Abstract: A web application server includes a user information management unit that manages user IDs and attributes such that each of the user IDs is associated with corresponding one of the attributes, a security policy management unit that manages security policies such that each of security policies is associated with corresponding one of the attributes, a security policy acquisition unit that acquires one of the security policies based on one of the attributes associated with one of the user IDs, and an HTML file generation unit that generates an HTML file in which a script to acquire personal data of corresponding one of users from an intra-company database server is embedded based on one of the security policies of the corresponding one of the users.
Abstract: An access platform or other network elements can include multiple line cards configured to encrypt data. The platform and/or each of the line cards may receive encryption management data that conforms to a predefined encryption management data interface. The encryption management data received by a particular line card may be generated by a conditional access system device and converted to conform to the encryption management data interface by an encryption manager. Line cards may alternatively be configured for connection to separate encryption hardware components. Line cards may include a block of field programmable gate arrays or other type of programmable hardware that can be configured to execute an encryption module.
Type:
Grant
Filed:
December 7, 2010
Date of Patent:
August 11, 2015
Assignee:
Comcast Cable Communications, LLC
Inventors:
Jorge Daniel Salinger, Kevin Taylor, James William Fahrny
Abstract: A method and apparatus for managing a key for secure storage of data. The apparatus includes a main controller configured to process a command, a cipher unit configured to encrypt a first key to form an encrypted key or encrypt data to form encrypted data based on a result of the main controller processing the command, and decrypt the encrypted key or the encrypted data based on the result of the main controller processing the command, a hash unit configured to hash the first key according to control of the main controller, a decrypted key memory configured to store the first key, and an encrypted key memory configured to store the encrypted key.
Type:
Grant
Filed:
August 1, 2013
Date of Patent:
July 28, 2015
Assignee:
Samsung Electronics Co., Ltd.
Inventors:
Jae Chul Park, Yun Ho Youm, Tong Pyo Hong
Abstract: A nonvolatile memory device includes a memory cell array and a read/write circuit connected to the memory cell array through bit lines. The read method of the nonvolatile memory device includes receiving a security read request, receiving security information, and executing a security read operation in response to the security read request. The security read operation includes reading of security data from the memory cell array using the read/write circuit, storing of the read security data in a register, performing security decoding on the read security data stored in the register using the received security information, resetting the read/write circuit, and outputting a result of the security decoding.
Abstract: Embodiments of the invention broadly described, introduce systems and methods for combining multiple field values into a normalized value, generating codes using the normalized value, and using the codes as activation codes. One embodiment of the invention discloses a computer-implemented method for generating a code. The method comprises receiving a plurality of field values associated with a set of fields, each of the fields being associated with a field radix, converting the field values into numeric field values, combining, by a processor, numeric field values, each associated with a field, each of the fields associated with a field radix, to generate a normalized value, and generating, by the processor, a code representative of the plurality of field values using the normalized value.
Abstract: In one embodiment, a method includes receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network, identifying a network admission control policy for the endpoint device, enforcing at the network access device, the network admission control policy for traffic received from the endpoint device, and forwarding at the network access device, traffic from the endpoint device to the network in accordance with the network admission control policy. An apparatus is also disclosed.
Type:
Grant
Filed:
February 23, 2011
Date of Patent:
June 30, 2015
Assignee:
Cisco Technology, Inc.
Inventors:
Navindra Yadav, Atul Mahamuni, Azim Ozakil, Bora A. Akyol, Peirong Feng, Thomas J. Enderwick, Aji Joseph, Shashi Kumar, Sambasivam Valliappan
Abstract: The claimed subject matter provides a method for detecting compromised accounts. The method includes receiving a communication from a sender's account to a recipient. The sender's account is associated with a sender. The method also includes presenting a compromised account reporting interface to the recipient based on specific conditions. Further, the method includes receiving a selection by the recipient indicating the sender's account is compromised. The method also includes determining that the sender's account is compromised based on the selection. Additionally, the method includes generating, in response to a selection by the recipient, a report indicating that the account is compromised.
Type:
Grant
Filed:
April 28, 2011
Date of Patent:
June 16, 2015
Assignee:
Microsoft Technology Licensing, LLC
Inventors:
Krish Vitaldevara, Jason Walter, Eliot Gillum, Hersh Dangayach, Samuel J. Albert
Abstract: The invention is a method of analyzing the behavior of a secure electronic token which comprises an interface for exchanging data with an external entity. The token has a lifecycle wherein the token is intended to be created then issued. The method comprises the steps of: loading and installing a dedicated application into the token after the electronic token has been issued, spying the data exchanged through the interface and providing the dedicated application with these exchanged data, generating a buffer from the exchanged data by the dedicated application, sending the buffer to an external machine.
Abstract: According to one embodiment of the invention, a method for controlling access to a network comprises a first operation of determining a type of electronic device to join the network. Then, unique device credentials are sent to the electronic device. These unique device credentials are used in authenticating the electronic device, and the format of the unique device credentials is based on the type of electronic device determined.
Abstract: A method for integrating a dynamic token generator into a mobile device is provided. The method may include displaying a display. The method may also include transmitting a serial number to a provider. The method may also include receiving a quick response (“QR”) code from the provider. The QR code may contain token activation information. The token activation information may relate to the validated token serial number. The token activation information may include the serial number, an activation code, and an activation password. A dynamic token generator may be configured to internally recognize and scan in the quick response code displayed in the display. The dynamic token generator may also be configured to activate an OTP seed application using at least some of the information stored in the quick response code.
Type:
Grant
Filed:
February 9, 2014
Date of Patent:
May 19, 2015
Assignee:
Bank of America Corporation
Inventors:
Milton Santiago, Jr., Mary R. Rosendahl, Darin G. Mallory, Michael C. Arredia, Jonathan F. McAteer
Abstract: Establishing secure communication between an implantable medical device and an external device includes: accessing, at the implantable medical device, biological data; utilizing the biological data, at the implantable medical device, to generate a public cryptographic key; and utilizing the public cryptographic key, at the implantable medical device, to generate a private cryptographic key.
Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The Actors include components of a cable system that can include a Conditional Access System, Middleware, a Browser for a Set-Top-Box, a Guide and a Guide Data Provider. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes a Hook IP function IPF1. Other Actors who wish to use software functions F that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.
Abstract: Systems and methods for secure file portability between mobile applications in a cloud-based environment or cloud-based collaboration and file sharing environment. In one embodiment, a server-based key generation service generates an encryption key that is unique to each file transfer transaction between mobile applications accessed via a mobile device. Data packages leaving a mobile application are then encrypted using the encryption key to provide secure file portability between mobile applications. In another embodiment, a background service triggered by a mobile application detects when a user is logged out of the mobile application and revalidates the user session with the mobile application to maintain portability of files between mobile applications.
Type:
Grant
Filed:
February 25, 2013
Date of Patent:
May 5, 2015
Assignee:
Box, Inc.
Inventors:
Simon Tan, David Scott Maynard, Rico Yao, Don Cung
Abstract: The present invention discloses a method and apparatus for assisting user input based on the mobile terminal browser, including: storing login authentication information entered by a user when the user logs in a website for a first time from a mobile terminal; after determining that a current page in the mobile terminal browser is a login page and the user logs in after the first time, loading the stored authentication login information to the current login page; receiving the login authentication trigger information; encapsulating the loaded login authentication information of the current login page; and generating a login request for login authentication by a website corresponding to the current login page. By using the disclosed method and apparatus, the number of times the user is required to enter the username and password can be reduced, and the amount of time for the user to access Internet websites can be reduced.
Type:
Grant
Filed:
July 14, 2013
Date of Patent:
April 28, 2015
Assignee:
Tencent Technology (Shenzhen) Company Limited
Abstract: An apparatus and method for verifying the integrity of firmware of an embedded system is provided. The apparatus for verifying the integrity of firmware of an embedded system includes a target integrity code obtainment unit for obtaining a target integrity code of firmware of the embedded system. A source integrity code obtainment unit obtains a source integrity code of source firmware. An integrity determination unit determines whether integrity of the firmware of the embedded system is maintained, by using the target integrity code and the source integrity code.
Type:
Grant
Filed:
July 14, 2013
Date of Patent:
April 28, 2015
Assignee:
Electronics and Telecommunications Research Institute
Inventors:
Hyo-Won Kim, Jung-Hyung Park, Jae-Woo Han, Dae-Seon Park, Hye-Ryoun Chung, Jin-Ha Hwang, Bon-Seok Koo, Sang-Woo Park
Abstract: Systems, devices, and methods are disclosed for enabling the reconfiguration of services supported by a network of devices. Such reconfiguration can be realized dynamically and in real time without compromising the security of the overall system from external threats or internal malfunctions. These systems, devices and methods may provide a first functional stack supporting a previous version of a specific service and the provisioning of a second functional stack dynamically and in real-time that supports an updated version of the specific service. In addition, an administration function may be included in the embodiment such that the administration function manages and controls the functional stacks and network operations. Using these mechanisms, an existing service can be changed dynamically or a new service can be added dynamically in a secure manner without interruption of other existing services.
Type:
Grant
Filed:
September 25, 2013
Date of Patent:
April 14, 2015
Assignee:
DomaniCom Corporation
Inventors:
William G. Bartholomay, Sin-Min Chang, Santanu Das, Arun Sengupta, Suvhasis Mukhopadhyay
Abstract: Systems and methods of detecting copying of computer code or portions of computer code involve generating unique fingerprints from compiled computer binaries. The unique fingerprints are simplified representations of the compiled computer binaries and are compared with each other to identify similarities between the compiled computer binaries. Copying can be detected when there are sufficient similarities between at least portions of two compiled computer binaries.
Type:
Grant
Filed:
June 25, 2014
Date of Patent:
March 31, 2015
Assignee:
Terbium Labs LLC
Inventors:
Daniel Jordan Rogers, Michael Alan Moore
Abstract: The present disclosure relates to a system, apparatus and method for securing electronic files and folders independent of their location. A computer network implemented system for securing data is provided. The system includes a central server (400) that manages access to a secure data architecture that enables one or more data security operations including data encryption, data decryption and secure data sharing. A security appliance (200) is also provided that is interoperable with each of one or more computer devices (100) to integrate each computer device (100) into the secure architecture so as to enable data security operations at each computer device, by authenticating a user of each computer device (100) to the security appliance (200) and to the central server (400).
Abstract: A security component within a supervisory process control and manufacturing information system comprising a set of user roles corresponding to different types of users within the information system, a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles, and a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system. The security permissions within the supervisory process control and manufacturing information system are assigned at an object attribute level.
Type:
Grant
Filed:
March 7, 2014
Date of Patent:
March 17, 2015
Assignee:
Invensys Systems, Inc.
Inventors:
James P. McIntyre, Robert M. Resnick, Timothy Sowell, Kenneth Kasajian, Pankaj H. Mody