23252results about "Computer security arrangements" patented technology

Data is secured in a computer network to transparently establish and manage a separation of user-based communities of interest based upon crypto-graphically separated, need to know, security levels. Data from a source document, data object or data stream is filtered to form subsets of extracted data and remainder data based upon security levels for the communities. Extracts are stored in assigned memories. Full or partial plaintext reconstruction is permitted only in the presence of assigned security clearance for the community of the inquiring party. Encryption, corresponding to security levels, establishes separation of secured data. The information processing system uses a data filter to extract security sensitive words, data objects, etc., a distributed storage system and a compiler is used to reconstruct plaintext based on security clearance. Multiple level encryption in one document is also available.

Briefly, the present invention relates to an information dispersal sytem in which original data to be stored is separated into a number of data “slices” in such a manner that the data in each subset is less usable or less recognizable or completely unusable or completely unrecognizable by itself except when combined with some or all of the other data subsets. These data subsets are stored on separate storage devices as a way of increasing privacy and security. In accordance with an important aspect of the invention, a metadata management system stores and indexes user files across all of the storage nodes. A number of applications run on the servers supporting these storage nodes and are responsible for controlling the metadata. Metadata is the information about the data, the data slices or data subsets and the way in which these data subsets are dispersed among different storage nodes running over the network. As used herein, metadata includes data source names, their size, last modification date, authentication information etc. This information is required to keep track of dispersed data subsets among all the nodes in the system. Every time new data subsets are stored and old ones are removed from the storage nodes, the metadata is updated. In accordance with an important aspect of the invention, the metadata management system stores metadata for dispersed data where: The dispersed data is in several pieces. The metadata is in a separate dataspace from the dispersed data. Accordingly, the metadata management system is able to manage the metadata in a manner that is computationally efficient relative to known systems in order to enable broad use of the invention using the types of computers generally used by businesses, consumers and other organizations currently.

The method for securing data includes establishing a group of security sensitive items, filtering data and extracting and separating the security items from remainder data. The filtered data are separately stored (locally on a PC or on another computer in a LAN or WAN or on the Internet.) A map may be generated. The filter and / or map may be destroyed or stored. The data input, extracted data and remainder data may be deleted from the originating computer. Encryption may be utilized to enhance security (including transfers of data, filter and map). Reconstruction of the data is permitted only in the presence of a predetermined security clearance. A plurality of security clearances may be used to enable a corresponding plurality of partial, reconstructed views of the plaintext (omitting higher security words). A computer readable medium containing programming instructions and an information processing system is encompassed.

A method and system for authenticating a smart battery having a smart battery and an electronic device. Both the device and the smart battery generate encrypted random strings using key material based by A / D noise bits as a seed value. A pseudo random number is generated from the A / D noise that is transmitted to both the electronic device and the smart battery. The pseudo random number is used by both devices as a key index to select one of a plurality of keys stored in separate key libraries. The keys, or key material, is used to execute an encryption algorithm. The two encryption data streams are then compared to authenticate the smart battery.

An interactive and enhanced digital Instant Catalog of products, services, and information that is personalized or personally profiled, to each unique user of the catalog. The catalog instantly and intelligently captures, stores, manages, and processes self-selected, reusable and "re-distributable" catalog groupings anonymously, for personalizing, enhancing, monitoring, tracking, and peer sharing through multiple mediums and platforms by intelligent agents for a variety of user and vendor specified purposes. The personally profiled cataloged information can be viewed instantaneously and simultaneously by each effected component or member of a supply chain, at the time the product or service has been cataloged, without identifying the cataloger. The user, who preferably employs a Web browser over the Internet, personalizes the interactively produced intelligent catalog content. Products, services, and information groupings are digitally captured and stored by an intelligent catalog agent for enhanced personalized interaction and networking through a peer sharing network, or through an open catalog exchange. The user has the ability to create their own individualized world of products, services, and information that is contextually tailored to each user's unique environment in real-time. Web services hosted within a personal Extranet can anonymously assist and facilitate a context specific task or service insightfully and spontaneously. Through the selective cataloging of multi-vendor products, services, and information, a user is able to fully control, personalize, enhance and share, any lifestyle interest captured from ITV, print, the World Wide Web, businesses, and peers.

A method, apparatus, and system are directed towards managing a view of a social network user's personal information based, in part, on user-defined criteria. The user-defined criteria may be applied towards a user's relationship with each prospective viewer. The user-defined criteria may include degrees of separation between members of the social network, a relationship to the prospective viewer, as well as criteria based, in part, on activities, such as dating, employment, hobbies, and the like. The user-defined criteria may also be based on a group membership, a strength of a relationship, and the like. Such user-defined relationship criteria may then be mapped against various categories of information associated with social network user to provide customized views of the social network user.

Systems and methods for hosting variable schema data such as dynamic tables and columns in a fixed physical database schema. Standard objects, such as tables are provided for use by multiple tenants or organizations in a multi-tenant database system. Each organization may add or define custom fields for inclusion in a standard object. Custom fields for multiple tenants are stored in a single field within the object data structure, and this single field may contain different data types for each tenant. Indexing columns are also provided, wherein a tenant may designate a field for indexing. Data values for designated fields are copied to an index column, and each index column may include multiple data types. Each organization may also define custom objects including custom fields and indexing columns. Custom objects for multiple tenants are stored in a single custom object data structure. The primary key values for the single custom object table are globally unique, but also include an object-specific identifier which may be re-used among different entities.

An improved human user computer interface system, wherein a user characteristic or set of characteristics, such as demographic profile or societal “role”, is employed to define a scope or domain of operation. The operation itself may be a database search, to interactively define a taxonomic context for the operation, a business negotiation, or other activity. After retrieval of results, a scoring or ranking may be applied according to user define criteria, which are, for example, commensurate with the relevance to the context, but may be, for example, by date, source, or other secondary criteria. A user profile is preferably stored in a computer accessible form, and may be used to provide a history of use, persistent customization, collaborative filtering and demographic information for the user. Advantageously, user privacy and anonymity is maintained by physical and algorithmic controls over access to the personal profiles, and releasing only aggregate data without personally identifying information or of small groups.

Disclosed herein are systems and methods for syndication and management of structured and unstructured data to assist institutional healthcare delivery, healthcare providers' practices, healthcare providers' group practices, collaborative academic research and decision making in healthcare, including through the utilization of medical devices and healthcare pools.

A system and method of interactive cataloging of products and services by end users across multiple sales and marketing channels provide each end user with access to domain-independent catalog data from a plurality of vendor organizations through a catalog server system. Anonymous end user cataloging actions of products and / or services across multiple manufacturing, distribution, and retailing channels create personalized profile instances that are based on stored vendor catalog profile templates in the catalog server system, and stored in the end user's personalized electronic catalog as pre-sale digital receipts. An end user's personalized electronic catalog(s) can be shared with peers using mutual agreement permissions as managed by the catalog server system. Pre-sale digital receipts are used to provide a safe, secure, and convenient method for modifying an end user's actionable cataloged items from a pre-sale status to purchased status when purchased and to provide a traceable audit trail for each cataloged item or purchased item in order to facilitate respective pre-sales channel activities and post-sales channel support and services.

Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.

Techniques are disclosed for using a combination of explicit and implicit user context modeling techniques to identify and provide appropriate computer actions based on a current context, and to continuously improve the providing of such computer actions. The appropriate computer actions include presentation of appropriate content and functionality. Feedback paths can be used to assist automated machine learning in detecting patterns and generating inferred rules, and improvements from the generated rules can be implemented with or without direct user control. The techniques can be used to enhance software and device functionality, including self-customizing of a model of the user's current context or situation, customizing received themes, predicting appropriate content for presentation or retrieval, self-customizing of software user interfaces, simplifying repetitive tasks or situations, and mentoring of the user to promote desired change.

In embodiments of the present invention improved capabilities are described for a virtualization environment adapted for development and deployment of at least one software workload, the virtualization environment having a metamodel framework that allows the association of a policy to the software workload upon development of the workload that is applied upon deployment of the software workload. This allows a developer to define a security zone and to apply at least one type of security policy with respect to the security zone including the type of security zone policy in the metamodel framework such that the type of security zone policy can be associated with the software workload upon development of the software workload, and if the type of security zone policy is associated with the software workload, automatically applying the security policy to the software workload when the software workload is deployed within the security zone.

A method for tagging digital media is described. The method includes selecting a digital media and selecting region within the digital media. The method may further include associating a person or entity with the selected region and sending a notification of the association the person or entity or a different person or entity. The method may further include sending advertising with the notification.

Methods in OMA SEC_CF for providing security services to traffic over UDP between a client and a server and the relevant entities are provided. A pre-shared key is pre-shared between the client and the server. A pair of IPSec ESP SAs between the client and the server is established without shared key negotiation, wherein traffic data cryptographic algorithms are determined. Traffic data security keys are derived from the pre-shared key via the determined traffic data cryptographic algorithms. Then, data of the traffic can be provided with security services with the traffic data security keys through use of IPSec ESP.

A method of message communication via a messaging system between one or more originating communication devices assigned to a sender and one or more destination communication devices assigned to a receiver, a messaging system, a service center and a client thereof. The method comprising: before delivery to the receiver, obtaining by a messaging system a message having initial characteristics comprising message format and message layout; adapting at least one of said initial characteristics of the message in accordance with at least one criterion selected from a group comprising: —criterion related to message communication capabilities of the destination communication device with regard to message communication capabilities of the originating communication device; —criterion related to message displaying capabilities of the destination communication device with regard to message communication capabilities of the originating communication device; —criterion related to communication media between originating and destination device; and facilitating delivery of the adapted message to the receiver.

The present invention is a method of organizing and processing data in a distributed computing system. The invention is also implemented as a computer program on a computer medium and as a distributed computer system. Software modules can be configured as hardware. The method and system organizes select content which is important to an enterprise operating said distributed computing system. The select content is represented by one or more predetermined words, characters, images, data elements or data objects. The computing system has a plurality of select content data stores for respective ones of a plurality of enterprise designated categorical filters which include content-based filters, contextual filters and taxonomic classification filters, all operatively coupled over a communications network. A data input is processed through at least one activated categorical filter to obtain select content, and contextually associated select content and taxonomically associated select content as aggregated select content. The aggregated select content is stored in the corresponding select content data store. A data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process is associated with the activated categorical filter and the method and system applies the associated data process to a further data input based upon a result of that further data being processed by the activated categorical filter utilizing the aggregated select content data.

In a protocol for preserving the privacy of communications between a RFID reader and a RFID tag, two distinct actions are taken. First, the reader and the tag must be mutually authenticated as being authorized participants in the communications. After that process is successfully completed, the authenticity of each authorized participant must be validated prior to each subsequent communication between reader and tag.

Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a communications device stores a set of device credentials for activating the communications device for a service on a network; and sends an access request to the network, the access request including the set of device credentials.