­
­
­
­

Inventi Rapid - Information Security

Patent Watch

  • Unification of security monitoring and IT-GRC

    A method of effective information governance and risk management includes Integrating security monitoring and compliance management application silos. The integrated silos are delivered through a cloud based infrastructure.

  • DYNAMICALLY APPLYING A CONTROL POLICY TO A NETWORK

    A method of dynamically applying a control policy to a network is described. A network layer of a plurality of network layers associated with user traffic is determined. A portion of a control policy corresponding to the network layer and the user traffic is accessed. Then, the portion is sent to a security device associated with the network layer, the portion being configured to be applied by the security device to the network layer and the user traffic.

  • METHOD AND SYSTEM OF BUILDING A WANTED LIST QUEUE FOR A USER IN A CONTENT DISTRIBUTION SYSTEM

    A system and method for communicating content to a user device includes a head end that communicates metadata for a plurality of content including the content titles. The system also includes the user device that generates a screen display comprising the plurality of content titles from the metadata and generates a selection corresponding to a first content title from a user interface, the user device adds metadata for the first content title to a queue and displays the queue in a priority order on the screen display. The user device is tuned to receive content corresponding to the first content title and stores the content in a storage device.

  • METHOD AND APPARATUS FOR INTEGRATING APPLICATIONS ON DEMAND TO DISPLAY AND MANIPULATE A SEMANTIC RESOURCE

    An approach is provided for integrating applications on demand to display and manipulate a semantic resource. An integrating application causes, at least in part, reception of a request for a semantic resource, and determines whether the semantic resource is known to a first application. The integrating application discovers one or more properties of the semantic resource based, at least in part, on the determination. The integrating application identifies a second application associated with the semantic resource based, at least in part, on the one or more properties. The integrating application causes, at least in part, presentation of the semantic resource through the second application.

  • TEAM SECURITY FOR PORTABLE INFORMATION DEVICES

    A portable information device (PID) having a security module that conducts security-related functionality. At least some of the security-related functionality for the benefit of the PID is provided by a security team of at least one other PID. In one type of arrangement, when configured in a team processing mode, certain ones of the security functions or components operating for the benefit of the PID can be processed on one or more of the security team member devices. In another type of arrangement, the team of devices exchanges security-related information determined as a result of a single team member device's processing of one or more security-related tasks.

  • METHOD OF MULTI-TERMINAL CONNECTION TRAVERSING NAT WITHOUT THIRD PARTY INTERFACING

    A method of multi-terminal connection traversing a network address translation (NAT) without third party interfacing is provided, which is applicable to existing network communication protocols. The method is mainly used to realize connection of a user end having a NAT or a firewall with a third party, and enable the user end to form direct network interconnection with other user ends through a multi-terminal network connection system without additionally opening a network connection port for the NAT or firewall. Moreover, the method enables a user of the user end to additionally load Internet application programs, such as Voice over Internet Protocol (VoIP) and video conference, on the multi-terminal network connection system based on demands of the user or for work. In addition, the user end may realize direct network interconnection through a checking mechanism of the NAT Internet protocol, so as to avoid information security vulnerability caused by exceptional opening of the network connection port for network connection, and the network connection is implemented without third party or proxy server interfacing. Therefore, the security of network connection between user ends is enhanced and the occurrence of information vulnerability is reduced.

  • METHOD AND SYSTEM OF SEARCHING ACCOUNTS BY ARRANGING PHONE NUMBERS

    The present invention discloses a method and system of searching accounts by arranging phone numbers. An individual user table is set up in a general user database and the individual user table includes predetermined phone numbers and predetermined accounts. In addition, each predetermined phone number has at least one corresponding predetermined account. The system will search and show the corresponding predetermined account or the corresponding predetermined phone number after a phone number or an account is input.

  • SYSTEM FOR CAPTURING, STORING, AND RETRIEVING REAL-TIME AUDIO-VIDEO MULTI-WAY FACE-TO-FACE INTERACTIONS

    System associated with two or more remote users including but not limited to, patients, caregivers and medical professionals to interact face-to-face in real-time using audio and video streams, wherein each user is connected to the server system through a computer network, the system comprises a remote user interface connected with a centralized one-integrated system comprises hardware and software framework combination of central server and web browser, which allows to capture standardized data, records, content of the patient entered information and transactional activity relating this patient; stores the information captured into an integrated (EMR) module, and allows the extraction of stored information as desired and appropriate for the seeker of the information in order to be compliant with regulations, the authorized users may choose to capture video stream and record audio during the real-time interactions. The captured audio-video streams may be stored after indexing for intelligent search and retrieval.

  • METHOD AND APPARATUS FOR CUSTOMER/PASSENGER WAYFINDING USING BOARDING PASS BARCODE SCANNING CAPABILITIES ON LOW-COST DISPLAY DEVICES

    A low-cost display unit that displays wayfinding information to a traveler in a public travel-related area is disclosed and may include a communication interface that facilitates receiving of travel-related information, a machine-readable marking reader that determines the presence of a travel document having one or more machine readable markings, scans the one or more machine-readable markings, and decodes the scanned one or more machine-readable markings, wherein the one or more machine-readable markings contain encoded traveled-related information pertaining to the traveler; and a display control unit that receives the decoded one or more machine-readable marking, determines the traveler's destination in the public travel-related area from the decoded one or more machine-readable markings, determines the path that the traveler should travel to reach the destination, and displays the determined path to the traveler on the low-cost display unit.

  • USING 3D TECHNOLOGY TO PROVIDE MULTIPLE PERSPECTIVES IN SHOWS AND MOVIES

    A system and method that uses 3D technology to provide multiple character viewpoints in shows and movies. An image source module provides multiple series of images. A processor module connected to the image source module receives the multiple series of images provided by the image source module to create multiple series of images each representing a different character's viewpoint. A single display module connected to the processor module to display the multiple series of images representing different character's viewpoints. A viewer restricted to viewing a single series of images representing one character's viewpoint from the multiple series of images displayed by the single display module.

  • SYSTEMS AND METHODS FOR CARDS AND DEVICES OPERABLE TO COMMUNICATE VIA LIGHT PULSING

    A card is provided with a light sensor operable to receive information via light emitted from a display screen or another source of light. Accordingly, a mobile telephonic device or portable computer (e.g., tablet computer) may communicate information to a card via light pulses. Information communicated via light may include, for example, points balances, credit balances, debit balances, transaction history, software updates, coupons, promotions, advertisements or any other type of information.

  • SYSTEMS AND METHODS FOR CARDS AND DEVICES OPERABLE TO COMMUNICATE TO TOUCH SENSITIVE DISPLAYS

    A card is provided with a touch transmitter operable to electrically communicate touch signals to a touch-sensitive screen such as a capacitive touch sensitive screen. In doing so, for example, a card may directly communicate with a mobile telephonic device or portable computer (e.g., a tablet computer).

  • METHOD AND APPARATUS FOR PROVIDING NETWORK SECURITY USING SECURITY LABELING

    A method and apparatus for providing network security using security labeling is disclosed. The method includes comparing first security level information and second security level information, and indicating processing to be performed on the packet based on the comparing. The first security level information is stored in a security label of a packet received at a network node, while the second security level information is stored at the network node.

  • System or method to assist and automate an information security classification and marking process for government and non-government organizations for information of an electronic document

    A software engine runs in a compatible mode with offthe-shelf word processors, e-mail programs and presentation development software and other document development software. The software engine is used for the security classification of sensitive or national security classified information in electronic and resultant hard copy document formats. The software engine ensures that the individual considers all informational portions of a document, that appropriate document marks are employed, that document marks in their electronic format are persistent and that all necessary information, such as classification guides, standards and security regulations, provided by the organization to classify information is at hand and immediately available. In addition to the document sensitivity or classification determination and marking support, the software engine tracks and controls documents and the electronic media storing documents. It also provides warnings and alarms, ad hoc document security analysis and reporting capability to system security administrators with respect to document or network events or captured information that may be indicative of risk to the information requiring protection. The software also provides the ability for an organization to centrally establish and control a security classification or sensitivity marking hierarchy for automated security classification support.

  • Method for issuing IC card storing encryption key information

    It is possible to issue an IC card storing unique encryption key information in such a manner that re-issuing is enabled and sufficient security can be assured. An IC card provider X delivers an IC card having a group code G(A) to a company A and an IC card having a group code G(B) to a company B. When a company staff .alpha. inputs a unique personal code P(.alpha.) and performs initialization, in the IC card, calculation is performed according to a predetermined algorithm using the P(.alpha.) and G(A). Data uniquely determined by the calculation is stored as encryption key information K(.alpha.) in the IC card. Even if the company staff .alpha. loses the IC card, it is possible to obtain the IC card having the same encryption key information K(.alpha.) as before by performing initialization again by using the IC card delivered by the IC card provider X.

  • System and method for securing a credential via user and server verification

    Systems and methods for securing a credential generated by or stored in an authentication token during an attempt to access a service, application, or resource are provided. A secure processor receives a credential from an authentication token and securely stores the credential. The secure processor then verifies the identity of the individual attempting to use the authentication token and cryptographically verifies the identity of the server being accessed. The credential is only released for transmission to the server if both the identity of the individual and the identity of the server are successfully verified. Alternatively, a secure connection is established between the secure processor and the server being accessed and a secure connection is established between the secure processor and a computing device. The establishment of the secure connections verifies the identity of the server. After the secure connections are established, the identity of the user is verified.

  • Security policy generation

    The invention provides security policy generation methods and devices for generating a security policy that is set up for an information processing apparatus comprises a step of generating an application model having a transmitter and a receiver of a message decided, for each of a plurality of messages that are communicated, a step of storing in advance a plurality of security patterns with a signer of electronic signature appended to the message as an undecided parameter, a step of selecting a security pattern that is a model of security policy to be set up for the transmitter or receiver of the message, corresponding to each of the plurality of messages included in the application model, and a step of substituting the identification information of the transmitter or receiver of each message included in the application model for the undecided parameter of the security pattern selected corresponding to the message.

  • Password input device, computer security system using the same and method thereof

    A password input device includes a detection module, a recognition module, and an output module. The detection module is configured for detecting angular velocities and accelerations of hand movement. The recognition module includes a conversion unit, a character database, and an indexing unit. The conversion unit is configured for converting the detected angular velocities and accelerations, in analog format, into usable data. The indexing unit is configured for seeking a character corresponding to user input in the character database according to the usable data, and outputting the corresponding character. The output module is configured for receiving the corresponding characters from the indexing unit and determining the password.

  • Method and system for securing user identities and creating virtual users to enhance privacy on a communication network

    A method of enabling a real entity to access a service on a communication network using a virtual entity, the method including the steps of establishing a user account including at least first data corresponding to the identity of the real entity and second data corresponding to the virtual entity and not identifying the real entity, storing the first and second data in a first database, linking between the first and second data in the first database, storing the second data at a second database, associating the second database with a communication network site, connecting the communication network site to the communication network, receiving the second data from an unidentified user on the communication network site, identifying the unidentified user as the virtual entity based on receiving the second data, and allowing the virtual entity to access the service.

  • Electronic data authenticity assurance method and program

    The present invention provides an electronic document authenticity assuring method in which a series of procedures concerning redactable signature are divided into procedures dependent on a document to be signed and procedures dependent on a redactable signature method. Further, the present invention provides program codes that realize the divided procedures and a system comprising apparatuses for implementing those program codes. According to the present invention, even when type of electronic document to be signed is changed or added to, it is sufficient to add a procedure dependent on a document to be signed, without changing procedures dependent on redactable signature methods. Similarly, even when a redactable signature method is to be changed or added, it is sufficient to add a procedure dependent on the redactable signature method without changing procedures dependent on document to be signed.

  • Method and system for controlling a security system using near field communication

    A security system control system using a host object with a near field communication device and a target object with a near field communication device. The target object broadcasts a carrier signal to the host object. Using the near field communication device, the host object modulated identification information on the carrier signal and broadcasts the modulated signal. The target object demodulates the signal to determine if a user associated with the identification information is authorized to perform the intended control function. The target object determines the intended control function based upon a detection criterion. The target object causes the intended control function to be performed if the associated user is authorized to control the intended control function such as to arm or disarm the security system. The identification information can expired after a predetermined period of time. The target object updates the identification information after expiration.

  • Security system with call management functionality

    A security system with call management functionality is disclosed and includes a security controller having at least one first interface to at least one user identification device and a second interface to a call management controller. The security controller also includes logic to determine a security status of a user based on identification information received from the at least one user identification device and to communicate the security status of the user to the call management controller, where the call management controller enables, disables, or modifies a communication service based on the security status of the user.

  • Identity providers in digital identity system

    A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.

  • Identity providers in digital identity system

    A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.

  • ELECTRONIC LABELING SYSTEM

    An electronic labeling system is disclosed. The system uses identification and tracking information to provide security control over the merchandise, to issue pricing updates to the labels, to generate targeted marketing campaigns, and/or to perform various reporting functions

  • Providing Information to a Security Application

    A method and apparatus for providing information to a security application at a client device. A server receives a request from the client device for information of an object at the client device. The request includes the signature information required by the server to identify the object. The server queries a database to determine the required information of the object and to determine information of at least one further object, and a response is sent to the client device. The response includes the information relating to the object, an identity of the at least one further object, and the information relating to the at least one further object.

  • MOBILE TERMINAL AND INFORMATION SECURITY SETTING METHOD THEREOF

    An information security method for a mobile terminal is presented. The method includes setting security information for a content associated with a first user, uploading the content to a Social Network Service (SNS) site, and uploading the security information to the SNS site to permit the SNS site to register the security information in order to display the content according to the security information when the content is accessed by a second user via the SNS site.

  • Method and System for Utilizing Depth Information for Providing Security Monitoring

    A monoscopic three-dimensional (3D) video generation device, which comprises one or more image sensors and one or more depth sensors, may be operable to capture a plurality of 2D video image frames of a scene via the one or more image sensors. The monoscopic 3D video generation device may concurrently capture corresponding depth information for the captured plurality of 2D video image frames, via the one or more depth sensors in the monoscopic 3D video generation device. The monoscopic 3D video generation device may be operable to analyze the captured plurality of 2D video image frames, based on the captured corresponding depth information, to provide security screening of one or more objects within the captured plurality of 2D video image frames. The security screening may comprise identifying, monitoring, and/or tracking of the one or more objects within the captured plurality of 2D video image frames.

  • DYNAMICALLY UPDATED SECURE HANDLING OF DOCUMENTS CONTAINING RESTRICTED INFORMATION

    A method, system and computer program product for processing documents containing restricted information. One aspect concerns updating the relevantinformation security rules applicable to the documents.

  • METHOD FOR VIRTUALIZING A PERSONAL WORKING ENVIRONMENT AND DEVICE FOR THE SAME

    The present invention is directed to a method for virtualizing a personal working environment and a device for the same, relating to the information security field. The method comprises the steps of: installing a Virtual Machine (VM) environment on a device; upon virtualizing the personal working environment, connecting the device to a host, loading the VM environment into the host; and responding to a user operation and saving data of the user operation to the device by the VM environment. The device comprises a communication interface module, a VM environment storage module, and a control module. The present invention provides a means for secure and convenient mobile work.

  • MODULAR GAMING MACHINE AND SECURITY SYSTEM

    A modularized gaming machine operable to receive wagers on a play of a game of chance is described. The modularized gaming machine may include a base gaming module that can operate independently or can be coupled to additional gaming modules. In one embodiment, the base gaming module may include a security monitoring system operable to determine a security configuration including error conditions that depends on features of gaming modules coupled to the base gaming module. In another embodiment, the security monitoring system may be operable to monitor a fixed security configuration that is independent of the configuration of the modularized gaming machine. The fixed security configuration may anticipate input from security devices that are unconnected in a particular configuration of the modularized gaming machine. In these instances, a signal mechanism may provide information to the security monitoring system to ensure a non-error condition for unconnected security devices.

  • WIRELESS LOCAL AREA NETWORK TERMINAL PRE-AUTHENTICATION METHOD AND WIRELESS LOCAL AREA NETWORK SYSTEM

    A method for pre-authenticating a wireless local area network terminal and a wireless local area network system. The pre-authentication method includes after a current access point (AP) which has set up security association with a station (STA) receiving a pre-authentication start packet sent by the STA, the current AP interacting with a destination AP to verify certificates of the current AP and the destination AP for each other. If a certificate of the destination AP is verified to be valid, the current AP sending key information of the security association set up with the STA by the current AP to the destination AP, and the destination AP saving the key information, the key information including a basic key generated by negotiation between the STA and the current AP.

  • INFORMATION SECURITY TRANSMISSION SYSTEM

    Provided herein is an information security transmission system, comprising a first information equipment and a second information equipment, wherein the first information equipment can obtain at least one certification data, connecting to the second information equipment through a network for processing an information transmission, accordingly, a key pair used for encryption/decryption can be obtained through the certificate authority or that can be obtained without the certificate authority selectively, such that the information transmission security channel can be established and the data transmission security can be ensured. The first information equipment and the second information equipment respectively comprises a first dynamic codec and a second dynamic codec for processing a coding/decoding process depending on a dynamic code book, furthermore, an automatic error detecting mechanism and an error correcting mechanism can be associated for ensuring the data transmission security and the data correction especially at one time transmission.

  • METHOD AND SYSTEM FOR SECURE CONTENT DISTRIBUTION BY A BROADBAND GATEWAY

    A broadband gateway, which enables communication with a plurality of devices, handles at least one physical layer connection to at least one corresponding network access service provider. Security boundaries such as conditional access (CA) and/or digital right management (DRM) boundaries associated with the broadband gateway are identified based on security profiles associated with the plurality of devices and/or a service from networks. The identified security boundaries are utilized to determine or negotiate CA information for content access for the service. The received content may be distributed according to the determined CA information and the security profiles of the corresponding devices. The broadband gateway may be automatically and dynamically configured based on the identified security boundaries to secure content distribution to the devices. Content distribution security schemes, for example, super encryption, simul-crypt, IPSec and/or watermarking, may be selected by matching the CA information with corresponding device security profiles.

  • TOKEN BASED NEW DIGITAL CASH PROTOCOLS

    Digital cash token protocols employ two pairs of private and public keys. Each public key is certified separately and the protocols do not use any blind signature schemes. As a result, the digital cash token protocols provide strong protection of user privacy by using two certified public keys instead of a blind signature. One pair of certified keys consists of one master user private key and one master user public key. A second pair of certified keys consists of one pseudonym user private key and one pseudonym user public key. The use of a master key pair and a pseudonym key pair circumvents the need for blind signatures. As a result, the proposed protocols do not require blind signatures and do not add additional overhead and security requirements necessitated by conventional blind signature schemes. The protocols use public key protocols and digital signatures and symmetric key protocols, which may be readily implemented in standard information security based systems based on cryptographic constructs. In addition, the protocols may be deployed in mobile, off-line, and on-line settings.

  • METHOD OF MULTI-TERMINAL CONNECTION TRAVERSING NAT WITHOUT THIRD PARTY INTERFACING

    A method of multi-terminal connection traversing a network address translation (NAT) without third party interfacing is provided, which is applicable to existing network communication protocols. The method is mainly used to realize connection of a user end having a NAT or a firewall with a third party, and enable the user end to form direct network interconnection with other user ends through a multi-terminal network connection system without additionally opening a network connection port for the NAT or firewall. Moreover, the method enables a user of the user end to additionally load Internet application programs, such as Voice over Internet Protocol (VoIP) and video conference, on the multi-terminal network connection system based on demands of the user or for work. In addition, the user end may realize direct network interconnection through a checking mechanism of the NAT Internet protocol, so as to avoid information security vulnerability caused by exceptional opening of the network connection port for network connection, and the network connection is implemented without third party or proxy server interfacing. Therefore, the security of network connection between user ends is enhanced and the occurrence of information vulnerability is reduced.

  • System for Storage of Articles in a Secured Area

    A storage system includes storage units for securely retaining articles therein. The storage system includes an electronic user identification system to insure that the individual storing articles therein is the same individual removing the articles there from. The user identification system also compares the user identification information with database information to determine if the user is permitted to use the storage unit or not. The storage system provides such information to security personnel so that improper use of the storage system can be identified and appropriate action taken.

  • Time-Key Hopping

    In certain embodiments, a first network device stores a security key associated with a second network device. The first network device computes accessinformation according to the security key and a time value. The access information may be a network address or a port/socket. The first network device sends a packet to the second network device using the access information. The first network device then computes next access information according to the security key and a next time value and sends a packet to the second network device using the next access information.

  • Working Method for Information Security Device with CF Interface and Working System Thereof

    A working method for information security device with CF interface and working system thereof are disclosed in the invention. The method includes that the card reading apparatus sends instruction to the information security device with CF interface, and the information security device with CF interface determines the object being operated by the instruction, if the object is flash module in the information security device with CF interface, the information security device with CF interface operates the flash module as normal, or else if the object is information security chip of the information security device with CF interface, the information security device with CF interface performs information security operation on the information security chip; or the card reading apparatus determines whether the object being operated by the instruction is a storage device or an information security device, if the object is storage device, the card reading apparatus operates the flash module of the information security device with CF interface as normal, otherwise the card reading apparatus performs information security operation on the information security chip of the information security device with CF interface.

  • SCALABLE AND FLEXIBLE INFORMATION SECURITY FOR INDUSTRIAL AUTOMATION

    A security system that relates to industrial automation security comprises a component that receives a request to modify security relating to a zone of a factory floor, the zone being less than an entirety of the factory floor. A zonal security component generates security procedures for the zone, the security procedures differ from security procedures implemented on the factory floor outside the zone.

  • LOCATING DOCUMENTS FOR PROVIDING DATA LEAKAGE PREVENTION WITHIN AN INFORMATION SECURITYMANAGEMENT SYSTEM

    A method for locating documents has a step of, on each entity of the plurality of document-storing entities, calculating a respective fingerprint for each document of the documents stored on the entity, a step of transferring the calculated fingerprints by the entities to a data localization server having a fingerprint database for storing the transferred fingerprints, and a step of, at the data localization server, locating copies of a specimen document by calculating a fingerprint of the specimen document and comparing the calculated fingerprint of the specimen document with the fingerprints stored in the fingerprint database.

  • METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR ASSESSING INFORMATION SECURITY

    Methods and systems to assess information security based on based on a combination of user-responses to computer-selected queries and results of a testing/diagnostic application. Users may be interviewed based on areas of expertise. Information security assessment may be performed with respect to domains of an enterprise, the results of which may be rolled-up to assess information security across the enterprise. A system may include application-specific questions and vulnerabilities, industry specific questions and vulnerabilities, a repository of expert knowledge, and/or working aids. A system may include an inference engine, which may include a logic-based inference engine, a knowledge-based inference engine, and/or an artificial intelligence inference engine. A system may include an application-specific tool to configure the system to assess security of information handled by a third party application program.

  • TAMPERING MONITORING SYSTEM, CONTROL DEVICE, AND TAMPERING CONTROL METHOD

    Provided is a tampering monitoring system that can identify a monitoring module that has been tampered with among a plurality of monitoring modules. A management apparatus is provided with an acquisition unit that acquires a new monitoring module that has not been tampered with, a generation unit that generates a decoy monitoring module by modifying the acquired monitoring module, a transmission unit that transmits the decoy monitoring module to the information security device and causes the information security device to install the decoy monitoring module therein, a reception unit that receives from the information security device, after the decoy monitoring module has been installed, monitoring results generated by the monitoring modules monitoring other monitoring modules, and a determination unit that identifies, by referring to the received monitoring results, a monitoring module that determines the decoy monitoring module to be valid and determines the identified monitoring module to be invalid.

  • ANTI-IDENTITY THEFT AND INFORMATION SECURITY SYSTEM PROCESS

    The anti-identity theft and information security system process includes storing secure information in association with an electronic device having a communication circuit for sending and receiving data. Biometric information is read with a scanner so that the identity of a user can be authenticating in connection with the supplied biometric information. Once approved, a data communication line is established with a remote device and access to the secure information is unlocked. Thereafter, the secure information may be transmitted between the electronic device and the remote device.

  • VERIFICATION METHOD AND SYSTEM THEREOF

    The invention discloses an authenticating method and a system thereof, which relates to information security field and solves the problem that the user information is not safe in transaction process. The embodiment of the invention comprises that the server side receives user data information and a first dynamic password sent from the user side; the server side generates the first authenticating dynamic password according to the user data information; server side verifies the first dynamic password according to the first authenticating dynamic password and generates the second authenticating dynamic password after successful verification; the server side sends the second authenticating dynamic or the first password to the user side; the server side executes the transaction data in the user data information or permits the user to log on after using a third authenticating dynamic password generated by the server side to verify the user data information or the third dynamic password sent from the user side successfully. The invention enhances the safety of transaction for the user and prevents the user from loss caused by logging on phishing website by the user.

  • METHOD FOR GENERATING DOCUMENTS HAVING STORED ELECTROSTATIC PATTERN INFORMATION

    A method for generating documents having stored electrostatic pattern information provides security with respect to the authenticity of documents. A liquid medium including a plurality of electrostatic monopoles is applied to the surface of a document, which embeds a permanent electrostatic pattern in the document. The pattern is then readable by an electrostatic scanner. The monopoles may be associated with differing colors, including black and white, may be transparent or have a neutral color. The patterns may embed data, certificates or shapes. The monopoles may provide a watermark or visible image. The apparatus may be a pen or printer, and may include multiple selectable vessels containing ink and/or electrostatic liquid medium of one or both charge states. Visible features of the document can be compared with the detected pattern, or the pattern may be compared to a database or decrypted with a key.

  • COMPUTER SYSTEM AND ITS CONTROL METHOD

    A computer system and its control method capable of allocating resources to a plurality of users in a balanced manner and ensuring information security between the users even when the plurality of users are made to extensively manage a storage system are provided. The storage system includes: a plurality of resource groups defined by grouping of a plurality of resources; a storage area for storing management information of the plurality of resource groups and association information between the plurality of resources and the plurality of resource groups; and a plurality of user groups defined by grouping of the plurality of users, each of the user groups being allocated to at least one of the plurality of resource groups; wherein based on login of at least one user from among the plurality of users, a management device has the storage system execute operation permitted by an authority granted to the user group, to which the relevant user belongs, on the resource group allocated to the user group.

  • ANTI-IDENTITY THEFT AND INFORMATION SECURITY SYSTEM PROCESS

    The anti-identity theft and information security system process includes storing secure information in association with an electronic device having a communication circuit for sending and receiving data. Biometric information is read with a scanner so that the identity of a user can be authenticating in connection with the supplied biometric information. Once approved, a data communication line is established with a remote device and access to the secure information is unlocked. Thereafter, the secure information may be transmitted between the electronic device and the remote device.

  • Dual Cryptographic Keying

    A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.

  • APPARATUS AND METHOD FOR RECOGNIZING SECURITY SITUATION AND GENERATING SITUATION INFORMATION BASED ON SPATIAL LINKAGE OF PHYSICAL AND IT SECURITY

    An apparatus for recognizing security situation and generating situation information based on spatial linkage of physical and IT security, the apparatus includes: a security event collection unit for mapping, when a security event is detected from a security device, unique information of the security device to a location or an object in a real space, and collecting correlated security events based on the mapped information; a securitysituation awareness unit for determining a type of a security situation and a degree of threat based on the correlated security events; and a situation information generation unit for analyzing a correlation between the correlated security events and the security event to generate security situation information.

  • Mechanized Playing Card Dealing Shoe with Automatic Jam Recovery

    A distinct dealing shoe having no shuffling functionality receives a shuffled, randomized or ordered group of cards. The cards may be mechanically moved one at a time from a receiving area for the deck to a buffer area where more than one card is temporarily stored. The cards in the buffer area are then mechanically moved to a card delivery area where the cards may be manually removed, one at a time, by a dealer. The cards are read one at a time inside of the dealing shoe, either before the buffer area or after leaving the buffer area, but preferably before the cards are being manually removed from a card delivery area. Information from the card reading may be used for game tracking, hand tracking, player information, and other security issues at casino table card games.

  • Fraud Detection

    In some embodiments, techniques for information security include receiving information related to an authentication credential, wherein the information is related to a failed authentication attempt; determining whether the authentication credential is related to a valid account; and performing a security measure related to the valid account, if it is determined that the authentication credential is related to the valid account. In some embodiments, techniques for information security include Determining that an authentication attempt has failed, applying a privacy-performing transformation such as a cryptographic hash or encryption to an authentication credential, and distributing the privacy-preserved credential. In some embodiments, techniques for information security include receiving and redistributing a privacy-preserved authentication credential.

  • SYSTEMS AND METHODS FOR IDENTIFYING AND MITIGATING INFORMATION SECURITY RISKS

    Methods and systems for Sustained Testing and Awareness Refresh against Phishing threats (STAR*Phish.TM.) are disclosed. In an embodiment, a method assigns schemes and unique identifiers to target e-mail addresses associated with a user accounts. The method delivers e-mail messages to the targeted e-mail addresses, the e-mail messages comprising an HTTP request and a unique identifier associated with each of the user accounts. The method then receives, at a Phishing Metric Tool (PMT), a response including the unique identifier. The PMT logs training requirements for the user accounts, tracks response metrics for the training requirements, and redirects the respective HTTP requests to a phishing training tool (PTT). The PTT sends a notification of the user account identities and the unique identifiers to the PMT and returns a status for the training requirements for the user accounts. Upon completion of the training, the PMT sends completion notifications for the user accounts.

  • METHOD AND APPARATUS FOR CREATING AN INFORMATION SECURITY POLICY BASED ON A PRE-CONFIGURED TEMPLATE

    A method and apparatus for creating a policy based on a pre-configured template is described. In one embodiment, source data having a tabular structure is identified. Further, one of multiple policy templates is used to automatically create a policy for detecting information from any one or more rows within the tabular structure of the source data.

  • INFORMATION SECURITY SYSTEMS AND METHODS

    Systems and methods for governing derived electronic resources are provided. In one embodiment, a digital resource is associated with one or more rules and a set of one or more computations, wherein the rules correspond to one or more conditions for accessing the digital resource and the computations operate upon the digital resource in order to provide a specific view of the digital resource that differs from the digital resource.

  • COMPUTER NETWORK INTRUSION DETECTION

    A method and system of identifying an attacker device attempting an intrusion into a network. At least one managed device of the network detects an incoming TCP/IP connection by the attacker device to the network. It is determined that the incoming TCP/IP connection is a Net BIOS connection that has created an invalid logon by the attacker device, linking the invalid logon with the NetBIOS TCP/IP connection, retrieving event loginformation from a security event log of the network, and determining (i) that a userid of the invalid logon is a local userid defined on a local device, (ii) that the userid of the invalid logon is a userid in a list of userids used by viruses, or (iii) that the userid of the invalid logon is neither the local userid nor is in the list of userids. The retrieved event log information is stored in a central violation database.

  • METHOD FOR OPERATING AN E-PURSE

    The invention discloses a method for operating an e-purse, relating to the information security field. The method includes that a CPU card enters into a contactless induction area of a terminal, is powered up and initialized, receives an operation initializing instruction from the terminal, reads and stores data comprising transaction amount in the operation initializing instruction, and performs the related operation. The operation initializing instruction is a complex loading initializing instruction or a purchase initializing instruction. The data comprises transaction amount.

  • DEVICE AND METHOD FOR AUTOMATIC DRIVER INSTALLATION

    Provided are a device and method for automatic driver installation. The device comprises: a remoter server, a client host and an information security device. The remote server stores driver and interface protocol program downloading service for the client host. The client host is in communication connection with the remote server, receives data information inputted by the information security device, and downloads the driver or interface protocol program from the remote server according to the data information and install or load the driver or interface protocol program. The information security device is in communication connection with the client host and feedbacks data information according to instruction issued by the client host. The present scheme can effectively reduce the number of times user account control (UAC) window pops up and ensure operating system security while installing and deploying middleware, thus simplifying user operation.

  • System and Method for Reducing Security Risk in Computer Network

    Disclosed are systems, methods and computer program products for reducing security risk in a computer network. The system includes an administration server that collect information about one or more computers in the network, including the following information: computer user's external drive usage history, software installation history, and Web browsing history. The server calculates based on the collected information a security rating of the computer user. The server then adjust a security rating of the computer user based on the security rating of at least one other user of another computer connected to the same computer network. The server then selects security policy of the security software based on the adjusted security rating of the computer user. Different security policies provide different network security settings and prohibitions on launching of executable files from external drives.

  • METHOD FOR INSERTING CODE INTO .NET PROGRAMS AND APPARATUS THEREFOR

    The present invention discloses a method for inserting code into .Net program and an apparatus therefor, relating to the field of information security. The method comprises the steps of: writing information of code to be inserted to import table of a .Net executable file; adding address of the code to be inserted to import address table (IAT) of the .Net executable file to form a new import address table; change offset address of entry point of the .Net executable file to address of the new IAT; and change flag in header of metadata table of the .Net executable file to enable the .Net executable file to meet certification requirements when being executed. The apparatus comprises a writing module, a forming module, and a modification module. The method and apparatus provided by the present invention implement code insertion into .Net executable file without the dependency on assembly and disassembly tools and are easy to use. The problems of low efficiency, poor stability, and poor compatibility in inserting code into .Net executable file can be solved by the present invention.

  • Communications system having security apparatus, security apparatus and method herefor

    The present invention relates to a communications system having at least one communications means by means of which the communications system can be connected to at least one further processing unit and/or to a further communications system, having at least one first memory means, having at least one second memory means and having at least one security apparatus, wherein identical information is stored on the first and second memory means and wherein damage to the communications system can be determined with reference to a comparison of this information by means of the security apparatus. The present invention furthermore relates to a security apparatus and to a method of determining damage to a communications system.

  • Method And System For A Digital Diary System

    A wireless communication device may generate an interactive digital diary for one or more users. The device may handle location information, multimedia data, transactions and/or secure communications via a plurality of technologies. Digital diary information may be stored internally or externally, it may be searchable and/or may comprise moving images, still images, audio, text, geographic location, entity information, time, date, transactions, financial information, consumer information, security information, user input, communications, user contacts, software applications, user profiles, scheduled events, prompts and/or reminders. The digital diary may comprise an interactive user interface which may have mapping capability and may provide link access to digital diary information and/or associated entities. User input methods may comprise screen touch, pressure sensor, key entry and/or voice. Information may be captured via a camera, microphone, geo-location data receiver, transaction write/reader, digital clock, digital calendar, key entry and/or tactile sensor.

  • SERVICE MASHUP METHOD IMPLEMENTED THROUGH DYNAMIC COOPERATION OF CLIENT AND SERVER, SERVER AND CLIENT

    Embodiments of the present invention disclose a service Mashup method implemented through dynamic cooperation of a client and a server, which includes: the server creates a Mashup application logic; the server binds a third-party service according to the Mashup application logic, and negotiates with the client to determine a specific bound service according to the local service bound by the client and the third-party service bound by the server; the server generates a service logic process according to the specific bound service and the Mashup application logic, and executes the service logic process in parallel with the client. Further, a Mashup server and a Mashup client are provided. The embodiments can improve the user experience of a Mashup service, simplify creation of a Mashup application, balance the processing capabilities of the client and the processing capabilities of the server, and properly ensure personal information security of a user.

  • VIRTUAL ACCOUNT BASED NEW DIGITAL CASH PROTOCOLS

    Virtual account based digital cash protocols employ two pairs of private and public keys. Each public key is certified separately and the protocols do not use any blind signature schemes. As a result, the virtual account based digital cash protocols provide strong protection of the user privacy by using two certified public keys instead of a blind signature. One pair of certified keys consists of one master user private key and one master user public key. A second pair of certified keys consists of one pseudonym user private key and one pseudonym user public key. The use of a master key pair and a pseudonym key pair circumvents the need for blind signatures. As a result, the proposed protocols do not require blind signatures and do not add additional overhead and security requirements necessitated by conventional blind signature schemes. The protocols use public key protocols, digital signatures and symmetric key protocols, which may be readily implemented in standard information security based systems based on cryptographic constructs. In addition, the protocols may be deployed in mobile, off-line, and on-line settings

  • VIRTUAL ACCOUNT BASED NEW DIGITAL CASH PROTOCOLS

    Virtual account based digital cash protocols employ two pairs of private and public keys. Each public key is certified separately and the protocols do not use any blind signature schemes. As a result, the virtual account based digital cash protocols provide strong protection of the user privacy by using two certified public keys instead of a blind signature. One pair of certified keys consists of one master user private key and one master user public key. A second pair of certified keys consists of one pseudonym user private key and one pseudonym user public key. The use of a master key pair and a pseudonym key pair circumvents the need for blind signatures. As a result, the proposed protocols do not require blind signatures and do not add additional overhead and security requirements necessitated by conventional blind signature schemes. The protocols use public key protocols, digital signatures and symmetric key protocols, which may be readily implemented in standard information security based systems based on cryptographic constructs. In addition, the protocols may be deployed in mobile, off-line, and on-line settings.

  • Permissions Based on Behavioral Patterns

    Users may choose to have their behavior analyzed in order to infer default sharing permission settings for documents and other information maintained in one or more computer systems. This may increase information security for the users and streamline implementation of privacy and/or sharing permissions. The default sharing permissions are implemented by a computer system as soft permissions that may be used to determine which documents are to be shared with which recipients. The soft permissions may address sharing situations for which a user has not expressly indicated his or her sharing rules. The soft permissions may change over time in response to changing user behavior and/or the soft permissions may be revised in light of user feedback.

  • Near Field Communication Apparatus and Method for Supporting Security Modules

    The present disclosure provides a terminal comprising: a socket configured to receive a security module; an NFC (Near Field Communication) unit configured to communicate with an external reader or another terminal; and a protocol identifying unit configured to supply a voltage to the security module and to identify whether the security module supports a first protocol by transmitting a signal for using the first protocol through a first contact of the security module and receiving from the security module a first information associated with a protocol supported by the security module, wherein the terminal additionally receives a second information associated with the protocol supported by the security module through a second contact of the security module, and wherein the NFC unit receives a information from the security module through the first contact based on the first protocol identified by the protocol identifying unit, and transmits the received information to the external reader or another terminal.

  • Near Field Communication Apparatus and Method for Supporting Security Modules

    The present disclosure provides a terminal comprising: a socket configured to receive a security module; an NFC (Near Field Communication) unit configured to communicate with an external reader or another terminal; and a protocol identifying unit configured to supply a voltage to the security module and to identify whether the security module supports a first protocol by transmitting a signal for using the first protocol through a first contact of the security module and receiving from the security module a first information associated with a protocol supported by the security module, wherein the terminal additionally receives a second information associated with the protocol supported by the security module through a second contact of the security module, and wherein the NFC unit receives a information from the security module through the first contact based on the first protocol identified by the protocol identifying unit, and transmits the received information to the external reader or another terminal.

  • DIGITAL KEY FEATURING ENCRYPTION AND WEB GUIDE

    The present invention targets at providing a digital key featuring encryption and web guide. When users electrically connect the digital key to a computer, the computer can automatically execute to activate a browser program and automatically key in (simultaneously read) a specific web address and specific log-on data without users' operation so as to prevent the attack tricks of unscrupulous persons from stealing information at user end and secure digital information security at user end. Additionally, users don't need to memorize specific log-on data and won't forget or lose log-on information, thereby rendering sufficient convenience.

  • DIGITAL KEY FEATURING ENCRYPTION AND WEB GUIDE

    The present invention targets at providing a digital key featuring encryption and web guide. When users electrically connect the digital key to a computer, the computer can automatically execute to activate a browser program and automatically key in (simultaneously read) a specific web address and specific log-on data without users' operation so as to prevent the attack tricks of unscrupulous persons from stealing information at user end and secure digital information security at user end. Additionally, users don't need to memorize specific log-on data and won't forget or lose log-on information, thereby rendering sufficient convenience.

  • SECURITY CONTROL APPARATUS, TRACK SECURITY APPARATUS, AUTONOMOUS MOBILE ROBOT APPARATUS, AND SECURITY CONTROL SERVICE SYSTEM AND METHOD

    A security control service system includes: a track security apparatus for traveling along a track installed in a place to be secured, and obtaining and transmitting security information to a security control apparatus; an autonomous mobile robot apparatus for traveling along the track together with the track security apparatus or freely traveling in the place to be secured, and obtaining and transmitting security information to the securitycontrol apparatus; and the security control apparatus for transmitting a control command for security control to the track security apparatus or the autonomous mobile robot apparatus after analyzing the security information.

  • VERIFICATION METHOD AND SYSTEM THEREOF

    The invention discloses an authenticating method and a system thereof, which relates to information security field and solves the problem that the user information is not safe in transaction process. The embodiment of the invention comprises that the server side receives user data information and a first dynamic password sent from the user side; the server side generates the first authenticating dynamic password according to the user data information; server side verifies the first dynamic password according to the first authenticating dynamic password and generates the second authenticating dynamic password after successful verification; the server side sends the second authenticating dynamic or the first password to the user side; the server side executes the transaction data in the user data information or permits the user to log on after using a third authenticating dynamic password generated by the server side to verify the user data information or the third dynamic password sent from the user side successfully. The invention enhances the safety of transaction for the user and prevents the user from loss caused by logging on phishing website by the user.

  • SECURITY MANAGEMENT SYSTEM AND METHOD FOR LOCATION-BASED MOBILE DEVICE

    A method and a system of managing information security for a mobile device in a restricted area based on location information regarding the mobile device are provided. The method includes receiving, by the mobile device, a request for the execution of an application program in a restricted area from a server managing the restricted area, executing, by the mobile device, the application program requested for execution when the program was set to be executable according to a security policy set to the restricted area, encrypting, by the mobile device, a file, created according to the execution of the application program, based on location information regarding the mobile device, and storing the encrypted file.

  • HOSTED VULNERABILITY MANAGEMENT FOR WIRELESS DEVICES

    A method, a multi-tenant security server apparatus and associated system for securing wireless communication of devices. The method includes transferring security policy configuration information from the securityserver to wireless devices. The method also includes ascertaining compliance of wireless activity of the wireless devices with the security policy configuration using client software modules installed on the wireless devices.

  • INFORMATION SECURITY FOR PRINTING SYSTEMS

    The disclosed embodiments provide a system for managing use of a printing system. During operation, the system obtains a request for print job information associated with the printing system and/or subscription information associated with subscriptions to events in the printing system. Next, the system obtains an access control policy associated with the request. The system then filters the print job and/or subscription information based on the access control policy and responds to the request with the filtered print job and/or subscription information. As a result, the system may facilitate information security in the printing system.

  • SYSTEM AND METHODOLOGY PROVIDING AUTOMATION SECURITY ANALYSIS AND NETWORK INTRUSION PROTECTION IN AN INDUSTRIAL ENVIRONMENT

    The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order. The security learning system monitors/learns network traffic patterns during a learning phase, fires alarms or events based upon detected deviations from the learned patterns, and/or causes other automated actions to occur.

  • METHOD AND SYSTEM FOR PROVIDING TRAVEL TIME INFORMATION

    Location technologies are combined with other information systems to provide augmented information for individuals such as a traveler in an automobile.

  • INFORMATION SECURITY CONTROL SELF ASSESSMENT

    Apparatuses, computer readable media, methods, and systems are described for identifying risk assessment queries for assessing risk of a process, providing the identified risk assessment queries to a client device for presentation, receiving response data from the client device comprising responses to the risk assessment queries, determining response values for at least some of the risk assessment queries based on the received response data, and calculating a process risk metric based on the determined response values.

  • METHOD AND SYSTEM FOR MOBILE INFORMATION SECURITY PROTECTION

    A method and system for mobile information security protection are disclosed. According to an embodiment, the method comprises extracting, by a first processor, identification information corresponding to a plurality of applications installed on a mobile device, sending the extracted identification information to a server, matching, by a second processor, the identification information to information stored in a database storage, receiving matched information from the database storage as a result of matching the identification information, sending the matched information to the mobile device, and presenting the matched information to a user of the mobile device.

  • FILE PROTECTING METHOD AND A SYSTEM THEREFOR

    The invention discloses a file protecting method and a system therefor, relating to the information security field. The method includes: an application receives an instruction for opening a protected file sent by a user and invokes an upper interface of an operation system, and the upper interface sends an instruction for opening the protected file sent by a file system, and a filter driver intercepts the instruction for opening the protected file sent by the upper-layer interface to the file system, if the filter driver determines that the application is valid, it creates an image file on a virtual disk for the protected file, and returns a handler of the image file and reads or writes the protected file by the handler, which avoids a possible disclosure of plain text of the protected file in a buffer in prior art.

  • TRANSACTION AUTHENTICATION MANAGEMENT SYSTEM WITH MULTIPLE AUTHENTICATION LEVELS

    An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine the user's type and invokes a user personal profile and application profile information that pertains to the transaction. The security tool may use the user personal profile and application profile information during user authentications. The security tool determines an initial authentication level and may modify that authentication level during user-to-user transaction operations. The security tool may perform substantially continuous user authentication during transaction operations by employing learned behavior, historical knowledge, and other information that the security tool maintains in a security information store.

  • PROTECTION OF A SECURITY MODULE IN A TELECOMMUNICATION DEVICE COUPLED TO AN NFC CIRCUIT

    The invention relates to a method for protecting information contained in a security module of a telecommunication device provided with a near-field communication router, wherein the provision of information from the security module to the near-field communication router is subject to checking a signature of a routing table between ports of said router.

  • METHOD AND SYSTEM FOR MOBILE INFORMATION SECURITY PROTECTION

    A method and system for mobile information security protection are disclosed. According to an embodiment, the method comprises extracting, by a first processor, identification information corresponding to a plurality of applications installed on a mobile device, sending the extracted identification information to a server, matching, by a second processor, the identification information to information stored in a database storage, receiving matched information from the database storage as a result of matching the identification information, sending the matched information to the mobile device, and presenting the matched information to a user of the mobile device.

  • SECURITY MONITORING METHOD AND APPARATUS USING AUGMENTED REALITY

    Disclosed is a security monitoring apparatus using augmented reality, including: an integrated event collector that collects events generated in a physical security region and an information security region; a security condition information generator that generates security condition information about each object to be monitored based on the collected events; and a security condition display unit that augments and displays the security condition information about the objects to be monitored existing in the videos photographed by cameras in the videos.

  • METHOD FOR IDENTIFYING HOST OPERATING SYSTEM BY UNIVERSAL SERIAL BUS (USB) DEVICE

    A method for identifying a host operating system by a Universal Serial Bus (USB) device is disclosed, which pertains to the field of information security. The method includes: A) the USB device is powered on and initiated; B) it is determined whether the first setup packet is a first preset command, if yes, C is performed, if not, D is performed; C) it is determined whether the seventh byte of the first preset command is a second preset value, if yes, an operating system identification is set as a first preset identification, and F is performed, otherwise, E is performed; D) it is determined whether the first setup packet is a second preset command, if yes, the operating system identification is set as a second preset identification, and F is performed, otherwise, E is performed; E) information interaction with the host is performed according to a default operating system identification until the last setup packet is received, and it is determined whether the last setup packet is a third preset command, if yes, the operating system identification is set as a third preset identification, if not, the operating system identification is set as a fourth preset identification; F) information interaction with the host is performed according to the present operating system identification, and then it waits to receive the instructions issued by the host.

  • ANTI-IDENTITY THEFT AND INFORMATION SECURITY SYSTEM

    The anti-identity theft and information security system process includes storing secure information in association with an electronic device having a communication circuit for sending and receiving data. Biometric information is read with a scanner so that the identity of a user can be authenticating in connection with the supplied biometric information. Once approved, a data communication line is established with a remote device and access to the secure information is unlocked. Thereafter, the secure information may be transmitted between the electronic device and the remote device.

  • IMAGE COLLECTION BASED INFORMATION SECURITY METHOD AND SYSTEM

    An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled.

  • Cyberspace Trusted Identity (CTI) Module

    The Cyberspace Trusted Identity (CTI) module provides secure storage of a cyberspace user's personal identity information and a security infrastructure to guarantee the integrity and privacy of a cyberspace transaction. When the owner of an electronic device registers their biometric samples on the CTI module the module becomes locked and the information stored on the module can only be accessed when the device owner provides a live biometric sample, which matches the registered biometric sample. When the CTI Module is registered under a trusted third party system; a Cyberspace Identification Trust Authority (CITA) system, the module provides a secure mechanism for storing a cyberspace user's digital identity tokens and for conducting safe and reliable cyberspace transactions between two cyberspace users. The CTI Module eliminates the need to carry man-made identity tokens, or the need to remember and/or openly exchange personal identity information, when conducting a cyberspace transaction.

  • STORAGE DEVICE REPLACEMENT METHOD, AND STORAGE SUB-SYSTEM ADOPTING STORAGE DEVICE REPLACEMENT METHOD

    Based on information security rules, it is not possible to take out a failure HDD to the exterior of a facility for replacement without erasing data therefrom. According to the present storage sub-system, a slot in which failure has occurred and a slot not registered to a configuration information of a storage sub-system are used to simultaneously perform correction copy to a spare HDD and data erase of the failure HDD in parallel, so as to enable the failure HDD to be brought out to the exterior of the storage facility. Further, time required from when failure has occurred to the HDD to data recovery is shortened, so as to prevent deteriorated redundancy that may be caused by another failure occurring during data recovery and to reduce the risk of data loss.

  • SERVICE COMMUNICATION METHOD AND SYSTEM FOR ACCESS NETWORK APPARATUS

    A service communication method for an access network apparatus. The access network apparatus comprises a source terminal and a target terminal both connected to the same access switch. The method comprises: a node server, according to a request of a current service, notifying the access switch connected to both the source terminal and the target terminal to set a downlink port of the access switch, to which a data packet of the current service is directed, in an internal data packet address table thereof; the source terminal sending an uplink data packet of the current service; and after receiving the data packet, the access switch directing the data packet to the corresponding downlink port according to the setting of the internal data packet address table thereof, and transmitting the data packet to the target terminal through the downlink port. The present invention can effectively save the bandwidth and routing resources, ensure a steady and smooth transmission path, avoid delay of multimedia services, satisfy national information security requirements, and save hardware resources, thereby ensuring network transmission quality.

  • METHOD AND DEVICE FOR REALIZING REMOTE LOGIN

    The present disclosure provides a method and a device for realizing remote login. The method includes: a terminal server responding to a login request to an internal system from an end user, and recording and saving login information of the end user for logging in to the internal system; and the terminal server judging and analyzing the way the end user logs in to the internal system according to the login information and pre-configured rule, and allowing the end user to log in to and access the internal system if the analyzed result matches the pre-configured rule. The method and device allows for implementations of the SSO authentication and user bind authentication on the aspect of the data flow in the terminal server, simplifies the process of logging in to and accessing the internal system, and improves the information security of the system.

  • Security policy management using incident analysis

    A security analytics system receives incident data (from an incident management system) and security policy information (from a security policy management system). The security analytics system evaluates these data sets against one another, preferably using a rules-based analysis engine. As a result, the security analytics system determines whether a particular security policy configuration (as established by the security policy management system) needs to be (or should be) changed, e.g., to reduce the number of incidents caused by a misconfiguration, to increase its effectiveness in some manner, or the like. As a result of the evaluation, the security analytics system may cause a policy to be updated automatically, notify an administrator of the need for the change (and the recommendation), or take some other action to evolve one or more security policies being enforced by the security policy management system.

  • SAFE METHOD FOR CARD ISSUING, CARD ISSUING DEVICE AND SYSTEM

    A safe method for card issuing, a card issuing device and system, which relate to the technical field of information security and solve the problem of low efficiency in existing card issuing methods. The embodiment of the safe method for card issuing in the present invention comprises: a managing card and a card issuing device performing a check and certification for card issuing; the card issuing device sending in sequence a card operating system download command sequence to at least one user card, and instructing the at least one user card to download the card operating system according to the card operating system download command sequence; the card issuing device activating the card operation system downloaded onto the at least one user card. The embodiments of the present invention are mainly used in various solutions which require card issuing technology, such as card issuing for public transport systems, and card issuing for bank cards and access cards.

  • COMMUNICATION METHOD AND SYSTEM FOR A NOVEL NETWORK

    A communication method for a novel network is disclosed. The novel network is a network with centralized control function, which includes a main control server and a subordinate network device. The subordinate network device includes a terminal. The method includes the steps: the main control server configures the downlink communication link of the present service, and transmits packets of the present service transmitted from the source terminal to the target terminal according to the downlink communication link. The present invention can guarantee the stability and smoothness of the transmission path, avoid multimedia service delays, ensure stateinformation security requirements, and save hardware resources, thereby guaranteeing the quality of the network transmission.

  • SECURITY POLICY FLOW DOWN SYSTEM

    A system and method are provided that distill an organization's information security plan into a detailed and unambiguous security object model. The developed security object model provides a visualization of complex relationships between individual elements and levels that is usable to carry into effect the organization's information security plan. Configuration control and a verifiable level of security compliance are provided through implementation of the organization's information security plan by the developed security object model. The developed security object model is hosted on a computing platform in communication with at least the organization's network to provide information security plan compliance, configuration control and gap analysis in a usable form to the organization.

  • INFORMATION SECURITY TECHNIQUES INCLUDING DETECTION, INTERDICTION AND/OR MITIGATION OF MEMORY INJECTION ATTACKS

    Methods of detecting malicious code injected into memory of a computer system are disclosed. The memory injection detection methods may include enumerating memory regions of an address space in memory of computer system to create memory region address information. The memory region address information may be compared to loaded module address information to facilitate detection of malicious code memory injection.

  • Information Security Management

    A system and method for information security management. An anomaly in data traffic directed to a data processing environment is identified. The anomaly indicates a threat to the data processing environment. The data processing environment comprises a number of data processing systems. A threatened data processing system is identified. The threatened data processing system is one of the number of data processing systems to which the threat is directed. The threatened data processing system is isolated. The threatened data processing system is monitored after the threatened data processing system is isolated. The threatened data processing system is replicated to form a replicated data processing system.

  • SECURE TYPE STORAGE DEVICE AND INFORMATION SECURITY SYSTEM

    A secure type storage device applies to data link with a mainframe, wherein the memory module thereof includes hidden and open storage spaces, for storing encrypted data and a file allocation table, respectively; the file allocation table registering storage location and property of the encrypted data accepts external queries, but the encrypted data does not be accessed through direct link; the secure type storage device and management software of the mainframe jointly implement the authentication process, respond the requirement issued by the mainframe after the read/write authorization is produced, access the hidden storage space, and decrypt and output the encrypted data to the mainframe, or receive and encrypt external information to store in the hidden storage space; thus, through the secure type storage device, the storage details is free checked, but the information does not be accessed arbitrarily, to prevent information from being arbitrarily modified or copied and spread.

  • APPARATUS AND METHOD FOR PAYING FOR A PRODUCT USING A NEAR FIELD COMMUNICATION DEVICE

    An apparatus and a method perform paying for a product using a near field communication device. The method includes: when payment for a particular product is requested by a user, generating a payment request message for requesting payment for the particular product and transmitting the payment request message to a security element server; when a personal identification information request message for requesting personal identification information in response to the payment request message is received, receiving an input of personal identification information from the user; transmitting the input personal identification information to the security element server; and receiving a payment result message representing a result of the payment.

  • SECURITY DEVICE AND DISPLAY METHOD THEREOF

    A display method that is used for a security device installed with a camera module and a display module includes A. when the security device captured a preset image by the camera module, the security device displaying an interface for entering a password by the display module, and B. when the password is successfully matched, the security device displaying a predetermined object by the display module. By hiding the interface for entering a password, the invention improves the security capability of the device and meets the requirement of information security at present.

  • SECURITY DEVICE AND DISPLAY METHOD THEREOF

    A display method that is used for a security device installed with a camera module and a display module includes A. when the security device captured a preset image by the camera module, the security device displaying an interface for entering a password by the display module, and B. when the password is successfully matched, the security device displaying a predetermined object by the display module. By hiding the interface for entering a password, the invention improves the security capability of the device and meets the requirement of information security at present.

  • SMART PRICE TAG SYSTEM INCLUDING REMOTE DISPLAY

    An electronic price tag system for stock keeping units (SKUs) having three components: an ID module, a Remote Display Module (RDM), and a remote display control module (RDCM). The ID module and/or the RDCM may contain display elements. The RDM receives information from a vendor's legacy central computer system (LCCS) or marketing computer system (MCS). Communication between the LCCS/MCS and the RDCM is mediated by an RF Communication Module. The RDCM is reusable and may have a limited transmission range to limit access to LCCS/MCS information and security elements triggered by unauthorized removal.

  • ANTI-IDENTITY THEFT AND INFORMATION SECURITY SYSTEM

    The anti-identity theft and information security system process includes storing secure information in association with an electronic device having a communication circuit for sending and receiving data. Biometric information is read with a scanner so that the identity of a user can be authenticating in connection with the supplied biometric information. Once approved, a data communication line is established with a remote device and access to the secure information is unlocked. Thereafter, the secure information may be transmitted between the electronic device and the remote device.

  • SYSTEMS AND METHODS FOR INFORMATION SECURITY USING ONE-TIME PAD

    Methods of encryption and decryption using a key generated from a common document are disclosed. In one embodiment, the method of encryption includes: (1) generating a single pointer to a position in a common document, wherein the pointer includes either a page number and a line number of the common document or a chapter number and a paragraph number of the common document, (2) receiving a message to be encrypted, (3) retrieving, from a computer memory, a key from the common document based on the pointer and having a length at least equaling a length of the message, (4) applying a cryptographic function to characters of the message based on characters of the key (5) causing the message to be stored in a memory device and (6) generating a new pointer to a different position in the common document.

  • METHOD FOR MANAGING REMOTE UPGRADING KEYS IN AN INFORMATION SECURITY APPARATUS

    The present invention discloses a method for managing remote upgrading keys in an information security apparatus. A remote source apparatus generates key disabling data according to a divulged remote upgrading key and sends the key disabling data to the information security apparatus, and the information security apparatus performs the disabling operation on the divulged remote upgrading key according to the received key disabling data. Using the method disclosed in the present invention can prevent the information security apparatus from being maliciously attacked by malicious attackers by using the divulged remote upgrading key and through the remote upgrading process.

  • APPARATUS AND METHOD FOR MANAGING USIM DATA USING MOBILE TRUSTED MODULE

    An apparatus manages universal subscriber identity module (USIM) data in a terminal using a mobile trusted module (MTM). The apparatus includes a mobile information storage unit configured to store at least one key and the USIM data in a protection region, an information security unit configured to protect information stored in a USIM and the terminal using at least one of the USIM data and the key stored in the mobile information storage unit, and a USIM data manager configured to restore at least one of the USIM data and the key stored in the mobile information storage unit to the USIM, and store at least one of USIM data and the key provided from the USIM in the mobile information storage unit.

  • SECURITY MODEL FOR NETWORK INFORMATION SERVICE

    Systems and methods for providing information security in a network environment are disclosed. The method includes initiating processing, invoked by a user, of at least one of a plurality of objects in a processing unit of a hardware layer, wherein the plurality of objects is hosted for a tenant. The method further includes determining that the processing of the at least one of the plurality of objects by the processing unit is authorized by the tenant based on a security map provided by the tenant and accessible by the processing unit within the hardware layer. The method further includes allowing the processing of the object based on a result of the determining.