonic based digital signature for authenticating a user, a device input system configured to enable the mnemonic based digital signature, and a memory unit configured to store input data that is used to recognize the mnemonic based digital signature, wherein the mnemonic based digital signature comprises a secret, an action associated with the secret and implemented using the device input system, and a cue associated with the action. | 08-08-2013 |
20130275752 | METHOD AND SYSTEM FOR SECURE MULTIPARTY CLOUD COMPUTATION - One embodiment of the present invention provides a system for performing secure multiparty cloud computation. During operation, the system receives multiple encrypted datasets from multiple clients. An encrypted dataset associated with a client is encrypted from a corresponding plaintext dataset using a unique, client-specific encryption key. The system re-encrypts the multiple encrypted datasets to a target format, evaluates a function based on the re-encrypted multiple datasets to produce an evaluation outcome, and sends the evaluation outcome to the multiple clients, which are configured to cooperatively decrypt the evaluation outcome to obtain a plaintext evaluation outcome. | 10-17-2013 |
20130282860 | Name-Based Neighbor Discovery and Multi-Hop Service Discovery in Information-Centric Networks - A content router, comprising a plurality of physical links to other nodes in an information centric network, a receiver coupled to the plurality of physical links configured to receive messages, a transmitter coupled to the plurality of physical links configured to transmit messages, and a service publishing and discovery (SPD) module comprising a processor and memory device coupled to the receiver and to the transmitter, wherein the SPD is configured to store status updates of the physical links, wherein the SPD is configured to determine a next hop and a number of hops to forward a received message based on a prefix in a name-based service discovery protocol name of a received message. | 10-24-2013 |