| Patent application number | Description | Published |
|---|
| 20080201415 | PEER TO PEER NETWORK - A system and method for data distribution is disclosed. A bulletin board is employed to maintain a list of requests from nodes in the system. The requests indicate data requested and identify the node making the request. Nodes are able to post requests for data as long as they maintain a minimum performance level. Additionally, the nodes periodically check in with the bulletin board and receive the list of requests from the bulletin board. On determining to satisfy a particular request by a node, the node (serving node) contacts a requesting node (identified in the request) and transfers the requested data to the requesting node. After successful completion of the transfer, the requesting node reports to the bulletin board that the node has filled the request and the request is removed from the list of requests. | 08-21-2008 |
| 20080209557 | SPYWARE DETECTION MECHANISM - A system and method that facilitates and effectuates detection of malware secreted and/or hidden in plain sight on a machine. The system and method in order to achieve its aims generates a list of all loaded modules, identifies from the list a set of modules common to more than a threshold number of processes, and eliminates from the list those modules included in an authentication list. The resultant list is prioritized based, in one instance, on the number of occurrences a particular module makes in the resultant list, and thereafter the list is distributed analyst workstations. | 08-28-2008 |
| 20080276098 | ONE-TIME PASSWORD ACCESS TO PASSWORD-PROTECTED ACCOUNTS - Systems and methods facilitate secure one-time-password access to an account in a remote server from an untrusted client. The system consists of an intermediary component whose salient components are a proxy component, a webserver component, and an encryption/decryption component, and it preserves the characteristics of both the server and client. In a man-in-the-middle fashion, the proxy substitutes a one-time password entered at a login interface with a true password, and forwards it to the remote login server. True passwords are encrypted using a seed associated with user identifiers, and a list of one-time passwords is generated/updated and stored on media or transmitted to an electronic device. Substitution takes place by decrypting the one-time password with the seed used for encryption, ensuring the proxy avoids storing the true password. | 11-06-2008 |
| 20080320310 | IMAGE BASED SHARED SECRET PROXY FOR SECURE PASSWORD ENTRY - The claimed subject matter provides systems and/or methods that facilitate utilizing a shared secret to obscure a password within a sequence of characters. The sequence of characters can include the password as well as noise. The shared secret can leverage utilizing a set of known images that a user can uniquely distinguish from random images. By employing the imaged based shared secret, the user can login to a server from an untrusted machine suspected to be infected with spyware such as a keylogger that tracks user input. | 12-25-2008 |
| 20090327719 | COMMUNICATION AUTHENTICATION - Systems and methods that establish trust between a receiver (e.g., a user) and a sender of a message by authenticating such sender through demonstration of knowledge for a shared secret—yet without revealing such secret. A messaging component can convey messages as directed by the shared secret to communication systems that are under control of the user. Accordingly, the user can readily determine that the sender of the message is what such sender claims to be, since the sender has demonstrated a knowledge of the shared secret by sending the message to the communication system as determined by the user. Moreover, by not actually revealing the shared secret during communication, robustness of the secret is typically ensured. | 12-31-2009 |
| 20100037319 | TWO STAGE ACCESS CONTROL FOR INTELLIGENT STORAGE DEVICE - Systems and methods that resist malicious attacks on an intelligent storage device via an access control component that supplies security at a dual layer of defense. Such dual layer defense encompasses both resistance to brute force (e.g., unauthorized users), and resistance to a replay attack (e.g., a malicious code residing on a machine that hosts the intelligent storage device.) Accordingly, an access control component includes an anti malicious user component and an anti malicious code component, which can resist malicious attacks from both a person and a host unit with a malicious code residing thereon. | 02-11-2010 |
| 20100071052 | REVERSE PROXY ARCHITECTURE - Aspects of the subject matter described herein relate to a reverse proxy architecture. In aspects, a client that seeks to access a Web document via a proxy sends a request to the reverse proxy. The reverse proxy obtains the Web document from a server indicated by the request and modifies links therein so that if the links are clicked on or otherwise fetched by the client, the communication goes back to the reverse proxy. The reverse proxy may also modify cookies, if needed, so that the cookies refer to a domain or hostname associated with the reverse proxy. | 03-18-2010 |
| 20100107218 | SECURED COMPARTMENT FOR TRANSACTIONS - Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment. | 04-29-2010 |
| 20100293608 | EVIDENCE-BASED DYNAMIC SCORING TO LIMIT GUESSES IN KNOWLEDGE-BASED AUTHENTICATION - Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold. | 11-18-2010 |
| 20100312548 | Querying Dialog Prompts - Implementations use hash values in proxy for images to enable aggregating of images for creating a knowledge base regarding certain images determined to be of interest. | 12-09-2010 |
