53rd week of 2009 patent applcation highlights part 80 |
Patent application number | Title | Published |
20090328081 | Method and system for secure content hosting and distribution - A Validated Content Platform (VCP) is provided, which is makes it possible for anyone using the Internet to validate VCP hosted content for validity and authorized use. The system also features a Client Software for Subscribers with a VCP System Server Account to fetch validated content from the Account and publish it to any HTML compatible third party software or site with a single click. Content Providers can use the VCP solution to add validation functionality to their content, equip customers with an easy-to-use publishing solution and be confident about that content provided via the VCP is always validated when fetched from the VCP System Server and can always be checked for validity and authorized use by anyone accessing the content. The possibility of verifying authorized use and validity of digital content is a key factor in keeping the content's value. A validation functionality can makes it possible to determine whether a specific content is authentic and rightfully used or not. | 2009-12-31 |
20090328082 | PANEL ATTACHMENT STRUCTURE FOR DISK TRAY - A panel attachment structure for a disk tray includes an attachment frame, a decoration panel, a spring body, a restricting mechanism and a positioning mechanism. The attachment frame is non-movably coupled to a front end portion of the disk tray. The disk tray is movable between an ejected position and a retracted position through a tray opening of a cabinet. The decoration panel is movably coupled to the attachment frame. The spring body includes a compression coil spring. The spring body elastically couples the decoration panel to the attachment frame and biases the decoration panel against the attachment frame. The restricting mechanism restricts displacement of the decoration panel relative to the attachment frame. The positioning mechanism selectively positions the decoration panel relative to the attachment frame in a predetermined position and releases the decoration panel from the predetermined position when the disk tray is retracted to the retracted position. | 2009-12-31 |
20090328083 | EJECTION OF STORAGE DRIVES IN A COMPUTING NETWORK - A method for managing a storage system comprises ejecting a first drive in the storage system having a plurality of drives, in response to determining a fault associated with the first drive, wherein the ejecting takes place in response to a command issued by a management tool utilized for determining the fault associated with the plurality of drives in the storage system. | 2009-12-31 |
20090328084 | PICKUP APPARATUS - A pickup device ( | 2009-12-31 |
20090328085 | SYSTEM FOR UP-SELLING CONTENT DURING PERIODS OF LIKELY VIEWER DISINTEREST - A system for up-selling content during periods of likely viewer disinterest may include a content delivery network configured to provide media content and at least one choice of alternative content, a content viewing device, and a content processing device for interfacing the viewing device with the content delivery network. The content processing device may be configured to detect likely viewer disinterest in media content, prompt the selection of alternative content, and selectively replace the media content with the alternative content upon viewer selection. Additionally, methods for estimating a degree of likely viewer disinterest and discounting the offering price of the alternative content options are implemented by the system. | 2009-12-31 |
20090328086 | Apparatus for Monitoring Use Status of Image Apparatus, Method of Monitoring External Connection Apparatus and Television Receiving Apparatus - According to the present invention, for example a TV receiver can be connected to a game apparatus, for example. The game apparatus outputs at least image data. The TV receiver outputs an image of the image data to a display module. A restriction information storage module, which stores operating time or restriction information about operating contents of the game apparatus, is provided in the TV receiver. An operation monitoring module monitors the operating time or the operating contents based on the restriction information. A management module announces that the operating time or the operating contents become restriction conditions during the monitoring of the operation monitoring module. | 2009-12-31 |
20090328087 | SYSTEM AND METHOD FOR LOCATION BASED MEDIA DELIVERY - A system and method for selecting and presenting media on a network to tune an environment to the tastes of the users within that environment, thus improving the experience of that location. A physical location of a media presentation device is received over a network. The physical location of a plurality of end users are identified via the network, wherein each of plurality of users associated are with a plurality of media files stored on the network. A least one of the end users that are within a defined proximity to the media presentation device are identified. At least one media file associated with the end users that are within a defined proximity to the media presentation device are identified and transmitted over the network to the media presentation device. | 2009-12-31 |
20090328088 | Iterative Media Playing by increment and decrement of an Ad-to-Program Variable - A new paradigm of watching television allows watching programs and watching ads and maintaining a score that is based on the times of watching the programs and the ads. The paradigm can be carried out by increasing the value of a variable when programs are watched and decreasing the value of the variable when ads are watched. The user can also buy ad credits, or can receive them as an incentive to buy a product. | 2009-12-31 |
20090328089 | AUDIENCE RESPONSE MEASUREMENT AND TRACKING SYSTEM - A system performs audience response measurement and tracking using neuro-response data such as central nervous system, autonomic nervous system, and effector data. Subjects are exposed to stimulus material such as marketing and entertainment materials and data is collected using mechanisms such as Electroencephalography (EEG), Galvanic Skin Response (GSR), Electrocardiograms (EKG), Electrooculography (EOG), eye tracking, and facial emotion encoding. Data collected is analyzed to measure and track audience response to the stimulus materials. | 2009-12-31 |
20090328090 | Digital Television Channel Trending - Channel trending, including determining a number of viewers watching a multimedia program, is achieved in a digital television network. Cached multimedia frames that correspond to portions of the multimedia program are maintained, for example, on a device located on an edge (i.e., in a network edge device) of the digital television network. In response to a request from a client device (e.g., a set-top box) to receive the multimedia program, cached multimedia frames are fed from the edge device to the client device. Upon a seamless transfer or handoff resulting in a simulcast replicator or multicast replicator providing further portions of the multimedia program, a signal (e.g., a simple network management protocol TRAP statement) is sent to a viewership statistic server for incrementing a counter. | 2009-12-31 |
20090328091 | Method and Apparatus for Real-Time IPTV Channel Searching and Switching - A method of providing real-time channel searching and switching for IPTV is provided. Initially, a first communication is received from an IPTV subscriber at an IPTV application server upon the subscriber logging in to the server via the subscriber's Web-accessible device. The server communicates with a subscriber database to access level of service data for the subscriber and displays a new Web page for the subscriber based on the level of service data. The Web page includes a list of applicable channels based on a keyword search typed by the subscriber via the subscriber's Web-accessible device. The server also determines whether the subscriber has a set-top box that is powered on. Where the subscriber does have a set-top box and the set-top box is powered off, data received from the subscriber is saved in the database. Where the subscriber does have a set-top box and the set-top box is powered on, the subscriber is allowed to perform a switching function for each applicable and currently viewable channel on a search result list. Finally, a signal to the set-top box to change the channel. | 2009-12-31 |
20090328092 | PERSONALIZING ANY TV GATEWAY - A system and method for personalizing a TV gateway is disclosed. Specifically, the disclosed system includes a TV gateway authentication infrastructure and a user authentication infrastructure in communication with external networks. The TV gateway authentication infrastructure accesses the external networks and authenticates the TV gateway. The user authentication infrastructure authenticates an end-user via end-user credentials contained in a personal tamper resistant device, which is in communication with the TV gateway. When an end-user is authenticated, an end-user profile containing TV service credentials is loaded on the TV gateway enabling the fruition of authorized end-user TV content on a TV display. | 2009-12-31 |
20090328093 | Multimedia Content Filtering - A disclosed method for facilitating automated and user-specific filtering of multimedia content includes a backend server receiving a content identifier from a user's multimedia handling device (MHD), e.g., a set top box. The content identifier indicates of a program of multimedia content (PMC) requested or otherwise desired by a user. The disclosed method includes identifying or otherwise locating an index file associated with the requested PMC. The index file includes data that indicates portions of the PMC containing potentially objectionable content. Content filtering (CF) settings associated with the user are retrieved or otherwise accessed. The CF settings define at least one type of content that is objectionable to the user. The CF settings are applied to the index file to identify a portion of the PMC containing content objectionable to the user. Content location information that indicates the identified portion of the PMC is then sent to the MHD. | 2009-12-31 |
20090328094 | METHOD FOR TRANSMITTING A STREAM OF DIGITAL DATA AND CONTROL MESSAGES ASSOCIATED TO SAID STREAM TO MOBIL EQUIPMENTS - The invention concerns a method for transmitting a flow of digital data and of controlled messages associated with said flow addressed to mobile terminals. The flow comprises successive bursts of data of encrypted contents with control words included in the control messages transmitted in parallel with said flow. The method is characterized in that it consists in inserting a control message in each transmitted burst of contents, said message containing at least one control word designed to decrypt the contents of said burst. | 2009-12-31 |
20090328095 | MANAGING UNDESIRABLE CONTENT IN IP VIDEO BROADCAST TRAFFIC - A method and apparatus are provided for suppressing display of advertisements within a video over IP stream provided by a content provider. Metadata is prepended to advertisements within the stream. When the stream is received by an access aggregation point, the access aggregation point compares the metadata of an advertisement with preset criteria provided by an enterprise subscriber, and suppresses the advertisement if a comparison of the metadata and the preset criteria indicate that the advertisement is undesirable to the enterprise subscriber. The access aggregation point suppresses the advertisement by switching to a second video channel within the stream for the duration of the advertisement. In this way, the access aggregation point can control display of content provider advertisements without manipulating data within the stream, so as to allow the enterprise subscriber to prevent display of undesirable advertisements to endpoints within the enterprise subscriber site such as set-top boxes within hotel rooms. | 2009-12-31 |
20090328096 | PRECONDITIONING AD CONTENT FOR DIGITAL PROGRAM INSERTION - Methods are provided for inserting advertisements or the like and/or to perform grooming functions for a video, audio and/or data stream. Video programming is received in a network stream. Alternate content, such as advertisements, is received in content stream. The content stream is preconditioned to provide an entrance point therein for splicing the network stream to the content stream. Preconditioning of the content stream can also be performed to provide an exit point for splicing back to the network stream when the alternate content (e.g., advertisements) has concluded. | 2009-12-31 |
20090328097 | System and Method for Displaying Television Program Information on a Remote Control Device - A remote control device comprising a display, a receiver module, and a detection module. The receiver module is configured to receive, from a set-top box device, information about content currently displayed on a screen connected to the set-top box device, and configured to display the information on the display. The detection module is in communication with the display. The detection module is configured to determine a button that is pressed on the remote control device, and configured to display an output on the display corresponding to the button and indicating that the button has been pressed. | 2009-12-31 |
20090328098 | SYSTEM FOR PROACTIVELY TROUBLESHOOTING SET TOP BOX ISSUES - A system for proactively troubleshooting set top box issues may include a media distribution network with a remote requesting device and a programming guide server. The programming guide server may be configured to identify a guide data retrieval profile of the requesting device, compare the guide data retrieval profile to an expected profile, and flag the requesting device for troubleshooting based on a lack of correspondence between the retrieval profile and the expected profile. Additionally methods for discovering related devices, predicting that the related devices also require troubleshooting, and limiting restorative measures to only those devices that have been confirmed to be affected by a service issue may also be implemented by the system. | 2009-12-31 |
20090328099 | BROADCAST SYSTEM WITH A LOCAL ELECTRONIC SERVICE GUIDE GENERATION - A broadcast system includes a terminal system having a display module for displaying an Electronic Service Guide (ESG) of programs to be broadcasted. The ESG initiates the storing of a program selected through such ESG and broadcasted to the terminal system. The broadcast system includes a module for creating and displaying a local ESG on the terminal system. This local ESG corresponds to programs which have been selected, broadcasted and stored in the terminal system. The local ESG launches the rendering of a stored program in response to actuating a corresponding item in the local ESG. | 2009-12-31 |
20090328100 | PROGRAM INFORMATION DISPLAY APPARATUS AND PROGRAM INFORMATION DISPLAY METHOD - According to one embodiment, a program information display apparatus includes a signal processing module which acquires program information which announces contents of a scheduled program from a broadcast signal to output the program information for display, and a magnetic disk drive which accumulates the program information acquired by the processing module. The signal processing module analyzes the broadcast signal with respect to a common content characteristic which can identify program information. When it is confirmed as the analysis result that the program information is identified, program information related to at least a program name and broadcasting date and time is detected from the program information. The program attribute is accumulated in the magnetic disk drive in association with the program information. | 2009-12-31 |
20090328101 | USER INTERFACE FOR MOBILE TV INTERACTIVE SERVICES - A method includes providing an electronic program guide that presents content programming information for one or more program channels on a broadcast TV device; detecting a selection of a program block in the electronic program guide, the selected program block corresponding to a program scheduled on a program channel; and providing a program indicator block corresponding to the selected program block, the program indicator presenting detailed programming information related to the scheduled program including any program reminder or program recording state setting. | 2009-12-31 |
20090328102 | Representative Scene Images - Representative scene images are described. In embodiment(s), an episodes user interface can be generated to include scene images that each represent and visually distinguish a different episode in a television program series. The episodes user interface can then be communicated to a media device to be rendered for display where the scene images are viewer-selectable via the episodes user interface. A scene image can be selected to initiate a request for an episode in the television program series to be rendered for viewing at the media device. | 2009-12-31 |
20090328103 | GENRE-BASED SEGMENT COLLECTIONS - Genre-based segment collections is described. In embodiment(s), program segments that have been segmented from multiple television programs can be determined to have a common association based on a genre of the program segments. A segment collection can then be generated to include the program segments that have been determined to have the common association. The program segments of the segment collection can be selected from a collections user interface to initiate rendering the program segments for viewing. | 2009-12-31 |
20090328104 | METHODS, SYSTEMS, AND COMPUTER PRODUCTS FOR PERSONALIZED CHANNEL SERVICES - Methods, systems, and computer program products for personalized media service. A programming preferences questionnaire is submitted to a user, and selections to the programming preferences questionnaire input by the user are received. Expected satisfaction values to available programs are assigned in accordance with selections input by the user, and programs in accordance with the assigned expected satisfaction values of the programs are selected. A combination of selected programs is provided to the user. | 2009-12-31 |
20090328105 | SYSTEMS AND METHODS FOR RANKING ASSETS RELATIVE TO A GROUP OF VIEWERS - Systems and methods are provided for ranking assets relative to a group of viewers. A group is formed by a user by selecting a number of different viewer preference profiles or automatically by the system as a function of analyzing similarities among viewer preference profiles. Individual preference values are computed for each viewer in the group relative to an asset. A group preference value is then computed by performing a function on the individual preference values. A display is generated that represents the individual preference values and the group preference value relative to an asset. Based on the information provided in the display, the asset most relevant to the group may be selected. | 2009-12-31 |
20090328106 | Video content control system with automatic content selection - For selection of entertainment of the most personal interest to a user, a video content control system processes records of video programs against user data. A program record contains data pertinent to user preferences and an impartial rating of program quality or significance determined with no regard to preferences of individual users. The processing is defined by decision tables. For a particular combination of user data and program data pertinent to user preferences, a decision table specifies a value of change to be applied to the impartial rating to produce a personal rating as an increased, decreased or unchanged impartial rating. The system selects videos with the highest personal ratings, i.e. videos that are impartially the best and compliant with user preferences. | 2009-12-31 |
20090328107 | APPARATUS AND METHOD FOR AUTOMATICALLY RECORDING CONTENT, AND RECORDING MEDIUM AND PROGRAM THEREOF - An apparatus automatically recommends content. A preference operation history managing unit generates history information of an operation relating to a preference for a content according to a plurality of operations relating to a preference for the content and explanation information relating to the content and using preference value parameters for each kind of these operations. A preference information managing unit generates and renews preference information including preference values in which a given preference value is based on a combination of a given keyword and a preference value for that keyword. A content recommending unit calculates a preference degree for the content according to the preference information and the explanation information with respect to the content and recommends at least a portion of the content according to the preference degree. | 2009-12-31 |
20090328108 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND INFORMATION PROCESSING SYSTEM - Disclosed herein is an information processing apparatus including: transmission data acquisition section configured to acquire transmission data including program data and EPG data including program information for a predetermined period of time; EPG extraction section configured to extract the EPG data from the transmission data; program selection section configured to select a given program as a selected program; search word extraction section configured to extract a search word from the program information of the selected program; search word transmission section configured to transmit the search word to a program server; program information reception section configured to receive, from the program server, the program information including a program identification ID configured to identify a related program related to the selected program; program information storage section configured to store the program information; and processing section configured to identify the program by using the program identification ID, and perform a process targeted at the identified program. | 2009-12-31 |
20090328109 | Providing Television Broadcasts over a Managed Network and Interactive Content over an Unmanaged Network to a Client Device - A client device receives a broadcast content signal containing an interactive identifier over a managed network at a client device. The interactive identifier may be a trigger that is included in a header or embedded within the digital video data. The trigger may have a temporal component, wherein the trigger can expire after a certain period of time. In response to identification of the trigger, the client device sends a user request for interactive content over an unmanaged network. For example, the managed network may be a one-way satellite television network, IP-television network or cable television network and the unmanaged network may be the Internet. The client device switches between receiving data from the managed network to receiving data from the unmanaged network. | 2009-12-31 |
20090328110 | ANTENNA SYSTEM FOR SATELLITE LOCK-ON AND METHOD FOR OPERATING THE SAME - An antenna system and a corresponding method for satellite lock-on applied to vehicles automatically lock on at least one satellite in the space by means of a lock-on signal. The technique features on a scan driving signal that initiates a space scan of the antenna system so as to obtain a scan data. According to peak values of the scan data, coordinates of a plurality of satellites in the space are realized and individually recorded. Then, after receiving a lock-on signal, the satellite coordinate of the satellite to be locked is retrieved so as to drive the antenna to point at the satellite to be locked. | 2009-12-31 |
20090328111 | Content Distribution System, Server, and Content Distribution Method - According to one embodiment, a content distribution system includes a receiver device, a distribution device, and a management device. The distribution device is located in a network, and distributes content to the receiver device. The management device is located in the network, and manages, as user interface information, information on user interface screen to be displayed on the receiver device for operating functions of the distribution device. The management device requests a server located outside the network to create the user interface information, and acquires the user interface information from the server. | 2009-12-31 |
20090328112 | METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING INSTANT MESSAGING IN CONJUNCTION WITH AN AUDIOVISUAL, VIDEO, OR AUDIO PROGRAM - Methods, devices, and computer program products for providing instant messaging in conjunction with an audiovisual, video, or audio program are provided. The methods include providing an audiovisual, video, or audio program to a user. Viewer/listener input is received requesting activation of a program-based instant messaging function. A viewer/listener identifier corresponding to the viewer/listener is associated with a program identifier that uniquely identifies the audiovisual, video, or audio program being provided to the user to thereby generate a program viewer/listener record. The program viewer/listener record is transmitted to an electronic database. A list of other users who are viewing or listening to the program in addition to the viewer/listener is acquired from the electronic database. The list of other users is transmitted to the viewer/listener. | 2009-12-31 |
20090328113 | CONTEXTUAL MEDIA CONTENT PLACEMENT - Advertisements and other media content may be placed with or in content items according to contextual information relating to particular portions of the content. For example, advertisements may be matched to products shown in a movie, lyrics used in a song or places named in a work of literature. The contextual information may be defined in a contextual data track of the content item similar to video tracks for video and audio tracks for audio. Accordingly, a content provider or a viewing device may, prior to or during play of a content item, automatically request advertisements or other media content based at least in part on the contextual information stored in the contextual data track of the content item. In one or more arrangements, contextual data may be automatically generated using various image, audio and text processing techniques. | 2009-12-31 |
20090328114 | METHOD AND RECEIVING UNIT FOR FAST CHANGE OF SERVICES - The present invention relates to a method of changing between a plurality N of distinct services, e.g. television channels, receivable on a receiving unit, such as a mobile phone/cellular phone, a personal digital assistant (PDA), a handheld television unit, or similar devices. The receiving unit is adapted to receive the plurality of services in a time slicing mode with services being arranged in a certain time slice sequence. The receiving unit is capable of receiving a first service (S | 2009-12-31 |
20090328115 | Systems and Methods for Distributing Digital Content - A method for distributing digital content can include receiving a first request from a first client for a digital content of the plurality of digital content and providing a first portion of the digital content to the first client. The method can further include receiving a second request from a second client for the digital content after providing the first portion of the digital content to the first client and providing a second portion of the digital content as a multicast stream to the first and second clients. Additionally, the method can include sending an offer to the second client to skip the first portion of the digital content. | 2009-12-31 |
20090328116 | System and Method for Providing Mobile Traffic Information - A system comprises a server operable to deliver an Internet Protocol Television stream to a set-top box, and operable to retrieve an image from a first traffic camera. Upon receipt of a request from the set-top box, the image is sent to a wireless device. | 2009-12-31 |
20090328117 | Network Based Management of Visual Art - Works of visual art are provided over a digital television provider network for local display by a user. Live or substantially live video of works of visual art may be streamed to the user's location. Alternatively, still images of the works of visual art may be captured and stored as electronic files. Network-based servers may feed the streaming video or electronic data from still images to one or more set-top boxes in a user's home for a limited period. Selectable icons permit users to select images for purchase in electronic form or in hard-copy form. | 2009-12-31 |
20090328118 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR PROVIDING AN ENHANCED CALL ALERT SERVICE VIA A TELEVISION SERVICE NETWORK - Methods, systems, and computer readable media providing an enhanced call alert service via a television service network are described. In one embodiment, the system comprises a call alert service mediator (CASM) that includes a telephone network interface for receiving, from a telecommunications network, a query message for a call to a called party device associated with a subscriber for requesting instructions for completing or modifying the call. The CASM also includes a TV network interface for, in response to the query from the telecommunications network, for sending a message to a TV network, wherein the message results in notification of the call to the subscriber via an customer premises equipment (CPE) device and the requesting of instructions from the subscriber via the CPE device for completing or modifying the call. | 2009-12-31 |
20090328119 | Packet Recovery Server Based Triggering Mechanism for IPTV Diagnostics - A monitoring system and method are described herein that obtain retry request information from packet recovery server(s) and based at least in part on the obtained retry request information determine whether or not to launch probes to monitor specific network element(s) within an Internet Protocol Television (IPTV) network to diagnose a problem without having to monitor everyone of the network elements all of the time. | 2009-12-31 |
20090328120 | ARRANGEMENT FOR CONNECTIVITY WITHIN AN ADVANCED MULTIMEDIA CONTENT FRAMEWORK - Arrangements and methods are provided that allow integration of connected online services within a high-definition interactive framework, and in particular within an advanced content interactivity layer. In this way, the online services may enjoy enhanced features on an advanced content media device. For example, content running on an advanced content media device may be configured to detect an online service's feature and may thus present the user with additional features that interact with the online service. An advanced content media device may detect another user's advanced content media device through a network, and in particular a media service on the network, allowing chat and synchronized playback of content. Advanced content media devices may vary, but may include, e.g., a multimedia player, a media center, a game console, a personal computer, and so on. | 2009-12-31 |
20090328121 | Television Receiver, Method of Controlling the Receiver, and Network Construction Device - According to one embodiment, the present invention is designed to automatically determine the language of the content distributed when connecting to the Web server so as to agree with the language configured at the initial setup. The present invention has following elements. An initial setup module maintains initial setup information that indicates at least a menu language. A setup information association process module which determines a language request signal to request a language the same as the menu language indicated in the initial setup information. And a network control module which accesses the World Wide Web while transmitting the language request signal to determine a browser language. | 2009-12-31 |
20090328122 | METHOD AND APPARATUS FOR PRESENTING MEDIA PROGRAMS - A system that incorporates teachings of the present disclosure may include, for example, a system having a controller to collect one or more temporal actions initiated by each of a plurality of users while presenting a media program to said plurality of users, generate one or more symbolic overlays according to the one or more temporal actions collected for each user, and combine the presentation of the media program with a presentation of the one or more symbolic overlays. Other embodiments are disclosed. | 2009-12-31 |
20090328123 | CERTIFICATION PROGRAM FOR DEVICES OPERATING WITH AN ENTERTAINMENT ACCESS SYSTEM - In order to ensure that an entertainment access system is enabled to unify and simplify a user's enjoyment of content by managing the user's devices, entertainment content and usage rights, it is important to ensure the user devices, and the services they offer, function in accordance with well-established specifications and standards. Importantly, these specifications need to be the same from one device manufacturer to another. This is needed to ensure that the entertainment access system will be able to provide a consistent, reliable and predictable user experience to its users. In some illustrative examples, a certification program is implemented for user devices that receive and render the entertainment content received from the entertainment access system. The certification program establishes specifications to which the devices are to conform regardless of their manufacturer. The program also establishes a testing protocol to determine if the devices are manufactured in accordance with the specifications. The testing protocol is implemented on devices manufactured by the various manufacturers of the devices. Finally, a certificate is issued to those device manufacturers whose devices are demonstrated to be able to successfully complete the testing protocol. The certificate may also authorize the manufacturers to use a certificate mark on their products' packaging, literature and promotional information. | 2009-12-31 |
20090328124 | ADAPTIVE VIDEO SWITCHING FOR VARIABLE NETWORK CONDITIONS - A method for video playback switching in response to changing network conditions. The method includes accessing a server to retrieve respective index files for a low bit rate version and a high bit rate version of the video file, and instantiating a low bit rate media player and a high bit rate media. Playback of the video file is begun by the high bit rate media player streaming the high bit rate version from the server. Upon an indication of impeded network conditions, a transition point is selected, wherein the transition point indicates where downloading of the high bit rate version stops and where downloading of the low bit rate version begins. The low bit rate media player is then positioned to begin playback at the transition point. Playback of the video file is then switched to the low bit rate player upon encountering the transition point. | 2009-12-31 |
20090328125 | VIDEO FINGERPRINT SYSTEMS AND METHODS - A method that provides identification information for a portion of a video stream includes receiving a video stream, wherein the video stream includes one or more successive video scenes, wherein the one or more successive video scenes respectively corresponds to one or more sets of visual information, wherein each of the one or more successive video scenes includes plural successive pictures, wherein a first visual object is included in a first video scene, wherein the one or more successive video scenes includes the first video scene, detecting the first visual object over a first plurality of pictures of the first video scene, deriving information corresponding to one or more measured transitions of the first visual object over the first plurality of pictures of the first video scene, and providing identification information corresponding to the derived information. | 2009-12-31 |
20090328126 | NEURAL NETWORKS FOR INGRESS MONITORING - A method of identifying a source of ingress into a network includes storing frequency spectra of known sources of ingress, comparing the frequency spectrum of ingress to the frequency spectra of known sources of ingress, and determining from the comparison which of the frequency spectra of known sources of ingress is closest to the frequency spectrum of the ingress. Apparatus for identifying a source of ingress into a network includes memory for storing frequency spectra of known sources of ingress and a device for comparing the frequency spectrum of the ingress to frequency spectra of known sources of ingress and determining from the comparison which frequency spectrum of a known source of ingress is closest to the frequency spectrum of the ingress. A method of establishing ingress into a network includes developing a first frequency spectrum indicative of the condition of the network at a first time during the operation of the network, developing a second frequency spectrum indicative of the condition of the network at a second, later time, comparing the second frequency spectrum to the first frequency spectrum, and determining from the comparison a condition of the network at the second time. Apparatus for establishing ingress into a network includes a device for receiving frequency spectra. The device receives at least one first frequency spectrum indicative of the condition of the network at a first time during the operation of the network, and a second frequency spectrum indicative of the condition of the network at a second, later time. The device compares the second frequency spectrum to the first frequency spectrum and determines from the comparison the condition of the network at the second time. | 2009-12-31 |
20090328127 | System and method for implementing a personal information mode in an electronic device - A system and method for implementing a personal information mode in a television device includes personal information data that is selectably accessed from at least one remote information source. A display of the television device is configured to display a personal information interface to a system user. A personal information module of the television then automatically displays the personal information to the system user on the personal information interface. | 2009-12-31 |
20090328128 | SYSTEM AND METHOD FOR AN INTERACTIVE BROADBAND SYSTEM-ON-CHIP WITH A RECONFIGURABLE INTERFACE - A method and apparatus are disclosed, in an interactive broadband set-top box receiving broadband signals from a headend, to facilitate communications with an installed card within the set-top box using a single IC chip that processes the broadband signals. The single IC chip is configured to a PCMCIA PC-card mode such that PC card signals are multiplexed to certain I/O pins of the single IC chip. In the PCMCIA PC-card mode, the single IC chip attempts to detect the presence of and identify an installed card in the set-top box. If an installed card is present and is identified as a POD module, then the single IC chip is reconfigured from the PCMCIA PC-card mode to a POD mode such that POD-compatible signals are multiplexed to certain existing I/O pins of the single IC chip when operating in the POD mode. | 2009-12-31 |
20090328129 | Customizing Policies for Process Privilege Inheritance - An approach is provided that uses policies to determine which parental privileges are inherited by the parent's child processes. A parent software process initializes a child software process, such as by executing the child process. The parent process is associated with a first set of privileges. The inheritance policies are retrieved that correspond to the parent process. A second set of privileges is identified based on the retrieved inheritance policies, and this second set of privileges is applied to the child software process. | 2009-12-31 |
20090328130 | POLICY-BASED SECURE INFORMATION DISCLOSURE - Systems and methods for storing data and retrieving data from a smart storage device is provided, where smart storage includes processing capabilities along with the ability to store information. In one aspect, a method includes detecting via bidirectional settings one or more capabilities of rules enforcement logic associated with a storage device and selecting a set of criteria and policies to be downloaded from a host or a management server that are to be downloaded onto the storage device. This includes dynamically generating conditional context aware policies syntax based on user settings or network policy and downloading a set of policies onto the storage device for future policy enforcement. | 2009-12-31 |
20090328131 | MECHANISMS TO SECURE DATA ON HARD RESET OF DEVICE - Mechanisms to secure data on a hard reset of a device are provided. A hard reset request is detected on a handheld device. Before the hard reset is permitted to process an additional security compliance check is made. Assuming, the additional security compliance check is successful and before the hard reset is processed, the data of the handheld device is backed up to a configurable location. | 2009-12-31 |
20090328132 | DYNAMIC ENTITLEMENT MANAGER - Embodiments of the invention relate to systems, methods, and computer program products for monitoring and/or controlling access to entitlements. For example, in one embodiment a computer program product is configured to periodically examine the members of a particular community in an organization and automatically identify members in the community that have access to software applications, datasets, or other organizational resources that are uncommon in the community, which may indicate that the member should not have access to the such resources. The computer program product of embodiments of the invention is also configured to automatically and periodically determine the resources that members of the same community should all probably have access to. As such, embodiments of the present invention allow an organization to more efficiently monitor and control access to its resources and other entitlements. | 2009-12-31 |
20090328133 | CAPABILITY MANAGEMENT FOR NETWORK ELEMENTS - A method, information processing system, and system manage network entities. At least a portion of at least one information model ( | 2009-12-31 |
20090328134 | LICENSING PROTECTED CONTENT TO APPLICATION SETS - The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested. | 2009-12-31 |
20090328135 | Method, Apparatus, and Computer Program Product for Privacy Management - An apparatus for privacy management may include a processor. The processor may be configured to access one or more privacy options. In this regard, each privacy option may be configured to provide members of one or more groups access to content. The processor may also be configured to provide for selection of a privacy option in association with the content. Associated methods and computer program products may also be provided. | 2009-12-31 |
20090328136 | TECHNIQUES FOR ROUTING PRIVACY SENSITIVE INFORMATION TO AN OUTPUT DEVICE - Various embodiments are directed to a privacy routing engine embodied on a device and a method for routing actuations to preserve a user's privacy. The privacy routing engine may receive actuations intended for a user, and may route the actuation to an output device according to a set of user output policies. The user output policies may specify output devices according to a user's context and need for privacy. A user context may include a location, an event, or a sensed condition. Other embodiments are described and claimed. | 2009-12-31 |
20090328137 | METHOD FOR PROTECTING DATA IN MASHUP WEBSITES - A method for protecting a mashup webpage is disclosed. The mashup webpage includes a plurality of mini-applications. The method includes intercepting a content access event by a first mini-application of the plurality of mini-applications, the content access event requesting access to content of a second mini-application of the plurality of mini-applications. The method also includes ascertaining, using a Document Mini-application Model (DOM) access control policy and a DOM model, whether the content access event is permissible. The method additionally includes denying the access by the first mini-application to the content of the second mini-application if the content access event is deemed impermissible or permissible according to the DOM access control policy. | 2009-12-31 |
20090328138 | SYSTEM FOR CONTROLLING ACCESS TO HOSPITAL INFORMATION AND METHOD FOR CONTROLLING THE SAME - A method and system for implementing activity-oriented access control (AOAC) to hospital information is disclosed. An access request device sends user credentials attaching user attributes to an AOAC server, which in turn searches activity rules that are assigned to user attributes from an activity server and a current work situation of the user from an activity recognition server. The AOAC server transmits an access request list corresponding to the activity rules and the current work situation of the user to the access request device so that it can select a desired access request among the list. | 2009-12-31 |
20090328139 | NETWORK COMMUNICATION DEVICE - A disclosed network communication device having plural addresses includes an address obtaining unit configured to obtain plural addresses corresponding to a name or an identifier of another network communication device by address resolution, and an address specifying unit configured to specify one or more of the obtained addresses as security communication addresses with which security communications can be performed by comparing the obtained addresses to a setting of the security communications. | 2009-12-31 |
20090328140 | ADVANCED SECURITY NEGOTIATION PROTOCOL - This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP). | 2009-12-31 |
20090328141 | AUTHENTICATION, IDENTITY, AND SERVICE MANAGEMENT FOR COMPUTING AND COMMUNICATION SYSTEMS - Improved techniques for obtaining authentication identifiers, authentication, and receiving services are disclosed. Multiple devices can be used for receiving service from a servicing entity (e.g., Service Providers). More particularly, a first device can be used to authenticate a first entity (e.g., one or more persons) for receiving services from the servicing entity, but the services can be received by a second device. Generally, the first device can be a device better suited, more preferred and/or more secure for authentication related activates including “Identity Management.” The second device can be generally more preferred for receiving and/or using the services. In addition, a device can be designated for authentication of an entity. The device releases an authentication identifier only if the entity has effectively authorized its release, thereby allowing “User Centric” approaches to “Identity Management.” A device can be designated for obtaining authentication identifiers from an identity assigning entity (e.g., an Identity Provider). The authentication identifiers can be used to authenticate an entity for receiving services from a servicing entity (e.g., a Service Provider) that provides the services to a second device. The same device can also be designated for authentication of the entity. The device can, for example, be a mobile phone allowing a mobile solution and providing a generally more secure computing environment than the device (e.g., a Personal Computer) used to receive and use the services. | 2009-12-31 |
20090328142 | Systems and Methods for Webpage Verification Using Data-Hiding Technology - A system for webpage verification comprises an authentication module configured to authenticate a user identifier if the user identifier is unique in the system, the user identifier being related to the identity of a user, a data-hiding module configured to generate a first data-hidden object based on a unique user identifier, at least one webpage identifier and a base object in accordance with a data-hiding algorithm, each of the at least one webpage identifiers being related to the identity of one of at least one webpage of the user, a memory module to store at least one of the said user identifier, the at least one webpage identifier, the base object, and the required parameters of data-hiding algorithm, and a verification module configured to retrieve the first data-hidden object from one of the at least one webpage based on one of the at least one webpage identifier, retrieve a user identifier and all of the webpage identifiers from the memory module based on the one webpage identifier, generate a second data-hidden object based on the retrieved webpage identifiers, the retrieved user identifier and the base object, and compare the first data-hidden object with the second data-hidden object. | 2009-12-31 |
20090328143 | METHOD OF SELF-AUTHENTICATING A DOCUMENT WHILE PRESERVING CRITICAL CONTENT IN AUTHENTICATION DATA - An improved document authentication method in which critical content, such as signatures, is preserved at a high-resolution in the authentication data carried on the self-authenticating document. When generating authentication data, signatures are compressed without down-sampling to preserve their resolution and quality. The compressed signature data (a bit string) is embedded in an image segment on the document. For example, each bit of the bit string is stored in the low bits of one or more image pixels. A hash code is calculated from the bit string and stored in a barcode printed on the document. To authenticate a scanned-back document, the bit string is recovered from the image segment. A hash code is calculated from the recovered bit string and compared to the hash code extracted from the barcode. The signatures re-generated from the recovered bit string are compared to the signatures in the scanned document. | 2009-12-31 |
20090328144 | MOBILE APPLICATION REGISTRATION - A method of registering an application on a mobile terminal in a mobile network with an application server, said mobile terminal comprising an identity module, said method comprising the steps of: receiving at the application server a first message for registering the application, said first message comprising a telephone number associated with the identity module; generating by the application server a unique identifier and associating the unique identifier with the telephone number; sending a second message from the application server to the mobile terminal, said second message comprising the unique identifier; and generating and storing at the mobile terminal a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal. | 2009-12-31 |
20090328145 | METHOD AND APPARATUS FOR MIGRATING A VIRTUAL TPM INSTANCE AND PRESERVING UNIQUENESS AND COMPLETENESS OF THE INSTANCE - A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt. | 2009-12-31 |
20090328146 | Method of generating authentication code in digital device - A method of generating an authentication code in a digital device is provided. An ID set in a digital device is read when it is requested to generate an authentication code. It is determined whether the authentication code previously generated based on the ID is stored in the digital device. A new authentication code is generated based on the ID and stored when the authentication code is not stored. A part of the authentication code is displayed. Only the serial number can be displayed in the authentication code. The ID is a unique and fixed value set when the digital device is produced. And, the ID is extracted from an authentication code stored in the digital device and the extracted ID is compared with the read ID so that it is determined whether the authentication code is previously generated or is not generated yet. | 2009-12-31 |
20090328147 | EAP BASED CAPABILITY NEGOTIATION AND FACILITATION FOR TUNNELING EAP METHODS - Capability negotiation during a PEAP transaction between two end points in a network is performed by initiating EAP capability negotiation methods. A first end point that desires to use a specific capability during a PEAP transaction initiates capability negotiation method requesting the specific capability. Upon receiving the request for the specific capability, a second end point performs the desired capability if an outer method employed in the PEAP transaction supports the specific capability. If the outer method does not support the desired capability, the receiver responds to the first end point with a negative acknowledgment. In other embodiments, if the outer method does not support the desired capability, the desired capability may still be performed if it is supported by an inner method. In such instances, an inner wrapper method is employed in the PEAP transaction to maintain and perform the capability. | 2009-12-31 |
20090328148 | METHOD OF TRUST MANAGEMENT IN WIRELESS SENSOR NETWORKS - The present invention relates to Group-based trust management scheme (GTMS) of wireless sensor networks. GTMS evaluates the trust of a group of sensor nodes in contrast to traditional trust management schemes that always focused on trust values of individual nodes. This approach gives us the benefit of requiring less memory to store trust records at each sensor node in the network. It uses the clustering attributes of wireless sensor networks that drastically reduce the cost associated with trust evaluation of distant nodes. Uniquely it provides not only a mechanism to detect malicious or faulty nodes, but also provides some degree of a prevention mechanism. | 2009-12-31 |
20090328149 | METHOD AND SYSTEM FOR MANAGING THE ACCESS AND USE OF ELECTRONIC FORMS - A method and system is provided for authenticating electronic forms prior to download. A Form Administrator may enable authentication requirement for an End User and also select an authentication scheme. The End User will not be allowed access to an electronic form unless authenticated. The invention also includes a method and system for delivering and presenting electronic forms to an End User through a purely browser based application, without requiring the installation of additional software or browser plug-ins. | 2009-12-31 |
20090328150 | Progressive Pictorial & Motion Based CAPTCHAs - A CAPTCHA system uses images/pictures and/or motion for granting access to a computing system. The images can be culled from examples used in pictorial games, and can progressively presented to increase the strength of the CAPTCHA challenges. Speech recognition, motion and touch sensing can also be employed as parts of the challenge. | 2009-12-31 |
20090328151 | Program, apparatus, and method for access control - In a computer which executes an access control program, an authentication information storage unit stores authentication information. A logical volume acquiring unit acquires a logical volume associating data with storage nodes storing the data, from a predetermined database. In response to an access request to access data, a data access unit identifies a storage node to be accessed, based on the logical volume, and sends the authentication information and a command corresponding to the access request to the identified storage node. | 2009-12-31 |
20090328152 | METHOD OF ACCESS CONTROL IMPLEMENTED IN AN ETHERNET SWITCH - An access control system, having at least one access control unit for securing a physical area and controlling entry into and egress out of the physical area, and an Ethernet routing device, is disclosed. The Ethernet routing device includes an access controller for determining access privileges to the physical area; an Ethernet switching unit for directing network communications between multiple network devices; at least one Ethernet connector for connecting the at least one access control unit to the Ethernet routing device; and an access control message interpreter for reading messages received, by way of the Ethernet connector, from the at least one access control unit and providing access control information contained in the messages to the access controller for access privilege determination. | 2009-12-31 |
20090328153 | USING EXCLUSION BASED SECURITY RULES FOR ESTABLISHING URI SECURITY - A solution for controlling access to Uniform Resource Identifier (URI) identified resources can receive a request for a resource identified by a URI. The URI associated with the request can be compared against at least one previously established security rule. The security rule can include an exclusion comparison operator and a regular expression defining a pattern. A determination as to whether to grant a requester access to the resource can be based at least in part upon results of the comparing of the URI against the previously established security rule. | 2009-12-31 |
20090328154 | ISOLATION OF SERVICES OR PROCESSES USING CREDENTIAL MANAGED ACCOUNTS - This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis. | 2009-12-31 |
20090328155 | Master device for controlling application security environments - Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by using a slave device that will enable or disable protection for applications as required. The device supports one or more users, none or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges the processes running in that Application Security Environment have while that Application Security Environment is in that state. | 2009-12-31 |
20090328156 | WORKFLOW BASED AUTHORIZATION FOR CONTENT ACCESS - The present invention extends to methods, systems, and computer program products for workflow based authorization for content access. A workflow can be triggered when a protection policy does not fully express an intended recipient's rights in protected content. A workflow processes relevant inputs to more fully express the intended recipient's rights in protected content. Workflows can provide policy item updates and authorizations decisions with respect to protected content. Through the use of workflows to make an authorization decision, access to information can become more flexible, allowing it to follow the desired flow of information throughout its lifecycle. This flexibility allows organizations to protect their information without worrying about the protection stopping the natural flow of business. | 2009-12-31 |
20090328157 | SYSTEM AND METHOD FOR ADAPTIVE APPROXIMATING OF A USER FOR ROLE AUTHORIZATION IN A HIERARCHICAL INTER-ORGANIZATIONAL MODEL - A system and method are provided for adaptive approximating of a user for role authorization in a hierarchical inter-organization model. The system includes an authorization redirector for receiving a request for an access control decision for a user. The system further includes an adaptive authorizer for dynamically determining, at run-time, a user role approximation for the user responsive to the request. The user role approximation is based on at least one of a system state and a system goal corresponding to a hierarchical inter-organizational model. | 2009-12-31 |
20090328158 | METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR PROVIDING SOFTWARE APPLICATION INVITATION - An apparatus for providing software application invitations may comprise a processor. The processor may be configured to receive an achievement in a software application and formulate at least one invitation to execute the software application. The processor may further be configured to send at least one invitation to at least one invitee. The invitation may include a means to access at least a portion of the software application. Associated methods and computer program products may also be provided. Also, apparatus, methods, and computer program products for processing received software applications invitation may be provided. | 2009-12-31 |
20090328159 | Systems and Methods for Secure Printing - Apparatus, systems, and methods consistent with disclosed embodiments provide for the secure printing of documents. A first security data is associated with a document, which is printed to one of several secure trays coupled to a printer, if a second security level derived from the first security data is not lower than the first security level currently associated with the secure output tray. The first security data is matched with second security data obtained from an input device coupled to the printer. Access to the secure tray is granted if the second security data matches a subset of the first security data. In some embodiments, secure output trays on the printer may be dynamically assigned to different security levels corresponding to the security levels of documents printed to the secure output trays. | 2009-12-31 |
20090328160 | ADMINISTRATION PORTAL - An administration portal for a network security server, including: (i) control elements allowing a user of a network to access respective services, such as email, spam filter, malware filter, and web browser control services, performed by the security server; and (ii) an administration module for maintaining permission attributes for users of the network, the attributes defining access to the control elements. The permission attributes have a delegation hierarchy so a managed security service provider can set a permission attribute for a user to administrator, and the user with an administrator permission attribute can set another user to have a user permission attribute. The permission attributes can also be set on a group basis for a group of said users. The attributes each have associated capability levels defining a level of access for the respective services. | 2009-12-31 |
20090328161 | Peer discovery and connection management based on context sensitive social networks - In a method for automatically filtering communications, a networking request from an initiating party on an initiating communication device is received. The networking request pertains to a request for communication between the initiating communication device and a recipient communication device of a user over a communication channel. A determination is made of whether the communication channel to be used for the communication matches a communication channel for a previous communication between the initiating party and the user. It is automatically determined whether to grant the networking request, based at least in part on the determination of whether the communication channel for the communication matches the communication channel for the previous communication between the initiating party and the user. Other embodiments are described and claimed. | 2009-12-31 |
20090328162 | Mutual for reporting a theft in an authentication system - Disclosed are protection of secret information including an encryption key and a system for reporting an emergency such as theft or confinement when secret information is accessed. Secret information includes a large quantity of decoy data and a piece/pieces of true and correct data mixed into the decoy data. The secret data including the decoy data and the true and correct data is two-dimensional code data the code of which is composed of groups of cells having different areas. The positions and order of storage of the true and correct data dispersedly mixed in the decoy data are determined and reported to the user. The user adds a predetermined alerting signal when inputting the password to tell that the user is under control of a third party. The system can detect the alerting signal and know that the user is in an abnormal state, performs normal identification procedures, and takes protection/preservation measures. Part of decoy data is specified as confinement report data and added to the true and correct data. Consequently at least a piece of confinement report data is included and therefore the user himself is judged to be under control of the third party. Then the user is identified and a confinement report alert is issued. | 2009-12-31 |
20090328163 | SYSTEM AND METHOD USING STREAMING CAPTCHA FOR ONLINE VERIFICATION - An improved system and method using a streaming captcha for online verification is provided. A request sent by a client device may be received by a server to serve a streaming captcha to the client device. A server may compose a streaming captcha by superimposing a captcha character string on a video. The streaming captcha may be streamed to the client device. The streaming captcha may be displayed on the client device, and a character string input by a user may be received in response to display of the streaming captcha. The character string received may be sent to the server for verification. The server may verify that the character string received is the same as the captcha character string displayed in the streaming captcha. The server may then send an indication of the verification to the client device. | 2009-12-31 |
20090328164 | Method and system for a platform-based trust verifying service for multi-party verification - A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider. If the integrity manifest comparison indicates that the client platform posture is not good, then the client platform will send a failure notification to the service provider indicating that the client platform has been compromised. | 2009-12-31 |
20090328165 | Method and apparatus for generating one-time passwords - A method and apparatus are provided to allow a user of a communications device to utilize one-time password generators for two-way authentication of users and servers, i.e., proving to users that servers are genuine and proving to servers that users are genuine. The present invention removes the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods, e.g., telephone, web interfaces, automatic teller machines (ATMs), etc. Also, the present invention may be utilized in consumer and enterprise applications. | 2009-12-31 |
20090328166 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 2009-12-31 |
20090328167 | NETWORK ACCESS METHOD AND SYSTEM - A method for controlling access to a communication network such as a Wi-Fi network includes a user device ( | 2009-12-31 |
20090328168 | METHOD FOR REGISTERING AND CERTIFICATING USER OF ONE TIME PASSWORD BY A PLURALITY OF MODE AND COMPUTER-READABLE RECORDING MEDIUM WHERE PROGRAM EXECUTING THE SAME METHOD IS RECORDED - The present invention relates to a method of registering a one-time-password user in a one-time-password terminal by the one-time-password terminal, in an environment including the one-time-password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, a one-time-password server, and a one-time-password database server for storing information on the one-time-password user. | 2009-12-31 |
20090328169 | Apparatus and method for convenient and secure access to websites - A website access application accesses an encrypted central repository on a user's computer to store and access a variety of user-based website login and authentication information in the repository. The central repository provides a single point of access for the authentication information and, by accessing the repository; the process of user identification and authentication for multiple websites can be automated. A single user-selected keystroke combination can be utilized to initiate user sessions with multiple disparate secure websites by accessing the user website login information contained in the central repository and extracting the user login and authentication information contained therein. Additionally, the website access application will track and report on the times savings associated with the streamlined login process for accessing secure websites. In yet another preferred embodiment of the present invention, the website access application will analyze the user authentication information for various websites and provide suggestions to enhance the relative strength of the authentication information. Finally, the website access application supports a wide variety of user authentication protocols, thereby ensuring secure access to the repository. | 2009-12-31 |
20090328170 | Method and Systems for Dynamically Providing Communities of Interest on an End User Workstation - A method and system provide dynamic communities of interest on an end user workstation utilizing commercial off the shelf products, with central management and the ability for a users to log on only once (also known as “single sign on” or “SSO”). The software images that make up the virtual machine can be patched and updated with other required changes from a central storage area where the image can be administratively updated just once. A digital signature can be applied to the software images to ensure authenticity and integrity, along with determining whether a software image is up to date. | 2009-12-31 |
20090328171 | Method and system for secure remote storage of electronic media - Secure remote storage of electronic media. A virtual safe application resides on a server and provides for encrypted storage, display, and access to critical electronic media. The virtual safe communicates with trusted entities, which can automatically populate the virtual safe with pre-selected types of files into pre-selected locations. A user can access the virtual safe over a network to customize the display, manage files, upload files, and/or share files. Sharing a file grants selected access rights to a selected file by another authorized user. The shared file is displayed on the interface associated with the other authorized user, allowing the other user to view the file and to perform functionality consistent with the access rights. The sharing capability facilitates communication for use in streamlining business and/or personal matters. The virtual safe thus provides access to documents anytime, anywhere, while ensuring security, facilitating communication, and eliminating manual steps. | 2009-12-31 |
20090328172 | SESSIONLESS REDIRECTION IN TERMINAL SERVICES - Embodiments described herein are directed to establishing a terminal services (TS) session between a TS server and the client without creating a temporary session. In one embodiment, a computer system receives a user request indicating that a TS session with a first TS server is to be initiated. The request includes an indication that the user is authenticated and authorized to use the first TS server. The computer system searches for any prior TS sessions previously initiated by the user with other TS servers and determines, based on the search, that at least one prior TS session was initiated with a second TS server. The computer system also sends redirection data to the user indicating that the user request is to be redirected to the second TS server to reestablish the prior TS session with the second TS server. | 2009-12-31 |
20090328173 | Method and system for securing online identities - Various methods, systems and apparatus for associating fictitious user identities (e.g. screen names, user names, handles, etc.) used in electronic communications (e.g. over the internet via instant messenger, e-mail, social networks, eCommerce and auction websites, etc.) with real personal information (e.g. the true identity of an individual such as their name, address, credit score, driving record, etc.) are disclosed. One such method may include storing real personal information, associated with fictitious user identities, in a CGI, hosted by a GICS. The CGI may be a unique record for an individual person and may contain real personal information verified with proper authorities (e.g. a name, address and driving record of the individual verified with a department of motor vehicles), as well as fictitious user identities used by the individual, feedback receiving from other users, etc. The method may further include allowing a remote user to submit a query to the GICS requesting information associated with a fictitious user identity, whereby the GICS may search for a CGI associating information with the fictitious user identity; and, transmit some or all of the information to the remote user. One apparatus, according to aspects of the present invention, may include means of associating real personal information, submitted by a user, with fictitious user identities, means of verifying the real personal information and the ownership of the real personal information by the submitting user, means of receiving a request for some personal information associated with a fictitious user identity, from a remote user, means for identifying the CGI associated with the fictitious user identity, means of retrieving some of the personal information from the CGI and means of transmitting some of the information to the remote user. The system may further include means of limiting the information transmitted to the remote user. (e.g. the remote user may be transmitted the credit score of the person owning a fictitious screen name, without being transmitted any further information identifying the person.) | 2009-12-31 |
20090328174 | Method and system for providing internet services - A service integration platform system for providing Internet services includes: an interface configured to receive a service request message that is initiated by a user of an application provided by an Independent Software Vendor (ISV), the service request message being implemented according to an Application Programming Interface (API) type and including a plurality of platform-level parameters that conform to the API type. The system further includes one or more processors coupled to the interface, configured to: locate a set of authentication checks that are appropriate for the API type, based at least in part on the plurality of platform-level parameters included in the service request message and a mapping of predefined combinations of platform-level parameters and corresponding sets of authentication checks; perform authentication of the service request according to the set of authentication checks; and route the service request to a service address of the Internet Service Provider (ISP) in the event that the service request is authenticated. | 2009-12-31 |
20090328175 | IDENTITY VERIFICATION VIA SELECTION OF SENSIBLE OUTPUT FROM RECORDED DIGITAL DATA - A digital data sampler operating in a computer processor selects and stores digital data samples from a data stream used for generating audio-visual output during a session with a client operated by a user. The session generates the data stream independently of the data sampler. The data sampler may collect parameter data correlated to a probability will be remembered by the user at some future time, for each sample. The data sampler may store the data samples and parameter data as shared secret data for use in a future authentication session. During a future authentication session, an authentication device selects test data from the shared secret data to generate sensible output in an authentication process. The authentication process grants access to a controlled resource in response to user input indicating specific knowledge of the shared secret data selected from a presentation of similar sensible outputs. | 2009-12-31 |
20090328176 | Web Based Access To Clinical Records - A system and method for providing access to clinical data over the Internet. The system includes a server, and a database in communication with the server. The database stores clinical data sets. The system further includes a thin client, a communication link between the server and the Internet, and a communication link between the thin client and the Internet. Software executing on the server receives a request for one or more clinical data sets, retrieves the requested clinical data sets, and transmits the clinical data sets to the thin client. | 2009-12-31 |
20090328177 | ENABLING PRIVATE DATA FEED - A method of generating a pre-authenticated link to access a private feed and providing access to the private feed using the pre-authenticated link. A request to access the private feed is received and a first user sending the request is authenticated. A token for the first user is generated when the first user is authorized to access the private feed. The token may identify the first user, the private feed and an owner of the private feed. The token may be embedded within a link and transmitted to the first user. A user is automatically authorized to access the private feed when the token is sent by the user using the link. The link automatically authenticates the first user and allows access to the private feed. The private feed may become inaccessible to the first user when the owner of the private feed revokes access of the first user. | 2009-12-31 |
20090328178 | TECHNIQUES TO PERFORM FEDERATED AUTHENTICATION - Techniques to perform federated authentication are described. An apparatus may comprise a resource server may have an authentication proxy component to perform authentication operations on behalf of a client. The authentication proxy component comprises an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol. The authentication proxy component also comprises an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client. The authentication proxy component further comprises an authentication manager module communicatively coupled to the authentication discovery module, the authentication manager module operative to retrieve authentication information from the identity server using an enhanced authentication protocol, and authenticate the client to access resource services using the authentication information. Other embodiments are described and claimed. | 2009-12-31 |
20090328179 | IDENTIFICATION OF A SMART CARD ON A PLUG AND PLAY SYSTEM - Techniques for identifying a smart card in a plug and play system. The technique requires identifying a unique code identifier and loading a smart card minidriver according to the unique code identifier. | 2009-12-31 |
20090328180 | Granting Least Privilege Access For Computing Processes - Embodiments provide a security infrastructure that may be configured to run on top of an existing operating system to control what resources can be accessed by an applications and what APIs an application can call. Security decisions are made by taking into account both the current thread's identity and the current thread's call chain context to enable minimal privilege by default. The current thread context is captured and a copy of it is created to be used to perform security checks asynchronously. Every thread in the system has an associated identity. To obtain access to a particular resource, all the callers on the current thread are analyzed to make sure that each caller and thread has access to that resource. Only when each caller and thread has access to that resource is the caller given access to that resource. | 2009-12-31 |