1051 results about "Security service" patented technology

Services for a vehicle or fleet of vehicles can be ordered, renewed, modified, managed, configured, and/or cancelled through a common interface. Services may be managed remotely from outside the vehicle as well as from within the vehicle. For example, the driver of a vehicle could access a secure web site from their home computer to subscribe for satellite radio services, cancel a subscription for global positioning information, renew a contract for broadband Internet access in the vehicle, and modify a relationship for remote vehicle security services. Each service that is registered with the system can possess a different status. Such functionality allows devices necessary for various services to be pre-installed in the vehicle. The service management system can also store user profiles that reflect user preferences and patterns of behavior with respect to how the services are performed and configured.

The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Active probing and other methods are used to detect the attacks. Responses to detection include one or more of displaying a warning to a user of the computing device, providing an option to disconnect the network connection, blocking the network connection, switching to a different network connection, applying a policy, and sending anomaly information to a security server.

The invention discloses a network system of Internet of things and a data processing method thereof, mainly solving the problems of unavailable heterogeneous network integrated access, difficult resource sharing and poor security control of the existing network of Internet of things. The network system mainly comprises an Internet of things processing center, a distributed Internet of things domain processing and servicing subsystem, a multimode Internet of things gateway, and Internet of things devices. The Internet of things processing center provides service and a development platform for the public, the distributed Internet of things domain processing and servicing subsystem assists the Internet of things processing center to provide the service for the user, the multimode Internet of things gateway provides the protocol conversion and the security service, and the Internet of things devices are used to receive and transmit the Internet of things data or to execute instruction, and perform the inter-domain processing or the intra-domain processing on the network data according to different services when processing the network data in the network system of Internet of things. According to the invention, the problem of heterogeneous network integrated access is solved, the resource sharing rate of the Internet of things is enhanced, and the security control of the Internet of things information is strengthened, therefore, the system and the method can be used in designing and building of the Internet of things network.

A security server system and method permitting participants acting as the source or destinations for a message or a conversation with multiple messages to securely communicate the messages. The messages have a message header and a message content. A message router connects the participants via a network and delivers the message between the participants based on the message header. A key server creates, stores, and releases conversation keys that the participants use to protect the message content of the message.

A subset of unique codes are generated from a set of codes. The subset of codes are stored in a database on a secure server and each of the codes is marked on a corresponding instantiation of the product. The marked instantiations are distributed. During their distribution, the marked instantiations are verified for authenticity and for routing. This verification is performed by reading or scanning the codes on the instantiations, and transmitting that information to the secure server for comparison against the codes and other information located in the database contained therein.

The invention concerns authentication to be performed in a telecommunications network, especially in an IP network. To allow a simple and smooth authentication of users of IP networks in a geographically large area, the IP network's terminal (TE1) uses a subscriber identity module (SIM) as used in a separate mobile communications system (MN), whereby a response may be determined from the challenge given to the identity module as input. The IP network also includes a special security server (SS), to which a message about a new user is transmitted when a subscriber attaches to the IP network. The subscriber's authentication information containing at least a challenge and a response is fetched from the said mobile communications system to the IP network and authentication is carried out based on the authentication information obtained from the mobile communications system by transmitting the said challenge through the IP network to the terminal, by generating a response from the challenge in the terminal's identity module and by comparing the response with the response received from the mobile communications system. Such a database (DB) may also be used in the system, wherein subscriber-specific authentication information is stored in advance, whereby the information in question need not be fetched from the mobile communications system when a subscriber attaches to the network.

A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy. The agent blocks the network socket event from reaching the transport layer when the denial is received from the security server. In one embodiment, the method is implemented using a machine readable medium embodying software instructions executable by a computer.

The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise. The invention yet further provides security server clusters configured for generating API metrics and/or identify anomalies or indicators of compromise—which may be used by proxies to terminate existing connections and block subsequent requests or messages from clients associated with the identified anomalies or indicators of compromise.

According to some embodiments, a member authentication request is received at a security server from a client server. The member authentication request may be associated with, for example, a member attempting to access confidential information from the client server. A secure key associated with the member may be determined and data associated with that key may be transmitted to the member (e.g., via his or her wireless device or computer). Secure key information may be received from the member and validated. Based on the validated secure key information, it may be arranged for the member to receive the confidential information from the client server.

The present disclosure relates to a communication method and system for converging a 5^th-Generation (5G) communication system for supporting higher data rates beyond a 4^th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. The present disclosure provides a method for uplink power control, which is applied to a User Equipment (UE), and the method includes: determining a timing between a power control command and a Physical Uplink Control Channel (PUCCH), which adopts the power control command to control power. The present disclosure also provides a corresponding device.

Each service system with a variety of databases in marketing environment maintains and audits purchasing transaction data to look for ID theft and transmits suspicion events to security service system which is attached to marketing environment. Security service system maintains status data and identifies information including biometric identity, portable device identity, and message to defeat ID-theft attacking. Identifying events is transmitted to service systems for derived information to reflect operation. Services systems include Insures Service Systems, Bank Service Systems, Business Service Systems, and Portable Devices under Security Service Systems monitoring in marketing environment. And also a portable device with a local CPU, memory, I/O interface, wireless network and a host interface provides user for purchasing transaction with merchant. A portable device retains pertinent purchasing transaction data and establishes personal account in memory to aid person analyzes with the collected data and identify potential ID theft attacks in the marketing environment.

A procedure for setting up a secure service connection in a communication system which includes a first telecommunication network, a first terminal device connected to the first telecommunication network, a second telecommunication network, a second terminal device connected to the second telecommunication network, and a telecommunication server. The first terminal device is connected via a first telecommunication connection to the telecommunication server and the second terminal device is connected to the telecommunication server via a second telecommunication connection. The unique identifying address of the first terminal device and the data needed to verify that the first terminal device is permitted access to the services of the telecommunication server are transmitted to the telecommunication server via the second terminal device and second telecommunication connection, and the data sent by the second terminal device are verified at the telecommunication server. If the first terminal device is determined to have the required right of access to the services of the telecommunication server, the first telecommunication connection from the telecommunication server to the first terminal device is set up based on the successful verification and using the address data received by the telecommunication server.

Secure services and hardware on a mobile device are disabled if it is detected that software in the untrusted domain, such as the operating system, has been hacked or tampered with. Mobile devices often have rich, unprotected operating systems which are vulnerable to hacking, especially from execution of one or more apps. These apps are separated from secure services on the device, such as e-wallet services, NFC functionality, camera, enterprise access, and the like, and the present invention ensures that tampering with code in the untrusted domain or operating system does not affect these and other secure services. If tampering in the untrusted space is detected, the secure services and possible hardware on the device are shutdown or disabled. The extent of this disablement may depend on various factors, such as use of the device, type of device, context in which device is used (e.g., military, enterprise).

The invention relates to a malicious code analysis method, in particular to a system and method for malicious code analysis based on cloud computing. The system for malicious code analysis based on cloud computing comprises a malicious code analysis proxy and a malicious code could analysis system. The malicious code analysis proxy comprises a safety monitoring engine, a searching and killing engine, a local black list, a local white list, a behavior pattern bank and a virus characteristic bank. The malicious code could analysis system comprises a characteristic judging and searching engine, a sample storage center, multiple analysis engines, a global black list, a global white list, a global malicious behavior characteristic bank and a global virus characteristic bank. According to the system and method for malicious code analysis based on cloud computing, safety servitization is achieved based on the cloud computing technology, compatibility and cooperation of the multiple searching, killing and analysis engines are achieved, the threat analysis and response ability of the whole network is improved through the strong data processing and analysis ability of a cloud terminal, rapid discovery, rapid analysis and rapid processing of host threats are achieved, the safety of the host operation environment is guaranteed powerfully, and the self-protection ability of a host intrusion detection protective system can also be improved.

The present disclosure relates to traffic monitoring through one or more access control servers configured configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data. Responsive to identifying an indicator of compromise or that an originating terminal corresponding to the server resource request is identified within a blacklist, the first security response comprises non-transmission of at least one server resource request message by the access control server to a resource server.