Entries |
Document | Title | Date |
20080209543 | Methods, systems, and products for identity verification - Methods, systems, and products are disclosed for identification verification. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified. | 08-28-2008 |
20080209544 | Device security method using device specific authentication - A method for improving security to a computer system, and a computer system with improved security, that performs the steps of interrogating at least one device in communication with the computer system to gather a device identifier uniquely identifying the device, compares the device identifier with a list of identifiers to determine a level of trust, and regulates communication between the device and the computer based upon the level of trust. | 08-28-2008 |
20080222718 | Secure operating system loader - In one embodiment a computing device comprises a processor, a memory module coupled to the process and comprising logic instructions stored in a computer readable medium which, when executed, configure the processor to initiate boot operations in a computing device, present an authentication challenge when authentication is required to boot the computing device, continue boot operations in response to a successful response to the authentication challenge, and invoke an error routine in response to an unsuccessful response to the authentication challenge. | 09-11-2008 |
20080222719 | Fine-Grained Authorization by Traversing Generational Relationships - Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource. | 09-11-2008 |
20080229407 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND MEDIA STORING A PROGRAM THEREFOR - A disclosed information processing apparatus makes it possible for a user to perform a desired operation easily by displaying operation candidates based on an operation history. The apparatus comprises a storage unit in which an operation history table is stored, the table associating tasks with operations. A user who performs an operation is authenticated by a user authentication unit. Task information concerning the authenticated user is acquired by a task acquisition unit. Based on the acquired task information, an operation candidate presenting unit presents operation candidates by referring to the operation history table. The operation history table is updated by a history management unit in accordance with an operation designated by the user. | 09-18-2008 |
20080235787 | IMAGE FORMING APPARATUS, CONTROL METHOD OF THE APPARATUS, AND CONTROL PROGRAM OF THE APPARATUS - When an enabler key | 09-25-2008 |
20080244730 | SECURITY CAPABILITY WITH AN INPUT DEVICE - The present invention provides apparatuses and methods for providing security for a secured unit with a security code. The secured unit may be locked to prevent an unauthorized user from accessing the secured unit. In order to unlock the secured unit, a user enters a sequence of strokes through an input device, e.g., a circular input device. A security module extracts stroke information from the entered strokes and unlocks the secured unit when the extracted stroke information matches the security code. Stroke information may be indicative of the locations of the start and end points and the direction of each stroke. A security code is configured for a secured unit by a user entering a sequence of strokes through an input device. The security code is determined from stroke information. The stroke information may be verified by the user re-entering the sequence of strokes. | 10-02-2008 |
20080244731 | Thin client computer with fingerprint identification structure - A thin client computer with a fingerprint identification structure of the present invention comprises a motherboard, a case, a faceplate and a fingerprint reader. The case is designed for holding the motherboard. The faceplate is placed to cover the case. The faceplate has a coupling hole on a lateral surface. The fingerprint reader is coupled into the coupling hole on the lateral surface of the faceplate, and connected with the motherboard for reading a fingerprint. The fingerprint reader is located on the lateral surface of faceplate in such a manner that the thin client computer can read the fingerprint easily no matter whether the thin client computer is placed horizontally or vertically. After verifying the fingerprint, the user is authorized to boot up or shut down the thin client computer. | 10-02-2008 |
20080244732 | Password protection for file backups - Various embodiments of a system and method for performing file backup operations are described. The method may operate to enable a user of a computer system to provide a password or other authentication information to associate with files on the computer system, e.g., in order to protect files that are backed up. For example, when the user (or another person or software agent) attempts to restore or otherwise access a backup copy of a password-protected file, the user may be prompted to enter the password. The method may operate to verify that the entered password matches the password associated with the file before granting permission to restore the file. | 10-02-2008 |
20080250493 | Method, System and Computer Program for Automating Configuration of Software Applications - A solution ( | 10-09-2008 |
20080256625 | System and Method for Enhanced Layer of Security to Protect a File System from Malicious Programs - A system and method for providing an enhanced layer of security to protect the file system from malicious programs are provided. An additional layer of security for protecting data and to minimize successful attacks by malicious programs is provided. This additional layer uses the feature of code signing to verify that the code is from a source which the code claims to be from, and also that the code has not been tampered with by a malicious party. The file system provides a feature by which certificates are mapped to portions of a file system, e.g., files/directories, such that only programs that are certified by those certificates are able to read/modify those portions of the file system. | 10-16-2008 |
20080271138 | SYSTEM AND METHOD FOR OPTIMIZING DATA OVER SIGNALING TRANSMISSIONS - A system for optimizing data over signaling (DoS) transmissions in wireless communications system is disclosed. The system comprises at least one access network and at least one access terminal. The at least one access network is adapted to determine location of the at least one access terminal through communication between the at least one access network and the at least one access terminal, and adapted to transfer data between the at least one access network and the at least one access terminal. | 10-30-2008 |
20080271139 | DETERMINATION OF ACCESS CHECKS IN A MIXED ROLE BASED ACCESS CONTROL AND DISCRETIONARY ACCESS CONTROL ENVIRONMENT - A computer implemented method, apparatus, and computer program product for access control in a mixed discretionary access control and role based access control environment. In one embodiment, an execution access for a command is determined using a set of role based authorizations for a user invoking the command. In response to a determination that the user invoking the command is authorized based on the set of role based authorizations, a privilege in a set of privileges associated with the command is raised. Raising the privilege in the set of privileges bypasses discretionary access control checks. In response to a determination that the user invoking the command is unauthorized based on the set of role based authorizations, an execution access for the command is determined using a set of discretionary access mode bits associated with the command. | 10-30-2008 |
20080282342 | METHODS AND APPARATUS FOR ACCESSING RESOURCES USING A MULTIPROCESSOR IN A TRUSTED MODE - A system and method are disclosed which may include entering a secure mode by a processor, whereby the processor may initiate a transfer of information into or out of the processor, but no external device may initiate a transfer of information into or out of the processor; sending a DMA (direct memory access) command including at least one authorization code from the processor to at least one trusted data storage region external to the processor; evaluating the authorization code; and enabling the processor to access at least one trusted data storage location within the trusted data storage region if the authorization code is valid. | 11-13-2008 |
20080289031 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREOF - Access right information of a login user is acquired, and an object accessible by the login user is identifiably displayed on an area corresponding to the user. When a collaboration mode in which a plurality of users log in and make a cooperative work is set, an object accessible by each login user is identifiably displayed on an area corresponding to each user. | 11-20-2008 |
20080301803 | Tailored System Management Interface - Processes and techniques for tailoring operations management in a system are described. The processes and techniques allow a user to customize operations management based on the user's function within a system and the particular tasks that the user wishes to accomplish. Simplified user interfaces can be created by scoping the interfaces based on user profiles, preferences and system components. | 12-04-2008 |
20080307520 | System and method for ensuring security with multiple authentication schemes - System for authenticating a user for logon to a content manager running on top of a database manager. A connect procedure connects the user to a database manager; and then a logon procedure logs on the user to the content manager selectively responsive to the user connecting to the database manager; the user being authenticated by a third party by way of a user exit or a trusted logon environment and privilege; or the user being authenticated by the content manager. | 12-11-2008 |
20080307521 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM FOR PERFORMING ACCESS CONTROL OF DOCUMENT INCLUDING TWO-DIMENSIONAL CODE - An object of the present invention is to improve usability of a copying machine. In order to achieve the object, an image processing apparatus according to the present invention has: accepting unit that accepts setting of a function from a user; first obtaining unit that obtains information of a function usable by the user; second obtaining unit that obtains information of a usable function by using a two-dimensional code of a document as an object of the function; and first executing unit that, even when the function that the accepting unit accepts setting thereof from the user is not included in the information of the usable function obtained by the first obtaining unit, executes on the document the function that the accepting unit accepts setting thereof when the function is included in the information of the usable function by the second obtaining unit. | 12-11-2008 |
20080313730 | EXTENSIBLE AUTHENTICATION MANAGEMENT - A system and method for controlling access to a resource permits an administrator to make changes to access policies at a server level without having to update client code unless and until such updated code is actually needed by a client. Customizable, plug-in gates are provided to permit administrators fine grained control over access policy definition. The most updated versions of corresponding gate clients used to display the gates are identified to client systems when an access request is made. The updated gate clients are downloaded if and when requested by a client system that has not already stored the updated gate clients locally. The user's responses to gate challenges are compared to responses presented by the user at registration. If the responses meet the access policy's threshold for accuracy, the user is permitted to access the resource. | 12-18-2008 |
20080320587 | Secure Pairing for Wired or Wireless Communications Devices - Pairing is achieved between a host communications device and a peripheral communications device, in order to establish an ad hoc wireless or wired network. A device identification, relating uniquely to the peripheral device, is displayed on the host device. In order to accept the pairing, the user confirms that th.—device identification displayed on the host device matches that printed on the peripheral diwice, and then completes the pairing procedure by pressing a key on the peripheral device, or, if Near Field Communication (NFC) techniques are implemented in the devices, by placing the peripheral device in contact with, or sufficiently close to, the host device. Thus, secure pairing is achieved, without requiring a complex user interface on the peripheral device. | 12-25-2008 |
20090013401 | Access Control System And Method - Certain embodiments of the invention relate to an access control system for controlling access to file system objects stored in a digital file system store. The system provides a first compartment rule type for granting a first permission to an entity, associated with a respective compartment to which the rule is applied, to lookup a directory object in a directory path and list the contents of the said directory object, and a second compartment rule type for granting a second permission to an entity, associated with a respective compartment to which the rule is applied, to lookup a directory object in a directory path and not to list the contents of the said directory object. | 01-08-2009 |
20090031417 | KVM switch, information processing apparatus,and computer readable recording medium - A KVM switch is connectable to a plurality of information processing apparatus and a plurality of consoles used for operating the plurality of information processing apparatus. A storing portion stores first user-limiting information which defines access permission or access no-permission to each information processing apparatus for each user. An acquiring portion acquires second user-limiting information which defines access permission or access no-permission to each information processing apparatus for each user, from each information processing apparatus. A controlling portion controls access to each information processing apparatus for each user based on the first user-limiting information and the second user-limiting information. | 01-29-2009 |
20090049541 | IMAGE FORMATION APPARATUS, FUNCTION EXTENSION METHOD, AND A COMPUTER READABLE STORAGE MEDIUM HAVING FUNCTION EXTENSION PROGRAM STORED THEREIN - An image formation apparatus: previously stores first information allowing functions that a plurality of users are authorized to use, respectively, to be determined, receives second information input to determine a user, the second information allowing that user to be determined, determines from the previously stored first information a normal function that the determined user is authorized to use, is set to make the determined normal function available, receives third information input from a first storage medium having the third information stored therein, to determine an extended function, the third information allowing the extended function to be determined; and is set to make the determined extended function available in addition to the normal function set available. | 02-19-2009 |
20090055922 | Method and Apparatus for Enabling Content to be Shared Among Multiple Devices in a Secure Environment - A Master device (e.g., a SIM card) is configured with information regarding one or more Slave devices (e.g., SIM cards) that are associated with the Master device. The Master device is installed in a user device that receives content files and access and usage rights from a content provider. The Master device identifies one or more Slave devices that are associated with the Master device and transmits content files and the rights data to the Slave devices. A user device in which a Slave device is installed receives the content files and rights data sent by the Master device. The Slave device extracts a key from the rights data and provides the key to a decryption component of the user device, which uses the key to decrypt the content file. | 02-26-2009 |
20090064313 | APPARATUS AND METHOD FOR MONITORING COMMUNICATIONS - A system that incorporates teachings of the present disclosure may include, for example, a server having a controller to transmit a tracking request to a session information retriever for a targeted user of a network with the session information retriever storing session information for users of the network and with the tracking request having identification information associated with the targeted user, transmit a query to the session information retriever for relevant session information associated with the targeted user with the relevant session information being selected by the session information retriever from the session information based at least in part on the identification information associated with the targeted user and with the relevant session information being stored in a single file associated with the targeted user, and receive at least a portion of the relevant session information transmitted from the session information retriever. Other embodiments are disclosed. | 03-05-2009 |
20090064314 | Method and Apparatus for Implementing Parental Controls for a Portable Media Device - Methods and apparatus which allow parents to control the access of their children to features of a portable electronic device are disclosed. According to one aspect, a method for controlling the use of features associated with a portable electronic device includes setting at least one constraint associated with access to a feature of the portable electronic device and processing a user request to access the feature. The method can also include determining whether the constraint indicates that the feature is currently accessible to the user, and permitting access to the feature when the indication is that the feature is currently accessible to the user. Finally, access to the feature can be denied if the indication is that the feature is not currently accessible to the user. | 03-05-2009 |
20090064315 | APPARATUS AND METHOD FOR AUTOMATICALLY CONVERTING USER INTERFACE - An apparatus and a method are provided for automatically converting a user interface (UI). A Bluetooth-automatic authentication function is performed so as to automatically convert a current set UI to a stored UI corresponding to an authenticated Bluetooth terminal. In order to automatically convert UI of a terminal which is automatically authenticated in a short communication mode, at least one terminal ID for automatic authentication and UI configuration information corresponding to the terminal ID are set. When a terminal ID for automatic authentication is searched in a short distance communicating mode, a terminal corresponding to the searched terminal ID is automatically authenticated. The present UI configuration information corresponding to the automatically authenticated terminal is automatically applied to a current terminal UI, so that a current UI such as a main screen and a main menu category can be automatically converted to a preset UI corresponding to each authenticated Bluetooth terminal. | 03-05-2009 |
20090077653 | Graphical Image Authentication And Security System - A method and system for protection of and secure access to a computer system or computer network from a portable device. The method includes the steps of receiving a first login account identifier, such as a user name from a user in communication with the computer system or network. A determination is made if the user is recognized and enrolled from the first login account identifier. If the user is recognized, a series of randomly generated visual images is displayed including one visual image from an image category which has been pre-selected by the user upon enrollment. An image category identifier is randomly assigned to each visual image in the series. An image category identifier is entered and received. If the login account identifier and the image category are validated, access is permitted to the computer system or network from the portable device. | 03-19-2009 |
20090119771 | ACCESS MANAGEMENT FOR MESSAGING SYSTEMS AND METHODS - An exemplary system includes an access management facility and a message processing facility communicatively coupled to the access management facility. The access management facility is configured to generate and activate an access code, and initiate providing of the access code to a potential message source. The message processing facility is configured to receive an incoming message, determine whether the incoming message includes the access code, deliver the incoming message to a user if the incoming message is determined to include the access code, and not deliver the incoming message to the user if the incoming message is determined not to include the access code. In certain implementations, the access code is used in conjunction with a set of authorized message sources for selectively filtering the incoming message. In certain implementations, at least one tool is provided, the tool being configured to enable the user to manage the access code. | 05-07-2009 |
20090126006 | SECURING CPU AFFINITY IN MULTIPROCESSOR ARCHITECTURES - In an embodiment of the present invention, the ability for a user or process to set or modify affinities is restricted in order to method for control a multi-processor environment. This may be accomplished by using a reference monitor that controls a process' capability to retrieve and set its or another process' affinity. This aids in the prevention of security breaches. | 05-14-2009 |
20090133116 | Time Information Management System - A rights validator system for controlling access to content, the system including a query processor to receive a rights query and to provide a result to the rights query based on an estimated time, and a time-based query response module operationally connected to the query processor, the time-based query response module being operative to determine the estimated time as a function of a most recently updated time, and a plurality of indications of elapsed time since the most recently updated time, the indications of elapsed time being from a plurality of different sources of time indication. Related apparatus and methods are also included. | 05-21-2009 |
20090133117 | Authentication Frequency And Challenge Type Based On Application Usage - An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage. | 05-21-2009 |
20090133118 | METHODS AND SYSTEMS FOR AUTOMATED AUTHENTICATION, PROCESSING AND ISSUANCE OF DIGITAL CERTIFICATES - A computer system and process for issuing digital certificates use domain-control vetting to issue certificates. A requestor requests a certificate from a certificate authority, which identifies at least one approver to approve issuance of the digital certificate. If approved, the certificate authority accepts the request, creates and signs the certificate, and the signed certificate is sent to the requester. | 05-21-2009 |
20090133119 | MASTER DEVICE AND DATA PROCESSING SYSTEM - A certification result obtained by a master device | 05-21-2009 |
20090138963 | Information processing apparatus and method of controlling program execution of same - A CPU contained in an information processing apparatus in accordance an exemplary embodiment of the present invention outputs an access request including first access destination address information by a first program, and outputs a check request including second access destination address information when the execution program is switched from the first program to a second program as a result of a program call from the first program to the second program. A protection setting check portion contained in the information processing apparatus checks whether or not the check request including the second access destination address information conforms to protection setting for the first program based on memory protection information that is established in a memory protection information storage portion to detect a violation by a memory access request by the first program. | 05-28-2009 |
20090138964 | Subscriber management system - The present invention is directed to a system and methods for creating and maintaining subscriber accounts to access digital media content. In one preferred embodiment, accounts and sub-accounts are created with access restrictions being selectively imposed among the accounts and sub-accounts. When the accounts are used to gain access to digital media content (e.g., video on demand), such restrictions may take the form of spending limits, viewing content, and viewing times. In another preferred embodiment, the spending of each account is tracked and a debit posted upon the first occurrence of either the account attaining a selected spending limit, or a selected interval of time elapsing. In another embodiment, account holders are grouped based on a shared characteristic. Targeted marketing is then presented to the group based on the shared characteristic. | 05-28-2009 |
20090150990 | INTEGRATED ACCESS AUTHORIZATION - A facility for performing an access control check as an integral component of an operating system and utilizing a centralized policy store is provided. The facility executes as an integral part of an operating system executing on a computer and receives an authorization query to determine whether a principal has authorization to access a resource. The facility applies a policy maintained in a centralized policy store that is applicable to the principal to determine whether authorization exists to access the resource. If authorization does not exist, the facility denies the authorization query and records an indication of the denial of the authorization in an audit log. The facility may trigger events based on the auditing of authorization queries. The facility may also record an indication of authorization to access the resource in the audit log. The facility may additionally determine whether the authorization query is a request for authorization to perform an inherently dangerous operation, and record an indication of an authorization to perform the inherently dangerous operation in the audit log. | 06-11-2009 |
20090158421 | Security Analysis Method - A computer system comprising a receiving means for receiving an input of at least one user parameter a storage means for storing at least one template; a matching means for matching the at least one user parameter to a template; a locking means for locking the at least one user parameter to the matched template; and a providing means for providing an output of a user identification according to the matched template. | 06-18-2009 |
20090158422 | Image Forming Device and Image Forming Program - The present invention is an image forming device capable of executing an authentication print printing. The image forming device includes: an authentication print detecting unit which detects whether to execute a job as the authentication print printing by referencing predetermined data; an authentication unit; a user authentication unit which outputs the result of the user authentication; a job executing unit; a user interface; and a user interface input mode switching unit which switches an information input/output mode of the user interface, wherein, an instruction to execute a first process can be received, and wherein the first process includes processes in which: the execution of the authentication print printing starts based on the result of the user authentication output by the user authentication unit; and the result of the user authentication is invoked so that the information input/output mode of the user interface is switched to a login mode. | 06-18-2009 |
20090165119 | METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING POWER CONTROL SECURITY FEATURES - A method, apparatus and computer program product are provided for power control security features. More particularly, the utilization of a supplemental power source can be permitted or prevented based on a comparison of access information to security information. In some embodiments, utilization of the supplemental power source can include the ability to charge a battery. | 06-25-2009 |
20090165120 | Mobile Terminal for a Traffic Information System, and Method for Activating an Access Control Device in a Mobile Terminal - Disclosed is a mobile terminal characterized by a first manipulation unit ( | 06-25-2009 |
20090172807 | METHOD AND APPARATUS FOR MANAGING MULTIPLE SECURITY PROTOCOLS AND USERS FOR IMAGING DEVICES - Methods and apparatus contemplate a system for securing imaging devices on a network by allowing a system administrator to apply different security protocols to specific functions of an imaging device. This allows a system administrator to customize the functions of the imaging device by restricting the particular functions to only those users who need them, as opposed to the global security policies currently required. The system uses a computer program product, including executable instructions, which can be stored on the imaging device itself, a network server, and/or some other device attached to the network. The computer program product can be installed directly from the manufacturer, through computer readable media, or by downloading. The product interfaces directly with the imaging device to determine what imaging functions are present and to set what security protocols are required to access those functions. | 07-02-2009 |
20090178134 | SYSTEM AND METHOD FOR BLOCKING INTERNET ACCESS AND/OR APPLICATIONS - The present invention generally relates to a system and method for selectively blocking computer application access and, specifically, to a system and method for blocking Internet access and/or applications when a specified string of characters is entered from a keyboard or other input device. Specifically in one embodiment is provided a system for selectively blocking computer application access of a selected user, which includes a blocking program configured to monitor keystrokes of said user, a predefined database of keystrokes, the program continuously monitoring said user keystrokes and comparing them to said database of keystrokes, and a predefined action when said user keystrokes match said database keystrokes. The predefined action can be to block Internet access or terminate an Internet connection, or Internet protocol, or computer application. | 07-09-2009 |
20090187985 | METHOD FOR DETERMINING RANGE OF AVAILABLE FUNCTIONS OF INFORMATION APPARATUS - According to an aspect of an embodiment, a method of controlling an information apparatus has performing authentication of a user of the information apparatus, performing authentication of an administrator of the information apparatus, determining a range of available functions of the information apparatus corresponding to successful authentication of the user and the administrator and permitting the user to utilize the range of available functions of the information apparatus. | 07-23-2009 |
20090193514 | METHOD, SYSTEM AND MOBILE DEVICE EMPLOYING ENHANCED USER AUTHENTICATION - The described embodiments relate generally to methods and systems for user authentication for a computing device. In one embodiment, the method comprises: enabling receipt of input in relation to selection of a plurality of authenticators for consecutive use by the computing device to authenticate a user; and storing reference information identifying the selected plurality of authenticators in a memory of the computing device. The computing device may comprise a mobile device. | 07-30-2009 |
20090193515 | COMMUNICATION DEVICE - With regard to data, stored in mobile phone | 07-30-2009 |
20090199292 | CONTROL DEVICE, CONTROLLED DEVICE, AND CONTROL METHOD - A control device communicating with a controlled device to control the controlled device includes a first memory to store first authentication information for activation of the controlled device, a second memory to store a key for encryption, a generator to generate third authentication information by encrypting second authentication information transmitted by the controlled device in response to the first authentication information using the key stored in the second memory, a transmitter to transmit the first authentication information or the third authentication information to the controlled device, and a memory controller to store the second authentication information or the third authentication information as first authentication information for next authentication in the first memory. | 08-06-2009 |
20090205041 | Emergency Information Access on Portable Electronic Devices - Improved techniques for facilitating emergency access to one or more contacts stored on a portable electronic device are disclosed. One or more contacts on the portable electronic device are designated as emergency contacts. While the portable electronic device is password-locked, a request to display the one or more emergency contacts on the password-locked portable electronic device is received. Without requiring a password, the one or more emergency contacts are displayed on the portable electronic device. | 08-13-2009 |
20090210937 | CAPTCHA ADVERTISING - An automated method performed by a content host computer determines whether a client user is a human. A request for access to content residing on the content host computer is received from a client user. One or more advertising video clips are presented to the client user. An entire authenticating reference pass phrase is communicated to the client user in exactly one advertising video clip. An input passphrase is received from the client user. The input pass phrase is compared to the authenticating reference pass phrase. If the comparison shows identity, the client user is granted access to the requested content. | 08-20-2009 |
20090217371 | SYSTEM AND METHOD FOR DYNAMIC CREATION OF PRIVILEGES TO SECURE SYSTEM SERVICES - A system, method, and program product is provided that allows new privileges to be dynamically added to an operating system. Entities are assigned roles and these roles are associated with various authorizations. Authorizations are associated with privileges, including the new privilege. A request is received to dynamically add the new privilege to the operating system. The operating system then dynamically adds the new privilege to the system. A software service is installed that requires the new privilege. A request to execute the installed software service is received from an entity that is running on the operating system. The operating system allows the entity to execute the installed software service in response to determining that the entity has been granted the privilege. However, if the entity has not been granted the new privilege, then the operating system inhibits execution of the software service by the entity. | 08-27-2009 |
20090217372 | PRESET SECURITY LEVELS - A preset security level system and a method for utilizing the preset security level system. The system includes a plurality of security levels, each of which enables a different level of security. Each of the security levels has associated therewith security features, such that low security level features are associated with a low security level, etc. The system and method enable a system administrator to select a desired security level, which selection automatically results in the activation of the associated security features, rather than manually activate each desired security feature. | 08-27-2009 |
20090222907 | DATA AND A COMPUTER SYSTEM PROTECTING METHOD AND DEVICE - The process for protecting data and computer systems includes:
| 09-03-2009 |
20090241183 | DYNAMIC DOCUMENT MERGING METHOD AND SYSTEM - A document merging method and system. The method includes receiving by a computing system from a first user, a plurality of documents and a command for tagging portions of each document according to various parameters. The computing system assigns identification tags to the portions of each document. The computing system receives from a second user, a command for generating a merged document. The computing system receives a selection of a first identification tag associated with a first document and a selection of a second identification tag associated with a second document. The computing system generates a merged document comprising a first portion of the first document and said second portion of the second document. The computing system stores the merged document. | 09-24-2009 |
20090249476 | Using Multi-Touch Gestures to Protect Sensitive Content Using a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) - The invention described herein uses a multi-touch manager for authorizing multi-touch devices by first providing a multi-touch test to a multi-touch device. In turn, the multi-touch manager receives a multi-touch response from the multi-touch device. The multi-touch manager then compares the multi-touch response with a multi-touch answer and authorizes the device based upon the comparison. | 10-01-2009 |
20090254986 | Method and apparatus for processing and displaying secure and non-secure data - A data processing apparatus is disclosed that comprises: at least one processor; a display for displaying data processed by said at least one processor; at least one display buffer for storing an array of display elements for subsequent output to said display, said display elements being secure display elements for displaying secure data and non-secure display elements; and a user interface; wherein said at least one processor is operable to execute at least one untrusted process and at least one secure process, said at least one secure process having access to secure data; said data processing apparatus further comprising: a secure user input for receiving a user input, said received user input not being accessible to said at least one untrusted process; and said data processing apparatus being responsive to an input received at said secure user input to transform data to be displayed on said display such that said secure display elements and said non-secure display elements are transformed differently to each other. | 10-08-2009 |
20090254987 | INFORMATION PROCESSING APPARATUS, COMPUTER-READABLE RECORDING MEDIUM, OUTPUT CONTROL METHOD AND SYSTEM - An output control apparatus and method in which at least either a first access authority at a first level or a second access authority at a second level that is higher than the first level may be set according to a user. The method includes referring to a first storage unit that stores authority information indicating an access authority level of a current user, selecting composing information stored in a second storage unit in association with the user to which the access authority is set from the second storage unit when the authority information indicates the first access authority, composing the selected composing information and output target data generated based on an output instruction by the current user, and outputting composed data of processing results by the composing. | 10-08-2009 |
20090260075 | SUBJECT IDENTIFICATION - A system for authenticating the identity of a subject comprises: means for receiving information on subject behaviour comprising one or more events, means for allocating confidence levels to the event or events comprised in the received behaviour information and for extracting an overall confidence level on the basis of the allocated confidence level or levels and processing means for deciding on the identity of the subject on the basis of the overall confidence level. The system may include a device for collecting information relating to one or more events forming part of the behaviour of a subject and for providing the information to a separate unit to determine the identity of the subject. | 10-15-2009 |
20090260076 | WORKFLOW MANAGEMENT APPARATUS AND WORKFLOW MANAGEMENT METHOD - A server apparatus generates a folder for content to be transmitted from an image processing apparatus, and sets a path of the folder to the image processing apparatus as a destination of sending of the content. The user is allowed to select one destination of sending set in a display panel of the image processing apparatus, and the image processing apparatus sends the content to the selected destination of sending. | 10-15-2009 |
20090271861 | Data processing apparatus and access control method therefor - A data processing apparatus according to the present invention includes: peripheral devices each including a plurality of registers each storing a preset value or data; a processing unit to output access authority information indicative of a first access authority level or a second access authority level, which is an access authority level lower than the first access authority level, according to a program to be executed, and to output an access address to specify a specific register; and a peripheral device protection circuit connected to the processing unit and receiving the access authority information and the access address so as to control access of the processing unit to the peripheral devices. The peripheral device protection circuit controls whether to permit the access to the specific register specified by the access address, based on the access authority level indicated by the access authority information. | 10-29-2009 |
20090276846 | Multi-Function Apparatus and Method of Restricting Use of Multi-Function Apparatus - A multi-function apparatus which has plural functions and is used by direct use through an operation panel and remote use through a communication network, the multi-function apparatus includes: a use setting unit which sets use or non-use of at least some functions of the multi-function apparatus in accordance with a user attribute indicating a direct-use user or a remote-use user; and a use restriction unit which permits a user desiring to use the at least some functions to use the at least some functions on condition that the user attribute of the user is set to be usable by the use setting unit. | 11-05-2009 |
20090276847 | Multi-Function Apparatus and Method of Restricting Use of Multi-Function Apparatus - A multi-function apparatus which has plural functions includes: an authentication information acquiring unit which acquires authentication information on a user desiring to use the functions by use of an authentication information inputting unit; a use restriction unit which determines whether the user desiring to use the functions has use authority on the basis of the acquired authentication information, and permits using the functions on condition of determining that the user has the use authority; a mode control unit which acquires operation information formed by the user and transfers a mode of the multi-function apparatus to a basic operation setting mode, when the operation information is accompanied with basic operation setting of the multi-function apparatus; and a log-out control unit which maintains the functions so as to be used by prohibiting a log-out process, when the multi-function apparatus is in the basic operation setting mode at the time of detecting the log-out operation of the user. | 11-05-2009 |
20090276848 | DEVICE AUTHENTICATION APPARATUS, SERVICE CONTROL APPARATUS, SERVICE REQUEST APPARATUS, DEVICE AUTHENTICATION METHOD, SERVICE CONTROL METHOD, AND SERVICE REQUEST METHOD - A device authentication apparatus, including: a device identification information acquisition unit configured to acquire identification information specific to a device; a connection protection unit configured to protect a connection with the device; and an identifier generation unit configured to combine all or some of the device-specific identification information, a device identification information type representing a type of the device-specific identification information, and a protection method type representing a type of a protection method used by the connection protection unit to generate an identifier for a pair of the connected device and a connection environment. | 11-05-2009 |
20090282473 | OWNER PRIVACY IN A SHARED MOBILE DEVICE - Systems and methods that regulate range of access to personal information of a mobile unit's owner. The access control component can designate granularity for access levels and/or a spectrum of access modes—(as opposed to a binary choice of full access or no access at all). Such access can be based on a spectrum and/or discrete trust relationship between the owner and user of the mobile unit. A profile definition component can exploit an owner's trust relationships to designate levels of security. The profile definition component can further define a profile based on a set of applications, such as entertainment mode, browser mode, and the like. | 11-12-2009 |
20090288160 | INTEGRATED CIRCUIT WITH SECURE BOOT FROM A DEBUG ACCESS PORT AND METHOD THEREFOR - An integrated circuit ( | 11-19-2009 |
20090293115 | AUTHORIZATION SYSTEM OF NAVIGATION DEVICE AND ASSOCIATED AUTHORIZATION METHOD - An authorization system of a navigation device includes a first identification (ID) module and a second ID module. The first ID module is arranged to perform authorization for a first portion of the navigation device, and the second ID module is arranged to perform authorization for a second portion of the navigation device. The first and the second ID modules perform bidirectional authorization of the first and the second portions, and further determine behavior of the navigation device according to a result of the bidirectional authorization. An associated authorization method for controlling the navigation device is further provided. | 11-26-2009 |
20090293116 | Accessing Protected Content In A Rights-Management Architecture - A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content. The client components include an object which accesses encrypted content, an object that parses the license and enforces the rights in the license, an object which obtains protection software and data that is individualized for the client and/or the persona operating the client, and a script of instructions that provides individualization information to a distributor of content so that the content may be individualized for the client and/or its operating persona. Content is generally protected by encrypting it with a key and then sealing the key into the content in a way that binds it to the meta-data associated with the content. In some instances, the key may also be encrypted in such a way as to be accessible only by the use of individualized protection software installed on the client, thereby binding use of the content to a particular client or set of clients. | 11-26-2009 |
20090300754 | Protecting a Program Interpreted by a Virtual Machine - A method of protecting a program interpreted by a virtual machine comprises the inclusion of interference operations during the execution of each program instruction. The scrambling operations are selected according to a program digest, so as to vary when a single instruction belongs to two different programs. In this way, any attempt at reverse engineering from side channels is made possible. | 12-03-2009 |
20090320124 | APPARATUS AND METHODS FOR DYNAMIC PICTORIAL IMAGE AUTHENTICATION - Apparatus, systems and methods are provided for facilitating user authentication in a computing system based on pictorial discernment of images displayed to a user. Multiple images are displayed to a user, with each image having one or more distinguishing characteristics. Each symbol of the user's password is associated with a particular characteristic included in one of the displayed images. The user is properly authenticated if they select the images having the characteristics corresponding with the symbols of the user's password. | 12-24-2009 |
20090320125 | SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR COMPUTER SECURITY - Embodiments of the present invention provide systems and methods that enhance the security various processes are provided, as well as machines, computer-readable media and processes that employ or allow employment of such systems. | 12-24-2009 |
20090328196 | AUTHORIZATION FOR TRANSIENT STORAGE DEVICES WITH MULTIPLE AUTHENTICATION SILOS - In a transient storage device (TSD) with multiple authentication silos, a host computing device connected to the TSD is configured by the TSD to discover and act upon various types of authentication information in the silos. One or more logical combinations of authentication silos are switched to the authenticated state to grant access to an associated storage area. A particular ordering of authentication silos may be required to achieve a valid combination of authenticated silos. Ordering may be suggested by configuration information in the TSD. Ordering may also be based upon whether or not user input is required for authenticating a given authentication silo, the environment of use of the TSD, or a hierarchy from most trusted to least trusted authentication silo. With this information, the host proceeds with the most efficient authentication sequence leading to a grant of access to the storage area. | 12-31-2009 |
20100005522 | Digital transmission system (DTS) for computer security - This invention describes a hand held digital transmitter to transmit a signal as light (visible and invisible) or sound (audible and inaudible) or other digitized code for alphanumeric in any language, special characters or symbols or graphic or pictures or any combination thereof, to the computer system that is equipped with a compatible digital receiver and transmitter card. This card can transmit and receive the said signals and codes and a software driver and/or firmware for the operation, management and maintenance of this security system. Upon verification, of the transmitted code, by the computer system, access is granted. The computer system then transmits a randomly selected new code of any combination of the codes or signals stated above to the transmitter for storage in the said transmitter. The said transmission from the computer cannot be stored in any other hand held transmitter located within range of the transmission. | 01-07-2010 |
20100011438 | Role-Based Privilege Management - In one embodiment, a computer implemented method for role-based privilege management is provided. The computer implemented method receives a transformation request from a requester to form a received request, and identifies a target environment of the received request. The computer implemented method determines whether the target environment matches a predefined environment in a set of role-based privileges and, responsive to a determination that the target environment matches a predefined environment in the set of role-based privileges, maps the parameterized privileges from the set of role-based privileges to the target environment and performs the request. | 01-14-2010 |
20100017873 | Secure communication over virtual IPMB of a mainframe computing system - In general, techniques for secure communicating over a virtual IPMB of a mainframe computing system are described herein. More specifically, the mainframe computing system comprises a plurality of independent computing cells communicatively coupled together by a network interconnect and that form a plurality of partitions. Each partition is a logical association of one or more of the cells to define a single execution environment. Each cell further executes a virtual intelligent platform management interface (IPMI) protocol to define and configure a respective logical intelligent platform management bus (IPMB) for each of the partitions. Each of the IPMBs logically interconnects with each of the other cells included within the same partition, and each is defined for communication of IMPI messages over the network interconnect. The cells securely communicate the IPMI messages between each of the one or more other cells of each partition via the respective logical IPMB of each partition. | 01-21-2010 |
20100024028 | Wireless mobile device with user selectable privacy for groups of resident application programs and files - An exemplary method implemented by a wireless mobile device provides user selectable access to programs and files defining items that are resident on the mobile device. Screen icons associated with a privacy group are visually differentiated from icons associated with a public group. On receiving a user first input to initially access one of the items, where the first input is the first attempt by the user to access any item since a power up activation of the mobile device, determining whether the first input is a request to access an item associated with the privacy group or public group. If the sought access is to one item associated with the privacy group, a request is displayed on the screen requesting the user to enter a predetermined group privacy password and access is inhibited to the item unless the predetermined group privacy password is input to the mobile device by the user. The same predetermined group privacy password is required to initially access any of the items associated with the privacy group. If the sought access is to one item associated with the public group, the first user input is permitted to be conveyed to the associated one item causing the one item associated with the public group to be accessed without requiring an input by the user of the group privacy password. | 01-28-2010 |
20100024029 | Battery And Authentication Requesting Device - An authentication requesting device which includes a battery connecting section to be connected to a battery and a receiving section to be supplied with power from an external power source when connected to the external power source, and executes an authentication process for authenticating a battery connected to the battery connecting section, where the authentication requesting device is arranged to change the authentication process depending on whether or not the receiving section is being supplied with power from the external power source. | 01-28-2010 |
20100031342 | Method and system for providing secure video data transmission and processing - A system and method for secure graphics processing employing an operating system that supports multiple independent levels of security (MILS) is described. A video queuing mechanism is provided in conjunction with a cross domain guard to receive extended graphics language video inputs from multiple input applications in multiple security enclaves. Without accessing sensitive data, a function manages desired format and mode selections of the displays, coordinates the execution of multiple graphics applications that produce the needed video content, as well as communicate with a one or more high assurance render functions regarding how to draw each video output's content in a secure and easily certifiable manner. | 02-04-2010 |
20100043069 | Authorized Authorization Set in RBAC Model - The Authorized Authorization Set System comprising a modified operating system, a command table containing authorized authorization sets, and a modified RBAC security system, eliminates the need for inherited privileges that must be passed to subcommands in order for the command to run. The modified operating system accesses a table containing authorized authorization sets which identify the privileges for all subcommands within a command. When a user is assigned an accessauth for a command, and a sub-command is a privileged sub-command, the privileged sub-command is only run when the accessauth of the sub-command is included in the authorized authorization set of the command. | 02-18-2010 |
20100050250 | INFORMATION PROCESSING DEVICE, DATA PROCESSING METHOD, AND PROGRAM - An information processing device includes: a local memory unit for storing data including an encrypted content; a memory for storing data including key information used to reproduce the encrypted content; and a data processing unit performing a process of writing data to the local memory unit and the memory, and a process of reproducing the encrypted content, wherein the data processing unit performs a process of writing encrypted content downloaded from a server or encrypted content copied from a medium to the local memory unit, and performs a process of decoding the encrypted content or a validity authenticating process using the data stored in the local memory unit and the data stored in the memory when reproducing the encrypted content written to the local memory unit. | 02-25-2010 |
20100058461 | EMBEDDED SYSTEM WITH AUTHENTICATION, AND ASSOCIATED AUTHENTICATION METHOD - An embedded system with authentication includes: a system read only memory (ROM), a processing circuit and an authentication circuit. The system ROM is arranged to store a boot code. In addition, the processing circuit is arranged to process at least according to the boot code in order to perform operations of the embedded system. Additionally, the authentication circuit is arranged to perform authentication on a command script in order to determine whether the command script is authenticated, and is arranged to prevent the command script from being executed by the processing circuit when the authentication circuit determines that the command script is not authenticated, wherein the command script is received from outside a chip where the system ROM, the processing circuit and the authentication circuit are positioned. | 03-04-2010 |
20100058462 | MULTIPLE USER ACCOUNTS FOR MANAGING STORED INFORMATION IN AN IMPLANTABLE MEDICAL DEVICE SYSTEM - Techniques for managing stored information in an implantable medical device system using multiple user accounts are described. An implantable medical device system may provide a general user account and a set of authenticable user accounts. In some examples, the general user account does not require a user of a programmer in an implantable medical device system to enter user identity information to manage information stored in the implantable medical device system. The general user account may be permitted to perform a subset of actions available to an authenticable user account. In some examples, an authenticable user account may rollback changes made to the stored information by the general user account. An authenticable user account may also be able to synchronize changes made to the stored information across all or some of the user accounts. | 03-04-2010 |
20100058463 | METHOD OF EXCHANGING DATA BETWEEN TWO ELECTRONIC ENTITIES - A method of exchanging data between a first electronic entity and a second electronic entity includes the following steps:
| 03-04-2010 |
20100071057 | REAL-TIME EQUIPMENT BEHAVIOR SELECTION - At creation, a state machine of an industrial control configuration can be hard-coded with a number of states in a hierarchical manner. Once implemented into the configuration, it can be desirable for the states, interpretations of the states, and the like to be modified in accordance with particular desires and processes. Therefore, a user can select a change to a hierarchical rule set of the state machine while the state machine is part of the configuration and the change can be implemented. | 03-18-2010 |
20100071058 | ELECTRONIC DEVICE AND CONTROLLING METHOD OF ELECTRONIC DEVICE - The present invention provides an electronic device for performing a typical processing by storing a predetermined operating procedure and reproducing the stored operating procedure that controls suspending storing information related to an authentication, which includes a control unit, when an operation requiring a predetermined authentication is performed at the time when the predetermined operating procedure is stored. | 03-18-2010 |
20100077473 | API CHECKING DEVICE AND STATE MONITOR - An API checking device | 03-25-2010 |
20100083366 | Blocking Computer System Ports on Per User Basis - An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted. | 04-01-2010 |
20100083367 | Secure Partitioning of Programmable Devices - According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory and a logic unit. The logic blocks are grouped into one or more partitions. The memory stores authentication and partition information uploaded to the programmable logic device prior to partition programming. The logic unit authenticates programming access to the one or more partitions based on the authentication information and controls programming of the one or more partitions based on the partition information. | 04-01-2010 |
20100100955 | SYSTEM AND METHOD FOR SECURE OS ACCESS IN AN ECMA-SCRIPT VIRTUAL MACHINE - In an ECMAScript (JavaScript) Virtual Machine, applications are isolated from the operating system by defining an application context for each application. A root application context is defined that binds scripted objects of the root application context to equivalent native objects of the virtual machine. Other application contexts may send events on an event bus via the root application context to request resources of the operating system. The root application context determines the security privileges of the application context with respect to the requested resource, and is the only application context that is able to interact with the operating system. | 04-22-2010 |
20100138913 | MESSAGE ADMINISTRATION SYSTEM - Methods and systems for message administration are described. In one embodiment, an application request for an application associated with an administration tool may be accessed. The application request may be associated with a user. The application may be deployed on a system machine. A particular access level of a plurality of access levels may be identified for the user on the administration tool. The particular access level may identify functionality of the administration tool available to the user. A determination of whether to allow processing of the application request based on the particular access level may be made. When the application request meets the particular access level, communication with the system machine from the administration tool may be made based on the application request. The system machine may be capable of processing the application request. Additional methods and systems are disclosed. | 06-03-2010 |
20100154052 | DATA DELIVERY SYSTEM, DATA DELIVERY DEVICE, DATA DELIVERY METHOD AND RECORDING MEDIUM ALLOWING DATA DELIVERY CONVENIENT FOR USERS - A CPU obtains a leading page of data stored in an HDD and executes delivery. Then, the CPU determines whether a single-delivery stop command is received or not. When the CPU determines that the single-delivery stop command is received, it executes the single-delivery stop processing. The CPU determines whether an all-delivery stop command is received or not. When the all-delivery stop command is received, the CPU executes all-delivery stop/resume processing. When the all-delivery stop processing command is not received, CPU determines whether a predetermined period has elapsed or not. When the predetermined period has elapsed, the CPU obtains a next page and executes next data delivery. | 06-17-2010 |
20100169965 | Enabling a service to return lost laptops - A method, system, and computer-readable storage medium for providing a unique identifier for a computer system and a message from a service external to the computer system, such as a laptop return service, for display when the computer system is powered on. The computer system is configured to restrict functionality until the service authorizes restoration of full functionality of the computer system. The message includes contact information for the laptop return service and, when the service is contacted, the service sends an instruction to return the computer system to full functionality. Other embodiments are described and claimed. | 07-01-2010 |
20100175126 | System And Method For Registration Of An Electronic Device - A method for registering an electronic device includes receiving from a point-of-sale interface a transaction code and purchaser information associated with a purchase of an electronic device. While the transaction code is associated with the purchase of the electronic device, it does not uniquely identify the electronic device purchased. The method also includes receiving from the electronic device the transaction code and a device identifier that uniquely identifies the electronic device. The purchaser information and the device identifier are associated via the transaction code for registering the electronic device. | 07-08-2010 |
20100186081 | Portable Communication Terminal and Use-Enabled/Disabled Control Method - To provide a mobile communication terminal which can improve security. A mobile telephone device ( | 07-22-2010 |
20100199347 | Method and Apparatus for Authenticating Usage of an Application - Methods and apparatuses, including computer program products, are described for authenticating the usage of an application. A request to execute an application is received from a user device. The application is executed based on the request. An application-level usage indicator is received from the user device. The application-level usage indicator corresponds to current operation of the application by a user and comprises at least (i) user input commands and (ii) passive usage metrics. The identity of the user is determined by comparing the application-level usage indicator with a pre-established user profile wherein the user profile is associated with previous operation of the application by the user and comprises at least (i) user input commands and (ii) passive usage metrics. Execution of the application is terminated at the user device if the identified user is not entitled to use the application according to the user profile. | 08-05-2010 |
20100223666 | Method, SOA registry and SOA repository for granting a user secure access to resources of a process - The present invention relates to a method for granting a user (U | 09-02-2010 |
20100251356 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING CONTROL METHOD AND COMPUTER READABLE MEDIUM - An image processing apparatus includes: an image processing unit; a processing unit that performs predetermined processing under the control of the information processing unit; a reading unit that performs an operation of reading authentication information at intervals of a predetermined time under the control of the information processing unit; an authentication unit that authenticates a user based on the authentication information read by the reading unit under the control of the information processing unit; a permission unit that permits the predetermined processing to be performed by the processing unit on the condition that the authentication is completed by the authentication unit; and a change unit that changes the time interval for the reading unit to perform the reading operation in accordance with the status of processing to be executed. | 09-30-2010 |
20100251357 | DATA TRANSMITTING SYSTEM AND METHOD, DRIVE UNIT, ACCESS METHOD, DATA RECORDING MEDIUM, RECORDING MEDIUM PRODUCING APPARATUS AND METHOD - A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data). | 09-30-2010 |
20100263043 | METHOD AND DEVICE FOR SECURE TEST PORT AUTHENTICATION - A device includes a first test port coupled to a first test device, a second test port coupled to a second test device, a resource, and a security controller coupled to the first and second test ports. The security controller is operable to authenticate the first test device prior to authenticating the second test device, and, in response to authenticating the first test device, permit the first and second test devices to access the first resource. | 10-14-2010 |
20100263044 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD OF INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - In a case where image data stored in an information processing apparatus is output to an image processing apparatus, lowering of security level due to a difference of the authentication level between authentication units of the respective apparatus can be restricted. A control method for controlling an information processing apparatus for outputting image data to an image processing apparatus that permits a use of the image data provided that a user authentication unit authenticates a user includes selecting an image processing apparatus that serves as an output destination of the image data among a plurality of image processing apparatuses, determining whether an authentication level of a user authentication unit necessary for permitting a use of the selected image processing apparatus is lower than an authentication level of the authentication unit necessary for permitting a use of the information processing apparatus, and restricting an output of the image data to the selected image processing apparatus in a case where it is determined that the authentication level is lower. | 10-14-2010 |
20100275255 | PERSON CENTRIC SYSTEM AND METHOD TRANSFORMING HEALTH DATA TO HEALTH RISKS DATA - Constrained by a permissions wall and a security wall, the method and the system execute a risk transformation which transforms lay users health data sets to lay users risks data sets, outputs lay users risks data set, can output lay users best practice data sets corresponding to lay users risks data sets, can output lay users educational data sets corresponding to lay users risks data sets, and can output for research users research compilations from lay users health data sets and from lay users risks data sets. | 10-28-2010 |
20100275256 | Switching an Application, User, and Security Context Based on Device Orientation - A computer is adapted for changing one or more of the application, security, or user contexts based on the orientation of a component, such as a monitor. Changing the context responsive to the reorientation allows two or more users to use the same hardware to complete a transaction requiring at least two perspectives, for example, buyer and seller. In the background, transaction end points may be changed as well as establishment of a secure channel for supporting confidentiality of a user and their personal information. The computer so equipped may be applicable to many situations involving two parties, such as hospitals, personnel/human relations, banking, government benefits, and retail. | 10-28-2010 |
20100293611 | WIRELESS LIFT GATE CONTROL SYSTEM - A lift gate system is provided which in one implementation has a lift gate assembly including an actuator for actuating a lift gate, a main controller configured for controlling the actuator, and a wireless transceiver for receiving an operation command. The system further has a wireless controller including an authorization controller configured for checking that an operator is authorized to operate the lift gate, the wireless controller configured such that upon authorization of the operator by the authorization controller, the wireless controller may wirelessly transmit an operator command to the main controller for controlling operation of the lift gate accordingly. | 11-18-2010 |
20100299744 | SERVICE BINDING METHOD AND SYSTEM - A method and system of binding content is disclosed. A non-volatile storage device creates a secure communication channel with a service provider system via a host device, and obtains a content access authorization. The host device facilitates the establishment of the secure communication channel. A removable device in communication with the host is bypassed when establishing the secure communication channel. The authorization may be based on identification information transmitted by the non-volatile storage device to the service provider system over the secure communication channel. The identification information may identify the non-volatile storage device, the host device, or the subscriber to the service provider system. The service provider system, in turn, may use the identification information to determine the type of authorization (if any) to send to the non-volatile storage device. The non-volatile storage device processes requests received from the host device to access the content according to the received authorization. | 11-25-2010 |
20100325720 | System and Method for Monitoring Attempted Network Intrusions - A system for monitoring attempted intrusions into a secure private network (SPN) includes a transceiver adapted to receive a device identifier over a public network from a network node, the device identifier based on a user-configurable parameter and a non-user-configurable parameter of the network node, and a processor coupled to the transceiver and to memory storing executable code. When executed, the code enables the processor to: access a database of authorized device identifiers corresponding to known network nodes, allow, in response to the received device identifier matching one of the authorized device identifiers, the network node to access the SPN, deny, in response to the received device identifier not matching one of the authorized device identifiers, the network node from accessing the SPN and categorize a connection attempt as an unauthorized connection attempt, and store information regarding the unauthorized connection attempt in local or remote memory. | 12-23-2010 |
20100333194 | System, Method, and Apparatus for Capturing, Securing, Sharing, Retrieving, and Searching Data - This present invention relates to a system, method and apparatus for scientists and researchers and others to capture, secure, share, retrieve and search captured data. Said system and method is able to: fully-integrate hardware and software, required to seamlessly capture data inputs; combine edit and display functions from devices into one single edit and display platform; compile captured inputs from devices into text-searchable and tag-able data that can be displayed, edited and searched on one platform; compile captured inputs from devices into text-searchable and tag-able data that can be searchable by using free-text search, advanced search modules, or a combination thereof; provide advanced search modules that can search based on embedded text in files, tags tied to images or files, parallel image search and other intelligent parameter-based search formats; and can be provided as a hosted application, available via a wire line or wireless on-demand service, also referred to as Software as a Service (SaaS) delivery method. | 12-30-2010 |
20110004933 | Context Sensitive Dynamic Authentication in A Cryptographic System - A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user. This confidence level is compared with a required trust level which is based at least in part upon the requirements of the second user, and the authentication result is based upon this comparison. | 01-06-2011 |
20110023112 | Authentication Method, Authentication Device and Computer-Readable Medium Storing Instructions for Authentication Processing Capable of Ensuring Security and Usability - An authentication method in a system having a display and a storage device is provided. The authentication method includes the steps of registering an object selected for each user from among a plurality of visually distinguishable objects prepared in advance as a key object in the storage device; and presenting the plurality of objects to the display, accepting selection of an object by a user to be authenticated, and performing authentication based on matching/mismatching of the selected object with the key object registered in association with the user. The step of registering includes a step of determining a degree of freedom of selection of the object at the time of registration of the key object according to a degree of overlapping of the key object already registered in the storage device. | 01-27-2011 |
20110030051 | AUTONOMIC MANUFACTURING OPERATOR AUTHORIZATION ADJUSTMENT - Operator authorizations are autonomically adjusted in many ways to automatically account for many different variables. Operator authorization may be adjusted according to an operator's past activity record so previous experience is not lost when the operator is rehired. Operator authorization may be adjusted according to the operator's quality and performance. Operator authorization may also be adjusted by recognizing similar operations to those the operator is authorized to perform, and authorizing the operator to perform one or more similar operations. Operator authorization may also be adjusted to a lesser level or may be revoked for an operation based on the passage of time. A manufacturing system may efficiently track operators taking into account different activity periods, the passage of time, the operator's performance, and similar operations to autonomically adjust the authorization of the operators as needed. | 02-03-2011 |
20110035797 | METHOD AND DEVICE FOR CONTROLLING USER DIALOG ON TECHNICAL EQUIPMENT - A method and a device for controlling user dialogues on a technical installation that is to be controlled or to be maintained, for example, a cash dispenser or a deposit refund device. According to said method or said device, a calculating unit evaluates the data relating to the state of the technical installation and in accordance with said data, emits at least one visual request consisting of textual and/or pictorial instructions (INSTR, CHK) for a user who controls the technical installation. The method processes the data using a directed graph (GRPH) comprising nodes (1000, . . . , 1300 . . . ) and edges (INSTR; CHK) connecting the nodes. Said nodes relate to different maintenance conditions of the installation, and the edges relate to the instructions (INSTR; CHK) for the user for transferring the installation from one of the nodes to another node. | 02-10-2011 |
20110055917 | VALID ACCESS TO MOBILE DEVICE APPLICATION - A method in a mobile device, for verifying valid access to at least one software application comprised in the mobile device. The mobile device comprises a unique hardware manufacturer identity code. The at least one software application comprises a list of at least one valid unique hardware manufacturer identity code. First, a request to access to the at least one software application is received. Then it requests the unique hardware manufacturer identity code of the mobile device. The next step is to receive the unique hardware manufacturer identity code and to extract at least a part of the identity code identifying the manufacturer of the mobile device. The extracted part of the identity code with valid codes comprised in the software application is compared. If the extracted part of the identity code corresponds to the valid code, access to the at least one software application is provided to the user. | 03-03-2011 |
20110061100 | METHOD AND APPARATUS FOR CONTROLLING ACCESS - An approach is provided for controlling access based at least in part on augmented reality. Images and/or signals representing motion by a user in a physical environment are received. An electronic determination is made whether the motion corresponds to a predetermined motion. Access is granted to a resource based at least in part upon the determination. | 03-10-2011 |
20110072509 | Wireless Controller Device - A remote wireless device is provided that operates a user interface specific to a particular target application or device. The wireless device receives information regarding the status or operation of the target's application, and uses that information to determine what information and controls to present to the remote user. The remote user views information regarding the target application, and makes desired control selections using the available controls. The wireless device generates a message according to the control selections, and transmits the message to the target device. The target device acts responsive to the control message, and updated operational information may be sent to the remote wireless device. | 03-24-2011 |
20110078785 | METHOD AND SYSTEM FOR SUPPORTING PORTABLE DESKTOP WITH ENHANCED FUNCTIONALITY - A method is disclosed for a peripheral portable desktop device. The peripheral portable desktop device is coupled with a workstation. In a second mode of operation, a portion of the peripheral portable desktop device is operatively coupled with the workstation for operation therewith to provide an ancillary function. In a first mode of operation data within the peripheral portable desktop device is used to support a personal desktop on the workstation. | 03-31-2011 |
20110093948 | NON-INTRUSIVE BACKGROUND SYNCHRONIZATION WHEN AUTHENTICATION IS REQUIRED - A non-modal notification user interface element is displayed persistently but unobtrusively such that a user may easily determine that authentication credentials are required by a background synchronization process. The non-modal notification is configured such that it may be ignored by the user such that their workflow is not interrupted. The background synchronization continues to synchronize the data it can even though the background synchronization may require authentication credentials for a subset of the data to be synchronized. The user may select the non-modal notification user interface element at any point in time in order to supply the required authentication credentials. The non-modal notification is removed from the display when there are no further authentication credentials required. | 04-21-2011 |
20110119756 | Method Of Managing Usage Of A Workstation And Desktop Management System Therefor - Embodiments can disclose a method of managing usage of a workstation. The method can include: performing a desktop management sequence; performing a start-up sequence; displaying a login graphic on a screen of a monitor of the workstation; receiving first login information from a user; validating the first login information to check if the user is authorized to use the workstation; if the user is authorized to use the workstation, performing an autolaunch sequence, where performing the autolaunch sequence can include starting one or more pervasive computer applications; checking to see if the one or more pervasive computer application is active; if at least one first application of the one or more pervasive computer applications is not active, restarting the at least one first application of the one or more pervasive computer applications; receiving one or more instructions to logout from the user; and closing the one or more pervasive computer applications. Other embodiments are disclosed herein. | 05-19-2011 |
20110119757 | Method and apparatus for performing login by mobile station in wireless communication system - There are provided a method and apparatus for performing a login by a Mobile Station (MS) in a wireless communication system. In an Internet Protocol Multimedia Subsystem (IMS) network in a wireless communication system, an MS transmits a temporary login request to an IMS server by using a subscriber identity (ID) as a virtual Private Identity (PRID) and receives information about registered PRIDs that are associated with the subscriber ID. The MS determines whether at least one of PRIDs managed by the MS is unregistered in the IMS server. If at least one of the managed PRIDs is unregistered in the IMS server, the MS performs login to the IMS server using one of the managed PRIDs that is unregistered in the IMS server. If none of the managed PRIDs are unregistered in the IMS server, the MS performs login to the IMS server using one of the managed PRIDs that is registered. | 05-19-2011 |
20110119758 | APPARATUS FOR MOBILE DATA PROCESSING - A mobile data processing device includes a permanent memory configured to store an operating system bootable from the permanent memory. The device includes a connection configured to connect the device and a personal computer. The connection is configured so that the personal computer loads the operating system from the permanent memory during booting. The device includes at least one integrated network adapter. The device includes a hardware system. The hardware system is configured to at least one of encrypt and decrypt content stored in the permanent memory. The device includes a housing configured to be portable. | 05-19-2011 |
20110162064 | System and Method for Providing Convergent Physical/Logical Location Aware Access Control - A method for enforcing physical access control and logical access control may include: (i) controlling access of a person to a physical location based on a physical access credential associated with the person provided to a physical access control system; (ii) controlling access of the person to an information system and an enterprise service based on a logical access credential associated with the person provided to a logical access control system; (iii) receiving information from the physical access control system regarding the physical access credential; (iv) receiving information from the logical access control system regarding the logical access credential; (v) determining an approximate location of the person based on the physical access credential and the logical access credential; and (vi) blocking unauthorized access between the physical access control system and the logical access control system by a first firewall. | 06-30-2011 |
20110162065 | CLIENT APPARATUS AND A METHOD THEREFOR - To limit access to a document according to a plurality of types of access authorities set to the document when a server apparatus for limiting access to the document having a setting of a plurality of types of access authorities to operate the document cannot limit access to the document according to the access authority, an apparatus includes a conversion unit configured to convert a document into a plurality of documents having a setting corresponding to each of the plurality of types of access authorities, and a generation unit configured to merge the plurality of documents formed through conversion by the conversion unit, so as to be handled as one document, to generate one merged document. | 06-30-2011 |
20110179482 | SECURITY SWITCH - System and method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation. The system comprises an isolated switch, included fully or partially within an envelope of the personal device. The isolated switch cannot be affected in its operation by either the device core or the peripheral device. The switch may be operated by an authorized user of the personal device either preemptively or in response to a detected threat. In some embodiments, the isolated switch includes an isolated controller which can send one or more signals to the peripheral device and/or part of peripheral device. In some embodiments, the isolated switch includes an isolated internal component and an isolated external component, both required to work together to trigger the isolated switch operation. In some embodiments, the isolated switch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device. | 07-21-2011 |
20110191845 | WIRELESS COMMUNICATION DEVICE WITH DURESS PASSWORD PROTECTION AND RELATED METHOD - A wireless communication device (and its related method of operation) includes, if invoked, password protected access to data stored therewithin and/or to normal device operations and further includes duress password checking logic that automatically causes a duress message to be sent if a duress password has been entered. The duress message is preferably sent without maintaining any user accessible indication of such sending. It is also preferred that the password checking logic automatically cause an end-of-duress message to be sent if a normal password is entered after a duress password has been entered. A plurality of different duress passwords may be entered into a duress password portion of data memory in the device. | 08-04-2011 |
20110209212 | AUTHORIZATION SCHEME TO MINIMIZE THE USE OF UNAUTHORIZED MEDICAL DEVICE DISPOSABLES ON A MEDICAL DEVICE INSTRUMENT - Systems, methods, apparatus, and computer readable media are provided for disposable component authentication with respect to a biological fluid processing device instrument. An example instrument authentication system includes a computer facilitating configuration and operation of the biological fluid processing instrument using a disposable component. A first interface is provided by the computer and is used by a service technician to configure the biological fluid processing instrument for a number of disposable components and to provide a service technician with a validation code. A key generator is to accept the validation code from the service technician and generate an authentication key in response to the entered validation code. A second interface is provided by the computer, the second interface prompting the service technician to enter an authentication key, wherein the authentication key authorizes use of a certain number of disposable components for the biological fluid processing instrument. | 08-25-2011 |
20110239292 | SYSTEM AND METHOD OF SECURITY FUNCTION ACTIVATION FOR A MOBILE ELETRONIC DEVICE - A system and a method are provided for activating one or more security functions of a mobile electronic device. The system and method provide for the activation of one or more security functions when the mobile electronic device is stored in a mobile electronic device holder. Security functions include, for example, closing a data item currently being displayed on the mobile electronic device, erasing decrypted information stored on the mobile electronic device, locking the mobile electronic device, and performing a secure garbage collection operation. | 09-29-2011 |
20110277030 | SYSTEM AND METHOD FOR AUTHENTICATION OF INPUT DEVICES - Systems and methods are provided for authenticating an input device subsystem for operation with a host. One method includes storing a table comprising challenges and a plurality of values indicative of authentic responses to the plurality of challenges. A selected challenge is then communicated between the input device subsystem and the host. A challenge response is derived based on the selected challenge and a hashing algorithm, and the challenge response is communicated between the input device subsystem and the host. The challenge response and one or more of the values is used to determine whether the challenge response is authentic. Functionality of the input device subsystem with the host is selectively enabled if the challenge response is authentic. | 11-10-2011 |
20110314537 | AUTOMATIC CONSTRUCTION OF HUMAN INTERACTION PROOF ENGINES - Human Interaction Proofs (“HIPs”, sometimes referred to as “captchas”), may be generated automatically. An captcha specification language may be defined, which allows a captcha scheme to be defined in terms of how symbols are to be chosen and drawn, and how those symbols are obscured. The language may provide mechanisms to specify the various ways in which to obscure symbols. New captcha schemes may be generated from existing specifications, by using genetic algorithms that combine features from existing captcha schemes that have been successful. Moreover, the likelihood that a captcha scheme has been broken by attackers may be estimated by collecting data on the time that it takes existing captcha schemes to be broken, and using regression to estimate the time to breakage as a function of either the captcha's features or its measured quality. | 12-22-2011 |
20110321154 | SYSTEMS AND METHODS FOR GENERATING CONSTRAINTS FOR USE IN ACCESS CONTROL - In one embodiment the present invention includes a computer-implemented method for generating constraints for use in an access control system. In one embodiment, roles, document types, and permissions are stored in a 3-D model, such as a matrix or table. The 3-D model is converted to 2-D models, where users are inserted for roles and documents are inserted for document types. The 3-D model and 2-D models represent access rights. Supplemental information about the access rights is added to the 2-D tables. In one embodiment, attribute exploration is used to generate supplemental information. Constraints are generated from the 2-D tables for use in controlling access rights in a computer system. | 12-29-2011 |
20110321155 | DIGITAL SIGNAL PROCESSING APPARATUS - If content is transmitted/received through a digital signal bus, protection of copyright causes a problem because of no deterioration in quality. Accordingly, authentication is required. The quantity of information to be processed is, however, so large that a long time is required for authentication. Accordingly, both achievement of handling property as in conventional analog connection and protection of copyrighted content without user's awareness become an object. The foregoing object can be achieved by authentication which is executed, for management of copyright, among apparatuses connected to the digital signal bus when the apparatuses are powered on or connected to the digital signal bus or when an input terminal connected to the digital signal bus is selected. The object can be further achieved by an encryption key shared among these apparatuses. | 12-29-2011 |
20120011585 | AUTHENTICATION SYSTEM FOR INSTRUCTION PROCESSING APPARATUS, IMAGE FORMING APPARATUS, AUTHENTICATION CONTROL METHOD, AND AUTHENTICATION CONTROL PROGRAM - An authentication system for an instruction processing apparatus includes first and second authentication portions each for performing user authentication at the time of using the instruction processing apparatus, and a controller which makes the first authentication portion execute the user authentication and switches from the first authentication portion to the second authentication portion when the user authentication by the first authentication portion cannot be established. | 01-12-2012 |
20120023573 | METHOD, APPARATUS AND SYSTEM FOR ACCESS MODE CONTROL OF A DEVICE - A method, apparatus, and system for accessing at least a portion of a device based upon an access input. An access input is received. The access input includes information for gaining access to one or more functions of the device. A user access mode of the device is changed from a first access mode to a second access mode based upon at least in part on the access input. An application is selected in the device in response to changing from the first access mode to the second access mode. At least a portion of the output of the selected application is provided. | 01-26-2012 |
20120066760 | ACCESS CONTROL IN A VIRTUAL SYSTEM - A method comprises determining a set of one or more authorizations associated with a role of a user responsive to the user entering a command with a parameter, wherein the command with the parameter is to be implemented via a first virtual partition that is configured to control access to a plurality of virtual input/output (I/O) devices by a plurality of other virtual partitions. The first virtual partition and the plurality of other virtual partitions are instantiated on a same system. The method includes determining that the role is authorized to execute the command based on the set of one or more authorizations. The method also includes determining that the role is authorized to execute the command with the parameter responsive to determining that the role is authorized to perform the command. The method includes executing the command with the parameter via the virtual partition. | 03-15-2012 |
20120066761 | Method and apparatus for selectively enabling a microprocessor-based system - A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value. In this manner, the designer or distributor of the system can determine, at the time of manufacture or distribution, the conditions and circumstances under which the system may be operated. | 03-15-2012 |
20120079587 | ELECTRONIC DEVICE WITH WEBCAM SECURITY FUNCTION AND METHOD THEREOF - An electronic device with a webcam security function includes an input unit, a power supply unit, a webcam, a thin film transistor liquid crystal display (TFT-LCD) and a processing unit. The processing unit includes a receiving module, a detection module and a power control module. The receiving module receives an input operation from the input unit. The detection module detects whether the received input operation matches a predetermined input operation. The power control module controls the power supply unit to supply power to the TFT-LCD when the received input operation matches the predetermined input operation, thus enabling light to pass through the TFT-LCD to the webcam. | 03-29-2012 |
20120079588 | Methods, Systems, and Products for Identity Verification - Methods, systems, and products verify identity of a person identification verification. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified. | 03-29-2012 |
20120090021 | Platform Specific Application Building - Disclosed are new approaches for building an application for a specific platform. Source code files may be compiled to an intermediate module and transmitted to a build server along with metadata describing a target operating environment. The build server selects an application template including an application shell suitable for the target operating environment. The application shell may be bound to the intermediate module by modifying the application shell to verify a signature of the intermediate module prior to executing it. The application shell may include a binary executable for executing the intermediate module in the target environment. Also disclosed is an approach for providing access to an application on a subscription or trial basis. | 04-12-2012 |
20120124662 | METHOD OF USING DEVICE MOTION IN A PASSWORD - Processing a password in a mobile computing device may be accomplished by sensing movement of the mobile computing device by an accelerometer of the mobile computing device in three dimensional space; capturing first directional motion information representing the movement as at least a portion of an entered password; comparing the entered password to a password previously stored in the mobile computing device, the stored password comprising second captured directional motion information; and allowing access to the mobile computing device by a user when the entered password matches the stored password. The movement of the mobile computing device required for the password may be set by the user during a password training phase of operating the mobile computing device. | 05-17-2012 |
20120137360 | SYSTEM AND METHOD FOR ACCESS CONTROL AND IDENTITY MANAGEMENT - A mechanism for the flow of access by derivation is provided. An access point may be any object, such as files or functions, to which the access recipient is granted access rights by the access provider. Access is typically represented by a relationship object referencing the access provider function, the access recipient function, and the access point object, and a set of access rights. This membership access relationship object is typically represented as a subtype of the access relationship. When a membership access relationship is created, typically a new associated persona function is generated, representing the new identity created for the access recipient function while serving as a member of the access point function. When a persona function is invited to be a member in another function, that in turn generates a membership and a second persona that is derived from the first persona, resulting in identity derivation. | 05-31-2012 |
20120159609 | PASSWORD ENTRY USING MOVING IMAGES - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method, an authentication video is displayed on a display. In response to receiving an input at a point in time in the video that matches a pre-selected time reference point, positive authentication is indicated. | 06-21-2012 |
20120159610 | MEMORY PROTECTION AND SECURITY USING CREDENTIALS - A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory. | 06-21-2012 |
20120167200 | SYSTEM AND METHOD FOR A BUSINESS DATA PROVISIONING FOR A PRE-EMPTIVE SECURITY AUDIT - Embodiments of the present invention may provide a system and method for business data provisioning for a pre-emptive security audit. In one aspect, a method embodiment may comprise the steps of identifying the business resources as expressed in business terms, ensuring that applications dealing with (parts of) the business resources are aware of the link to the resource, transmitting the information about the used business resources throughout the call stack up to the UI, making use of the highest access enforcement point possible where it can be ensured that access to the protected resource is only done through either authorized users or trusted code, and having this access enforcement point taken over by a framework to ensure adequate protection even in extensibility scenarios. | 06-28-2012 |
20120167201 | IMAGE FORMING APPARATUS AND CONTROL METHOD FOR IMAGE FORMING APPARATUS - An image forming apparatus includes a display unit, a login information storage unit, a login information reception unit, a login authentication unit, an authorization limitation information storage unit, an execution instruction reception unit, a control unit and an execution permission determination unit. The authorization limitation information storage unit stores functions permitted to be executed by the logged-in user and a default user, who is a non-logged-in user. The control unit executes a function in accordance with an execution instruction received by the execution instruction reception unit. The execution permission determination unit determines whether the function indicated in the received execution instruction is a default function that is permitted to be executed by the default user, causes the control unit to execute the function if the function is the default function, and displays the login screen on the display unit if the function is not the default function. | 06-28-2012 |
20120174210 | Trusted Communications With Child Processes - A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process. | 07-05-2012 |
20120185933 | USER ACCOUNT FOR SYSTEM PROTECTION OR RECOVERY - In one embodiment, a data processing system includes a guest account that is configured to assist in the protection and recovery of the data processing system when it is lost or stolen. In one embodiment, the guest account can allow Internet access and can include a web browser to allow the guest, who might be a thief, to use the system to browse the Internet. While such use occurs, the system can perform actions specified by an authorized user of the system, and such actions can include determining a location of the system and transmitting the location to the authorized user, erasing data on the system, displaying a message, capturing an image, etc. | 07-19-2012 |
20120192267 | ACCESS CONTROL DATA EDITING SUPPORT DEVICE AND METHOD - A computer-readable, non-transitory medium recording an access control data editing support program for causing a computer to implement a procedure. The procedure includes changing log information containing a record having an authorization result of first access authorization determined based on access control data and a content utilized for determining the first access authorization every time an access agent accesses an access target, and changing the access control data based on the changed log information, and determining second access authorization by applying the changed access control data to the content utilized for determining the first access authorization indicated by the log information and generating determination result information containing an authorization result of the second access authorization and a content utilized for determining the second access authorization. | 07-26-2012 |
20120198543 | ACCESSIBLE FILES - A computer implemented method for accessing one or more files including scanning a storage device using a processor for one or more signed files in response to the storage device coupling to a machine, authenticating one or more of the signed files, and configuring the processor to access accessible files from the storage device in response to authenticating one or more of the signed files. | 08-02-2012 |
20120198544 | SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO AN ELECTRONIC DEVICE - A method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match. When authenticating the user, the method and system consider the possibility of the user being legitimate but subject to duress or force by a computer hacker. | 08-02-2012 |
20120222109 | PROVIDING A DECLARATION OF SECURITY REQUIREMENTS TO A SECURITY PROGRAM TO USE TO CONTROL APPLICATION OPERATIONS - Provided are a computer program product, system, and method for providing a declaration of security requirements to a security program to use to control application operations. The application communicates to the security program a declaration of security requirements indicating application actions designated to be performed with respect to resources in the computer system. The application is executed to perform application operations in response to communicating the declaration of security requirements to the security program. During the execution of the application, the actions are performed with respect to the resources at the computer system indicated in the declaration of security requirements. | 08-30-2012 |
20120233688 | INFORMATION PROCESSING APPARATUS AND DISPLAY CONTROL METHOD - According to one embodiment, an information processing apparatus includes a wireless communication device, a display, a logon process module, and a display control module. The logon process module is configured to cause the display to display a logon screen, in a logon process of identifying a user account which uses an operating system. The display control module is configured to cause the display to display, together with the logon screen, an access point list indicative of an access point detected by the wireless communication device. | 09-13-2012 |
20120233689 | SYSTEM AND METHOD FOR EFFICIENTLY SECURING ENTERPRISE DATA RESOURCES - Some embodiments provide a system and method that secures access to data objects of an enterprise that includes multiple data objects and multiple user applications that access data attributes of the data objects. In some embodiments, secure access is provided via a secure resource that secures access to data attributes of at least two objects by defining access control permissions for the secure resource and applying the defined access control permissions to the data attributes of the secure resource. | 09-13-2012 |
20120240220 | METHOD AND SYSTEM FOR CONTROLLING DATA ACCESS ON USER INTERFACES - A system for controlling access to data at the user interface level includes a device permissions manager to manage user access to data on a device including a device permissions comparator configured to receive a plurality of user profiles corresponding to users in proximity to the device and including user permissions to the data, and to generate a comparison of the user permissions. The device permissions manager also includes a device access controller configured to control access to the data on the device in response to the comparison of the user permissions. | 09-20-2012 |
20120240221 | PROVISIONAL ADMINISTRATOR PRIVILEGES - A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally. | 09-20-2012 |
20120240222 | Methods and systems for preventing security breaches - A security payload is attached to a received binary executable file. The security payload is adapted to intercept application programming interface (API) calls to system resources from the binary executable file via export address redirection back to the security payload. Upon execution of the binary executable file, the security payload replaces system library export addresses within a process address space for the binary executable file with security monitoring stub addresses to the security payload. Upon the binary executable computer file issuing a call to a given API, the process address space directs the call to the given API back to the security payload via one of the security monitoring stub addresses that is associated with the given API. The security payload then can assess whether the call to the given API is a security breach. | 09-20-2012 |
20120246716 | METHOD, APPARATUS AND SYSTEM FOR OBTAINING USER INFORMATION - A method, apparatus and system for obtaining user information are disclosed by the present invention. The present invention solves the problem of lower security of user information. The method includes: obtaining the interactive state of the service requester in the service request process, wherein the interactive state is used for indicating the specific state in which the service requester and its service are during the process of interaction with each other; determining if the interactive state of the service requester, in the process of requesting the service, meets the preset access-authorized-policy of the user information in the service request; when the interactive state of the service requester, in the process of requesting the service, meets the preset access-authorized-policy of the user information in said service request, obtaining the user information and sending the user information to the service. | 09-27-2012 |
20120254985 | Providing greater access to one or more items in response to determining device transfer - A computationally implemented method includes, but is not limited to: determining that a computing device associated with a first user and that was in possession of a second user has been transferred from the second user to the first user; and providing at least greater access via the computing device to one or more items in response to determining that the computing device has been transferred from the second user to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 10-04-2012 |
20120254986 | Providing particular level of access to one or more items in response to determining primary control of a computing device - A computationally implemented system and method that is designed to, but is not limited to: determining which of a plurality of users detected in proximate vicinity of a computing device has primary control of the computing device; and providing a particular level of access, via the computing device, to one or more items, the particular level of access to be provided to the one or more items being in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 10-04-2012 |
20120260332 | PROVIDING NOTICE OF PATENT AND OTHER LEGAL RIGHTS - A system for providing notice of legal rights corresponding to a computing device includes presenting a notice to the user through an I/O interface. The notice is in response to an attempt by a user to access at least one feature of the device through the I/O interface of the device and the notice further indicates that the device is subject to legal rights under a legal instrument. An acknowledgement of the legal rights is presented through the I/O interface. If the user selects the acknowledgement, the user is allowed to access at least one feature of the device. The user is prevented from accessing the at least one feature of the device if the user does not select the acknowledgement. | 10-11-2012 |
20120260333 | IMAGE PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND COMPUTER-READABLE STORAGE MEDIUM STORING PROGRAM FOR IMPLEMENTING THE METHOD - An image processing apparatus capable of reducing the frequency of a user's inputting work for authentication information to improve the convenience. When the number of the logged-in users is one, the logged-in user is set as an executor of the predetermined function, and when the number of the logged-in users is two or more, the user is caused to select one of the logged-in users to set the selected one as the executor of the predetermined function. | 10-11-2012 |
20120266234 | Network Traffic Routing - A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers. | 10-18-2012 |
20120278881 | DOMAIN AWARE TIME-BASED LOGINS - A method may comprise determining, in an operating system instance, that a login access is being attempted by a user at an access time on an object. A domain identifier associated with the user may be determined. A set of one or more domain identifiers may be accessed that may be associated with the object and that identify one or more domains. One or more domain isolation rules may be accessed and evaluated that may be associated with the operating system instance for permitting an attempted login access to the object based on whether a domain identifier associated with the user is one of the domain identifiers in the set of domain identifiers associated with the object for during a time period. A permit or deny indication may be returned based on whether or not login access is permitted on the object at the access time. | 11-01-2012 |
20120278882 | ACCESSORY DEVICE AUTHENTICATION - An authentication controller coupled to a first communication port of a portable computing device is allowed to provide authentication on behalf of an accessory device coupled to a second communication port of the portable computing device. In one embodiment, a dongle that includes an authentication controller can be coupled with the portable computing device. Accessory devices can also be coupled with the portable computing device through other ports, including wireless ports. The dongle can provide cross-transport authentication for accessories that do not include authentication controllers. Once the dongle had been properly authenticated, the permissions granted to the dongle port can be transferred to a communication port coupled with an accessory. | 11-01-2012 |
20120291119 | ACCESS CONTROL AT A MEDIA SERVER - A method, system and apparatus for controlling access to a media server are provided. A browse request is received at a computing device, from a remote computing device to browse a memory structure including content files. Authentication of the remote computing device is initiated. Prior to the remote computing device being authenticated, a response is transmitted to the remote computing device indicative that the memory structure is empty of the content files, regardless of actual content of the memory structure. After the remote computing device is authenticated, a further response is transmitted to the remote computing device indicative of the actual content of the memory structure. | 11-15-2012 |
20120304283 | BROKERED ITEM ACCESS FOR ISOLATED APPLICATIONS - A broker module of a computing device receives requests from an isolated application to access one or more items of an item source. In response to a request, storage item objects representing items of the item source are generated and returned to the isolated application for each item of the item source that the isolated application is authorized to access. Whether the isolated application is authorized to access a particular item can be based on particular item sources and/or particular item locations. | 11-29-2012 |
20120311696 | Override for Policy Enforcement System - A policy enforcement system may have a mechanism for assisting a user in obtaining an exception to a given policy. The mechanism may collect information from the user as to why the exception is requested, then manage the exception throughout a security system. An exception policy may define the conditions when a user may be granted an exception automatically, as well as when the exception may be granted only through an approval process. An exception created by the mechanism may be logged in an audit file so that each exception is documented. Different exceptions may be defined for different conditions and each exception may have one or more paths by which the exception may be granted. The policy enforcement system may be used for any type of access control to any resource, including URL resources, physical peripherals or networks, data or applications, or any other resource. | 12-06-2012 |
20120311697 | METHOD FOR EXECUTING AN APPLICATION IN A RESTRICTED OPERATING ENVIRONMENT - A user is presented with one or more user-level permissions in a human understandable language, where the one or more user-level permissions represent one or more application-level permissions requested from an application for accessing one or more resources. A security profile is generated having one or more operating system (OS)-level permissions based on at least one of the user-level permissions authorized by the user. The security profile is enforced to restrict the application to accessing the one or more resources based on the OS-level permissions. | 12-06-2012 |
20120317638 | METHOD AND DEVICES FOR MANAGING PERMISSION REQUESTS TO ALLOW ACCESS TO A COMPUTING RESOURCE - Methods and devices for managing permission requests to allow access to a computing resource are disclosed herein. In one example embodiment, the method comprises: for an application to be installed on the computing device, determining an application category that the application is associated with, and retrieving a common permissions list for the application category, wherein the common permissions list identifies at least one computing resource that applications associated with the application category are configured to access; during an installation of the application on the computing device, determining one or more computing resources on the computing device that the application is configured to access when the application is executed on the computing device; determining which computing resources, of the one or more computing resources on the computing device that the application is configured to access when the application is executed on the computing device, are not identified in the common permissions list; and for each computing resource that the application is configured to access when the application is executed on the computing device that is not identified in the common permissions list, providing, in a user interface of the computing device, a permission request to allow the application to access the computing resource. | 12-13-2012 |
20120331547 | Static Analysis For Verification Of Software Program Access To Secure Resources For Computer Systems - Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. | 12-27-2012 |
20130007872 | SYSTEM AND METHOD FOR CONTEXUALLY INTERPRETING IMAGE SEQUENCES - A system and method for contextually interpreting image sequences are provided. The method comprises receiving video from one or more video sources, and generating one or more questions associated with one or more portions of the video based on at least one user-defined objective. The method further comprises sending the one or more portions of the video and the one or more questions to one or more assistants, receiving one or more answers to the one or more questions from the one or more assistants, and determining a contextual interpretation of the video based on the one or more answers and the video. | 01-03-2013 |
20130014248 | Mobile application security system and method - A system for authenticating the user of a computing device comprises an authorized user directory. Each record is uniquely associated with an authorized user and includes at least a computing device ID value that is a globally unique value assigned to the authorized user's computing device, a group of unique depictions such as photographs, an identification of a key depiction. Portions of each image form fiducials recognizable by the user. The record further includes trace pattern verification data representing continuous trace strokes between pairs of the fiducials within the key depiction. To authenticate, the group of images are displayed to the user. The user must first select the key image and secondly trace continuous trace strokes between the pairs of fiducials to match the trace pattern verification data. | 01-10-2013 |
20130014249 | SECURE DEVICE SHARING - A device and method for placing the device in a locked state having an associated set of permitted tasks so as to permit the device owner to share the device with others but maintain security over aspects of the device. A task change request is evaluated to determine whether the requested task is permitted and, if so, the requested task is allowed; if not, then an authorization process is invoked to prompt the user to input authorization data. Upon verification of the authorization data, the device may be unlocked and the requested change implemented. The permitted tasks may designate specific applications, specific operations or functions within applications or at the operating system level, one or more currently open windows, and other levels of granularity. | 01-10-2013 |
20130014250 | WIRELESS COMMUNICATION DEVICE WITH PASSWORD PROTECTION AND RELATED METHOD - A wireless communication device (and its related method of operation) includes, if invoked, password protected access to data stored therewithin and/or to normal device operations and further includes duress password checking logic that automatically causes a duress message to be sent if a duress password has been entered. The duress message is preferably sent without maintaining any user accessible indication of such sending. It is also preferred that the password checking logic automatically cause an end-of-duress message to be sent if a normal password is entered after a duress password has been entered. A plurality of different duress passwords may be entered into a duress password portion of data memory in the device. | 01-10-2013 |
20130031622 | STATIC ANALYSIS FOR VERIFICATION OF SOFTWARE PROGRAM ACCESS TO SECURE RESOURCES FOR COMPUTER SYSTEMS - Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. | 01-31-2013 |
20130047251 | Method and Apparatus for Token-Based Context Caching - According to one embodiment, an apparatus may receive a token that indicates a change that occurs during a session. The session may facilitate access to a resource. The token may indicate a risk token should be computed. The apparatus may determine, from the token, a first set of attributes. The first set of attributes may include attributes required to compute the risk token. The apparatus may determine that a cache contains a set of cached attributes. The apparatus may examine an attribute in the set of cached attributes, and determine the attribute in the set of cached attributes is not in the first set of attributes. The apparatus may then remove the attribute in the set of cached attributes from the cache. | 02-21-2013 |
20130047252 | Picture Gesture Authentication - In one embodiment, a picture signature password system may use a picture signature password to determine access to a computing device or service. A display screen | 02-21-2013 |
20130055377 | PROVIDING SELECTIVE SYSTEM PRIVILEGES ON AN INFORMATION HANDLING DEVICE - Devices, methods and products are described that provide for selective system or root level access for applications on an information handling device. One aspect provides a method comprising determining whether an application has system privileges on an information handling device; and executing privileged code from the application on said information handling device responsive to determining that the application has system privileges through one or more native services operating on said information handling device. Other aspects and embodiments are also described herein. | 02-28-2013 |
20130055378 | METHOD AND PORTABLE DEVICE FOR CONTROLLING PERMISSION SETTINGS FOR APPLICATION - A method for controlling permissions of a portable device includes selecting an access control mode for an application, the access control mode being associated with one or more permissions to manage resources of the portable device, executing the application in the access control mode, and controlling the one or more permissions for the application according to the access control mode. A portable device to control permissions includes a mode setting unit to select an access control mode for an application, the access control mode being associated with one or more permissions to manage resources of the portable device, an execution unit to execute the application in the access control mode, and an access control unit to control the one or more permissions for the application according to the access control mode. | 02-28-2013 |
20130061314 | SECURE SOFTWARE INSTALLATION - Embodiments of the present disclosure provide methods and systems for securely installing software on a computing device, such as a mobile device. In one embodiment, the device executes an installer that securely installs the software. In order to perform installations securely, the installer configures one or more secure containers for the software and installs the software exclusively in these containers. In some embodiments, the installer randomly determines the identifiers for the containers. These identifiers remain unknown to the software to be installed. Instead, an installation framework maintains the correspondence between an application and its container. Other methods and apparatuses are also described. | 03-07-2013 |
20130061315 | Storage Device with Accessible Partitions - A detachable storage device can comprise a memory, circuitry, and a user interface. The memory may comprise a storage partition. The circuitry may be configured to authorize access to the storage partition to a digital device when the detachable storage device is coupled to the digital device based, at least in part, on a user code. The user interface may be configured to receive the user code while the detachable storage device is within a detached state and provide the user code to the circuitry to allow access to the storage partition. | 03-07-2013 |
20130067563 | APPARATUS AND METHOD FOR MANAGING PERMISSION INFORMATION OF APPLICATION - A method for managing permission information of an application in a mobile terminal includes detecting a reference event associated the application, determining a type of the reference event, determining permission information of the application, determining whether to execute an operation of the application based on the permission information, and storing operation performance information related to the operation of the application in a database. A terminal includes an application layer to detect an event associated with a change in permission information of a first application and a second application, and a framework layer to determine whether permission information of the first application is changed with respect to the second application, to determine an event type associated with the change in the permission information, to determine permission information of the first application and the second application, and to determine whether to execute a security program. | 03-14-2013 |
20130067564 | ACCESS MANAGEMENT SYSTEM - An access rights management system is presented in which a mobile device may be allowed to access corporately held data in a flexible manner but in which the security and integrity of the data is maintained. The mobile device is provided with a rights adjustment module which modifies the access rights for locally stored corporate data in dependence on the connectivity of the mobile device with a corporate server. | 03-14-2013 |
20130067565 | IMAGE FORMING APPARATUS, ACCESS CONTROL METHOD, ACCESS CONTROL PROGRAM AND COMPUTER READABLE INFORMATION RECORDING MEDIUM - An image forming apparatus provided with an interface for a portable information recording medium, has an access control part carrying out access control, for respective ones of a plurality of resources which the image forming apparatus has, based on access control information defining whether or not usage thereof by a user is allowed, wherein the access control part carries out access control based on the access control information stored in the portable information recording medium. | 03-14-2013 |
20130074178 | PREVENTING ACCESS OF A HOST DEVICE TO MALICIOUS DATA IN A PORTABLE DEVICE - A storage device comprising a memory, a controller, and a host interface operative to connect with a host. The memory contains data locations that are controllable by a protection application which is executable on a host. When the host interface is operatively coupled to a host, data locations in the memory are accessible to an operating system of the host under permission from the protection application. The controller communicates with the protection application running on the host for allowing the protection application access to data locations in the memory. Upon a host request for access to a data location, the controller determines if permission to access the requested data location is acquired from the protection application. The permission is based on a determination by the protection application that the data location does not contain malicious data. | 03-21-2013 |
20130091562 | COMPUTER - It is an object of the present invention to provide a technique for managing, in a file system that stores past images of a data file, access right to the past images. | 04-11-2013 |
20130091563 | METHOD AND APPARATUS FOR IMPROVED DIGITAL RIGHTS MANAGEMENT - A method and apparatus for improved digital rights management is provided. | 04-11-2013 |
20130091564 | SYSTEMS AND METHODS FOR MITIGATING THE UNAUTHORIZED USE OF A DEVICE - The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a method includes detecting that a security compromise event has occurred for a mobile device. The method also includes altering a function of the mobile device in response to the security compromise event to mitigate loss of control by an authorized user. Altering the function of the mobile device includes denying access to data stored on the mobile device. | 04-11-2013 |
20130097694 | PROTECTING AN ELECTRONIC DEVICE AGAINST UNATHORIZED HARDWARE USE - Embodiments of the present invention provide an approach for protecting electronic devices against the use of unqualified and/or unauthorized (e.g., “grey market”) hardware components. Specifically, in a typical embodiment, a hardware component that a user is attempting to use with an electronic device will be detected. Then, the device information associated with the hardware component (e.g., serial number, vital product data (VPD), etc.) will be identified from the hardware component (e.g., as stored therein). | 04-18-2013 |
20130097695 | Dynamic Profile Switching Based on User Identification - A method for dynamic switching of user profiles on a computing device. The computing device is coupled to at least one image-sensing device and can be configured using a plurality of stored user profiles. The method includes receiving at least one image from the at least one image-sensing device and generating a current user value based on the at least one received image. The method further includes determining if the current user value corresponds to at least one stored user value corresponding to a stored user profile. If the current user value corresponds to at least one stored user value, the method includes retrieving the stored user profile and configuring at least some programs operating on the computing device using the retrieved user profile. If the current user value does correspond to at least one stored user value, the method includes configuring the computing device using an alternative method. | 04-18-2013 |
20130097696 | DATA SECURITY SYSTEM - Various exemplary embodiments relate to a method of identifying unauthorized access to a data file on an unauthorized machine. The method includes: modifying the data file to include surreptitious code, the surreptitious code executing on a machine when the data file is opened or otherwise used by the machine; and receiving information transmitted by the surreptitious code, wherein the surreptitious code includes instructions for: gathering information about the executing machine, determining whether the executing machine is an unauthorized machine, and transmitting the information if the executing machine is an unauthorized machine. Various exemplary embodiments relate to a non-transitory machine-readable storage medium, the storage medium including instructions for: executing surreptitious code when the medium is accessed by a computing device; gathering information about the computing device; determining whether the computing device is an authorized machine; and transmitting the information if the computing device is an unauthorized machine. | 04-18-2013 |
20130111579 | ELECTRONIC DEVICE MODE, ASSOCIATED APPARATUS AND METHODS | 05-02-2013 |
20130117840 | USER-DRIVEN ACCESS CONTROL - An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture. | 05-09-2013 |
20130117841 | INFORMATION PROCESSING PROGRAM AND INFORMATION PROCESSING METHOD - An information processing device stores, in a storage device, command execution user data associating an attribute of a command with a name of a user entitled to execute the command. When execution of the command is requested, a service of the information processing device extracts, from the command execution user data, a name of a user entitled to execute the requested command and executes the command with the extracted user name. | 05-09-2013 |
20130145456 | SYSTEM AND METHOD FOR AUTHENTICATING CODE EXECUTING ON COMPUTER SYSTEM - A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another. | 06-06-2013 |
20130160108 | EXTENSIBLE AND/OR DISTRIBUTED AUTHORIZATION SYSTEM AND/OR METHODS OF PROVIDING THE SAME - In certain example embodiments, an extensible and/or distributed security system is provided. In certain example embodiments the security system provides authorization to a resource of a first application. In the first application, a security context is created and a client is authenticated to the first application. A request is accepted in the first application to access at least on resource. The first application communicates with an authorization application to determine authorization to the at least one resource. In the authorization application, an authorization process is executed which communicates with another application that defines a step of the authorization process for this resource. Based on that step, it is determined whether the first application allows access to the at least one resource for the client. | 06-20-2013 |
20130167222 | USING A CALL GATE TO PREVENT SECURE SANDBOX LEAKAGE - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for enveloping a thread of execution within an IDT-based secure sandbox. In one aspect, embodiments of the invention provide that a request is received from an application, the request being generated using an application programming interface of a device driver. After the request is received a call gate descriptor for a call gate is added to a segment descriptor table for the application. The call gate descriptor specifies: (a) that the call gate can be called from a first privilege level of the application; and (b) that the call gate requests a second privilege level higher that the first privilege level. A call gate selector for the call gate descriptor is provided to the application in response to the request. | 06-27-2013 |
20130174248 | PORTABLE DATA-STORAGE DEVICE CONFIGURED TO ENABLE A PLURALITY OF HOST DEVICES SECURE ACCESS TO DATA THROUGH MUTUAL AUTHENTICATION - A portable data-storage device configured to enable a plurality of host devices secure access to data through mutual authentication. The portable data-storage device includes a storage-device enclosure, a data-storage medium, a data-writing element, a data-reading element, and an electronic authenticator. The data-writing element and the data-reading element are configured to write data to, and to read the data from, the data-storage medium. The electronic authenticator is configured to mutually authenticate the portable data-storage device with a first host device, and at least a second host device. The electronic authenticator is configured to enable secure access to the data on the data-storage medium by the first host device and by the second host device, if the electronic authenticator mutually authenticates the portable data-storage device with the first host device and with the second host device. A method and system configured to enable host devices secure access to data are also provided. | 07-04-2013 |
20130198834 | METHODS AND SYSTEMS FOR DEVICE DISABLEMENT - A method for disabling a device associated with a virtual identity may include receiving, from the device, a request to use the virtual identity, where the request that may include a passcode guess and a device identifier. The method may also include determining that the passcode guess does not authorize use of the virtual identity and incrementing a number of incorrect passcode guesses received within a time interval. The method may additionally include determining that the number of incorrect passcode guesses received within the time interval is greater than or equal to a threshold. The method may further include storing an indication that subsequent requests associated with the device identifier should not authorize use of the virtual identity. | 08-01-2013 |
20130205385 | PROVIDING INTENT-BASED ACCESS TO USER-OWNED RESOURCES - An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism. | 08-08-2013 |
20130205386 | METHOD AND SYSTEM FOR VERIFICATION OF HUMAN PRESENCE AT A MOBILE DEVICE - A method and system is provided for verifying human presence at a mobile device. The method includes receiving a request for verification. Further, the method includes sending a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenge to the mobile device. Further, the method includes receiving a response to the CAPTCHA challenge. Finally, the method includes verifying the human presence by matching the response received to the CAPTCHA challenge sent. | 08-08-2013 |
20130212674 | SYSTEM AND METHOD FOR SIGNATURE PATHWAY AUTHENTICATION AND IDENTIFICATION - A computer-implemented security system and method provides signature pathway authentication and identification. The system and method include establishing a user-defined cognitive signature pathway through multiple graphical zones of a graphical user interface. The signature pathway enables authorized user access to an otherwise secured location. Subsequent entries of the signature pathway entered via the graphical user interface are then validated. For all valid entries of the signature pathway, user access is allowed to the secured location. | 08-15-2013 |
20130219488 | ELECTRONIC DEVICE AND METHOD FOR UNLOCKING ELECTRONIC DEVICE - A method for unlocking an electronic device, a first image in a first area and a second image in a second area selected on a touch panel of the electronic device are received. The method combines the first image and the second image to obtain a selected combination image, and unlocks the electronic device upon the condition that the selected combination image is stored in a storage unit of the electronic device. | 08-22-2013 |
20130232567 | Method for Authorizing a Program Sequence - The present invention relates to a method for authorizing a program sequence. | 09-05-2013 |
20130232568 | ELECTRONIC DEVICE, ELECTRONIC DEVICE CONTROLLING METHOD, AND COMPUTER PROGRAM PRODUCT - According to one embodiment, electronic device includes: display controller; user presence determination module; user authentication module; and controller. The user presence determination module determines presence of a user based on image data received from the camera while dominating access to a camera. The user authentication module dominates access to the camera, if the display is put in a screen lock state and to perform a user authentication based on the image data. The controller turns off the display if the user present determination module determines that the user is absent and while the display has not been put in the screen lock state, and to cause the user presence determination module to release the access to the camera and to put the display in the screen lock state before turning on the display if it is determined after the display is turned off that the user is present. | 09-05-2013 |
20130232569 | INFORMATION PROCESSING APPARATUS AND DISPLAY CONTROL METHOD - According to one embodiment, an information processing apparatus comprises a wireless communication device, a display, a logon process module, and a display control module. The logon process module is configured to cause the display to display a logon screen, in a logon process of identifying a user account which uses an operating system. The display control module is configured to cause the display to display, together with the logon screen, a state of an access point detected by the wireless communication device. | 09-05-2013 |
20130239201 | SECURE DEVICE SHARING - A device and method for placing the device in a locked state having an associated set of permitted tasks so as to permit the device owner to share the device with others but maintain security over aspects of the device. A task change request is evaluated to determine whether the requested task is permitted and, if so, the requested task is allowed; if not, then an authorization process is invoked to prompt the user to input authorization data. Upon verification of the authorization data, the device may be unlocked and the requested change implemented. The permitted tasks may designate specific applications, specific operations or functions within applications or at the operating system level, one or more currently open windows, and other levels of granularity. | 09-12-2013 |
20130239202 | METHOD, SYSTEM AND MOBILE DEVICE EMPLOYING ENHANCED USER AUTHENTICATION - The described embodiments relate generally to methods and systems for user authentication for a computing device. In one embodiment, the method comprises: enabling receipt of input in relation to selection of a plurality of authenticators for consecutive use by the computing device to authenticate a user; and storing reference information identifying the selected plurality of authenticators in a memory of the computing device. The computing device may comprise a mobile device. | 09-12-2013 |
20130247171 | IMAGE-BASED UNLOCK FUNCTIONALITY ON A COMPUTING DEVICE - Utilizing an image on a computing device to serve as a template for locking/unlocking the computing device. The image includes a plurality of portions that are defined and thereafter identified and presented to a user via a touch screen. A user selects portions/zones that are defined within the image in a specified sequence and this sequence is stored as a lock/unlock code for unlocking the computing device. In an embodiment, in addition to the specified sequence of selections, a movement or sequence of movements may be also be stored as part of the lock/unlock code. | 09-19-2013 |
20130247172 | INFORMATION PROCESSING DEVICE WITH USER AUTHENTICATION THAT RESTORES PREVIOUS OPERATION CONDITION - An information processing device includes an authenticating part to authenticate a user; an operating part for setting information, an authentication canceling part to cancel an authentication of the user, an operation condition memory part to cause a second memory part to memorize the setting information memorized in a first memory part, and a reproducing part to confirm whether or not the setting information is memorized in the second memory part when the authenticating part authenticates the user. In a case where memorized, the reproducing part reads the setting information from the second memory part, and to reproduce an operation condition based on the read setting information. In a case where not memorized, the reproducing part displays a non-user condition specification screen for the user's selecting one of multiple functions. | 09-19-2013 |
20130254874 | METHOD FOR PREVENTING INFORMATION DISPLAYED ON SCREEN FROM BEING VIEWED WITHOUT AUTHORIZATION AND DISPLAY DEVICE HAVING ANTI-VIEWING FUNCTION - A computerized method prevents information displayed on a screen of a display device from being viewed by unauthorized persons. Images in front of the screen are captured at regular intervals using an image capturing device of the display device. Faces are recognized from each of the captured images using facial recognition technologies. Whether or not the screen is in a state of being viewed by one or more unauthorized persons is determined according to the faces recognized as such in each of the captured images. A predetermined anti-viewing display is displayed on the screen to prevent the information being displayed on the screen from being viewed by any unauthorized person, when the screen is determined to be in the state of being viewed by any unauthorized person. | 09-26-2013 |
20130269025 | RESOURCE ACCESS BASED ON MULTIPLE SCOPE LEVELS - A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted. | 10-10-2013 |
20130276097 | USER AUTHENTICATION METHOD AND SYSTEM - An electronic device includes a display, a fingerprint sensor, and a processing unit. The display invites a user for a first input fingerprint. The fingerprint sensor receives the first input fingerprint of the user. If the first input fingerprint matches a first pre-stored fingerprint, the display invites the user to give a second input fingerprint. The fingerprint sensor receives the second input fingerprint. If the second input fingerprint matches a second pre-stored fingerprint, the processing unit allows the user to enter the electronic device. A user authentication method for the electronic device is also provided. | 10-17-2013 |
20130276098 | Method and Computer Device for Handling COM Objects - A computer device and method are provided to handle COM objects. A COM creating unit intercepts a request for creation of an elevated COM object by a first user process, determines whether the first user process is entitled to access the COM object, and creates the COM object without elevated privileges. A COM implementing unit intercepts a second user process that implements the COM object, confirms that the second user process is entitled to access the COM object and elevates the privilege level of the second user process to implement the elevated COM object. | 10-17-2013 |
20130283368 | SCALABLE AND SECURE APPLICATION RESOURCE MANAGEMENT AND ACCESS CONTROL FOR MULTICORE OPERATING SYSTEMS - An architecture for multi-core and many-core processor systems includes a set of resource managers having a hierarchy of at least one level. The resource managers act as trusted proxies for the operating system (OS) kernel to manage resources for applications. The application may include a trusted secure specification defining resource and access privileges of the associated application. | 10-24-2013 |
20130283369 | Providing A Multi-Phase Lockstep Integrity Reporting Mechanism - In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed. | 10-24-2013 |
20130283370 | METHOD AND SYSTEM FOR MONITORING CALLS TO AN APPLICATION PROGRAM INTERFACE (API) FUNCTION - A method and device for monitoring calls to an application program interface (API) function includes monitoring for a memory permission violation of a computing device caused by the API function call. If a memory permission violation occurs, control of the computing device is transferred to a virtual machine monitor to intervene prior to execution or the API function. The virtual machine monitor may perform one or more actions in response to the API function call. | 10-24-2013 |
20130283371 | METHOD AND DEVICE FOR CONTROLLING ACCESS TO A COMPUTER SYSTEM - A device for controlling access to a computer system, the device comprising at least one multifunctional port capable of being connected to various categories of peripherals and an access interface capable of being connected to the computer system, wherein the device comprises access management means connected between the multifunctional port and the interface, the access management means being physically configured to authorize the interface access by means of a peripheral connected to the multifunctional port, only if said peripheral belongs to a category of peripherals specifically and permanently associated with the multifunctional port to which same is connected. | 10-24-2013 |
20130291090 | IDENTIFYING USER BY MEASURING PRESSURE OF BUTTON PRESSES ON USER INPUT DEVICE - In one embodiment, a method comprises receiving, by a user identifier circuit, a button pressure signature specifying a sequence of button pressure values sampled while a corresponding identified button of a user input device is pressed by a user; the user identifier circuit identifying the user of the user input device based on the button pressure signature; and the user identifier circuit outputting a message identifying the identified button and the identified user. | 10-31-2013 |
20130291091 | Location Bound Secure Domains - A telecommunications apparatus has secure operation based on geographic location. A positioning mechanism determines a geographic location for the telecommunications apparatus. A processor identifies a secure domain and determines an availability of an application programming interface for the based on the geographic location, wherein at certain geographic locations access to the application programming interface is restricted, and at other geographic locations access to the application programming interface is unrestricted. | 10-31-2013 |
20130305349 | METHOD OF PROVIDING ACCESS MANAGEMENT IN AN ELECTRONIC APPARATUS - In one embodiment of the present invention, a method of providing access management to a user is provided. This method includes running an application on a platform; linking a set of access permissions to the application by means of an apparatus; providing a user access to the application by means of an access manager; and allowing the user access to the application only after a predetermined number of access permissions from the set are satisfied. The apparatus may be a pager, a mobile phone, a feature phone, or a smart phone. The set of access permissions may comprise one or more questions that must be answered correctly. The questions may be selected to assist in the learning of an academic subject. The questions may be selected to assist in preparing the user for a standardized test. | 11-14-2013 |
20130305350 | System and Method for Enabling Seamless Transfer of a Secure Session - An information handling system includes a memory and a processor to execute instructions stored in the memory, which causes the processor to at least: send identification information to a second information handling system in response to an identification request broadcast from the second information handling system via a short-range communication; receive first authentication information for a local application and a remote service from the second information handling system; receive a copy of the local application; authenticate a user for the copy of the local application and for the remote service prior to the user logging on to the information handling system; receive second authentication information from the user to access the information handling system; authenticate the user to the information handling system; and automatically initiate a secure session between the copy of the local application and the remote service when the user is authenticated to the information handling system. | 11-14-2013 |
20130312084 | METHOD AND SYSTEM FOR ASSESSING CUMULATIVE ACCESS ENTITLEMENTS OF AN ENTITY IN A SYSTEM - A method and system is provided for assessing the cumulative set of access entitlements to which an entity, of an information system, may be implicitly or explicitly authorized, by virtue of the universe of authorization intent specifications that exist across that information system, or a specified subset thereof, that specify access for that entity or for any entity collectives with which that entity may be directly or transitively affiliated. The effective system-level access granted to the user based upon operating system rules or according to access check methodologies is determined and mapped to administrative tasks to arrive at the cumulative set of access entitlements authorized for the user. | 11-21-2013 |
20130312085 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, there is provided is an information processing apparatus including: a storage unit that stores therein information, which is set for a screen to be displayed on an information display unit, as to whether or not to permit an external input device to enter data to the information processing apparatus, and information as to whether or not to permit data entered from an external input device; an external-input-unit control unit that controls data entry to the screen from an external input device by utilizing information about a type of the external input unit and the information as to whether or not to permit the external input unit to enter data; and an input-key control unit that controls the data entry permitted by the external-input-unit control unit by consulting the information as to whether or not to permit data entered from the external input unit. | 11-21-2013 |
20130333021 | PREVENTING MALICIOUS SOFTWARE FROM UTILIZING ACCESS RIGHTS - In a first embodiment of the present invention, a method for enabling a device to block malicious software is provided, comprising: creating a super-user account as a new account for an operating system running on a device; and altering security rights of the operating system so that all accounts other than the super-user account of the operating system running on the device have only read access to key sections of the operating system. | 12-12-2013 |
20130333022 | Sharing Content Online - A method of providing a degree of authentication for a content link presented to peer user(s) by a sharing user via the Internet. The method includes, at a server, associating the content link with authentication data provided by the sharing user, and storing the associated content link and authentication data in a storage location. A redirection link that links to the stored associated content link and authentication data is presented to a peer user via a user interface of a client computer of the peer user. Upon submission of an access request from the client computer to the redirection link, the content link and the authentication data is delivered to the client computer. The authentication data is presented to the peer user via the user interface and the peer user is able to choose, via the user interface, to submit an access request to the content link. | 12-12-2013 |
20130340069 | SECURITY SWITCH - System and method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation. The system comprises an isolated switch, included fully or partially within an envelope of the personal device. The isolated switch cannot be affected in its operation by either the device core or the peripheral device. The switch may be operated by an authorized user of the personal device either preemptively or in response to a detected threat. In some embodiments, the isolated switch includes an isolated controller which can send one or more signals to the peripheral device and/or part of peripheral device. In some embodiments, the isolated switch includes an isolated internal component and an isolated external component, both required to work together to trigger the isolated switch operation. In some embodiments, the isolated switch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device. | 12-19-2013 |
20130340070 | ACCESS CONTROL APPARATUS, ACCESS CONTROL METHOD, AND PRINTING SYSTEM - In a multi-domain environment, an access control apparatus belonging to a first domain obtains access control information for controlling usage of a function of an image forming apparatus corresponding to a user belonging to the first domain. When the user belonging to the first domain instructs usage of a function of an image forming apparatus belonging to a second domain, the access control apparatus belonging to the first domain requests an access control apparatus belonging to the second domain to add authentication information managed by the second domain to the access control information. The access control apparatus belonging to the first domain transmits access control information including the added authentication information to a client computer. | 12-19-2013 |
20130347096 | PERMISSION MANAGEMENT METHOD FOR APPLICATIONS, ELECTRONIC DEVICE THEREOF, AND COMPUTER READABLE MEDIUM - A permission management method for an electronic device capable of installing at least one application is illustrated. The electronic device comprises a plurality of accessible operational functions. The method prepares a management table for recording corresponding operational functions that the application needs to access while performing the application, and a permission management program for controlling the management table. The permission management program may be performed to change the permission state of each operational function corresponding to the installed application. When the application installed in the device is performed and one of the operational functions is requested, the records in the management table are referred to determine whether the application is allowed to access the requested operational function. | 12-26-2013 |
20130347097 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM - In an image forming apparatus, in a case where a screen of an application requiring user authentication is continuously displayed, there has been a problem that operability is low for a user who does not log in. In a case where a screen of an authentication application is displayed, and the user does not perform user authentication, processing of the user authentication of the application is skipped. | 12-26-2013 |
20130347098 | IMAGE FORMING APPARATUS - An image forming apparatus includes a control unit, a login information storage, a login information receiver, a login authenticator, a target function setter, an authorization information storage, an alternative function information storage and a target function changer. The target function changer sets a user alternative function matching a user authorized function related to an authenticated user as a target function out of functions alternative to a user prohibited function and determined by alternative function information instead of the user prohibited function different from the user authorized function related to the authenticated user out of target functions when the authenticated user is set in a login state. | 12-26-2013 |
20140013419 | ELECTRONIC DEVICE FOR MULTIPLE USERS AND LOGIN METHOD THEREOF - An electronic device for multiple users includes a storage module for storing N user accounts, N being a positive integer larger than one; a touch display module; and a processing module electrically connected to the storage module and the touch display module, the processing module being used for displaying a login interface in the touch display module, the login interface including N slide paths, each of the N slide paths being corresponding to one of the N user accounts; wherein after performing a slide gesture on an i-th slide path of the N slide paths, the processing module logins the electronic device by an i-th user account of the N user accounts, which is corresponding to the i-th slide path, i is a positive integer smaller than or equal to N. | 01-09-2014 |
20140013420 | Secure portable computer and security method - A computer includes a processor, position determining means for determining the location of the computer, and control means for controlling the operation of the processor. The control means are in communication with the position determining means and control the operation of the processor in response to location information provided to the control means by the position determining means. | 01-09-2014 |
20140013421 | DEBUG ARCHITECTURE - Roughly described, a method of restricting access of a debug controller to debug architecture on an integrated circuit chip, the debug architecture comprising an access controller, a plurality of peripheral circuits, and a shared hub, the shared hub being accessible by the access controller and the plurality of peripheral circuits, the method comprising: at the access controller, authenticating the debug controller; at the access controller, following authentication, assigning to the debug controller a set of access rights, the set of access rights granting the debug controller partial access to the debug architecture; and after assigning the set of access rights, allowing the debug controller access to the debug architecture as allowed by the set of access rights. | 01-09-2014 |
20140020085 | Background Application Management - The techniques and systems disclosed herein generally pertain to managing permissions for applications to allow the applications to run in a background state by an operating system. In some embodiments, user interfaces may be used to allow users to manage application permissions without requiring the user to understand specifics of background applications, but rather by providing a predetermined threshold number of permissions that the user can assign to applications. When the predetermined threshold number of permissions has been allocated and a subsequent application requests a permission, the user may replace or swap out an application that currently has a permission by giving the permission to the requesting application. | 01-16-2014 |
20140020086 | VIRTUAL MACHINE SYSTEM, CONFIDENTIAL INFORMATION PROTECTION METHOD, AND CONFIDENTIAL INFORMATION PROTECTION PROGRAM - A virtual machine system that restricts use of confidential information only to the case where an authentication has resulted in success. The virtual machine system includes first virtual machine, second virtual machine, and hypervisor. The first virtual machine includes: storage unit storing confidential information; and authentication unit configured to perform authentication and notify the hypervisor of result of the authentication. The second virtual machine uses virtual device that is virtualized storage device. When having received authentication result indicating authentication success from the authentication unit, the hypervisor enables the second virtual machine to access, as substance of the virtual device, storage area storing the confidential information, and when not having received the authentication result indicating the authentication success from the authentication unit, the hypervisor disables the second virtual machine from accessing the storage area storing the confidential information. | 01-16-2014 |
20140026210 | METHOD FOR AUTHENTICATING MOBILE DEVICES - A method for authenticating a mobile device, the method comprising: detecting an external input to the mobile device; when the external input is detected, displaying a screen lock pattern having at least two or more pattern points, each pattern point having an identifier; determining whether a touch input is conducted on the at least two or more pattern points in an UI (User Interface) locked state of the mobile device; and when the touch input conducted on the at least two or more pattern points is successively made in a preset sequenced combination of identifiers, unlocking the locked state of the mobile device. | 01-23-2014 |
20140033298 | USER TERMINAL APPARATUS AND CONTROL METHOD THEREOF - A user terminal apparatus and a control method thereof are provided. The control method includes: receiving a user control input selecting a user mode; reconstituting a screen based on use authority information of a user mode selected according to the user control input; and displaying the reconstituted screen. | 01-30-2014 |
20140041016 | PROVIDING REMOTELY DEFINED SECURITY DATA TO A LOCAL APPLICATION EXTENSION - Systems and methods, including computer software adapted to perform certain operations, can be implemented for providing remotely defined security data to an application extension on a client device. A sequence of instructions and at least one permission indicator associated with the sequence of instructions are received. A first permission indicator is associated with a code extension to a software application adapted to execute at least a portion of the sequence of instructions. The code extension is adapted to perform one or more operations that supplement the operations supported by the software application. An instruction within the sequence of instructions associated with adapted for execution by the code extension and with an activity is identified. The first permission indicator is provided to the code extension. The code extension determines whether performance of the activity is permitted based, at least in part, on the first permission indicator. | 02-06-2014 |
20140041017 | LAW ENFORCEMENT AGENCY PORTAL - Implementations of the present disclosure involve a system and/or method for providing account information for a telephone number. All users are authenticated to ensure they may access the account information. Once authenticated, the user provides one or more telephone numbers that they would like to retrieve account information for. The system searches for the telephone number and if found, checks to ensure that the telecommunications provider services the phone number. When the telecommunications provider is the provider for the phone number, the record is retrieved and sent to the user. | 02-06-2014 |
20140059669 | METHOD AND MOBILE TERMINAL FOR ENHANCING THE SECURITY OF A MOBILE TERMINAL - The present disclosure discloses a method and mobile terminal for enhancing mobile terminal security, and relates to the information security field. The method includes: a mobile terminal providing in advance a target list to a user, setting at least one user-selected target from the list to a hidden state, and storing a password for a protected space set by the user, monitoring a specified application for the user to enter the password for the protected space, when detecting the user entering the password for the protected space via the specified application, entering the protected space, and restoring the target from a hidden state to a visible state, wherein the target can be an application/file at the mobile terminal. The mobile terminal can include: a setting module and a controlling module. The present disclosure can greatly enhance the security of the applications/documents at the mobile terminal. | 02-27-2014 |
20140059670 | METHOD AND SYSTEM FOR CONTROLLING ACCESS TO APPLICATIONS ON MOBILE TERMINAL - Various embodiments provide methods and systems for controlling an access to applications on a mobile terminal. In an exemplary method, an opened application can be scanned and an application identification can be obtained. The application identification can be compared with a pre-stored target application identification. When the application identification is compared to be consistent with the pre-stored target application identification, an unlock interface can be displayed. An unlock command can be obtained to run the application on the mobile terminal. An exemplary system for controlling an access to an application on a mobile terminal can include a scanning module, a comparing module, a displaying module, and an executing module. | 02-27-2014 |
20140068753 | Access Arbitration Module and System for Semiconductor Fabrication Equipment and Methods for Using and Operating the Same - An access arbitration module includes a plurality of active component communication ports for communicating with a plurality of active components, and includes a passive component communication port for communicating with a passive component. The access arbitration module also includes switching logic defined to control transmission of access communication protocol signals between each of the plurality of active component communication ports and the passive component communication port, such that an authorized one of the plurality of active component communication ports is connected in communication with the passive component communication port at a given time, and such that non-authorized ones of the plurality of active component communication ports are prevented from communication with the passive component communication port at the given time. | 03-06-2014 |
20140075546 | METHOD AND DEVICE FOR CONTROLLING INVOCATION OF AN APPLICATION PROGRAMMING INTERFACE - A computer-implemented method for controlling invocation of application programming interface (API) is provided. The method includes categorizing a plurality of APIs according to a plurality of API categories. The API categories are categorized by an API function through which user information is obtained. The method further includes setting a default invoking permission for a respective API category, and detecting, in real time, an attempt by an application to invoke an API in the respective API category. Upon detecting the attempted invocation of the API in the API category by the application, the method further includes controlling the invoking behavior of the API by the application in accordance with the default invoking permission for the API category. | 03-13-2014 |
20140090051 | Managing Heterogeneous Product Features Using a Unified License Manager - An information handling system includes a device, a controller, and a license manager subsystem. The controller is configured to determine whether the device has a license assigned and to communicate with the device pursuant to a uniform protocol. The communications include issuing a command to the device to provide an identification and a command to the device to activate itself. | 03-27-2014 |
20140096234 | INTELLIGENT TASK ASSIGNMENT AND AUTHORIZATION SYSTEMS & METHODS - The present disclosure relates to computer-implemented methods and systems for intelligent task management. An example method may include identifying one or more authorized entities. The method may further include broadcasting at least one task associated with a user to one or more devices associated with the one or more authorized entities. The method may further include receiving from the one or more authorized entities, via the one or more devices, an indication of acceptance of the at least one task. The method may further include selecting at least one trusted entity among the one or more authorized entities. The method may further include issuing at least one digital certificate to the at least one trusted entity to perform the at least one task. | 04-03-2014 |
20140096235 | Method and Apparatus for Dishonest Hardware Policies - A system implements dishonest policies for managing unauthorized access requests. The system includes memory management hardware to store a set of dishonest policy bits, each dishonest policy bit that is configured to a predetermined value indicating disallowed access for one of a set of memory ranges. When a processor receives an access request for a location in a memory range to which access is not allowed as indicated by a set dishonest policy bit, the processor returns a false indication according to a dishonest policy that the requested access has been performed. | 04-03-2014 |
20140096236 | APPARATUS AND METHOD FOR SECURING MOBILE TERMINAL - A mobile terminal and a method for securing information are provided. The mobile terminal includes an application part to receive information related to an application; a determining unit to receive a command issued by the application and to determine whether the command or the application is authorized to access a system resource of the mobile terminal; and a blocking unit to block an execution of the command in response to a determination that the execution of the command is unauthorized or issued by the unauthorized application. The method includes receiving information related to an application; receiving a request for executing a command issued by the application; determining whether the requested command or the application is authorized to access a system resource of a mobile terminal; and blocking execution of the command in response to a determination that the execution of the command is unauthorized or issued by an unauthorized application. | 04-03-2014 |
20140096237 | INFORMATION PROCESSING SYSTEM, ACCESS RIGHT MANAGEMENT METHOD, INFORMATION PROCESSING APPARATUS AND CONTROL METHOD AND CONTROL PROGRAM THEREFOR - Provided is an information processing apparatus including an application interface and a device interface, generated on the basis of each application, which are associated with each other. The information processing apparatus includes an access right table for storing whether the each application has an access right to a device connected to the information processing apparatus, and an access control unit that controls access between the application interface and the device interface with reference to the access right table. | 04-03-2014 |
20140101752 | SECURE GESTURE - Aspects of the disclosure provide a system that includes a protected module, an input module and a gesture engine. The protected module is configured to be accessible based on a specific gesture of a user predetermined to have a right to access the protected module. The input module is configured to receive an input gesture from a requester to access the protected module. The gesture engine is configured to be trained to process the input gesture in order to grant/deny an access to the protected module by the requester. | 04-10-2014 |
20140109216 | PORTABLE PERSONAL INFORMATION STORAGE DEVICE - A personal information storage system includes a securely configured portable media storage device that communicates with a computer to receive selected personal information. In one embodiment, the portable media storage device takes the form of a universal serial bus connector having a proprietary identifier embedded into the readable memory of the device. A program on the computer restricts the personal information residing on the computer's memory from being accessed by any other storage or processing device except for the secure portable media storage device. Moreover, the portable media storage device may include one or more inaccessible memory portions to prevent the storage of irrelevant material onto the device. | 04-17-2014 |
20140109217 | APPARATUS AND METHOD FOR UNLOCKING SCREEN AND EXECUTING OPERATION IN A PORTABLE TERMINAL - The present invention relates to an apparatus and a method for unlocking screen in a portable terminal. The method for unlocking operation includes: detecting at least two touch event inputs in sequence on the touch screen during a locking screen mode; converting the at least two touch event inputs in sequence to authentication information; determining whether the converted authentication information is identical to a preset unlocking authentication information; and unlocking the screen when the converted authentication information is identical to the preset unlocking authentication information. | 04-17-2014 |
20140109218 | PROVISIONAL ADMINISTRATOR PRIVILEGES - A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally. | 04-17-2014 |
20140115693 | MANAGING PERMISSION SETTINGS APPLIED TO APPLICATIONS - Some aspects of what is described here relate to managing permission settings applied to applications on a mobile device. Multiple management policies that apply to an application associated with a perimeter on a device are identified. A priority ranking for each management policy is determined for the application based on the perimeter with which the application is associated. A permission setting based on the priority rankings is applied to the application. | 04-24-2014 |
20140123272 | System and Method For Accessing A Restricted Object - A system and method wherein an intermediary process provides access to a restricted object associated with a source process on behalf of a destination process. The intermediary process may be a trusted process that is available as a service to other processes on the computing platform. The intermediary process may assume one or more privileges associated with the source process whereby the restricted object may be accessed by the intermediary process on behalf of the destination process. Secure access to the restricted object and the risk of malicious exploitation are mitigated since the intermediary process is a trusted service that is known to provide specific functionality. | 05-01-2014 |
20140123273 | Contextual Device Locking/Unlocking - Particular embodiments of a computing device associated with a user may detect an event using a sensor of the computing device. The event may be a lock-triggering event or an unlock-triggering event. The computing device may assess a state of the device. The computing device may also access further information associated with the user. The computing device may also monitor activity on the computing device to detect further events if such further monitoring is warranted. Based on the gathered information, the computing device may update a lock status of the device to lock or unlock access interfaces of the computing device, functionality of the computing device, or content accessible from the computing device. If the event comprised the computing device detecting an attempt by a third party to use the device, the device may attempt to identify the third party to determine if they are authorized to use the device. | 05-01-2014 |
20140130147 | ENABLING ACCESS TO A SUBSET OF DATA - A method includes receiving, at a computing device, one or more replicated authorization databases. At least one of the one or more replicated authorization databases corresponds to a subscription to access selected data. The selected data is aggregated from a plurality of sources. The method also includes storing the one or more replicated authorization databases at the computing device. The method also includes determining, via the replicated authorization databases, user permission to access the selected data via the computing device. The method also includes enabling access to the selected data at the computing device after determining the user permission to access the selected data. | 05-08-2014 |
20140137232 | DEVICE APPARATUS, CONTROL METHOD, AND RELATING STORAGE MEDIUM - A device apparatus transmits a request for delegating authority, after it is delegated from a user, to an application, together with first authority information identified, to an approval server system, and acquires second authority information issued based on the first authority information from the approval server system. | 05-15-2014 |
20140137233 | KEY WITH INTEGRAL BIOMETRIC INPUT DEVICE - A key integrates with a biometric input device. According to an aspect of the present disclosure, a fingerprint scanner may be integral with a spacebar. | 05-15-2014 |
20140143857 | METHODS FOR GRANTING ACCESS TO RESOURCES MODIFIABLE BY USERS IN A COMPUTER ENVIRONMENT, AND RESOURCES STRUCTURED THEREFORE - Method for accessing a resource in a data-processing environment. The resource includes a set of objects. The data-processing environment is capable of storing in association with at least one object of the resource at least one modified object. The data-processing environment is capable of storing in association with such an object information of degree of elaboration. The method performs the steps of identifying, for each object of the resource to which corresponds at least a modified object, by using the information of degree of elaboration, at least a most elaborate version of said object, and assembling the objects thus identified for them to be displayed in the resource. | 05-22-2014 |
20140150085 | USER AUTHENTICATION BASED ON A USER'S OPERATION ON A DISPLAYED THREE-DIMENSIONAL MODEL - An authentication device authenticates a user based on a user's operation. The authentication device comprises a display control unit, an operation input unit, and an authentication unit. The display control unit is a processor-based logic that displays a three-dimensional model on a display device. The operation input unit is a hardware unit that inputs a user's operation on the displayed three-dimensional model. The authentication unit is a processor-based logic that authenticates the user based on the user's operation, wherein the user's operation comprises a change operation of at least one of a position and posture of the three-dimensional model having been input from the user. | 05-29-2014 |
20140157401 | Method of Dynamically Adjusting an Authentication Sensor - A method is disclosed herein for employing detected device context, user history, and inferred identity to cause biometric sensors identification levels to automatically adjust to reduce device access time, computational complexity, and power. | 06-05-2014 |
20140173716 | METHOD AND APPARATUS FOR MANAGING AND ACCESSING PERSONAL DATA - Managing and accessing personal data is described. In one example, an apparatus has an application processor, a memory to store data, a receive and a transmit array coupled to the application processor to receive data to store in the memory and to transmit data stored in the memory through a wireless interface, and an inertial sensor to receive user commands to authorize the processor to receive and transmit data through the receive and transmit array. | 06-19-2014 |
20140181954 | SYSTEM FOR CONVEYING AN IDENTITY AND METHOD OF DOING THE SAME - A system is configured to communicate an identity and perform a physical task. The system has an application controlled identity device is configured to receive and to store a user identity. An application controlled detection device is communicatively coupled to the application controlled identity device. An actuator is communicatively coupled to the application controlled detection device. The application controlled detection device comprises computer code programmed to compare the identity with the stored identity. The application controlled detection device further comprises computer code programmed to activate the actuator when the identity matches the stored identity. | 06-26-2014 |
20140189850 | MOBILE DEVICE SECURITY USING MULTIPLE PROFILES - A mobile electronic device operates in accordance with at least two different application configurations. The device starts by operating in accordance with the first configuration after it receives a first access credential. The first configuration includes a hidden security application. When the device executes the hidden security application, a user may enter a second access credential via the second security application. When the device receives the second access credential, it then switches to a second application configuration. | 07-03-2014 |
20140189851 | SYSTEMS AND METHODS FOR NON-DESTRUCTIVE TESTING USER PROFILES - A non-transitory computer readable medium may include executable instructions which, when executed by a processor, cause the processor to authenticate a user, and to retrieve a user profile based on the user. The instructions further cause the processor to apply the user profile to restrict an operation of a non-destructive testing (NDT) device. | 07-03-2014 |
20140189852 | METHOD FOR EXECUTING AN APPLICATION IN A RESTRICTED OPERATING ENVIRONMENT - A user is presented with one or more user-level permissions in a human understandable language, where the one or more user-level permissions represent one or more application-level permissions requested from an application for accessing one or more resources. A security profile is generated having one or more operating system (OS)-level permissions based on at least one of the user-level permissions authorized by the user. The security profile is enforced to restrict the application to accessing the one or more resources based on the OS-level permissions. | 07-03-2014 |
20140201830 | APPLICATION PROGRAM LAUNCHING METHOD AND SYSTEM FOR IMPROVING SECURITY OF EMBEDDED LINUX KERNEL - Provided is an application program launching method and system for improving security of an embedded Linux kernel by distributing superuser privileges. The method includes: searching security set information on an application program selected by a user; changing a user account for a processor of the application program to a user ID associated with the application program in the security set information; setting a capability for the processor according to setting information for the capability in the security set information; changing a basic directory for the processor according to a basic directory in the security set information; and launching the application program. | 07-17-2014 |
20140208414 | USE OF FREEFORM METADATA FOR ACCESS CONTROL - Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment. | 07-24-2014 |
20140208415 | Variable Domain Resource Data Security for Data Processing Systems - The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model. | 07-24-2014 |
20140208416 | CROSS TRANSPORT AUTHENTICATION - An authentication controller coupled to a first communication port of a portable media device is allowed to provide authentication on behalf of an accessory device coupled to a second communication port of the portable media device. In one embodiment, a cross transport connector includes a connector configured to couple with an accessory and a connector configured to couple with a portable media device such that the accessory can be coupled to the second communication port of the portable media device. The cross-transport connector also includes an authentication controller. The authentication controller may request authentication from the media device over the first communication port of the portable media device. The request may also include an identifier of the second port, to which authenticated permissions obtained via the first port may be transferred. | 07-24-2014 |
20140245430 | REGULATING ACCESS TO AND PROTECTING PORTIONS OF APPLICATIONS OF VIRTUAL MACHINES - Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed. | 08-28-2014 |
20140250522 | SYSTEMS AND METHODS USING DRAWINGS WHICH INCORPORATE BIOMETRIC DATA AS SECURITY INFORMATION - Systems and methods using drawings as security information are disclosed. According to an aspect, a computing device may include a touchscreen display configured to receive information for drawing a security picture. Further, the computing device may include a security manager configured to determine one or more characteristics associated with input of the gesture information. The security manager may also be configured to authenticate a user based on the drawn security picture and the one or more characteristics associated with input of the gesture information. | 09-04-2014 |
20140283007 | Temporal Security for Controlled Access Systems - A method for gaining access or entry to a system. The method comprises (a) beginning a secure system act by a user; (b) beginning counting of time intervals concurrent with execution of step (a); (c) ending the secure system act by the user; (d) capturing a final time interval count concurrent with execution of step (c); (e) determining whether the secure system act matches a correct secure system act; (d) determining whether the final time interval count matches a correct final time interval count; and (e) granting the user access or entry to the system responsive affirmative results of step (d). | 09-18-2014 |
20140283008 | LOCKOUT-TAGOUT AND SAFETY COMPLIANCE SYSTEMS AND METHODS - The present application discloses systems and methods for systems and methods of creating, administrating, assigning, and managing lockout-tagout (LOTO) procedures and other safety compliance procedures. | 09-18-2014 |
20140289841 | AUTHENTICATION PROCESSING DEVICE FOR PERFORMING AUTHENTICATION PROCESSING - The present invention is to enable a user to input authentication information without burden, such that the user only has to memorize part of the authentication information even when inputting lengthy authentication information in order to ensure high-level security. When an operation of inputting and arranging authentication information in an information arrangement region is performed in a state where an arrangement status of a specified portion in the information arrangement region is set in advance as partial-authentication reference information in a reference authentication information memory, a CPU detects an arrangement status of the specified portion from an overall arrangement status in the information arrangement region, and performs, as partial authentication, processing of matching the detected arrangement status of the specified portion and the arrangement status of the specified portion set as the partial-authentication reference information. | 09-25-2014 |
20140304807 | METHOD TO ACTIVATE AND RESTRICT CONTROL OF A DEVICE - There is provided a method to activate and restict control of a device. A first step involves positioning a secondary device on a human body which generates an authorization key. A second step involves using the human body as a local transmitter to transmit the authorization key from the secondary device to the device which is to be activated and controlled. | 10-09-2014 |
20140310799 | DELIVERING DATA FROM A RANGE OF INPUT DEVICES OVER A SECURE PATH TO TRUSTED SERVICES IN A SECURE ELEMENT - Systems and methods of delivering data from a range of input devices may involve detecting an availability of data from an input device, wherein the input device is associated with a default input path of a mobile platform. An input device driver can be invoked in a security engine in response to the availability of the data if a hardware component in the default input path is in a secure input mode, wherein the security engine it associated with a secure input path of the mobile platform. Additionally, the input device driver may be used to retrieve the data from the input device into the security engine. | 10-16-2014 |
20140310800 | SECURE DISK ACCESS CONTROL - A request is received from a security tool, the request relating to an event involving data records in a storage device. An application programming interface (API) is used to interface with secure storage functionality of the storage device, the secure storage functionality enabling a set of secure storage operations. A security operation is caused to be performed at the storage device involving the data records based at least in part on the request. In one aspect, the set of secure storage operations can include a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation. | 10-16-2014 |
20140325639 | ELECTRONIC DEVICE AND AUTHENTICATION METHOD - According to one embodiment, a device gives a higher priority to a user when first authentication is successfully carried out than when second authentication is successfully carried out. The device includes a nonvolatile memory which stores a first password used for the first authentication, a position detector which detects a present position of the device, a first display processor which display a first input screen for accepting a third password input when the device is activated, and a second display processor which displays a second input screen for accepting the third password input, when the third password, which is input by using an input module when the first screen is displayed, is determined to be the first password and the present position is out of the permissible range. | 10-30-2014 |
20140331314 | Time and Sleep Control System and Method - A time and sleep control system and method is disclosed. According to one embodiment, a computer-implemented method includes providing a first user interface on a computing device that provides digital content to a first user, providing a second user interface associated with an operating environment on the computing device to a second user, where the second user interface provides unrestricted access to the digital content, receiving a request that is configured to be provided by the second user to access the first user interface from the operating environment, where the request allows the second user to provide restricted access to the digital content on the first user interface, granting the request, and receiving a desired time duration on the computing device that is configured to be provided by the second user, where the desired time duration controls a length of time that the first user is allowed to access the first user interface. | 11-06-2014 |
20140344919 | DEBUG FUNCTIONALITY IN A SECURE COMPUTING ENVIRONMENT - A computer system includes a security processor, a first scan chain coupled to the security processor, a non-secure element, and a second scan chain coupled to the non-secure element. The computer system also includes one or more test access port controllers to control operation of the first and second scan chains, and further includes debug control logic, coupled to the one or more test access port controllers, to enable the one or more test access port controllers to activate debug functionality on the second scan chain but not the first scan chain in response to a predefined condition being satisfied. | 11-20-2014 |
20140344920 | METHOD, TERMINAL, AND SERVICE DEVICE FOR PROVIDING DATA SECURITY SERVICE - Disclosed are a method, a terminal, and a service device for providing a data security service for data stored in a terminal or a data security service for backup data of the data of the terminal, backed up onto a backup device. | 11-20-2014 |
20140359754 | Providing A Multi-Phase Lockstep Integrity Reporting Mechanism - In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed. | 12-04-2014 |
20140366125 | INFORMATION PROCESSING DEVICE, EXTERNAL DEVICE, SERVER DEVICE, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM AND SYSTEM - The information processing device connects with an external device by a first connection unit and a second connection unit different from each other. An identification information specific to the information processing device is transmitted from the information processing device to the external device via the first connection unit, and further transmitted from the external device to the information processing device via the second connection unit. The information processing device compares the specific identification information received from the external device with specific identification information for comparison, stored in advance, to determine whether or not the information processing device and the external device are in a simultaneous connection state in which the information processing device and the external device are connected by the first connection unit and the second connection unit. | 12-11-2014 |
20140380462 | IMAGE PROCESSING APPARATUS THAT PERFORMS USER AUTHENTICATION, AUTHENTICATION METHOD THEREFOR, AND STORAGE MEDIUM - An image processing apparatus using an authentication technique that enables user authentication suited to application characteristics and user authorities, thus ensuring security and enhancing usability at the same time. An authority of a user authenticated in a first authentication process for authenticating the user is obtained. When the obtained authority of the user is a predetermined authority, control is provided to give the predetermined authority to the user authenticated in the first authentication process. When the authority of the user is not the predetermined authority, control is provided to authenticate the user in a second authentication process for authenticating the user more securely than in the first authentication process, and when the second authentication process is successful, give the obtained authority to the user. | 12-25-2014 |
20150020191 | METHOD AND SYSTEM FOR DYNAMICALLY ASSIGNABLE USER INTERFACE - With their ubiquitous nature and perceived personalized character portable electronic devices are increasingly forming part of individual's life as applications exist for practically anything today and new ones are released daily. It is therefore increasingly important for these electronic devices to dynamically adapt applications, information, user interface etc. According to embodiments of the invention user interfaces provide: Biometric Recognition—the user interface (UI) configuration discretely or in combination with other context factors varies according to the identity of the recognized user; Electronic Environment Context—the electronic environment to the electronic device provides contextual basis for the UI; Dynamic Context Adjustment?, and Micro-Contexts—the UI configuration UI adapts as macro- and micro-contexts change with macro-contexts divided into multiple micro-contexts; Intuitive User Interface—user motions are more intuitive and more closely resemble real world actions; and Smart Agent—application notifications are parsed for impact to other actions/activities in other applications. | 01-15-2015 |
20150020192 | ADDRESS TRANSLATION/SPECIFICATION FIELD FOR HARDWARE ACCELERATOR - Embodiments relate an address translation/specification (ATS) field. An aspect includes receiving a work queue entry from a work queue in a main memory by a hardware accelerator, the work queue entry corresponding to an operation of the hardware accelerator that is requested by user-space software, the work queue entry comprising a first ATS field that describes a structure of the work queue entry. Another aspect includes, based on determining that the first ATS field is consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, executing the operation corresponding to the work queue entry by the hardware accelerator. Another aspect includes, based on determining that the first ATS field is not consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, rejecting the work queue entry by the hardware accelerator. | 01-15-2015 |
20150033327 | SYSTEMS AND METHODOLOGIES FOR MANAGING DOCUMENT ACCESS PERMISSIONS - Described herein are systems and methodologies for managing document access permissions. Embodiments of the invention have been particularly developed for allowing group-based permission management in a file system. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts. | 01-29-2015 |
20150047015 | ACCESS CONTROL FOR HARDWARE UNITS - The invention relates to providing access control to service units of a computer system. When a program unit such as a process or a thread accesses a service unit, the service unit generates an access signal (e.g. an interrupt) indicating the service unit has been accessed. This access signal is handled e.g. by an interrupt handling arrangement at the processor, and in case the program unit is not authorized to access the service unit, the program unit is terminated. | 02-12-2015 |
20150058971 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus includes a first acquiring unit that acquires information for specifying an operator, an operator authenticating unit that authenticates the operator, a first determining unit that determines whether information on the operator is continuously acquired, a second acquiring unit that acquires information for specifying a checker, a checker authenticating unit that authenticates a checker corresponding to the operator, a second determining unit that determines whether information on the checker is continuously acquired, and a controller that controls a processing apparatus to execute processing, on the condition that the operator is authenticated and the checker is authenticated. The controller controls the processing apparatus to continue the processing, on a condition that, after execution of the processing by the processing apparatus, the information on the operator is determined to be continuously acquired, or the information on the checker is determined to be continuously acquired. | 02-26-2015 |
20150058972 | Method And Apparatus For Accessing An Application Program - An application program installed in a user device is monitored. if it is determined that a user requests access to the application program, it is determined whether the application program is encrypted. If the application program to which the user requests access is encrypted, the user is requested to input verification information and it is determined whether the verification information is correct. If the verification information is correct, the application program to which the user requests access is run and a running result is presented. If the verification is not correct, a protection operation is performed to the application program to which the user requests access. | 02-26-2015 |
20150067822 | Biometric Verification Using Predicted Signatures - A computer-implemented biometric identity verification method including the steps of storing a database of registered users, including data identifying profile attributes of each registered user and a respective plurality of stored biometric signatures, each stored biometric signature associated with a corresponding one or more of the profile attributes. A predicted biometric signature is derived for a requesting user when it is determined that a period of time has elapsed since the requesting user's stored biometric signature was last updated, by adapting the stored biometric signature based on biometric variances derived from a biometric peer group of registered users with at least one profile attribute in common with the requesting user. The predicted biometric signature is used to verify the identity of the requesting user. | 03-05-2015 |
20150089632 | APPLICATION AUTHENTICATION CHECKING SYSTEM - A method for authentication checking comprises receiving an authentication verification request for accessing an application. The authentication verification request includes a user identification, a device identification and an application identification. A validity of the authentication verification request is determined based on at least a last known authentication information, and a first subset of an application policy rule-set specific to the user identification and the device identification, if the application policy rule-set permits cross-application authentication; otherwise the validity is determined based on at least a second subset of the application policy rule-set specific to the user identification, the device identification and the application identification. Access to the application is enabled if the validity of the authentication verification request is true; otherwise a new authentication is requested. | 03-26-2015 |
20150089633 | SYSTEM AND METHOD FOR ASSET ASSIGNMENT AND REPLACEMENT - A file cabinet drawer includes support rails supporting asset panels each with a plurality of asset positions to support respective assets and associated asset indicators. A controller activates panel, drawer, and asset indicators to locate assigned assets. A recipient can be reauthenticated and assigned a duplicate asset if the assigned asset becomes unavailable. An administrator can be authenticated to conduct assignment of duplicate assets. Where asset(s) include electronic identification tags, the panels can include contacts in electrical communication with support rails in respective drawers coupled to the controller to read an asset identifier from each tag. | 03-26-2015 |
20150096012 | SECURE PHYSICAL AUTHENTICATION INPUT WITH PERSONAL DISPLAY OR SOUND DEVICE - A secure user input system is implemented for a computer system having a user input apparatus and a user output apparatus. The system comprises a user input template, provided to the user on the user output apparatus; and a personal user output interface providing, to the user, personal input interface information, mapped to the user input template, to enable the user to input information through the user input apparatus that is intelligible only to a party having access both to the user input template and the personal input interface information. | 04-02-2015 |
20150101038 | TERMINAL AND METHOD FOR CHECKING CALIBRATION HISTORY OF SCALE AND SYSTEM FOR MANAGING CALIBRATION HISTORY OF SCALE - The present invention relates to a terminal for checking a calibration history of a scale, a system for managing a calibration history of a scale and a method of checking a calibration history of a scale, and more particularly, a terminal for managing history of calibrating or revising the reference data being a standard when calculating a weight, the system thereof and the method thereof. According to the present invention, it is expected to prevent business transactions of a scale user because a general user as well as a qualified person can determine whether a scale is manipulated without authority. In addition, according to the system of the present invention, it is possible to greatly lower the calibration cost of a scale. | 04-09-2015 |
20150101039 | IMAGE PROCESSING SYSTEM, IMAGE FORMATION APPARATUS, AND RELAY DEVICE - An MFP sets an access condition for an external device with respect to a cloud box. The access condition is transmitted from the MFP to a relay device, and is registered in a memory of the relay device. When the relay device receives an access request made by the external device with respect to the MFP serving as an internal device, the relay device determines whether to permit or deny access to the MFP by comparing the access request with the access condition. When the access is permitted, the access request is transferred from the relay device to the MFP, whereas when the access is denied, the relay device notifies the external device of it. | 04-09-2015 |
20150106916 | LEVERAGING A PERIPHERAL DEVICE TO EXECUTE A MACHINE INSTRUCTION - A method includes executing microcode in a processing unit of a processor to implement a machine instruction, wherein the microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction. A processor includes a public communication bus, a peripheral device coupled to the public communication bus, and a processing unit. The processing unit is to execute microcode to implement a machine instruction. The microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction. | 04-16-2015 |
20150106917 | METHOD AND APPARATUS FOR CREATING SWITCHABLE DESKTOPS WITH SEPARATE AUTHORIZATIONS - A system and method for creating switchable desktops each with its own authorization. The system provides a custom authentication and authorization data store that defines permission sets called roles, and lists which roles each user may assume. The system also provides a custom virtual desktop manager that creates new virtual desktops using the permissions defined by roles allowed for each user. When a user requests a new virtual desktop and role from the desktop manager, the manager requests new virtual desktop components from the operating system. The desktop manager intercepts a request by the operating system to the Local Security Authority module for permissions to grant the new virtual desktop. The manager substitutes the user's requested role permissions (if the user may assume the rule) for the permissions granted by the LSA module. The LSA module and operating system grant those role permissions to the user's activities in a newly created virtual desktop. | 04-16-2015 |
20150121507 | Systems and methods to secure industrial sensors and actuators - Various embodiments of the invention provide for secure data communication in industrial process control architectures that employ a network of sensors and actuators. In various embodiments, data is secured by a secure serial transmission system that detects and authenticates IO-Link devices that are equipped with secure transceivers circuits, thereby, ensuring that non-trusted or non-qualified hardware is prevented from connecting to a network and potentially compromising system behavior. | 04-30-2015 |
20150121508 | METHOD, A COMPUTER PROGRAM AND APPARATUS FOR ANALYZING SYMBOLS IN A COMPUTER - The invention provides a computer-implemented method of analyzing symbols in a computer system, the symbols conforming to a specification for the symbols, in which the specification has been codified into a set of computer-readable rules; and, the symbols analyzed using the computer-readable rules to obtain patterns of the symbols by determining the path that is taken by the symbols through the rules that successfully terminates, and grouping the symbols according to said paths, the method comprising; upon receipt of a message at a computer, performing a lexical analysis of the message; and, in dependence on lexical analysis of the message assigning the message to one of the groups identified according to said paths. The invention also provides a computer programmed to perform the method and a computer program comprising program instructions for causing a computer to perform the method. | 04-30-2015 |
20150128252 | AUTHENTICATION CONTROL SYSTEM, AUTHENTICATION CONTROL METHOD, AND PROGRAM - There is provided an authentication control system including an acquisition unit configured to acquire information detected by a sensor, an evaluation unit configured to evaluate suitability for use of each of one or more sensors in environmental conditions indicated by the information, and an authentication mode selection unit configured to select an authentication mode from among a plurality of authentication modes based on an evaluation result obtained by the evaluation unit, each of the authentication modes using any one of the one or more sensors. | 05-07-2015 |
20150128253 | Multi-Security-CPU System - A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU. | 05-07-2015 |
20150135305 | METHOD AND SYSTEM FOR DYNAMICALLY AND AUTOMATICALLY MANAGING RESOURCE ACCESS PERMISSIONS - Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party. | 05-14-2015 |
20150135306 | Electric Tool - The disclosure relates to an electric tool, particularly a hand-held power tool, comprising a control unit which has control software with control parameters, and is provided for the purpose of controlling a drive unit. According to the disclosure, said electric tool comprises an interface unit that is provided to fundamentally update and/or modify the control software and/or the control parameters. | 05-14-2015 |
20150143506 | INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - In an information processing apparatus and a method of controlling the same, settings for prohibiting an access to a removable medium is performed, and even if the setting is set, the access to the removable medium is permitted in a case where the information processing apparatus is activated in the maintenance mode. | 05-21-2015 |
20150143507 | METHOD AND APPARATUS FOR STORING, SHARING, AND/OR ORGANIZING PERSONAL INFORMATION - Embodiments of the subject invention relate to systems and methods for presenting and managing user information. Specific embodiments allow creating, editing, presenting, and storing user information. In a more specific embodiment, the systems and methods can be used to provide a digital safe deposit box (DSDB) that allows users to save, maintain, update, and/or share information about themselves and/or their organization. Specific embodiments provide a personal financial solution that is designed for customers interacting with professional institutions, such as accounting firms, banks, and insurance agencies, and/or interacting with family members and people that may need to access certain documents. Embodiments of the invention provide individuals, based on permission granted/allocated to them, access to specific information, while providing safety from fraud. | 05-21-2015 |
20150150118 | HARDWARE VIRTUALIZATION MODULE FOR EXCLUSIVE CONTROLLED ACCESS TO CPU - In one embodiment, a method comprises providing an apparatus having exclusive access to each of one or more central processing units (CPUs) of a computing system and exclusive access to host resources of the computing system; and controlling, by the apparatus, execution of a virtual machine in the computing system based on the apparatus controlling access to any one of the CPUs or any one of the host resources according to prescribed policies for the virtual machine, the prescribed policies maintained exclusively by the apparatus. | 05-28-2015 |
20150150119 | FRAMEWORK FOR FINE-GRAIN ACCESS CONTROL FROM HIGH-LEVEL APPLICATION PERMISSIONS - A method for access control of an application feature to resources on a mobile computing device. An application is prepared for installation on the mobile computing device via a processor. An application permission associated with the application is identified. The application permission relates to access of resources of the mobile computing device. Restrictions associated with the application permission are determined. A set of mandatory access control rules are defined for the application permission based on the restrictions. The set of mandatory access control rules and the application permission are combined in a loadable mandatory access control policy module. The loadable mandatory access control policy module is stored in a memory of the mobile computing device, the loadable mandatory access control policy module capable of being enforced by an operating system of the mobile computing device. | 05-28-2015 |
20150294105 | Storage Medium Recording Display Control Program for Function Setting, Method for Operating Display Control Program, and Electronic Device Including the Same - An electronic device includes an authentication section that authenticates a user of the electronic device, an operation section that includes a display section and operates the electronic device, a storage section that stores programs that each cause the electronic device to perform a job in accordance with a preliminarily set content, and a program processing section that generates a program associated with the user authenticated in the authentication section. Using the operation section, a first user specifies a program to be shared and a second user permitted to use the shared program. As such, the first user who permits to share the program shares the program with the second user. | 10-15-2015 |
20150302185 | METHOD AND APPARATUS FOR ACCOUNT INTERCOMMUNICATION AMONG APPS - A method and apparatus for account intercommunication among APPs. The method comprises: acquiring account information entered by a user in a current APP; and, after using the account information to log in successfully, providing the account information to other APPs having intercommunication permissions with the current APP for the other APPs to log in. Via the disclosed method, account information entered in any APP may be shared among APPs having intercommunication permissions with the APP, so that other APPs may be logged into using an intercommunicated account after they are opened, without the need to manage account information about various APPs through a unified entrance, and thus the APP need not access the entrance in advance, and login can be realized without the need to exit the APP to open the entrance; obviously, the flexibility and independence of APP login are improved, and the complexity of operation is reduced. | 10-22-2015 |
20150302186 | Expiration Time Authentication System, Expiration Time Authentication Device, and Expiration Time Authentication Method for Applications - A smartphone into which an application is installed includes a first and second authentication processing unit. The first authentication processing unit is configured to determine whether or not a current activation time of the application is past expiration time; permits authentication if the current activation time is not past the expiration time; and denies authentication if the current activation time is past the expiration time. The second authentication processing unit is configured to determine whether or not the current activation time is after previous activation time; permit authentication if the current activation time is after the previous activation time; and deny authentication if the current activation time is not after the previous activation time, wherein second authentication processing allows authentication to be denied if the current activation time (tampered and unauthorized activation time) is time before the previous activation time, as a result of turning back an internal clock of the smartphone. | 10-22-2015 |
20150302222 | COMPUTING MACHINE, ACCESS MANAGEMENT METHOD, AND ACCESS MANAGEMENT PROGRAM - When an access occurs to an I/O device from an OS | 10-22-2015 |
20150310229 | SYSTEM ON CHIP - A system on chip having two or more responder units and two or more protection units is provided. Each of the responder units comprises a set of responder elements. Each of the protection units is associated with and protects one of the responder units and is arranged to provide a group mapping. The group mapping assigns one or more group identifiers to each of the responder elements of the respective responder unit. | 10-29-2015 |
20150324210 | SETTING UP A SYSTEM WITH A MOBILE DEVICE - Methods and systems are described for setting up a security and/or automation system. According to at least one embodiment, a method for setting up the security or automation system includes receiving a communication from a mobile device associated with installing a system peripheral device at a control unit and executing an installation task based on the communication. | 11-12-2015 |
20150324304 | Techniques for Secure Storage Hijacking Protection - Various embodiments of the present disclosure are directed to a storage device having a non-volatile memory, a Proof of Physical Access (PPA) mechanism and a controller circuit. The PPA mechanism generates a PPA value responsive to a direct physical user interaction with the storage device by a user. In response to receipt of a storage command from a host, the controller circuit executes the received storage command responsive to the storage command being determined to be a protected command and responsive to detection of the PPA value during a predetermined window of time. The controller circuit does not execute the received storage command responsive to the storage command being determined to be a protected command and responsive to an absence of the PPA value during the predetermined window of time. The protected command is a command that changes access to data stored in the non-volatile memory. | 11-12-2015 |
20150332028 | SYSTEM THAT ENFORCES ACCOUNTABILITY BY REQUIRING JUSTIFICATIONS FOR SENSITIVE INFORMATION TECHNOLOGY OPERATIONS - A method for requiring justifications for predetermined user operations may include maintaining a plurality of policies in a policy store, and detecting a user operation, via a policy module, that triggers a policy of the plurality of policies. The method may also include pausing user operation, notifying the user of the impact of the user operation that triggered the policy, and requesting justification from the user for the user operation. The method may further include storing user-provided justification in a predetermined location, and then resuming the user operation. | 11-19-2015 |
20150332030 | System for Locking Down a Computing Device for Restricted Access to End Users - The present invention discloses system for locking down the computing devices for restricted access to end users. The system includes a lock down module, a monitoring module and a single application module. The system using these modules blocks a user's access to at least one of a plurality of unallowed applications and restricts user's access to modify a peripheral setting like GPS, Airplane Mode, Bluetooth®, etc. The system allows only the desired applications to run and no other application is visible on the device. If the user tries to access an unallowed application through any means, it is immediately terminated. Computing device peripheral settings are locked down to desired value so that the users cannot change the settings. | 11-19-2015 |
20150332069 | PROGRAMMABLE DIRECT MEMORY ACCESS CHANNELS - A storage location of a device that can be configured to act as a master in a particular security mode, such as a Direct Memory Access (DMA) having one or more channels, can be programmed to indicate a security indicator to be provided when configured to operate as a master device. | 11-19-2015 |
20150347738 | PROXIMITY UNLOCK AND LOCK OPERATIONS FOR ELECTRONIC DEVICES - The described embodiments perform a proximity unlock operation. For the proximity unlock operation, a first electronic device in a locked operating state detects that an authorized second electronic device is in proximity to the first electronic device. Based on detecting the authorized second electronic device in proximity to the first electronic device, the first electronic device transitions from a locked operating state to an unlocked operating state. In the described embodiments, the transition to the unlocked operating state occurs without the user performing a manual authentication step that is performed in existing electronic devices to cause the transition from the locked operating state to the unlocked operating state. | 12-03-2015 |
20150356283 | User Configurable Profiles for Security Permissions - Permissions specified within an application permission manifest file of an application may be superseded with customized permissions. A user may customize the permissions by denying permissions, granting permissions, or requesting a prompt prior to an application attempting to access functionality and/or data protected by a permission. A user may customize permissions on a global or per application basis. Upon receiving input to customize a permissions profile, a package manager module creates a new permissions manifest file associated with an application. Upon receiving input to execute an application, a runtime environment that may be provided by the runtime accesses the new permissions manifest file instead of an original permissions manifest file, and operates the application using permissions granted in the new permissions manifest file. | 12-10-2015 |
20150363336 | MEMORY DEVICE, MEMORY SYSTEM, AND METHOD OF OPERATING MEMORY SYSTEM - A method of operating a memory system including a first function block and a second function block includes generating a first authentication response indicating physical characteristics of the memory system, via the second function block, in response to a first authentication request received from the first function block; performing an error correction decoding on the first authentication response, via the first function block, by using first parity data corresponding to the first authentication request; and determining whether the second function block is authentic, depending on a result of the error correction decoding. | 12-17-2015 |
20150363582 | TECHNOLOGIES FOR DETERMINING CONFIDENCE OF USER AUTHENTICATION - Technologies for determining a confidence of user authentication include authenticating a user of a computing device based on a set of authentication factors and a fusion function that fuses the set of authentication factors to generate an authentication result. A false accept rate and a false reject rate of the authentication result is determined, and an authentication confidence for the authentication result is determined. The authentication of the user is performed passively, without interruption or interruption of the user. If the authentication confidence is below a threshold value, an active authentication procedure may be performed. | 12-17-2015 |
20150363591 | METHOD OF ACTIVATE UPON AUTHENTICATION OF ELECTRONIC DEVICE - A method of activate-upon-authentication for an electronic device is disclosed. The method includes following steps: accepting a first user operation corresponding to specific function; generating input data corresponding to the first user operation; authenticating a user identity, and simultaneously obtaining a control command corresponding to the predefined input data for triggering the function when the input data matching one of a plurality of predefined input data previously established; and executes the control command in order to trigger above-mentioned function. The present invention uses a single user operation to identify user identity and trigger above-mentioned function at the same time, which eliminates the need to execute additional operation to input identification data. | 12-17-2015 |
20150371018 | OPTIMIZED ENFORCEMENT OF FINE GRAINED ACCESS CONTROL ON DATA - Techniques for efficient cursor sharing to enforce fine-grained access control are provided. In one technique, the authorization context of a database statement is stored in (or in association with) a corresponding cursor. The authorization context indicates multiple authorization results, each of which indicates whether a user (or role) associated with the database statement is allowed to access a different data set of multiple data sets that the database statement targets. An authorization context of an incoming database statement may be compared to the authorization context of a cursor in a single comparison to determine whether the authorization contexts match. If so, then the cursor may be shared. In another technique, one or more normalizations are applied to a cursor predicate that is generated based on the authorization context of a database statement. The one or more normalizations may result in removing one or more predicates from the cursor predicate. | 12-24-2015 |
20150371029 | ANTI-PEEPING DISPLAY SYSTEM AND METHOD, ANTI-PEEPING DISPLAY AND ANTI-PEEPING GLASSES - The present disclosure discloses an anti-peeping display system includes an anti-peeping display, anti-peeping glasses and a controller. The anti-peeping display includes a first polarizer and a first driving device driving the first polarizer to rotate. The anti-peeping glasses include a second polarizer and a second driving device driving the second polarizer to rotate. When judging that both of the obtained display password and the obtained glasses password are correct, the controller is configured to control the first polarizer and the second polarizer to rotate at a same angular velocity; otherwise, control the first driving device and the second driving device to rotate at different angular velocities. | 12-24-2015 |
20150371034 | Trust Agents - Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state. | 12-24-2015 |
20150379039 | INTEGRATING VIRTUAL MACHINE FILE SYSTEM INTO A NATIVE FILE EXPLORER - In a computer-implemented method for integrating a file system of a virtual machine into a native file explorer of a client system, a virtualization infrastructure that manages at least one virtual machine is accessed. The virtual machine is discovered. The file system of virtual machine is accessed. The file system of virtual machines is integrated with the native file explorer of the client system. | 12-31-2015 |
20150379258 | Center Device - A center device communicates with one or more controller devices operated by one or more users. The center device is operable to: execute at least one application program; detect a respective connection with each of the one or more controller devices and to select one of the one or more controller devices for authentication; query the user of the selected one of the controller devices for requested authentication information; receive, from the selected one of the controller devices, authentication information provided by the user of the selected one of the controller devices; and permit the execution and manipulation of the output of the application program only when the authentication information provided by the user, and received from, the selected one of the controller devices matches the requested authentication information. | 12-31-2015 |
20160004853 | PREVENTING UNAUTHORIZED ACCESS TO COMPUTER SOFTWARE APPLICATIONS - Preventing unauthorized access to computer software applications by receiving keyboard event information corresponding to a plurality of keyboard events detected at a computer, wherein the keyboard events represent input to a computer software application, determining that a number of paste actions indicated by the keyboard event information equals or exceeds a predefined threshold, and performing a computer-security-related action responsive to determining that the number of paste actions equals or exceeds the predefined threshold, wherein the computer-security-related action relates to the computer software application. | 01-07-2016 |
20160004858 | Security-Enhanced Web Application Module Translation - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for preserving code safety of application code that is received in a portable, instruction-set-neutral format. One aspect of the subject matter described in this specification can be embodied in methods that include the actions of receiving a portable code file that is implemented in an instruction-set-neutral and source code independent format; translating the portable code file into native object code for execution on a particular instruction set architecture; generating a native executable for the particular instruction set architecture using the native object code; and validation the native executable using a trusted validator prior to execution of the native executable. | 01-07-2016 |
20160004859 | METHOD AND SYSTEM FOR PLATFORM AND USER APPLICATION SECURITY ON A DEVICE - A method and system for platform and user application security on a computing device is provided. The method includes: verifying integrity of operating system code on the computing device to establish a trusted execution environment in the operating system of the computing device; and in response to success of the integrity verification of the operating system code, binding a user-space application on the computing device to the operating system on the computing device. | 01-07-2016 |
20160012246 | DATA PROTECTED PROCESS CORES | 01-14-2016 |
20160026787 | AUTHENTICATING MESSAGES SENT OVER A VEHICLE BUS THAT INCLUDE MESSAGE AUTHENTICATION CODES - A system and method of transmitting data within a vehicle over a vehicle bus includes: constructing at an electronic control unit (ECU) a serial bus message that includes a data message and a message authentication code (MAC) that is created using a secret key stored at the ECU, a MAC algorithm, and the data message; transmitting the serial bus message to a receiving ECU over the vehicle bus; and authenticating the serial bus message at the receiving ECU using a copy of the secret key stored at the receiving ECU by creating a copy of the MAC from the data message included in the serial bus message, the copy of the secret key, and the MAC algorithm; comparing the MAC included in the serial bus message with the copy of the MAC created at the receiving ECU; and rejecting or accepting the data message based on the comparison. | 01-28-2016 |
20160026813 | PROCESS CONTROL SOFTWARE SECURITY ARCHITECTURE BASED ON LEAST PRIVILEGES - A process control system software security architecture, that is more effective at preventing zero-day or other types of malware attacks, implements the use of “least privileges” when executing the applications and services run within a computer device. The least privileges based architecture separates “service” processes from desktop applications that run on behalf of a logged-on user by partitioning the global namespace of the software system into service namespaces and logged-on user namespaces, and by strictly controlling communications between the applications and services in these different namespaces using interprocess communications. Moreover, the security architecture uses custom accounts to assure that each service process has the least set of privileges that are needed for implementing its function regardless of the privileges associated with the calling application or user. | 01-28-2016 |
20160034683 | MEMORY CARD AND STORAGE SYSTEM HAVING AUTHENTICATION PROGRAM AND METHOD FOR OPERATING THEREOF - A memory card includes a nonvolatile memory and a device controller. The nonvolatile memory stores data. The device controller divides the nonvolatile memory into a plurality of logical units and stores an authentication program at a partial area the plurality of logical units. When connected with a host, the device controller enables the authentication program to be executable on the host. | 02-04-2016 |
20160042174 | OPEN ARCHITECTURE SECURITY METHODS AND SYSTEMS - Devices, methods, systems, and computer-readable media for open architecture security are described herein. One or more embodiments include a method for open architecture security, comprising: identifying a source of a received computing component, assigning a value to the received computing component based on the source, and designating the received computing component into a security level based on the assigned value. | 02-11-2016 |
20160042194 | SYSTEM AND METHOD FOR SECURE MULTI-TENANCY IN OPERATING SYSTEM OF A STORAGE SYSTEM - Exemplary methods for providing secure multi-tenancy in a Purpose Built Backup Appliance include creating a set of tenant-units (TUs), associating file system management objects (FSMOs) and users with the TUs. The methods further include maintaining a protocol config-metadata store based on the association of the FSMOs and users with the TUs. In one embodiment, in response to a first request from a first user to access a first FSMO of a first TU, the methods include determining whether the first user is authorized to access the first FSMO based on information of the protocol config-metadata store, and in response to the protocol config-metadata store indicating the first user is authorized to access the first FSMO, allowing the first user to access the first FSMO. | 02-11-2016 |
20160042195 | EMBEDDING SECRET DATA IN CODE - In a computer system operable at more than one privilege level, an application is securely customized to use secret data without disclosing the secret data to a managing operating system. In operation, an integrity module executes at a higher privilege level than both the managing operating system and the application. After the managing operating system loads the application executable code, the integrity module injects the secret data directly into the instruction stream of the application executable code and then sets the memory location of the secret data as executable-only. As the application executes at the assigned privilege level, the instruction in the application directly accesses the secret data without performing any indirect memory access, thereby protecting the secret data from malicious attempts to read the secret data at a privilege level lower than the integrity module. | 02-11-2016 |
20160055323 | AUTHENTICATION VIA ACCELEROMETER - Authentication via accelerometer may be provided. Upon receiving a request to unlock a device, a user may perform an authentication movement that may be detected by an accelerometer on the device. If the authentication movement is determined to match an approved movement, the device may be unlocked. | 02-25-2016 |
20160055324 | Context-Based Authentication Mode Selection - A system and method for configuring authentication of a mobile communications device entail detecting user context and device context factors and determining whether a current authentication mode is impractical or unfeasible in view of such factors. User context information of interest includes any indication that the user is driving or in a meeting for example. Context factors of interest include for example such factors as light, noise, or user activities such as driving. Based on this user context and device context, if the currently set authentication mode is impractical or unfeasible, then the device may select an available alternative authentication mode and reconfigure the device for that mode. | 02-25-2016 |
20160063253 | SECURE RECOVERY APPARATUS AND METHOD - A system and method is disclosed for recovering a boot image. Hardware instructions initiate a loading of a computer operating system on a computing device. During the loading of the operating system, multiple portions of boot code are verified and a determination is made whether each portion is valid. If a portion of boot code is determined to be invalid, a secure portion of the boot code is loaded to repair the invalid code and the loading of the operating system resumed. | 03-03-2016 |
20160078203 | Continuous Monitoring of Access of Computing Resources - Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action. | 03-17-2016 |
20160085979 | IMAGE FORMING APPARATUS, AND METHOD FOR CONTROLLING IMAGE FORMING APPARATUS - In an image forming apparatus, control is performed to enable, when a print function is selected with a user being authenticated, a printing operation of document data of a user registered in an authentication database and associated with the authenticated user, among document data stored in a storage unit, and to enable, when the print function is selected in a logged-in state without individual authentication, a printing operation of document data of an unauthenticated user, among the document data stored in the storage unit. | 03-24-2016 |
20160098554 | In-Band Peripheral Authentication - This document describes techniques ( | 04-07-2016 |
20160098570 | Method and Apparatus for Determining Permission of Application Program - A method for determining a permission of an application program is presented. The method for determining a permission of an application program in the present disclosure includes receiving an installation request of a first application, where the installation request carries a first permission list that the first application applies for and a first shared user identifier requested by the first application; searching, according to the first shared user identifier, for at least one second application that uses the first shared user identifier and is already installed in a system; and if the first application is a plug-in of the second application already installed in the system, determining a permission of the first application according to the first permission list that the first application applies for and a permission in a second permission list corresponding to the first shared user identifier. | 04-07-2016 |
20160103989 | DEVICE AUTHENTICATION - Multi-touch groupings of characters are detected for device authentication and access. In an embodiment, one or more non-character based factors are used in combination with an inputted authentication code (character based) for device authentication and access. | 04-14-2016 |
20160124869 | METHOD AND SYSTEM FOR SECURE STORAGE AND RETRIEVAL OF MACHINE STATE - A machine state vector is received at a memory. The machine state vector has a machine state and a machine identifier. Write access qualification is met if the machine state entry is an initial write, or if the machine identifier matches the machine identifier of a stored machine state vector, and machine identifier and machine state are stored in the memory. A fetch machine state request is received, having a requestor machine identifier. A machine state retrieval qualification is met by the requestor machine identifier matching the stored machine identifier, and the machine state is retrieved. | 05-05-2016 |
20160147986 | ENERGY HARVESTING WEARABLE AUTHENTICATION - Systems and methods may provide for determining a first energy generation pattern associated with a wearable device and determining a second energy generation pattern associated with the wearable device. Additionally, a user authentication may be conducted based at least in part on the first energy generation pattern and the second energy generation pattern. In one example, a usage profile associated with the second energy generation pattern is selected, wherein determining the first energy generation pattern includes selecting the first energy generation pattern from a plurality of training patterns based on the usage profile. | 05-26-2016 |
20160147988 | DEVICE AND METHOD FOR CONTROLLING ACCESS TO AT LEAST ONE MACHINE - The invention relates to a device for controlling access to a machine, comprising a portable object having a signal transmission member and a device for locking and unlocking a machine. The member for controlling the device is capable of triggering, once the second transceiver of the device has received the signal, the transmission of a signal to a wireless radio receiver supported by the portable object, and comprises a control member for triggering, when the wireless radio receiver has received the second signal, the transmission of a signal, the control member being connected to a calculator member for computing a distance between the portable object and the device using the signals, the portable object comprising a member for independently powering the transmission member, the receiver and the control member thereof. The device comprises a further calculator member for computing an incoming angle of the first signal and/or the third signal such as to trigger, when the angle is within a given angular range and when the distance is lower than a predetermined value, the unlocking of the machine and to trigger, when the distance is higher than a predetermined value, the locking of the machine. | 05-26-2016 |
20160147991 | IMPLEMENTING EXTENT GRANULARITY AUTHORIZATION AND DEAUTHORIZATION PROCESSING IN CAPI ADAPTERS - A method, system and computer program product are provided for implementing block extent granularity authorization and deauthorization processing for a Coherent Accelerator Processor Interface (CAPI) adapter. The Application Client, such as an Application Child Client sends a Delete Authorizations command to the CAPI Adapter via the Client CAPI Server Registers assigned to the specific Application Client. The CAPI Adapter deletes the Authorizations in all Lists in the Delete Authorizations command. | 05-26-2016 |
20160162682 | METHOD AND APPARATUS FOR MANAGING CONFIDENTIAL INFORMATION - The invention is a method and apparatus for managing the secure acquisition, storage and disclosure of confidential information, to facilitate identity rights management; and/or preemptively authorized data querying techniques to preserve the anonymity of disclosed personal data. | 06-09-2016 |
20160162683 | PASSIVE SECURITY OF APPLICATIONS - Example embodiments disclosed herein relate to performing a security function on an application based on processed passive user information. Applications are associated with a passive security engine. Passive user information is monitored via inputs. The passive user information is processed. A security function is performed for at least two of the applications based on the processed passive user information. | 06-09-2016 |
20160170912 | SAFELY DISCOVERING SECURE MONITORS AND HYPERVISOR IMPLEMENTATIONS IN SYSTEMS OPERABLE AT MULTIPLE HIERARCHICAL PRIVILEGE LEVELS | 06-16-2016 |
20160171204 | INFORMATON PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT | 06-16-2016 |
20160171231 | EMERGENCY NOTIFICATION SYSTEM AND METHODS | 06-16-2016 |
20160171245 | ENTERPRISE CONTENT MANAGEMENT PLATFORM VALIDATOR | 06-16-2016 |
20160178906 | VIRTUAL WEARABLES | 06-23-2016 |
20160180105 | Virtual output queue authorization management method and device, and computer storage medium | 06-23-2016 |
20160188895 | ELECTRONIC SYSTEM WITH ACCESS MANAGEMENT MECHANISM AND METHOD OF OPERATION THEREOF - An electronic system includes: a control unit configured to operate on a user interface; and the user interface, coupled to the control unit, configure to: present an application coupled to an access configuration to customize a permission level for a service type, and receive an input for changing the permission level of the service type for accessing a resource type for customizing an operation of the application on a device. | 06-30-2016 |
20160196414 | ADVANCED MULTI-FACTOR AUTHENTICATION | 07-07-2016 |
20160253507 | Management of Application Access | 09-01-2016 |
20160378962 | Method and Apparatus for Controlling Access to a Resource in a Computer Device - A computer device and method are described for controlling access to a resource. An execution environment executes a user process with access privileges according to a user security context. A security unit controls access to resources according to the user security context, with the user process making system calls to the security unit. A proxy hook module embedded within the user process intercepts the system call and generates a proxy resource access request. A proxy service module in a privileged security context validates the proxy resource access request from the proxy hook module and, if validated, obtains and returns a resource handle that permits access to the desired resource by the user process. | 12-29-2016 |
20160378970 | AUTOMATIC DISCOVERY AND INSTALLATION OF SECURE BOOT CERTIFICATES - A method includes a unified extensible firmware interface of a compute node identifying an option ROM or an OS boot loader within the compute node, wherein the option ROM or OS boot loader stores a signed image that can be verified using a required digital certificate. The method further includes determining that the unified extensible firmware interface does not store the required digital certificate in a revocation database or in an authorization database. Still further, the method includes automatically identifying the required digital certificate in a database of digital certificates other than the revocation database or the authorization database, and providing the required digital certificate to the authorization database. | 12-29-2016 |
20160378971 | AUTHENTICATION OF A MULTIPLE PROTOCOL CONNECTION - An apparatus is described herein. The apparatus includes a controller and a proxy entity. The controller is to detect a peripheral device and authenticate the peripheral device according to a first protocol. The proxy entity that is to configure the peripheral device in an operable protocol in response to the authentication. | 12-29-2016 |
20160379000 | DYNAMICALLY MEASURING THE INTEGRITY OF A COMPUTING APPARATUS - The present disclosure includes methods and systems for measuring the integrity of a device. A number of embodiments can include initiating an observatory in a system and initiating a remote manager. A number of embodiments can also include measuring the integrity of the device from the observatory and accessing the integrity measurement of the device from the remote manager. | 12-29-2016 |
20160379002 | Catalog-Based User Authorization to Access to Multiple Applications - Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions. Decision and enforcement points are associated with the system entry points within software applications belonging to catalog(s). | 12-29-2016 |
20190147159 | ANTI-REPLAY AUTHENTICATION SYSTEMS AND METHODS | 05-16-2019 |