Management Patents (Class 726/6)
  • Publication number: 20090024692
    Abstract: A system and method are presented in which a plurality of transport protocol objects (TPOs) are instantiated at an IM user agent. In one embodiment, each of the plurality of TPOs is adapted to provide a translation between a first IM protocol and a different IM protocol.
    Type: Application
    Filed: September 19, 2008
    Publication date: January 22, 2009
    Inventors: William Todd Daniell, Lee G. Friedman, Larry Graham Kent, JR., Joel A. David, Brian Keith Daigle
  • Patent number: 7480932
    Abstract: An entry of authentication information is accepted. The accepted authentication information and previously set authentication information are compared. Furthermore, according to the result of the comparison between the accepted authentication information and the previously set authentication information, an degree of error between the accepted authentication information and the previously set authentication information is decided. According to the decided degree of error, it is decided how many times the authentication information can be re-entry.
    Type: Grant
    Filed: February 25, 2005
    Date of Patent: January 20, 2009
    Assignee: Fujitsu Limited
    Inventor: Makiko Nakao
  • Patent number: 7480934
    Abstract: In electronic commerce (e-commerce) sites that are executed on a single e-commerce application, a user's session is only associated with a single user identity for e-commerce site domain. Acting under a single identity across the site may not be desired. There may be requirements to associate an individual user with one or more separate identities within parts of the site. Aspects of the invention provide a method, system and computer program product for managing multiple user identities for a user of an electronic commerce (e-commerce) site.
    Type: Grant
    Filed: December 3, 2003
    Date of Patent: January 20, 2009
    Assignee: International Business Machines Corporation
    Inventors: Victor S. Chan, Darshanand Khusial, Lev Mirlas
  • Publication number: 20090019534
    Abstract: A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.
    Type: Application
    Filed: September 11, 2008
    Publication date: January 15, 2009
    Inventors: Bikram S. Bakshi, David W. Helms, Anthony C. Rochon, Trevor J. Walker
  • Publication number: 20090013391
    Abstract: A system and a method is disclosed for securely identifying human and non-human actors. A computer implemented system and a method is also disclosed for securely identifying human and non-human actors.
    Type: Application
    Filed: June 13, 2008
    Publication date: January 8, 2009
    Inventor: Johannes Ernst
  • Publication number: 20090013030
    Abstract: A system and method for providing connectivity to a closed, secure production network, and computer program products for executing the same and, more particularly, to a system and method for creating a virtual network to provide communication with remote tools. The system includes a server configured to create a virtual network for tools in a production facility and provide authentication and tool routing information to a client in order to gain access to the tools in the virtual network. The virtual network isolates each tool of the tools from each other.
    Type: Application
    Filed: July 3, 2007
    Publication date: January 8, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Ziyad A. Choudhury
  • Publication number: 20090013390
    Abstract: A two-varying-password generator having two varying passwords of different digit lengths and different time intervals is disclosed. A two-varying-password generator has a printed circuit board where a processor is soldered onto, a battery, a display window and an on/off key and code key. The processor is loaded with two predetermined programs that can produce two passwords (or more than two passwords) of different digit length and different time interval. When on/off key is pressed, the processor is activated and produces two passwords of the current time using the two predetermined programs loaded in the processor. The two passwords are the functions of time, which are defined by two predetermined programs respectively. Meanwhile, the host computer also stores these two programs in the customer's account. As the clocks of both two-varying-password generator and host computer work in synchronously, both of them can produce two identical passwords of the same moment.
    Type: Application
    Filed: July 6, 2007
    Publication date: January 8, 2009
    Inventor: Gong Ling LI
  • Patent number: 7475248
    Abstract: A secure messaging system and method. The method can include the steps of receiving an encrypted message, the message having been encrypted using a token of a corresponding pervasive device; wirelessly verifying the presence of the pervasive device; and, if the presence can be verified, decrypting the message using the token. The verification step can include the steps of establishing a wireless link with the pervasive device; and, querying the pervasive device over the wireless link. In particular, the establishing step can include the step of establishing a Bluetooth link with the pervasive device. Furthermore, the querying step can include the step of requesting geographic coordinates which locate the pervasive device.
    Type: Grant
    Filed: April 29, 2002
    Date of Patent: January 6, 2009
    Assignee: International Business Machines Corporation
    Inventors: William G. Barrus, Cary L. Bates, Robert J. Crenshaw, Paul R. Day
  • Patent number: 7475239
    Abstract: A pluggable trust adapter architecture that accommodates a plurality of interceptors is provided. Each interceptor is adapted to perform security processing of communications having a specific protocol. Specifically, when a communication is received, it will be routed from a channel router to a specific interceptor based on the protocol of the communication. The interceptor will then “security” process the communication (e.g., extract data, perform verification, etc.). Once the interceptor has processed the communication, the extracted data and the communication itself will be passed to an authorization system for authorization.
    Type: Grant
    Filed: September 20, 2002
    Date of Patent: January 6, 2009
    Assignee: International Business Machines Corporation
    Inventors: Carroll Eugene Fulkerson, Jr., Anthony Joseph Nadalin, Nataraj Nagaratnam
  • Publication number: 20090007247
    Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.
    Type: Application
    Filed: June 28, 2007
    Publication date: January 1, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra N. Pandya, Charles W. Kaufman
  • Publication number: 20090006840
    Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. The identity-based communications layer is situated between a network layer and an application layer and transmits a message between two devices identified by a global address. The global address specifies a protocol, a network, and an address meaningful for the combination of the protocol and the network.
    Type: Application
    Filed: February 25, 2003
    Publication date: January 1, 2009
    Inventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
  • Publication number: 20090006620
    Abstract: A method for securing a commercial grid network over non-trusted routes involves receiving, by an administrative node in the commercial grid network, a lease request from a client to lease one of multiple resource nodes in the commercial grid network, wherein the client is separated from the resource node by a non-trusted route. The method further involves transmitting, by the administrative node, a network security key associated with the client to the resource node, storing, by the resource node, the network security key in a network security key repository specific to the resource node, establishing, by the resource node, a secure network tunnel over the non-trusted route using the network security key, transmitting a network packet securely between the client and the resource node over the secure network tunnel, and destroying, by the resource node, the secure network tunnel when a lease term associated with the client and the resource node expires.
    Type: Application
    Filed: June 28, 2007
    Publication date: January 1, 2009
    Applicant: Sun Microsystems, Inc.
    Inventors: Kais Belgaied, Darrin P. Johnson
  • Publication number: 20090007246
    Abstract: A method and wireless device select a set of secure network connections (230) between a wireless device (108) in a wireless communication system and a target destination system (238). A first security assessment (708) associated with each of a plurality of base station connections associated with respective each of a plurality of base stations (116) available for wireless communications with the wireless device (108) is performed. A second security assessment (716) associated with each of a plurality of subsequent network connections available between the plurality of base stations (116) and a target destination system (238) is performed. A set of base station connections from the plurality of base station connections are prioritized according to predetermined security criteria associated with the wireless device (108).
    Type: Application
    Filed: June 28, 2007
    Publication date: January 1, 2009
    Applicant: MOTOROLA, INC.
    Inventors: Gerald J. Gutowski, Stanley J. Benes
  • Patent number: 7472425
    Abstract: A service provider makes requests to an information processing center for processing for an IC card in card command units. The information processing center issues encrypted card commands that can be interpreted by the IC card itself based on requests received from the service provider and sends these to the IC card via the computer network, client, and card reader/writer device. This enables an IC card connected to a client to be accessed using secure communication.
    Type: Grant
    Filed: April 4, 2003
    Date of Patent: December 30, 2008
    Assignee: Sony Corporation
    Inventors: Mitsushige Suzuki, Junichi Sato, Takashi Matsuo
  • Patent number: 7472412
    Abstract: A policy engine generates configlets that are vendor-neutral, vendor-specific or both, based on a selected target level and a selected device/device group. A translator translates and combines the configlets to form vendor-dependent configuration files. The policy engine generates the configlets using policies associated with the selected target level and its sub-target levels, as defined by a target level hierarchy. A policy includes at least a condition, and an action which the policy engine performs if the condition is true. In performing the action, the policy engine typically writes to at least a partial configlet. A policy may further include a verification clause, which is used to verify a running configuration. Policy dependencies may also be defined such that where a second policy is dependent on a first policy, the second policy must be evaluated after the first policy. This is necessary, where, for example, the first policy generates and stores a value to be used by the second policy.
    Type: Grant
    Filed: May 30, 2006
    Date of Patent: December 30, 2008
    Inventors: Jonathan S. Wolf, Arthur B. Mellor, Wayne F. Tackabury, Christopher B. Anderson, Robin M. Whitworth, Michael D. Haag, Brian A. Del Vecchio
  • Publication number: 20080320569
    Abstract: An embodiment relates generally to receiving a plurality of security certificates for each user of a plurality of users and generating a random renewal period for a selected security certificate. The method also includes associating the random renewal period to the selected security certificate and providing the selected security certificate with the random renewal period to the respective user of the plurality of users.
    Type: Application
    Filed: June 20, 2007
    Publication date: December 25, 2008
    Inventor: Steven William PARKINSON
  • Publication number: 20080320570
    Abstract: According to one embodiment, an information processing apparatus includes a wireless communication unit which receives and transmits a voice call wireless signal with a base station, an acceptance unit which accepts instructions related to a privacy protection operation using the voice call wireless signal received by the wireless communication unit, and a control unit which controls the privacy protection operation in accordance with the instructions accepted by the acceptance unit.
    Type: Application
    Filed: June 20, 2008
    Publication date: December 25, 2008
    Applicant: KABUSHIKI KAISHA TOSHIBA
    Inventor: Shinsuke Yato
  • Publication number: 20080320571
    Abstract: A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.
    Type: Application
    Filed: June 25, 2008
    Publication date: December 25, 2008
    Inventors: Thomas W. Connell, II, Thomas W. Connell, SR., Jason P. St. Amand
  • Publication number: 20080320573
    Abstract: For users to access network services such as video streaming from a device, users usually have to register themselves with the service first. Most registration mechanisms require a user to input a username, password, date of birth and other details. When implemented through a web interface, this mechanism is relatively easy for the service provider to provision. However, the problem is that users are required to manually enter significant amounts of information which can be both time consuming, especially on a mobile device where there usually no QWERTY input device, and susceptible to unintentional errors. The present invention proposes an automated registration process that does not require a user to enter any details manually except for the initial request to subscribe to a service. The process gathers information automatically about the user and the device used, which is then stored and used for user authentication during subsequent service requests following the initial subscription request.
    Type: Application
    Filed: January 11, 2007
    Publication date: December 25, 2008
    Inventors: Rory S Turnbull, Stephen M Thompson
  • Publication number: 20080319902
    Abstract: A method and apparatus for facilitating a secure transaction via a computer network. It is known for fraudsters to carry out “man-in-the-middle” attacks utilizing malicious software which diverts communications or corrupts communication between users and a financial institution computer, in order for the fraudster to modify the transaction. A secure object is generated which includes a security identifier and a transaction identifier. In an embodiment, the secure object is an image, and the secure identifier can not be detected by the man-in-the-middle computer. The transaction only proceeds when user enters the secure identifier.
    Type: Application
    Filed: November 17, 2006
    Publication date: December 25, 2008
    Inventors: Mark Mervyn Chazan, Alexander Grinberg, Michael Kontorovich, Colin Reyburn
  • Publication number: 20080320572
    Abstract: A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.
    Type: Application
    Filed: June 25, 2008
    Publication date: December 25, 2008
    Inventors: Thomas W. Connell, II, Thomas W. Connell, SR., Jason P. St. Amand
  • Publication number: 20080313721
    Abstract: A method of controlling access to an interaction context of a multi-user application includes receiving and tracking over time login requests pertaining to one of a plurality of user accounts of a virtual application instance of the multi-user application, each login request including a login password and each user account including a user password. A login request for the user account is rejected when the login password fails to match the user password of the user account. Access to the user account is denied when a consecutive number of times a login request for the user account is rejected reaches a selected limit. The user is prompted to change the user password of the user account and given limited access to the user account to do so when the user password is a permanent password and a cumulative number of rejected login requests for the user account reaches a selected threshold.
    Type: Application
    Filed: June 12, 2008
    Publication date: December 18, 2008
    Inventor: Francisco Corella
  • Publication number: 20080313720
    Abstract: An identification verification device includes an input operable to receive an identification verification query relayed by an account hosting entity. The identification verification query includes a temporary code received from a user. A comparator is coupled to the input and is operable to compare the received temporary code with a verification code. An output transmits to the account hosting entity one of an authorized and a not authorized response that is based upon the comparison.
    Type: Application
    Filed: June 18, 2007
    Publication date: December 18, 2008
    Inventor: Adam Boalt
  • Patent number: 7466826
    Abstract: To transmit digital data representing a content from a source to a receiver through a digital communication channel, the data being scrambled by at least one control word, the method includes the following steps. The source generates an encryption key which it stores temporarily. It encrypts the control word with the encryption key and transmits to the receiver the scrambled digital data and the encrypted control word, the latter being transmitted through an encrypted communication channel. The receiver then performs an operation of authentication of the source. When the source is authenticated by the receiver, it transmits the encryption key to it. The receiver then decrypts the control word and descrambles the data so as to present them to a user. The encryption key is then erased from the memories of the source and the receiver when the content has been entirely transmitted.
    Type: Grant
    Filed: December 4, 2001
    Date of Patent: December 16, 2008
    Assignee: Thomson Licensing
    Inventors: Jean Pierre Andreaux, Sylvain Chevreau, Eric Diehl
  • Patent number: 7467213
    Abstract: In a portable device connectable to a network system, an access right information acquisition unit acquires access right information of a computer resource assigned to a user temporarily registered to the network system from a computer which manages the computer resource in the network system. An access right information preservation unit preserves the access right information acquired by the access right information acquisition unit. A network access unit accesses the network system using the access right information preserved in the access right information preservation unit.
    Type: Grant
    Filed: May 10, 2007
    Date of Patent: December 16, 2008
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Toshiya Takahashi, Tetsuro Kimura, Tetsuro Muranaga
  • Patent number: 7467403
    Abstract: A technique of allowing entry of the password which is not 100% correct. This password would be used to verify identity and/or login information in low security techniques. The password is scored relative to the correct password. The scoring can take into effect least mean squares differences, and other information such as letter groups, thereby detecting missed characters or extra characters, as well as shift on the keyboard.
    Type: Grant
    Filed: January 10, 2005
    Date of Patent: December 16, 2008
    Inventor: Scott C. Harris
  • Patent number: 7467201
    Abstract: A method for providing status information to a device attached to an information technology infrastructure utilizing a device monitoring application resident at the device is disclosed. The device monitoring application utilizes signature data to monitor data associated with a device and selectively provide messages based on a correspondence between signature data and data associated with the device. A message signature is incorporated within the signature data. The data associated with the device is monitored by utilizing the device monitoring application so as to detect a presence of the message signature in the monitored data. A status message is provided by utilizing the device monitoring application if the presence of the message signature is detected in the monitored data. The signature data includes computer virus signatures and the message signature is not related to a computer virus.
    Type: Grant
    Filed: August 22, 2003
    Date of Patent: December 16, 2008
    Assignee: International Business Machines Corporation
    Inventors: Steven Lingafelt, Gerald Marko
  • Publication number: 20080307512
    Abstract: This patent describes a method for the Sellers of Real Estate to annotate, personalize and highlight the surroundings of their property-for-sale using graphical icons on a digital map. Potential buyers can view surroundings of Real Estate properties that are so annotated. This method describes a web-based, secure and personalized conduit that is established between the seller and all potential buyers. Also described is the method in which sellers can customize the process of annotating their property so that every subsequent annotation takes less time than the last.
    Type: Application
    Filed: May 20, 2008
    Publication date: December 11, 2008
    Inventor: Pankaj Tandon
  • Patent number: 7464400
    Abstract: A computer implemented web based access control facility for a distributed environment, which allows users to request for access, take the request through appropriate approval work flow and finally make it available to the users and applications. This program also performs an automatic task of verifying the health of data, access control data as well as the entitlements, to avoid malicious user access. The system also provides an active interface to setup a backup, to delegate the duty in absence. Thus this system provides a comprehensive facility to grant, re-certify and control the entitlements and users in a distributed environment.
    Type: Grant
    Filed: April 24, 2003
    Date of Patent: December 9, 2008
    Assignee: International Business Machines Corporation
    Inventors: Rahul Jindani, Vinod Kannoth, Deepak Kanwar, Rinku Kanwar, Jay Krishnamurthy, Gregory L. McKee, Sandeep Mehta, Penny J. Peachey-Kountz, Ravi K. Ravipati
  • Patent number: 7464401
    Abstract: A system for securing an access to a predetermined area of a target server uses a copy protected record carrier comprising an information file, which comprises a project identifier and/or an address of an authentification server with which an application using said information file can communicate so that the authentification server can initiate and confirm a connection between a computer on which said application is started and said predetermined area of said target server that is identified by the authentification server and/or the project identifier.
    Type: Grant
    Filed: January 16, 2004
    Date of Patent: December 9, 2008
    Assignee: Sony DADC Austria AG
    Inventors: Gerfried Ranner, Reinhard Blaukovitsch, Michael Kurz
  • Patent number: 7464399
    Abstract: In a portable device connectable to a network system, an access right information acquisition unit acquires access right information of a computer resource assigned to a user temporarily registered to the network system from a computer which manages the computer resource in the network system. An access right information preservation unit preserves the access right information acquired by the access right information acquisition unit. A network access unit accesses the network system using the access right information preserved in the access right information preservation unit.
    Type: Grant
    Filed: May 10, 2007
    Date of Patent: December 9, 2008
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Toshiya Takahashi, Tetsuro Kimura, Tetsuro Muranaga
  • Publication number: 20080301790
    Abstract: A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by a network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol—Transport Layer Security (EAP-TLS) and subsequent re-authentications may use Wi-Fi Protected Access (WPA).
    Type: Application
    Filed: August 12, 2008
    Publication date: December 4, 2008
    Inventors: David E. Halasz, Glen W. Zorn
  • Publication number: 20080301789
    Abstract: The method and system of the present invention provides a central location, such as the United States Postal Service® (USPS), a product that will advance them into the world of internet business and will in turn offer the opportunity for new sources of revenue. The method and system of the present invention has the facilities to verify a person's and/or businesses identity. The verification process can be done in the same manner as money order, check cashing and real P.O. boxes, which are currently limited to availability in the post office. If the user is verified at the central location, the user's e-mail address, domains, ISP, WSP, and Web Sites can be globally registered at one or more e-mail servers or service providers that participate with the verification. The e-mail server or service providers can attach a symbol of the identity verification on all e-mail sent by the e-mail server or service provider from the verified customer.
    Type: Application
    Filed: May 30, 2008
    Publication date: December 4, 2008
    Inventor: Frederick D. Foster
  • Publication number: 20080301788
    Abstract: The present invention relates to using authorization information provided by an asserting agent to control identity-related interactions between a receiving agent and an identity agent, which acts on behalf of the asserting agent. The authorization information may be provided to the identity agent directly or through the receiving agent. When the asserting agent is asserting the identity of an associated entity to the receiving agent, the asserting agent delivers assertion information, which may but need not include the authorization information, to the receiving agent. The assertion information includes claim information that includes actual claims or identifies available claims. Upon receiving the assertion information, the receiving agent may interact with the identity agent. The identity agent will use the authorization information to control claim-related interactions with the receiving agent.
    Type: Application
    Filed: December 20, 2007
    Publication date: December 4, 2008
    Applicant: Nortel Networks Limited
    Inventor: John H. Yoakum
  • Patent number: 7461398
    Abstract: A method of managing security parameters for a communications session includes dynamically assigning security parameters during the communications session responsive to changing aspects of the communications session to provide a variable degree of security for the session. Related systems and computer program products are also discussed.
    Type: Grant
    Filed: October 21, 2004
    Date of Patent: December 2, 2008
    Assignee: AT&T Intellectual Property I, L.P., by transfer of ownership from AT&T Delaware Intellectual Property, Inc.
    Inventor: Jeffrey A. Aaron
  • Patent number: 7461397
    Abstract: Methods and apparatuses for customized electronic messaging are described. In one embodiment, a customized email address is dynamically generated based at least in part upon a custom address profile so as to be particularized to the recipient. An email message addressed to the recipient using the customized email address is received from a sending party, and a disposition for the email message is determined based upon either the custom address profile and/or the customized email address.
    Type: Grant
    Filed: January 5, 2004
    Date of Patent: December 2, 2008
    Assignee: Kryptiq Corporation
    Inventors: Murali M. Karamchedu, Jeffrey B. Sponaugle
  • Patent number: 7461257
    Abstract: A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.
    Type: Grant
    Filed: September 21, 2004
    Date of Patent: December 2, 2008
    Assignee: Proofpoint, Inc.
    Inventors: Terry M. Olkin, Jeffrey C. Olkin, Jahanshah Moreh
  • Publication number: 20080295159
    Abstract: A method of authenticating a user's data processing terminal for granting the data processing terminal access to selected services provided by a data processing system. The method includes performing a first, SIM-based authentication of the user's data processing terminal at an authentication data processing server in the data processing system, by operatively associating with the user's data processing terminal a first subscriber identity module issued to the data processing terminal user, for example, of a type adopted in mobile communication networks for authenticating mobile communication terminals. The authentication of the user's data processing terminal in the data processing system is conditioned to a second authentication, based on identification information provided to the user at a mobile communication terminal through a mobile communication network to which the mobile communication terminal is connected, e.g. in the form of an SMS message.
    Type: Application
    Filed: November 7, 2003
    Publication date: November 27, 2008
    Inventor: Mauro Sentinelli
  • Patent number: 7458098
    Abstract: The present invention is directed to systems and methods for enhancing electronic communication security. An electronic communication related to an application is received and stored. One or more risk assessments are made with respect to the received communication thereby generating a risk profile associated with the communication. The risk profile is analyzed with respect to data associated with previously received communications to determine if the received communication is anomalous. If the received communication is determined to be anomalous, an anomaly indicator signal is output.
    Type: Grant
    Filed: March 8, 2002
    Date of Patent: November 25, 2008
    Assignee: Secure Computing Corporation
    Inventors: Paul Judge, Guru Rajan
  • Patent number: 7458096
    Abstract: An access system provides identity management and/or access management services for a network. An application program interface for the access system enables an application without a web agent front end to read and use contents of an existing encrypted cookie to bypass authentication and proceed to authorization. A web agent is a component (usually software, but can be hardware or a combination of hardware and software) that plugs into (or otherwise integrates with) a web server (or equivalent) in order to participate in providing access services.
    Type: Grant
    Filed: October 27, 2006
    Date of Patent: November 25, 2008
    Assignee: Oracle International Corpration
    Inventors: Charles W. Knouse, Minoo Gupta
  • Patent number: 7457958
    Abstract: A system (50, 150) for assisting a user (14) to determine whether an email (18) comes from a purported originator (16). A computerized system having a display unit is provided. Logic (54) in the computerized system determines whether the email (18) includes an authenticity mark (52) including an originator identifier (102) and encrypted data (104). Logic (54) in the computerized system then decrypts the encrypted data (104) into decrypted data (108-14), based on the originator identifier (102). Logic (54) in the computerized system then presents to the user (14), on the display, whether the email (18) includes the authenticity mark (52), whether the encrypted data (104) decrypts successfully, and information based on the authenticity mark (52) and the decrypted data (108-14).
    Type: Grant
    Filed: September 21, 2004
    Date of Patent: November 25, 2008
    Assignee: Proofprint, Inc.
    Inventors: Terry M. Olkin, Jeffrey C. Olkin, Jahanshah Moreh
  • Patent number: 7454778
    Abstract: The present invention provides for methods, systems, and computer program products for ensuring that sensitive subject matter within electronic messages is not inappropriately transferred between domains with differing security rights. The present invention utilizes the appropriate placement of message transfer agents or servers along with policy documents that include configurable semantics pattern recognition data for identifying deviant messages. Once deviant messages or messages that potentially have sensitive subject matter are identified, the present invention further provides for adaptable actions or remedies for ensuring that the sensitive subject matter is not inappropriately transferred between domains.
    Type: Grant
    Filed: September 30, 2004
    Date of Patent: November 18, 2008
    Assignee: Microsoft Corporation
    Inventors: Malcolm E. Pearson, David R. Reed, Robert G. Atkinson, Steven D. White
  • Publication number: 20080281737
    Abstract: A system for authenticating the identity of a user comprising a user and an authenticating party, where the user enters identifying information to a web page associated with the authenticating party along with details of a communication identifier, the authenticating party generates a unique passkey and sends a communications message including the unique passkey to the user by way of the communication identifier, the user then operable to enter a passkey using an appropriate mechanism provided for at the web page and where the authenticating party authenticates the identity of the user in accordance with the result of a comparison between the passkey entered via the web page and the generated unique passkey. The system can also be performed by entering information and receiving information via a second destination address. Further embodiments describe a system for transferring credit of a mobile phone or SIM card to a new mobile phone on authentication of the identity of a user.
    Type: Application
    Filed: January 28, 2005
    Publication date: November 13, 2008
    Applicant: VERITAS MOBILE SOLUTIONS PTE. LTD.
    Inventor: Alfredo C. Fajardo
  • Publication number: 20080282331
    Abstract: A method and system for authenticating a user in a network includes a network software client of a computing device requesting network software services from a service gateway. A call between a user phone and an IVR phone login system is initiated in response to the user phone and the computing device being within a coverage area of the service gateway. A location of a user uniquely assigned to the computing device is identified within the coverage area. A first information received in the network software services from the computing device is correlated with a second information received from the IVR phone login system. When the first and second information match, access by the computing device to services of the service gateway is allowed.
    Type: Application
    Filed: October 8, 2004
    Publication date: November 13, 2008
    Applicant: ADVANCED NETWORK TECHNOLOGY LABORATORIES PTE LTD
    Inventor: Wee Tuck Teo
  • Publication number: 20080282332
    Abstract: In order to develop a method for carrying out a protected function of an electrical field device in such a manner that a high degree of security against unauthorized accesses to the electrical field device can be ensured irrespective of the nature of the communication link between a user and the electrical field device, an identification device for the electrical field device and a security device are used to check whether a stated protected function of the electrical field device can be carried out, or should be refused. The invention also relates to an appropriately configured electrical field device.
    Type: Application
    Filed: September 29, 2005
    Publication date: November 13, 2008
    Applicant: SIEMENS AKTIENGESELLSCHAFT
    Inventor: Andreas Jurisch
  • Patent number: 7451477
    Abstract: A system and method of authorization comprising associating at least one role with a resource, associating at least one capability with the at least one role, and determining whether to permit a resource operation based on the at least one capability.
    Type: Grant
    Filed: October 24, 2002
    Date of Patent: November 11, 2008
    Assignee: BEA Systems, Inc.
    Inventors: Philip B. Griffin, Manish Devgan, Jason Howes, Scott Dunbar
  • Publication number: 20080276307
    Abstract: IC cards (R11, R12, and R21) are issued respectively to users ?, ?, and ?. An identification code (ID(11)) of a computer (11) supplied to user ? and environment information (ENV(11)) that indicates a normal network environment of the computer (11) are recorded in the IC card (R11) issued to user ?. When in order to use a computer, a user connects his/her IC card, the identification code and the network environment of the computer to be used are compared with the identification code and environment information recorded in the IC card and different access rights are provided in accordance to the degree of matching. The identification code may be a MAC address of a LAN circuit incorporated in the computer, and the environment information may be a default gateway address or the like. Different access rights can thus be set according to the computer or the network environment that is used.
    Type: Application
    Filed: January 20, 2005
    Publication date: November 6, 2008
    Inventors: Syouzou Niwata, Yoshihiro Yano, Takayuki Chikada, Fukio Handa, Kazutoshi Kichikawa
  • Publication number: 20080276308
    Abstract: A method to securely access systems (I, II) of a distributed computer system by entering passwords is described, wherein some systems are accessible by equal, and some systems are accessible by different passwords, comprising the steps of: storing information, which systems (I, II) are accessible by equal, and which are accessible by different passwords, asking to enter a proper password when opening a session by accessing a system (I, II) of said distributed computer system, caching said password, using the stored information to verify, if another system (I, II) to be accessed during the current session is accessible by an equal password like a system (I, II) already accessed during said session, if the result of the verification is true, re-using the adequate cached password, if the result of the verification is false, asking to enter a proper password to access the other system (I, II), and caching said password required to access the other system (I, II) in a way that during the current session, it can
    Type: Application
    Filed: August 17, 2006
    Publication date: November 6, 2008
    Inventors: Thomas Graser, Bernd Jostmeyer, Norbert Lenz, Andreas Schauberer, Wolfgang Schaeberle
  • Patent number: 7448072
    Abstract: A technique for authenticating a user to a server using SIP messages includes forwarding an SIP request from the user agent to the server. The server then forwards a request for authentication to the user agent in response to the invite request, the request for authentication including information that the authentication will be performed using a UMTS AKA mechanism. The user agent then forwards and authentication response to the server in accordance with the UMTS AKA mechanism and the server then performs the appropriate actions to perform an invoked SIP procedure in response to the SIP request. The SIP request may include any standardized SIP request including an SIP INVITE request or an SIP REGISTER request.
    Type: Grant
    Filed: February 17, 2006
    Date of Patent: November 4, 2008
    Assignee: Nokia Corporation
    Inventors: Stefano Faccin, Franck Le, György Wolfner
  • Patent number: 7448067
    Abstract: The invention is a system and method for applying a uniform network security policy. The security policy is described using a computer-readable file. The computer-readable file may be filtered and/or translated into other files that may be used as inputs to security devices. An example of one such security device is a remote system security controller, which is responsible for ensuring that remote devices outside the corporate network enforce the corporate security policy. In addition, the system is capable of updating the security policy of all network components based on feedback received from one or more devices.
    Type: Grant
    Filed: September 30, 2002
    Date of Patent: November 4, 2008
    Assignee: Intel Corporation
    Inventor: Satyendra Yadav