Abstract: In accordance with one embodiment of the present invention a secure electronic identification device is presented. The secure electronic identification device includes a display mode for displaying government furnished information, a display mode for displaying user furnished information, and a public display mode for displaying public information.
Abstract: A method begins by dividing a data segment into data segment portions. The method continues by encoding the data segment portions to produce a plurality of sets of encoded data segment portions. A data segment portion is encoded by, first, selecting an encoding equation and an encoding constant(s). The encoding continues by setting a first variable to the data segment portion. The encoding continues by setting a second variable to one of a set of pillar numbers. The encoding continues by executing the encoding equation using the encoding constant, the first variable, and the second variable to produce one of the plurality of sets of encoded data segment portions. The method continues by arranging the plurality of sets of encoded data segment portions into a plurality of encoded data slices. The method continues by sending the plurality of encoded data slices to distributed storage units of a distributed storage network.
Abstract: An encrypted session is established between a client device and a target server device when the client device initiates network connections through a proxy device. The client device initiates an encrypted session with the proxy device. Once the encrypted session is established, the client device communicates the address of the target server device to the proxy device. Then, the proxy device sends an encrypted session renegotiation message to the client device. The client device responds to the encrypted session renegotiation message by transmitting an encrypted session handshake message to the proxy device. The proxy device forwards the encrypted session handshake message to the target server device, and continues to forward handshake messages between the client device and the target server device, enabling the client device and the target server device to establish an encrypted session.
Abstract: An electronic arrangement includes a computer device that provides a media profile entity configured to store and maintain at least one user-adjustable personal media profile for a user capable of accessing a network, and related sites, services and/or applications via a number of terminal devices, the personal media profile describing the user's interests preferably excluding identifiable information, the interests being represented on a number of levels including interest categories, and the interests are at least partially determined based on monitoring the user behavior relative to the network, and an authentication entity configured to associate a terminal utilized by the user with the media profile of the user based on profile-identifying data provided to/by the terminal.
Type:
Grant
Filed:
August 23, 2013
Date of Patent:
July 28, 2015
Assignee:
GLOME OY
Inventors:
Edvard Immonen, Sakari Kyro, Timo Ronkainen, Jerry Jalava, Esa Lipiainen
Abstract: A system and a method of retrieving information is described. In a system according to the invention, software modules may be used to provide the user with information that is most likely to be the information desired.
Abstract: A computer-implemented method for authentication involves defining a level of trust required for access to a resource independently of any particular authentication mechanism or instance, determining levels of trust associated with a plurality of authentication instances, and selecting and combining two or more of the authentication instances to meet or exceed the required level of trust.
Abstract: A system and method for submission and receipt of communications and information including sending, receiving, and responding to mood related, time-sensitive and/or secretive messages or information, through a one-step submission to communication networks and/or social media platforms, through a anonymous submit and targeted authorized receipt process, having the generating, assigning, and utilizing of unique identifiers, and corresponding actionable and searchable administrative report generating process.
Abstract: In one implementation, a tag is associated with a tainted value of an application and an output context of the application that is associated with output from the application that includes the tainted value is determined. A taint processing is a applied to the tainted value in response to the output of the tainted value, the taint processing is compatible with the output context.
Type:
Grant
Filed:
September 29, 2011
Date of Patent:
June 9, 2015
Assignee:
Hewlett-Packard Development Company, L.P.
Abstract: Methods, systems, and techniques for securing access to stored data are provided. Example embodiments provide a Storage Management System (“SMS”) that is configured to facilitate protected information sharing. The SMS may restrict access to shared information based on one or more criteria that validate an entity's right to access the information. For example, the SMS may restrict access to entities that are located in a particular geographic region, that are using a particular type of hardware or software, that hold particular credentials, or the like. In some cases, the SMS may require that an entity's claim to meet on or more required criteria be validated by a trusted third party.
Abstract: Embodiments of the present invention provide an authenticating service of a chip having an intrinsic identifier (ID). In a typical embodiment, an authenticating device is provided that includes an identification (ID) engine, a self-test engine, and an intrinsic component. The intrinsic component is associated with a chip and includes an intrinsic feature. The self-test engine retrieves the intrinsic feature and communicates it to the identification engine. The identification engine receives the intrinsic feature, generates a first authentication value using the intrinsic feature, and stores the authentication value in memory. The self-test engine generates a second authentication value using an authentication challenge. The identification engine includes a compare circuitry that compares the first authentication value and the second authentication value and generates an authentication output value based on the results of the compare of the two values.
Type:
Grant
Filed:
December 7, 2012
Date of Patent:
May 19, 2015
Assignee:
International Business Machines Corporation
Inventors:
Srivatsan Chellappa, Subramanian S. Iyer, Toshiaki Kirihata, Sami Rosenblatt
Abstract: Described is a system, method, and computer program product for ensuring that promises are kept in an anonymous system. A verifiable interaction is established between at least two users. Each user utilizes at least one pseudonym to protect their identity, which is verifiable by a third party. The pseudonyms are stored in an anonymous database controlled by the third party. The invention described herein ensures that at least one user in the verifiable interaction performs an action that is agreed upon between the users. If the user does not perform the action, then that user is prevented from establishing another verifiable interaction by the third party. In a desired aspect, the invention is utilized in an anonymous reputation system to ensure that actions that affect a user's reputation, including those that negatively impact the user's reputation, are performed as agreed upon.
Type:
Grant
Filed:
December 7, 2012
Date of Patent:
May 5, 2015
Assignee:
HRL Laboratories, LLC
Inventors:
Aleksey Nogin, Joshua Baron, Karim El Defrawy
Abstract: A method for use in a system with multiple processor-based devices, the method including: running a first application on a first processor-based device; maintaining a second application in a standby mode on the first processor-based device; and providing a service to each of the first and second applications on the first processor-based device by a service-providing application on the first processor-based device, wherein providing the service includes maintaining a record regarding service statuses of the first application and the second application in which the record stores a respective entry for each of the first and second applications to reflect an active service status for the first application and a standby service status of the second application.
Abstract: A method, computer program, apparatus and a secure module are described. By example, in the method there are steps of receiving a request from a first entity for a secure module to enter an unlock lifecycle state; requesting confirmation to enter the unlock lifecycle state; and if the request is confirmed, transitioning the secure module from a current lifecycle state to the unlock lifecycle state.
Abstract: Method for supporting a reputation mechanism in a network including one or more domains with one or more users being connected to the domains, one or more Identity Providers that manage identity information, and at least one entity that functions as Web Service Consumer for the users. When a user requests a Web Service Consumer of one of the domains for a web service provided by a Web Service Provider, the requested Web Service Consumer requests its known Identity Providers regarding a recommendation of the Web Service Provider. The Identity Providers function as recommendation aggregators by collecting reputation assessments of the Web Service Provider from entities registered on the Identity Providers who return an aggregated recommendation to the requested Web Service Consumer that determines a trust assessment about the Web Service Provider. A privacy homomorphism is employed for providing an encrypted exchange of recommendation related information.
Abstract: A method of authenticating user access to a restricted resource across a computer network, the method characterised by: communicating client device configuration data to a server and assigning a risk analysis score based on the client device configuration data; and generating an alert at a client device in response to the risk analysis score.
Abstract: The disclosure generally describes computer-implemented methods, software, and systems for cloud-based single sign-on (SSO) capabilities. A computer-implemented method includes operations for identifying a first system for single sign-on capabilities, identifying a second system disparate from the first system for providing a single sign-on capability with the first system through a cloud-based SSO configuration manager, automatically accessing metadata associated with the sign-on information of the second system, the set of metadata identifying sign-on-related information for sharing at least one credential/certificate for logging in to the second system, using the metadata to obtain an authorization for a single sign-on between the first and second systems, receiving a request from the first system for authorization at the second system, and, in response to the request, providing the authorization and creating a cloud-based SSO system that includes the first and second systems.
Type:
Grant
Filed:
December 7, 2012
Date of Patent:
February 10, 2015
Assignee:
SAP SE
Inventors:
Frank Brunswig, Peter Dell, Klaus Herter, Bare Said
Abstract: A network security system includes a server configured to receive an access request via a network from a remote computing device, a database storing customer account information accessible by the server, and memory accessible by the server and storing a customer notification program. When executed by the server, the program identifies the remote computing device by a device fingerprint and requesting location, determines whether the device fingerprint matches any authorized device fingerprints stored in the database and sends, responsive to a mismatch between the device fingerprint and the authorized device fingerprints, a notification of the request to a customer-specified address. The notification indicates the request, the identity of the remote computing device, and the requesting location. The program may resolve the request responsive to a reply to the notification from the customer-specified address.
Abstract: It is provided a method and system for multi-access authentication in Next Generation Network (NGN). A network side authentication center (NSAC) generates an authentication vector after receiving, from a user terminal (UT), UT information including subscription information and multi-access information of the UT; after receiving an authentication request including authentication information from the NSAC, the UT performs authentication on the network side, generates keying material and network side authentication information (NSAI) upon successful authentication, and sends the NSAI to the NSAC, which performs authentication on the NSAI using the authentication vector, generates keying material according to the multi-access information of the UT upon successful authentication, and informs an access forwarding functional module (AFFM) of the keying material; the AFFM encrypts and decrypts access service information of the UT according to the keying material.
Abstract: Preventing attacks on a computer at run-time. Content that is configured to access at least one function of a computer is received by the computer. Protections corresponding to the function are added to the content, wherein the protections override the function. The content and the protections are then transmitted to the computer. The function may expose a vulnerability of the computer, and arguments passed to the function may exploit that vulnerability. The protections are executed when the content is executed, and determine whether the arguments the content passed into the function represent a threat. In response to determining that the arguments represent a threat, execution of the content is terminated without executing the function.
Type:
Grant
Filed:
July 1, 2013
Date of Patent:
January 20, 2015
Assignee:
Dell Products, LP
Inventors:
Andy Davenport, Hunter King, Jon R. Ramsey
Abstract: The disclosure discloses a method for updating an air interface key, a core network node and a radio access system, wherein the method for updating an air interface key comprises: a core network node receives a relocation complete indication message from a target RNC (S502), the relocation complete indication message is configured to indicate the successful relocation of User Equipment (UE) from a source RNC to the target RNC; the core network node uses the saved traditional key and the current enhanced key to calculate a next hop enhanced key (S504); the core network node sends the next hop enhanced key to the target RNC (S506). Through the disclosure, the forward security of users is guaranteed effectively, thus the communication security of the radio access system is improved overall.