An illustrative embodiment of a computer-implemented method for authority based content filtering, receives a request containing search criteria from a requester, searches a content repository using the search criteria of the request to identify a set of content candidates from the content repository. A contributor authority for each contributor associated with each content candidate in a list of content candidates in the set of content candidates is queried by the computer-implemented method, wherein the contributor authority includes a mapping of a set of credentials of a contributor to subject matter and the list of content candidates is filtered and sorted by the computer-implemented method using a result from the contributor authority.
An electronic device comprises a CPU, and a touch-sensitive screen operable to display a plurality of keys. Each of the plurality of keys are associated with and exhibit a predetermined value, where the keys are arranged so that the predetermined values of the keys are displayed in a random manner. The predetermined values of the plurality of keys have different predetermined display characteristics associated therewith so that the plurality of keys have varied appearances.
In general, embodiments of the present invention provide an approach for pre--provisioning cloud computing resources such as virtual machines (VMs) in order to achieve faster and more consistent provisioning times. Embodiments of the present invention describe an approach to generate a pre-provisioned pool of virtual machines that are utilized when one or more consumers start to initiate a large volume of requests (e.g., instantiate/populate multiple e-commerce 'shopping carts'). In a typical embodiment, a selection of an operating system to be associated with a VM is received in a computer data structure. A provisioning of the VM will then be initiated based on the selection of the operating system. Thereafter, at least one selection of at least one software program to be associated with the VM will be received in the computer data structure. The provisioning of the VM can then be completed based on the at least one selection of the at least one software program in response to a provisioning request received in the computer data structure.
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 12/16 - Arrangements for providing special services to substations
4.
DATA SECURITY FOR A DATABASE IN A MULTI-NODAL ENVIRONMENT
A security mechanism in a database management system enforces processing restrictions stored as metadata to control how different pieces of a multi-nodal application are allowed to access database data to provide data security. The security mechanism preferably checks the data security restrictions for security violations when an execution unit attempts to access the data to insure the nodal conditions are appropriate for access. When the security mechanism determines there is a security violation by a query from an execution unit based on the security restrictions, the security mechanism may send, delay or retry to maintain data security. Nodal conditions herein include time restrictions and relationships with other columns, rows or pieces of information. For example, multiple processing units may be allowed to execute together, but the security mechanism would prohibit these processing units to access specific pieces of information at the same time through the use of metadata in the database.
A security authentication method comprises establishing a user account associated with a login credential, generating an encryption salt, generating graphical key images of a plurality of sequences of values each beginning at a random point, generating encrypted key values by encrypting each value in the plurality of sequences using the generated encryption salt, incorporating the graphical key images and encrypted key values into a displayable input form, receiving user input including a plurality of encrypted key values, generating decrypted key values by decrypting the encrypted key values of the user input using the encryption salt, and verifying that the decrypted key values match the login credential.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 9/28 - Arrangements for secret or secure communications; Network security protocols using particular encryption algorithm
6.
SYSTEM, METHOD AND PROGRAM PRODUCT FOR DETECTING PRESENCE OF MALICIOUS SOFTWARE RUNNING ON A COMPUTER SYSTEM
A system, method and program product for detecting presence of malicious software running on a computer system. The method includes locally querying the system to generate a local invento-ry of tasks and network services running on the system for detecting presence of malicious software running on the system and remotely querying the system from a remote system via a network to generate a remote inventory of tasks and network services running on the system for detecting presence of malicious software running on the system, where the local inventory enumerates ports in use on the system and where the remote inventory enumerates ports in use on the system. Fur-ther, the method includes collecting the local inventory and the remote inventory and comparing the local inventory with the remote inventory to identify any discrepancies between the local and the remote invento-ries for detecting presence of malicious software running on the system.
System, method and program product for determining a cause of a failure of a communication from a source device to a destination device. A preferred route from the source device to the destination device comprises a series of routers in a forward order. First program instructions determine one or more initial routers in the series in the forward order from the source device toward the destination device. A last of the initial routers does not designate a next router in the series in the forward order toward the destination device. Second program instructions determine the series of routers in a reverse order from the destination device toward the source device. Third program instructions determine from the series of routers in reverse order as determined by the second program instructions which router the last of the initial routers should designate as its next router in the forward order toward the destination device, and send a notification as to which router the last of the initial routers should designate as its next router in the forward order toward the destination device.
H04L 41/06 - Management of faults, events, alarms or notifications
H04L 41/0631 - Management of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
H04L 45/28 - Routing or path finding of packets in data switching networks using route fault recovery
H04L 43/0805 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
H04L 69/40 - Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
Generally speaking, systems, methods and media for authenticating a user to a server based on previous authentications to other serversare disclosed. Embodiments of amethod for authenticating a user to a servermay include receiving a request to authenticate the user to the server and determining whether authenticating the user requires matching an authentication plan.If a plan is required, the method may also include accessing a stored authentication plan with authentication records each having expected information relating to user access to a different server. The method may also include receiving an indication of the user s current authentication plan from an authentication store where the plan has authorization records each having current information relating to user access. Embodiments ofthe method may also include comparing the stored authentication plan with the received current authentication plan to determine whether they match and, in response to a match, authenticating the user.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A method for processing information, divides, using an information processing device or an external storage device, target information into N pieces using a secret sharing scheme wherein restoring target information requires a predetermined number (K) of pieces of the N pieces, wherein N>K. After selecting M pieces, wherein KM-K, and a reference time is determined. Before destroying D pieces, performance of a predetermined operation is ascertained, by, and with respect to, the external storage device, and expiration of the reference time since the predetermined operation was performed, wherein destroying occurs in response to ascertaining.
G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
G06F 3/06 - Digital input from, or digital output to, record carriers
G06F 5/00 - Methods or arrangements for data conversion without changing the order or content of the data handled
10.
METHOD AND APPARATUS FOR CUSTOMIZING THE DISPLAY OF MULTIDIMENSIONAL DATA
A Tag Cloud Customizer (TCC) provides an interactive legend and a tag cloud generator that allows a user to customize a tag cloud. The interactive legend allows users to map custom display characteristics to a plurality of tag attributes. The tag cloud generator creates a custom tag cloud using the custom display characteristics. The user can also sort the order of tags in the tag cloud by any of the plurality of tag attributes. In one embodiment of TCC, the user can define a custom tag attribute.
The "Grid Security Monitor" tracks the security status of resources in a grid computer system. When a client submits a job to the grid scheduler, the Grid Security Monitor creates a security contract. The security contract comprises all the security credentials needed to access the resource executing the job, as well as privacy and security requirements. The Grid Security Monitor compares the security status of the resource to the requirements of the security contract. If the security status of the resource changes or violates the security contract, then the Grid Security Monitor notifies the client. The Grid Security Monitor has a user interface that allows the client to perform a manual security validation by asking the grid management system to verify the security status of the resource.
12.
METHOD, SYSTEM, AND PROGRAM PRODUCT FOR DEPLOYING A PLATFORM DEPENDENT APPLICATION IN A GRID ENVIRONMENT
Under the present invention, it is determined whether sufficient resources exist for deploying a platform dependent application on its specific "native" platform in a grid environment. If not, a platform dependent portion of the application is identified, and the application is split into the platform dependent portion and a platform independent portion. Thereafter, the platform dependent portion is deployed on its corresponding native platform, while the platform independent portion is deployed on another platform in the grid environment based on available resources. Interconnections between the two portions can then be automatically generated. This can include, for example, creating remote method invocation facade interfaces, creating remote method invocation-enabled facade classes, and building a remote method invocation server for the first platform.
A method for authenticating an item comprising an RFID having a memory for storing an identifier and a secret key, and a built-in hashing function, is disclosed. According to the method of the invention, the output of the RFID of the item to be authenticated is compared with the output of the RFID of a genuine item. To that end, a random number is transmitted to the item to be authenticated with zero as parameters. The RFID 's identifier, the random number, and the secret key are concatenated and use as input of the built-in hashing function that result is output with the RFID identifier. The RFID 's identifier and the random number are then transmitted to the RFID of the genuine item that returns its identifier and the output of the built-in hashing function computed with the RFID 's identifier of the item to be authenticated, the random number, and the secret key. If the results of both built-in hashing functions are identical, the item is authenticated else, it is counterfeiting.
G06K 19/00 - Record carriers for use with machines and with at least a part designed to carry digital markings
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
14.
SYSTEM AND METHOD FOR SURVEILLANCE OF SUSPECTS OF AUTOMATED BANKING MACHINE FRAUD
There is disclosed a method and system for surveillance of a suspect of automated banking machine (ABM) fraud. In an embodiment, there is a detector for detecting the presence of a foreign device targeting an ABM, the detector being configured to generate an alarm notification upon such detection. A plurality of surveillance cameras may be positioned to monitor an ABM and its surroundings. A video recording device is operatively connected to the detector and configured to archive the video signals recorded from the plurality of surveillance cameras upon receipt of the alarm notification. The detector may be configured to generate the alarm notification after a predetermined delay, and at least one of the archived recorded video signals should have a recorded length exceeding the predetermined delay for alarm notification in order to permit review of suspicious activity that generated the alarm notification.
G08B 13/196 - Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
G07F 19/00 - Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
15.
PERFORMANCE EVALUATION OF A NETWORK-BASED APPLICATION
A solution for evaluating a performance of a network-based application is provided. A transaction performed by the application is decomposed into multiple components. One or more resources for each component are identified and performance data for each identified resource is obtained while the application processes the transaction. Based on the performance data, the performance of the application is evaluated. In this manner, the performance of the application can be comprehensively evaluated.
A method for identifying a device attempting an intrusion into a TCP/IP protocol based network is disclosed. The present invention allows creating links between two independent information levels, the TCP/IP stack information on one side and the Windows Security Event Log information on the other side. The method allows establishing the relationship between the computer name of the attacker device as stored in the Security Event Log and the TCP/IP information related to this computer name.
17.
COMMUNICATION RELAY DEVICE, INFORMATION PROCESSING SYSTEM, CONTROL METHOD, AND PROGRAM
The present invention has an object to safely and easily perform power line communication with a server which provides a desired service. There is disclosed a communication relay device for relaying communication data between an information processing device and a communication network by use of a power line on which a communication signal and a power signal are superimposed, and the communication relay device includes an authentication information storage section for storing authentication information of the communication relay device; a power plug detachably attachable to a power socket for connecting an electric device to the power line; a connection detecting section for detecting that the power plug is connected to the power socket; an authentication processing section for transmitting the authentication information to a server via the power line in order to allow the server to authenticate the communication relay device, on condition that the power plug is connected to the power socket; and a communication relay section for relaying the communication data from the information processing device to the communication network, on condition that the authentication processing section succeeds in the authentication.
A method and system for providing access to information on an article to which a tag is coupled. A local server reads the tag containing a virtual ID that includes an encryption of a bit string. The bit string includes an article ID containing a manufacturer ID. The local server is coupled to an ONS server, an ONS proxy server, and a PML server via a network. The local server sends to the ONS proxy server an ONS service request that includes the virtual ID and requests a network address of the PML server. The local server receives, from the ONS server, the network address of the PML server. The local server sends to the PML server, at the network address of the PML server, a PML information request that includes the virtual ID and requests article information. The local server receives, from the PML server, the article information.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06K 7/00 - Methods or arrangements for sensing record carriers
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Methods, systems, and products are disclosed for multi-source, multi- destination data transfers that include identifying a plurality of destination points having destination contexts in one or more destination objects; selecting source content for transfer; displaying destination contexts for the destination points; and directing source content to at least one destination point in dependence upon the displayed destination contexts. In typical embodiments, identifying destination points includes recording each identified destination point and storing in association with each recorded destination point a copy of a destination context for each recorded destination point.
G06F 3/0354 - Pointing devices displaced or positioned by the user; Accessories therefor with detection of 2D relative movements between the device, or an operating part thereof, and a plane or surface, e.g. 2D mice, trackballs, pens or pucks
20.
METHOD AND SYSTEM FOR LINKING CERTIFICATES TO SIGNED FILES
A method and systems for linking the certificate to the signed file to which it is associated is disclosed. According to the method and systems of the invention, the address or URL wherein the certificate is stored is encoded in the filename of the signed file so as to be transmitted jointly with the file. When receiving such a signed file, a first step consists in extracting and decoding the certificate address from the filename. Using the certificate address, the certificate can be accessed and checked before opening and authenticating the signed file. In a preferred embodiment, the signature of a signed file is based on the file content and on a private key while the corresponding certificate comprises at least the corresponding public key.
One objective of the present invention is to provide appropriate load control in accordance with processing times required for transactions, on individual application servers, in an information system that includes a plurality of application servers and a database server. The present invention provides an information system that includes: a process time monitoring unit, for monitoring processing time required for the application program to process a transaction received by an application server; a bottleneck identification unit, for identifying, based on monitoring results of processing time, a bottleneck in at least one of the plurality of application servers if the processing time is not within a predesignated permissible range; and a load controller, for reducing a multiplicity of the application program on an application server identified as having a bottleneck.
There is described a data logging method for transferring data from a plurality of client devices (100A-N) to a server (300), said method comprising: building a schedule of transfer periods based on an estimated transfer size for each device; receiving an actual transfer size for a device; updating the schedule for all devices with respect to the difference in the received actual transfer size and the corresponding estimated transfer size for said device; and transferring data for said device.
There is described a data logging method for transferring log data to a server over a wireless network from a plurality of remote devices, said server for receiving data from the plurality of said devices, said method comprising the following steps: scheduling a transfer period for transferring log data from a device to the server taking into account the wireless network signal strength of the device for the scheduled transfer period whereby the scheduled transfer period does not overlap a time when the estimated wireless network strength is too low to transfer the log data; and transferring data determined by its respective transfer period in the schedule.
patents
