64 results about "Security specification" patented technology

A novel and useful virtual private network (VPN) mechanism and related security association processor for maintaining the necessary security related parameters to perform security functions such as encryption, decryption and authentication. A security association database (SAD) and related circuitry is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.

A security system design supporting tool and method are disclosed, in which security requirements (PP) and security specifications (ST) used for designing a product or a system (TOE) based on CC requirements can be prepared efficiently and uniformly even by ordinary designers other than specialists. In a security system design supporting method, registered PPs and past PP/ST generation cases are so structured as to reuse and/or reference as templates, a draft is automatically generated, and the draft thus generated is additionally modified or corrected by partial automatic generation utilizing a database of past generation cases and partial case accumulated in the generation process thereof.

A method is disclosed for providing mobile code software applications to users via an application service provider (ASP). The ASP receives a mobile code application, such as a Java application, from a provider, along with a security specification. The security specification defines access privileges requested to execute the application, including privileges to execute functions performed by the application and privileges to access local resources of the ASP. The ASP receives a subscription to the application from a user. The subscription includes subscription information granting or denying privileges, and specifying parameters for the privileges, requested in the security specification. The ASP executes the application at runtime by determining for each executable function whether the user has authorized the requested privilege. Those functions authorized by the user are executed in one embodiment. During runtime the ASP limits the application's access to local resources based on the privileges granted by the user.

The invention discloses a method for classifying network equipment by utilizing machine learning. The method establishes a classifying model for the network equipment by utilizing a supervised machine learning technology or a non-supervised machine learning technology, so as to classify known or newly added equipment in a network. The method has the technical advantages of analyzing behavior of the equipment through data packets transmitted and received by industrial control network equipment, and further classifying the equipment automatically. The understanding of types of the equipment is conducive to auditing network communication data. Unlike the traditional security specification for individual equipment, the security specification for equipment types is simpler and easy to manage, and the user can define corresponding security specifications for newly added equipment nodes easily.

The invention provides a waist type wearable indoor mobile positioning terminal which comprises a power supply module, an ultra-wide bandwidth (UWB) locating module, a Bluetooth transmission module, a Zigbee transmission module, an inertial navigation module, an information processing module and a locating waist, wherein the UWB locating module is in two-way connection with the Bluetooth transmission module; the inertial navigation module is in two-way connection with the Zigbee transmission module; the Bluetooth transmission module and the Zigbee transmission module are respectively connected with the information processing module; the information processing module is arranged on the locating waist; the power supply module is used for supplying power for the other modules in the terminal. According to the waist type wearable indoor mobile positioning terminal, UWB locating and inertial navigation locating are fused and integrated into a special locating routing inspection waist, and a sound-light alarm signal can be sent out when the mobile positioning terminal enters a dangerous zone mistakenly; a wearable device which is in accordance with electric power security specification, is convenient to carry and is integrated with a high-accuracy wireless positioning technology is formed; after the waist type wearable indoor mobile positioning terminal is adopted, workers in the dangerous zone in a room can be conveniently and accurately located, so that the personal safety is guaranteed.

The invention belongs to the technical field of program information security monitoring, and particularly relates to an Android application used application program vulnerability detection and analysis method based on code library security specifications. The method comprises the following steps: building a security specification model, i.e., describing the security specifications of the code library by using formalized rule languages; designing a static program analyzer for performing automatic verification based on the security specification model; applying the static program analyzer to two phases, i.e., compilation of application programs and examination of the application programs in an application market, and detecting security vulnerabilities. According to the detection and analysis method provided by the invention, the security risk in the program can be prevented.

If firmware installed in an image forming apparatus 100 is a firmware having a security specification configuration, an operator who is permitted to instruct to update the firmware in the image forming apparatus 100 is limited to an operator having an administrator authority. This may improve the security of the image forming apparatus.

The embodiment of the invention discloses a freezing method of an application program. The freezing method is used for freezing background operating programs which do not accord with security specifications. The method provided by the embodiment of the invention comprises: acquiring current behavior data of each operating program in the background operating programs; determining target operating programs with the behavior data which does not accord with pre-set security conditions from the background operating programs; freezing the target operating programs. The embodiment of the invention further provides a terminal, and the terminal can be used for freezing the background operation programs which do not accord with the security specifications, so that a phenomenon that illegal behaviors including privacy information leakage and the like, which are not good for users, is prevented from occurring.

The present invention discloses a method and a system for internal security management and control of enterprise data. The method disclosed by the present invention is based on a full-service unifieddata center built by an enterprise cloud platform, the full-service unified data center comprises structured data in a unified view area and in a digital warehouse area, and after carrying out actualoperating environment risk analysis on the structured data, from the perspective of the security lifecycle, the entire data protection security specification is formulated; based on the security specification, the LabelSecurity security tag mechanism is enabled on the enterprise cloud platform, and the data access levels of the enterprise cloud platform are divided into four levels of confidentiality of open data, internal data, secret data and confidential data by the security tags; and through the LabelSecurity access mechanism, different effective security control strategies are implementedfor different columns of the data in the same table. According to the method and system disclosed by the present invention, secure tracking and management and control of the service data within the life cycle is ensured; and at the same time, a friendly visual operation is ensured during the entire data management and control process.

The invention discloses a shell material of electronic equipment and a preparation method thereof. The shell material comprises the following components in parts by weight: 70-95 parts of polystyrene, 10-25 parts of glass fiber, 5-16 parts of a flame retardant, 4-7 parts of an antioxidant, and 1-3 parts of a lubricant. The preparation method comprises the following steps: uniformly stirring glass fiber, polystyrene and a lubricant, sequentially adding a flame retardant and an antioxidant, and uniformly stirring the obtained mixture; transporting the obtained object to a feed hopper of a twin-screw extruder, starting the twin-screw extruder, so that a molten material is extruded; and sequentially carrying out water cooling, grain-sized dicing, sieving and drying on the molten material, so that the HIPS composite shell material disclosed by the invention is obtained. The shell material disclosed by the invention is capable of effectively improving the flame retardant rating and rigidity of shells, satisfying the requirements of information equipment on security specifications, and improving the fire prevention coefficients of electrical and electronic equipment.

A method for software inspection analyzes a body of computer code to assess whether the body of computer code contains malware. Various embodiments extract the executable elements of the body of computer code and modify those elements using rules defining the format of instructions for the programming language in which the computer code was written, and using rules defined from the security specification of that programming language, to produce a model of the body of computer code. The method then analyzes the model using a model checking system, which determines whether any of the language rules have been violated, in which case the method flags the computer code as potentially including malware.

The present invention relates to a software establishing technique and network security, and specifically to a method for establishing the Web service security analysis model based on the program slice. The invention provides a method for establishing Web service security analysis model based on program slice for protecting the key information and the common information in the network service from the inside and the outside and increasing the network service security. The method of the invention adopts the following technical solutions: 1) establishing a slicer module for obtaining the abstract of the information flow in the Web service realizing code; 2) establishing a network service analysis module for discovering the safety breaking state that the key information is leaked to the Internet user through the current service interface, wherein the step comprises the safety analysis of the independent network service and the safety analysis of the network service network; and 3) establishing a safety reporting module for analyzing the result based on the module, and combining the safety measures presented in the existing Web service security specification and process for generating a corresponding security report. The method of the invention is mainly used for providing the Web service security.

According to some embodiments, a security model data store may contain a plurality of potential security policies, each accessible by multiple external applications. A security specifications data store may contain a plurality of potential security specifications, each accessible by the multiple external applications. A security policy engine computer platform may receive from an external application an indication identifying a security policy package. The security policy engine may then retrieve, based on the received indication, one of the potential security models from the security policy data store. Similarly, the security policy engine may retrieve, based on the received indication, one of the potential security specifications from the security specifications data store. The security policy engine may then arrange for a security policy package to be implemented for the external application, the security policy packing being associated with the retrieved potential security model and the retrieved potential security specification.

The invention discloses a structure optimization method for a motor employing immersion type evaporative cooling. The method comprises the following steps of: correspondingly reducing the thickness of a main insulating layer of a stator by 50 to 60 percent, and correspondingly improving the current density of the stator by twice to 2.5 times by taking an air-cooled motor with the same voltage grade and the same capacity as a reference; and obtaining the minimum shape data of each part structure according to combinational calculation results obtained by different values of each parameter on the basis of the thickness of the main insulating layer of the stator and the current density of the stator under conditions which are consistent with security specifications about the motor in national standard, wherein the parameters comprise air gap flux density, the number of turns of a stator winding, the internal and external diameters of the stator and a rotor, and the heights and widths of a stator slot and a rotor slot. By the method, the advantages of an immersion type evaporative cooling technology are fully utilized, the overall dimensions of the motor and each main part are greatly reduced under the same voltage grade and the same capacity, and manufacture cost is decreased. On such a basis, the invention also provides the motor employing the immersion evaporative cooling.

A mobile application automation security testing platform is used for detecting security of Android applications, so as to verify whether the Android applications coincide with security standards. The platform is capable of performing component analysis on an application installed on an Android system, and by means of an exposed component, determining an attack surface, carrying out a penetration test, and mining out a vulnerability of the application in depth, wherein a coverage of the test comprises an authentication bypass test, an SQL impregnation test, insecurity of data storage and reading of a file system and the like. During a test process, acquisition of a root permission of a mobile phone terminal is not required, and it can be ensured that the mobile phone terminal interacts with other application and operating systems as a common Android application. Different from an automated scanning tool of a web field, the testing platform is an interactive security testing platform, and during a use process, the user only needs to input a command on a working state (PC terminal) of the user, and the command is transferred to a proxy program on an Android device via a connection of a port and executed, so as to complete the whole security test.

In a system where a management application sends commands to a remotely-located agent over a network, the agent maintains a security specification table defining the security level for each combination of the cipher and authentication algorithms of the communication path to/from the management application and a required security level table defining the minimum security level required for the execution of each command. Upon receiving a command from the management application, the agent obtains, by referencing these tables, the operational security level of the communication path and the required security level for the command, and executes the command only if the former is greater than or equal to the latter. This mechanism ensures high security in system management by preventing a malicious intruder from executing potent commands that can cause a down of a computer system, without unreasonably limiting the use of the management application by the system administrator.

The invention belongs to the technical field of software test verification, and provides a security-critical software verification method and device, equipment and a medium. The method comprises the following steps: expanding an FTA model based on an LTL language to obtain a formalized system security constraint condition and a corresponding software demand specification; matching the software requirement specification with a software specification symbol of the MBD according to a pre-formulated conversion rule, so that the software requirement specification is converted into a security specification model; and inputting the security protocol model and the pre-generated SCADE software design model into a model verifier to complete security verification of the software. By adopting the technical scheme of the embodiment of the invention, the security constraint condition and the software requirement specification corresponding to the security constraint condition are enabled to meet the formalized characteristics through extension of the LTL language, and meanwhile, the software requirement specification can be converted into the security specification model according to the pre-formulated conversion rule, and the security specification model is input into the model verifier for verification; the interference of human factors in a safety verification method is avoided, and the reliability is improved.

A security verification system and method that includes outputting a list of potential dataflow vulnerabilities as a first output from inputting a subject program and security specification, mapping candidate vulnerabilities to a user interface (UI) entry point and payload from the output of the list of potential dataflow vulnerabilities to provide a second output, and performing directed testing of the second output.

The invention provides a mobile communication terminal and a method thereof for adjusting the power of an FM/AM (frequency modulation/amplitude modulation) transmitter. The method comprises the following steps: detecting the connection of peripheral devices of the mobile communication terminal to generate the connection information of the peripheral devices; and adjusting the power of the FM/AM transmitter according to the connection information of the peripheral devices. The invention has the following beneficial effects: the technical means that the power of the FM/AM transmitter is adjusted during the connection of peripheral devices is adopted, thereby overcoming the problem of the radiation from the peripheral devices in a coupling manner during the connection with the peripheral devices and further achieving the technical effect that a mobile phone or components provided with the FM/AM transmitter can meet the requirements according to the security specification.

An image forming apparatus that is capable of performing an update that properly maintains a security specification configuration for an image forming apparatus with a high security specification without making an improper update. Update of firmware is controlled to be stopped when it is determined that the specification configuration of the firmware before update is a security specification configuration, and an instruction to update the firmware has been manually issued.