Abstract: Selective regulation of information transmission from mobile applications to a third-party privacy compliant target system. A privacy policy is configured for and mapped to each of a multiplicity of mobile application concerns, with each privacy policy comprising rules regulating the transmission of information to a third-party privacy compliant target system. Instrumentation instructions can be integrated with a mobile application and provided to a mobile device. The instrumentation instructions direct the mobile application to submit a privacy policy request comprising a mobile application identifier from the mobile device to a third-party privacy compliance system and enable sending information from the mobile device to the third-party privacy compliant target system, subject to the privacy policy.
Type:
Grant
Filed:
May 22, 2013
Date of Patent:
March 22, 2016
Assignee:
Quantcast Corporation
Inventors:
Crispin Edward Harold Flowerday, Michael F. Kamprath, Faraaz Aejaz Shareshwala, Daniel Vogel Fernandez de Castro
Abstract: Controlling access to secure resources of a data processing system is provided. An input-to-output mapping of an application installed on the data processing system is generated that determines whether a secure resource in the data processing system is shared with an external entity associated with the application and under what specified conditions. It is determined whether the specified conditions exist during runtime of the application. In response to determining that the specified conditions do not exist during runtime of the application, sharing of the secure resource of the data processing system with the external entity associated with the application is prevented. In response to determining that the specified conditions do exist during runtime of the application, sharing of the secure resource of the data processing system with the external entity associated with the application is allowed.
Abstract: Methods, systems, and computer-readable media for self-maintaining interactive communications privileges governing interactive communications with entities outside a domain are disclosed. The interactive communications privileges can be used to process interactive communications requests between entities inside a domain and entities outside the domain. Currently configured interactive communications privileges configured for an entity outside a domain may no longer be desired, reliable, or valid with the current capabilities of the entity outside the domain. In this regard, embodiments disclosed herein involve self-maintaining interactive communications privileges configured for entities outside a domain. Review of interactive communications privileges configured for entities outside a domain can be performed to determine if those interactive communications configurations should be maintained, in whole or part, or not maintained.
Abstract: A method and apparatus for safe and secure access to dynamic domain name systems. In one embodiment a method comprises transmitting a DNS query to a dynamic DNS server. The DNS query comprises a domain name. A DNS answer is received from the dynamic DNS server in response to transmitting the DNS query. The DNS answer comprises an IP address. A request is transmitted to a host at the IP address in response to receiving the DNS answer. A digital certificate is received in response to transmitting the request. The received digital certificate is then compared with each of a plurality of digital certificates stored in memory. The IP address is transmitted to a client computer system if the received digital certificate compares equally with one of the plurality of digital certificates.
Abstract: The present invention provides an information processing device which can detect illegal authorization setting efficiently in a short period of time. The information processing device includes a database which stores electronic documents, a means for storing rank values of users of the database, a means for storing the authorization degree of an electronic document or an electronic document group and authorization degrees of respective document classes of the database, a means for analyzing the electronic documents and combining together documents having mutual similarity in a degree equal to or higher than a certain level into a similar document group, and a means for analyzing authorization degrees of respective document classes in the database with reference to the rank values of the users, and thus detecting an electronic document or an electronic document group whose authorization setting is improper.
Abstract: Systems, apparatus, and methods of authentication utilizing contextual data to authenticate individuals and prevent security breaches are described herein. An example proxy engine may monitor interactions with a computing device to obtain contextual data unique to a user. The contextual data may be utilized to generate unique challenge questions in response to requests for access to a secure resource, and may eliminate the need for a user to remember credentials to access the resource. Challenge questions may be limited to a single use and vary in difficulty in proportion to the value of the resource. In response to correct responses to challenge question(s), the proxy engine may access a vault containing a credential authorizing access to the resource. The vault and proxy engine may be entirely contained on the computing device or they may be implemented on a remote apparatus accessed via an application or interface on the computing device.
Type:
Grant
Filed:
March 5, 2013
Date of Patent:
December 29, 2015
Assignee:
Intel Corporation
Inventors:
Hong Li, Rita H Wouhaybi, Tobias Kohlenberg
Abstract: Media rights are managed to include not just device authentication, but to include elements of user, device, and service authorization. A user can play media on a mobile device, continue playing the media on a desktop computer, and subsequently move to a large screen television and media rights are automatically identified to provide the most appropriate authorized content. This allows an authorized user to seamlessly access different forms of the same content on a variety of authenticated devices using the same digital rights management mechanisms.
Abstract: In one embodiment, an internet monitor service may use a final content rating to determine access to a webpage. A monitor client 102 may generate a client content rating of a webpage 104. The monitor client 102 may factor the client content rating with a server content rating of the webpage 104 to determine a final content rating for the webpage 104.
Type:
Grant
Filed:
September 8, 2011
Date of Patent:
December 29, 2015
Inventors:
Bryce Hutchings, Wei Jiang, Vladimir Rovinsky
Abstract: According to one embodiment, a login page is displayed on a mobile device for logging onto a support center. In response to selecting a first login option, the user is requested to speak a predetermined phrase to a microphone of the mobile device and a first voice stream is captured using a voice recorder of the mobile device. The first voice stream is transmitted to the support center for authentication based on the voice. In response to selecting a second login option, a password is obtained and is transmitted to the support center to for authentication based on the password. Upon having been successfully authenticated by the support center based on at least one of the first and second login options, a communication session is established with a support agent of the support center for support services of a product associated with the user.
Type:
Grant
Filed:
September 30, 2013
Date of Patent:
December 29, 2015
Assignee:
TeleTech Holdings, Inc.
Inventors:
Kenneth D. Tuchman, Bruce A. Sharpe, Henry D. Truong
Abstract: A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device. Further, it is also possible that it is determined that the at least one actual vulnerability of the at least one networked device is not capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device. To this end, the first occurrence and the second occurrence are reported differently.
Abstract: Aspects of a virtualized security processor are described herein. In various embodiments, one or more virtual security modules may be instantiated at a port interface between a security module and a processing environment of a host device. In one embodiment, a virtual security module is instantiated for each service of the host device. Each virtual security module is configured for at least one command supported by the security module for an associated service of the host device. After being configured, a virtual security module may receive a security command request from an associated service and, before submitting the security command request to the security module, verify and prioritize the security command request. In certain aspects, the use of virtual security modules assists the host device to interface multiple services with the security module, while prioritizing tasks for and offloading certain tasks from the security module.
Abstract: In an image forming apparatus, a section managing unit acquires section information and usage restriction information from the server apparatus after succession of the user authentication on a login user and registers a temporal section based on the acquired section information and the acquired usage restriction information as a section within the image forming apparatus. The UI control unit removes logout prohibition to the login user before completion of a job of the login user performed by the image forming apparatus, and the usage restriction managing unit continues to perform usage restriction management of the temporal section for the job until the job is completed even after the login user performs a logout operation.
Abstract: A computer-implemented method for performing security analyses of applications configured for cloud-based platforms may include 1) identifying an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, 2) identifying at least one third-party application that is integrated with the online service and configured to operate on the online platform, 3) identifying metadata describing at least one characteristic of the third-party application, and 4) performing a security analysis of the third-party application based at least in part on the metadata. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.
Abstract: A method begins by a dispersed storage (DS) processing module generating a shared secret key from a public key of another entity and a private key using a first modulo prime polynomial function, wherein a public key is generated from the private key using a second modulo prime polynomial function and wherein the public key of the other entity is derived using the second modulo prime polynomial function on a private key of the other entity. The method continues with the DS module encrypting a message using the shared secret key to produce an encrypted message. The method continues with the DS module outputting the encrypted message to the other entity.
Abstract: A method and an apparatus for providing Machine-to-Machine (M2M) service are provided. A method of providing service by an M2M device includes transmitting a request for service to a Network Security Capability (NSEC), the request for service comprising a identifier of a Device Service Capability Layer (DSCL) of the M2M device, performing an Extensible Authentication Protocol (EAP) authentication with an M2M Authentication Server (MAS) via the NSEC, and generating, if the EAP authentication is successful, a service key using a Master Session Key (MSK), a first constant string, and the identifier of the DSCL.
Abstract: A security server for programming configuration settings and application images into a target device is disclosed. The security server includes two secure microprocessors. In the security server a first microprocessor is configured to be coupled to a user of the security server and a comparator to validate configuration data as it progresses through the security server. The first microprocessor receives configuration data and application data for use in configuring the target microprocessor. A second secure microprocessor is coupled to the first secure microprocessor through a high-speed communications link. This second microprocessor provides a security engine for encryption of data and a verifier for verifying that the configuration settings and application images are correctly stored in the target microprocessor.
Abstract: A distributed and coordinated security system providing intrusion-detection and intrusion-prevention for the virtual machines (VMs) in a virtual server is described. The virtualization platform of the virtual server is enhanced with networking drivers that provide a “fast path” firewall function for pre-configured guest VMs that already have dedicated deep packet inspection security agents installed. A separate security VM is deployed to provide virtual security agents providing deep packet inspection for non pre-configured guest VMs. The network drivers are then configured to intercept the data traffic of these guest VMs and route it through their corresponding virtual security agents, thus providing a “slow-path” for intrusion detection and prevention.
Abstract: Various embodiments herein include at least one of systems, methods, and software that efficiently segregate data from externally accessible systems. One such embodiment is a method performed by a first data processing system and includes receiving a call from a client of a user interaction service requesting data to populate a client application user interface. Next, a first object service obtains the requested data. The first object service is then executed to call a master data service to retrieve master data from a local database storing master data copied from master data stored by a second data processing system. Next, transaction data is retrieved via a remote service call over a network from the second data processing system. The retrieved data is then provided back to the calling user interaction service, which then transmits the data to the client application.
Abstract: Key management for and automount of encrypted files, including recovering a master vault key file from an encoded vault key file, storing the vault key file within a previously mounted crypto key management virtual drive so as to provide a secure scratch pad area for temporary storage of the master vault key file. An open and mount module may then invoke a file mounting procedure by providing the vault key file name and a path corresponding to the crypto key management virtual drive to a virtual drive mounting module. The method of passing the vault key file to the file mounting utility module may comprise passing command line arguments equal to a pathname and filename to the file mounting utility.