Настройки

Укажите год
-

Небесная энциклопедия

Космические корабли и станции, автоматические КА и методы их проектирования, бортовые комплексы управления, системы и средства жизнеобеспечения, особенности технологии производства ракетно-космических систем

Подробнее
-

Мониторинг СМИ

Мониторинг СМИ и социальных сетей. Сканирование интернета, новостных сайтов, специализированных контентных площадок на базе мессенджеров. Гибкие настройки фильтров и первоначальных источников.

Подробнее

Форма поиска

Поддерживает ввод нескольких поисковых фраз (по одной на строку). При поиске обеспечивает поддержку морфологии русского и английского языка
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Укажите год
Укажите год
Применить Всего найдено 6220. Отображено 100.
15-03-2012 дата публикации

System and method for performing a management operation

Номер: US20120066499A1
Автор: James L. Mondshine, Lan Wang, Valiuddin Y. Ali
Принадлежит: Hewlett Packard Development Co LP

There is provided a system and method of performing a management operation. An exemplary method comprises receiving a command that comprises information derived from a private key in response to a request to generate the command for an electronic device. The exemplary method also comprises verifying a source of the command using the information derived from the private key and a corresponding public key stored in an immutable memory of the electronic device. The exemplary method additionally comprises performing a management operation corresponding to the command if the verifying of the source of the command determines that the command is from an authorized source.

Подробнее
Номер записи: 1
19-04-2012 дата публикации

Application Identity Design

Номер: US20120096533A1
Автор: Prasanta Kumar Behera, Thomas Nabiel Boulos
Принадлежит: Salesforce com Inc

Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.

Подробнее
Номер записи: 2
19-04-2012 дата публикации

Information processing apparatus, control method therefor, and program

Номер: US20120096544A1
Автор: Yasuhiro Hosoda
Принадлежит: Canon Inc

There are provided an information processing apparatus which provides a user credential sharing service on a user credential sharing condition intended by a vendor that creates an application, and a control method for the information processing apparatus. To accomplish this, the information processing apparatus generates sharing settings which defines a sharing condition for each item of a user credential among applications according to a manifest file acquired from each application. Upon receiving a request of a user credential from one of the applications, the information processing apparatus provides the user credential to the requesting application according to the generated sharing settings.

Подробнее
Номер записи: 3
24-05-2012 дата публикации

Identity management trust establishment method, identity provider and service provider

Номер: US20120131642A1
Автор: Jianyong Chen, Yijun Zheng, YUAN Li, Zhaoji Lin, Zhimeng Teng
Принадлежит: ZTE Corp

A method for establishing an identity management trust, and an IDentification Provider (IDP) and a Service Provider (SP) are provided in the present disclosure. The method comprises: after receiving an access from a user, an SP determines whether an IDP to which the user attaches is located in a trust domain of the SP (S 102 ); if the IDP to which the user attaches is not located in the trust domain of the SP, the SP inquires of an IDP in a local trust domain about the IDP to which the user attaches (S 104 ); if the SP receives information of the IDP to which the user attaches, wherein the information is returned by an IDP in the local trust domain, the SP adds the IDP to which the user attaches to a temporary trust list to establish a trust for the IDP to which the user attaches (S 106 ). The present disclosure can establish a trust relationship between an SP and any IDP in case of adding or not adding extra devices, ensuring the user to obtain desired services after logging on for one time.

Подробнее
Номер записи: 4
26-07-2012 дата публикации

Systems and methods of identifying and handling abusive requesters

Номер: US20120191693A1
Автор: James Alexander
Принадлежит: Vizibility Inc

Aspects relate to categorizing requests for online resources as originating from spiders or not. Such resources are associated with respective contacts, and if a non-spider requests a resource, then a contact associated with that resource can be notified. The resources can each comprise a profile associated with a contact. For example, a profile can be a profile comprising information about a person, such as contact information, selected search results, and a pre-defined query that can be used with a given search engine. Personal whitelists or whitelists specific to a particular resource can be used to determine whether or not a given requesting entity should be treated as a spider or not when requesting that resource.

Подробнее
Номер записи: 5
09-08-2012 дата публикации

Protecting web authentication using external module

Номер: US20120204242A1
Автор: Ram Cohen
Принадлежит: Activepath Ltd

Systems, methods, computer program products, and networks for protecting web authentication. In some examples a system for protecting web authentication includes a web client and a validator which is external to the web client. In these examples, the validator is configured to enable at least one validation item which is provided to a web server during web user authentication to be protected from possible tampering by the web client.

Подробнее
Номер записи: 6
16-08-2012 дата публикации

Network communication system, server system, and terminal

Номер: US20120210177A1
Автор: Junko SUGINAKA, Yoshihisa Furukawa
Принадлежит: Individual

A network communication system includes a network, a system of authentication servers, and a terminal. The system of the authentication servers includes a plurality of servers that execute a predetermined process in response to an authentication request from the terminal. The terminal includes a connection destination list storage unit that stores information concerning a preset prioritized connection order of connection with the server, fault determining means that, when an authentication request is made to the server, determines whether a traffic fault occurs on the server, and priority order setting means that, if the fault determining means determines that a traffic fault occurs on the server, changes connection to a next server in accordance with the connection order.

Подробнее
Номер записи: 7
30-08-2012 дата публикации

Partial authentication for access to incremental data

Номер: US20120222093A1
Автор: Hernan Badenes, Hongxia Jin, Jeffrey Scott Pierce, Julian Ariel Cerruti, Mateo Nicolas Bengualid
Принадлежит: International Business Machines Corp

Embodiments of the invention relate to partial authentication to access incremental information. An aspect of the invention concerns a method of authorizing access to information that comprises providing an initial segment of a password wherein the password includes password segments each associated with an incremental portion of the information. In response to the initial password segment satisfying an expected value, the method may authorize access to the information portion associated with the initial password segment. The method may authorize access to other information portions associated with subsequent segments of the password in response to the subsequent password segments satisfying respectively expected values.

Подробнее
Номер записи: 8
13-09-2012 дата публикации

Securing asynchronous client server transactions

Номер: US20120233664A1
Автор: Harold Moss, Mary Ellen Zurko, Steven A. Bade
Принадлежит: International Business Machines Corp

A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.

Подробнее
Номер записи: 9
20-12-2012 дата публикации

Virtual identity manager

Номер: US20120323686A1
Автор: Doug Burger, Lili Cheng, Stelios Paparizos, Xuedong Huang
Принадлежит: Microsoft Corp

A computing system and method for managing an identity of a user are provided. A server may be configured to communicate with each of a plurality of client devices in corresponding request and response streams. An inference engine is configured to monitor the request and response streams for identifying factors that distinguish each of the plurality of client devices from other of the plurality of client devices. Upon detecting one or more of the identifying factors for each of the two or more client devices that match within a threshold probability, the inference engine makes an inference that two or more of the plurality of client devices are used by the user. Based upon the inference, the inference engine creates a virtual identity record at the server linking the two or more client devices.

Подробнее
Номер записи: 10
27-12-2012 дата публикации

Information processing apparatus, control method therefor, and storage medium storing program

Номер: US20120327465A1
Автор: Tetsuya Yamada
Принадлежит: Canon Inc

The invention acquires a destination corresponding to a group to which an authenticated user belongs by searching a user management unit configured to manage a plurality of destinations respectively corresponding to a plurality of users and information of a group to which each of the plurality of users belongs, and sets to transmit data to the acquired destination.

Подробнее
Номер записи: 11
10-01-2013 дата публикации

Secure Credential Unlock Using Trusted Execution Environments

Номер: US20130013928A1
Автор: Himanshu Soni, Kirk Shoop, Magnus Nyström, Marc R. Barbour, Nick Voicu, Robert K. Spiger, Stefan Thom, Xintong Zhou
Принадлежит: Microsoft Corp

Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data.

Подробнее
Номер записи: 12
21-03-2013 дата публикации

Diagnostic and managing distributed processor system

Номер: US20130073110A1
Автор: Carlton G. Amadahl, Karl S. Johnson, Ken Nguyen, Walter A. Wallach
Принадлежит: Individual

A network of microcontrollers for monitoring and diagnosing the environmental conditions of a computer is disclosed. The network of microcontrollers provides a management system by which computer users can accurately gauge the health of their computer. The network of microcontrollers provides users the ability to detect system fan speeds, internal temperatures and voltage levels. The invention is designed to not only be resilient to faults, but also allows for the system maintenance, modification, and growth—without downtime. Additionally, the present invention allows users to replace failed components, and add new functionality, such as new network interfaces, disk interface cards and storage, without impacting existing users. One of the primary roles of the present invention is to manage the environment without outside involvement. This self-management allows the system to continue to operate even though components have failed.

Подробнее
Номер записи: 13
04-04-2013 дата публикации

UPDATING RESOURCE ACCESS PERMISSIONS IN A VIRTUAL COMPUTING ENVIRONMENT

Номер: US20130086648A1
Автор: Jaudon Joe, Lowrey David, Williams Adam
Принадлежит: Aventura HQ, Inc.

Methods, systems, and devices are described for updating resource access permissions in a virtual computing environment. In these methods, systems, and devices, a host computer system determines that a user associated with an existing session has moved from a first location associated with a first set of access permissions to a second location associated with a second set of access permissions. The second set of access permissions is applied at the host computer to the existing session based on the determination that the user has moved to the second location. The user is then allowed to access the existing session from the second location according to the second set of access permissions. 1. A system for implementing a virtual computing environment , comprising: host a session associated with a user;', 'determine that a user associated with an existing session has moved from a first location associated with a first set of access permissions to a second location associated with a second set of access permissions;', 'apply the second set of access permissions to the existing session based on the determination that the user has moved to the second location; and', 'allow the user to access the existing session from the second location according to the second set of permissions; and', 'a client device configured to communicate with the host computer system to provide a user interface to the existing session for the user at the second location., 'a host computer system configured to2. The system of claim 1 , wherein the host computer system is further configured to:retrieve at least one access permission rule associated with the second location from a data store;wherein the applying the second set of access permissions to the existing session comprises applying the at least one access permission rule to the existing session.3. The system of claim 2 , wherein the at least one access permission rule is associated with at least one action claim 2 , wherein the host computer ...

Подробнее
Номер записи: 14
11-04-2013 дата публикации

MULTI-MODALITY, MULTI-RESOURCE, INFORMATION INTEGRATION ENVIRONMENT

Номер: US20130091170A1
Автор: Flask Chris A., JR. Raymond F., Mueller Remo Sebastian Wolfgang, Muzic, Szymanski Jacek, Troy Adam, Wilson David L., Zhang Guo-Qiang
Принадлежит:

A multi-modality, multi-resource, information integration environment system is disclosed that comprises: (a) at least one computer readable medium capable of securely storing and archiving system data; (b) at least one computer system, or program thereon, designed to permit and facilitate web-based access of the at least one computer readable medium containing the secured and archived system data; (c) at least one computer system, or program thereon, designed to permit and facilitate resource scheduling or management; (d) at least one computer system, or program thereon, designed to monitor the overall resource usage of a core facility; and (e) at least one computer system, or program thereon, designed to track regulatory and operational qualifications. 1. A multi-modality , multi-resource , information integration environment system comprising:(a) at least one computer readable medium capable of securely storing and archiving system data;(b) at least one computer system, or program thereon, designed to permit and facilitate web-based access of the at least one computer readable medium containing the secured and archived system data;(c) at least one computer system, or program thereon, designed to permit and facilitate resource scheduling or management;(d) at least one computer system, or program thereon, designed to monitor the overall resource usage of a core facility; and(e) at least one computer system, or program thereon, designed to track regulatory and operational qualifications.2. The system of claim 1 , wherein the at least one computer system claim 1 , or program thereon claim 1 , designed to monitor the overall resource usage of a core facility comprises compiling a profile of usage statistics of equipment and types of supported projects.3. The system of claim 1 , wherein the at least one computer system claim 1 , or program thereon claim 1 , is based on an open source program.4. The system of claim 3 , wherein the at least one computer system claim 3 , ...

Подробнее
Номер записи: 15
11-04-2013 дата публикации

Application marketplace administrative controls

Номер: US20130091542A1
Автор: Gabriel A. Cohen
Принадлежит: Google LLC

The subject matter of this specification can be embodied in, among other things, a method that includes receiving, by one or more servers associated with an application marketplace, a policy that includes data that identifies one or more users, and a restricted permission. A request is received, by the servers associated with the application marketplace, to access one or more applications that are distributed through the application marketplace, wherein the request includes data that identifies a particular one of the users. One or more of the applications that are associated with the restricted permission are identified by the servers associated with the application marketplace, and access by the particular user to the applications that are associated with the restricted permission is restricted by the servers associated with the application marketplace.

Подробнее
Номер записи: 16
18-04-2013 дата публикации

SYSTEM AND METHOD FOR ELECTRONIC TRANSACTION AUTHORIZATION

Номер: US20130097673A1
Автор: Alward Herbert Lewis, Meehan Timothy Erickson
Принадлежит: IDENTITY METRICS LLC

A system and a related method are disclosed for authenticating an electronic transaction. Input behavioral data is captured related to measured interactions with at least one input device. The input data is compared to probability distribution representations for a demographic group and for a wide population, performing the measured interaction(s). The system is configured to authenticate the electronic transaction based on the comparing. 1. A computerized system for authenticating an electronic transaction , the system comprising: data characteristics for a purported authorized user of an electronic system based on a plurality of measured interactions with one or more input devices of the electronic system,', 'a user probability distribution representation for an authorized user based on a plurality of measured interactions with an input device,', 'a global probability distribution representation for a wide population based on a plurality of measured interactions with an input device; and, 'a digital storage assembly storing'} determining a value indicative of whether the purported authorized user is the authorized user, utilizing (a) the data characteristics of the purported authorized user, (b) the probability distribution representation for the authorized user, and (c) the probability distribution representation for the wide population, and', 'associating the purported authorized user to the authorized user for authenticating an electronic transaction attributable to the authorized user, if the value is above a prescribed threshold., 'a processing assembly configured to execute computer-readable instructions including'}2. The system as recited in claim 1 , wherein the digital storage assembly further stores a belief value indicative of a prior belief whether the purported user is the authorized user; wherein further the determining further utilizes the belief value.3. The system as recited in claim 1 , further comprising an input device selected from a group ...

Подробнее
Номер записи: 17
09-05-2013 дата публикации

Setting default security features for use with web applications and extensions

Номер: US20130117807A1
Автор: Adam Barth, Erik Kay
Принадлежит: Google LLC

According to one general aspect, a computer-implemented method for implementing default security features for web applications and browser extensions includes receiving a request to include a web application or a web browser extension in a digital marketplace. A determination is made if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages. The web application or the browser extension is included in the digital marketplace if the web application or the browser extension conforms to the default security features.

Подробнее
Номер записи: 18
16-05-2013 дата публикации

Computational asset identification without predetermined identifiers

Номер: US20130125114A1
Автор: Gregory FRASCADORE
Принадлежит: VMware LLC

Embodiments allow management software applications to distinguish computational assets without the use of static, predetermined identifiers that are susceptible to duplication along with computational assets. Managers and computational assets are associated with authenticator values. Additionally, a manager and computational asset determine (e.g., negotiate) an expected nonce (number used once) to be provided by either party when requesting a transaction. Upon receiving a transaction request associated with an authenticator value and a transaction nonce, the sender's knowledge of the expected nonce is proven when the nonce associated with the request matches the expected nonce, and disproven otherwise. When such knowledge is proven, the manager treats the computational asset as the one originally associated with the computational asset authenticator value and negotiates a new nonce. When such knowledge is disproven, the manager treats the computational asset as a duplicate of the one that was originally associated with the computational asset authenticator value.

Подробнее
Номер записи: 19
23-05-2013 дата публикации

Data communication apparatus, control method therefor, and storage medium storing control program therefor

Номер: US20130132716A1
Автор: Hiroyasu Morita
Принадлежит: Canon Inc

A data communication apparatus that is capable of improving operability when inputting authentication information. An authentication unit accepts authentication information inputted when a user logs in to the data communication apparatus and authenticates the user based on the accepted authentication information. A designation unit designates a file transmission destination that is inputted by the authenticated user. A transmission unit transmits a file to the transmission destination inputted. A registration unit registers the transmission destination of the file. A control unit prohibits registration of the authentication information at the time of registration of the transmission destination of the file when the accepted authentication information is used for file transmission, and permits registration of the authentication information at the time of registration of the transmission destination of the file when the inputted authentication information is not used for file transmission.

Подробнее
Номер записи: 20
30-05-2013 дата публикации

Secure Authorization

Номер: US20130139226A1
Автор: Patrick Welsch, Wilfried Welsch
Принадлежит: Individual

Various embodiments provide an authorization approach that performs a safe and generally untraceable way that allows a user to complete an authorization securely. Various embodiments utilize a visual presentation that displays items, which can include symbols, letters, characters, numbers, logos, pictures, and the like. Throughout authorization, in at least some embodiments, the visual presentation is modified and the locations of items, such as touch-selectable items, are changed such that a pre-defined authorization sequence of items does not have the same serialized pattern of selection for purposes of authorization.

Подробнее
Номер записи: 21
30-05-2013 дата публикации

Security Architecture For A Process Control Platform Executing Applications

Номер: US20130139227A1
Автор: Kasajian Kenneth, McIntyre James P., Mody Pankaj H., Resnick Robert M., Sowell Timothy
Принадлежит: INVENSYS SYSTEMS, INC.

A security component within a supervisory process control and manufacturing information system comprising a set of user roles corresponding to different types of users within the information system, a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles, and a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system. The security permissions within the supervisory process control and manufacturing information system are assigned at an object attribute level. 1. A security component within a supervisory process control and manufacturing information system comprising:a set of user roles corresponding to different types of users within the system;a set of security groups defining a set of security permissions with regard to a set of objects, said objects including a set of primitives and a set of attributes, wherein the primitives contain business logic that, when executed, facilitate carrying out a process control function and wherein the attributes are unique to the function of the primitives, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles; anda set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system;wherein the security permissions are assigned at an object attribute level to permit writing to the attributes based on the defined access rights.2. The security component of claim 1 , wherein the system is distributable to a plurality of networked computer devices.3. The security component of claim 1 , wherein the system has a layered architecture.4. The ...

Подробнее
Номер записи: 22
06-06-2013 дата публикации

TRUST CONFERENCING APPARATUS AND METHODS IN DIGITAL COMMUNICATION

Номер: US20130145432A1
Автор: Galvin Brian, Perlmutter S. Michael, Ristock Herbert Willi Artur, Ryabchun Andriy Vladimirovich
Принадлежит:

A conferencing application executing on a computerized appliance from a machine-readable medium, the computerized appliance coupled to one or more networks is provided, the application including functionality for responding to requests to join a conference, and for enabling requesters as participants, functionality for receiving and rendering text, voice or video data from each registered participant as text, voice or video data to be transmitted to individual ones of other participants, functionality for controlling which received text, voice or video data is transmitted to which participants, and functionality for receiving and executing instructions from a trust authority. 1. A conferencing application executing on a computerized appliance from a machine-readable medium , the computerized appliance coupled to one or more networks , the application comprising:functionality for responding to requests to join a conference, and for enabling requesters as participants;functionality for receiving and rendering text, voice or video data from each registered participant as text, voice or video data to be transmitted to individual ones of other participants;functionality for controlling which received text, voice or video data is transmitted to which participants; andfunctionality for receiving and executing instructions from a trust authority.2. The conferencing application of wherein the trust authority is software executed by a processor of a computerized hardware server from a machine-readable medium claim 1 , coupled locally to the computerized appliance by a local area network (LAN).3. The conferencing application of wherein the trust authority is software executed by a processor of a computerized hardware server from a machine-readable medium claim 1 , coupled remotely to the computerized appliance by a wide area network (WAN).4. The conferencing application of wherein the instructions include one or more of trust information regarding individual ones of the ...

Подробнее
Номер записи: 23
06-06-2013 дата публикации

USING A LOCAL AUTHORIZATION EXTENSION TO PROVIDE ACCESS AUTHORIZATION FOR A MODULE TO ACCESS A COMPUTING SYSTEM

Номер: US20130145433A1
Автор: Akelbein Jens-Peter, Mueller-Friedt Wolfgang
Принадлежит: INTERNATIONAL BUSINESS MACHINES CORPORATION

Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system. A memory stores information on a first validity range comprising position coordinates for a module seeking to access the computing system and a second validity range comprising position coordinates for a location authorization extension for a computing system. A determination is made of a first position signal from a first receiver of the module and of a second position signal from a second receiver of the location authorization module. Determinations are made as to whether the first position signal is within the first validity range and whether the second position signal is within the second validity range. The module is granted access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range. 1. A method , comprising:storing in a memory information on a first validity range comprising position coordinates for a module seeking to access a computing system;storing in a memory information on a second validity range comprising position coordinates for a location authorization extension for a computing system;determining from a first receiver of the module a first position signal;determining from a second receiver of the location authorization module a second position signal;determining whether the first position signal is within the first validity range;determining whether the second position signal is within the second validity range; andgranting the module access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range.2. The method of claim 1 , wherein the module comprises a service authorization module comprising a device having the first receiver ...

Подробнее
Номер записи: 24
06-06-2013 дата публикации

CAPTCHA AUTHENTICATION PROCESSES AND SYSTEMS USING VISUAL OBJECT IDENTIFICATION

Номер: US20130145441A1
Автор: Mujumdar Dhawal, Polisetti Satish
Принадлежит:

Systems and processes for performing user verification using an imaged-based CAPTCHA are disclosed. The verification process can include receiving a request from a user to access restricted content. In response to the request, a plurality of images may be presented to the user. A challenge question or command that identifies one or more of the displayed plurality of images may also be presented to a user. A selection of one or more of the plurality images may then be received from the user. The user's selection may be reviewed to determine the accuracy of the selection with respect to the challenge question or command. If the user correctly identifies a threshold number of images, then the user may be authenticated and allowed to access the restricted content. However, if the user does not correctly identify the threshold number of images, then the user may be denied access the restricted content. 1. A computer-implemented method for authenticating user access to online content , the method comprising:a) receiving a request for user authentication;b) generating one or more images in response to said request;c) transmitting the one or more images;d) receiving user feedback relating to the one or more images; ande) providing to the content provider an authentication decision based on the user feedback in relation to the one or more images.2. The method of claim 1 , wherein the authentication decision indicates whether or not the user is human.3. The method of claim 1 , wherein if the authentication decision is negative claim 1 , the method further comprises repeating steps b-e.4. The method of claim 1 , wherein the user feedback comprises a selection of one or more of the one or more images including tracking information of the user's interaction with the one or more images.5. The method of claim 1 , wherein step c further comprises transmitting a challenge question.6. The method of claim 5 , wherein the challenge question comprises an advertisement.7. The method of ...

Подробнее
Номер записи: 25
06-06-2013 дата публикации

SYSTEM AND METHOD FOR AUTHENTICATING CODE EXECUTING ON COMPUTER SYSTEM

Номер: US20130145456A1
Автор: Kiehtreiber Peter
Принадлежит: Apple Inc.

A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another. 142-. (canceled)43. A method of performing code authentication of code executing on a computer system , the method comprising:receiving a call from a requestor to verify a first code while the first code is executing on the computer system;obtaining identify information for the first code in response to the call by accessing secured information contained in the first code as it is stored on the computer system; anddetermining whether the first code satisfies at least one requirement based on an analysis of the identity information with respect to the requirements and a determination of whether at least a portion of the first code has been altered from when its secured information was created;obtaining a result from the determination; andmaking the result available to a requestor on the computer system.44. The method of claim 43 , wherein the identity information comprises a plurality of pieces of encrypted information claim 43 , wherein a first piece of the plurality of pieces identifies an authority of a software provider who signed the first code and a second piece of the ...

Подробнее
Номер записи: 26
20-06-2013 дата публикации

USER MANAGEMENT FRAMEWORK FOR MULTIPLE ENVIRONMENTS ON A COMPUTING DEVICE

Номер: US20130160013A1
Автор: Ali Valiuddin Y., Balacheff Boris, Mann James M., Moschetta Eduardo, Pires Jose Paulo
Принадлежит:

An environment manager in a computer executes multiple environments concurrently. A user management framework (UMF) virtual machine an the computer runs an authentication domain that supports user profile management of the multiple environments. 1. A computing device , comprising:an environment manager to execute multiple environments concurrently;an authentication domain to run in a user management framework (UMF) virtual machine and to support user profile management of the multiple environments.2. The computing device of claim 1 , wherein the authentication domain further comprises:a global environment user identity module to maintain a global environment user identity for a user and a credential associated with the global environment user identity; andan authentication policy for each environment.3. The computing device of claim 1 , wherein an environment on the computing device comprises:an authentication proxy to register a user profile for the user with the authentication domain, the user profile associated with the environment.4. The computing device of claim 2 , the global environment user identity module further to support multiple global environment user identifies.5. The computing device of claim 2 , wherein the UMF virtual machine further comprises:a switching module to allow the user to switch between environments to which the user is registered according to the global environment user identity.6. The computing device of claim 1 , the authentication domain to communicate with the multiple environments via at least one of:a remote procedure call (RPC);a web service;a remote function call (RFC).7. The computing device of claim 1 , further comprising:a firmware Interface; andthe authentication domain further to provide a credential to the firmware interface.8. A method claim 1 , comprising;maintaining, in a privileged virtual machine associated with an environment manager on a computer, a global environment user identity for a user, the global environment ...

Подробнее
Номер записи: 27
20-06-2013 дата публикации

INFORMATION PROCESSING APPARATUS, METHOD FOR RELEASING RESTRICTION ON USE OF STORAGE DEVICE, AND STORAGE MEDIUM

Номер: US20130160077A1
Автор: Akiba Tomohiro
Принадлежит: CANON KABUSHIKI KAISHA

An information processing apparatus includes an authentication information storage unit that stores authentication information for releasing restriction on use of a storage device, a release unit that releases the restriction on use of the storage device based on the authentication information, a generation unit that generates new authentication information for releasing the restriction on use of the storage device, and a setting unit that, after the restriction on use of the storage device is released, set the new authentication information in the storage device. 1. An information processing apparatus comprising:an authentication information storage unit configured to store authentication information for releasing restriction on use of a storage device;a release unit configured to release the restriction on use of the storage device based on the authentication information;a generation unit configured to generate new authentication information for releasing the restriction on use of the storage device; anda setting unit configured to, after the restriction on use of the storage device is released based on the authentication information stored in the authentication information storage unit, set the new authentication information in the storage device.2. The information processing apparatus according to claim 1 , wherein claim 1 , after the setting unit sets the new authentication information in the storage device claim 1 , the authentication information storage unit stores the new authentication information.3. The information processing apparatus according to claim 1 , further comprising a determination unit configured to determine whether the authentication information stored in the authentication information storage unit and the new authentication information are identical claim 1 ,wherein the setting unit is configured to set the new authentication information in the storage device when the authentication information stored in the authentication information ...

Подробнее
Номер записи: 28
01-08-2013 дата публикации

CONFIGURATION METHOD, CONFIGURATION DEVICE, COMPUTER PROGRAM PRODUCT AND CONTROL SYSTEM

Номер: US20130198813A1
Автор: Brandsma Ewout, Pennings Maarten Christiaan, Syed Aly Aamer, van Roermund Timo
Принадлежит: NXP B.V.

According to an aspect of the invention a configuration method for configuring a host device in a control system is conceived, in particular a building control system, wherein an authorized configuration device exchanges confidential configuration data with a radio frequency identification tag coupled to the host device, wherein, after the confidential configuration data have been exchanged and a corresponding configuration operation has been performed, access to the confidential configuration data by an unauthorized configuration device is precluded. According to further aspects of the invention a corresponding configuration device, a corresponding computer program product and a corresponding control system are conceived. 1. A configuration method for configuring a host device in a control system , in particular a building control system ,wherein an authorized configuration device, which is authorized to exchange confidential configuration data with a radio frequency identification tag coupled to the host device, exchanges said confidential configuration data with said radio frequency identification tag,wherein, after the confidential configuration data have been exchanged and a corresponding configuration operation has been performed, access to the confidential configuration data by an unauthorized configuration device, which is not authorized to exchange said confidential configuration data with said radio frequency identification tag, is precluded by locking said radio frequency identification tag.2. A configuration method as claimed in claim 1 ,wherein said radio frequency identification tag is locked by encrypting the confidential configuration data.3. A configuration method as claimed in claim 2 ,wherein the authorized configuration device encrypts the confidential configuration data and overwrites the confidential configuration data in the radio frequency identification tag with the encrypted confidential configuration data.4. A configuration method as ...

Подробнее
Номер записи: 29
22-08-2013 дата публикации

NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE

Номер: US20130219467A1
Автор: Jiang Wu
Принадлежит: Huawei Technologies Co., Ltd.

A network authentication method, a client and a device are provided. The method includes: receiving SYN data sent by a client, where the SYN data includes a sequence number SEQ1 and a network parameter comprising an ID in the header of the SYN data; sending SYN_ACK data to the client, where the SYN_ACK data includes an acknowledgment number ACK2 obtained by carrying out a function transformation according to the network parameter; receiving RST data sent by the client, where the RST data includes a sequence number SEQ3 or an acknowledgment number ACK3, and the RST data further includes a network parameter the same as that of the SYN data; carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and passing the authentication of the client if CHK matches SEQ3 or ACK3. 1. A network authentication method , comprising:receiving synchronize (SYN) data sent by a client, wherein the SYN data comprises a sequence number SEQ1 and a network parameter, and the network parameter comprises an Identification (ID) in the header of the SYN data;sending synchronize acknowledge (SYN_ACK) data to the client in response to the SYN data, wherein the SYN_ACK data comprises an acknowledgment number ACK2, a value of ACK2 is the value obtained by carrying out a function transformation according to the network parameter of the SYN data, and the network parameter used in the function transformation comprises the ID in the header of the SYN data;receiving RESET (RST) data sent by the client in response to the SYN_ACK data, wherein the RST data comprises a sequence number SEQ3 or an acknowledgment number ACK3, a value of SEQ3 or ACK3 is the same as that of ACK2, and the RST data further comprises a network parameter the same as that of the SYN data;carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; andpassing the authentication of the client if CHK matches the ...

Подробнее
Номер записи: 30
29-08-2013 дата публикации

Systems and methods for generating and authenticating one time dynamic password based on context information

Номер: US20130227661A1
Автор: Akshay Darbari, Harigopal Kanaka Bapiraja Ponnapalli, Puneet Gupta, Venkat Kumar SIVARAMAMURTHY
Принадлежит: Infosys Ltd

The invention relates to a system and method for generating and authenticating one time dynamic password based on the context information related to a user. It involves retrieving user context information and generating a dynamic value based on that. The first one time dynamic password is generated at the user device using the first dynamic value and the user PIN. The first dynamic value along with the user identifier is sent to the authentication server. The authentication server sends the user identifier to the context management server. The context management server has access the context information used to generate the first dynamic value and based on that they generate a second dynamic value. The authentication server receives this value and generates the second one time dynamic password and if it matches with the first one time dynamic password then the authentication server authenticates the first one time dynamic password.

Подробнее
Номер записи: 31
29-08-2013 дата публикации

TABLET COMPUTER

Номер: US20130227675A1
Автор: Fujioka Robb
Принадлежит:

A tablet computer comprises an operating system, including an application framework layer and an application layer, and an overlay system. The overlay system controls access to application programs and provides a first user interface and a second operating environment associated with a second user interface. Optionally, the overlay system provides a first operating environment associated with the first user interface. The overlay system includes an access control configured to permit or deny a request for access in the second operating environment to resources and/or data. Optionally, the overlay system is executed in the application framework layer of the operating system and may comprise a hypervisor providing an operating platform comprising the first user interface, the second operating environment, and an application space providing access to the application layer. 1. A tablet computer , comprising:a touch screen display, one or more processors, a storage media, a wireless data communication interface, an operating system comprising an application framework layer and an application layer, and an overlay system stored in the storage media and configured to be executed by the one or more processors, the overlay system comprising:instructions for controlling access to one or more application programs in the application layer,instructions for providing a first user interface,instructions for providing a second operating environment associated with a second user interface,instructions for requiring input of an authentication code to access the first user interface from the second operating environment; andinstructions for accepting in the first user interface a configuration of an access control configured to permit or deny a request for access in the second operating environment to one or more of a system setting, an application program, a data, and a hardware resource, wherein the data comprises one or more of an internet resource, a text file, an image file, an ...

Подробнее
Номер записи: 32
29-08-2013 дата публикации

METHOD FOR ACCESSING AN APPLICATION AND A CORRESPONDING DEVICE

Номер: US20130227679A1
Автор: Biton Philippe, Maunier Gerald
Принадлежит: GEMALTO SA

The invention relates to a method for accessing an application. A token includes at least one application that is executable by a device. The token is coupled to the device. The method comprises the following steps. The token sends to the device data for identifying the token and data for authenticating the token. The device analyses whether the token identification data is included within a list of at least one authorized token. Only if the token identification data is included within a list of at least one authorized token, then the device analyses whether the token is authenticated. And only if the device authenticates the token, then the device authorizes to execute the application. The invention also relates to a corresponding device. 1. A method for accessing an application stored in a token comprising at least one application that is executable by a device , the token being coupled to the device ,wherein the method further comprises the following steps:the token sends to the device identification data relating to for identifying the token and data for authenticating the token,the device analyses whether the token identification data relating to the taken is included within a list of at least one authorized token,only if the token identification data relating to the token is included within a list of at least one authorized token, then the device analyses whether the token is authenticated, andonly if the device authenticates the token, then the device authorizes execution of the application.2. Method according to claim 1 , wherein the token sends to the device claim 1 , at an initiative of the token claim 1 , the data for identifying the token and the data for authenticating the token.3. Method according to wherein claim 1 , before executing the application claim 1 ,the method further comprises the following steps:the token sends to the device identification data for identifying the application,the device analyses whether the application identification data ...

Подробнее
Номер записи: 33
12-09-2013 дата публикации

Group licenses for virtual objects in a distributed virtual world

Номер: US20130239227A1
Автор: James Evans, Richard J. Walsh
Принадлежит: Qurio Holdings Inc

A group licensing scheme for validating groups of virtual objects within a distributed virtual world is provided. Each of a number of distributed virtual world servers hosts a cell, or virtual space, of the virtual world. In operation, a first virtual world server categorizes virtual objects into a number of groups. Either before or after creating the groups, the first virtual world server validates each virtual object individually. Once the virtual objects are validated and the groups are formed, the first virtual world server generates a group license for each of the groups. When a group of virtual objects or an avatar associated with one or more groups of virtual objects moves to a virtual space hosted by a second virtual world server, the corresponding group licenses are provided to the second virtual world server, which validates the one or more groups of virtual objects based on the group licenses.

Подробнее
Номер записи: 34
19-09-2013 дата публикации

Method and System for Secure Mobile File Sharing

Номер: US20130246558A1
Автор: Steven V. Bacastow
Принадлежит: QuickVault Inc

A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Подробнее
Номер записи: 35
19-09-2013 дата публикации

Application identity design

Номер: US20130247139A1
Автор: Prasanta Kumar Behera, Thomas Nabiel Boulos
Принадлежит: Salesforce com Inc

Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application,

Подробнее
Номер записи: 36
19-09-2013 дата публикации

ACCESS DEVICE, ACCESS SYSTEM AND COMPUTER PROGRAM PRODUCT

Номер: US20130247152A1
Автор: Aizu Hiroyuki, AJITOMI Daisuke, Ise Kotaro, Minami Keisuke
Принадлежит: KABUSHIKI KAISHA TOSHIBA

According to an embodiment, an access device includes a first obtaining unit configured to obtain a first authorization as user authorization; and a second obtaining unit configured to obtain a second authorization as authorization other than the user authorization through communication with a server via an external network. The access device also includes an accessing unit configured to access a function of an access target device via a local network by using the first authorization and the second authorization. 1. An access device , comprising:a first obtaining unit configured to obtain a first authorization as user authorization;a second obtaining unit configured to obtain a second authorization as authorization other than the user authorization through communication with a server via an external network; andan accessing unit configured to access a function of an access target device via a local network by using the first authorization and the second authorization.2. The access device according to claim 1 , whereinthe first obtaining unit communicates with one of the access target device and an authorization device via the local network to obtain the first authorization.3. The access device according to claim 2 , further comprising:an execution unit configured to execute an application program that accesses the function of the access target device via the local network; anda transferring unit configured to transfer the first authorization from the first obtaining unit to the second obtaining unit, whereinthe first obtaining unit obtains the first authorization in accordance with an instruction from the application program,the second obtaining unit transmits the transferred first authorization to the server to obtain the second authorization doubling as the first authorization from the server, andthe accessing unit accesses the function of the access target device via the local network by using the second authorization doubling as the first authorization.4. The ...

Подробнее
Номер записи: 37
19-09-2013 дата публикации

APPLICATION IDENTITY DESIGN

Номер: US20130247155A1
Автор: Behera Prasanta Kumar, Boulos Thomas Nabiel
Принадлежит: SALESFORCE.COM, INC

Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. 1. An interoperability network comprising one or more computing devices configured to:receive a request for a first service to perform a particular task involving a second service on behalf of a first user, wherein the first and second services are in communication with an interoperability network and are provided by first and second independent service providers, respectively;determine whether the first user has provided a first set of credentials that defines access information associated with the second service, the first set of credentials being included among a plurality of sets of credentials stored on one or more storage media accessible through the interoperability network;determine whether the first service is authorized to act on behalf of the first user with respect to the second service with reference to one or more of a plurality of permissions stored on the one or more storage media; andwhere the first user has provided the first set of credentials, and where the first service is authorized to act on behalf of the first user with respect to the second service, authorizing the first service to perform the particular task involving the ...

Подробнее
Номер записи: 38
19-09-2013 дата публикации

Method For Setting Up An Access Level For Use Of A Software Sytem, And Computer Program Products And Processor Devices Thereof

Номер: US20130247156A1
Автор: Savo Isak
Принадлежит:

A method for setting up an access level for use of a software system including different levels of user accesses. The method includes the steps of: using a first user login to log in to the software system, the first user login having a first access level including a first set of permissions; using a second user login to log in to the software system, the second user login having a second access level including a second set of permissions; and combining the permissions of the first set of permissions and the second set of permissions in the software system, thereby setting up the access level for the use of the software system, the access level including the combined permissions of the first set of permissions and the second set of permissions. The invention also relates to computer program products and processor means. 1. A method for setting up an access level for use of a software system comprising different levels of user accesses , wherein the software system comprises one of: a control system for controlling a power plant; a control system for controlling a process; the method comprising the steps of:using a first user login to log in to the software system, the first user login having a first access level comprising a first set of permissions,using a second user login to log in to the software system, the second user login having a second access level comprising a second set of permissions,combining the permissions of the first set of permissions and the second set of permissions in the software system, thereby setting up the access level for the use of the software system, the access level comprising the combined permissions of the first set of permissions and the second set of permissions allowing the first and second users to access programs or retrieve information from the control system with their respective sets of permissions now available simultaneously.2. The method as claimed in claim 1 , wherein the first user login comprises using a first user ...

Подробнее
Номер записи: 39
26-09-2013 дата публикации

ACCESS AUTHORIZATION HAVING EMBEDDED POLICIES

Номер: US20130254835A1
Автор: Golan Gilad, Vayman Mark
Принадлежит: MICROSOFT CORPORATION

A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy. 130-. (canceled)31. A computer-implemented method of setting a revocable policy on a target process , the method comprising:receiving, via an access control application programming interface (“API”), a first request from a controlling process to set a revocable policy on a target process;determining whether the controlling process possesses adequate privilege to set the revocable policy on the target process;upon determining that the controlling process possesses adequate privilege to set the revocable policy on the target process, setting an indication to apply the revocable policy on the target process;sending to the controlling process an identifier indicating whether the indication to apply the revocable policy on the target process was set;receiving, via the API, a second request to revoke the revocable policy on the target process, wherein the second request includes the identifier;based upon the identifier, authenticating the second request as having authorization to revoke the revocable policy on the target process; andrevoking the revocable policy on the target process.3230. The computer-implemented method of claim wherein the identifier authenticates the controlling process.3330. The computer-implemented method of claim wherein the identifier is a cookie.3430. The computer-implemented method of claim wherein the identifier identifies the policy that is to be revoked.3530. The computer-implemented method of claim wherein the second request is ...

Подробнее
Номер записи: 40
10-10-2013 дата публикации

RESOURCE ACCESS BASED ON MULTIPLE SCOPE LEVELS

Номер: US20130269025A1
Автор: Hamblin Jeffrey B., Leach Paul J., Perumal Raja P.
Принадлежит:

A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted. 1. A method implemented in a computing device , the method comprising:identifying a scope hierarchy corresponding to a resource to which a type of access is requested, the scope hierarchy including multiple scope levels each having an associated access control list, and wherein an access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level; anddetermining, based at least in part on one or more of the access control lists associated with the multiple scope levels, whether the requested type of access to the resource is permitted.2. A method as recited in claim 1 , wherein for each of the multiple scope levels claim 1 , an access control list associated with the scope level can further restrict but cannot result in broadening access permitted by an access control list associated with a higher scope level. This application is a continuation of and claims priority to U.S. patent application Ser. No. 12/684,426, filed on Jan. 8, 2010, the disclosure of which is incorporated by reference herein.Restricting access to computing resources, such as files in a file system, to particular users is oftentimes desired. One way such restrictions can be enforced is using a resource-centric approach in which owners of the resources control the access control policies of the resources. Although ...

Подробнее
Номер записи: 41
17-10-2013 дата публикации

CONTROL OF ACCESS TO A SECONDARY SYSTEM

Номер: US20130275764A1
Автор: Feil Stephan
Принадлежит:

A method and system for controlling access of a user to a secondary system. A primary system sends a random string to a user system that is connected to the secondary system. The user is logged on the user system. The primary system receives from the user system first authentication information including an encryption of the random string by a private key of the user. The primary system generates a user-specific key consisting of the encryption of the random string. 1. A method for controlling access of a user to a secondary system , said method comprising:a processor of a primary system sending a random string to a user system, said processor connecting the user system to the secondary system, said user being logged on the user system; andafter said sending the random string to the user system, said processor receiving from the user system first authentication information comprising an encryption of the random string by a private key of a public/private key pair of the user.2. The method of claim 1 , wherein the method further comprises:after said receiving the first authentication information, said processor generating a user-specific key consisting of the encryption of the random string in the first authentication information; andsaid processor storing the user-specific key in the primary system.3. The method of claim 2 , wherein the method further comprises:said processor generating second authentication information from protected secondary authentication data stored in the primary system, said generating the second authentication information comprising applying the user-specific key to the protected secondary authentication data to generate the second authentication information; andsaid processor providing the second authentication information to the secondary system to enable access of the user to the secondary system.4. The method of claim 3 , wherein the method further comprises:after said receiving the first authentication information and before said ...

Подробнее
Номер записи: 42
24-10-2013 дата публикации

AUTHENTICATION METHOD AND ELECTRONIC DEVICE

Номер: US20130283349A1
Автор: LI JUN, LIU Yongfeng, Shen Jiangtao
Принадлежит: BEIJING LENOVO SOFTWARE LTD.

Embodiments of the present disclosure provide an authentication method and an electronic device. The method includes: generating by a first device an authentication request if a predetermined condition exists between the first device and a second device, when the first device is in a locking state, wherein the first device has the locking state and a non-locking state; receiving by the first device authentication information, the authentication information being input in response to the authentication request; and authenticating the second device using the authentication information. Through the present disclosure, others cannot directly damage or copy data in the first device in a connection manner such as using a data line even if they get hold of the device, as long as the first device is in the locking state. Thus, the security of the data in the first device is ensured. Since a complex synchronization authentication protocol does not need to be developed by synchronization software and the first device, and the present disclosure is compatible with various commercially available synchronization software, the implementation method is simple and efficient, and the compatibility is good. 1. An authentication method , comprising:generating by a first device an authentication request if a predetermined condition exists between the first device and a second device, when the first device is in a locking state, wherein the first device has the locking state and a non-locking state;receiving by the first device authentication information, the authentication information being input in response to the authentication request; andauthenticating the second device using the authentication information.2. The method according to claim 1 , whereinthe predetermined condition is the first device being connected to the second device; orthe predetermined condition is the first device being connected to the second device and the first device receiving a request for data read and/or ...

Подробнее
Номер записи: 43
24-10-2013 дата публикации

Method of managing virtual computer, computer system and computer

Номер: US20130283367A1
Автор: Shinichi Tokunaga, Tomohito Uchida, Yoshifumi Takamoto
Принадлежит: HITACHI LTD

A method of managing a virtual computer in a computer system including a plurality of computers, each of the computer storing a program for realizing a virtualization management module for managing a virtual computer, including a management storage area that is accessible only by the virtualization management module, storing start-up management information representing a correspondence among identification information on the virtual computer, identification information on a logical storage area storing a service program, and start-up authentication information for starting the virtual computer. The method including: a step of referring to the start-up management information to determine whether the start-up authentication information corresponding to the virtual computer exists, in a case of receiving a start-up request; a step of reading the service program from the logical storage area and executing the read service program, in a case of being determined the start-up authentication information exists.

Подробнее
Номер записи: 44
05-12-2013 дата публикации

Server system, method for executing server system, and external memory

Номер: US20130325929A1
Автор: Hiroshi Kawabe, Toshiharu Nishiwaki, Yoshikatsu Ohtani
Принадлежит: IZE Co Ltd

A system includes an application server connected to a web server and a client terminal via a network, the terminal being connected to an external memory, the application server includes an interface for a provider of a service, a contents database, an attribute database, an ID receiving part for receiving the ID sent from the client terminal connected to the external memory, an authentication part, an attribute information reading part, a display contents generation part and a display contents sending part, the external memory is stored with a program for sending the read ID to the application server from the client terminal and displaying the received display contents on a screen of the client terminal.

Подробнее
Номер записи: 45
05-12-2013 дата публикации

METHOD AND SYSTEM FOR ENTITY AUTHENTICATION IN RESOURCE-LIMITED NETWORK

Номер: US20130326584A1
Автор: Du Zhiqiang, HU Yanan, Huang Zhenhai, Tie Manxia
Принадлежит:

A method and a system for entity authentication in a resource-limited network are provided by the present invention. Said method comprises the following steps: 1) entity A sends an authentication request message to entity B; 2) after receiving the authentication request message, entity B sends an authentication response message to entity A; and 3) entity A determines the validity of entity B according to the received authentication response message. The authentication between entities in a resource-limited network can be implemented by the application of the present invention. 1. A method for entity authentication in a resource-limited network , characterized in comprising:sending, by an entity A, an authentication request message to an entity B;sending, by the entity B, an authentication response message to the entity A after receiving the authentication request message sent by the entity A; anddetermining, by the entity A, the validity of the entity B according to the received authentication response message.2. The method for entity authentication in a resource-limited network according to claim 1 , characterized in that after determining claim 1 , by the entity A claim 1 , the validity of the entity B according to the received authentication response message claim 1 , the method further comprises:sending, by the entity A, an authentication result message to the entity B, wherein if the entity A determines that the entity B is valid, the authentication result message contains authentication success information; if the entity A determines that the entity B is invalid, the authentication result message contains authentication failure information.3. The method for entity authentication in a resource-limited network according to claim 2 , characterized in further comprising: setting a message timeout processing time limit T4 claim 2 , then: if the entity B does not receive the correct authentication result message within time T4 after sending the authentication ...

Подробнее
Номер записи: 46
12-12-2013 дата публикации

OBLIGATION SYSTEM FOR ENTERPRISE ENVIRONMENTS

Номер: US20130332985A1
Автор: Joshi Vrinda S., Sastry Hari VN., Srinivasan Uppili, Vepa Sirish V.
Принадлежит: ORACLE INTERNATIONAL CORPORATION

An authorization system that conforms to legacy access control models provides mechanisms whereby structures already existing within those legacy access control models can be used to pass additional information to and from that authorization system. Because the authorization system conforms to the legacy model, legacy applications can still interact with the authorization system without modification. Because the authorization system also provides mechanisms whereby the existing structures can be used to pass the additional information or return additional information, more advanced applications can make use of enhanced access control features of the authorization system. Such enhanced features can involve policy-based decisions that take into account the additional information in determining whether to permit resource access. Such enhanced features can involve the placement of policy-specified obligations within the existing structures to be returned back to the advanced applications. Such obligations can indicate requirements that those applications need to fulfill in conjunction with performing operations on resources. 1. A computer-implemented method comprising:receiving, at an authorization system, from an application, a holder-permission object that is an instance of a holder-permission class that extends a basic permission class;wherein the holder-permission object specifies a resource relative to which the application is requesting to perform an operation;wherein the holder-permission object specifies additional information in a payload field of the holder-permission object;wherein the payload field is defined within the basic permission class;in response to receiving the holder-permission object, the authorization system determining whether one or more policies pertaining to the additional information are satisfied;based at least in part on a determination of whether the one or more policies are satisfied by the additional information, the authorization ...

Подробнее
Номер записи: 47
19-12-2013 дата публикации

SECURITY SWITCH

Номер: US20130340069A1
Автор: Yoffe David, Yoffe Simon
Принадлежит:

System and method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation. The system comprises an isolated switch, included fully or partially within an envelope of the personal device. The isolated switch cannot be affected in its operation by either the device core or the peripheral device. The switch may be operated by an authorized user of the personal device either preemptively or in response to a detected threat. In some embodiments, the isolated switch includes an isolated controller which can send one or more signals to the peripheral device and/or part of peripheral device. In some embodiments, the isolated switch includes an isolated internal component and an isolated external component, both required to work together to trigger the isolated switch operation. In some embodiments, the isolated switch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device. 1. A system for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation , the personal device having an envelope or surface , the system comprising an internal isolated switch having operating functions that cannot be affected by either the personal device core or by a peripheral device , wherein the isolated switch includes an internal component located within the envelope or at least partially on the surface of the personal device and wherein the isolated switch internal component is selected from the group consisting of a mechanical element without an electrically operated bypass and an electronic/electrical element separated electrically from elements or components of the personal device.2. The system of claim 1 , wherein the isolated switch further includes an isolated disconnector for connecting and disconnecting the device core from the peripheral device or from a part of the peripheral device.3. The system of ...

Подробнее
Номер записи: 48
26-12-2013 дата публикации

PERMISSION MANAGEMENT METHOD FOR APPLICATIONS, ELECTRONIC DEVICE THEREOF, AND COMPUTER READABLE MEDIUM

Номер: US20130347096A1
Автор: LEE SHI-RUI
Принадлежит: WISTRON CORP.

A permission management method for an electronic device capable of installing at least one application is illustrated. The electronic device comprises a plurality of accessible operational functions. The method prepares a management table for recording corresponding operational functions that the application needs to access while performing the application, and a permission management program for controlling the management table. The permission management program may be performed to change the permission state of each operational function corresponding to the installed application. When the application installed in the device is performed and one of the operational functions is requested, the records in the management table are referred to determine whether the application is allowed to access the requested operational function. 1. A permission management method for an electronic device capable of installing at least one application program , the electronic device comprising a plurality of accessible operational functions , the method comprising:providing a management table and a permission management program for managing the management table;reading an authority access list of the application when the application is installed into the electronic device, the authority access list having identification data and at least one authority item, each authority item corresponding to one of the accessible operational functions, the application accessing the operational function corresponding to the authority item while performing the application;writing the identification data of the application to the management table according to the authority access list, and labeling the permission state of the operational function corresponding to the authority item in the management table as accessible for the application, labeling the permission states of other operational functions not corresponding to the authority item in the management table as inaccessible for the application; ...

Подробнее
Номер записи: 49
02-01-2014 дата публикации

Mobile platform software update with secure authentication

Номер: US20140004825A1
Автор: Gyan Prakash, Jiphun C. Satapathy
Принадлежит: Individual

Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

Подробнее
Номер записи: 50
02-01-2014 дата публикации

SYSTEMS AND METHODS FOR SECURE HANDLING OF SECURE ATTENTION SEQUENCES

Номер: US20140007188A1
Автор: INNES ANDREW
Принадлежит: CITRIX SYSTEMS, INC.

A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine 125-. (canceled)26. A method for providing , by a trusted component , to a user of a desktop appliance , access to secure desktop functionality provided by a remote machine , the method comprising:executing, by a trusted computing base within an operating system executing on a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user;receiving, by the user interaction component, a request for access to a local secure desktop function;transmitting, by the desktop appliance, to a broker service, the received request; andproviding, by a remote machine, to the desktop appliance, access to a remote secure desktop function in satisfaction of the request for access to the local secure desktop function.27. The method of claim 26 , wherein transmitting claim 26 , by the desktop appliance to a broker service claim 26 , the received request comprises transmitting claim 26 , by the desktop appliance claim 26 , to the remote machine claim 26 , the ...

Подробнее
Номер записи: 51
16-01-2014 дата публикации

CONTENT SHARING SYSTEM, INFORMATION COMMUNICATION APPARATUS, CONTENT SHARING METHOD, AND COMMUNICATION METHOD

Номер: US20140020059A1
Автор: Icho Keiji, MIYAMOTO Shingo
Принадлежит: Panasonic Corporation

When a user who shares content is selected in a first information communication apparatus used by one of the users who share content, sharing space securement information for the selected user is generated and transmitted to the server. When sharing space connection information for accessing a sharing space, which is generated by the server based on the sharing space securement information, is received by the first information communication apparatus, the sharing space connection information transmitted to the second information communication apparatus used by the user who share the content. 1. A content sharing system , comprising:a server;a first information communication apparatus; andone or more second information communication apparatuses,wherein content is shared using the first information communication apparatus and at least one of the second information communication apparatuses, in a sharing space which is a storage region on the server, at least between a first user who uses the first information communication apparatus and a second user who uses the second information communication apparatus,the first information communication apparatus includes:a sharing space securing unit configured to transmit address information and sharing space securement information to the server, and receive authentication information and sharing space address information from the server, the address information being associated with the second information communication apparatus, the sharing space securement information being for generating the sharing space on the server, the authentication information being for enabling the second user to access the sharing space using the second information communication apparatus, the sharing space address information representing an address of the sharing space generated based on the sharing space securement information; anda first communication unit configured to, after receiving the sharing space address information and the ...

Подробнее
Номер записи: 52
16-01-2014 дата публикации

VIRTUAL MACHINE SYSTEM, CONFIDENTIAL INFORMATION PROTECTION METHOD, AND CONFIDENTIAL INFORMATION PROTECTION PROGRAM

Номер: US20140020086A1
Автор: Amano Katsushige, Saito Masahiko, Takeuchi Toshiaki, TANIKAWA Tadao
Принадлежит: Panasonic Corporation

A virtual machine system that restricts use of confidential information only to the case where an authentication has resulted in success. The virtual machine system includes first virtual machine, second virtual machine, and hypervisor. The first virtual machine includes: storage unit storing confidential information; and authentication unit configured to perform authentication and notify the hypervisor of result of the authentication. The second virtual machine uses virtual device that is virtualized storage device. When having received authentication result indicating authentication success from the authentication unit, the hypervisor enables the second virtual machine to access, as substance of the virtual device, storage area storing the confidential information, and when not having received the authentication result indicating the authentication success from the authentication unit, the hypervisor disables the second virtual machine from accessing the storage area storing the confidential information. 1. A virtual machine system comprising a computer that functions as a first virtual machine , a second virtual machine , and a hypervisor while a program is executed , the hypervisor controlling execution of the first virtual machine and the second virtual machine , a storage unit storing confidential information; and', 'an authentication unit configured to perform an authentication and notify the hypervisor of a result of the authentication, wherein, 'the first virtual machine includingthe second virtual machine uses a virtual device that is a virtualized storage device, andwhen having received an authentication result indicating an authentication success from the authentication unit, the hypervisor enables the second virtual machine to access, as a substance of the virtual device, a storage area storing the confidential information, and when not having received the authentication result indicating the authentication success from the authentication unit, the ...

Подробнее
Номер записи: 53
23-01-2014 дата публикации

Client Authentication During Network Boot

Номер: US20140025359A1
Автор: Christopher McCarron, Varugis Kurien
Принадлежит: Microsoft Corp

A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.

Подробнее
Номер записи: 54
13-02-2014 дата публикации

ZONE MIGRATION IN NETWORK ACCESS

Номер: US20140047514A1
Автор: Noro Raffaele, Olshansky Vadim
Принадлежит: NOMADIX, Inc.

The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment. 1. A method for determining whether to allow a computer communicating with a first network access point within a privately controlled computer network including multiple network access points to migrate from one network access point to another network access point at a different location within the network without re-authentication , the method comprising:storing migration permissions for migrating between individual network access points in the plurality of network access points, where the migration permissions establish migration rights between individual network access points in a plurality of network access points, said plurality of network access points configured to provide a computer access to a privately controlled computer network; anddetermining whether to require the computer to re-authenticate in order to migrate from communicating with a first network access point in the plurality of network access points to a second network access point in the plurality of network access points based on a subscription level of the computer.2. The method of claim 1 , wherein the subscription level of the computer depends at least on the first network access point.3. The method of claim 2 , wherein the subscription level of the computer depends at least on the location of the first network access point.4. The method of claim 1 , further comprising claim 1 , sending authentication request to the computer based on the determination.5. The method of claim 1 , wherein the network access point is a port.6. The method of claim 5 , wherein the port is a VLAN port.7. The method of claim 1 , further comprising claim 1 , receiving instructions ...

Подробнее
Номер записи: 55
13-02-2014 дата публикации

Accessing contact records in a device with multiple operation perimeters

Номер: US20140047537A1
Автор: Atiq Ur Rehman AWAN, Benjamin John Turner, Diana Jo SCHWEND, Hieu Le, Robert Emmett Mccann, Stephen Patrick NEWMAN
Принадлежит: Research in Motion Ltd

A method and apparatus for accessing contact records in an electronic device with multiple operation perimeters is provided. When accessing contact records from within one operation perimeter, only contact information accessible from that operation perimeter is retrieved. An option is provided to also access contact records of an alternative operation perimeter. If the alternative operation perimeter has a higher security level than the current operation perimeter, a password or other authorization may be required. The contact records may be accessed, for example, to find information for an outgoing communication, to identify information associated with an incoming communication, or to edit a contact record.

Подробнее
Номер записи: 56
27-02-2014 дата публикации

Method and system for controlling access to applications on mobile terminal

Номер: US20140059670A1
Автор: Xiaosheng Zheng
Принадлежит: Tencent Technology Shenzhen Co Ltd

Various embodiments provide methods and systems for controlling an access to applications on a mobile terminal. In an exemplary method, an opened application can be scanned and an application identification can be obtained. The application identification can be compared with a pre-stored target application identification. When the application identification is compared to be consistent with the pre-stored target application identification, an unlock interface can be displayed. An unlock command can be obtained to run the application on the mobile terminal. An exemplary system for controlling an access to an application on a mobile terminal can include a scanning module, a comparing module, a displaying module, and an executing module.

Подробнее
Номер записи: 57
13-03-2014 дата публикации

Gesture- and expression-based authentication

Номер: US20140075548A1
Автор: Eric Yam, Helmut Neumann, Seungwook Hong, Sriram Sampathkumaran
Принадлежит: Sony Corp

A user can define a gesture-based input mode with respective input value to establish an authentication protocol to unlock a computer or govern other computer behavior. As an alternative or in addition, the user can define a second input mode based on face recognition plus IR sensing satisfying a threshold to ensure a live person is being imaged for authentication, and/or face recognition plus a particular facial expression such as a smile and wink.

Подробнее
Номер записи: 58
13-03-2014 дата публикации

Method and apparatus to manage user account of device

Номер: US20140075551A1
Автор: Nam Heo
Принадлежит: SAMSUNG ELECTRONICS CO LTD

A method and apparatus to manage a user account. The method includes: setting a plurality of authorization accounts defining usage right regarding functions of the device; mapping at least one of the plurality of authorization accounts to a user authentication account of the device, based on an input of a user; and executing an application installed in the device using a result of the mapping the authorization account and the user authentication account, without stopping running of an operation system of the device.

Подробнее
Номер записи: 59
27-03-2014 дата публикации

SYSTEMS AND METHODS FOR IDENTIFYING UNAUTHORIZED USERS OF AN ELECTRONIC DEVICE

Номер: US20140090050A1
Автор: Lin Gloria, Nakajima Taido, Rahul Pareet
Принадлежит: Apple Inc.

This is generally directed to identifying unauthorized users of an electronic device. In some embodiments, an unauthorized user of the electronic device can be detected by identifying particular activities that may indicate suspicious behavior. In some embodiments, an unauthorized user can be detected by comparing the identity of the current user to the identity of the owner of the electronic device. When an unauthorized user is detected, various safety measures can be taken. For example, information related to the identity of the unauthorized user, the unauthorized user's operation of the electronic device, or the current location of the electronic device can be gathered. As another example, functions of the electronic device can be restricted. In some embodiments, the owner of the electronic device can be notified of the unauthorized user by sending an alert notification through any suitable medium, such as, for example, a voice mail, e-mail, or text message. 1monitoring with the electronic device usage of at least one memory of the electronic device;detecting with the electronic device a sudden increase in the monitored memory usage; anddetermining with the electronic device that a current user of the electronic device is the unauthorized user in response to the detecting.. A method for identifying an unauthorized user of an electronic device, the method comprising: This is a continuation of U.S. application Ser. No. 13/615,304 filed Sep. 13, 2012, which is a continuation of U.S. application Ser. No. 12/389,106 filed Feb. 19, 2009, each of which is incorporated herein by reference in its entirety and for all purposes.This relates to systems and methods for identifying unauthorized users of an electronic device. In particular, this relates to systems and methods for detecting an unauthorized user, gathering information related to the electronic device, the unauthorized user, or both, and transmitting an alert notification to a responsible party for the electronic ...

Подробнее
Номер записи: 60
03-04-2014 дата публикации

SYSTEMS AND METHODS FOR CLIENT SCREENING IN THE FINANCIAL SERVICES INDUSTRY

Номер: US20140096239A1
Автор: Fergusson Scott
Принадлежит: Broadridge Securities Processing Solutions, Inc.

Systems, methods, and interfaces for screening clients for security compliance with a Customer Identification Program are disclosed. An illustrative system for screening clients can include a client screening engine adapted to filter client account data based on one or more filtering criteria, a database adapted to store client account information and verification status information, and a graphical user interface adapted to selectively display client account information and verification status information for one or more selected clients on a screen. The system can be used to submit identity verification requests to Customer Identification Program vendors for only those clients whose identity have not been verified. 1. A system for screening clients for security compliance , the system comprising:a client screening engine adapted to filter client account data based on one or more filtering criteria;a database adapted to store client account information and verification status information; anda graphical user interface adapted to selectively display client account information and verification status information for one or more selected clients on a screen.2. The system of claim 1 , wherein said client screening engine is adapted to automatically update the database each time a new account is opened for a new or existing client.3. The system of claim 1 , wherein said client screening engine is adapted to automatically update the database when a name and/or address change is received for at least one client.4. The system of claim 1 , wherein said client screening engine is adapted to associate client account data received from the account custodian with account data stored within the database using a unique client identification tag.5. The system of claim 1 , wherein said graphical user interface includes a verification status field.6. The system of claim 1 , wherein said graphical user interface includes a means for filtering client account data received from the ...

Подробнее
Номер записи: 61
10-04-2014 дата публикации

SECURE CREDENTIAL UNLOCK USING TRUSTED EXECUTION ENVIRONMENTS

Номер: US20140101454A1
Автор: Barbour Marc R., Nystrom Magnus, Shoop Kirk, Soni Himanshu, Spiger Robert K., Thom Stefan, Voicu Nick, Zhou Xintong
Принадлежит: MICROSOFT CORPORATION

Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data. 1. A method performed on a computing device that includes a trusted platform module (“TPM”) , the method comprising:generating an authentropy that is configured for wrapping a key;generating, by the TPM, a virtual smart card key;locking, by the TPM, the virtual smart card key;encrypting, by the TPM, the authentropy with the virtual smart card key; andstoring, by the TPM, the encrypted authentropy and the locked virtual smart card key in the TPM.2. The method of where the locking is based on a personal identification number (“PIN”) of a user.3. The method of where the generating the authentropy is performed by the computing device or by a user.4. The method of where the virtual smart card key is configured for use in accessing to the authentropy.5. The method of further comprising protecting a user key based on the authentropy.6. The method of further comprising ...

Подробнее
Номер записи: 62
02-01-2020 дата публикации

SYSTEM FOR ADVANCED PROTECTION OF CONSUMABLE OR DETACHABLE ELEMENTS

Номер: US20200001612A1
Автор: Bonneton Damien
Принадлежит:

A method of authenticating a consumable or detachable element of a continuous inkjet printer comprising: the controller of the printer generating a 1item of random information that is dispatched to an authentication circuit of the element; encrypting the 1item of information by the authentication circuit using a 1encryption algorithm and a 1secret key to form a 1item of encrypted random information; dispatching the 1item of information to the controller; encrypting the 1item of information by the controller using a 2encryption algorithm and a 2secret key to form a 2item of encrypted random information; comparing the 1item of encrypted random information with the 2encrypted item of random information to authenticate the consumable element; and if the consumable element is authenticated, dispatching at least one part of a 3key, termed the shared key, by the element to the printer. 1. A data medium for a continuous inkjet printer (CIJ) , said data medium being physically separated from said CIJ printer and comprising:an interface to exchange data with said printer;a memory storing at least one item of data concerning at least one consumable or detachable element or at least one spare part that the printer can use, and/or at least one software that the printer can use, and/or at least one method of use or function that the printer can implement and/or rights of use of said continuous inkjet printer and/or equipment options or one or more peripherals used on the printer and/or one or more items of data specific to the operation of the printer.2. A data medium according to claim 1 , wherein said consumable or detachable element or spare part is an ink or solvent cartridge or a filter or a pump or a solenoid valve claim 1 , or a removable module claim 1 , or a removable module of the ink circuit of said printer or of a printing head of said printer.3. A data medium according to claim 1 , configured to implement an authentication process before exchanging data with said ...

Подробнее
Номер записи: 63
06-01-2022 дата публикации

IN-VEHICLE CONTENT DELIVERY SYSTEM OPERABLE IN AUTONOMOUS MODE AND NON-AUTONOMOUS MODE

Номер: US20220004600A1
Автор: Bangole Premkumar, Lauer Bryan Adrian, Walsh Patrick J., Wang Kathy
Принадлежит:

Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in “autonomous mode” when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks. 1. A system for providing an in-vehicle content-delivery service to mobile consumer devices , the system comprising: one or more processors;', 'one or more communication interfaces that are coupled to the one or more processors and that are configured to: (i) communicatively couple the content delivery system to one or more mobile consumer devices via an in-vehicle network for the vehicle, and (ii) communicatively couple the content delivery system to a license server that is external to the vehicle and that is configured to authorize or not authorize content-requests originating from the one or more mobile consumer devices; and', (i) detect a loss of a connection between the content delivery system and the license server;', '(ii) respond to the detected loss by operating as a proxy for the license server, including performing an authorization operation to determine a particular content-request from a particular mobile consumer device is authorized; and', '(iii) transmit content to the particular mobile consumer device in response to determining that the particular content-request from the particular mobile consumer ...

Подробнее
Номер записи: 64
07-01-2016 дата публикации

Server, user apparatus and terminal device

Номер: US20160004856A1
Автор: Otto WANG
Принадлежит: Individual

A server, a user apparatus and a terminal device are provided. The server includes a transmission interface, a database and a processor. The transmission interface receives an identification verification request from the user apparatus. The processor captures a plurality of selected patterns from a plurality of database patterns stored in the database according to the identification verification request, selects at least one target pattern from the plurality of selected patterns, and enables the user apparatus to display the plurality of selected patterns and the at least one target pattern in a match object area and a target object area of a user interface displayed by the user apparatus, respectively. An identification verification procedure is finished while the processor determines that one of the plurality of selected patterns that corresponds to the at least one target pattern is selected to conform to the at least one target pattern.

Подробнее
Номер записи: 65
07-01-2021 дата публикации

PASSWORD-BASED AUTHORIZATION FOR AUDIO RENDERING

Номер: US20210004452A1
Автор: Munoz Isaac Garcia, Swaminathan Siddhartha Goutham
Принадлежит:

A method and device for processing one or more audio streams based on password-based privacy restrictions is described. A device may be configured to receive unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with a password, wherein the one or more audio streams are from audio elements represented in an acoustic environment that comprises one or more sub-acoustic spaces, each of the one or more audio streams representative of a respective soundfield, and generate the respective soundfields of the unrestricted audio streams. 1. A device configured to process one or more audio streams , the device comprising:a memory configured to store the one or more audio streams; and receive unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with a password, wherein the one or more audio streams are from audio elements represented in an acoustic environment that comprises one or more sub-acoustic spaces, each of the one or more audio streams representative of a respective soundfield; and', 'generate the respective soundfields of the unrestricted audio streams., 'one or more processors coupled to the memory, and configured to2. The device of claim 1 , further comprising a modem coupled to the one or more processors claim 1 , wherein the one or more processors are further configured to:send the password to a host device via the modem; andobtain, from the host device via the modem, only the unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with the password.3. The device of claim 2 , wherein the modem is configured to:transmit a data packet that includes a representation of the password over a wireless link; andreceive a different data packet that includes a representation of only the unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with the password.4. The device of claim 1 , ...

Подробнее
Номер записи: 66
04-01-2018 дата публикации

AIR CONDITIONER CONNECTION SYSTEM

Номер: US20180004920A1
Автор: MURAKAMI Yoshiro
Принадлежит:

An air conditioner connection system includes an air conditioner having a first device connected via a power line in a communication-capable manner, and a second device capable of performing radio communication with the air conditioner. The air conditioner includes an authentication process control unit that controls the first device to perform an authentication process when a starting request of the authentication process for performing power carrier communication is received from the second device, the first device includes an authentication process unit that performs the authentication process under the control of the air conditioner, and the second device includes an authentication start process unit that transmits the starting request of the authentication process to the air conditioner. 1. An air conditioner connection system comprising an air conditioner including a first device connected via a power line in a communication-capable manner , and a second device capable of performing radio communication with the air conditioner , whereinthe air conditioner includes an authentication process control unit that controls the first device to perform an authentication process when a starting request of the authentication process for performing power carrier communication is received from the second device,the first device includes an authentication process unit that performs the authentication process under the control of the air conditioner, andthe second device includes an authentication start process unit that transmits the starting request to the air conditioner.2. The air conditioner connection system according to claim 1 , whereinthe second device further comprises a time setting unit that receives setting of the starting time of the authentication process, and counts down and displays, on a display unit, a remaining time before reaching the starting time in the case where the starting time is established,the authentication start process unit transmits the ...

Подробнее
Номер записи: 67
04-01-2018 дата публикации

Processing apparatus, method for controlling processing apparatus, and non-transitory computer-readable storage medium

Номер: US20180004922A1
Автор: Takeshi Suzuki
Принадлежит: Canon Inc

Provided is a processing apparatus that authenticates a requestor in response to a request for performing predetermined processing. The processing apparatus executes the predetermined processing upon the authentication succeeding. Whether or not authentication is performed is set individually for each of the processing apparatus and an external apparatus of the processing apparatus that serve as the requestor. The authentication is performed in the case where authentication is set to be performed on the requestor that made the request.

Подробнее
Номер записи: 68
13-01-2022 дата публикации

Infusion Devices and Methods

Номер: US20220013224A1
Автор: Christopher V. Reggiardo, James Thomson, Namvar Kiaie
Принадлежит: Abbott Diabetes Care Inc

Medical devices, systems, and methods related thereto a glucose monitoring system having a first display unit in data communication with a skin-mounted assembly, the skin-mounted assembly including an in vivo sensor and a transmitter. The first display unit and a second display unit are in data communication with a data management system. The first display unit comprises memory that grants a first user first access level rights and the second display unit comprises memory that grants a second individual second access level rights.

Подробнее
Номер записи: 69
07-01-2021 дата публикации

SMART LOCK BOX AND SYSTEM

Номер: US20210005033A1
Автор: Cascone Richard, Namrud Andrew, Oudeh Ammar, Roman Roy
Принадлежит:

A delivery box system for use by a user with a delivery box having an internal compartment, a door providing access into the internal compartment and a locking mechanism configured to lock and unlock the door. The system having a user module configured to receive and store user data. A tracking module is configured to receive, and store authorized incoming package tracking data. An authorization module is configured to receive a request to unlock the locking mechanism of delivery box to determine if the request is authorized. A locking module is configured to engage the locking mechanism upon a determination that the request to unlock the locking mechanism is authorized. An activity module is configured to create and store an activity record for all activity associated with the delivery box. The activity record includes a time and a date of all successful and unsuccessful attempts to gain access to the compartment. A communication module is configured to provide and store two-way audio and video communication between a person located at the delivery box and a remotely located person. 1. A delivery box , comprising:a first door providing access to a compartment;a first locking mechanism configured to lock and unlock the first door; anda computer device having a processor and a memory configured for engaging the first locking mechanism to lock and unlock the first door.2. The delivery box of claim 1 , wherein the locking mechanism is further defined as an electronic lock configured to operate upon receiving authenticated electronic key input.3. The delivery box of claim 1 , wherein the locking mechanism is further defined as a combination electronic and mechanical lock configured to operate by a combination of a physical key and electronic key input.4. The delivery box of claim 1 , further comprising:a parcel scanning device configured to scan encoded parcel tracking numbers;a camera configured to provide video coverage of the delivery box;a communication device ...

Подробнее
Номер записи: 70
02-01-2020 дата публикации

Method and device for authenticating vehicle smart key

Номер: US20200005571A1
Автор: Ho Yang, Kwanghoon HAN, Sungmin JO
Принадлежит: SAMSUNG ELECTRONICS CO LTD

Disclosed are a communication method for merging, with IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system, and a system therefor. The disclosure can be applied to intelligent services (for example, smart home, smart building, smart city, smart car or connected car, health care, digital education, retail business, security and safety related services, and the like) on the basis of 5G communication technology and IoT-related technologies. According to various embodiments of the disclosure, a method for authenticating a smart key of an electronic device comprises the steps of: transmitting an authentication request in a predetermined cycle; receiving authentication responses from a smart key device; determining whether there is a relay attack on the basis of the interval of the received authentication responses; and authenticating the smart key device when it is determined that there is no relay attack. However, the disclosure is not delimited to the embodiment above, and other embodiments are possible.

Подробнее
Номер записи: 71
01-01-2015 дата публикации

Method and system for cryptographically enabling and disabling lockouts for critical operations in a smart grid network

Номер: US20150007275A1
Автор: Aditi Hilbert, Michael ST. JOHNS
Принадлежит: Silver Spring Networks Inc

A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.

Подробнее
Номер записи: 72
04-01-2018 дата публикации

SYSTEM AND METHOD FOR MAKING A CONTENT ITEM, RESIDENT OR ACCESSIBLE ON ONE RESOURCE, AVAILABLE THROUGH ANOTHER

Номер: US20180007411A1
Автор: Eyal Aviv
Принадлежит:

Systems and methods are provided to make content items, already available on one resource, also available through another, such as through a new location or resource. The content items may be, e.g., videos uploaded by a user or other content. The systems and methods employ a streamlined interface for convenience to the user. In one example, a user of a computer system views a video segment through a first website and re-posts the video segment to a second website by entering a single command or clicking a single button. The websites coordinate the re-posting using credentials previously or contemporaneously entered by the user. Moreover, a content item may be automatically prepared for re-posting on the target website using previously-entered user selections. Playback software from a source website may be posted to a target website to allow access of the content item at the source website. 1. A method of making available through a target resource a content item , the content item consumable on an originating resource , comprising:a. receiving a request from a client, the request pertaining to a content item and to a target resource;b. authenticating the client on the target resource; and i. transmitting the content item from an originating resource to the target resource; or', 'ii. posting a link to the content item on the target resource., 'c. if the authenticating is successful, then making available the content item through the target resource by either2. The method of claim 1 , wherein the authenticating includes:a. receiving at the target resource a credential of the client;b. comparing the credential to a list of authenticated credentials; andc. if the credential of the client is the same as a credential on the list of authenticated credentials, then returning a confirmation that the authenticating is successful.3. The method of claim 1 , wherein the receiving claim 1 , authenticating claim 1 , and making available is performed at least in part by a server ...

Подробнее
Номер записи: 73
02-01-2020 дата публикации

Systems and methods for identifying illegitimate activities based on graph-based distance metrics

Номер: US20200007577A1
Автор: Daniel Adam Jenson
Принадлежит: Facebook Inc

Systems, methods, and non-transitory computer-readable media can generate a node graph comprising a plurality of user account nodes and a plurality of edge nodes connecting the plurality of user account nodes. A distance score is calculated for each user account node of the plurality of user account nodes. It is determined that a transaction is an illegitimate transaction based on the distance scores.

Подробнее
Номер записи: 74
27-01-2022 дата публикации

Apparatus and method with compressed neural network computation

Номер: US20220027668A1
Автор: Dongyeon WOO, Gunhee Kim, Jaekyeom KIM, Minjung Kim, Seon Min RHEE, SeungJu HAN
Принадлежит: SAMSUNG ELECTRONICS CO LTD, SEOUL NATIONAL UNIVERSITY R&DB FOUNDATION

A neural network includes a drop layer configured to drops feature values. A method of computation using the neural network includes extracting feature data from input data using a first portion of a neural network, generating compressed representation data of the extracted feature data by dropping a feature value from the extracted feature data at a drop layer of the neural network based on a drop probability corresponding to the feature value, and indicating an inference result from the compressed representation data using a second portion of the neural network.

Подробнее
Номер записи: 75
08-01-2015 дата публикации

METHOD AND APPARATUS FOR SECURITY IN CLOUD COMPUTING SERVICE

Номер: US20150012977A1
Автор: HUH Eui Nam, KIM Jin Taek, Na Sang Ho, PARK Jun Young
Принадлежит: Intellectual Discovery Co., Ltd.

Provided is a method and apparatus for security in a cloud computing service. A service integration unit provides various cloud services to a terminal over a personal virtual network. An authentication unit performs authentication on a user of the terminal through redirection in the service integration unit. The service integration unit generates a virtual machine for providing a cloud service requested by the terminal on a service providing unit. The service providing unit provides the cloud service to the terminal authenticated by the user. 1. A cloud service method , comprising:receiving a request for accessing a cloud service from a terminal of a user;requesting a service providing unit, providing the cloud service, to verify an access right of the user to the cloud service;receiving a result of verification from the service providing unit; andgranting a token of the user with the access right to the cloud service when the result of verification indicates that the user has the access right to the cloud service.2. The method of claim 1 , further comprising:transmitting an identifier of the terminal to an authentication unit; andreceiving, from the authentication unit, a result of authenticating the user based on the identifier.3. The method of claim 1 , further comprising:transmitting a token of the user to the terminal.4. The method of claim 1 , further comprising:receiving, from the service providing unit, a request for registration information of the service cloud and right information of the user; andtransmitting the registration information and the right information to the service providing unit.5. The method of claim 1 , further comprising:generating a configuration for providing the cloud service on the service providing unit.6. The method of claim 5 , wherein the configuration for providing the cloud service is a virtual machine that is performed on the service providing unit.7. The method of claim 1 , wherein the cloud service is provided to the terminal ...

Подробнее
Номер записи: 76
08-01-2015 дата публикации

Mobile Device Peripherals Management System and Multi-Data Stream Technology (MdS)

Номер: US20150013021A1
Автор: Johnson Christopher Bernard
Принадлежит:

A device and system for management of and access to externally connected peripheral devices by mobile devices. User and/or application data on a mobile device is sent to externally connected peripheral devices. External peripheral devices includes, but are not limited to, printers, scanners, displays, audio interfaces, speakers, network adapters, storage drives, hard drives, and the like. An end user mobile device application interface is installed as an application on a mobile device. Data may be sent directly to a peripheral device, or to a peripherals aggregation device, which may be active or passive. 1. A non-transitory computer-readable storage medium with an executable program stored thereon , wherein the program instructs a processor or microprocessor to perform the following steps:receiving a request from a mobile or remote computing device to access a peripheral computing device;encapsulating data into proprietary frames for transmission over wired or wireless connections;authenticating the mobile or remote computing device;upon authenticating the mobile or remote computing device, forwarding the request from the mobile or remote computing device to the peripheral computing device, wherein the peripheral computing device is not connected to a network;providing application and device publishing services;providing data optimization, protection, or profiling services; andproviding resource management services for peripheral computing devices.2. The non-transitory computer-readable storage medium with an executable program stored thereon of claim 1 , wherein the processor or microprocessor receives said request from one or more of the following: a portable computing device claim 1 , a laptop computer claim 1 , a personal digital assistant claim 1 , a notebook computer claim 1 , a cell phone claim 1 , a smart phone claim 1 , a pager claim 1 , an Internet appliance claim 1 , or a tablet computer.3. The non-transitory computer-readable storage medium with an ...

Подробнее
Номер записи: 77
14-01-2016 дата публикации

ENABLING DEVICE FUNCTIONALITY BASED ON INDOOR POSITIONING SYSTEM DETECTION OF PHYSICAL CUSTOMER PRESENCE

Номер: US20160012214A1
Автор: Jones Alicia C.
Принадлежит:

A computing platform may receive a plurality of messages comprising data indicating physical presence of customers at a physical location from an indoor positioning system located at the physical location. Responsive to receiving the plurality of messages comprising the data indicating the physical presence of the customers at the physical location, the computing platform may determine that one or more customers of the customers at the physical location are authorized to utilize one or more functions of one or more computing devices physically located at the physical location. 1. A method , comprising: receiving, via the communication interface and from an indoor positioning system located at a physical banking center location of a financial institution, a plurality of messages comprising data indicating physical presence of customers of the financial institution at the physical banking center location of the financial institution; and', 'responsive to receiving the plurality of messages comprising the data indicating the physical presence of the customers of the financial institution at the physical banking center location of the financial institution, determining, by the at least one processor, that one or more customers of the customers of the financial institution at the physical banking center location of the financial institution are authorized to utilize one or more functions of one or more computing devices physically located at the physical banking center location of the financial institution., 'at a computing platform comprising at least one processor, a memory, and a communication interface2. The method of claim 1 , comprising claim 1 , responsive to determining that the one or more customers of the customers of the financial institution at the physical banking center location of the financial institution are authorized to utilize the one or more functions of the one or more computing devices physically located at the physical banking center location of ...

Подробнее
Номер записи: 78
14-01-2016 дата публикации

TRUST CONFERENCING APPARATUS AND METHODS IN DIGITAL COMMUNICATION

Номер: US20160012215A1
Автор: Galvin Brian, Perlmutter S. Michael, Ristock Herbert Willi Artur, Ryabchun Andriy Vladimirovich
Принадлежит:

A conferencing application executing on a computerized appliance from a machine-readable medium, the computerized appliance coupled to one or more networks is provided, the application including functionality for responding to requests to join a conference, and for enabling requesters as participants, functionality for receiving and rendering text, voice or video data from each registered participant as text, voice or video data to be transmitted to individual ones of other participants, functionality for controlling which received text, voice or video data is transmitted to which participants, and functionality for receiving and executing instructions from a trust authority. 1. A conferencing application executing on a computerized appliance from a machine-readable medium , the computerized appliance coupled to one or more networks , the application comprising:functionality for responding to requests to join a conference, and for enabling requesters as participants;functionality for receiving and rendering text, voice or video data from each registered participant as text, voice or video data to be transmitted to individual ones of other participants;functionality for controlling which received text, voice or video data is transmitted to which participants; andfunctionality for receiving and executing instructions from a trust authority.2. The conferencing application of wherein the trust authority is software executed by a processor of a computerized hardware server from a machine-readable medium claim 1 , coupled locally to the computerized appliance by a local area network (LAN).3. The conferencing application of wherein the trust authority is software executed by a processor of a computerized hardware server from a machine-readable medium claim 1 , coupled remotely to the computerized appliance by a wide area network (WAN).4. The conferencing application of wherein the instructions include one or more of trust information regarding individual ones of the ...

Подробнее
Номер записи: 79
11-01-2018 дата публикации

APPLICATION UNLOCK USING A CONNECTED PHYSICAL DEVICE AND TRANSFER OF DATA THEREBETWEEN

Номер: US20180011988A1
Автор: Mueller Manfred, Ziegler Dominik
Принадлежит: NOVARTIS AG

According to one embodiment, a system includes a medical device configured to provide a function to a user, communicate via a wireless communication channel with one or more other devices, and send a signal to shift a medical device application from a locked state to an unlocked state. The system also includes a computing device having wireless communication channels and a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the computing device to communicate with the medical device, execute the medical device application, and shift from the locked state to the unlocked state in response to receiving the signal from the medical device. Core functionality of the medical device application is disabled when the medical device application is in the locked state, and some functionality applicable to the medical device is enabled when the medical device application is in the unlocked state. 1. A system , comprising: provide a function to a user of the medical device;', 'communicate via a wireless communication channel with one or more other devices; and', 'send a signal to shift a medical device application from a locked state to an unlocked state; and, 'a medical device configured to communicate with the medical device;', 'execute the medical device application; and', 'shift from the locked state to the unlocked state in response to receiving the signal from the medical device,', 'wherein a functionality of the medical device application is disabled when the medical device application is in the locked state, and', 'wherein a functionality applicable to the medical device is enabled when the medical device application is in the unlocked state., 'a computing device comprising one or more wireless communication channels and a processor and logic integrated with and/or executable by the processor, the logic being configured to cause the computing device to2. The system as recited in claim 1 , wherein the medical device is ...

Подробнее
Номер записи: 80
11-01-2018 дата публикации

ACOUSTIC SECURITY CODE TRANSMISSION

Номер: US20180011999A1
Автор: Farshteindiker Benyamin, GROSZ Asaf, HASIDIM Nir, OREN Yossi
Принадлежит:

A system and methods of computer security are provided wherein a first mobile computing device drives an acoustic transducer to emit an acoustic signal encoding a time-based, one time password (TOTP) code, and a second mobile computing device measures output of a MEMS gyroscope that senses the emitted acoustic signal. The second mobile computing device decodes the TOTP code from the gyroscope output, validates the TOTP code and responsively permits a user to access a secure application. 1. A method of computer security comprising:driving an acoustic transducer in a first mobile computing device to emit an acoustic signal encoding a time-based, one time password (TOTP) code;measuring output of a microelectromechanical system (MEMS) gyroscope sensing the emitted acoustic signal in a second mobile computing device;decoding the TOTP code from the MEMS gyroscope output;validating the TOTP code; andresponsively permitting a user to access a secure application.2. The method of claim 1 , wherein the acoustic transducer encodes the TOTP by varying the amplitude of the acoustic signal claim 1 , and wherein the acoustic signal has a frequency approximately equal to a resonant frequency of the MEMS gyroscope.3. The method of claim 1 , wherein measuring the output of the MEMS gyroscope comprises measuring noise variations in the output.4. The method of claim 1 , wherein validating the TOTP code comprises transmitting the TOTP code to a TOTP validation server and receiving an authorization from the validation server.5. The method of claim 1 , wherein the secure application runs on the second mobile device.6. The method of claim 1 , wherein the secure application runs on a server communicatively coupled by wireless means to the second mobile device and wherein the measurement of the output of the MEMS gyroscope is performed by a front-end application running on the second mobile device.7. The method of claim 1 , wherein the frequency of the emitted acoustic signal is set to ...

Подробнее
Номер записи: 81
09-01-2020 дата публикации

METHOD FOR SHARING APPLICATION MODULE AND APPARATUS USING THEREOF

Номер: US20200013229A1
Автор: LEE Chulhee, LEE Dongkyu, LEE Eunkoo, PARK Namyong, Yoon TaeSuk
Принадлежит:

One or more of an autonomous vehicle, a user terminal, and a server of the present disclosure may be connected to, for example, an artificial intelligence module, an unmanned aerial vehicle (UAV), a robot, an augmented reality (AR) device, a virtual reality (VR) device, or a 5G service device. An information processing method in an electronic device according to one embodiment of the present disclosure includes identifying a container that is logically docked on an operating system (OS), identifying an application corresponding to the container, identifying an event related to running of the application, and transmitting, to another node, information on a first block on difference including first identification information for the first block on difference generated based on first data associated with the event and second identification information for the container. 1. An information processing method in an electronic device , the method comprising:identifying a container that is logically docked on an operating system (OS);identifying an application corresponding to the container;identifying an event related to running of the application; andtransmitting, to another node, information on a first block on difference including first identification information for the first block on difference generated based on first data associated with the event and second identification information for the container.2. The method of claim 1 , wherein the second identification information is generated based on at least a part of data included in the container before the container docks with the electronic device.3. The method of claim 1 , further comprising:transmitting, to the other node, information on a second block on difference including third identification information on the second block on difference generated based on second data associated with an additional event; andverifying fourth identification information on a new container including the first data and the second ...

Подробнее
Номер записи: 82
11-01-2018 дата публикации

Apparatus and method for enhancing personal information data security

Номер: US20180014198A1
Автор: Han-Il Yu, Hee-Jeong Lee, Hye-Jin Lee, Joo-Hyun Park, Kyung-Joo Suh, Sang-Jin Kim
Принадлежит: SAMSUNG ELECTRONICS CO LTD

The present disclosure relates to a communication technique for converging a 5G communication system for supporting a higher data rate beyond a 4G system with an IoT technology, and a system therefor. The present disclosure can be applied to intelligent services on the basis of a 5G communication technology and an IoT-related technology (for example, smart home, smart building, smart city, smart car or connected car, healthcare, digital education, retail, security and safety-related service, and the like). The present invention provides a method for enhancing data security, comprising: when a request message including information related to a first privacy level is received from a user device, authenticating the user device; when the user device is an authenticated device as a result of the authentication, verifying the information related to the first privacy level; and when the verification of the information related to the first privacy level is completed, transmitting, to the user device, an image processed on the basis of the first privacy level among images processed on the basis of a plurality of privacy levels.

Подробнее
Номер записи: 83
10-01-2019 дата публикации

Projection via a Device

Номер: US20190014477A1
Автор: BELLET Vincent, Klemets Anders E., Matesan Cristian M., Mendonca Rouella J., Phan Phuoc Q.
Принадлежит: Microsoft Technology Licensing, LLC

Techniques for projection via a device are described. According to various implementations, techniques described herein enable a locked host device to output data projected from another device while the host device remains in a locked state. In at least some implementations, device context for a host device (locked or unlocked) can be considered in determining whether to broadcast availability to receive projected content. 1. A system comprising:one or more processors; and detecting a request from a first device to project a visual representation of an execution environment generated at the first device to a second device while the second device is in a locked state;', 'ascertaining whether the first device has permission to project to the second device while the second device is in the locked state;', 'allowing or denying the first device permission to project the visual representation to the second device based on whether the first device is indicated as having permission to project to the second device while the second device is in the locked state., 'one or more computer-readable media storing processor-executable instructions that, responsive to execution by the one or more processors, cause the system to perform operations including2. A system as recited in claim 1 , further comprising causing claim 1 , in an event that the first device is permitted to project the visual representation to the second device claim 1 , the visual representation to be communicated to the second device such that the visual representation is displayable on the second device while the second device is in the locked state. This application is a continuation of and claims priority to U.S. patent application Ser. No. 15/186,259, filed Jun. 17, 2016, which claims priority to U.S. Provisional Application Ser. No. 62/314,757, filed on Mar. 29, 2016, the disclosures of which are incorporated by reference herein.Computing devices today provide users with a wide variety of functionality to ...

Подробнее
Номер записи: 84
14-01-2021 дата публикации

Systems and methods for block chain authentication

Номер: US20210014067A1
Автор: Thomas Clements
Принадлежит: SecureWorks Corp

A system for providing secure authentication between a service provider and at least one user device having a storage. The system having a processor managed by the service provider, which processor manages authentication between the at least one device and the service provider. The processor is configured to generate a block including at least user account information upon receipt of an authentication request from the at least one device; apply a cryptographic hash function to the block to create a hash; transmit the hash to the at least one device for storage in the memory of the at least one device; and upon receipt of the hash, validate the hash prior to providing access to the service provider.

Подробнее
Номер записи: 85
15-01-2015 дата публикации

Methods and systems for electronic device status exchange

Номер: US20150017945A1
Автор: Michael ECKLER
Принадлежит: Rogers Communications Inc

Methods, devices and servers for exchanging information about the status of mobile communications are described. In one aspect, a method is implemented on a device status exchange server, which includes: storing a plurality of profiles associated with a plurality of mobile communication devices that are serviced by a wireless service provider having a wireless service provider server which tracks information about the mobile communication devices, the plurality of profiles storing at least some of the information tracked by the wireless service provider server; receiving, from third party servers, subscription requests for notification of an update in information associated with one of the mobile communication devices; registering the received subscription requests; detecting an update to the information stored in one of the profiles based on information received from a server; and in response to detecting the update: updating the profile associated with the mobile communication device associated with the updated information; and notifying the third party servers of the update in accordance with registered subscription requests.

Подробнее
Номер записи: 86
10-04-2014 дата публикации

NETWORK ATTACK DETECTION AND PREVENTION BASED ON EMULATION OF SERVER RESPONSE AND VIRTUAL SERVER CLONING

Номер: US20140101724A1
Автор: Elliott Trevor, Wick Adam
Принадлежит: GALOIS, INC.

Network attacks can be evaluated to determine typical responses provided by networks configured to provide services. Typically, service requests directed to a selected address are associated with data or a data streams responsive to requests to selected addresses. These responses are used to define scripts that can be executed by decoy nodes responsive to service requests at the selected addresses. Receipt of a request for services at an unused IP address and port number can trigger playback of the associated script, typically as a data stream mimicking that produced by an operational network. 1. A method , comprising:in a computer network, receiving a service request directed to an unauthorized access point; andproviding a decoy response.2. The method of claim 1 , wherein the unauthorized access point is associated with an IP address and a particular TCP port claim 1 , and the decoy response is based on the particular TCP port.3. The method of claim 1 , wherein the decoy response is provided as a predetermined data stream.4. The method of claim 3 , wherein the decoy response is selected based on a data stream associated with the service request.5. The method of claim 4 , wherein the decoy response is selected based on a number of bytes in the data stream associated with the service request.6. The method of claim 1 , further comprising providing decoy responses to service requests directed to a plurality of unauthorized access points claim 1 , wherein the decoy responses are selected based on the associated service requests.7. The method of claim 6 , wherein the decoy responses are selected based on the data streams associated with the service requests.8. The method of claim 7 , wherein the decoy responses are selected based on TCP/IP port numbers associated with the service requests.9. A computing device claim 7 , comprising a processor configured to implement a plurality of decoy nodes based on computer executable instructions stored in a computer storage device ...

Подробнее
Номер записи: 87
15-01-2015 дата публикации

METHOD FOR DISPLAYING CONTENTS AND ELECTRONIC DEVICE THEREOF

Номер: US20150020190A1
Автор: CHEONG Cheol-Ho, JOO Jae-Seok, LEE Ki-Tae, Lee Tae-Young, Park Soo-Jin, SHIN Heung-Sik, YANG Jin-Gil, Yu Bo-Hyun
Принадлежит:

An electronic device is provided. The electronic device includes an output module, a sensing module, and a processor. The output module is configured to output contents. The sensing module is configured to obtain at least one of user information and environment information. The processor is configured to control an operation of the electronic device in response to at least one of the user information and the environment information depending on an attribute of the contents. 1. An electronic device comprising:an output module configured to output contents;a sensing module configured to obtain at least one of user information and environment information; anda processor configured to control an operation of the electronic device in response to at least one of the user information and the environment information depending on an attribute of the contents.2. The electronic device of claim 1 , wherein the processor is configured to determine user setting information corresponding to the user information using at least one of real-time user information and advance user information that is stored in advance claim 1 , and the user setting information comprises information regarding an operation mode of the electronic device corresponding to the user information.3. The electronic device of claim 1 , wherein the processor is configured to determine whether the user information is authenticated depending on the attribute of the contents.4. The electronic device of claim 3 , wherein the processor is configured to authenticate the user information using user setting information comprising operation mode information of the electronic device corresponding to the user information.5. The electronic device of claim 4 , wherein claim 4 , when the user setting information corresponding to the user information does not exist claim 4 , the processor is configured to limit an output of the contents and to register the user setting information corresponding to the user information.6. The ...

Подробнее
Номер записи: 88
18-01-2018 дата публикации

Method And Computer Program Product For Providing Authentication To Control Access To A Computer System Using A Previously Measured And Recorded Input

Номер: US20180018446A1
Автор: Hill Michael J., Ruddy Thomas R.
Принадлежит:

A system and method for authentication to control access to a computer system includes receiving a first input from a measuring device formed as part of a mobile computing and/or communication device, and comparing the first input to a previously measured and recorded input. Access to the computer system is permitted if the first input is equivalent to the previously measured and recorded input. An output may be created on the mobile device, which may be in the form of displaying dynamic images or playing audible sounds. At any moment in time during the output, a second input may be made and compared so that, if the second input occurs at a time equivalent to a predetermined time in the output, access to the second computer system is permitted. 1. A method of providing authentication to control access to a computer system comprising the steps:receiving at least one first input from at least one measuring device formed as part of a mobile computing and/or communication device;comparing said first input to a previously measured and recorded input; andif said first input is equivalent to said previously measured and recorded input, subject to predetermined error factors, access to a first computer system is permitted.2. A method according to claim 1 , further comprising:creating an output on said mobile device, said output comprising displaying, on a display portion of said mobile device, a series of dynamic images and/or playing, through an audio output portion of said mobile device, a series of sounds;at a moment in time during said output making at least one second input; andif said second input occurs substantially at a time equivalent to a predetermined time in said output, access to a second computer system is permitted.3. A method according to claim 1 , wherein said first input comprises an input taken from the environment in which the mobile device is located.4. A method according to claim 3 , wherein said first input comprises measurements taken by at least ...

Подробнее
Номер записи: 89
18-01-2018 дата публикации

Method And Computer Program Product For Providing Authentication To Control Access To A Computer System Using Interaction With An Output

Номер: US20180018447A1
Автор: Hill Michael J., Ruddy Thomas R.
Принадлежит:

A system and method for authentication to control access to a computer system includes receiving a first input from a measuring device formed as part of a mobile computing and/or communication device, and comparing the first input to a previously measured and recorded input. Access to the computer system is permitted if the first input is equivalent to the previously measured and recorded input. An output may be created on the mobile device, which may be in the form of displaying dynamic images or playing audible sounds. At any moment in time during the output, a second input may be made and compared so that, if the second input occurs at a time equivalent to a predetermined time in the output, access to the second computer system is permitted. 1. A method of providing authentication to control access to a computer system comprising the steps:creating an output on computing device, said output comprising displaying, on a display portion of said computing device, a series of dynamic images and/or playing, through an audio output portion of said computing device, a series of sounds, said output further comprising an advertisement;at a moment in time during said output making at least one input; andif said input occurs substantially at a time equivalent to a predetermined time in said output, access to said computer system is permitted.2. A method according to claim 1 , wherein said computing device comprises a mobile computing and/or communication device.3. A method according to claim 1 , wherein said output comprises a series of dynamic images and a series of sounds and said dynamic images are not matched with said sounds and said predetermined moment in time is determined on one of said series of dynamic images or said series of sounds.4. A method according to claim 1 , wherein said series of dynamic images is a video.5. A method according to claim 1 , wherein said series of sounds is an audio track.6. A method according to claim 1 , wherein a user of said computer ...

Подробнее
Номер записи: 90
21-01-2016 дата публикации

Method and apparatus for preventing illegitimate outflow of electronic document

Номер: US20160021082A1
Автор: Do Hoon LEE, Han Jun Yoon, Ki Heon Kim, Min Sik Kim, Seung Jin Ryu
Принадлежит: Electronics and Telecommunications Research Institute ETRI

An apparatus and method for preventing illegitimate outflow of an electronic document. The apparatus includes a taking-out control unit, a taking-out management server unit, and a self-response agent unit. The taking-out control unit generates a virtual disk for storing an electronic document to be controlled, and controls the taking-out of the electronic document. The taking-out management server unit authenticates whether the taking-out of the electronic document is legitimate taking-out. The self-response agent unit performs self-extinction when a result indicating illegitimate outflow is received from the taking-out management server unit.

Подробнее
Номер записи: 91
21-01-2016 дата публикации

Synchronizing mobile devices and displays

Номер: US20160021685A1
Автор: Roger Piqueras Jover
Принадлежит: AT&T INTELLECTUAL PROPERTY I LP

Methods and tangible computer-readable media for synchronizing a mobile device to a display via a communication network are disclosed. For example, a method receives an identification code from a display and sends a request to the communication network to establish a communication session between a mobile device and the display. The request comprises the identification code. Thereafter, the communication session is established via the communication network. Another method receives a request to establish a communication session between the mobile device and the display. The request comprises an identification code of the display that was received by the mobile device from the display. The method then establishes the communication session.

Подробнее
Номер записи: 92
18-01-2018 дата публикации

Method and apparatus for storing context information in a mobile device

Номер: US20180019871A1
Автор: William Anthony Gage
Принадлежит: Huawei Technologies Co Ltd

A method and apparatus for storing and using context information in a wireless communication network are provided. Context information is encrypted and transmitted to a mobile device for storage. A cryptographic key usable for decrypting the context information is stored at a radio access node or other node in the network and an indication of the key and the location of the key is stored at the mobile device. The mobile device transmits a message which includes the key identifier and location and the encrypted context information. The message may further include application data and the encrypted context information may include an indication of a further key for encrypting and decrypting application data in transmissions between the mobile device and the communications network. The encrypted context information may include the further key.

Подробнее
Номер записи: 93
16-01-2020 дата публикации

Data privacy awareness in workload provisioning

Номер: US20200019713A1
Автор: Jørgen E. Borup, Kris Blöndal, Marco Aurelio Stelmar Netto, Sergio Varga, Thiago Cesar Rotta
Принадлежит: International Business Machines Corp

Data privacy information pertaining to particular data hosted by a first workload provisioned to a first location can be received. The first workload can be monitored to determine whether the first workload is accessed by a second workload, determine whether the second workload is indicated as being authorized, in the data privacy information, to access the particular data hosted by first workload, and determine whether the second workload has access to the particular data hosted by the first workload. If so, the first workload can be automatically provisioned to a second location to which provisioning of the first workload is allowed based on the data privacy information.

Подробнее
Номер записи: 94
17-01-2019 дата публикации

ZONE MIGRATION IN NETWORK ACCESS

Номер: US20190020624A1
Автор: Noro Raffaele, Olshansky Vadim
Принадлежит:

The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment. 1. A method for determining whether to allow a network user communicating with a first access location within a privately controlled computer network including multiple access locations to migrate from one access location to another access location without re-authentication , the method comprising:providing a plurality of network access locations configured to provide one or more user device's access to a privately controlled computer network;defining migration permissions for migrating between individual network access locations in the plurality of network access locations, where the migration permissions establish migration rights between individual network access locations in the plurality of network access locations without requiring a user to re-login;allowing a user device to migrate from communicating with a first network access location in the plurality of network access locations to a second network access location in the plurality of network access locations without requiring the user to re-login; andrequiring the user to re-login when migrating from the first network access location to a third network access location.2. The method of claim 1 , wherein the network access location is a port.3. The method of claim 2 , wherein the port is a VLAN port.4. The method of claim 1 , wherein the first and second network access locations are comprised in a first zone of network access location and the third network access location is comprised in a second zone of network access locations.5. The method of claim 4 , wherein the first zone comprises network access locations located in a first physical area and the second zone ...

Подробнее
Номер записи: 95
21-01-2021 дата публикации

INVOCATION PATH SECURITY IN DISTRIBUTED SYSTEMS

Номер: US20210021995A1
Автор: Tran William
Принадлежит:

Systems, methods, and computer program products for an application to securely record and propagate an invocation context for invoking other applications are described. The applications being invoked not only receive a user's authentication token, but also authentication tokens of an entire invocation chain. Accordingly, the applications being invoked can verify a chain of custody through verification of nested, cryptographically signed payloads of a chain of authentication tokens. An application can thus verify identities of each application in the chain of custody, as well as the invocation contexts (e. g. the HTTP request method and path) in which each application in the chain invoked the next application. 120-. (canceled)21. A method comprising:receiving, by a midstream application from an upstream application, a first invocation request, the first invocation request being associated with a first token generated by the upstream application, the first token specifying a permissible audience of the first token;authenticating, by the midstream application, the first invocation request, including verifying the first token of the upstream application;verifying, by the midstream application, that the midstream application is an instance of the permissible audience of the first token;upon successful verification, generating, by the midstream application, a second token;submitting, by the midstream application to a downstream application, a second invocation request in association with the second token and the first token;receiving, by the downstream application from the midstream application, the second invocation request;authenticating, by the downstream application, the second invocation request, including verifying the second token of the midstream application; andverifying, by the downstream application, that the midstream application is an instance of the permissible audience for the first token received from the upstream application.22. The method of claim 21 , ...

Подробнее
Номер записи: 96
17-04-2014 дата публикации

Mobile Trigger Web Workflow

Номер: US20140108482A1
Автор: Dane Glasgow
Принадлежит: eBay Inc

In an example embodiment, actions taken on a web site using one device initiate a workflow on a different device. A main process, including a series of steps, is executed on one user device. When a particular step in the main process is reached, a secondary process is then initiated on another device, such as a mobile device.

Подробнее
Номер записи: 97
22-01-2015 дата публикации

Image processing apparatus and control method thereof

Номер: US20150025893A1
Автор: Sung-Woo Park, Yui-yoon Lee
Принадлежит: SAMSUNG ELECTRONICS CO LTD

An image processing apparatus and control method are provided. The image processing apparatus includes: a communication interface which is configured to communicably connect to a server; a voice input interface which is configured to receive a speech of a user and generate a voice signal corresponding the speech; a storage which is configured to store at least one user account of the image processing apparatus and signal characteristic information of a voice signal that is designated corresponding to the user account; and a controller which is configured to, in response to an occurrence of a log-in event with respect to the user account, determine a signal characteristic of the voice signal corresponding the speech received by the voice input interface, select and automatically log in to a user account corresponding to the determined signal characteristic from among the at least one user account stored in the storage, and control the communication interface to connect to the server with the selected user account.

Подробнее
Номер записи: 98
17-04-2014 дата публикации

Functionality Watermarking and Management

Номер: US20140108809A1
Автор: Marshall John
Принадлежит: Sky Socket, LLC

A method, system and non-transitory computer-readable medium product are provided for functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device and identifying at least one watermark template. The method further includes applying the at least one watermark template to at least one function of the user device and authorizing the request to perform the at least one function of the user device. 1. A method comprising:identifying a request to perform at least one function of a user device;identifying at least one watermark template;applying the at least one watermark template to the at least one function of the user device; and,authorizing the request to perform the at least one function of the user device.2. The method of claim 1 , wherein the at least one function of the user device comprises at least one of the following: a hardware function of the user device claim 1 , a software function of the user device claim 1 , or an application executed by the user device.3. The method of claim 1 , wherein the watermark template is associated with at least one of the following: the at least one function of the user device claim 1 , a resource accessible to the at least one function of the user device claim 1 , the user device claim 1 , a user of the user device claim 1 , or an enterprise.4. The method of claim 1 , wherein applying the at least one watermark template to the at least one function of the user device comprises at least one of the following: overlaying the at least one watermark template onto at least one graphical interface associated with the at least one function of the user device claim 1 , or adding the at least one watermark template to the at least one graphical interface associated with the at least one function of the user device in at least one position within the at least one graphical interface.5. The method of claim 1 , wherein ...

Подробнее
Номер записи: 99
17-04-2014 дата публикации

Policy-Based Control Layer in a Communication Fabric

Номер: US20140109190A1
Автор: Cam-Winget Nancy, Ravi Vanaja, Thomson Allan, Wong Pok
Принадлежит:

Presented herein are techniques for adding a secure control layer to a distributed communication fabric that supports publish-subscribe (pub-sub) and direct query (synchronization) communication. The secure control layer is configured to perform policy-based authentication techniques to securely manage the exchange of data/information within the communication fabric and enable registration/discovery of new capabilities. 1. A method comprising:receiving, at a controller of a communication fabric, a request from a component connected to the communication fabric for the controller to enable the component to perform a requested operation at the communication fabric; andperforming policy-based authorization of the requested operation at the controller to determine if the component is permitted to perform the requested operation at the communication fabric.2. The method of claim 1 , further comprising:receiving, at the controller, an indication that the component has initiated connection to the communication fabric; andperforming policy-based authentication and authorization of the component at the controller to determine if the component is permitted to connect to the communication fabric.3. The method of claim 1 , wherein performing policy-based authorization comprises:evaluating one or more attributes defined in a policy.4. The method of claim 3 , wherein evaluating one or more attributes comprises:evaluating the component location.5. The method of claim 3 , wherein evaluating one or more attributes comprises:evaluating component compliance.6. The method of claim 3 , wherein evaluating one or more attributes comprises:evaluating one or more of component reputation and data reputation.7. The method of claim 1 , further comprising:authorizing one or more components to add a new service to a service directory of the controller.8. The method of claim 1 , further comprising:authorizing one or more components to discover new services available through the communication ...

Подробнее
Номер записи: 100