Management Patents (Class 726/6)
-
Publication number: 20090024692Abstract: A system and method are presented in which a plurality of transport protocol objects (TPOs) are instantiated at an IM user agent. In one embodiment, each of the plurality of TPOs is adapted to provide a translation between a first IM protocol and a different IM protocol.Type: ApplicationFiled: September 19, 2008Publication date: January 22, 2009Inventors: William Todd Daniell, Lee G. Friedman, Larry Graham Kent, JR., Joel A. David, Brian Keith Daigle
-
Patent number: 7480932Abstract: An entry of authentication information is accepted. The accepted authentication information and previously set authentication information are compared. Furthermore, according to the result of the comparison between the accepted authentication information and the previously set authentication information, an degree of error between the accepted authentication information and the previously set authentication information is decided. According to the decided degree of error, it is decided how many times the authentication information can be re-entry.Type: GrantFiled: February 25, 2005Date of Patent: January 20, 2009Assignee: Fujitsu LimitedInventor: Makiko Nakao
-
Patent number: 7480934Abstract: In electronic commerce (e-commerce) sites that are executed on a single e-commerce application, a user's session is only associated with a single user identity for e-commerce site domain. Acting under a single identity across the site may not be desired. There may be requirements to associate an individual user with one or more separate identities within parts of the site. Aspects of the invention provide a method, system and computer program product for managing multiple user identities for a user of an electronic commerce (e-commerce) site.Type: GrantFiled: December 3, 2003Date of Patent: January 20, 2009Assignee: International Business Machines CorporationInventors: Victor S. Chan, Darshanand Khusial, Lev Mirlas
-
Publication number: 20090019534Abstract: A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.Type: ApplicationFiled: September 11, 2008Publication date: January 15, 2009Inventors: Bikram S. Bakshi, David W. Helms, Anthony C. Rochon, Trevor J. Walker
-
Publication number: 20090013391Abstract: A system and a method is disclosed for securely identifying human and non-human actors. A computer implemented system and a method is also disclosed for securely identifying human and non-human actors.Type: ApplicationFiled: June 13, 2008Publication date: January 8, 2009Inventor: Johannes Ernst
-
Publication number: 20090013030Abstract: A system and method for providing connectivity to a closed, secure production network, and computer program products for executing the same and, more particularly, to a system and method for creating a virtual network to provide communication with remote tools. The system includes a server configured to create a virtual network for tools in a production facility and provide authentication and tool routing information to a client in order to gain access to the tools in the virtual network. The virtual network isolates each tool of the tools from each other.Type: ApplicationFiled: July 3, 2007Publication date: January 8, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Ziyad A. Choudhury
-
Publication number: 20090013390Abstract: A two-varying-password generator having two varying passwords of different digit lengths and different time intervals is disclosed. A two-varying-password generator has a printed circuit board where a processor is soldered onto, a battery, a display window and an on/off key and code key. The processor is loaded with two predetermined programs that can produce two passwords (or more than two passwords) of different digit length and different time interval. When on/off key is pressed, the processor is activated and produces two passwords of the current time using the two predetermined programs loaded in the processor. The two passwords are the functions of time, which are defined by two predetermined programs respectively. Meanwhile, the host computer also stores these two programs in the customer's account. As the clocks of both two-varying-password generator and host computer work in synchronously, both of them can produce two identical passwords of the same moment.Type: ApplicationFiled: July 6, 2007Publication date: January 8, 2009Inventor: Gong Ling LI
-
Patent number: 7475248Abstract: A secure messaging system and method. The method can include the steps of receiving an encrypted message, the message having been encrypted using a token of a corresponding pervasive device; wirelessly verifying the presence of the pervasive device; and, if the presence can be verified, decrypting the message using the token. The verification step can include the steps of establishing a wireless link with the pervasive device; and, querying the pervasive device over the wireless link. In particular, the establishing step can include the step of establishing a Bluetooth link with the pervasive device. Furthermore, the querying step can include the step of requesting geographic coordinates which locate the pervasive device.Type: GrantFiled: April 29, 2002Date of Patent: January 6, 2009Assignee: International Business Machines CorporationInventors: William G. Barrus, Cary L. Bates, Robert J. Crenshaw, Paul R. Day
-
Patent number: 7475239Abstract: A pluggable trust adapter architecture that accommodates a plurality of interceptors is provided. Each interceptor is adapted to perform security processing of communications having a specific protocol. Specifically, when a communication is received, it will be routed from a channel router to a specific interceptor based on the protocol of the communication. The interceptor will then “security” process the communication (e.g., extract data, perform verification, etc.). Once the interceptor has processed the communication, the extracted data and the communication itself will be passed to an authorization system for authorization.Type: GrantFiled: September 20, 2002Date of Patent: January 6, 2009Assignee: International Business Machines CorporationInventors: Carroll Eugene Fulkerson, Jr., Anthony Joseph Nadalin, Nataraj Nagaratnam
-
Publication number: 20090007247Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.Type: ApplicationFiled: June 28, 2007Publication date: January 1, 2009Applicant: MICROSOFT CORPORATIONInventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra N. Pandya, Charles W. Kaufman
-
Publication number: 20090006840Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. The identity-based communications layer is situated between a network layer and an application layer and transmits a message between two devices identified by a global address. The global address specifies a protocol, a network, and an address meaningful for the combination of the protocol and the network.Type: ApplicationFiled: February 25, 2003Publication date: January 1, 2009Inventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Publication number: 20090006620Abstract: A method for securing a commercial grid network over non-trusted routes involves receiving, by an administrative node in the commercial grid network, a lease request from a client to lease one of multiple resource nodes in the commercial grid network, wherein the client is separated from the resource node by a non-trusted route. The method further involves transmitting, by the administrative node, a network security key associated with the client to the resource node, storing, by the resource node, the network security key in a network security key repository specific to the resource node, establishing, by the resource node, a secure network tunnel over the non-trusted route using the network security key, transmitting a network packet securely between the client and the resource node over the secure network tunnel, and destroying, by the resource node, the secure network tunnel when a lease term associated with the client and the resource node expires.Type: ApplicationFiled: June 28, 2007Publication date: January 1, 2009Applicant: Sun Microsystems, Inc.Inventors: Kais Belgaied, Darrin P. Johnson
-
Publication number: 20090007246Abstract: A method and wireless device select a set of secure network connections (230) between a wireless device (108) in a wireless communication system and a target destination system (238). A first security assessment (708) associated with each of a plurality of base station connections associated with respective each of a plurality of base stations (116) available for wireless communications with the wireless device (108) is performed. A second security assessment (716) associated with each of a plurality of subsequent network connections available between the plurality of base stations (116) and a target destination system (238) is performed. A set of base station connections from the plurality of base station connections are prioritized according to predetermined security criteria associated with the wireless device (108).Type: ApplicationFiled: June 28, 2007Publication date: January 1, 2009Applicant: MOTOROLA, INC.Inventors: Gerald J. Gutowski, Stanley J. Benes
-
Patent number: 7472425Abstract: A service provider makes requests to an information processing center for processing for an IC card in card command units. The information processing center issues encrypted card commands that can be interpreted by the IC card itself based on requests received from the service provider and sends these to the IC card via the computer network, client, and card reader/writer device. This enables an IC card connected to a client to be accessed using secure communication.Type: GrantFiled: April 4, 2003Date of Patent: December 30, 2008Assignee: Sony CorporationInventors: Mitsushige Suzuki, Junichi Sato, Takashi Matsuo
-
Patent number: 7472412Abstract: A policy engine generates configlets that are vendor-neutral, vendor-specific or both, based on a selected target level and a selected device/device group. A translator translates and combines the configlets to form vendor-dependent configuration files. The policy engine generates the configlets using policies associated with the selected target level and its sub-target levels, as defined by a target level hierarchy. A policy includes at least a condition, and an action which the policy engine performs if the condition is true. In performing the action, the policy engine typically writes to at least a partial configlet. A policy may further include a verification clause, which is used to verify a running configuration. Policy dependencies may also be defined such that where a second policy is dependent on a first policy, the second policy must be evaluated after the first policy. This is necessary, where, for example, the first policy generates and stores a value to be used by the second policy.Type: GrantFiled: May 30, 2006Date of Patent: December 30, 2008Inventors: Jonathan S. Wolf, Arthur B. Mellor, Wayne F. Tackabury, Christopher B. Anderson, Robin M. Whitworth, Michael D. Haag, Brian A. Del Vecchio
-
Publication number: 20080320569Abstract: An embodiment relates generally to receiving a plurality of security certificates for each user of a plurality of users and generating a random renewal period for a selected security certificate. The method also includes associating the random renewal period to the selected security certificate and providing the selected security certificate with the random renewal period to the respective user of the plurality of users.Type: ApplicationFiled: June 20, 2007Publication date: December 25, 2008Inventor: Steven William PARKINSON
-
Publication number: 20080320570Abstract: According to one embodiment, an information processing apparatus includes a wireless communication unit which receives and transmits a voice call wireless signal with a base station, an acceptance unit which accepts instructions related to a privacy protection operation using the voice call wireless signal received by the wireless communication unit, and a control unit which controls the privacy protection operation in accordance with the instructions accepted by the acceptance unit.Type: ApplicationFiled: June 20, 2008Publication date: December 25, 2008Applicant: KABUSHIKI KAISHA TOSHIBAInventor: Shinsuke Yato
-
Publication number: 20080320571Abstract: A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.Type: ApplicationFiled: June 25, 2008Publication date: December 25, 2008Inventors: Thomas W. Connell, II, Thomas W. Connell, SR., Jason P. St. Amand
-
Publication number: 20080320573Abstract: For users to access network services such as video streaming from a device, users usually have to register themselves with the service first. Most registration mechanisms require a user to input a username, password, date of birth and other details. When implemented through a web interface, this mechanism is relatively easy for the service provider to provision. However, the problem is that users are required to manually enter significant amounts of information which can be both time consuming, especially on a mobile device where there usually no QWERTY input device, and susceptible to unintentional errors. The present invention proposes an automated registration process that does not require a user to enter any details manually except for the initial request to subscribe to a service. The process gathers information automatically about the user and the device used, which is then stored and used for user authentication during subsequent service requests following the initial subscription request.Type: ApplicationFiled: January 11, 2007Publication date: December 25, 2008Inventors: Rory S Turnbull, Stephen M Thompson
-
Publication number: 20080319902Abstract: A method and apparatus for facilitating a secure transaction via a computer network. It is known for fraudsters to carry out “man-in-the-middle” attacks utilizing malicious software which diverts communications or corrupts communication between users and a financial institution computer, in order for the fraudster to modify the transaction. A secure object is generated which includes a security identifier and a transaction identifier. In an embodiment, the secure object is an image, and the secure identifier can not be detected by the man-in-the-middle computer. The transaction only proceeds when user enters the secure identifier.Type: ApplicationFiled: November 17, 2006Publication date: December 25, 2008Inventors: Mark Mervyn Chazan, Alexander Grinberg, Michael Kontorovich, Colin Reyburn
-
Publication number: 20080320572Abstract: A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.Type: ApplicationFiled: June 25, 2008Publication date: December 25, 2008Inventors: Thomas W. Connell, II, Thomas W. Connell, SR., Jason P. St. Amand
-
Publication number: 20080313721Abstract: A method of controlling access to an interaction context of a multi-user application includes receiving and tracking over time login requests pertaining to one of a plurality of user accounts of a virtual application instance of the multi-user application, each login request including a login password and each user account including a user password. A login request for the user account is rejected when the login password fails to match the user password of the user account. Access to the user account is denied when a consecutive number of times a login request for the user account is rejected reaches a selected limit. The user is prompted to change the user password of the user account and given limited access to the user account to do so when the user password is a permanent password and a cumulative number of rejected login requests for the user account reaches a selected threshold.Type: ApplicationFiled: June 12, 2008Publication date: December 18, 2008Inventor: Francisco Corella
-
Publication number: 20080313720Abstract: An identification verification device includes an input operable to receive an identification verification query relayed by an account hosting entity. The identification verification query includes a temporary code received from a user. A comparator is coupled to the input and is operable to compare the received temporary code with a verification code. An output transmits to the account hosting entity one of an authorized and a not authorized response that is based upon the comparison.Type: ApplicationFiled: June 18, 2007Publication date: December 18, 2008Inventor: Adam Boalt
-
Patent number: 7466826Abstract: To transmit digital data representing a content from a source to a receiver through a digital communication channel, the data being scrambled by at least one control word, the method includes the following steps. The source generates an encryption key which it stores temporarily. It encrypts the control word with the encryption key and transmits to the receiver the scrambled digital data and the encrypted control word, the latter being transmitted through an encrypted communication channel. The receiver then performs an operation of authentication of the source. When the source is authenticated by the receiver, it transmits the encryption key to it. The receiver then decrypts the control word and descrambles the data so as to present them to a user. The encryption key is then erased from the memories of the source and the receiver when the content has been entirely transmitted.Type: GrantFiled: December 4, 2001Date of Patent: December 16, 2008Assignee: Thomson LicensingInventors: Jean Pierre Andreaux, Sylvain Chevreau, Eric Diehl
-
Patent number: 7467213Abstract: In a portable device connectable to a network system, an access right information acquisition unit acquires access right information of a computer resource assigned to a user temporarily registered to the network system from a computer which manages the computer resource in the network system. An access right information preservation unit preserves the access right information acquired by the access right information acquisition unit. A network access unit accesses the network system using the access right information preserved in the access right information preservation unit.Type: GrantFiled: May 10, 2007Date of Patent: December 16, 2008Assignee: Kabushiki Kaisha ToshibaInventors: Toshiya Takahashi, Tetsuro Kimura, Tetsuro Muranaga
-
Patent number: 7467403Abstract: A technique of allowing entry of the password which is not 100% correct. This password would be used to verify identity and/or login information in low security techniques. The password is scored relative to the correct password. The scoring can take into effect least mean squares differences, and other information such as letter groups, thereby detecting missed characters or extra characters, as well as shift on the keyboard.Type: GrantFiled: January 10, 2005Date of Patent: December 16, 2008Inventor: Scott C. Harris
-
Patent number: 7467201Abstract: A method for providing status information to a device attached to an information technology infrastructure utilizing a device monitoring application resident at the device is disclosed. The device monitoring application utilizes signature data to monitor data associated with a device and selectively provide messages based on a correspondence between signature data and data associated with the device. A message signature is incorporated within the signature data. The data associated with the device is monitored by utilizing the device monitoring application so as to detect a presence of the message signature in the monitored data. A status message is provided by utilizing the device monitoring application if the presence of the message signature is detected in the monitored data. The signature data includes computer virus signatures and the message signature is not related to a computer virus.Type: GrantFiled: August 22, 2003Date of Patent: December 16, 2008Assignee: International Business Machines CorporationInventors: Steven Lingafelt, Gerald Marko
-
Publication number: 20080307512Abstract: This patent describes a method for the Sellers of Real Estate to annotate, personalize and highlight the surroundings of their property-for-sale using graphical icons on a digital map. Potential buyers can view surroundings of Real Estate properties that are so annotated. This method describes a web-based, secure and personalized conduit that is established between the seller and all potential buyers. Also described is the method in which sellers can customize the process of annotating their property so that every subsequent annotation takes less time than the last.Type: ApplicationFiled: May 20, 2008Publication date: December 11, 2008Inventor: Pankaj Tandon
-
Patent number: 7464400Abstract: A computer implemented web based access control facility for a distributed environment, which allows users to request for access, take the request through appropriate approval work flow and finally make it available to the users and applications. This program also performs an automatic task of verifying the health of data, access control data as well as the entitlements, to avoid malicious user access. The system also provides an active interface to setup a backup, to delegate the duty in absence. Thus this system provides a comprehensive facility to grant, re-certify and control the entitlements and users in a distributed environment.Type: GrantFiled: April 24, 2003Date of Patent: December 9, 2008Assignee: International Business Machines CorporationInventors: Rahul Jindani, Vinod Kannoth, Deepak Kanwar, Rinku Kanwar, Jay Krishnamurthy, Gregory L. McKee, Sandeep Mehta, Penny J. Peachey-Kountz, Ravi K. Ravipati
-
Patent number: 7464401Abstract: A system for securing an access to a predetermined area of a target server uses a copy protected record carrier comprising an information file, which comprises a project identifier and/or an address of an authentification server with which an application using said information file can communicate so that the authentification server can initiate and confirm a connection between a computer on which said application is started and said predetermined area of said target server that is identified by the authentification server and/or the project identifier.Type: GrantFiled: January 16, 2004Date of Patent: December 9, 2008Assignee: Sony DADC Austria AGInventors: Gerfried Ranner, Reinhard Blaukovitsch, Michael Kurz
-
Patent number: 7464399Abstract: In a portable device connectable to a network system, an access right information acquisition unit acquires access right information of a computer resource assigned to a user temporarily registered to the network system from a computer which manages the computer resource in the network system. An access right information preservation unit preserves the access right information acquired by the access right information acquisition unit. A network access unit accesses the network system using the access right information preserved in the access right information preservation unit.Type: GrantFiled: May 10, 2007Date of Patent: December 9, 2008Assignee: Kabushiki Kaisha ToshibaInventors: Toshiya Takahashi, Tetsuro Kimura, Tetsuro Muranaga
-
Publication number: 20080301790Abstract: A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by a network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol—Transport Layer Security (EAP-TLS) and subsequent re-authentications may use Wi-Fi Protected Access (WPA).Type: ApplicationFiled: August 12, 2008Publication date: December 4, 2008Inventors: David E. Halasz, Glen W. Zorn
-
Publication number: 20080301789Abstract: The method and system of the present invention provides a central location, such as the United States Postal Service® (USPS), a product that will advance them into the world of internet business and will in turn offer the opportunity for new sources of revenue. The method and system of the present invention has the facilities to verify a person's and/or businesses identity. The verification process can be done in the same manner as money order, check cashing and real P.O. boxes, which are currently limited to availability in the post office. If the user is verified at the central location, the user's e-mail address, domains, ISP, WSP, and Web Sites can be globally registered at one or more e-mail servers or service providers that participate with the verification. The e-mail server or service providers can attach a symbol of the identity verification on all e-mail sent by the e-mail server or service provider from the verified customer.Type: ApplicationFiled: May 30, 2008Publication date: December 4, 2008Inventor: Frederick D. Foster
-
Publication number: 20080301788Abstract: The present invention relates to using authorization information provided by an asserting agent to control identity-related interactions between a receiving agent and an identity agent, which acts on behalf of the asserting agent. The authorization information may be provided to the identity agent directly or through the receiving agent. When the asserting agent is asserting the identity of an associated entity to the receiving agent, the asserting agent delivers assertion information, which may but need not include the authorization information, to the receiving agent. The assertion information includes claim information that includes actual claims or identifies available claims. Upon receiving the assertion information, the receiving agent may interact with the identity agent. The identity agent will use the authorization information to control claim-related interactions with the receiving agent.Type: ApplicationFiled: December 20, 2007Publication date: December 4, 2008Applicant: Nortel Networks LimitedInventor: John H. Yoakum
-
Patent number: 7461398Abstract: A method of managing security parameters for a communications session includes dynamically assigning security parameters during the communications session responsive to changing aspects of the communications session to provide a variable degree of security for the session. Related systems and computer program products are also discussed.Type: GrantFiled: October 21, 2004Date of Patent: December 2, 2008Assignee: AT&T Intellectual Property I, L.P., by transfer of ownership from AT&T Delaware Intellectual Property, Inc.Inventor: Jeffrey A. Aaron
-
Patent number: 7461397Abstract: Methods and apparatuses for customized electronic messaging are described. In one embodiment, a customized email address is dynamically generated based at least in part upon a custom address profile so as to be particularized to the recipient. An email message addressed to the recipient using the customized email address is received from a sending party, and a disposition for the email message is determined based upon either the custom address profile and/or the customized email address.Type: GrantFiled: January 5, 2004Date of Patent: December 2, 2008Assignee: Kryptiq CorporationInventors: Murali M. Karamchedu, Jeffrey B. Sponaugle
-
Patent number: 7461257Abstract: A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.Type: GrantFiled: September 21, 2004Date of Patent: December 2, 2008Assignee: Proofpoint, Inc.Inventors: Terry M. Olkin, Jeffrey C. Olkin, Jahanshah Moreh
-
Publication number: 20080295159Abstract: A method of authenticating a user's data processing terminal for granting the data processing terminal access to selected services provided by a data processing system. The method includes performing a first, SIM-based authentication of the user's data processing terminal at an authentication data processing server in the data processing system, by operatively associating with the user's data processing terminal a first subscriber identity module issued to the data processing terminal user, for example, of a type adopted in mobile communication networks for authenticating mobile communication terminals. The authentication of the user's data processing terminal in the data processing system is conditioned to a second authentication, based on identification information provided to the user at a mobile communication terminal through a mobile communication network to which the mobile communication terminal is connected, e.g. in the form of an SMS message.Type: ApplicationFiled: November 7, 2003Publication date: November 27, 2008Inventor: Mauro Sentinelli
-
Patent number: 7458098Abstract: The present invention is directed to systems and methods for enhancing electronic communication security. An electronic communication related to an application is received and stored. One or more risk assessments are made with respect to the received communication thereby generating a risk profile associated with the communication. The risk profile is analyzed with respect to data associated with previously received communications to determine if the received communication is anomalous. If the received communication is determined to be anomalous, an anomaly indicator signal is output.Type: GrantFiled: March 8, 2002Date of Patent: November 25, 2008Assignee: Secure Computing CorporationInventors: Paul Judge, Guru Rajan
-
Patent number: 7458096Abstract: An access system provides identity management and/or access management services for a network. An application program interface for the access system enables an application without a web agent front end to read and use contents of an existing encrypted cookie to bypass authentication and proceed to authorization. A web agent is a component (usually software, but can be hardware or a combination of hardware and software) that plugs into (or otherwise integrates with) a web server (or equivalent) in order to participate in providing access services.Type: GrantFiled: October 27, 2006Date of Patent: November 25, 2008Assignee: Oracle International CorprationInventors: Charles W. Knouse, Minoo Gupta
-
Patent number: 7457958Abstract: A system (50, 150) for assisting a user (14) to determine whether an email (18) comes from a purported originator (16). A computerized system having a display unit is provided. Logic (54) in the computerized system determines whether the email (18) includes an authenticity mark (52) including an originator identifier (102) and encrypted data (104). Logic (54) in the computerized system then decrypts the encrypted data (104) into decrypted data (108-14), based on the originator identifier (102). Logic (54) in the computerized system then presents to the user (14), on the display, whether the email (18) includes the authenticity mark (52), whether the encrypted data (104) decrypts successfully, and information based on the authenticity mark (52) and the decrypted data (108-14).Type: GrantFiled: September 21, 2004Date of Patent: November 25, 2008Assignee: Proofprint, Inc.Inventors: Terry M. Olkin, Jeffrey C. Olkin, Jahanshah Moreh
-
Patent number: 7454778Abstract: The present invention provides for methods, systems, and computer program products for ensuring that sensitive subject matter within electronic messages is not inappropriately transferred between domains with differing security rights. The present invention utilizes the appropriate placement of message transfer agents or servers along with policy documents that include configurable semantics pattern recognition data for identifying deviant messages. Once deviant messages or messages that potentially have sensitive subject matter are identified, the present invention further provides for adaptable actions or remedies for ensuring that the sensitive subject matter is not inappropriately transferred between domains.Type: GrantFiled: September 30, 2004Date of Patent: November 18, 2008Assignee: Microsoft CorporationInventors: Malcolm E. Pearson, David R. Reed, Robert G. Atkinson, Steven D. White
-
Publication number: 20080281737Abstract: A system for authenticating the identity of a user comprising a user and an authenticating party, where the user enters identifying information to a web page associated with the authenticating party along with details of a communication identifier, the authenticating party generates a unique passkey and sends a communications message including the unique passkey to the user by way of the communication identifier, the user then operable to enter a passkey using an appropriate mechanism provided for at the web page and where the authenticating party authenticates the identity of the user in accordance with the result of a comparison between the passkey entered via the web page and the generated unique passkey. The system can also be performed by entering information and receiving information via a second destination address. Further embodiments describe a system for transferring credit of a mobile phone or SIM card to a new mobile phone on authentication of the identity of a user.Type: ApplicationFiled: January 28, 2005Publication date: November 13, 2008Applicant: VERITAS MOBILE SOLUTIONS PTE. LTD.Inventor: Alfredo C. Fajardo
-
Publication number: 20080282331Abstract: A method and system for authenticating a user in a network includes a network software client of a computing device requesting network software services from a service gateway. A call between a user phone and an IVR phone login system is initiated in response to the user phone and the computing device being within a coverage area of the service gateway. A location of a user uniquely assigned to the computing device is identified within the coverage area. A first information received in the network software services from the computing device is correlated with a second information received from the IVR phone login system. When the first and second information match, access by the computing device to services of the service gateway is allowed.Type: ApplicationFiled: October 8, 2004Publication date: November 13, 2008Applicant: ADVANCED NETWORK TECHNOLOGY LABORATORIES PTE LTDInventor: Wee Tuck Teo
-
Publication number: 20080282332Abstract: In order to develop a method for carrying out a protected function of an electrical field device in such a manner that a high degree of security against unauthorized accesses to the electrical field device can be ensured irrespective of the nature of the communication link between a user and the electrical field device, an identification device for the electrical field device and a security device are used to check whether a stated protected function of the electrical field device can be carried out, or should be refused. The invention also relates to an appropriately configured electrical field device.Type: ApplicationFiled: September 29, 2005Publication date: November 13, 2008Applicant: SIEMENS AKTIENGESELLSCHAFTInventor: Andreas Jurisch
-
Patent number: 7451477Abstract: A system and method of authorization comprising associating at least one role with a resource, associating at least one capability with the at least one role, and determining whether to permit a resource operation based on the at least one capability.Type: GrantFiled: October 24, 2002Date of Patent: November 11, 2008Assignee: BEA Systems, Inc.Inventors: Philip B. Griffin, Manish Devgan, Jason Howes, Scott Dunbar
-
Publication number: 20080276307Abstract: IC cards (R11, R12, and R21) are issued respectively to users ?, ?, and ?. An identification code (ID(11)) of a computer (11) supplied to user ? and environment information (ENV(11)) that indicates a normal network environment of the computer (11) are recorded in the IC card (R11) issued to user ?. When in order to use a computer, a user connects his/her IC card, the identification code and the network environment of the computer to be used are compared with the identification code and environment information recorded in the IC card and different access rights are provided in accordance to the degree of matching. The identification code may be a MAC address of a LAN circuit incorporated in the computer, and the environment information may be a default gateway address or the like. Different access rights can thus be set according to the computer or the network environment that is used.Type: ApplicationFiled: January 20, 2005Publication date: November 6, 2008Inventors: Syouzou Niwata, Yoshihiro Yano, Takayuki Chikada, Fukio Handa, Kazutoshi Kichikawa
-
Publication number: 20080276308Abstract: A method to securely access systems (I, II) of a distributed computer system by entering passwords is described, wherein some systems are accessible by equal, and some systems are accessible by different passwords, comprising the steps of: storing information, which systems (I, II) are accessible by equal, and which are accessible by different passwords, asking to enter a proper password when opening a session by accessing a system (I, II) of said distributed computer system, caching said password, using the stored information to verify, if another system (I, II) to be accessed during the current session is accessible by an equal password like a system (I, II) already accessed during said session, if the result of the verification is true, re-using the adequate cached password, if the result of the verification is false, asking to enter a proper password to access the other system (I, II), and caching said password required to access the other system (I, II) in a way that during the current session, it canType: ApplicationFiled: August 17, 2006Publication date: November 6, 2008Inventors: Thomas Graser, Bernd Jostmeyer, Norbert Lenz, Andreas Schauberer, Wolfgang Schaeberle
-
Patent number: 7448072Abstract: A technique for authenticating a user to a server using SIP messages includes forwarding an SIP request from the user agent to the server. The server then forwards a request for authentication to the user agent in response to the invite request, the request for authentication including information that the authentication will be performed using a UMTS AKA mechanism. The user agent then forwards and authentication response to the server in accordance with the UMTS AKA mechanism and the server then performs the appropriate actions to perform an invoked SIP procedure in response to the SIP request. The SIP request may include any standardized SIP request including an SIP INVITE request or an SIP REGISTER request.Type: GrantFiled: February 17, 2006Date of Patent: November 4, 2008Assignee: Nokia CorporationInventors: Stefano Faccin, Franck Le, György Wolfner
-
Patent number: 7448067Abstract: The invention is a system and method for applying a uniform network security policy. The security policy is described using a computer-readable file. The computer-readable file may be filtered and/or translated into other files that may be used as inputs to security devices. An example of one such security device is a remote system security controller, which is responsible for ensuring that remote devices outside the corporate network enforce the corporate security policy. In addition, the system is capable of updating the security policy of all network components based on feedback received from one or more devices.Type: GrantFiled: September 30, 2002Date of Patent: November 4, 2008Assignee: Intel CorporationInventor: Satyendra Yadav