34th week of 2014 patent applcation highlights part 75 |
Patent application number | Title | Published |
20140237525 | STORAGE OPTIMIZATION IN A CLOUD-ENABLED NETWORK-BASED DIGITAL VIDEO RECORDER - This disclosure describes systems and methods related to cloud-enabled network-based digital video recording. In some embodiments, a request to copy a file to a plurality of target file locations may be received. A file may be retrieved and processed. The processing may include apportioning the file into a plurality of data blocks. At least one of the plurality of data blocks may be stored. A plurality of references pointers associated with each of the plurality of data blocks may be generated. The plurality of reference pointers may be stored to each of the plurality of file locations. | 2014-08-21 |
20140237526 | System, Device and Method for Transrating File Based Assets - A video transrater, and a transrater system and method. The transrater, system and method may select an optimal bit rate from among a plurality of available bit rates in order to obtain a particular video quality and/or format. | 2014-08-21 |
20140237527 | METHOD AND APPARATUS FOR PRESENTING MEDIA PROGRAMS - A system that incorporates teachings of the present disclosure may include, for example, a controller to collect data indicative of temporal actions initiated by a group of users during presenting a media program. The data indicative of the temporal actions are collected in a collective metadata archive. Portions of the media program are identified based on metadata for which a number of occurrences of the temporal actions exceeds a threshold number of occurrences. A compacted presentation of the portions of the media program is prepared based on the metadata. The compacted presentation includes the portions of the media program arranged consecutively. Other embodiments are disclosed. | 2014-08-21 |
20140237528 | APPARATUS AND METHOD FOR USE WITH A DATA STREAM - Telecommunications Network and Method An apparatus ( | 2014-08-21 |
20140237529 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM | 2014-08-21 |
20140237530 | METHODS, COMPUTER PROGRAM PRODUCTS, AND VIRTUAL SERVERS FOR A VIRTUAL COLLABORATIVE ENVIRONMENT - Implementation of a virtual service includes connecting a set top box (STB) of a first user to a STB of a second user and a STB of a third user, providing a first video of the first and second users to corresponding STBs, and providing a second video of the first and third users to corresponding STBs. The virtual service also includes displaying the first video on a device of the first user and a device of the second user simultaneously with broadcast content. The virtual service further includes displaying the second video on the device of the first user and on a device of the third user simultaneously with the broadcast content. The displaying is implemented such that the second user and the third user are unaware of the mutual connection to the set top box of the first user. | 2014-08-21 |
20140237531 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND SERVER APPARATUS - Object To improve a quality of a service that uses an application that uses a broadcast resource. | 2014-08-21 |
20140237532 | CLOSED-CAPTIONING UNIFORM RESOURCE LOCATOR CAPTURE SYSTEM AND METHOD - A particular method includes extracting, at a computing device, uniform resource locator data from closed-captioning content. The method further includes receiving, at the computing device, user settings via a network interface. The user settings include an organizational preference corresponding to the uniform resource locator data. The method also includes generating, at the computing device, a web page that includes a portion of the uniform resource locator data as selectable links. The selectable links are organized according to the organizational preference. | 2014-08-21 |
20140237533 | METHOD AND SYSTEM FOR MANAGING INTERACTIVE MULTIMEDIA CONTENT BROADCAST ON TELEVISION - Method for managing interactive multimedia content designed to be displayed on the screen of a television set ( | 2014-08-21 |
20140237534 | Control Plane Architecture for Multicast Cache-Fill - A multicast content delivery system can use both multicast and unicast streams to efficiently use available bandwidth to deliver content. Available multicast content can be identified to gateways serving consumption devices, and the gateways can receive requests for unicast content deliver, but honor the requests with multicast group sessions. | 2014-08-21 |
20140237535 | Method and Apparatus for Distributing Media - A system that incorporates teachings of the present disclosure may include, for example, a media distribution device having a support structure adapted for removably receiving a server module, a plurality of encoders, and an Internet Protocol (IP) router module; and a bus adapted for placing the server module, the plurality of video encoders, and the IP router module in communication with each other, where the server module is adapted to receive media content, where the plurality of video encoders is adapted to generate a plurality of encoded media contents from the media content and the video encoders generate the encoded media contents in temporal proximity to each other, where the IP router module is adapted to distribute the plurality of encoded media contents over an IP network. Other embodiments are disclosed. | 2014-08-21 |
20140237536 | METHOD OF DISPLAYING CONTENTS, METHOD OF SYNCHRONIZING CONTENTS, AND METHOD AND DEVICE FOR DISPLAYING BROADCAST CONTENTS - A method of displaying contents, a method of synchronizing contents, and a method and device for displaying contents are provided. The method includes: receiving initial scene configuration information of a content written in a markup language from an external device, structuralizing the initial scene configuration information, rendering the content according to the structuralized initial scene configuration information, receiving additional scene configuration information of the content from the external device, updating the structuralized initial scene configuration information based on the received additional scene configuration information, and rendering the content according to the updated initial scene configuration information. | 2014-08-21 |
20140237537 | METHOD AND TECHNIQUE FOR APPLICATION AND DEVICE CONTROL IN A VIRTUALIZED ENVIRONMENT - A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a source associated with a file open or create event. The source is at least one of an application or a device being used by a guest virtual machine (GVM). The DLP manager enforces a first response rule associated with the GVM when the source is a non-approved source per a source control policy. The DLP manager enforces a second response rule when the file violates a DLP policy. | 2014-08-21 |
20140237538 | Input prediction in a database access control system - A local database access control system (LDACS) intelligently determines which database access requests intercepted by a database agent requires analysis by an external security device and which of those requests might be predicted not to require such processing e.g., because they do not contain database object information that needs to be validated against a security policy. Client requests that are predicted not to require such processing are then passed to the database server directly without being held by the agent and delivered externally for policy validation. In this approach, the agent does not send every intercepted request to the security device for evaluation against the one or more security policies. Rather, only those intercepted requests that are predicted to contain database object information are delivered. The security device implements an input prediction scheme to facilitate this process by sending control commands to the agent. | 2014-08-21 |
20140237539 | Identity Propagation - In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols. | 2014-08-21 |
20140237540 | ESTABLISHING AN INTERACTIVE ENVIRONMENT FOR RENDERED DOCUMENTS - A system for identifying an electronic counterpart for a rendered document is described. The system receives an indication of a text capture operation performed from a rendered document. The indication identifies a text sequence captured as part of the text capture operation, the identified text sequence comprising fewer than nine words. In response to receiving the indication, the system uniquely identifies an electronic document from which the rendered document was rendered. | 2014-08-21 |
20140237541 | SCALABLE SECURITY SERVICES FOR MULTICAST IN A ROUTER HAVING INTEGRATED ZONE-BASED FIREWALL - A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones. | 2014-08-21 |
20140237542 | REMEDIAL ACTION AGAINST MALICIOUS CODE AT A CLIENT FACILITY - Aspects of this invention may relate to a malicious application remedial action request application where a network site interaction may be requested from a client computing facility; the network site interaction from the client computing facility may be determined to be unacceptable based on an acceptance policy at a gateway facility; access to the network site from the client computing facility may be denied; information relating to the attempted interaction with the network site may be sent from the gateway facility to the client computing facility, wherein the information may indicate that the attempted interaction occurred; and the client computing facility may interpret the information relating to the attempted interaction, determine whether the attempted interaction was the result of an automatically generated request, and take remedial action in the event that the attempted interaction was the result of the automatically generated request. | 2014-08-21 |
20140237543 | METHOD AND APPARATUS FOR POLICY-BASED NETWORK ACCESS CONTROL WITH ARBITRARY NETWORK ACCESS CONTROL FRAMEWORKS - A method and apparatus for integrating various network access control frameworks under the control of a single policy decision point (PDP). The apparatus supports pluggable protocol terminators to interface to any number of access protocols or backend support services. The apparatus contains Trust and Identity Mediators to mediate between the protocol terminators and a canonical policy subsystem, translating attributes between framework representations, and a canonical representation using extensible data-driven dictionaries. | 2014-08-21 |
20140237544 | AUTHENTICATION METHOD, TRANSFER APPARATUS, AND AUTHENTICATION SERVER - It is provided an authentication method for realizing a network authentication function for an authentication system, the authentication system including an authentication server for authenticating a terminal used by a user, and a switch for mediating an authentication sequence between the terminal and the authentication server. The authentication method includes steps of: providing, by the switch, identification information for identifying the switch to the authentication server in the authentication sequence; authenticating, by the authentication server, an authentication request transmitted from the terminal; transmitting, by the authentication server, an authentication result of the authentication to the switch based on the provided identification information on the switch; and authenticating, by the switch, access from the terminal based on the authentication result received from the authentication server. | 2014-08-21 |
20140237545 | HIERARCHICAL RISK ASSESSMENT AND REMEDIATION OF THREATS IN MOBILE NETWORKING ENVIRONMENT - Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score. | 2014-08-21 |
20140237546 | Image Processing Apparatus and Image Processing System - An image processing apparatus including: a first interface; a second interface configured to be connected with a server configured to perform user authentication; an image processing unit configured to execute a job including image processing; and a control device configured to: receive authentication information of a user via the first interface; transmit the received authentication information to the server via the second interface; execute a specific operation after receiving the authentication information, the specific operation being a part of the job; receive a result of the user authentication from the server after executing the specific operation; determine whether the user authentication by the server has been successful in accordance with the received result; and execute the rest of the job after completing the specific operation and determining that the user authentication has been successful. | 2014-08-21 |
20140237547 | SPECTRUM ACCESS SYSTEM - A method for dynamically managing spectrum access and supporting multiple tiers of users is provided. A spectrum access server receives a request from a device to access a segment of spectrum, and determines which tier of the multiple tiers is associated with the request. If the request is from a second tier user and the request does not interfere with first tier users, the request is granted. If the request is from a third tier user and the request does not interfere with first tier users and authorized second tier users, the request is granted. | 2014-08-21 |
20140237548 | COMPUTING DEVICE WITH ENVIRONMENT AWARE FEATURES - A method and mobile electronic device are provided which automatically adjust settings based on the environment of the mobile electronic device. The settings of the mobile electronic device which are adjusted may be security settings, filter settings, or status for instant messaging in dependence on the determined location of the mobile electronic device. | 2014-08-21 |
20140237549 | COLLABORATIVE COMPUTING COMMUNITY ROLE MAPPING SYSTEM AND METHOD - A role mapping method and system for a collaborative computing environment in provided. A set of permissions defining access to a generic business component for a named permission set is stored in a database. The set of permissions for the named permission set are mapped to an abstract role. Based on these mappings, access permissions to a business component instance within a community can be set. | 2014-08-21 |
20140237550 | SYSTEM AND METHOD FOR INTELLIGENT WORKLOAD MANAGEMENT - The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources. Further, the authentication tokens may be embedded in the service distributions, whereby the embedded authentication tokens may control access to the resources in the information technology infrastructure. | 2014-08-21 |
20140237551 | SYSTEMS AND METHODS FOR IDENTIFYING DEVICES BY A TRUSTED SERVICE MANAGER - Embodiments of the disclosure provide systems and methods for identifying devices by a trusted service manager. According to one example embodiments of the disclosure, a method for identifying communications is provided. The method can include receiving, by a service provider from a device, a message comprising card production life cycle (CPLC) information associated with a secure element incorporated into the device; and evaluating, by the service provider, the received CPLC information in order to identify the secure element. | 2014-08-21 |
20140237552 | AUTHENTICATING MEDIUM, AUTHENTICATING TERMINAL, AUTHENTICATING SERVER, AND METHOD FOR AUTHENTICATION BY USING SAME - The present invention relates to an authenticating medium, an authenticating terminal, an authenticating server, and a method for authentication by using same. According to the present invention, an operating code for creating an authentication requesting code is periodically updated, and thus the authentication requesting code is also periodically changed. Thus, even if the authentication requesting code or the operating code exchanged through networks is leaked to other users, the security of an account may be maintained, and thus the security may be enhanced. In addition, even if users do not remember authentication codes for granting authorization, the codes recorded in an authentication medium are periodically updated and automatically authenticated, and which may prevent damages that may occur when users forget the authentication codes or the authentication codes are set using numbers that are easy to memorize. | 2014-08-21 |
20140237553 | SECURELY UPDATING INFORMATION IDENTIFYING SERVICES ACCESSIBLE VIA KEYS - A first device may receive a service authorization instruction from a second device. The service authorization instruction may include one or more authorization parameters and an instruction to associate or disassociate a key, with a service, to permit or prevent the service to be accessed using the key. The key may be embedded in an application used to provide an application instruction corresponding to a request for the service. The first device may validate the service authorization instruction based on the one or more authorization parameters; and update, based on validating the service authorization instruction, information identifying services that are accessible using the key to permit or prevent the service to be accessed using the key without modifying the key embedded in the application. | 2014-08-21 |
20140237554 | UNIFIED PLATFORM FOR BIG DATA PROCESSING - This technology relate to methods and systems for big data processing. The system includes extraction modules for extracting data from the data sources. The system also includes means for defining rules to be applied on the data and means for applying the rules on the data in conjunction with the extraction modules. The means for applying the rules is capable of applying pre-defined set of rules and the rules defined by means of defining the rules. The system also has controllers for defining access control restrictions on the data in conjunction with the extraction modules, display for displaying visual representations of the data processing in conjunction with the extraction modules and memory to store the extracted data in indexed form. | 2014-08-21 |
20140237555 | SYSTEM AND METHOD FOR SECURE REMOTE ACCESS - System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services. | 2014-08-21 |
20140237556 | METHOD FOR COMMUNICATION AND COMPONENTS IN A COMMUNICATIONS NETWORK - With a method for communication in a communication network, a subscriber is assigned an authorization level depending on the respective applicable scenario at the time when the authorization level is assigned for that subscriber in that communication network. | 2014-08-21 |
20140237557 | DATA PLAN ACTIVATION - A method, implemented by a router device, for guiding a user in establishing access privileges for a data exchanger includes causing the data exchanger to establish a remote link with a data service provider. Access content is obtained from the data service provider and presented to a client device. Access data provided in response to the presenting of the access content is received. The access content when presented by the client device enables a user to supply the access data. The access data is useable by the data service provider to set access privileges associated with the data exchanger that enable the data exchanger to be utilized to perform a desired function. The access data is returned to the data service provider via the remote link. The data exchanger is utilized to implement the desired function. | 2014-08-21 |
20140237558 | DEVICE FOR GENERATING A VIRTUAL NETWORK USER - A device for generating a virtual network user that can be used, for data protection purposes, as a pseudonym by which a physical person or legal entity can gain access to the Internet and engage services that can be implemented via the network. The network user is defined by a freely specifiable combination of real and/or arbitrarily specifiable attributes. The input of these attributes into the network access device (PC) of the user activates a transformation system which facilitates the generation of the data flows that implement the virtual network user and that can be saved with the temporal sequence of the data flow in a storage device of the transformation system. An access system allocated to an independent authority is provided, which upon activation can initiate the readout of such data from a memory allocated to the storage device of the transformation system. | 2014-08-21 |
20140237559 | METHOD AND RELATED DEVICE FOR GENERATING GROUP KEY - A method and a related device for generating a group key are provided. A group ID of a group to which an MTC device belongs and a group communication root key related to a security key are received from an MME, where the security key is corresponding to the group ID; a group key corresponding to the group ID is generated according to the group communication root key; and a generating parameter used to generate the group key is sent to the MTC device, so that the MTC device generates the group key according to the group key generating parameter and a security key saved in the MTC device. Therefore, a base station only needs to maintain a same group key for a same group, thereby reducing the operation complexity of the base station. | 2014-08-21 |
20140237560 | SECURITY CONTEXT PASSING FOR STATELESS SYSTEM MANAGEMENT - Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user. | 2014-08-21 |
20140237561 | SECURE FRONT-END INTERFACE - A secure front-end interface for a PLC, RTU or similar device is disclosed. A first server is coupled to the PLC via a communications link and is configured to receive status information from the device and transmit the information to a second server via a one-way data link. The second server has a network interface for coupling to a network and receives the information from the first server via the one-way data link and outputs the information via the network interface based upon a user request. The front-end interface may further include a second one-way data link coupled from the second server to the first server to allow user command entry. The secure front-end interface may alternatively consist only of a single server coupled between the device and the network which requires a user to enter a password before obtaining access to the status information. | 2014-08-21 |
20140237562 | Authentication System and Method - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access to the secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response sting to authenticate the identity of the requestor. | 2014-08-21 |
20140237563 | ONLINE USER ACCOUNT LOGIN METHOD AND A SERVER SYSTEM IMPLEMENTING THE METHOD - The present application provides a webpage login method involving two client devices and a server. The server receives an information access request from a first client device. In response to the information access request, the server returns a unique identifier to the first client device. The unique identifier is to be displayed on the first client device. Next, the server receives a first message from a second client device, the first message including user account information at the server system and authentication information. The server determines whether the authentication information corresponds to the unique identifier and authenticates the information access request in accordance with a determination that the authentication information corresponds to the unique identifier such that the user can access information at the server and associated with the user account information from the first client device. | 2014-08-21 |
20140237564 | SECURE ACCESS CREDENTIAL UPDATING - One or more first servers may receive a token, generated by a second server based on the second server validating an authorization parameter received by a third server; receive, from the second server, a token parameter, associated with the token and being associated with the authorization parameter and identifying a credential associated with the third server; receive, from the third server, a request to update the credential, the request including the token; validate the token; form an updated credential based on the token parameter and based on validating the token; and provide the updated credential to the third server. The credential may be replaced, by the third server, with the updated credential without interaction with a user of the third server. | 2014-08-21 |
20140237565 | METHOD AND SYSTEM FOR GENERATION OF DYNAMIC PASSWORD - A method and system of independent generation of dynamic password by a client and a server for subsequent verification of the generated password by either the server or the client is provided. The method includes registration of user ID for identification of the client and associating client's related information. Then the client provides one or more static values and one or more variable values for the registered user ID. The server then drives the base value and further the instructions are then applied on the registered ID. Thus generating the random password and further verifying the generated password with the random password and thus authorizing the client. | 2014-08-21 |
20140237566 | PASSWORD AUDIT SYSTEM - A password audit system is provided for determining the strength of user passwords in a computer system, application or network to which users have access via a user identification and password. The password audit system may include: an interface for establishing a data connection between the password audit system and the computer system, application or network, configured to retrieve cipher text user passwords stored thereon; a central processing unit, configured to successively generate different plain text passwords, encode them into corresponding cipher text passwords, and compare the encoded cipher text passwords to a given one of the retrieved cipher text passwords, until a match is found or a predetermined time has elapsed; and data storage means for storing data relating to the strength of the user passwords, the strength being dependent on the employed method to generate the different plain text passwords and/or the time needed to find a match. | 2014-08-21 |
20140237567 | AUTHENTICATION METHOD - An improved authentication method for authenticating user identity for access to a computer service. | 2014-08-21 |
20140237568 | UNIQUE IDENTIFICATION FOR AN INFORMATION HANDLING SYSTEM - A mobile information handling system (IHS) includes an application (app) that may include a unique-identification tool and a device capability determination tool. The unique-identification tool may generate a signature string that is unique to the mobile IHS. The device capability determination tool may determine the hardware capability of the mobile IHS, the network capability of the mobile IHS and the capability of a network between the mobile IHS and a server IHS, and generate a device determination therefrom. The app may transmit the signature string and the device determination to a server IHS. In response to the signature string and device determination that the server IHS receives, the server IHS may generate and transmit a corresponding response containing specific data to the mobile IHS. The app may output the specific data by displaying the specific data on a display of the mobile IHS. | 2014-08-21 |
20140237569 | DATA STORAGE SYSTEM AND METHOD FOR SECURITY INFORMATION INTERACTION - The present invention proposes a data storage system and method used for the security information interaction. Said data storage system used for the security information interaction comprises a security information storage device, an unlock password generating device and an unlock server. The data storage system and method used for the security information interaction disclosed in the present invention reduce the potential security risks due to the divulgement of unlock passwords, and reduce the complexity of the unlock process, as well as reduce to the potential security risks existed in the generating and writing process of the unlock password on the whole. | 2014-08-21 |
20140237570 | AUTHENTICATION BASED ON SOCIAL GRAPH TRANSACTION HISTORY DATA - Techniques user or user device authentication using data based on social associations and interactions of users or user devices are presented herein. In an aspect, a method includes receiving social graph transaction history data associated with a user identity of a user and contact information associated with the user identity, wherein the social graph transaction history data includes data relating to usage of the contact information for communication between users via respective user devices. The method further includes analyzing the social graph transaction history data, and based on the analyzing, determining a degree of confidence that the user identity is authentic. | 2014-08-21 |
20140237571 | SHARED INTERNET STORAGE RESOURCE, USER INTERFACE SYSTEM, AND METHOD - The Shared Internet Storage Resource provides Internet-based file storage, retrieval, access, control, and manipulation for a user. Additionally, an easy-to-use user interface is provided both for a browser or stand-alone application. The entire method provides means by which users can establish, use, and maintain files on the Internet in a manner remote from their local computers yet in a manner that is similar to the file manipulation used on their local computers. A high capacity or other storage system is attached to the Internet via an optional internal network that also serves to generate and direct metadata regarding the stored files. A web server using a CGI, Java®-based, or other interface transmits and retrieves TCP/IP packets or other Internet information through a load balancer/firewall by using XML to wrap the data packets. File instructions may be transmitted over the Internet to the Shared Resource System. The user's account may be password protected so that only the user may access his or her files. On the user's side, a stand-alone client application or JavaScript object interpreted through a browser provide two means by which the XML or other markup language data stream may be received and put to use by the user. Internet-to-Internet file transfers may be effected by directly downloading to the user's account space. | 2014-08-21 |
20140237572 | PORTAL AUTHENTICATION METHOD AND ACCESS CONTROLLER - In a portal authentication method, a DHCP request message sent by a terminal is received by an AC. In response to finding that a user of the terminal is an unauthenticated user, a private network IP address is assigned to the terminal. After portal authentication of the terminal is finished, a wireless connection of the terminal is terminated by the AC. When a DHCP request message sent by the terminal again is received, a determination that the user of the terminal passes the authentication is made by the AC, a public network IP address is assigned to the terminal, and an accounting request message is sent to a RADIUS server. After finding that the terminal is offline, an accounting stop message is sent by the AC to the RADIUS server, the wireless connection of the terminal is disconnected, and the public network IP address is released. | 2014-08-21 |
20140237573 | METHOD AND SYSTEM USING A CYBER ID TO PROVIDE SECURE TRANSACTIONS - A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU. | 2014-08-21 |
20140237574 | Methods, Systems, and Products for Identity Verification - Methods, systems, and products verify identity of a person. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified. | 2014-08-21 |
20140237575 | Login Security with Short Messaging - Additional security is provided for on-line account users beyond that which is otherwise conventionally provided by, e.g., longer passwords, passwords that include both characters and numbers, etc., by implementing an on-line server that notifies a pre-registered account holder via a short messaging system (SMS) with a short message login notification when a log-in (or even just a login attempt) occurs. Thus, even entry of the proper user/password information, which would conventionally be presumed to be authorized, will be notified to the registered SM address of the authorized user. | 2014-08-21 |
20140237576 | USER AUTHENTICATION METHOD AND APPARATUS BASED ON AUDIO AND VIDEO DATA - A computer-implemented method is performed at a server having one or more processors and memory storing programs executed by the one or more processors for authenticating a user from video and audio data. The method includes: receiving a login request from a mobile device, the login request including video data and audio data; extracting a group of facial features from the video data; extracting a group of audio features from the audio data and recognizing a sequence of words in the audio data; identifying a first user account whose respective facial features match the group of facial features and a second user account whose respective audio features match the group of audio features. If the first user account is the same as the second user account, retrieve the sequence of words associated with the user account and compare the sequences of words for authentication purpose. | 2014-08-21 |
20140237577 | Methods, Systems, and Products for Authentication of Users - Methods, systems, and products authenticate users for access to devices, applications, and services. Skills of a user are learned over time, such that an electronic model of random subject matter may be generated. The user is prompted to interpret the random subject matter, such as with a drawing, physical arrangement, or performance. The user's interpretation is then compared to the electronic model of the random subject matter. If the user is truly who they purport to be, their interpretation will match the electronic model, thus authenticating the user. If interpretation fails to match the electronic model, authentication may be denied. | 2014-08-21 |
20140237578 | LOCATION BASED AUGMENTED REALITY SYSTEM FOR EXCHANGE OF ITEMS BASED ON LOCATION SENSING METHODS AND DEVICES RELATED THERETO - Location-based augmented reality systems configured exchange of items based on location sensing and associated triggering icons, and methods and devices related thereto. In one exemplary embodiment, a first, provider user identifies a specific physical location; associates a triggering icon representing a value item with the specific physical location; and, transmits the existence of the triggering icon and specific physical location to a second, mobile recipient user computing device. The second, mobile recipient user receives the triggering icon and specific physical location from the first, provider user computing device, then finds the specific physical location, activates the triggering icon and receives the value item. | 2014-08-21 |
20140237579 | DEVICE FOR CONTROLLING NETWORK USER DATA - This utility model relates to devices for controlling (input, storage and deletion) network user data. | 2014-08-21 |
20140237580 | SERVER SYSTEM AND CONTROL METHOD - There is provided a method of a server system including identifying a first token and a second token based on an identifier received from a first external information processing apparatus, acquiring data from the first external information processing apparatus with use of the first token, generating a document from the acquired data, transmitting the second token to an authentication processing apparatus, acquiring a verification result of the second token from the authentication processing apparatus, and transmitting the generated document to a second external information processing apparatus with use of the second token. | 2014-08-21 |
20140237581 | AUTHENTICATION PLATFORM AND RELATED METHOD OF OPERATION - An authentication platform comprises an authentication unit configured to authenticate the user based on received input data, and a control unit configured to enable communication between a client device and an authentication host as a consequence of successful authentication of the user by the authentication unit. | 2014-08-21 |
20140237582 | Authenticating a Node in a Communication Network - A method and apparatus for authenticating a first node's identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node's identity can be authenticated but if the certificates do not match, then the first node's identity cannot be authenticated. The results of the comparison are then sent to the second node. | 2014-08-21 |
20140237583 | Systems and Methods for A Self-Defending Wireless Computer Network - In one embodiment, the methods and apparatuses to assign a routing address to a wireless computer that is in a different logical network from the routing addresses of other wireless computers within the same physical wireless network; and to prevent a wireless computer from learning the routing address of another wireless computer within the same physical wireless network. | 2014-08-21 |
20140237584 | SYSTEM AND METHOD FOR REDIRECTED FIREWALL DISCOVERY IN A NETWORK ENVIRONMENT - A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow. | 2014-08-21 |
20140237585 | Use of Virtual Network Interfaces and a Websocket Based Transport Mechanism to Realize Secure Node-to-Site and Site-to-Site Virtual Private Network Solutions - Techniques are provided herein for enabling a virtual private network (VPN) using a bidirectional, full duplex transport channel configured to send and receive application layer data packets. At a source network device that hosts a VPN client, the VPN client is configured with a bidirectional, full duplex transport channel that is configured to send and receive Open Systems Interconnection application layer data packets. The VPN client is also configured with a virtual network interface that operates to virtually link the VPN client with the transport channel. | 2014-08-21 |
20140237586 | APPARATUS FOR PROCESSING WITH A SECURE SYSTEM MANAGER - Method and apparatus for secure processing. The method includes detecting communication among secure and non-secure data entities, prohibiting execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in a permitted instruction record, and prohibiting execution of non-secure executable instructions if the non-secure executable instructions are recorded in a prohibited instruction record. The apparatus includes a processor, at least one non-secure data entity, and secure data entities including: a communication monitor adapted to detect communication among secure and non-secure data entities; a permitted instruction record; a first prohibitor adapted to prohibit execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in the permitted instruction record; a prohibited instruction record; and a second prohibitor adapted to prohibit execution of non-secure executable instructions if the non-secure executable instructions are recorded in the prohibited instruction record. | 2014-08-21 |
20140237587 | Managed Biometric Identity - A computing system such as a game console maintains and updates a biometric profile of a user. In one aspect, biometric data of the user is continuously obtained from a sensor such as an infrared and visible light camera, and used to update the biometric profile using a machine learning process. In another aspect, a user is prompted to confirm his or her identify when multiple users are detected at the same time and/or when the user is detected with a confidence level which is below a threshold. A real-time image of the user being identified can be displayed on a user interface with user images associated with one or more accounts. In another aspect, the biometric profile is managed by a shell on the computing system, where the shell makes the biometric profile available to any of a number of applications on the computing system. | 2014-08-21 |
20140237588 | METHOD AND SYSTEM FOR MANAGING AND CONTROLLING DIRECT ACCESS OF AN ADMINISTRATOR TO A COMPUTER SYSTEM - A method and computer program product for managing and controlling direct access of an administrator to a computer system. At least one computer program on the computer system receives from the administrator a request for the direct access to the managed computer system directly from the system console and requests a service management system to search open tickets. In response to that the open tickets are found, the at least one computer program requests the administrator to choose at least one ticket from the open tickets and grants the administrator the direct access to the computer system in response to determining that the at least one ticket is valid. | 2014-08-21 |
20140237589 | Personalization Data of an Active Application - A device to detect biometric information of a user, identify the user based on the biometric information, identify an active application of the device and identify metadata of the active application associated with the user, and modify personalization data of the active application with the metadata associated with the user. | 2014-08-21 |
20140237590 | SIMULTANEOUS SCREENING OF UNTRUSTED DIGITAL FILES - A plurality of untrusted digital files are run simultaneously in fewer sandboxes than there are files, while monitoring for malicious activity. Preferably, only one sandbox is used. If the monitoring detects malicious activity, either the files are run again in individual sandboxes, or the files are divided among subsets whose files are run simultaneously in one or more sandboxes, while monitoring for malicious activity. | 2014-08-21 |
20140237591 | PROTECTING MULTI-FACTOR AUTHENTICATION - Methods are detailed for online fraud prevention. In one approach state information of a first and a second device is monitored, both of which are associated with one user. During a multi-factor authentication procedure which utilizes at least one of the first and the second devices for authorizing a transaction by an Internet domain, a security server participates in a supplemental security procedure which is conditional on the monitored state information. In another approach the second device receives a message that is ostensibly related to multi-factor authorization by an Internet domain, and in response sends a query about state information of the first device. Based on the response to the query that indicates the state information, the second device performs a supplemental security procedure. | 2014-08-21 |
20140237592 | METHOD AND SYSTEM FOR DETECTING DATA MODIFICATION WITHIN COMPUTING DEVICE - A method and apparatus for detecting data modification in a layered operating system is disclosed. Outbound content indicators at different layers are compared to detect potential outbound data modifications. Likewise, inbound content indicators at different layers are compared to detect potential inbound data modifications. Content indicators include checksum, cryptographic hash, signature, and fingerprint indicators. Embodiments of the present invention enable detection of data modifications across an operating system's kernel and user mode spaces, prevention of modified outbound data from reaching a network, prevention of modified input data from reaching a user application, and detection of malware and faults within an operating system. | 2014-08-21 |
20140237593 | METHOD, DEVICE AND SYSTEM FOR DETECTING SECURITY OF DOWNLOAD LINK - A method, a device and a system for detecting security of a download link are provided. The method comprises: pre-acquiring an information set of download link security (S | 2014-08-21 |
20140237594 | METHODS AND SYSTEMS FOR API-LEVEL INTRUSION DETECTION - This disclosure generally relates to computer security, and more particularly to methods and systems for application programming interface (API)-level intrusion detection. In some embodiments, a computer-readable medium is disclosed, storing instructions for: receiving an API call for a service at an API sandbox module; parsing the API call to extract at least one of: an API call name; and or one or more API call parameters; generating a copy of the at least one of: the API call name and or the one or more API call parameters; determining, via an intrusion detection rules execution engine, whether the API call violates one or more security rules obtained from a security rules object, using the copy of the at least one of: the API call name and or the one or more API call parameters; and providing an indication of whether the API call violates the one or more security rules. | 2014-08-21 |
20140237595 | APIs for Obtaining Device-Specific Behavior Classifier Models from the Cloud - The various aspects provide a system and methods implemented on the system for generating a behavior model on a server that includes features specific to a mobile computing device and the device's current state/configuration. In the various aspects, the mobile computing device may send information identifying itself, its features, and its current state to the server. In response, the server may generate a device-specific lean classifier model for the mobile computing device based on the device's information and state and may send the device-specific lean classifier model to the device for use in detecting malicious behavior. The various aspects may enhance overall security and performance on the mobile computing device by leveraging the superior computing power and resources of the server to generate a device-specific lean classifier model that enables the device to monitor features that are actually present on the device for malicious behavior. | 2014-08-21 |
20140237596 | ROBUST MALWARE DETECTOR - A system, method and computer readable medium for detecting and diffusing malware on a computer. Malware is analysed to generate signatures and determine a fixing moment. All of the system calls of the operating system of a client computer are hooked and processed without emulation or the need for unpackers or decrypters, and a multi-level filter removes all system calls that are not associated with malware. The resulting system calls are accumulated on a per-thread basis and scanned, and the relevant threads are compared with the signatures to match with malware. The threads associated with malware are addressed at the fixing moment before the malware can operate to cause undesirable effects on the client computer. | 2014-08-21 |
20140237597 | AUTOMATIC SIGNATURE GENERATION FOR MALICIOUS PDF FILES - In some embodiments, automatic signature generation for malicious PDF files includes: parsing a PDF file to extract script stream data embedded in the PDF file; determining whether the extracted script stream data within the PDF file is malicious; and automatically generating a signature for the PDF file. | 2014-08-21 |
20140237598 | Reducing the Spread of Viruses and Errors in Social Networks and Affinity Groups - An approach is provided to reduce the spread of malware within a group of users. In the approach, a malware program (e.g., virus, Trojan, worm, etc.) is detected at a system that is utilized by one of the users that is a member of a peer affinity group. Event data pertaining to the detected malware program is gathered at the user's system. A notification is provided to the other users included in the peer affinity group. The notification identifies the detected malware program and the event data that was gathered at the user's system. | 2014-08-21 |
20140237599 | DISTRIBUTED AGENT BASED MODEL FOR SECURITY MONITORING AND RESPONSE - An architecture is provided for a widely distributed security system (SDI-SCAM) that protects computers at individual client locations, but which constantly pools and analyzes information gathered from machines across a network in order to quickly detect patterns consistent with intrusion or attack, singular or coordinated. When a novel method of attack has been detected, the system distributes warnings and potential countermeasures to each individual machine on the network. Such a warning may potentially include a probability distribution of the likelihood of an intrusion or attack as well as the relative probabilistic likelihood that such potential intrusion possesses certain characteristics or typologies or even strategic objectives in order to best recommend and/or distribute to each machine the most befitting countermeasure(s) given all presently known particular data and associated predicted probabilistic information regarding the prospective intrusion or attack. If any systems are adversely affected, methods for repairing the damage are shared and redistributed throughout the network. | 2014-08-21 |
20140237600 | SYSTEM AND METHOD FOR DETECTING EXECUTABLE MACHINE INSTRUCTIONS IN A DATA STREAM - Detecting executable machine instructions in a data is accomplished by accessing a plurality of values representing data contained within a memory of a computer system and performing pre-processing on the plurality of values to produce a candidate data subset. The pre-processing may include determining whether the plurality of values meets (a) a randomness condition, (b) a length condition, and/or (c) a string ratio condition. The candidate data subset is inspected for computer instructions, characteristics of the computer instructions are determined, and a predetermined action taken based on the characteristics of the computer instructions. | 2014-08-21 |
20140237601 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object is stored by a general purpose processor to a system memory. The memory has stored therein a page directory containing information for translating virtual addresses to physical addresses. Multiple most recently used entries of the page directory are cached, by a virus co-processor, within translation lookaside buffers (TLBs) implemented within an on-chip cache of the co-processor. Instructions are read by the co-processor, from a virus signature memory of the co-processor. The instructions contain op-codes of a first and second instruction type. Instructions of the first type are assigned to a first instruction pipe of the co-processor. An instruction assigned to the first instruction pipe is executed including accessing the content object by performing direct virtual memory addressing of the system memory and comparing the content object against a string. | 2014-08-21 |
20140237602 | AUTOMATIC CORRECTION OF SECURITY DOWNGRADERS - Methods and systems for automatic correction of security downgraders includes performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; locating candidate downgraders on the flows; determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow; and transforming candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities. | 2014-08-21 |
20140237603 | RULE MATCHING IN THE PRESENCE OF LANGUAGES WITH NO TYPES OR AS AN ADJUNCT TO CURRENT ANALYSES FOR SECURITY VULNERABILITY ANALYSIS - A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed. | 2014-08-21 |
20140237604 | Rule Matching In The Presence Of Languages With No Types Or As An Adjunct To Current Analyses For Security Vulnerability Analysis - A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed. | 2014-08-21 |
20140237605 | AUTOMATIC CORRECTION OF SECURITY DOWNGRADERS - Systems for automatic correction of security downgraders include a security analysis module configured to perform a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; and an enhancer module configured to locate candidate downgraders on the flows, to determine whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow, and to transform candidate downgraders that do not protect against all of the associated vulnerabilities such that the transformed downgraders do protect against all of the associated vulnerabilities. | 2014-08-21 |
20140237606 | SYSTEM AND METHOD FOR PROVIDING AUTOMATED COMPUTER SECURITY COMPROMISE AS A SERVICE - A system for providing automated computer security compromise as a service, contains a web server having a web front end running on the web server. The Web server has stored therein pentest definitions. A command and control component processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors at least one penetration tester component and/or at least one report generator component. The command and control component interacts with a cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns task tickets to the penetration tester and report generator components. At least one penetration tester component runs penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets. At least one reporter generator component generates reports based on the reporting tasks tickets generated by the command and control service. | 2014-08-21 |
20140237607 | IDENTIFYING EXPLOITATION OF VULNERABILITIES USING ERROR REPORTS - A tool and method examine error report information from a computer to determine not only whether a virus or other malware may be present on the computer but also may determine what vulnerability a particular exploit was attempting to use to subvert security mechanism to install the virus. A system monitor may collect both error reports and information about the error report, such as geographic location, hardware configuration, and software/operating system version information to build a profile of the spread of an attack and to be able to issue notifications related to increased data collection for errors, including crashes related to suspected services under attack. | 2014-08-21 |
20140237608 | System and Method for Masking Email Addresses - The present invention is directed to a system and method for masking email addresses. In an exemplary embodiment, a consumer responds to a marketing offer by supplying consumer information, including an actual email address, to a lead specialist. The consumer's actual email address is masked, with a unique email address substituted, when the consumer's information is passed-on to a lender. The lead specialist can then track and filter responses to the consumer to identify misuse of its lead information and to protect the consumer from unwanted emails and solicitations. | 2014-08-21 |
20140237609 | HARDWARE ENFORCED CONTENT PROTECTION FOR GRAPHICS PROCESSING UNITS - This disclosure proposes techniques for graphics processing. In one example, a graphics processing unit (GPU) is configured to access a first memory unit according to one of an unsecure mode and a secure mode. The GPU comprises a memory access controller configured to allow the GPU to read data from only an unsecure portion of the first memory unit when the GPU is in the unsecure mode, and configured to allow the GPU to write data only to a secure portion of the first memory unit when the GPU is in the secure mode. | 2014-08-21 |
20140237610 | METHOD AND SYSTEM FOR DISTRIBUTED CONTROL OF USER PRIVACY PREFERENCES - A system and method for managing user data preferences across multiple online sites and applications. A privacy center can be configured to include a user interface and an application programming interface (API). The user interface can be employed to set preferences for specific data types in order to handle the data types with a different level of privacy than other similar data type by the user. The API permits a plurality of sites to discover user's preferences, field names, and categories of data recognized by the site. The API adds new data fields to accommodate future changes in both technology and in legal restrictions on data usage. An address with respect to the API and the user interface along with a token can be entered when installing an application and the application downloads the preferences and applies them based on requirement. | 2014-08-21 |
20140237611 | METHOD FOR PROTECTING THE INTEGRITY OF A GROUP OF MEMORY ELEMENTS USING AN AGGREGATE AUTHENTICATION CODE - One feature pertains to an efficient algorithm to protect the integrity of a plurality of data structures by computing an aggregate message authentication code (MAC) over the plurality of data structures. An aggregate MAC may be constructed from a plurality of MAC values associated with a plurality of data structures. The aggregate MAC binds the plurality of data structures and attests to their combined integrity simultaneously. Rather than checking the integrity of a data structure when it is accessed, the aggregate MAC is periodically checked or verified, to ascertain the integrity of all data structures. If the aggregate MAC computed is different from the previously stored aggregate MAC, then all data structures that are part of the aggregate MAC are discarded. | 2014-08-21 |
20140237612 | PRIVACY SETTING IMPLEMENTATION IN A CO-BROWSING ENVIRONMENT - Embodiments described herein provide systems and method for implementing privacy control in a co-browsing environment. In a particular embodiment, a method provides receiving an instruction in a co-browsing server to initiate a co-browsing session for a website with a first client and a second client. The method further provides receiving first privacy settings from the first client, wherein the first privacy settings indicate how the website should be presented at the second client. The method further provides presenting the website at the first client and presenting the website at the second client based on the first privacy settings. | 2014-08-21 |
20140237613 | DISTRIBUTION APPARATUS, DEVICE, CONTROL METHOD FOR DISTRIBUTION APPARATUS, AND STORAGE MEDIUM - A distribution apparatus accepts registration of an application program configured to provide a specific service to a device and an extension application program. When an application program that is specified by the extension application program is registered, the image forming apparatus manages the extension application program by linking it with the application program. When a license key has been received, the distribution apparatus distributes, to the image forming apparatus, an application program specified by a license key and/or an extension application program linked to the application program. | 2014-08-21 |
20140237614 | COMMUNICATION SYSTEM AND METHOD - There is provided a system, including a network that is defined by its novel approach to privacy, security and freedom for its users, namely privacy by allowing access anonymously, security by encrypting and obfuscating resources and freedom by allowing users to anonymously and irrefutably be seen as genuine individuals on the network and to communicate with other users with total security and to securely access resources that are both their own and those that are shared by others with them. Functional mechanisms that the system are able to restore open communications and worry-free access in a manner that is very difficult to infect with viruses or cripple through denial of service attacks and spam messaging; moreover, it will provide a foundation where vendor lock-in need not be an issue. | 2014-08-21 |
20140237615 | PORTABLE LICENSE SERVER - A portable license for licensed content is obtained by a user along with a regular license in a local network, such as a home network or other private network. The portable license may be stored in a license server on a portable device, such as a smart phone or a tablet, which functions as a portable license server. The user may take the portable device to another location where it joins another local network. A device in the second network, which does not have a license to play the licensed content, may use the portable license on the portable device to execute the content, enabling the user to enjoy it in multiple environments. The device (e.g., a TV) in the second network may continue to play the content as long as the portable license or another valid license is present in the network. | 2014-08-21 |
20140237616 | PROFILE AND CONSENT ACCRUAL - Consent management between a client and a network server. In response to a request for consent, a central server determines if requested user information is included in a user profile associated with a user and if the user has granted consent to share the requested user information. A user interface is provided to the user via a browser of the client to collect the requested user information that is not included in the user profile and the consent to share the requested user information from the user. After receiving the user information provided by the user via the user interface, the service provided by the network server is allowed access to the received user information, and the central server updates the user profile. Other aspects of the invention are directed to computer-readable media for use with profile and consent accrual. | 2014-08-21 |
20140237617 | ORIGIN AND CUSTODY OF COPIES FROM A STORED ELECTRONIC RECORD VERIFIED PAGE BY PAGE - A method of authenticating a copy of a multi-page document, which includes digitizing a said multi-page document to generate one or more digitized files that together comprise a digitized transcript. A mark that is unique to the preparer of the document, such as a signature, is prepared and digitized. The preparer of the document is allowed to deposit the digitized transcript on an online repository. The operator of the online repository immediately establishes a verification process for the deposited digitized transcript. This verification process includes associating the digitized preparer mark with the deposited digitized transcript, and freezing the transcript, by encrypting it and deriving a checksum. The verification process also include associating a repository mark with the transcript. The operator of the online repository defines, under the direction of at least the preparer of the document, security rights to limit or otherwise control access to the deposited digitized transcript. The digitized preparer mark and the digitized repository mark are allowed to appear on substantially all copies of the pages of the document only if the pages have not been altered. If carrying out the verification process verifies that the deposited digitized transcript has not been changed since the verification process was established the marks are displayed with the unaltered page. This display whether the pages are displayed on a monitor or printed in paper form. Each page with this display is thus authenticated as to origin and custody apart from the other pages or the transcript as a whole. | 2014-08-21 |
20140237618 | DYNAMIC ENFORCEMENT OF PRIVACY SETTINGS BY A SOCIAL NETWORKING SYSTEM ON INFORMATION SHARED WITH AN EXTERNAL SYSTEM - An external system (such as a website) that interacts with users communicates with a social networking system to access information about the users, who may also be users of the social networking system. If a privacy setting is changed in the social networking system, and the change applies to information that has been shared with an external system, the change is enforced at the external system. For example, the external system may be notified that the information is invalid and must be deleted, or the external system may periodically request the information so that changes to the privacy settings are eventually experienced at the external systems. When an external system again needs the information, whether expired naturally or actively invalidated by the social network, the external system sends a new request for the information, which is subject to the (possibly revised) privacy settings. | 2014-08-21 |
20140237619 | ELECTRONIC DEVICE AND SECURITY CONTROL METHOD - Setting of security for communication is automatically changed for each application that is started up. An electronic device includes a communication unit which communicates with another electronic device, a storage unit which stores setting information of security for communication corresponding to each application, an execution control unit which starts up and executes one application among a plurality of applications used to communicate with the other electronic device and recruit a participant of a community, and a security control unit which reads the setting information corresponding to the application which has been started up from the storage unit and controls security for communication using the communication unit based on the read setting information when the execution control unit starts up the application. | 2014-08-21 |
20140237620 | SYSTEM AND METHOD FOR DATABASE PRIVACY PROTECTION - The invention relates to a system and a method for privacy preservation of sensitive attributes stored in a database. The invention reduces the complexity and enhances privacy preservation of the database by determining the distribution of sensitive data based on Kurtosis measurement. The invention further determines and compares the optimal value of k-sensitive attributes in k-anonymity data sanitization model with the optimal value of l sensitive attributes in l diversity data sanitization model using adversary information gain. The invention reduces the complexity of the method for preserving privacy by applying k anonymity only, when the distribution of the sensitive data is leptokurtic and optimal value of k is greater than the optimal value of l. | 2014-08-21 |
20140237621 | MICROPROCESSOR SYSTEM WITH SECURED RUNTIME ENVIRONMENT - Microprocessor system that is implemented or can be implemented in a mobile terminal and comprises: a normal operating system designed to generate and maintain a non-secure runtime environment and a security operating system designed to generate and maintain a secured runtime environment, and an operating system interface between the normal operating system and the security operating system, said operating interface being designed to control communication between the non-secure runtime environment and the secured runtime environment on the operating system level, and at least one filter interface that is designed to securely control communication between the non-secure runtime environment and a secured runtime environment on a level different from the operating system level. | 2014-08-21 |
20140237622 | SYSTEM AND METHOD FOR INSERTING SECURITY MECHANISMS INTO A SOFTWARE PROGRAM - A system and method for protecting a software program from unauthorized modification or exploitation. A software security mechanism according to the present invention is difficult for a hacker or cracker to detect and/or defeat, but does not impose excessive runtime overhead on the host software program. The present invention further comprises a system and method for automating the injection of a software security mechanism according to the present invention into a host software program. | 2014-08-21 |
20140237623 | COMPUTING SYSTEM WITH PROTOCOL PROTECTION MECHANISM AND METHOD OF OPERATION THEREOF - A computing system includes: a control unit configured to: determine a protocol profile including a first protocol and a second protocol for communicating between a first device and a second device, generate a unified-protocol privacy mechanism for a privacy protection scenario, the unified-protocol privacy mechanism based on combining the first protocol and the second protocol; and a communication unit, coupled to the control unit, configured to communicate content information according to the unified-protocol privacy mechanism between the first device and the second device. | 2014-08-21 |
20140237624 | TERMINAL DEVICE, SERVER DEVICE, CONTENT RECORDING CONTROL SYSTEM, RECORDING METHOD, AND RECORDING PERMISSION CONTROL METHOD - A terminal device recording content onto a recording medium device, a permission to record the content onto the recording medium device being granted by a server device, the terminal device comprising: a generation unit generating a value calculated so as to represent subject content for which permission to record is requested; an information transmission unit requesting the permission from the server device by transmitting information indicating the value generated by the generation unit to the server device; a signature reception unit receiving subject content signature data from the server device, the subject content signature data being transmitted by the server device upon granting the permission; and a recording unit recording the subject content onto the recording medium device as one of plain-text data and encrypted data, as well as the subject content signature data received by the signature reception unit. | 2014-08-21 |