196 results about "Program security" patented technology

The present disclosure provides systems and methods for mobile application security classification and enforcement. In particular, the present invention includes a method, a mobile device, and a distributed security system (e.g., a “cloud”) that is utilized to enforce security on mobile devices communicatively coupled to external networks (i.e., the Internet). Advantageously, the present invention is platform independent allowing it to operate with any current or emerging mobile device. Specifically, preventing malicious applications from running on an end user's mobile device is challenging with potentially millions of applications and billions of user devices; the only effective way to enforce application security is through the network that applications use to communicate.

The present invention is generally related to a system for managing recipes using a web server and an off-line software application. A user using the software application will be able to create, display, print, modify, and search recipes and menus. The web server will be a recipe store where a user can buy and download individual recipes and electronic cookbooks into the software application secure database storage. The software application has a web interface to communicate with the recipe store, allowing the user to have an extended set of facilities like posting his/her own recipes for sale, requesting restaurant and food store services for a given recipe or menu, requesting the restoration of their recipe database, and receiving suggested drinking dates for their current wine inventory. The software application comes in two versions: the read-only and the all-inclusive version. With the read-only version a user will not be able to create or modify a recipe or use any of the extended facilities. The read-only version will be free to download from the recipe store.

Techniques for discovery and management of applications in a computing environment of an organization are disclosed. A security management system discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system can obtain network data about network traffic to identify unique applications. The security management system can perform analysis and correlation, including use of one or more data sources, to determine information about an application. The system can compute a measure of security for an application (“an application risk score”) and a user (“a user risk score”). The score may be analyzed to determine a threat of security posed by the application based on use of the application. The security system can perform one or more instructions to configure access permitted by an application, whether access is denied or restricted.

A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.

A web application security scanner (WASS) includes a login manager configured to perform an automated login to a web site. The automated login may be performed when the login manager detects that a login session has ended. The login manager is configured to determine credentials for the web site to allow the WASS to access the web site. The WASS may then use the credentials to continue scanning the web site. Thus, previously unscannable web pages may be accessed in the web site because of the automated login process.

A security gateway, for use in a network system for linking at least a client end and a server end, includes a user interface, a SSL VPN driver, a connection interface and an IPSEC VPN driver. The security gateway supports IPSEC and SSL protocols. Before establishing an IPSEC VPN between a client end and a server end, the security gateway will perform ID authentication for the user of the client end with a widely-used SSL protocol, so as to establish a SSL VPN between a server end and a client end. When the ID of the client end is authorized, a configuration file comprising the SA is generated and then safely sent to the client end through the SSL VPN tunnel. After the client end receives and executes the configuration file having the SA, an IPSEC VPN tunnel between the server end and the client end is established.

A computer program is adapted for securing user entry data against keyboard login attempts. The program masks user input data, either insulating the data from vulnerable parts of the operating system or application, or contaminating user data that is supplied to those vulnerable parts of the operating system or application. The program securely stores data, either intercepted prior to reaching the vulnerable parts of the operating system or extracted from the contaminated data, and securely provides the data directly to a verified application.

A computer system implementing a macro economic model based upon macroeconomic data and relative value characteristics data of patents that determines nominal values for (1) goods and services and (2) profits generated by sales that are covered by the rights of a patent, implements an income value theory to value the patent based upon the predicted values of profits or goods and services covered by the patent, determines patent terms from patent filing, publication, and issue dates, determines patent assignees from patent data, and uses the value of a company's patents, the patent issuance data and term date data, to determine trends versus time in: the number of a company's enforceable patents; the number of a company's patents obtained; the nominal value of net earnings and of goods and services sold that are covered by the company's patents; the nominal value of the sum of the company's patents, and provides comparisons of those trends between companies, regions, and economic sectors, providing the results of the analysis to users of the computer system. The computer system employs a user database enabling a novel electronic accounting model enabling payment by affiliates, programmed securities trading, and accrediting of investors.

A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted. Secrets required by the open source programming code of the application are encrypted in TrustedDictionary.

Techniques for facilitating the reuse of a browser-based thin client of a client-server application in a browser-independent context. These techniques may be used, for instance, to integrate the functionality of a browser-based thin client in a desktop-based, rich client infrastructure. In one set of embodiments, these techniques include determining one or more browser dependencies that require the thin client to operate within a web browser. For example, the thin client may depend on a web browser to handle application security, the loading/caching of client-side files, the receipt/passing of application parameters, and the like. These browser dependencies are then eliminated. As a result, the thin client can be subsequently reused without the presence of a web browser. In one set of embodiments, this process is performed by a conversion utility that automatically converts program code for the browser-based thin client into program code for a browser-independent client application.

A data security system and method protects stored data from unauthorized access. According to one aspect of the invention, a client computing device communicates periodically with a server. If communications is note established between the client and the server for a selected activation interval and a subsequent grace period, the data is determined to be lost, and programmed security rules are automatically executed. Rules relating to encryption, as well as other security procedures, can be defined and entered by an administrator with access to the server, and then disseminated to each of a plurality of clients that access the server.

Security of a file or an application program saved in a wireless communication terminal is maintained. A process performed by the wireless communication terminal includes the steps of: detecting an access point for wireless LAN (Local Area Network) based on a signal sent from a wireless communication I/F; obtaining an SSID (and a MAC address) of the detected access point; referring to access management data stored in a hard disk based on the obtained SSID; and restricting access to the file or the program based on the access management data.

To authenticate a program on a computing device to a resource local to or remote from the computing device, a stored program security identifier (PSID) corresponding to the program is retrieved, where the stored PSID includes information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program. The PSID is re-constructed based on the same information as obtained from local sources, and the stored and reconstructed PSIDs are compared to determine whether a match exists. If so, it may be concluded that the program operates in a trusted manner according to an approved set of conditions.

The invention discloses a method and a system for running installed software. The method comprises the following steps: an install program is loaded in a sandbox; a changing operation action of the installed program to the persistent data of an operating system is reorientated to a sandbox storage module; the changing operation action is executed, corresponding changing operation action information and data generated during the installation are recorded in the sandbox storage module; when the install program is judged to be safe, the operation of reorientated the changing operation action to the sandbox storage module is stopped; and a corresponding operation action of the changing operation information is executed in the operating system. The technical proposal of the invention achieves the effect of actually installing the operating system after the install program is united to the operating system, and improves the practicability of the install program while ensuring the safety of the install process.

The invention relates to software security control technology and discloses a security control method of intelligent television application programs, wherein the security of application software is monitored from a plurality of levels, thereby ensuring the security of application software downloaded and installed in an intelligent television terminal. The key points of the technical scheme are summarized as that an application program developer signs for the first time when packing and uploading the application program to an application program store platform; signature of the second time is performed after the application program store platform verifies the application program; the intelligent television terminal hands over a public key of the intelligent television terminal to the platform through a network connection platform, the software is encrypted using the public key at the platform and transmitted to the intelligent television terminal, the intelligent television terminal performs security verification to the application program, and the application program is installed after the verification is accepted. Legitimacy and security of application of the application program is ensured with such method, and such method is applicable for security control of the application software.

A method of programming a second security token using data stored on a first security token, wherein a privilege to be assigned to the second security token is selected by a user of the first security token. The user selects from privileges derived from a first set of privileges assigned the first security token. A file containing a definition of the privilege to be assigned to the second security token is transferred from an apparatus for programming security tokens to the second security token.

Embodiments of the present invention relate generally to application security. In an embodiment, a method for altered token sandboxing includes creating a process based on a naked token and suspending the process. The method further includes obtaining an impersonation token and resuming the process with the impersonation token. The method further includes acquiring resources needed for the process with the impersonation token. The method also includes replacing the impersonation token with the naked token. In a further embodiment, the method further includes executing the suspended process with the naked token and the acquired resources. In another embodiment, a system for user-mode, altered token sandboxing includes a security module, an acquisition module and a replacement module. In a further embodiment, the system may include an execution module. In another embodiment, the system may include a request module.

Methods and systems for enhancing the security of data during input and output on a client computer system are provided to prevent attempts by unauthorized code to access, intercept, and/or modify data. Example embodiments provide a plurality of obfuscation techniques and security enhanced drivers that use these obfuscation techniques to prohibit unauthorized viewing/receiving of valid data. When the drivers are used together with the various obfuscation techniques, the security enhanced drivers provide mechanisms for “scheduling” the content of the storage areas used to store the data so that valid data is not available to unauthorized recipients. When unauthorized recipients attempt to access the “data,” they perceive or receive obfuscated data. The obfuscation techniques described include “copy-in,”“replace and restore,” and “in-place replacement” de-obfuscation/re-obfuscation techniques. In one embodiment, a security enhanced display driver, a security enhanced mouse driver, a security enhanced keyboard driver, and a security enhanced audio driver are provided. To complement the security enhancements, the methods and systems also provide for a watchdog mechanism to ensure that the driver is functioning as it should be and various user interface techniques for denoting security on a display device.

Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task. In response to receiving the request, the application may generate a runtime dynamic device identifier, determine whether the runtime dynamic device identifier matches the server-generated dynamic device identifier, execute the application specific task when the runtime dynamic device identifier matches the server-generated dynamic device identifier; and prevent the application specific task from being executed when the runtime dynamic device identifier does not match the server-generated dynamic device identifier.