Patent application number | Description | Published |
20080263361 | Cryptographically strong key derivation using password, audio-visual and mental means - A security system that uses a cryptographic key derived from human interaction with media. The system employs a set of parameters that includes user responses to graphical media and/or audio data, among other parameters. The architecture adds a fourth dimension to the conventional authentication means in order to make at least an offline attack on the key much more difficult. In addition to a standard set of parameters such as password, salt (random bits inserted into the encryption process) and iteration count, the system further utilizes information in the form of “what the user does” by presenting and prompting the user to interact with media in some way. The media can include audio information, video information, and/or image information, for example. | 10-23-2008 |
20080301784 | Native Use Of Web Service Protocols And Claims In Server Authentication - Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use. | 12-04-2008 |
20080320554 | SECURE DATA STORAGE AND RETRIEVAL INCORPORATING HUMAN PARTICIPATION - A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves. | 12-25-2008 |
20090328140 | ADVANCED SECURITY NEGOTIATION PROTOCOL - This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP). | 12-31-2009 |
20100228982 | FAST-RECONNECTION OF NEGOTIABLE AUTHENTICATION NETWORK CLIENTS - Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process. | 09-09-2010 |
20110154505 | UNOBTRUSIVE ASSURANCE OF AUTHENTIC USER INTENT - Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions. | 06-23-2011 |
20120216240 | PROVIDING DATA SECURITY THROUGH DECLARATIVE MODELING OF QUERIES - Data security is implemented through a query based policy constraining a primary table. Nested tables inherit the security policy by implementing the policy queries of the primary table. Operations on nested tables such as join actions execute the security policy queries once due to inheritance from the primary table therefore optimizing query modeling. A security policy may respond to a context or a role by executing queries responsive to the context. | 08-23-2012 |
20140114955 | SEARCH-AS-YOU-TYPE ON A RELATIONAL DATABASE - A search system, separate from a relational database, generates an index of information in the relational database that can be used to look up business records (or entities). A search system, that is also separate from the relational database, receives typing or other character inputs in a search user input mechanism and generates queries against the index based on the typing inputs, or other character inputs, received. The search system returns results and modifies those results as additional typing inputs, or characters, are received. | 04-24-2014 |
20140359587 | DEEPLY PARALLEL SOURCE CODE COMPILATION - Abstract Syntax Trees (ASTs) are generated using the source code of a programming language that include information relating to the structure of the program. The generation of the ASTs may be performed in parallel. The types are split into a number of modules (e.g. configurable) that form an assembly. During the different stages of the compilation process, each module may be compiled in parallel. As the different modules are being compiled (e.g. in parallel), compiler metadata from the different modules may be written to a repository accessible by the different compilation processes. After flowing through the compilation pipeline, each of the enriched ASTs are used for code generation where they are transformed into the target language (e.g. a code stream that can be executed on hardware). The executable code is then stored as part of the assembly. The storage of the code may also be performed in parallel. | 12-04-2014 |