Patent application number | Description | Published |
20140109168 | Automated role and entitlements mining using network observations - A role and entitlements mining system uses network intelligence to facilitate role definition. The system records traffic on a network. The traffic is analyzed to identify the user and application involved. The matched data is then provided to an analytics engine, which analyzes that data to attempt to derive an initial set of one or more roles and the application entitlements for each role. Each role derived by the analytics engine identifies one or more users who are identified as belonging to the role, as well as one or more application entitlements. Preferably, one or more directory services are then interrogated for known group and user relationships to detect whether the roles identified by the analytics engine can be modified or enriched. Evaluation of the known group and user relationships provides a way to identify a more granular set of role definitions. A role-based access control policy is then generated. | 04-17-2014 |
20140317730 | Providing a Domain to IP Address Reputation Service - An approach is provided to verify a network address. In the approach, a network address is received from a domain name service (DNS) based on a requested uniform resource locator (URL) that corresponds to a requested domain. A set of one or more network addresses previously established as corresponding to the requested domain is retrieved from a data store accessible from the information handling system. The information handling system is automatically connected to the network address in response to the received network address matching one of the set of one or more retrieved network addresses. | 10-23-2014 |
20140351370 | SHARING WEB APPLICATION SESSIONS ACROSS MULTIPLE DEVICES - A technique to at least partial transfer an active network communication session associated with a server and an authenticated user communicating through a first device. The at least partial transfer includes the following actions (not necessarily in the following order): (i) recording the network communication session on an inline network device; (ii) associating the network communication session with the second device on the inline network device; and (iii) sending session continuation information from the inline network device to at least the second device and/or the server. The first device is in data communication with the inline network device during at least a portion of the recording step. The session continuation information sent at the sending step includes information enabling the user to continue the active network communication session through the second device. The inline network device performs at least the associating step and the sending step under control of computer software running on computer hardware. | 11-27-2014 |
20140376722 | ACCESSING LOCAL APPLICATIONS WHEN ROAMING USING A NFC MOBILE DEVICE - A method of accessing local applications when roaming on a NFC mobile device may include creating a first partition and a second partition on a secure element (SE) of a subscriber identification module (SIM) of a near field communication (NFC) enabled device. The home TSM separates the first partition and the second partition by public key encryption. The home TSM generates cryptographic keys in response to a request by a roaming TSM for access to the second partition of the SIM. Following the exchange of security keys, the home TSM delegates to the roaming TSM access to the second partition of the SIM. | 12-25-2014 |
20140380044 | ACCESSING LOCAL APPLICATIONS WHEN ROAMING USING A NFC MOBILE DEVICE - A method of accessing local applications when roaming on a NFC mobile device may include creating a first partition and a second partition on a secure element (SE) of a subscriber identification module (SIM) of a near field communication (NFC) enabled device. The home TSM separates the first partition and the second partition by public key encryption. The home TSM generates cryptographic keys in response to a request by a roaming TSM for access to the second partition of the SIM. Following the exchange of security keys, the home TSM delegates to the roaming TSM access to the second partition of the SIM. | 12-25-2014 |
20150126108 | MANAGING DISTRIBUTION OF SOFTWARE UPDATES IN NEAR FIELD COMMUNICATION (NFC) MOBILE DEVICES - A method, system and a computer program product for managing distribution of software updates in Near Field Communication (NFC) mobile devices includes retrieving information of one or more softwares in one or more NFC mobile devices by a NFC reader in communication range with the one or more NFC mobile devices, transmitting the retrieved information from the NFC reader to a distribution server which determines if the one or more softwares requires an update based on the retrieved information, in response to said determination, receiving an available updated software or update components of the one or more softwares from the distribution server to the NFC reader and transmitting thereof from the NFC reader to a secure element of the one or more NFC mobile devices whose one or more softwares require an updation. | 05-07-2015 |
20150126110 | MANAGING DISTRIBUTION OF SOFTWARE UPDATES IN NEAR FIELD COMMUNICATION (NFC) MOBILE DEVICES - A method, system and a computer program product for managing distribution of software updates in Near Field Communication (NFC) mobile devices includes retrieving information of one or more softwares in one or more NFC mobile devices by a NFC reader in communication range with the one or more NFC mobile devices, transmitting the retrieved information from the NFC reader to a distribution server which determines if the one or more softwares requires an update based on the retrieved information, in response to said determination, receiving an available updated software or update components of the one or more softwares from the distribution server to the NFC reader and transmitting thereof from the NFC reader to a secure element of the one or more NFC mobile devices whose one or more softwares require an updation. | 05-07-2015 |
20150131797 | EXECUTING ELECTRONIC CONTRACT ON NFC ENABLED MOBILE DEVICES - A method, system and/or NFC (Near field communication) enabled mobile device is provided for executing an electronic contract on NFC enabled mobile devices. A first contracting party is provided to apply an electronic signature thereof in an electronic contract provided on a first NFC enabled mobile device used by the first contracting party, the electronic signature is applied through a secure element of the first NFC enabled mobile device. The electronically signed contract is transmitted from the first NFC enabled mobile device to a second NFC enabled mobile device used by a second contracting party for providing the second contracting party to apply an electronic signature thereof in the received electronically signed contract from the first NFC enabled mobile device through a secure element in the second NFC enabled mobile device. | 05-14-2015 |
20150134561 | EXECUTING ELECTRONIC CONTRACT ON NFC ENABLED MOBILE DEVICES - A method, system and/or NFC (Near field communication) enabled mobile device is provided for executing an electronic contract on NFC enabled mobile devices. A first contracting party is provided to apply an electronic signature thereof in an electronic contract provided on a first NFC enabled mobile device used by the first contracting party, the electronic signature is applied through a secure element of the first NFC enabled mobile device. The electronically signed contract is transmitted from the first NFC enabled mobile device to a second NFC enabled mobile device used by a second contracting party for providing the second contracting party to apply an electronic signature thereof in the received electronically signed contract from the first NFC enabled mobile device through a secure element in the second NFC enabled mobile device. | 05-14-2015 |
Patent application number | Description | Published |
20080270414 | Method and system for automating purpose usage selection on web sites - This invention automates the selection of purpose usages when a user agent interacts with a web site that has been enabled for automated purpose usage information exchange. A user first configures the purpose usage automation in his or her user agent. At this stage, which typically occurs off-line, the user decides on a level of automation when specifying the one or more purpose usages. If desired, this preference may depend on how “trusted” the site is to the user. Later, when the user navigates to an organization's web site, the user agent communicates the purpose usage settings to the organization according to the level of purpose usage automation that has been configured. In particular, when a user's agent visits a web site, the user agent detects that “automated purpose usage” is enabled for the web site. The web site then provides the user agent with a list of one or more purpose usage options required or desired by the organization. The user agent then determines the response for each purpose usage option. This determination may be completely automatic, or partially automated, depending on the user's configuration. The web site then receives the purpose usage selections. At this point, the user agent can provide PII and the user is assured that such information is managed or used by the organization only according to the user's desires. | 10-30-2008 |
20080270802 | METHOD AND SYSTEM FOR PROTECTING PERSONALLY IDENTIFIABLE INFORMATION - The present invention provides a way to protect PII (or, more generally, any user “sensitive” information) throughout its life cycle in an organization. The techniques described herein ensure that a user's PII is protecting during storage, access or transfer of the data. Preferably, this objective is accomplished by associating given metadata with a given piece of PII and then storing the PII and metadata in a “privacy protecting envelope.” The given metadata includes, without limitation, the privacy policy that applies to the PII, as well as a set of one more purpose usages for the PII that the system has collected from an end user's user agent (e.g., a web browser), preferably in an automated manner. Preferably, the PII data, the privacy policy, and the user preferences (the purpose usages) are formatted in a structured document, such as XML. The information in the XML document (as well as the document itself) is then protected against misuse during storage, access or transfer using one or more of the following techniques: encryption, digital signatures, and digital rights management. | 10-30-2008 |
20140059683 | Cooperative intrusion detection ecosystem for IP reputation-based security - An intrusion detection system (IDS) is enhanced to operate in a cluster of such systems, and IDSs organized into a cluster cooperate to exchange IP reputation influencing events information between or among the cooperating systems in real-time to enhance overall system response time and to prevent otherwise hidden attacks from damaging network resources. An IDS includes an IP reputation analytics engine to analyze new and existing events, correlate information, and to raise potential alerts. The IP reputation analytics engines may implement an algorithm, such as a pattern matching algorithm, a continuous data mining algorithm, or the like, to facilitate this operation. Clustering IDS endpoints to share IP reputation influencing events, using the cluster-wide view to determine IP reputation, and feeding the cluster-wide view back to the IDS endpoints, provides for enhanced and early detection of threats that is much more reliable and scalable as compared to prior art techniques. | 02-27-2014 |