831 results about "Secure computing" patented technology

Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority-which may be a trusted independent third party-tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)-allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.

A method and system is provided for improved electronic voting. The system optionally allows paper type ballots to be utilized. A plurality of cryptographic routines are utilized in a distributed data processing system to maximize the privacy of both the voter's identity and the content of completed ballots. An authentication server is utilized to interact with a voter to issue electronic ballots and receive completed electronic ballots in a manner which determines the authenticity of the identification of the voter, while maintaining the content of the completed ballot confidential. The distributed data processing system further includes a results server which tabulates the content of completed ballots in a manner which maintains the identity of the voters associated with the particular ballots confidential. The distributed data processing system may further include a journal server which records completed ballots, in a manner which facilitates the challenge of ineligible votes and the correction of erroneous votes.

The present invention is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present invention can be designed to communicate process or status information and packets with one another. The present invention can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.

A secure computing system is provided which utilizes a unique combination of Public Key Infrastructure (PKI), Virtual Private Networking (VPN), and server-based computing on thin client devices. The combination of technology and components provide secure computing through Defense-in-Depth using commercial off-the-shelf components.

Techniques for protecting content to ensure its use in a trusted environment are disclosed. The stored content is protected against harmful and/or defective host (or hosted) environments. A trusted security component provided for a device can verify the internal integrity of the stored content and the host before it allows the content to come in contact with the host. As a counter part, a trusted security component provided for the host can verify and attest to the integrity of the host and/or specific host computing environment that can be provided for the content stored in the device. The trusted security component provided for a device effectively verify the host integrity based on the information attested to by the trusted security component provided for the host. If the trusted security component trusts the host, it allows the trusted host to provide a trusted host computing environment trusted to be safe for the content stored in the device. A trusted host can effectively provide a safe virtual environment that allows a content representing a copy (or image) of an original computing environment to operate on the host computing system to give a similar appearance as the original computing environment.

A multichannel security system is disclosed, which system is for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker has a peripheral device operative within an authentication channel to communicate with the security system. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker. A biometric analyzer—a voice or fingerprint recognition device—operates upon instructions from the authentication program to analyze the monitored parameter of the individual. In the security computer, a comparator matches the biometric sample with stored data, and, upon obtaining a match, provides authentication. The security computer instructs the host computer to grant access and communicates the same to the access-seeker, whereupon access is initiated over the access channel.

A 3-node online meeting planning system includes a secure computer as a first node which is protected from unauthorized access running a meeting planner application program for entering meeting planning data which includes sensitive data of persons authorized as attendees at a meeting event and non-sensitive group data, a public online site as a second node which receives only the non-sensitive group data uploaded from the first node and assembles a unique meeting group program for the group using the non-sensitive group data, and a private online site as a third node which receives the assembled meeting group program from the second node and the sensitive data downloaded from the first node and combines them in an online private meeting group site accessible only to authorized attendees of the meeting event. Using this 3-node system, the meeting planner at the secure computer can retain control of the sensitive data, while using the non-sensitive group data for resource browsing and meeting planning functions on the public online site, which may be an ASP meeting planner portal which has an interface and navigation schema familiar to meeting planners and provides high-powered search tools and links to other public sites. The private meeting group site can be made the hub for a wide range of transactions, fulfillment functions, and group communications functions for the meeting event.

A multi-participant financial transaction with no downside risks that results in a net profit for all participants when the transaction is accomplished according to certain required steps, including the step of having simultaneously closings in escrow. A multi-step approach to issuing and selling custom-designed, specially engineered and underwritten securities or bank instruments is also described.

An apparatus to enable operation of a computer by authorized users when in a secure mode of operation is provided. One exemplary apparatus includes a hub configured to be in communication with the computer. The hub includes a card reader, a card microprocessor and an encryption engine. The apparatus also includes a card configured for insertion into the card reader. The card includes a card microprocessor. In addition, the apparatus includes a user authentication device configured to validate the user as an authorized user of the card. If the user is validated as the authorized user, then the card microprocessor passes a key to the hub microprocessor in response to the validation of the user as the authorized user of the card. The encryption engine of the hub is then activated to operate in a secure mode of operation.

Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications are accurate and complete, and then digitally signs them based on a tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys), allowing one tamper resistance work factor environment to protect itself against load modules from another tamper resistance work factor environment. The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application. To verify the application, a trusted element can issue challenges based on different parts of the authenticated credential that the trusted element selects in an unpredictable (e.g., random) way, and deny service (or take other appropriate action) if the responses do not match the authenticated credential.

The present invention provides a system and method, relating to the transfer of patient files over a secure, HIPAA compliant, patient file transfer and outpatient order system and a computer site therefore. The method includes obtaining and compiling a patient record pertaining to a patient; electronically inputting the patient record obtained into a secure computer database containing other patient records, allowing physician access to the patient record wherein the access includes allowing the physician to order outpatient services and send part of the patient information, including certain defined fields for a complete record and to send and receive referrals including certain defined fields for a complete record.

Systems and methods to access password-protected stored data when a corresponding data password has been lost, forgotten, or is otherwise unavailable, and to recover the data password to facilitate access to the password-protected data from a digital memory device such as a hard disk drive associated with a user computer. In some embodiments the computer is communicatively coupled with a network and receives at least one encryption key from a secure computer via the network. In other embodiments the computer is a stand alone computer and receives at least one encryption key from a removable, non-volatile memory such as a CD ROM. The encryption key is used to encrypt the data password and both are stored on the hard disk drive. If the data password becomes lost, forgotten, or otherwise unavailable, the encrypted password is recovered from the hard disk drive and decrypted to recover the data password.

Techniques for managing and protecting computing environments are disclosed. A safe computing environment can be provided for ensuring the safety and/or management of a device. The safe computing environment can be secured by a safe component that isolates and protects it from unsafe computing environments which may also be operating. As a result, various security and management activities can be securely performed from a safe computing environment. A safe computing environment can, for example, be provided on a device as a safe virtual computing environment (e.g., a safe virtual machine) protected by a safe virtual computing monitor (e.g., a safe virtual machine monitor) from one or more other virtual computing environments that are not known or not believed to be safe for the device. It will also be appreciated that the safe components can, for example, be provided as trusted components for a device. As such, various trusted components (or agent) can operate in a trusted computing environment secured from interference by components that many not be trusted and perform various security and/or management tasks alone or in connection, for example, with other trusted components (e.g., trusted serves).

A user identification and authentication device provides a secure computing platform and a secure computing path for communication with a secure remote host. The device is coupled to an unsecure PC but provides for secure verification of a user's identity and authorization in participating in a transaction.

A system and method for monitoring of and managing compliance with treatment for obstructive sleep apnea using oral appliance therapy comprises a sensor module installed in an oral appliance, a data communications facility for communicating with the oral appliance, a control module, and a central database for storing data. Data stored on the sensor module is transferred to the data communications facility for local storage. The control module validates the locally stored temperature data and uploads the validated data into the central database. Temperature data stored in the central database may be viewed remotely via a secure computer network connection in graphical form by authorized users using role-based access controls. Authorized users may include the patient, the patient's provider, system administrators, and stake holders including insurance carriers providing medical coverage for OAT.

A method for securely presenting an HTML expandable display advertisement on a computer display, comprising: storing at a serving computer, an HTML object having an identifier associated with at least one securing computer, registering at the securing computer, the expandable display advertisement, and signaling, from a displaying computer, an expansion event for the expandable display advertisement wherein the expandable display advertisement is for display on the displaying computer. Additional operations for securely presenting an expandable display advertisement on a computer display include expanding, at the displaying computer, the expandable display advertisement; and signaling, from a displaying computer, a restoring event. Using this technique, the serving computer may be within a first domain, and the securing computer within a second domain, the second domain being different from the first domain. In some cases, a registration message received by a securing computer comprises width and height dimensions of the expandable display advertisement.

A system and method for secure computing. The system includes a processor, one or more secured assets coupled to the processor, and security hardware. The processor is configured to operate in various operating modes, including a secure operating mode. The security hardware is configured to control access to the secured assets dependant upon the operating mode of the processor. The security hardware is configured to allow access to the secure assets in the secure operating mode, preferably only in the secure operating mode. The method includes switching the computer system between operating modes, while allowing or restricting access to the secured assets based on the operating modes. The second operating mode comprises a secure operating mode. The method restricts access to the secured assets in the first operating mode and permits access to the secured assets in the secure operating mode.

A secure computing module (SCM) is configured for connection with a host device. The SCM includes a processor for performing secure processing operations, a host interface for coupling the processor to the host device, and a memory connected to the processor wherein the processor logically isolates at least some of the memory from access by the host device. The SCM also includes a proximate-field wireless communicator connected to the processor to communicate with another SCM associated with another host device. The SCM generates a secure digital signature for a financial transaction package and communicates the package and the signature to the other SCM using the proximate-field wireless communicator. Financial transactions are performed from person to person using the secure digital signature of each person's SCM and possibly message encryption. The digital signatures and transaction details are communicated to appropriate financial organizations to authenticate the transaction parties and complete the transaction.