415 results about "Internet security" patented technology

A method and system for providing flexible access to Internet sites is described. The system includes a database of Internet sites that have been categorized so that the system determines the category of information that a user is accessing on the Internet. The system is also programmed so users are only allowed to access sites within a particular category a limited number of times. Moreover, users can requested a postponed access, wherein the site they are requesting is stored to a server, and available to the user at a later time. In addition, if a user chooses to access a site that is within certain predefined categories, they are presented with the option of retrieving the page, but notified that their access will be logged to a file.

A method and system for providing flexible access resources or services related to particular software applications are described. The system includes a database of Internet sites that have been categorized so that the system determines the category of information that a user is accessing on the Internet. The system is also programmed so users are only allowed to access sites a limited number of times. The system is further programmed to limit a user's access to the Internet based on the network's current bandwidth usage. Moreover, users can requested a postponed access, wherein the resource or service they are requesting is stored to a server, and available to the user at a later time. In addition, if a user chooses to access a resource or service that is within certain predefined categories, they are presented with the option of retrieving the resource or service, but notified that their access will be logged to a file.

A host computer supports a virtual guest system running thereon. The host system has a firewall that prevents it from communicating directly with the Internet, except with predetermined trusted sites. The virtual guest runs on a hypervisor, and the virtual guest comprises primarily a browser program that is allowed to contact the Internet freely via an Internet access connection that is completely separate from the host computer connection, such as a dedicated network termination point with its specific Internet IP address, or by tunneling through the host machine architecture to reach the Internet without exposing the host system. The virtual guest system is separated and completely isolated by an internal firewall from the host, and the guest cannot access any of the resources of the host computer, except that the guest can initiate cut, copy and paste operations that reach the host, and the guest can also request print of documents. The host can transfer files to and from a virtual data storage area accessible by the guest by manual operator action. No other transfer of data except these user initiated actions is permitted.

An automated Web security analysis system and process identifies security vulnerabilities in a target Internet Web site by parsing through the target Web site to search for a predetermined list of common security vulnerabilities. The process is recursive, exploiting information gathered throughout the process to search for additional security vulnerabilities. A prioritized list of detected security vulnerabilities is then presented to a user, including preferably a list of recommendations to eliminate the detected security vulnerabilities.

Internet Security is increasingly of concern as more and more cases of identity theft of online data is reported. Simple login and password authentication for access to sensitive websites like financial, health or other personal data is no longer sufficient. Several mechanisms for additional security, called two-factor authentication have been proposed. Most of them involve the use of a physical device like a card which is read by a card reader or suggest the use of biometric authentication. Although, these are very secure, the cost of implementation of these “physical” authentications is high. This invention outlines the use of a simple two factor authentication using mobile phones, PDAs or Credit and Debit cards that most users already have, without the need for any special hardware.

A system and a method for automatically collecting content, the method comprising the steps of: defining a plurality of content sites, creating a collection of virtual agents data including user characteristic data and user behavioral data, presenting the collection of virtual agents to the plurality of content sites; receiving content from the visited internet site; and storing the received content or presenting it to a user.

The present invention relates to a method and system for Internet Protocol network communications and a use thereof for protecting Internet sites against denial of service attacks on insecure public networks such as the Internet. The method utilizes a multicast address hopping technique which selectively varies the chosen multicast IP address from a set of available multicast addresses according to a predetermined scheme known to the communicating end stations but not to unauthorized end stations. The packets associated with the multicast stream are then communicated on the chosen multicast address. The set of available multicast IP addresses may also be selectively varied according to a secret predetermined scheme known to the transmitter and subscriber end stations, particularly by adding to and dropping from the set of multicast IP addresses in a seemingly random fashion. Using the method of the present invention, potential attackers are prevented from knowing which address to disrupt or monitor for traffic between end stations.

A loan origination system interface module for processing loan applications from a user through a lender web site is described. The loan originator accesses a lender web site to perform loan processing procedures. The module is included on the lender's web page through a standard object reference in HTML specification. The module contains information unique to that lender, and the lender's identification number as well as desired data format. Once the loan originator decides to transfer a loan application or supplemental data to the lender, the module examines the loan origination software pipeline and presents a selection of loan products to the user. Once the user makes a selection, the module extracts loan information stored in the loan origination software by conducting a search for each required data field, relates that data to the specific field in the vendor application format, and packages the data in a format acceptable to the lender. The module then finds the appropriate route to deliver the loan data to the lender, either directly through a standard Internet secure communication protocol, or indirectly through a separate server computer. The user can then continue the transaction on the lender's web site in an uninterrupted work flow. Loan processing occurs on the lender's web site, and the interaction of the web site and loan origination software is handled by the module.

A biometric security system is disclosed. The system includes a client security system configured to make a request for access to an application module. The application module is configured to receive the request and respond by sending an instruction to the authentication module to initiate an authentication session. The authentication module is configured to receive the instruction and respond by generating a session packet that is transferred to the client security system. The client security system is further configured to generate an authorization packet that is returned to the authentication module after being encrypted utilizing information contained in the session packet.

Visualizing Internet web traffic is disclosed. In one embodiment, a number of windows are displayed, corresponding to a number of clusters into which users have been partitioned based on similar web browsing behavior. The windows are ordered from the cluster having the greatest number of users to the cluster having the least number of users. Each window has one or more rows, where each row corresponds to a user within the cluster. Each row has an ordered number of visible units, such as blocks, where each block corresponds to a web page visited by the user. The blocks can be color coded by the type of web page they represent. In one embodiment, the corresponding cluster models for the clusters are alternatively displayed in the windows.

An intrusion secure personal computer system includes a central processing unit, a data storage means, a memory means, a primary operating system, a virtual machine operating system providing an isolated secondary operating environment functioning separate from the primary operating system and controlling operations of the personal computer system within the isolated secondary operating environment and at least one input/output (I/O) connection in operative communication with an external data source, where the personal computer system is secured from malicious code contained in a file downloaded from the external data source.

A computer system is disclosed for providing rapid access to preconfigured Internet sites. The system includes a keyboard or similar input device having switches which are closed to produce unique Internet access signals. A signal processing circuit places the computer system in communication with corresponding unique Internet sites in response to the Internet access signals. Application software is also launched as required by the particular access switch, such as for electronic commerce or electronic messaging. If the system is not yet logged onto the network, a log-on routine is executed in response to the access signals. A user may actuate the switches to rapidly access desired Internet sites and to perform operations at the sites without the need to navigate through a series of on-screen windows or menus.

Secure Remote Support Automation Process wherein a remote support server receives a support task request and schedules a predefined task to a predefined actor who also has a predefined escalation policy and notifies the support actor of the scheduled task along with a key, a key seed, or a credential to use in authentication. The method enabling privileged access to an Internet security appliance using public/private key pairs through a firewall and network address translation by a support server and an assigned support task actor.

A system for customizing individual internet access includes a server that registers a user with the system, stores information pertaining to internet sites the user is authorized to access, and controls the user's access to internet sites. A carding station is provided to enter personal identification information about the user and information regarding internet sites the user is authorized to access into the system. The carding station also generates a personal smart card for the user that includes a read only memory storing a serial number that correlates with data about the user stored in the server. An internet station is provided to allow the user to view the internet only with his or her personal smart card. While accessing the internet, the server controls the user's access to internet sites based on whether the information stored in the server indicates that the user is authorized to access the specific internet sites that are requested to be displayed. A secure sockets layer protocol provides security for the data transferred across the internet connection.

The invention aims at providing a network architecture security system for Internet of Things and a security method thereof, comprising security protective measures sequentially established in the system from inside to outside, which are mainly reflected in that a security device at a central terminal of the Internet of Things comprises a central cipher machine, a central authentication secret key management center, a data server, a security database and the like, and then the security of each sensor terminal in a Personal Area Network and the like. Compared with the prior art, the invention has the advantages that: 1. according to the characteristics of the Internet of Things, Internet security technology of the Internet of Things is realized; 2. the security protective measures sequentially established in the system from inside to outside are mainly reflected in the security device at the central terminal and security modules at each sensor terminal, thus ensuring the security of sensing information, equipment, communication and application, as well as security management; and 3. multi-level security systems are deployed in the aspects of security mechanism and management, such as the confidentiality, integrity, authenticity and non-repudiation of data, and equipment legitimacy.

Disclosed is a system and method for distributing connections among a plurality of servers at an Internet site. All connections are made to a single IP address and a local director selects the server from among the plurality of servers which is to receive the connection. Thus, the DNS server is not relied upon to distribute connections, and the connection distribution scheme is not avoided when DNS is bypassed. In one embodiment, a session distribution scheme is implemented such that connections are distributed to the server in the group of servers which has the fewest connections of the group. In other embodiments, other session distribution schemes which route connections based on the predicted response times of the servers or according to a round robin scheme are used.

The invention discloses a method and system for detecting and locating network anomaly, which relates to the fields of Internet security, deep learning and neural network. The method comprises the following steps: firstly, dividing the URL according to special characters; secondly, performing word vector encoding on the divided URL with word2vec; putting word vectors into a convolution layer for automatic feature processing; combining a convolution layer result with an attention layer which possesses a sequential attention mechanism; and finally, performing maximum pooling and full-connectionon an attention layer result to obtain a final anomaly detection result, and at the same time, using the output of the attention layer to locate the malicious code in the URL. The invention has an excellent detection effect, not only is the detection rate high, but also the malicious code fragment in the URL can be located and visualized, thus effectively avoiding the drawbacks of the artificial feature engineering and the expert knowledge method.

A method for monitoring and securing a facility without employing a manned control center, according to which a server acquires surveillance data from each of a plurality of distributed surveillance devices deployed within or adjacent to a given security sensitive facility. Then the server receives an intrusion alert from a guard, or from one or more of the plurality of surveillance devices to initiate a triggering event, if the acquired surveillance data is indicative of activity that has been detected at an indicated location. A first guard is alerted and presented with a full situational awareness image to assess the severity of the detected activity and the triggering event is terminated if found by the first guard to be of a low severity, or an interception operation initiated by self-dispatching or dispatching one or more additional guards to a close by location that holds tactical advantage relative to the indicated location if the triggering event was found by the first guard to be of a high severity.

The present invention relates to a device, as well as a method, of a multi-service IP-phone. The device and method comprise an IP-phone, to be used for making intercom and inbound/outbound phone calls through a LAN or the Internet, and a network control unit, to be used to control the data transmitting through the network. By connecting the IP-phone with network devices and computer devices, one can not only use the IP-phone to receive and make phone calls, but also use the computer devices to access the LAN or the internet via the IP-phone, which at the same time, with its built-in network control unit, provides such functions as LAN/internet security, data security, packet filtering, bandwidth management, traffic shaping (load balance), and virtual private network (VPN).

The invention relates to the field of Internet security, and aims to provide a method for intelligently intercepting a threat IP based on cloud protection. The method for intelligently intercepting athreat IP based on cloud protection comprises the steps that: after receiving a cloud protection log, a big data log analysis server performs analysis according to a preset analysis rule, and stores the analyzed field information to an hbase cluster; a machine learning cluster establishes an analytic statistics model, the analytic statistics model can identify the behavior characteristics of an IPafter training, the machine learning cluster pushes the threat IP and corresponding domain name information to a cloud protection platform engine in real time, and the cloud protection platform engine dynamically adds the threat IP and the corresponding domain name information to a blacklist after receiving and implements corresponding interruption based on the attack threat level. The IP blacklist has high real-time property, and the configuration can be dynamically added and changed according to the log analysis result to effectively reduce the problem that the rule is bypassed and falselyreported.