835results about How to "Prevent unauthorized access" patented technology

An undetectable firewall for network protection has been developed. The invention includes a method of preventing unauthorized access to a computer system. The firewall receives a data packet and copies its contents exactly. Next, the firewall analyzes the data packet and determines if it is authorized to access the network. If the packet is authorized to access the network, it is sent on to its destination. If the packet is unauthorized to access the network, it is dropped by the firewall.

An internal gateway establishes persistent connections to an external gateway through permitted ports and protocols of a firewall. Software on the external gateway and the internal gateway collaborate in order to make available internal, firewall-protected resources to external clients securely and without having to modify network or firewall configurations. Any computing resource such as a web service, web application, or any other network addressable resource residing behind a firewall can be securely exposed in a generic fashion to clients on the external network. No special software is required by clients.

Improved techniques for facilitating emergency access to one or more contacts stored on a portable electronic device are disclosed. One or more contacts on the portable electronic device are designated as emergency contacts. While the portable electronic device is password-locked, a request to display the one or more emergency contacts on the password-locked portable electronic device is received. Without requiring a password, the one or more emergency contacts are displayed on the portable electronic device.

The present invention is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present invention can be designed to communicate process or status information and packets with one another. The present invention can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.

A security system for a computer operating system comprising a processor (37) that is independent of the host CPU (13) for controlling access between the host CPU (13) and a security partition formed in the storage device (21) for storing the operating system. A program memory (41) that is independent of the computer memory and the storage device (21) unalterably stores and provides computer programs for operating the processor (37) in a manner so as to control access to the security partition in the storage device (21). All data access by the host CPU (13) to the data storage device (21) is blocked before initialisation of the security system and is intercepted immediately after the initialisation under the control of the processor (37). The processor (37) effects independent control of the host CPU (13) and configuration of the computer (11) to prevent unauthorised access to the security partition on the storage device (21) during the interception phase. All users of the computer (11) are authenticated with a prescribed profile of access to the operating system files in the security partition on the storage device (21) and data access to the storage device remains blocked until a user of the computer (11) is correctly authenticated.

A content distribution system and method which prevents unauthorized access to secured content such as movies and music. The apparatus includes a source, a receiver, an authorized security device such as a conditional access module (CAM) for decrypting authorized content, an output device for outputting content and a backend for managing accounts and system operations. One aspect of this invention provides a mechanism for providing secured content on a medium such as a DVD optical disc. These devices may verify that there is authorization to play the secured content, add watermarks to the secured content, convert the secured content to a displayable form and provide a means for preventing output of the secured content.

An authentication system is configured such that: an in-vehicle device generates an authentication key, and displays on a display unit, a two-dimensional code including the generated authentication key and a URL indicating a predetermined WEB page on a network; and a portable terminal device acquires the authentication key and the URL from the two-dimensional code by reading the two-dimensional code via an imaging unit, downloads a communication program for communicating with the in-vehicle device from the WEB page indicated by the URL, and transmits the authentication key to the in-vehicle device by causing the downloaded communication program to operate.

A method and system for protecting portable computer data from unauthorized transfer or using portable computers to download unauthorized data. The invention is applicable to any computer capable of transferring data, but in one embodiment a portable computer is described. Authorization is enabled by an interface permitting synchronization of the portable computer with a host computer by authentication of the particular portable computer identity. For instance, in one embodiment, when a portable computer is docked with a compatible interface connected to a host desktop computer, it is sensed and identified by the interface. If the particular portable computer identity is authenticated as authorized for that desktop, then synchronization will be enabled by the interface. The computers may then transfer data. However, if the identity is not an authorized one, then authentication will not occur, synchronization is correspondingly disabled, and data transfer is prevented. Various systems can enable the identity authentication.

A vehicle telematics radio operable for providing and disabling driving directions to pre-selected destinations includes a receiver, memory, a processor, and an interface. The memory stores the location of at least one pre-selected destination. The interface receives a request from a vehicle operator for the driving directions to a desired pre-selected destination. The receiver receives a position signal indicative of the current location of the vehicle. The processor determines the driving directions from the current location of the vehicle to the pre-selected destination based on the position signal and map information. The interface then provides the operator with the driving directions to the desired pre-selected destination. In special situations such as when either the vehicle or telematics radio is stolen or missing, the telematics radio may be disabled from providing driving directions in response to receiving a deactivation signal.

A wireless electronic device transcribes spoken words into text for input on an electronic device such as, but not limited to, a computer, cell phone, handheld computer, Blackberry or vehicle navigation system. The wireless transcriber device mounts within the oral cavity, preferably to the back side of a tooth, and detects vibration of the tooth and / or palate bone structure as the wearer of the device speaks. The sensed vibrations are converted to digital signals for wireless transmission to the electronic device. The electronic device receives the signals and captures the digital data containing the sensed vibrations. A software program in the electronic device reads the vibration data and converts the vibration data to text for input on the electronic device. The input text can be used for various purposes such as to create a document, fill in a form, send a text message or to give an operational command to the electronic device.

The present invention provides a data processing apparatus and method for controlling access to a memory. The data processing apparatus has a secure domain and a non-secure domain, in the secure domain the data processing apparatus having access to secure data which is not accessible in the non-secure domain. The data processing apparatus comprises a device coupled to a memory via a device bus, and operable, when an item of data in the memory is required by the device, to issue onto the device bus a memory access request pertaining to either the secure domain or the non-secure domain. The memory is operable to store data required by the device, and contains secure memory for storing secure data and non-secure memory for storing non-secure data. In accordance with the present invention, the data processing apparatus further comprises partition checking logic coupled to the device bus and operable whenever the memory access request as issued by the device pertains to the non-secure domain, to detect if the memory access request is seeking to access the secure memory and upon such detection to prevent the access specified by that memory request. This approach significantly improves the security of data contained within a secure portion of memory.

A system and method for out-of-band network management is provided wherein one or more different management interfaces are converted into a common format management data. The system may encrypt the common format management data. The system may also authenticate each user that attempts to access the management interfaces.

Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.

A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP / IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP / IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.

A system and method for performing multifactor mobile authentication are described whereby a mobile communications device includes a contactless reader for receiving and validating a unique identifier stored in an external authenticating module prior to granting access to locally stored electronic authenticating material required to access an external resource. In one embodiment, the mobile communications device is a mobile telephone having an RFID reader for receiving the unique identifier from an RFID tag incorporated into the external authenticating module. Preferably, the external authenticating module is associated with a user, such as by being part of the user's jewelry or clothing. The mobile authentication device includes an RFID authenticator module that detects external resource access requests and checks whether the requested resource is on a list of resources that require additional user authentication prior to granting access to locally stored authenticating material.

Devices, systems, and methods for detecting and preventing unauthorized access to computer networks. Devices include a server enabled with an application that interacts with a counter-part PC application to determine whether input devices of the PC have been active within a predetermined time. Methods include providing a subscription-based service for PC users to determine whether unauthorized network output activity has occurred from a respective user's PC.

The invention relates to dynamically creating talk groups in a communications system. A new dynamic group is created by a user who defines a group definition message in his subscriber station. This group definition message uniquely identifies the new group in the system, and can be distributed to the intended group members using the usual messaging facilities available in the specific communications system. The recipients of the group definition message can store the message in their subscriber stations for subsequent use. Thus, group creation and membership management are handled at user level without interacting with the system. The role of the system is restricted to establishing a means for communication in the group whenever there are users who have activated the group for communication.

A method and a system for enabling delivery of at least part of a digital rights management (DRM) protected segmented content item to a content processing device is described wherein segmented content item is associated with a manifest file, comprising at least a first segment identifier associated with a first segment being encrypted on the basis a first key; and, a second segment identifier associated with a different, second, segment being encrypted on the basis of a second key; said manifest file further comprising key information for enabling decryption of at least one of said first and second encrypted segments. Said method may comprise: a secure module, preferably a DRM module, in said content processing device requesting a DRM server access to at least part of said segmented content item; and, providing said secure module access to at least part of said key information, if said content access request is granted by said DRM server.

A selectable, multi-purpose card comprising a plurality of features stored in memory means operatively mounted on the card and selection means for allowing a user to select a feature in a few simple steps, preferably in a single step. In one embodiment the card includes a plurality of magnetic strips positioned on the card in a manner to allow swiping each magnetic strip separately using conventional reading devices. Each magnetic strip activates a different feature of the card. In another embodiment the card includes a programmable magnetic strip, a plurality of features stored in memory means mounted on the card, a plurality of buttons or contacts, and means for programming the magnetic strip with a different card feature. The card may also include a thin, flexible display.

The present invention includes as one embodiment a method for automatically controlling access to a mobile computing device with pertinent data. The method includes predefining access parameters of the mobile computing device, determining an actual location of the mobile computing device and using the actual location of the mobile computing device to automatically control access to the mobile computing device based on the predefined access parameters. Also, the method includes storing the predefined access parameters in a private Internet networked location, accessing and updating the predefined access parameters and sending the updated access parameters to the mobile computing device.

A system, apparatus, and method for preventing the unauthorized access to a payment application installed on a mobile payment device, or to transaction data stored in the device. The mobile payment device may be a mobile phone that includes a contactless element (such as a contactless smart chip) and that is capable of communication and data transfer using a wireless communications network and a near field communications capability. Unauthorized access to the payment application is prevented by requiring that access control data be received from a trusted source, such as a controller or application in charge of managing inputs from a phone keypad, in order to activate the payment application or to access stored data.

A recoiler has a retractable cable with an attachment pad on the distal end of the cable for attachment to an item of merchandise. The cable is stored on a spring biased spool located within a recoiler housing. The housing is freely rotatably mounted on a post extending upwardly from a base plate secured to the spool housing by a fastener and adapted to be secured to a support structure.

There is provided fiber drop terminals (“FDTs”) and related equipment for providing selective connections between optical fibers of distribution cables and optical fibers of drop cables, such as in multiple dwelling units. The FDTs require relatively little area and / or volume while providing convenient connectivity for a relatively large number of optical connections. The FDTs include adapters for optically connecting the connectors, and the adapters of some FDTs are adapted to rotate, move, or otherwise be removed to provide convenient access for technicians. Some FDTs and the related equipment are adapted for use with microstructured optical fiber having preferred bend characteristics.

Data in a portable electronic device is protected by using external and internal status detection means to determine if the device is misplaced, lost, or stolen. The device then takes, singly or in combination, one of several actions to protect the data on the device, including declaring its location to an owner or service provider, locking the device or specific functions of the device to disable all data retrieval functionality, erasing or overwriting all the stored data in the device or, where the data has been stored in the device in an encrypted format, destroying an internally-stored encryption key, thereby preventing unauthorized access to the encrypted data in the device.

The present disclosure relates to secure electronic receipt systems and methods. The present invention removes the need for paper-based receipts while preserving security through use of a digital signature on each electronic receipt verifying the transaction and other data related to the transaction. In an exemplary embodiment, the present invention includes a trusted email server, an authentication server, a point-of-sale (POS) terminal or the like, and a smart card or the like. A buyer can utilize the smart card to instruct the terminal to provide an electronic receipt. The terminal can utilize the trusted email server and the authentication server to digitally sign the electronic receipt with credentials trusted by the buyer, and these credentials can later be utilized to verify the electronic receipt.