Patents Issued in January 12, 2017
-
Publication number: 20170012959Abstract: Some embodiments provide a method for a first device for joining a group of related devices. The method receives input of a password for authorization with a centralized entity. The method receives input of a code generated by a second device already established in the group of related devices. The method uses the password and the code to (i) join the group of related devices in order to synchronize user data with the devices in the group of related devices and (ii) authorize the first device with the centralized entity as a valid device for a particular account with the centralized entity.Type: ApplicationFiled: September 30, 2015Publication date: January 12, 2017Inventors: Yannick L. Sierra, Mitchell D. Adler
-
Publication number: 20170012960Abstract: A computer-implemented method for securing a content server system is disclosed. The method includes identifying that a request has been made by a client computing device for serving of content from the content server system; serving, to the client computing device and for execution on the client computing device, reconnaissance code that is programmed to determine whether the client computing device is human-controlled or bot-controlled; receiving, from the reconnaissance code, data that indicates whether the client computing device is human-controlled or bot-controlled; and serving follow-up content to the client computing device, wherein the make-up of the follow-up content is selected based on a determination of whether the client computing device is human-controlled or bot-controlled.Type: ApplicationFiled: July 7, 2016Publication date: January 12, 2017Inventors: Nwokedi Idika, Justin D. Call
-
Publication number: 20170012961Abstract: In an approach, a target computing device receives a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key. The target computing device forwards the pairing request to the authentication server, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials. The target computing device receives the pairing which includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key. The target computing device decrypts the shared secret encrypted under the target device key and forwards the shared secret encrypted under the controller key to the controller device. Using the decrypted shared secret, the target computing device establishes a secure connection to the controller computing device.Type: ApplicationFiled: September 2, 2016Publication date: January 12, 2017Inventors: Jean-Marie White, Baskar Odayarkoil, Lee Adams
-
Publication number: 20170012962Abstract: In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user's identity.Type: ApplicationFiled: September 19, 2016Publication date: January 12, 2017Inventors: Ryan Lissack, Robert Joseph Snell, Robert Charles Fly
-
Publication number: 20170012963Abstract: A method includes providing a plurality of variables and a variable. The variables differ from each other. The variables differ from the variable. The further method includes providing a lookup table indexing a plurality of characters via a plurality of values based on a first numeral system, converting a message into a first sequence of values based on the table, converting the first sequence into a second sequence of values based on a second numeral system different from the first system and according to a preset format, combining the second sequence into a single sequence via removing the format, generating a first plurality of subsequences from the single sequence based on segmentation of the sequence via alternating the variables, converting the first subsequences into a second plurality of subsequences such that each of the second subsequences is sized according to the variable, and transmitting the second subsequences.Type: ApplicationFiled: September 26, 2016Publication date: January 12, 2017Inventors: Brian Penny, Desmond Penny
-
Publication number: 20170012964Abstract: Methods and apparatus for providing authentication of control instructions from a control device to a remotely-controllable physical interaction device using a remote control authentication token include receiving a request from a control device for a transmission of a remote control authentication token. Responsive to the request from the control device for the remote control authentication token, an identity of the control device is verified. Verifying the identity of the control device further includes comparing a pairing of a requesting identity credential of the control device and a requesting network context of the control device to expected values of pairings of requesting identity credentials and requesting network contexts, and responsive to verifying the identity of the control device, transmitting the remote control authentication token.Type: ApplicationFiled: September 28, 2015Publication date: January 12, 2017Applicant: IDENTITY OVER IPInventor: Christopher Ceppi
-
Publication number: 20170012965Abstract: An access control system is provided to provide a core server to authenticate the permissions of users to access services provided by other operators. The provision of a single core server allows many-to-many access agreements to be mediated and maintained for effectively than by operating individual one-to-one access permissions. This allows updates to access permissions to be handled by the operator responsible for the user or service in question, without the need to directly co-operate which each and every service involved. When an access attempt is made through a user interface (10) to access a service provided by another user (20), the service provider (21) refers the request to a core server (30) for authentication, and the core server (30) instructs the user to identify an identity provider (32) with which he is authenticated (step 63). Details provided by the user may be stored by the core server (30) for one or more subsequent uses.Type: ApplicationFiled: January 13, 2015Publication date: January 12, 2017Inventors: Christopher Edwin HURST, Gurmohinder TAKHAR
-
Publication number: 20170012966Abstract: An application server receives a request for service from a wireless transmit/receive unit (WTRU) associated with a home network that includes a home subscriber server (HSS) and a bootstrapping server function (BSF) coupled via a Zh reference point. The application server authenticates the WTRU at least in part by (i) redirecting the WTRU to an identity provider co-located with a network application function (IDP/NAF) and coupled to the BSF via a Zn reference point and (ii) receiving an assertion from the WTRU that the IDP/NAF has authenticated the WTRU based on user security settings retrieved from the BSF by the IDP/NAF over the Zn reference point. After authenticating the WTRU, the application server (i) retrieves user-specific Sh-reference-point-type data from the HSS via the IDP/NAF over the Zn and Zh reference points and (ii) provides the service to the WTRU based on the retrieved user-specific Sh-reference-point-type data.Type: ApplicationFiled: September 23, 2016Publication date: January 12, 2017Inventors: Xavier De Foy, Kamel M. Shaheen, Milan Patel, Osama Lotfallah, Hang Liu, Yousif Targali
-
Publication number: 20170012967Abstract: A server receives a single certificate signature request from a requestor and determines that the requestor is authorized for a certificate corresponding to the single certificate signature request. The server generates a first certificate corresponding to the single certificate signature request, wherein the first certificate has a first expiry value. The server transmits the generated first certificate to the requestor. Responsive to an amount of time elapsing, the server automatically generating a second certificate corresponding to the single certificate signature request, wherein the amount of time expiring is less than the first expiry value. The server transmits the generated second certificate to the requestor.Type: ApplicationFiled: July 8, 2016Publication date: January 12, 2017Inventors: Lee Hahn Holloway, Nicholas Thomas Sullivan
-
Publication number: 20170012968Abstract: The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system. A virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential information onto the virtualized network function entity during or after instantiation of the virtualized network function entity, so that the virtualized network function entity obtains, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity. The invention not only can apply to a network function virtualization scenario, but also can resolve a problem of a security risk in network function virtualization.Type: ApplicationFiled: September 23, 2016Publication date: January 12, 2017Inventors: Chengyan FENG, Jing CHEN
-
Publication number: 20170012969Abstract: Embodiments of the present application relate to a method and device for authentication processing. The method includes obtaining an equipment code that uniquely identifies a terminal, generating a dynamic password based at least in part on the equipment code and an output value of a counter, wherein the dynamic password is a basis for authentication of the terminal by a server, and sending the dynamic password to the server, wherein the server authenticates the dynamic password.Type: ApplicationFiled: July 1, 2016Publication date: January 12, 2017Inventor: Zeyang Li
-
Publication number: 20170012970Abstract: A method includes receiving biometric data, the biometric data non-uniformly distributed and processing the biometric data to a level of randomness as a plaintext vector, the level of randomness associated with a security level. The method also includes encrypting the plaintext vector using a relational linearity encryption scheme to generate a linearity ciphertext representative of the plaintext vector, encrypting the plaintext vector using a relational proximity encryption scheme to generate a proximity ciphertext representative of the plaintext vector, and communicating the linearity ciphertext and the proximity ciphertext to an authentication server.Type: ApplicationFiled: July 10, 2015Publication date: January 12, 2017Inventors: Avradip MANDAL, Arnab ROY, Hart MONTGOMERY
-
Publication number: 20170012971Abstract: A communicating apparatus, method, and system that capture an image, authenticate a person in the image that has been captured, determine a direction of the person based on a result of authenticating the person, and control transmission of a radio wave in the determined direction to connect a terminal device to a network, and communicate with the terminal device connected to the network by using access information included in the transmitted radio wave.Type: ApplicationFiled: July 8, 2016Publication date: January 12, 2017Inventor: Shinya ENDO
-
Publication number: 20170012972Abstract: A system and method including a disposable wearable device that provides enhanced capabilities to a non-wearable device for a limited period of time by sensing proximity and securely exchanging permissions with the non-wearable device. In one embodiment, the wearable device is capable of sensing one or more bio-signals that are provided to the non-wearable, tactile feedback, or the like. The wearable device may be disposable and may also provide additional tactile feedback for the extended feature (e.g. game feedback, etc). In another embodiment, the wearable device is capable of sensing one or more bio-signals that are provided to the non-wearable, tactile feedback, or the like.Type: ApplicationFiled: August 14, 2016Publication date: January 12, 2017Applicants: SONY CORPORATION, SONY CORPORATION OF AMERICAInventors: Nobuo Tanaka, Vladimir Elgort, Jacelyn Danielson, Anton Kalachev, John Wong, Behram DaCosta, Udupi Ramanath Bhat, Ludovic Copere, Masaki Kataoka
-
Publication number: 20170012973Abstract: A trust framework for secured digital interactions between entities is disclosed. In an example implementation, a secured digital interaction is initiated by a first entity with a second entity. Further, it is determined whether encrypted uniquely identifiable digital information associated with the second entity is stored in a first entity specific trust database. Furthermore, the secured digital interaction is established using encrypted uniquely identifiable digital information associated with the first entity and the second entity via a trust facilitator, if the encrypted uniquely identifiable digital information associated with the second entity is not stored in the first entity specific trust database.Type: ApplicationFiled: January 30, 2014Publication date: January 12, 2017Inventors: Harish Parthasarathy, Rupesh Shantamurty
-
Publication number: 20170012974Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.Type: ApplicationFiled: September 22, 2016Publication date: January 12, 2017Inventors: Yannick L. Sierra, Mitchell D. Adler
-
Publication number: 20170012975Abstract: A network function virtualization security and trust system includes a network device that operates as a virtualized network device with virtualized services provided on the network device by network nodes included in the system. Security and trust within the system can include hardware authentication of the network nodes and the network device to obtain a level of security of the hardware provisioning the operation of the virtualized services. Security and trust can also include authentication of the services being used on the virtualized network device. Services authentication can be based on monitoring and analysis of the cooperative operation of the services in the virtualized network device. The virtualized services can be dynamically changed, added or stopped. Hardware authentication and dynamic services authentication in accordance with changes in the virtualized services can dynamically maintain a level of security across the devices and the virtualized services.Type: ApplicationFiled: August 4, 2015Publication date: January 12, 2017Inventors: Nicholas Ilyadis, Xuemin Chen, Philippe Klein, Ariel Hendel, Kumaran David Siva
-
Publication number: 20170012976Abstract: An authentication method is provided. The authentication method includes receiving a login request from a client terminal. The login request may be generated based on an identification feature of the client terminal, and the login request may include account information associated with the client terminal. The method may further include identifying the identification feature based on the login request, determining whether a database associated with a server includes the identification feature and the account information, generating login status information based on a result of the determination and sending the login status information to the client terminal, and if the login status information indicates a login success of the client terminal, initiating data communications with the client terminal.Type: ApplicationFiled: July 8, 2016Publication date: January 12, 2017Inventor: Wenlong YU
-
Publication number: 20170012977Abstract: A method for allocating an addressing identifier includes: notifying, by an access point, at least two stations of an encrypted new MAC address that corresponds to each station, and indicating a predetermined update condition, so that the at least two stations update respective MAC addresses to the respective new MAC addresses when the predetermined update condition is met; and when the predetermined update condition is met, updating, by the access point, the MAC addresses of the at least two stations to the new MAC addresses that correspond to the stations, so that when a message is subsequently received from the stations or sent to the stations, the new MAC addresses are used as the MAC addresses of the stations. In the foregoing manner, the present invention can prevent an eavesdropper from tracing, by using a MAC address, a terminal to acquire user privacy, ensuring security of the user privacy.Type: ApplicationFiled: September 23, 2016Publication date: January 12, 2017Inventors: XIAOXIAN LI, PING FANG, ZHIMING DING
-
Publication number: 20170012978Abstract: The present invention provides a secure communication method and apparatus. A security proxy device is arranged between a client and a server; after receiving data returned by the server to the client, the security proxy device assigns a token to the client, and sends the token, the data returned by the server to the client and an execution module to the client; receives a request which the execution module running at the client uses the token to send, verifies the token, and forwards the request to the server if the validation succeeds. The present invention improves security of communication between the client and the server, and can protect the server from various automated attacks.Type: ApplicationFiled: May 5, 2016Publication date: January 12, 2017Applicant: RIVER SECURITY INC.Inventors: Yumin LIN, Hongyong XIAO, Lin ZHENG, Ming Xu
-
Publication number: 20170012979Abstract: Provided is a recording medium storing an information processing program including: specifying access information with respect to a web site; establishing a session between an information processing apparatus and an authentication server apparatus by causing authenticator to access the authentication server apparatus via a communication network based on the access information specified by the specifying; executing an individual identity authentication process for the information processing apparatus independently of at least one web browser in response to a response from the authentication server apparatus by using the session established by the establishing; and activating, when authentication by the individual identity authentication process succeeds, the at least one web browser, providing information of the session and the access information to the at least one web browser, and causing the at least one web browser to access the web site based on the information of the session and the access information.Type: ApplicationFiled: July 7, 2016Publication date: January 12, 2017Applicant: OnSite Co., Ltd.Inventor: Takashi MATSUSHITA
-
Publication number: 20170012980Abstract: Techniques are disclosed for protecting the privacy and security of data associated with a web document. A web browser is configured to manipulate the URL, which contains an access token, of a preview web page document before the browser loads external resources (e.g., web page content) linked from the preview web page document. For example, the browser may change a current page URL containing the access token to another sacrificial URL that does not include the token. In addition, the browser will send the sacrificial URL, rather than the original URL, as a referrer to the various resources that provide the web page content, which prevents exposure of the access token to those resources while the web page content is loading. After the web page content is loaded into the browser, the current page URL of the browser is changed back to the original URL.Type: ApplicationFiled: July 8, 2015Publication date: January 12, 2017Applicant: ADOBE SYSTEMS INCORPORATEDInventors: Antonio Sanso, Damien Antipa
-
Publication number: 20170012981Abstract: Systems and processes that may be implemented to manage access by software applications to various resources of a user telecommunications device are disclosed. The systems and processes may implement a trust policy which reflects privacy criteria selected by a user of the user telecommunications device, wherein the trust policy overrides registered permissions of the software applications. The user telecommunication device may include a memory that stores a software application has been granted registered permissions to access a input and/or output component of the user telecommunications device as well as a trust policy has been set by the user to proscribe access by that particular software application to the input and/or output component. In implementing the trust policy, the software application may be prevented from accessing the input and/or output component notwithstanding the software application having registered permissions to access the input and/or output component.Type: ApplicationFiled: July 8, 2015Publication date: January 12, 2017Inventors: Ahmad Arash Obaidi, Eric W. Yocam
-
Publication number: 20170012982Abstract: In general, the subject matter described in this disclosure can be embodied in methods, systems, and program products for identifying that an application program does not have permission to access a first type of data that is provided by a first application program. A computing system identifies that a second application program has permission to access the first type of data. The second application program provides a second type of data and is able to modify the second type of data to include the first type of data. The computing system identifies that the application program has permission to access the second type of data. The computing system determines that the second type of data includes the first type of data. The computing system performs an action to prevent the first type of data from being provided from the second application program to the application program without user authorization.Type: ApplicationFiled: July 10, 2015Publication date: January 12, 2017Inventor: Bernadette Alexia Carter
-
Publication number: 20170012983Abstract: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.Type: ApplicationFiled: April 14, 2016Publication date: January 12, 2017Inventors: Ned M. SMITH, Conor P. Cahill, Jason Martin, Abhilasha Bhargav-Spantzel, Sanjay Bakshi
-
Publication number: 20170012984Abstract: A method and apparatus for controlling access to documents retained by a document management and collaboration system is disclosed. The document management and collaboration system may generate one or more suggested privileges associated with one or more users. An access control policy may specify whether system-generated user privileges may be enforced. If they are enforced, access to one or more document may be made subject to the generated privileges.Type: ApplicationFiled: September 19, 2016Publication date: January 12, 2017Inventors: Wei Lien Stephen Dang, Cynthia Zhang Taylor, Arun Ponniah Sethuramalingam, Catherine Emily Harrell, Sharad Kala, Liangliang Wang, Kevin Gillett, Nandhini Nandiwada Santhanam, Nagesh Pradhan Cadabam, Noah Anthony Eisner, Stephen Joseph Oakley, Himanshu Khurana
-
Publication number: 20170012985Abstract: A user generates a message by adding a recipient in order to send the message to the recipient. The message has a link to an attached object which is automatically detected and it is determined whether the recipient has rights to the object. If not, the recipient's rights are automatically modified so that the recipient has rights to the object, and the user is notified of the modified permissions.Type: ApplicationFiled: September 20, 2016Publication date: January 12, 2017Inventors: David L. Meyers, David P. Limont, Kenneth Fern, Michael B. Palmer, Betsy Y. McIntyre, Mirela D.S. Correa
-
Publication number: 20170012986Abstract: As disclosed herein a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The method further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system. A computer system, and a computer program product corresponding to the above method are also disclosed herein.Type: ApplicationFiled: January 29, 2016Publication date: January 12, 2017Inventors: Kevin D. Himberger, Jake Palmer, Benjamin M. Parees
-
Publication number: 20170012987Abstract: Systems and methods for group-sourced contacts directories are presented. A first member of a shared contacts directory can add contact information of a second user to the directory. Upon addition of the contact information of the second user, the contacts directory discovery system automatically sends a notification to the second user and provides the second user editing rights to the contact information of the directory. Changes made in the directory is automatically synchronized to the across the user devices associated with the members of the directory.Type: ApplicationFiled: March 9, 2015Publication date: January 12, 2017Inventor: Vishal Gupta
-
Publication number: 20170012988Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.Type: ApplicationFiled: July 7, 2016Publication date: January 12, 2017Inventors: Avi Turgeman, Yaron Lehmann, Yaron Azizi, Itai Novick
-
Publication number: 20170012989Abstract: A method for enrolling a user of a vehicle to a first server, wherein the vehicle includes a system having at least a user interface. The method provides a wireless connection between the vehicle and the first server; sends user data to the first server in response to user actuation on the user interface; and receives at the user interface an enrollment confirmation from the first server.Type: ApplicationFiled: July 7, 2016Publication date: January 12, 2017Inventors: Stephan RITTER, Sarah BOROSKE, Lena FROMHAGE, Stefan WINGER
-
Publication number: 20170012990Abstract: As disclosed herein a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The method further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system. A computer system, and a computer program product corresponding to the above method are also disclosed herein.Type: ApplicationFiled: July 8, 2015Publication date: January 12, 2017Inventors: Kevin D. Himberger, Jake Palmer, Benjamin M. Parees
-
Publication number: 20170012991Abstract: A method implemented using a server includes receiving a credential to access one or more transmitters from a user equipment (UE). The method also includes transmitting a signal to the UE granting access to the one or more transmitters as a function of the credential. The method further includes receiving a command from the UE to access one or more parameters associated with the one or more transmitters. In addition, the method includes communicating to the UE one or more parameter outputs as a function of the command.Type: ApplicationFiled: July 8, 2015Publication date: January 12, 2017Inventors: Sumanth Gogada, Manish Mahaling Kumbhar
-
Publication number: 20170012992Abstract: A system includes least one processor in communication with a memory storing instructions, the at least one processor to receive an authentication request comprising authentication information from a user requesting access to a computing device connected to a communications network, determine a type of authentication request sent by the user, transmit the authentication request to an appropriate authentication server responsive to the type of authentication request, receive an authentication response from the appropriate authentication server, determine a permission level for the user requesting access to the computing device and attach the permission level to the authentication response, and transmit the authentication response to the user requesting access to the computing device.Type: ApplicationFiled: November 21, 2015Publication date: January 12, 2017Inventors: Brad Bernay Doctor, Nathaniel David Jamiel, Taylor David Fraley, John Grayson Fable
-
Publication number: 20170012993Abstract: Managing document annotations in a publish/subscribe system is described. A publishing system creates annotations of a document that include references to where the annotations are to be displayed; stores the annotations separately from the document; names an annotation set using tags; sets roles and permissions for use of the annotation set, including access permissions based on a time and/or location constraint of a subscribing user; and publishes the annotation set to a publish/subscribe broker for access by the subscribing users. A subscribing system subscribes a user to annotations of a document, wherein each annotation is separate from the document and includes reference to where the annotations are to be displayed. The subscribing system also defines a role of the subscribing user, wherein use permissions of the annotations by the subscribing user are controlled based on the role, including time and/or location constraints of the subscribing user.Type: ApplicationFiled: May 2, 2016Publication date: January 12, 2017Inventor: Hanson Lieu
-
Publication number: 20170012994Abstract: A method is provided for the authentication of an electronic device using an authenticated wearable device. The method includes wirelessly connecting a wearable device and an electronic device. The method also includes detecting a movement on a touchscreen of the electronic device. The method also includes detecting a movement of the wearable device. The method also includes comparing the movement on the touchscreen and the movement of the wearable device.Type: ApplicationFiled: July 7, 2015Publication date: January 12, 2017Inventors: Sungkyu Choi, Sejin Choi
-
Publication number: 20170012995Abstract: A security system is disclosed. The security system includes a secure zone, user access to which is restricted, a first gateway encrypted using a first encryption algorithm, and a second gateway encrypted using a second encryption algorithm. The first gateway is configured to restrict access to the second gateway, and the second gateway is accessible via the first gateway with a first key. The second gateway is configured to restrict access to the secure zone, and the secure zone is accessible via the second gateway with a second key. The first encryption algorithm is different from the second encryption algorithm.Type: ApplicationFiled: October 15, 2015Publication date: January 12, 2017Applicant: AIRBUS GROUP LIMITEDInventor: Kevin Jones
-
Publication number: 20170012996Abstract: An invention relates to method and apparatus of a location assurance system and particularly, although not exclusively, the present invention also relates to method and apparatus for assuring location data integrity with minimum location disclosure. The present invention also relates to method and apparatus for assuring location data integrity with minimum location disclosure with protocols to authenticate both spatial and spatio-temporal predicates.Type: ApplicationFiled: October 26, 2015Publication date: January 12, 2017Inventors: Haibo Hu, Qian Chen, Jianliang Xu
-
Publication number: 20170012997Abstract: A method and an apparatus for detecting a man-in-the-middle attack, where the method includes receiving, by a macro evolved Node B (MeNB), a first check request message sent by a secondary evolved Node B (SeNB), where the first check request message includes first identifier information and a first data packet count value, generating a second check request message according to the first identifier information, sending the second check request message to a user terminal, receiving a first check response message generated by the user terminal according to the second check request message, where the first check response message includes second identifier information and a second data packet count value, determining, by the MeNB, that the man-in-the-middle attack exists between the SeNB and the user terminal when the first data packet count value is different from the second data packet count value.Type: ApplicationFiled: September 20, 2016Publication date: January 12, 2017Inventors: Rong Wu, Chengdong He, Lu Gan
-
Publication number: 20170012998Abstract: Embodiments of the invention are directed to systems, methods and computer program products for automated collection of user-specified forensic data from a target computer associated with a case. In particular, embodiments herein disclosed provide for a system that is configured to provide a user interface to allow a user to select a target computer within a network, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer. The system is also configured to create a subfolder in a folder linked to the case and one or more files in the subfolder for storing the user-specified data; connect the computer apparatus to the target computer; and collect the specified data and save the collected data to the files.Type: ApplicationFiled: July 6, 2015Publication date: January 12, 2017Inventors: Thomas Thornbury, Mark Allen Brock, John Daron Redmon, Jeffrey Wayne Texada
-
Publication number: 20170012999Abstract: A system and method of external link processing is disclosed. The system includes an interface configured to receive a user request to access an encoded external link in networked content. The encoded external link comprises a domain name of an external link server and an encoded portion which is an encoded result of an original external link encoded with an encoding function, wherein the original external link is an address to an external destination. One or more processors determine a safety level of the encoded external link using a criterion. In the event that the determined safety level of the encoded external link is determined unsafe, a warning message is generated indicating that the original external link is unsafe and the user is prevented from directly navigating to the original external link.Type: ApplicationFiled: July 22, 2016Publication date: January 12, 2017Inventors: Jiawei Liu, Jinhua Wang, Chenming Hua
-
Publication number: 20170013000Abstract: A malicious encrypted traffic detector connected to a computer network method for identifying malicious encrypted network traffic communicated via a computer network, the method comprising: a storage storing a plurality of network traffic window definitions, each window defining a different subset of network traffic for a network connection; an analyzer adapted to identify characteristics of a network connection to determine a protocol of a network connection; a network traffic recorder adapted to record a subset of network traffic corresponding to a window of network traffic; an entropy estimator adapted to evaluate an estimated measure of entropy for a portion of network traffic of a network connection recorded by the network traffic recorder; and a window selector adapted to identify and store a window as a portion of a network connection for which an estimated measure of entropy is most similar for a plurality of network connections, the identified window being stored in association with an identifier ofType: ApplicationFiled: February 16, 2015Publication date: January 12, 2017Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, George KALLOS, Ben AZVINE
-
Publication number: 20170013001Abstract: A method and system for processing network metadata is described. Network metadata may be processed by dynamically instantiated executable software modules which make policy-based decisions about the character of the network metadata and about presentation of the network metadata to consumers of the information carried by the network metadata. The network metadata may be type classified and each subclass within a type may be mapped to a definition by a unique fingerprint value. The fingerprint value may be used for matching the network metadata subclasses against relevant policies and transformation rules. For template-based network metadata such as NetFlow v9, an embodiment of the invention can constantly monitor network traffic for unknown templates, capture template definitions, and informs administrators about templates for which custom policies and conversion rules do not exist.Type: ApplicationFiled: July 9, 2016Publication date: January 12, 2017Inventors: William G. Friedman, Alexander Velednitsky
-
Publication number: 20170013002Abstract: A device may obtain information regarding a security situation of a set of computing resources associated with a cloud-based platform. The information may be related to an ongoing security threat or a potential security threat. The information may be obtained utilizing one or more internet security resources. The device may determine a threat assessment level, of a set of threat assessment levels, for the security situation based on the information regarding the security situation. The information regarding the security situation may satisfy a set of threshold criteria for the threat assessment level. The device may perform one or more response actions associated with the threat assessment level based on the security situation. The one or more response actions may include providing an alert notification regarding the security situation that identifies the threat assessment level.Type: ApplicationFiled: August 15, 2016Publication date: January 12, 2017Inventor: John STEVENSON
-
Publication number: 20170013003Abstract: In one example implementation, a log analysis system can comprise an activity engine to monitor user activity of a computer system, a baseline engine to generate an expected baseline of a log, and an abnormality engine to compare the log to the expected baseline to identify an abnormality, compare the abnormality to a user activity volume based on a correlation between the user activity volume and the log activity, and classify the log.Type: ApplicationFiled: December 14, 2013Publication date: January 12, 2017Inventors: Eran SAMUNI, Daniel ADRIAN, Yohay GOLAN
-
Publication number: 20170013004Abstract: A device for detecting a command and control channel includes: a session log collector for collecting log information of sessions generated between at least one communication device of the first network and at least one communication device of the second network; an analyzer for generating test data for respective sessions based on the log information, and calculating a test data distribution based on test data of the sessions; and a determiner for extracting a test data value corresponding to an abnormal distribution from the test data distribution based on an abnormal distribution determination standard, and estimating sessions relating to the extracted test data value as a command and control channel.Type: ApplicationFiled: February 26, 2014Publication date: January 12, 2017Inventor: Hyukjoon KIM
-
Publication number: 20170013005Abstract: A system and method for providing security to a network may include monitoring, by a processor, traffic on a first and second network portions of an in-vehicle communication network; determining whether or not a first message detected on the first network portion is anomalous based on at least one of: an attribute of a second message detected on the second network portion and an absence of a second message from the second network portion over a predefined time period; and, if it is determined the first message is anomalous then performing at least one action.Type: ApplicationFiled: September 22, 2016Publication date: January 12, 2017Inventors: Yaron GALULA, Ofer BEN-NOON, Ofer KAPOTA, Alexei KOVELMAN
-
Publication number: 20170013006Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol includes determining whether or not content of a predetermined field in a transmitted frame meets a predetermined condition indicating fraud, transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the frame meets the predetermined condition, recording a number of times the error frame is transmitted, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted, and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count.Type: ApplicationFiled: September 26, 2016Publication date: January 12, 2017Inventors: YOSHIHIRO UJIIE, HIDEKI MATSUSHIMA, TOMOYUKI HAGA, MANABU MAEDA, YUJI UNAGAMI, TAKESHI KISHIKAWA
-
Publication number: 20170013007Abstract: A system for monitoring devices in a network comprising a coordinator operating on a first processor and configured to detect a plurality of active devices and to install an audit agent on each of the plurality of active devices. The audit agents configured to obtain configuration data for the active device that they are installed on using a processor of the active device, and to obtain configuration for each of a plurality of passive devices that the active device can access, where the passive devices are unable to support installation of an audit agent, and to transmit the configuration data to the coordinator. The coordinator configured to receive the configuration data for the active device and for the passive devices and to store the configuration data in a format that allows the configuration data to be selectively retrieved for the active device and the passive devices.Type: ApplicationFiled: July 10, 2015Publication date: January 12, 2017Inventor: Jake Seigel
-
Publication number: 20170013008Abstract: A system and method of security assessment of a network is described. The system may include one or more security assessment computers controlled by a security assessor, and connected to a network, and first executable program code for acting as an agent on a first end device on the network. The first executable program code is configured to be executed by a browser application of the first end device, and is configured to initiate a simulation by requesting information from at least a first security assessment computer of the one or more security assessment computers.Type: ApplicationFiled: August 27, 2015Publication date: January 12, 2017Inventors: Marcus J. Carey, Gaige B. Paulsen