Patent application number | Description | Published |
20080235229 | ORGANIZING SCENARIO-RELATED INFORMATION AND CONTROLLING ACCESS THERETO - Mechanisms for organizing scenario solution-related information based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. Such metadata may be stored in association with a scenario solution execution workspace and/or in association with a user-specific information store. Once such information is acquired, a user may desire to share the information, or a portion thereof, with one or more other users, for instance, the members of a user group. However, often times, the user would prefer that the information not be made available to the general public. Thus, mechanisms for controlling access to user-specific information are also provided. | 09-25-2008 |
20080235807 | File System Operation and Digital Rights Management (DRM) - File system interaction with digital rights management (DRM) is facilitated by enabling one or more file system components to be DRM-aware. These one or more file system components may be part of a computer operating system. An exemplary system implementation includes: one or more processors; and one or more media in operative communication therewith, the media storing one or more file system components that are configured to provide content having DRM controls to a requesting program in either a raw form or a decrypted form in dependence on whether the DRM controls comprise simple DRM content controls or complex DRM content controls. In another exemplary system implementation, the one or more file system components are configured to provide files with simple DRM content controls to requesting applications in a decrypted form and to provide files with complex DRM content controls to requesting applications in an unaltered form. | 09-25-2008 |
20090097660 | MULTI-FACTOR CONTENT PROTECTION - Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient's use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key. | 04-16-2009 |
20090178129 | SELECTIVE AUTHORIZATION BASED ON AUTHENTICATION INPUT ATTRIBUTES - Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input. | 07-09-2009 |
20100242102 | Biometric credential verification framework - Use of a biometric identification device in a client computer system to subsequently access an authentication system includes receiving biometric sample data which is digitally signed and combining the data with a user ID and PIN. This package of data is then securely transmitted to a biometric matching server to validate the user and the biometric sample. Once validated, the biometric matching server return the data package plus a temporary certificate and a public/private key pair to the client computer. The client computer may then use this information to access an authentication system to subsequently gain access to a secure resource. | 09-23-2010 |
20110085664 | SYSTEMS AND METHODS FOR MANAGING MULTIPLE KEYS FOR FILE ENCRYPTION AND DECRYPTION - Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key. | 04-14-2011 |
20110239288 | EXECUTABLE CODE VALIDATION IN A WEB BROWSER - An active filter monitors a web browser session to identify executable code transmitted in the session. The executable code may be analyzed to determine if the code is digitally signed. When the code is digitally signed by the web server or by another trusted source, the code may be executed. When the code is neither digitally signed or when the source is not trusted, the code may be rejected and not executed. The filter may be implemented as a web browser component or plugin, as well as a gateway device, proxy, or other service. The filter may also be implemented on the server side to reject incoming data that may include unauthenticated code. | 09-29-2011 |
20120117662 | FILE SYSTEM OPERATION AND DIGITAL RIGHTS MANAGEMENT (DRM) - A file system is configured for use with files protected by digital rights management (DRM) content controls and to interact both with applications that are, and are not, DRM aware. The file system may be configured for use by two applications, in a manner that may provide the second application with protected files if the first application was previously allowed access. In one example, a user context cache of DRM-protected files is created. The files in the cache may have been decrypted in response to a request(s) from the first application. Subsequent requests from the second application may be received for files within the user context cache of DRM-protected files. At least one of the files within the user context cache of DRM-protected files may be provided to the second application if the second application has a joint user context with the first application. | 05-10-2012 |
20120174200 | DIGITAL IDENTITY MANAGEMENT - One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer. | 07-05-2012 |
20120221844 | OPERATING SYSTEM EXPERIENCE STATES - Aspects of the subject matter described herein relate to operating system experience states. Input may be received that requests a change from a current experience state to a target experience state. In response, state data may be obtained that indicates allowed experience states as well as component data that indicates components and relationships between components in the target experience state. This state data may then be used to change from the current experience state to a target experience state. The target experience state may be used, for example, to configure a server or other operating system. | 08-30-2012 |
20120304167 | Software Image Distribution - Aspects of the subject matter described herein relate to image distribution. In aspects, portions of an installation image of an operating system may be distributed to one or more repositories. In conjunction with determining a distribution of the installation image, one or more factors may be received. Based on the factor(s), a distribution manager may determine one or more repositories over which the data of the installation image is to be distributed. An indication of this distribution may be persisted for use in obtaining the data from the one or more repositories for installing, configuring, and/or re-configuring the operating system. | 11-29-2012 |
20130145428 | DENIAL OF SERVICE ATTACK RESISTANT INPUT PORT - An input port for a computer system may retain potentially authenticable requests for processing while removing other connection requests from an incoming queue or request pool. The input port may continue to receive new requests even during a denial of service attack, allowing potentially legitimate requests to be processed. In a typical embodiment, a first in, first out buffer may be used to receive and process connection requests. When the buffer is full, any request that comes from a device having a previous connection with the computer system may be retained for authentication, while removing requests that come from unknown devices. Some embodiments may retain a list of known devices associated with administrators or other known users, and the list may be updated as those users are authenticated. | 06-06-2013 |
20140366108 | Digital Identity Management - One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer. | 12-11-2014 |
Patent application number | Description | Published |
20100011432 | AUTOMATICALLY DISTRIBUTED NETWORK PROTECTION - A network protection solution is provided by which security capabilities of a client machine are communicated to a network security gateway so that a variety of processes can be automatically and dynamically distributed between the gateway and the client machine in a way that achieves a target level of security for the client while consuming the least possible amount of resources on the gateway. For example, for a client that is compliant with specified health and/or corporate governance policies and which is known to have A/V capabilities that are deployed and operational, the network security gateway will not need to perform additional A/V scanning on incoming network traffic to the client which can thus save resources at the gateway and lower operating costs. | 01-14-2010 |
20100162346 | SELECTING SECURITY OFFERINGS - Methods, systems, and computer-readable media are disclosed for selecting a set of security offerings. A particular method includes receiving a security need profile associated with a computing environment and receiving security offering information related to a plurality of security offerings. The security offerings of the plurality of security offerings are evaluated with respect to the security need profile. A set of security offerings from the plurality of security offerings are automatically selected. | 06-24-2010 |
20100263049 | VULNERABILITY DETECTION BASED ON AGGREGATED PRIMITIVES - Methods, systems, and computer-readable media are disclosed for detecting vulnerabilities based on aggregated primitives. A particular method includes receiving a plurality of data transmissions. At least one of the data transmissions includes a protocol anomaly that is not indicative of a security threat. The method includes identifying a plurality of primitives associated with the data transmissions. The primitives are aggregated, and an attack condition is identified based on the aggregated primitives. A security alert is generated based on the identified attack condition. | 10-14-2010 |