44results about "Unauthorized memory use protection" patented technology

A set of likelihood values associated with a set of characteristics associated with the set of goodware entities is determined. The set of characteristics is stored in association with the set of likelihood values as a model. A set of relative information gain values associated with the characteristics of the set of characteristics is generated. One or more characteristics are removed from the model responsive to the relative information gain values associated with the one or more characteristics to produce a revised model.

A mobile ad-hoc network (MANET) may include a plurality of nodes for transmitting data therebetween and a policing node. The policing node may detect intrusions into the MANET by monitoring transmissions among the plurality of nodes to detect transmissions during an unauthorized period and generate an intrusion alert based thereon. The policing node may also detect intrusions based upon one or more of integrity check values which do not correspond with respective data packets, usage of non-consecutive media access control (MAC) sequence numbers by a node, and collisions of packet types and/or MAC addresses.

The present invention defines a strong authentication token for generating different dynamic credentials for different application providers comprising an input interface providing an output representing an application provider indicator; a secret key storage for storing one or more secret keys; a variability source for providing a dynamic variable value; a key providing agent for providing an application provider specific key as a function of said application provider indicator using one or more keys stored in said secret key storage; a cryptographic agent for cryptographically combining said application provider specific key with said dynamic variable value using symmetric cryptography; a transformation agent coupled to said cryptographic agent for transforming an output of said cryptographic agent to produce a dynamic credential; and an output interface to output said dynamic credential.

The present invention defines furthermore a method to manage the secret keys of strong authentication tokens that can generate dynamic credentials for more than one supported application provider or application provider group using different secret keys for each supported application provider or application provider group comprising generating for each of a batch of strong authentication tokens a token specific master key; personalising each token of said batch with the token specific master key associated with said token; generating for each of a plurality of supported application providers or application provider groups a set of application provider specific token keys, one application provider specific token key for each token of said batch, whereby each application provider specific token key of each of said sets is derived from that token's token specific master key and a unique identifier or indicator of that application provider or application provider group; providing to each application provider or an entity that is responsible for the verification on behalf of said application provider of the dynamic credentials that are generated for said application provider, the corresponding set of application provider specific token keys.

A system for loading application identifiers to a mobile device includes a mobile device, a card device insertable into the mobile device, and an application center. The card device is adapted to determine an effective mobile device identifier of the mobile device, and transmit the effective mobile device identifier to the application center. The effective mobile device identifier is based at least in part on the result of a process performed by the card device. The application center is adapted to (1) determine zero or more allotted application identifiers and zero or more application identifiers of applications loaded on the mobile device based at least in part on the effective mobile device identifier, (2) identify at least one application identifier of the zero or more allotted application identifiers which does not form part of the zero or more application identifiers of applications loaded on the mobile device, and (3) load the at least one application identifier to the mobile device.

An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together. Otherwise, random numbers generated for the respective constituent elements are bound together, then the hash values of the respective random-numbered constituent elements are calculated, and then an electronic signature is affixed to data obtained by binding the calculated hash values together.

An apparatus and method are disclosed for variable authentication requirements. The apparatus includes an operating status module identifying a change in an operating status of a device and maintaining a history of operating statuses, and an access control module comparing a current operating status with a previous operating status. The apparatus also includes a profile module maintaining a trust indicator for each operating status. The access control module determines a level of authentication required to unlock the device in response to the trust indicator associated with the current operating status. The method includes identifying a change in an operating status of a device and maintaining a history of operating statuses, and comparing a current operating status with a previous operating status. The method also includes maintaining a trust indicator for each operating status, and determining a level of authentication required to unlock the device in response to the trust indicator associated with the current operating status.

A method of managing an access right to at least one asset associated with at least one digital work order, to at least one first element associated with the at least one asset, or to at least one second element associated with an access path to the at least one asset or the first element, and relates to a system and a computer program for the same.

The present invention automates the operation of multiple malware removal software products using a computerized system that systematically operates the multiple selected software products. These products are operated them in a customized “Safe Mode” using a shell that is different than the computer's other shell environments. Unlike the ordinary Safe Modes shells, the Custom Safe Mode prevents malware from functioning that ties itself to the normal shell, such as the Windows Explorer shell. In addition, the Custom Safe Mode allows the automation of tasks beyond that which is available under the standard command line shell.

A countermeasure for a computer security threat to a computer system is administered by establishing a baseline identification of an operating or application system type and an operating or application system release level for the computer system that is compatible with a Threat Management Vector (TMV). A TMV is then received, including therein a first field that provides identification of at least one operating system type that is affected by a computer security threat, a second field that provides identification of an operating system release level for the operating system type, and a third field that provides identification of a set of possible countermeasures for an operating system type and an operating system release level. Countermeasures that are identified in the TMV are processed if the TMV identifies the operating system type and operating system release level for the computer system as being affected by the computer security threat. The received TMV may be mutated to a format for processing of the countermeasure.

To secure the confidentiality of data stored in data storage devices, a position determination system is mechanically coupled to the data storage devices and continuously determines a position thereof. A processor, provided with an authorized location for the data storage devices, facilitates transfer of data to and from the data storage devices. Specifically, when the position of the data storage devices matches the authorized location, the processor facilitates transfer of data from the data storage devices without any modification of the data. However, when the position of the data storage means does not match the authorized location, the processor inflates the data by dispersing it in a very large set of irrelevant data.

A system and method for using hierarchical policy levels for distribution of software in a computer network. In one embodiment, computers of the network are arranged into a hierarchy. A management policy server with access to the network queries the hierarchy to identify computers at or below its own level within the hierarchy. Once a set of computers is identified, software programs, updates or policies are distributed, bypassing human intervention.

A play list of audio recordings made in the past is searched for, and is displayed in the event that it exists. The contents that have already been recorded in the past are displayed with the word “recorded” affixed thereto in a manner corresponding with the track Nos. of the CD, and are further displayed with a number such as “2” affixed thereto in the event that the contents have been recorded twice in the past, for example. Further, in the event that play lists exist, a dialog box prompting selection of a play list is displayed, so the user can select between audio recording by adding the new contents to an already-existing play list or audio recording by creating a new play list. Thus, the contents recorded in the past are automatically searched, and the user is presented with a display thereof.

The present disclosure relates to a method for updating a firmware component of a measurement and control technology device. The method includes: a segment-by-segment reception of a first firmware image; an authentication of the first firmware image based upon a first encryption method; a creation of a second authentication datum for the first firmware image via an algorithm that differs from the first encryption method; a re-transmission of the data used for updating the firmware component as a second firmware image; an authentication of the second-firmware image based upon the second authentication datum; and in the case of a successful authentication of the second firmware image, enabling and execution of the firmware program code.

This invention discloses one data transparent protection safety write system and method, which comprises hardware platform, virtual monitor and at least one operation system, wherein, the platform comprises memory device composed of data preservation area to store each data protection point MBR and file align list and status list; the virtual monitor comprises data protection module to set protection points and to store the MBR and list and point status into the preservation area for change operation on the protection point; capture operation system and the program in it visit memory device I/O operation order and directing the orders into accurate position on the memory device.

In a key-insulated cryptosystem according to the present invention, a plurality of external devices are associated with a number of updates of a terminal secret key which has already been updated, and a different piece of secret information is stored in each of the external devices. In addition, a key-updating method in the key-insulated cryptosystem according to the present invention includes steps of: selecting one of the external devices depending on the number of updates of the terminal secret key; and causing the selected external device to generate key-updating information used for updating the terminal secret key based on the number of updates and the stored secret information.

Devices, methods and products are described that provide removable storage device data protection. One aspect provides a method comprising: ascertaining a protected removable storage device connected to an information handling device, said protected removable storage device having a first partition for storing data according to a first file system type, and a second partition for storing user data according to a second file system type; and responsive to said information handling device recognizing said second file system type, querying for user credentials to decrypt a data encryption key used to encrypt said user data of said second partition. Other embodiments are described.

The invention discloses an encrypting and authenticating equipment with dual safety chips, belonging to the technical field of identity authentication. The equipment comprises a shell, a USB plug outside the shell, a first safety chip, a second safety chip and a radio-frequency antenna, wherein the first safety chip, the second safety chip and the radio-frequency antenna are encapsulated in the shell; the first safety chip is connected with the USB plug, is connected with the second safety chip in the shell, and is also connected with an external system host computer by the USB plug; the second safety chip is connected with the radio-frequency antenna and is connected with a radio-frequency receiving terminal by the radio-frequency antenna; and the first safety chip and the second safety chip carry out communication with each other by an I/O interface. In the invention, two safety chips are used, the two safety chips are internally embedded in an intelligent card embedding software system respectively, thus realizing one corresponding application respectively; and the mutual independence of the two safety chips is effectively ensured, the safe and convenient multi-application formsare realized, furthermore, the two safety chips can realize the safe communication by the I/O interface.

The invention relates to a method and system used for Flash balance storage. The method includes the following steps that first, whether an erase flag exists or not in a current sector in which writing will be performed is checked, and if not, the current sector is formatted, and a flag is set; second, whether data are written in the current sector for the first time or not is checked, if yes, a next sector of the current sector is formatted firstly, the ERASE_FLAG is set, and then a USED_FLAG is written into the sector; third, whether the remaining space of the current sector is enough for writing a current data package or not is judged, and if the space is enough, the data are written into the current position, and the current operating address g_SectorInfo.cur_addr is updated; if the space is not enough, the operation skips into the next sector; fourth, whether the written-in data can pass verification or not is checked, and if not, the operation skips into the next sector, and the first step is executed.

A remote controller device 2 sends its own ID code when specifying an access destination to a main device 1. Upon receipt of an access command from the remote controller device 2, the main device 1 appends the ID code of the remote controller device 2 to information obtained by accessing the access destination and outputs the same. The remote controller device 2 takes in the output only when it is appended with its own ID code and displays the same on a display unit 25. Thus, the user can confirm the information the main device 1 has obtained from the network 7 on the display unit 25 of the remote controller device 2. Consequently, the risk that the information is seen by anyone around can be reduced, thereby making it possible to improve the security on the private information.

A fast data transfer collection system using message authentication and contactless RF proximity card technology in non-contact storage and retrieval applications. The system is generally comprised of Host computers (application computer systems), Target radio frequency (RF) termninals, and a plurality of portable Tags ("smart" or "proximity" cards). A Host provides specific application functionality to a Tag holder, with a high degree of protection from fraudulent use. A Target provides control of the RF antenna and resolves collisions between multiple Tags in the RF field. A Tag provides reliable, high speed, and well authenticated secure exchanges of data/information with the Host resulting from the use of a custom ASIC design incorporating unique analog and digital circuits, nonvolatile memory, and state logic. Each Tag engages in a transaction with the Target in which a sequence of message exchanges allow data to be read(written) from(to) the Tag. These exchanges establish the RF communication link, resolve communication collisions with other Tags, authenticate both parties in the transaction, rapidly and robustly relay information through the link, and ensure the integrity and incorruptibility of the transaction. The system architecture provids capabilities to ensure the integrity of the data transferred thus eliminating the major problem of corrupting data on the card and in the system. The architecture and protocol are designed to allow simple and efficient integration of the transaction product system into data/information processing installations.