05th week of 2016 patent applcation highlights part 73 |
Patent application number | Title | Published |
20160036757 | METHOD AND SYSTEM FOR ALLOWING INDIVIDUALS TO QUICKLY AND EASILY SHARE THEIR BEHAVIORS OR ACTIONS ON A SOCIAL NETWORK - A system for allowing an individual to share at least one behavior or action on a social network, the system comprising: a token comprising token data relating to the identification of the token and the social network so that at least one behavior or action can be shared on the social network; and a reader for receiving the token data from the token and for transferring the token data to a social network. | 2016-02-04 |
20160036758 | ONLINE GIFT DELIVERY CONFIRMATION SYSTEM AND METHOD - An online delivery servicing system includes a server that functions with a customer computing device to obtain delivery confirmation request information associated with an online gift purchased by a customer for a recipient in which the delivery confirmation request information is associated with a quantity of delivery confirmation messages to be transmitted to a recipient of the online gift and a period of elapsed time for each delivery confirmation message. At each period of elapsed time, the server transmits one of the delivery confirmation messages to a recipient computing device associated with the recipient such that, when a response to the one delivery confirmation message is received, the server transmits a customer confirmation message to the customer computing device, and when the quantity of delivery confirmation messages have been transmitted and no response has been received from the recipient computing device, the server transmits a customer delivery failure message to the customer computing device. | 2016-02-04 |
20160036759 | SYSTEMS AND METHODS FOR EVENT STREAM MANAGEMENT - A system for managing event streams is provided that includes a volatile memory, a non-volatile memory, and a processor. The volatile memory is configured to store, for each of a plurality of event streams associated with the client device, metadata indicative of events not yet delivered to a client device and the content associated with only a most recent event of the event stream. The non-volatile memory is configured to store the content associated with each of undelivered events. The processor is configured to, upon receiving a request from the client device, retrieve from the volatile memory, without accessing the non-volatile memory, data indicative of a current state of an event stream associated with the client device. The processor is further configured to deliver the retrieved data indicative of the current state of the event stream. | 2016-02-04 |
20160036760 | TARGETED NOTIFICATION OF CONTENT AVAILABILITY TO A MOBILE DEVICE - A system includes a first computing device client associated with a first user in a community of users operable to send content to publish to a data aggregation server. The data aggregation server is operable to receive the content to publish from the first computing device client, host a first user profile associated with the first user of the first computing device client, the first user profile identifying a targeted recipient in the community of users, and disseminate automatically the content received from the first computing device client to a second computing device client associated with the targeted recipient, without receiving input from the first computing device client explicitly specifying the targeted recipient to whom the content is disseminated | 2016-02-04 |
20160036761 | FORWARDING SELECTED DOCUMENT PASSAGES FROM AN ELECTRONIC READER - A method of forwarding selected passages from an electronic document being displayed on an electronic reader to a designated recipient. The method includes electronically selecting a passage from the electronic document, and automatically associating metadata with a selected passage upon selection by the user. The method also includes storing the selected passage together with the associated metadata in a file in the memory of the electronic reader. The method further includes electronically checking the selected passage for compliance with special requirements, the special requirements including a designated size of the selected passage, the special requirement of the designated size of the selected passage being of a variable size designated by the user based on user preference. The method also includes electronically transmitting the stored selected passage and associated metadata from the electronic reader to a designated recipient after completion of the electronic checking by the electronic reader. | 2016-02-04 |
20160036762 | DYNAMIC DNS-BASED SERVICE DISCOVERY - Techniques are provided for performing dynamic DNS-SD. In an embodiment, an apparatus includes one or more databases, one or more transceivers to receive a first Domain Name System (DNS) query from a first computing device, the first DNS query defining a first service discovery name space, and one or more processors in communication with each of the one or more databases and the one or more transceivers. The one or more processors generate and append a first metadata associated with the first computing device to the first DNS query. The one or more transceivers transmit the first DNS query and the first metadata to a Domain Name System (DNS) server computer, receive, from the DNS server computer, a first response responsive to the first DNS query, and relay, to the first computing device, the first response. | 2016-02-04 |
20160036763 | Selective Proxying In Domain Name Systems - Systems and methods for processing requests for domain name information in accordance with subscriber information are provided. A request for domain name information can be correlated with subscriber preferences to resolve the domain name information. Domain names may be flagged for blocking or proxying by one or more subscriber preferences. In response to a flagged domain name, a client device can be redirected to a web server that can function as proxy on behalf of the user for accessing the flagged domain. In one example, user preferences and/or network preferences can be used to determine whether a particular user can bypass a blocking preference and access the flagged domain using the proxy. | 2016-02-04 |
20160036764 | Mechanism And Service For Device Naming - A naming scheme for IoT Devices can address the problem that the existing naming schemes of the IoT devices do not support device discovery and group operation efficiently. An IoT Device Name Service (IDNS) can be in charge of how the device name is generated from the location and other context information; updated due to the location change or context variation; and discovered. The IoT Devices can be routed by their names using a Name Routing Protocol (NRP). With the name scheme and NRP, the IoT Devices do not need to implement the full protocol stack to enable the direct communication between them. | 2016-02-04 |
20160036765 | Content delivery network (CDN) content server request handling mechanism with metadata framework support - To serve content through a content delivery network (CDN), the CDN must have some information about the identity, characteristics and state of its target objects. Such additional information is provided in the form of object metadata, which according to the invention can be located in the request string itself, in the response headers from the origin server, in a metadata configuration file distributed to CDN servers, or in a per-customer metadata configuration file. CDN content servers execute a request identification and parsing process to locate object metadata and to handle the request in accordance therewith. Where different types of metadata exist for a particular object, metadata in a configuration file is overridden by metadata in a response header or request string, with metadata in the request string taking precedence. | 2016-02-04 |
20160036766 | METHOD AND SYSTEM FOR SYNCHRONIZING PROGRAM MASKS - A method is provided for synchronization of program masks, wherein the method comprises receiving a first request message from the first client means, wherein a first program mask is requested by the first request message, determining a first unique identifier for the requested first program mask, transmitting the requested first program mask and the first unique identifier to the first client means, receiving a second request message from the second client means, wherein the second request message comprises at least the first unique identifier, determining the first program mask, which is assigned to the received first unique identifier, and transmitting the determined first program mask to the second client means. | 2016-02-04 |
20160036767 | UEFI AND OPERATING SYSTEM DRIVER METHODS FOR UPDATING MAC ADDRESS IN LAN-BASED NIC - An information handling system (IHS) unambiguously addresses networked devices connected by a local area network (LAN) based network interface controller (NIC) by detecting a device descriptor of LAN-based NIC, determining that the device descriptor indicates a capability for assigning a reserve media access control (MAC) address to the networked device, writing the reserve MAC address in the LAN-based NIC of the networked device, and associating the reserve MAC address with the networked device in an inventory data structure for the IHS. | 2016-02-04 |
20160036768 | Technique to Delegate Prefixes To Wi-Fi Clients Connected To Mobile Access Point Routers - Methods, devices, systems, and non-transitory process-readable storage media of the various embodiments enable a software-enabled access point mobile computing device to delegate prefixes to already connected local area network (LAN) client devices upon establishment or re-establishment of a data connection. The various embodiments may enable a mobile computing device configured to operate as a mobile router (i.e., a softAP mobile computing device) to support prefix delegation by providing unique IPv6 prefixes to connected LAN client devices. | 2016-02-04 |
20160036769 | METHOD AND SYSTEM FOR PRESENTING RECOMMENDATION INFORMATION - A method for presenting recommendation information includes: receiving a data obtaining request from a client terminal, recording a first address of the client terminal at this time and presenting corresponding recommendation information for the client terminal; receiving a response message sent from the client terminal after the client terminal has played the recommendation information, recording a second address of the client terminal at this time, and storing a corresponding relationship between the first address and the second address into an address data file; reading a specified address from a region address database which is corresponding to a specified region, and obtaining corresponding relationships each with the first address being the specified address from the address data file; in case of determining that the specified address has been converted via the corresponding relationships, not presenting recommendation information corresponding to the specified region to the specified address. | 2016-02-04 |
20160036770 | METHOD TO CONTROL DYNAMIC HOST CONFIGURATION PROTOCOL POOL EXHAUSTION IN DYNAMIC NETWORK ENVIRONMENTS - The present disclosure discloses a method and a network device for controlling DHCP pool exhaustion in dynamic network environments. Specifically, a network device determines that a client device is assigned an Internet Protocol (IP) address by a DHCP server. The network device detects that the client device is disconnected from a network associated with the IP address, for example, by receiving a de-association message from the client device; determining that a session or an entry corresponding to the client device has timed out; determining that the client device has failed to respond to one or more messages transmitted to the client device; determining that the client device has connected to another network different than said network; etc. In response, the network device then generates a DHCP release message on behalf of the client device, and transmits the DHCP release message to the DHCP server. | 2016-02-04 |
20160036771 | CLIENT DEVICE ADDRESS ASSIGNMENT FOLLOWING AUTHENTICATION - Methods and systems are described for assigning the proper internet protocol (IP) address to a client device following authentication of the client device on a network. In particular, at commencement of an authentication procedure of the client device, a role is associated with the client device that denies all DHCP renews/requests. By assigning a role to the client device 103 with a “deny DHCP renew/request” rule at the commencement of an authentication procedure, the systems and methods described herein ensure that a race condition does not allow the client device to renew an IP address in an old segment of the network. Accordingly, the client device may avoid a possibly improper IP address in a segment of the network system in which the client device is no longer associated with or operating on. | 2016-02-04 |
20160036772 | Technique to Prevent IPv6 Address Exhaustion in Prefix Delegation Mode for Mobile Access Point Routers - Methods, devices, systems, and non-transitory process-readable storage media include methods for preventing IPv6 address exhaustion in prefix delegation mode by a software-enabled access point (“softAP”) mobile computing device providing an Internet Protocol version 6 (IPv6) wide area network (WAN) connection to a plurality of client devices. A processor of a softAP mobile computing device may include assigning an unassigned prefix of a pool of available prefixes to a client device connected to a local area network (LAN) established by the softAP mobile computing device. The processor may determine whether the client device is disconnected from the LAN based on receiving an indication that the client device has disconnected. The processor may perform a cache look-up to obtain a link-local address of the client device when the client device is disconnected from the LAN, and unassign the prefix associated with the link-local address of the client device. | 2016-02-04 |
20160036773 | INTERNET PROTOCOL ADDRESS RESOLUTION - A first edge node in a first site network receives an Internet Protocol (IP) address resolving request packet from a device in the first site network. The first edge node replaces a source Media Access Control (MAC) address of an Ethernet frame header and a sender MAC address in a packet body of the IP address resolving request packet with the MAC address of the first edge node. The first edge node forwards the IP address resolving request packet to a second site network via a tunnel linking the first site network and the second site network. | 2016-02-04 |
20160036774 | GLOBAL VLAN SERVICES - One embodiment of the present invention provides a switch in a network of interconnected switches. The switch includes a forwarding domain apparatus and a forwarding apparatus. The forwarding domain apparatus maintains a mapping between a first virtual local area network (VLAN) identifier and a first global VLAN identifier in a local storage device. The global VLAN identifier represents a layer-2 forwarding domain in the network and is distinct from a customer VLAN or a service-provider VLAN. The mapping is independent of a type of the VLAN identifier. During operation, the forwarding apparatus encapsulates a first packet belonging to the first VLAN in a network encapsulation header. The encapsulated packet is forwardable in the network based on the network encapsulation header. The forwarding apparatus includes the first global VLAN identifier in the network encapsulation header of the first packet. | 2016-02-04 |
20160036775 | DATA PROCESSING SYSTEM - A method, computer program product, and computing system for rendering an alias configuration window for defining an alias that is linked to/associated with a user profile for a user of a dating website. One or more alias selections are received from the alias configuration window concerning the alias that is linked to/associated with the user profile for the user of the dating website. The alias is generated that includes the one or more alias selections received from the alias configuration window. | 2016-02-04 |
20160036776 | METHOD AND APPARATUS FOR REQUESTING OR PROVIDING RESOURCE BY TERMINAL OF SERVER IN WIRELESS COMMUNICATION SYSTEM - A method for processing a request for MO data using a cache validator (CV) allocated to an MO instance according to an embodiment of the present invention, comprises the steps of: receiving uniform resource identifier (URI) information to identify the MO data of requesting certain MO data of the MO instance from a server; determining whether the URI information includes a first CV; transmitting the requested certain MO data to the server when the URI information does not include the first CV; and transmitting a second CV for the MO instance when the URI information indicates a root node of the MO instance, wherein the MO instance has a tree structure consisting of at least one node; the MO data comprises the name, value and structure of a node included in the MO instance, and the method is performed by a terminal. | 2016-02-04 |
20160036777 | Method Of Near Real-Time Automated Global Geographical IP Address Discovery and Lookup by Executing Computer-Executable Instructions Stored On a Non-Transitory Computer-Readable Medium - A method of near real-time global geographical IP address automated lookup utilizes an automated system continually performing a plurality of IP address location discovery techniques including traceroute automation, global server triangulation other geo IP discovery techniques and rolling cross checks across the system to build and maintain a global geo IP database with known geo locations of IP addresses. The geo IP database may be utilized to request the geo location of a specific IP address, and if the geo location of the specific IP address is unknown the system attempts to acquire the geo location of the specific IP address using the IP address location discovery techniques. | 2016-02-04 |
20160036778 | APPLYING A PACKET ROUTING POLICY TO AN APPLICATION SESSION - A security gateway includes packet routing policies, each including a host network address, an application network address, and a forwarding interface. In routing data packets of an application session, the security gateway: recognizes the application session between a network and an application; determines a user identity from an application session record for the application session; determines packet routing policies applicable to the application session based on the user identity; receives a data packet for the application session, including a source network address and a destination network address; compares the source network address with the host network address, and the destination network address with the application network address; and in response to finding a match between the source network address and the host network address, and between the destination network address and the application network address, processes the data packet using the forwarding interface of the packet routing policy. | 2016-02-04 |
20160036779 | SYSTEM AND METHOD FOR RESPONDING TO AGGRESSIVE BEHAVIOR ASSOCIATED WITH WIRELESS DEVICES - An embodiment of the invention describes a wireless device comprising a Subscriber Identity Module (SIM) further comprising a memory for storing program code for performing a plurality of operations, and a processor for processing the program code to execute the plurality of operations, the operations including receiving over-the-air instructions via a wireless network from a control center to create a rules set in the SIM, wherein the rules set defines an acceptable behavior of the wireless device, monitoring requests from a wireless modem of the wireless device for access files stored in the SIM, detecting an aggressive behavior of the wireless device based on the rules set, and blocking the wireless modem from generating traffic in the wireless network. | 2016-02-04 |
20160036780 | AUTOMATED CONFIGURATION OF ENDPOINT SECURITY MANAGEMENT - Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security application launches one or more functions of the client security application that are designated by the selected configuration. | 2016-02-04 |
20160036781 | EXTENSIBLE ACCESS CONTROL ARCHITECTURE - Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication. | 2016-02-04 |
20160036782 | CONTENT-BASED ASSOCIATION OF DEVICE TO USER - Example methods and systems for content-based association of a device to a user are presented. In an example method, data corresponding to each of a plurality of items of content stored within a user device are accessed. A device identifier for the user device is generated based on the data. The device identifier is transmitted from the user device to a service device to associate the user device with a user. | 2016-02-04 |
20160036783 | CONTROL WORD AND ASSOCIATED ENTITLEMENT CONTROL MESSAGE CACHING AND REUSE - Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs. | 2016-02-04 |
20160036784 | CONTROLLING WRITE ACCESS TO A RESOURCE IN A RELOAD NETWORK - Methods and apparatus for controlling write access by one or more accessing nodes to a resource within a Resource Location And Discovery, RELOAD, network. The methods and apparatus configured to: at a node owning the resource, obtain a public key of a peer responsible for the resource, encrypt a write key using the obtained public key and send the encrypted write key to the peer responsible for the resource; at the peer responsible for the resource, decrypt the write key; at an accessing node, sign data to be written to the resource using the write key and send a request to the peer responsible for the resource to write the signed data to the resource; and at the peer responsible for the resource, control write access to the resource based on the decrypted write key and the signed data. | 2016-02-04 |
20160036785 | SECURE NETWORK COMMUNICATION - A client device configured to intercept an outgoing packet. The outgoing packet includes a destination network address. The client device is further configured to use an encryption key to encrypt the outgoing packet to generate an encrypted packet, scatter the encryption key into the encrypted packet according to pattern logic defined by a unique identifier of a routing server, and send the encrypted packet containing the scattered encryption key to the routing server. The routing server is configured to receive the encrypted packet containing the scattered encryption key, extract the encryption key from the encrypted packet using the pattern logic defined by the unique identifier, use the encryption key to decrypt the encrypted packet to obtain the outgoing packet including the destination network address, and send the outgoing packet to the destination network address. | 2016-02-04 |
20160036786 | SYSTEM AND METHOD FACILITATING ENHANCED INTER-OBJECT AND HUMAN-OBJECT INTERACTIVITY USING NETWORKED ELECTRONIC DEVICES - Embodiments of the present invention disclose a method for facilitating enhanced inter-object and human-object interactivity using networked electronic devices. The method comprises providing one or more passive and active objects, generating and assigning a unique, encrypted and network-based Identification (ID) code corresponding to each of the one or more passive and active objects, custom designing a physical object Identification (ID) tag corresponding to each of the one or more passive and active objects, coupling the generated unique, encrypted and network-based Identification (ID) code with the physical object Identification (ID) tag corresponding to each of the one or more passive and active objects, retrofitting the physical object Identification (ID) tag to each of the one or more passive and active objects, providing a network for facilitating inter-object interactions and human interactions therewith, and interacting with the one or more passive and active objects retrofitted with the custom designed physical object Identification (ID) tags using one or more of at least one of portable and wearable computing and communications devices via the network, thereby facilitating realization of web of everything and anything. | 2016-02-04 |
20160036787 | METHODS AND SYSTEMS FOR NON-INTRUSIVE ANALYSIS OF SECURE COMMUNICATIONS - Method and system, comprising: capturing a plurality of secure communications between the first application and the second application; grouping the plurality of communications into one or more streams, each stream representing a network connection; and processing the one or more streams in parallel to create a plurality of transactions. | 2016-02-04 |
20160036788 | WIRELESS KEY MANAGEMENT FOR AUTHENTICATION - Disclosed are methods, and devices for wireless key management for authentication. One method includes receiving a lock identifier from a locking device; determining that the lock identifier is associated with a user profile, wherein a user profile is authenticated and encrypted by a server using a lock key that is stored by the server and the locking device, and wherein the user profile comprises a user key; transmitting the user profile; decrypting the user profile using the lock key; transmitting a security code; generating an encrypted command comprising the security code and encrypted using the user key; transmitting the command; validating the command. Validating the command can include decrypting using the user key; determining whether the security code is valid; and authenticating using the user key; and initiating, in response to validating, an action of the locking device as specified by the command. | 2016-02-04 |
20160036789 | SECURE HOST AUTHENTICATION USING SYMMETRIC KEY CRYTOGRAPHY - Methods of securely authenticating a host to a storage system are provided. A series of authentication sessions are illustratively performed. Each of the authentication sessions includes the host transmitting an authentication request to the storage system. The storage system authenticates the host based at least in part upon a content of the authentication request. After each successful authentication of the host to the storage system, an encryption key that was utilized in encrypting the authentication request that was transmitted to the storage system is deleted. After each encryption key deletion, a new encryption key that is different than the previous key is optionally stored and is utilized in the next authentication session. | 2016-02-04 |
20160036790 | SYSTEM AND METHOD FOR IDENTITY VERIFICATION ACROSS MOBILE APPLICATIONS - Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application). | 2016-02-04 |
20160036791 | SYSTEM AND METHOD FOR WIRELESS DATA PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change. | 2016-02-04 |
20160036792 | SYSTEMS, APPARATUS, AND METHODS FOR PRIVATE COMMUNICATION - Systems, apparatus, methods, etc. for private communications among trusted parties facilitated by untrusted parties. Methods are provided which comprise parameterizing a first cryptographic layer in a first peer and a corresponding layer in a second peer using a first cryptographic key. Such methods also comprise parameterizing a second cryptographic layer in the first peer and a corresponding layer in the second peer using a second cryptographic key. Methods of the current embodiment further comprise encrypting a message using the second and same cryptographic key (which differs from the first and same cryptographic parameter) and transmitting the message from the first peer whereby the second peer can decrypt the message using the second and same cryptographic key. If desired a facilitator server which is remote from the first peer facilitates peer discovery. | 2016-02-04 |
20160036793 | KEY DOWNLOADING METHOD, MANAGEMENT METHOD, DOWNLOADING MANAGEMENT METHOD, DEVICE AND SYSTEM - Disclosed is a key downloading method. The method comprises: sending a hardware series number (SN) and a first random number (Rnd | 2016-02-04 |
20160036794 | DETERMINING WHETHER TO USE A LOCAL AUTHENTICATION SERVER - The present disclosure discloses a method and a system for determining whether to use a local authentication server. Specifically, a first network device executing a first authentication server receives a request for authentication from a client device. The first network device determines whether the client device was previously successfully authenticated by a second authentication server executing on a second network device within a particular period of time. If so, the first network device attempts to authenticate the client device using the first authentication server. Otherwise, the first network device declines the request for authentication from the client device. | 2016-02-04 |
20160036795 | METHOD AND SYSTEM FOR PROVIDING A VIRTUAL ASSET PERIMETER - A system and method provides a virtual perimeter by maintaining a data structure for identifying a first plurality of assets, according to one embodiment. The system and method provides services to a second of the first plurality of assets, at least partially based on identifiers for the first plurality of assets and at least partially based on a first role assigned to a first of the first plurality of assets, according to one embodiment. The system and method include admitting one of a second plurality of assets into the virtual perimeter if characteristics of the one of the second plurality of assets satisfy criteria for admission to the virtual perimeter, according to on embodiment. | 2016-02-04 |
20160036796 | METHOD AND SYSTEM FOR FACILITATING TERMINAL IDENTIFIERS - Embodiments of the present application disclose a method for providing a terminal identifier to a terminal. During operation, a security server receives a registration information set from the terminal, in which the registration information set includes multiple pieces of equipment information from the terminal. The security server then generates a terminal identifier based on the multiple pieces of equipment information in the registration information set. The security server then returns the terminal identifier to the terminal. | 2016-02-04 |
20160036797 | Information Processing Device and Information Processing System - An information processing device includes a communication unit that makes communication with a maintenance service provision unit providing maintenance service and the communication unit transmits specification information specifying the information processing device to the maintenance service provision unit. | 2016-02-04 |
20160036798 | SECURE MOBILE CONTACT SYSTEM (SMCS) - A system for authenticating an identity of a user is disclosed. The system comprises a processor and a non-volatile storage medium comprising computer executable instructions to instruct the processor to receive an image file relating to the user, from a user device owned by the user; determine whether the image file matches stored image information ma database, wherein the stored image information is not an image file and contains identifying information about the image; and, if the image file matches the stored image information, allow the user to request an authentication message be sent to the user device, request that an authentication message be sent to a destination oilier than, the user device, or request that a message be sent to a third party whose message addressing information is unknown to the user. | 2016-02-04 |
20160036799 | SYSTEMS AND METHODS FOR LOCATION-BASED DEVICE SECURITY - A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location. | 2016-02-04 |
20160036800 | METHOD AND SYSTEM FOR CREATING A UNIQUE IDENTIFIER - Method and apparatus for creating a second unique identifier for a user in a second system based on a first unique identifier for a user in a first system. A first authentication process is initiated based on a first unique identifier associated with the user in the first system. Responsive to the user successfully authenticating during the first authentication process, the second unique identifier for a user in the second system is generated. The second unique identifier is based on user data associated with the first unique identifier in the first system, and the second unique identifier is different from the first unique identifier. | 2016-02-04 |
20160036801 | USER AUTHENTICATION IN SEPARATE AUTHENTICATION CHANNELS - Apparatuses, systems, methods, and computer program products are disclosed for user authentication in separate authentication channels. A token module is configured to create a unique token in response to receiving user credentials from an unknown user for a secure interface of a third party system. An identity module is configured to log into the secure interface using the received user credentials, and submit the unique token to a private input element located behind the secure interface. A match module is configured to receive the unique token from the private input element and a user identifier associated with the unknown user from the third party system. The match module is configured to associate the received user credentials with the user identifier based on the unique token. An access module is configured to display information associated with the user identifier to the unknown user. | 2016-02-04 |
20160036802 | PLACING A USER ACCOUNT IN ESCROW - Disclosed are systems, methods, and non-transitory computer-readable storage media for placing a user account in escrow to remove it from an administered account. An employee and/or an employer can select to remove a user account from an administered account associated with the employer. To ensure that the each party, the employer and employee, has an opportunity to retain their content stored in the removed user account, the user account can be placed into escrow, requiring login credentials of both the user and the administrator (employer) to access the user account. The user account can therefore not be accessed unless both the employer and employee each login to the account at the same time. By placing the user account in escrow, both parties can be assured that they can access the content items in the user account, and that the other party cannot access the content without their knowledge. | 2016-02-04 |
20160036803 | METHOD AND SYSTEM FOR PROCESSING OPERATION REQUEST - A method for processing an operation request includes: detecting by a terminal an operation request, and sending an operation request message to a smart card; receiving by the smart card the operation request message, storing by the smart card the operation request message, generating by the smart card a joint password, generating a signature message, sending by the smart card at least the signature message to the terminal; outputting by the smart card a prompt message about the joint password, if the smart card detects that the smart card is disconnected from the terminal after the terminal obtains the signature message; receiving by the terminal the joint password, using the joint password as a password to be verified, notifying a verification device by the terminal to verify the signature message, and triggering by the verification device a procedure responding to the operation request if the signature message is successfully verified. | 2016-02-04 |
20160036804 | TRUSTED COMMUNICATION SESSION AND CONTENT DELIVERY - Methods and systems for configuring a network are disclosed. An example method can comprise receiving a first token and an encryption key from a first device. A second token can be received from a second device. A determination can be made as to whether the first token matches the second token. Configuration information can be provided to the second device if the second token matches the first token. The configuration information can comprise information for connecting to a proxy configured on the first device. A request for content can be received from the proxy on behalf of the second device. The request for content can comprise the encryption key. | 2016-02-04 |
20160036805 | NETWORK AUTHENTICATION METHOD AND DEVICE FOR IMPLEMENTING THE SAME - A method is to be implemented using a network authentication device and a user end for authenticating the user end. The network authentication device stores hardware information associated with unique identification codes of hardware components of the user end. In the method, the user end executes a terminal program for scanning the hardware components to obtain the identification codes, for establishing a hardware list according to the identification codes, and for automatically sending to the network authentication device verification data associated with the hardware list without user operation. The network authentication device verifies identity of the user end based on the verification data and the hardware information. | 2016-02-04 |
20160036806 | Automated Password Generation and Change - An identity management system detects the occurrence of a trigger event, such as a time period expiration, or an action on the identity management system. The identity management system accordingly generates a new password for an account of a user on a third-party service and causes the account of the user on the third-party service to use the new password. The identity management system may also a mobile device management system to configure a client of the user with the new password. | 2016-02-04 |
20160036807 | SYSTEMS AND METHODS FOR COMBINED OTP AND KBA IDENTITY AUTHENTICATION - Certain implementations include systems and methods for combined one-time-passcode (OTP) and knowledge-based-authentication (KBA) identity authentication. A method is provided that includes receiving a set of identity information associated with a subject; querying one or more databases; receiving personally identifiable information; producing at least one knowledge based authentication (KBA) identity proofing question having a personally identifiable correct answer; generating a unique correct one-time pass (OTP) code for the personally identifiable correct answer; generating one or more incorrect answers with corresponding incorrect codes; outputting, the at least one KBA identity proofing question; outputting the personally identifiable correct answer with the unique correct OTP code, and the one or more incorrect answers with corresponding incorrect codes; receiving a response code; comparing the response code and the unique correct OTP code; and responsive to a match between the response code and the unique correct OTP code, outputting a first indication of authentication. | 2016-02-04 |
20160036808 | OTP TOKEN, DATA TRANSMISSION SYSTEM AND DATA TRANSMISSION METHOD FOR OTP TOKEN - An OTP token, a data transmission system and a data transmission method are provided in which when the OTP token needs to communicate with the background system server, the OTP token signs the request message to obtain a first digital signature, and sends a request data package including the first digital signature and the request message to the background system server. The background system server then verifies the first digital signature and sends an encrypted feedback data package to the OTP token after successful verifications. After encrypting the feedback data package to obtain a second digital signature to the background system server, the background system server verifies the second digital signature and performs a response operation after successful verification. | 2016-02-04 |
20160036809 | PASSWORDLESS STRONG AUTHENTICATION USING TRUSTED DEVICES - A code for accessing a resource having a customer account associated therewith is presented via a secondary device, and authentication data indicative of the code that was presented is received from a primary device. The primary device is identified as a trusted device associated with the customer account responsive to receiving the authentication data therefrom, and the secondary device is authenticated for access to the resource responsive to identification of the primary device as the trusted device associated with the customer account. | 2016-02-04 |
20160036810 | ELECTRONIC DEVICE AND METHOD OF TRANSCEIVING DATA - An electronic device and a method of transceiving data are disclosed. A method of transceiving data by an electronic device includes: storing one or more pieces of input biometric information; searching for one or more electronic devices in response to the input of the same biometric information as the stored biometric information; connecting a communication session with the one or more searched electronic devices; and transceiving data with the one or more electronic devices through the connected communication session. | 2016-02-04 |
20160036811 | DEVICE AND METHOD OF SETTING OR REMOVING SECURITY ON CONTENT - A device for removing security on content using biometric information includes a memory configured to store content on which security has been set based on first biometric information of a user; and a controller configured to obtain second biometric information of the user, which is of a different type than the first biometric information, and remove the security on the content based on the second biometric information, in response to a user input for executing the content. | 2016-02-04 |
20160036812 | Database Queries Integrity and External Security Mechanisms in Database Forensic Examinations - A method, system and computer-usable medium are disclosed for performing forensic database security operations to verify database query integrity. A database protocol packet is intercepted, inspected and then processed by an external database security mechanism (EDSM) system to extract a database query. The database query is then processed with a secret key to generate a first keyed-hash message authentication code (HMAC) value, which is then inserted into the intercepted database protocol packet according to database protocol rules to generate a modified database protocol packet in a way that HMAC values and database query will be stored in predetermined database server session tracking tables. The modified database protocol packet is then provided to a database server, where database server subsequently accessed by the EDSM system to retrieve the database query and the first HMAC value. The EDSM system then uses the same secret key to calculate a second HMAC value for the retrieved database query, which is compared to the first HMAC value to determine whether they match. If not, then the database query is marked as having been modified after being inspected by the EDSM system. | 2016-02-04 |
20160036813 | EMULATE VLANS USING MACSEC - Emulating virtual local area networks (VLAN)s using media access control security (MACsec) can include a network controller to provision a first client device of a plurality of client devices within a network with a MACsec key associated with a MACsec flow. The network controller can provision a second client device with the MACsec key associated with the MACsec flow to emulate a VLAN with secure communication between the first and the second client devices. | 2016-02-04 |
20160036814 | WIRELESS FIRMWARE UPDATES - Disclosed are methods and devices for securely updating firmware of locking devices. One method includes receiving a lock identifier from a locking device; determining that the lock identifier is associated with a user profile by comparing the lock identifier to a set of lock identifiers; receiving a firmware update packet from a server, wherein the firmware packet is encrypted by a lock key; transmitting the firmware update packet to the lock; decrypting the firmware update using the lock key; validating the encrypted firmware update; and installing the firmware update. | 2016-02-04 |
20160036815 | Regulating Communication of Audio Data From a Client Device Based on a Privacy Setting Stored by the Client Device - A client device stores a user-specified privacy setting regulating communication of information associated with audio data captured by the client device to an external entity. When the client device captures audio data, the client device determines whether the user-specified privacy setting authorizes communication of data associated with the captured audio data to an external entity. The privacy setting may identify specific external entities to which data may be communicated, specify characteristics of captured audio data authorized to be transmitted, or generally specify whether communication of data associated with captured audio data is authorized or prevented. | 2016-02-04 |
20160036816 | ZERO DAY THREAT DETECTION BASED ON FAST FLUX DETECTION AND AGGREGATION - A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records. | 2016-02-04 |
20160036817 | Protected Graphical User Interface for Role-Based Application and Data Access - Methods, systems, and computer program products for a protected graphical user interface for role-based application and data access are provided herein. A method for controlling access on an endpoint device to at least a portion of an application includes obtaining a default configuration indicating whether one or more widget functions associated with the application are enabled in a graphical user interface; modifying one or more of the widget functions in the default configuration to a disabled status in the graphical user interface based on a privilege configuration; determining if one or more user click events generated using the graphical user interface are associated with a widget function having the disabled status; and preventing the user click events having the disabled status from being provided to an operating system for further processing, wherein at least one of the steps is carried out by a computing device. | 2016-02-04 |
20160036818 | SYSTEM AND METHOD FOR PROVIDING SELECTIVE ACCESS TO A REDIRECTED DEVICE - In one embodiment, a method includes, by a computing device, receiving identifiers of one or more sessions, users, or groups selected to have access to a particular redirected device. The computing device stores the identifiers in a database, receives a request associated with a session, user, or group to access the particular redirected device, and determines whether an identifier for the session, user, or group associated with the request is stored in the database. If the identifier is stored in the database, then the computing device grants access to the redirected device, or if the identifier is not stored in the database, then the computing device blocks the session, user, or group from accessing the redirected device. | 2016-02-04 |
20160036819 | ON-BOARDING A DEVICE TO A SECURE LOCAL NETWORK - In an embodiment, a control device that is configured to onboard a target device to a secure local network by discovering a set of devices over a bootstrapping interface, establishing a bootstrap connection to at least one device from the set of devices in response to the discovery without authorizing the at least one device to access the secure local network, instructing the at least one device via the bootstrap connection to activate an observable function that is configured to be observable to one or more observation entities that are separate from the control device and are in proximity to the at least one device, determining whether an operator of the control device verifies that the observable function has been successfully detected as performed by the target device and selectively authorizing the at least one device to access the secure local network based on the determination. | 2016-02-04 |
20160036820 | DEVICE MANAGEMENT APPARATUS THAT NOTIFY UNAUTHORIZED USE OF ELECTRONIC DEVICE DURING DISCONNECTION TIME PERIOD OF ELECTRONIC DEVICE FROM NETWORK, RECORDING MEDIUM AND DEVICE MANAGEMENT METHOD - A device management apparatus for notifying unauthorized use of an electronic device includes a connection status detecting circuit, a usage log acquiring circuit, and a notification circuit. The connection status detecting circuit detects a connection status of the electronic device to a network. The usage log acquiring circuit acquires a usage log of the electronic device. The notification circuit notifies an unauthorized use of the electronic device. The notification circuit notifies the unauthorized use if the usage logs acquired by the usage log acquiring circuit before and after a time period of disconnection of the electronic device from the network are varied, a reconnection of the electronic device to the network being detected by the connection status detecting circuit. | 2016-02-04 |
20160036821 | Method Of Advertising Using An Electronic Processor Authorization Challenge - A method of advertising using an electronic processor authorization challenge. An advertisement is combined with an authorization key to form an image. An electronic processor disassembles the image and presents the disassembled image to a user by a graphical user interface as an authorization challenge. The authorization challenge can be successfully overcome by a human user reassembling the divided image, then recognizing the authorization key, and then responding to the authorization key. The authorization key is data configured to be inputted into an electronic processor by a human user or data corresponding to a command configured to be performed by a human user. The authorization key can be an advertisement, a feature of an advertisement, a coupon, a CAPTCHA, a Reverse Turing Test, a command, an image, a string of text, a number, a letter, a symbol, a combination of a number, a letter, or a symbol. | 2016-02-04 |
20160036822 | METHOD AND APPARATUS FOR SHARING DATA - A relay server includes a storage configured to store first access right information of a first cloud storage service to which a first user is subscribed and second access right information of a second cloud storage service to which a second user is subscribed. The relay server further includes a communication interface configured to request, from the first cloud storage service, first data that is stored in the first cloud storage service, based on the first access right information, and receive the requested first data from the first cloud storage. The relay server further includes a controller configured to control the communication interface to store the received first data in the second cloud storage service, based on the second access right information. | 2016-02-04 |
20160036823 | ACCESSING PRIVILEGED OBJECTS IN A SERVER ENVIRONMENT - Accessing privileged objects in a server environment. A privileged object is associated with an application comprising at least one process resource and a corresponding semi-privileged instruction. The association is filed in an entity of an operating system kernel. A central processing unit (CPU) performs an authorization check if the semi-privileged instruction is issued and attempts to access the privileged object. The CPU executes the semi-privileged instruction and grants access to the privileged object if the operating system kernel has issued the semi-privileged instruction; or accesses the entity if a process resource of the application has issued the semi-privileged instruction to determine authorization of the process resource to access the privileged object. Upon positive authorization the CPU executes the semi-privileged instruction and grants access to the privileged object, and upon authorization failure denies execution of the semi-privileged instruction and performs a corresponding authorization check failure handling. | 2016-02-04 |
20160036824 | CONTROL AND VERIFICATION OF PERMISSIONS - A verification method includes configuring a reference system, running on a computer, to have the same set of executables and customizations as an e-business system to be verified. The reference system is configured with one or more roles that have permissions to execute all transactions in a scope of a planned verification. One or more business processes that are implemented in the e-business system and are in the scope of the planned verification are mapped and are executed using the reference system. Logs of permission checks conducted in the business processes are saved in a repository. Reference data is created by merging records from the logs of the permission checks with respect to at least one role in the scope of the verification. Permission settings for the at least one role in the e-business system are compared with corresponding permission values in the reference data for the at least one role. Based on comparing the permission settings, an indication is displayed to a user of whether the permission settings match the corresponding permission values. | 2016-02-04 |
20160036825 | COMMUNICATION MANAGEMENT AND POLICY-BASED DATA ROUTING - A network environment includes a wireless access point providing access to a corresponding network. One or more mobile communication devices communicate with the wireless access point to access the network. In response to receiving a request from a mobile communication device to establish the wireless communication link, the wireless access point conveys communications between the mobile communication device and a remote server to authenticate the mobile communication device. During authentication, the wireless access point receives a policy assigned to the mobile communication device. | 2016-02-04 |
20160036826 | SECURE CONTENT PACKAGING USING MULTIPLE TRUSTED EXECUTION ENVIRONMENTS - Technologies for secure content packaging include a source computing device that transmits a secure package to a destination computing device. The destination computing device establishes a content policy trusted execution environment and a key policy trusted execution environment. The content policy trusted execution environment may be established in a secure enclave using processor support. The key policy trusted execution environment may be established using a security engine. The key policy trusted execution environment evaluates a key access policy and decrypts a content key using a master wrapping key. The content policy trusted execution environment evaluates a content access policy and decrypts the content using the decrypted content key. Similarly, the source computing device authors the secure package using a content policy trusted execution environment and a key policy trusted execution environment. The master wrapping key may be provisioned to the computing devices during manufacture. Other embodiments are described and claimed. | 2016-02-04 |
20160036827 | Access Requests at IAM System Implementing IAM Data Model - Systems and methods are provided for provisioning access rights to physical computing resources using an IAM system implementing an IAM data model. The IAM data model may identify logical and physical computing resources. An access request handler may receive an access request and identify a set of logical permissions based on the access request. The access request handler may derive a set of logical entitlements based on the set of logical permissions. An entitlement translator may translate the set of logical entitlements to a physical entitlement specification based on a set of physical permission specifications associated with the set of logical permissions. A physical permission specification may be obtained by mapping a logical permission to one or more physical permissions. An access control manager may then provision access rights to at least one physical computing resource indicated in the physical entitlement specification. | 2016-02-04 |
20160036828 | SECURE TWO-DIMENSIONAL BARCODES - The disclosed invention provides ways to prevent a user of mobile device from being deceived into disclosing sensitive personal information from scanning a machine-readable two-dimensional barcode that contains a URI. | 2016-02-04 |
20160036829 | CYBERSECURITY TRAINING SYSTEM WITH AUTOMATED APPLICATION OF BRANDED CONTENT - A cybersecurity training system uses lures and training actions to help train a user of an electronic device to recognize and act appropriately in situations that could compromise security. The system includes an administrator interface by which an administrator may customize a lure and/or a training action with branded content. When used in a lure, this enables the lure to appear to the user as if it were a legitimate, non-threatening action from the brand. If the user falls for the lure, the system may provide the user with cybersecurity training, which may automatically include content that is tailored for the selected brand. | 2016-02-04 |
20160036830 | Web Redirection for Content Scanning - This specification generally relates to using redirect messages to implement content scanning. One example method includes receiving from a client a first request for a network resource, the first request including an original location of the network resource; determining that a response to the first request is to be analyzed; sending a redirect response to the client including a modified location for the network resource different than the original location; receiving a second request for the network resource from the client, the second request including the modified location; in response to receiving the second request for the network resource from the client: retrieving the network resource from the original location; determining that the retrieved network resource is suitable to send to the client; and in response to determining that the retrieved network resource is suitable, sending the retrieved network resource to the client. | 2016-02-04 |
20160036831 | WEB REDIRECTION FOR CONTENT FILTERING - This specification generally relates to using redirect messages to implement content filtering. One example method includes determining that access to a network resource should be redirected based at least in part on access behavior associated with the network resource; receiving from a client a first request for the network resource, the first request including an original location of the network resource; sending a redirect response to the client including a modified location for the network resource different than the original location; receiving a second request for the network resource from the client including the modified location; retrieving the network resource from the original location; performing at least one action on the retrieved network resource; and selectively sending the retrieved network resource to the client based at least in part on a result associated with the at least one action. | 2016-02-04 |
20160036832 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR SENDING INFORMATION EXTRACTED FROM A POTENTIALLY UNWANTED DATA SAMPLE TO GENERATE A SIGNATURE - A system, method and computer program product are provided for sending information extracted from a potentially unwanted data sample to generate a signature. In use, information is extracted from a portion of a sample of potentially unwanted data. Further, the information is sent to generate a signature. | 2016-02-04 |
20160036833 | Client Reputation Driven Role-Based Access Control - The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score. | 2016-02-04 |
20160036834 | SYSTEM AND METHOD FOR DETERMINING CATEGORY OF TRUSTOF APPLICATIONS PERFORMING INTERFACE OVERLAY - Disclose dare systems and method for determining category of trust of software applications. An example method includes monitoring a first application to detect an overlay of at least one interface element of the first application by at least one interface element of a second application; collecting information about the second application, wherein the information includes at least a danger status of the second application, wherein the danger status determines a danger caused by the second application to the first application; determining a category of trust of the second application based on an analysis of the collected information; and determining, based on the category of trust of the second application, whether to allow or prohibit overlay of the at least one interface element of the first application by the at least one interface element of the second application. | 2016-02-04 |
20160036835 | METHOD AND SYSTEM FOR CORRELATING SELF-REPORTING VIRTUAL ASSET DATA WITH EXTERNAL EVENTS TO GENERATE AN EXTERNAL EVENT IDENTIFICATION DATABASE - A method and system for correlating patterns of operating virtual assets with external events includes receiving an identification of one of the external events, from one or more electronic sources, and receiving first patterns from one or more first virtual assets, according to one embodiment. The method and system include populating a database with the first patterns and the identification of the one of the external events to map the one of the external events to the first patterns, according to one embodiment. The method and system include receiving second patterns from one or more second virtual assets, and comparing the second patterns to the first patterns, according to one embodiment. The method and system include distributing the identification of the one of the external events to the one or more second virtual assets, if the second patterns are similar to the first patterns, according to one embodiment. | 2016-02-04 |
20160036836 | Detecting DGA-Based Malicious Software Using Network Flow Information - Detecting DGA-based malware is disclosed. In an embodiment, a number of domain name server requests originating from a particular host among a plurality of hosts is determined. The number of domain name server requests are directed to one or more domain name servers. A number of internet protocol addresses contacted by the particular host is determined. Based on the number of domain name server requests and the number of internet protocol addresses contacted existence of malware on the particular host is determined. | 2016-02-04 |
20160036837 | DETECTING ATTACKS ON DATA CENTERS - The claimed subject matter includes a system and method for detecting attacks on a data center. The method includes sampling a packet stream by coordinating at multiple levels of data center architecture, based on specified parameters. The method also includes processing the sampled packet stream to identify one or more data center attacks. Further, the method includes generating attack notifications for the identified data center attacks. | 2016-02-04 |
20160036838 | DATA CENTER ARCHITECTURE THAT SUPPORTS ATTACK DETECTION AND MITIGATION - Described herein are various technologies pertaining to identification of inbound and outbound network and application attacks with respect to a data center. Commodity servers are used to monitor ingress and egress traffic flows, and anomalies are detected in the traffic flows. Responsive to detecting an anomaly, a mitigation strategy is executed to mitigate damage caused by a cyber-attack. | 2016-02-04 |
20160036839 | CONTROLLER FOR SOFTWARE DEFINED NETWORKING AND METHOD OF DETECTING ATTACKER - A controller for software defined networking includes a processor. The processor is configured to receive a first request including a first packet from a first communication partner. The processor is configured to generate an inspection message on basis of the first packet. The processor is configured to send the inspection message to the first communication partner. The processor is configured to monitor whether a first phenomenon occurs with respect to the first communication partner after the inspection message is sent. The first phenomenon is expected to occur when an authorized switch performs a process on basis of the inspection message. The processor is configured to determine, when the first phenomenon does not occur, that the first communication partner is not the authorized switch but an attacker. | 2016-02-04 |
20160036840 | INFORMATION PROCESSING APPARATUS AND PROGRAM - It is difficult to prevent virus infection, information leakage or the like for example when a user carelessly manipulates a file. An electronic file manipulating section that obtains an instruction about manipulation of an electronic file; a remote manipulation section that establishes a communication path enabling remote manipulation with an execution environment in which manipulation of the electronic file is to be executed, and transmits an execution instruction to instruct the execution environment to execute manipulation of the electronic file thereon to the execution environment via the communication path enabling remote manipulation; and an electronic file transmitting section that transmits the electronic file to the execution environment in response to the instruction are included. | 2016-02-04 |
20160036841 | Database Queries Integrity and External Security Mechanisms in Database Forensic Examinations - A method, system and computer-usable medium are disclosed for performing forensic database security operations to verify database query integrity. A database protocol packet is intercepted, inspected and then processed by an external database security mechanism (EDSM) system to extract a database query. The database query is then processed with a secret key to generate a first keyed-hash message authentication code (HMAC) value, which is then inserted into the intercepted database protocol packet according to database protocol rules to generate a modified database protocol packet in a way that HMAC values and database query will be stored in predetermined database server session tracking tables. The modified database protocol packet is then provided to a database server, where database server subsequently accessed by the EDSM system to retrieve the database query and the first HMAC value. The EDSM system then uses the same secret key to calculate a second HMAC value for the retrieved database query, which is compared to the first HMAC value to determine whether they match. If not, then the database query is marked as having been modified after being inspected by the EDSM system. | 2016-02-04 |
20160036842 | APPARATUS AND METHOD FOR CHECKING MESSAGE AND USER TERMINAL - A message checking apparatus comprising one or more processors, the message checking apparatus includes: a uniform resource locator(URL) extracting unit to check, when a message is received, whether a URL is included in the message and extract the URL from the message; a communication unit to download an application using the URL; and an authorization/application program interface(API) verifying unit to check whether an authorization or API having a security risk is included in the application to be downloaded through the communication unit and then determine whether the URL is malicious based thereon. | 2016-02-04 |
20160036843 | CONNECTED HOME SYSTEM WITH CYBER SECURITY MONITORING - A regional monitoring system includes a system control unit. A plurality of security related detectors are coupled to the control unit. A router is coupled to the control unit to implement bidirectional network communications with a displaced communications device wherein in one configuration, the control unit monitors ports of the router and responsive to detecting a predetermined router port configuration, forwards an alert indicator to the displaced device or monitors traffic patterns to detect local network threats. | 2016-02-04 |
20160036844 | EXPLAINING NETWORK ANOMALIES USING DECISION TREES - In an embodiment, the method comprises receiving an identification of an anomaly associated with a false positive identification of a security threat by the intrusion detection system, wherein a first set of feature data identifies features of the anomaly; creating a plurality of training sets each comprising identifications of a plurality of samples of network communications; for the anomaly and each training set of the plurality of training sets, training a decision tree that is stored in digital memory of the security analysis computer; based at least in part on the plurality of trained decision trees, extracting a set of features that distinguish the anomaly from the plurality of samples; generating one or more rules associated with the anomaly from the extracted set of features and causing programming the security analysis computer with the one or more rules. | 2016-02-04 |
20160036845 | SYSTEM FOR DETECTING THE PRESENCE OF ROGUE DOMAIN NAME SERVICE PROVIDERS THROUGH PASSIVE MONITORING - A method, system, computer program product embodied in a computer readable storage medium, and computer system are disclosed for identifying a rogue domain name service (DNS) server. Embodiments include passively monitoring traffic on a target network; and identifying a DNS resolution response in the traffic on the network. The DNS resolution response includes a mapping of a domain to an internet protocol (IP) address. The DNS resolution response is compared with a preconfigured list of known mappings of domains to IP addresses. Based on the results of the comparison, it can be determined whether the DNS resolution response is correct. In cases where the DNS resolution response is incorrect, the provider of the DNS resolution response is a rogue DNS server. | 2016-02-04 |
20160036846 | COMPUTER PROGRAM PRODUCT AND APPARATUS FOR MULTI-PATH REMEDIATION - A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques. | 2016-02-04 |
20160036847 | METHODS AND SYSTEMS FOR AUTOMATED NETWORK SCANNING IN DYNAMIC VIRTUALIZED ENVIRONMENTS - Systems and methods for managing jobs to be scanned based on existence of processing nodes are described. One of the methods includes obtaining identification information regarding operation of a first set of the processing nodes from an inventory and creating a job for scanning the processing nodes of the first set for security vulnerability. The job includes the identification information. The method further includes verifying the inventory to determine the first identifying information of the first set of processing nodes for removal from the job and loading the job having second identifying information for a second set of processing nodes that remain after the verifying operation. | 2016-02-04 |
20160036848 | INTERCLOUD SECURITY AS A SERVICE - In an approach, a cloud connector component acts as a broker between a client computer, a security-enhanced domain name server, and a content scanning server. When receiving a domain name service (DNS) request from a client computer, the cloud connector forwards the DNS request to the security-enhanced domain name server. The security-enhanced domain name server performs a DNS lookup on a URL contained within the DNS request to determine a network address for a corresponding content provider. In addition, the security-enhanced domain name server calculates a reputation score for the content provider and determines whether the content provider is trustworthy based on the reputation score. The security-enhanced domain name server then sends a DNS response back to the cloud connector that specifies the network address and the result of the trustworthy determination. If the content provider is trustworthiness, the cloud connector forwards the DNS response to the client computer. The client computer then sends a content request to the content provider and receives back the requested content. However, if the content provider is not trustworthy, the DNS response is modified to specify the network address of the content scanning server. As a result, the client computer sends the content request to the content scanning server which then proxies the request to the content provider. The content scanning server monitors the traffic passing back and forth between the client computer and the content provider for malware and other potential dangers. | 2016-02-04 |
20160036849 | Method, Apparatus and System for Detecting and Disabling Computer Disruptive Technologies - Disruptive technology of network communication and security, such as Internet traffic blocking, diverting, or modifying is detected in a Host Machine. One or more servers utilize one or more web pages or resources to load and execute on a Host Machine software that detect operation blocking, diverting, or modifying behavior, which is indicative of the presence of malware on the Host Machine. | 2016-02-04 |
20160036850 | SECURITY THREAT DETECTION USING DOMAIN NAME ACCESSES - Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name. | 2016-02-04 |
20160036851 | Security Threat Detection Using Domain Name Registrations - Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name. | 2016-02-04 |
20160036852 | COMPUTER PROGRAM PRODUCT AND APPARATUS FOR MULTI-PATH REMEDIATION - A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques. | 2016-02-04 |
20160036853 | STORAGE MEDIUM STORING PROGRAM FOR LOGIN ALERTS, AND METHOD AND SYSTEM THEREOF - To prevent logins to illegitimate sites such as phishing sites, a terminal device according to an embodiment stores authentication information used for login to a destination site in a storage (the authentication information storage area) in association with the site, and determines whether authentication information corresponding to the authentication information input for login to the destination site is stored in the storage in association with a site different from the destination site. The terminal device performs a predetermined alert process in response to the determination that the corresponding authentication information is stored in association with the different site. | 2016-02-04 |
20160036854 | APPARATUS AND METHOD FOR SHARING A HARDWARE SECURITY MODULE INTERFACE IN A COLLABORATIVE NETWORK - A first communication device having a secure access to a security module establishes a collaborative network by forming a collaborative security association with a second communication device associated with a user of the first communication device. The first communication device (a) sends an advertisement of services associated with the security module to the second communication device and receives an advertisement response from the second communication device or (b) receives a solicitation request for services associated with the security module from the second communication device. Responsive to receiving one of the advertisement response and the solicitation request, the first communication device determines whether the second communication device is authorized to access the security module. The first communication device processes and forwards security service messages between the second communication device and the security module, in response to determining that the second communication device is authorized to access the security module. | 2016-02-04 |
20160036855 | CLOUD APPLICATION CONTROL USING MAN-IN-THE-MIDDLE IDENTITY BROKERAGE - A cloud-based method, a system, and a cloud-based security system include receiving a request from a user for a cloud application at a proxy server; determining whether the user is authenticated based on a presence of cookies in the request; if the cookies are present, un-transforming the cookies by the proxy server and forwarding the request with the un-transformed cookies to the cloud application; and, if the cookies are not present, forwarding the request to the cloud application by the proxy server for authentication and transforming the cookies subsequent to the authentication prior to sending the cookies to the user. | 2016-02-04 |
20160036856 | DATA FLOW FORWARDING METHOD AND DEVICE - This disclosure makes public a data flow forwarding method and device, and in this method, a second health state is acquired based on the first health state of one or more pieces of identifying information of the received data flow, wherein the first health state and second health state are associated with the access rights of the user and/or user device that sent the data flow; it employs firewall policy property sets to determine whether or not to forward the data flow, wherein the firewall policy property sets comprise: the second health state. The technical schemes based on this disclosure improve the ability of a firewall to identify network attacks or abnormal activities and reduce administration costs. | 2016-02-04 |