40 results about "Computer security model" patented technology

The present invention provides a generic distributed command, control, and communication framework that allows computer systems, devices, and operational personnel to interact with the network as a unified entity. The present invention provides these services by building upon a core communication architecture that permits local or remote execution of mobile program code, static execution of program code, flexible communication formats, self-healing network techniques, and expansion by the addition of new system modules, software handlers, or mobile autonomous agents.

A security system for a computer system provides one or more security domains. Access to assets registered to the security system is controlled by rights and privileges. Rights are derived from roles, and each user is assigned one or more roles. Privileges are attached to assets, and an appropriate combination of rights and privileges is required before a user is granted the specified type of access to the asset.

A computer system provides system-wide computer application security using role-based identifiers. The programmer identifies secured functions within a software application using a hierarchical identifier. The hierarchical identifiers are grouped together into privilege sets. The privilege sets and other hierarchical identifiers are grouped together into job functions, which are in turn grouped into larger subsets called user roles. These user roles are stored in a data store. User identifiers are created. Each user identifier is linked to one user role in the data store. A surrogate identifier is created to correspond to each user role and is stored in the data store. The surrogate identifiers are not disclosed to the users. A user is given permission to access secured functions within an application by retrieving a surrogate identifier from the data store, which shares the same user role as the user. Access rights are determined using the surrogate identifier to validate permissions on a security provider.

A method of securing data stored on an electronic device 1, the method comprising encrypting the data using a cryptographic key derivable from or accessed using a passphrase, requiring the entry into the device of the passphrase when a user wishes to access the data, subsequently inhibiting access to the data whilst the device 1 remains active, and requiring the entry into the device of a predefined password when a user wishes to access the data, the password being different from the passphrase.

A method of securing data stored on an electronic device 1, the method comprising encrypting the data using a cryptographic key derivable from or accessed using a passphrase, requiring the entry into the device of the passphrase when a user wishes to access the data, subsequently inhibiting access to the data whilst the device 1 remains active, and requiring the entry into the device of a predefined password when a user wishes to access the data, the password being different from the passphrase.

A method and system for controlling access to data via a data-centric security model. A business data classification scheme is defined as a hierarchy that includes data types aligned with business operations. A data element is labeled with a data label. The data label includes multiple attributes associated with a data-centric security model. A first attribute is a data type of the data element. A second attribute includes security requirements. Data control rules are automatically generated for an enforcement of the security requirements. The enforcement grants or denies to a user an access to the data element via a predefined action. The enforcement is based on a predefined association among the predefined action, a predefined role that includes the user, the data type and, optionally, a purpose for performing the predefined action.

A method and system for controlling access to data via a data-centric security model. A business data classification scheme is defined as a hierarchy that includes data types aligned with business operations. A data element is labeled with a data label. The data label includes multiple attributes associated with a data-centric security model. A first attribute is a data type of the data element. A second attribute includes security requirements. Data control rules are automatically generated for an enforcement of the security requirements. The enforcement grants or denies to a user an access to the data element via a predefined action. The enforcement is based on a predefined association among the predefined action, a predefined role that includes the user, the data type and, optionally, a purpose for performing the predefined action.

Provided is a private and secure network that uses an authentication mechanism with a uniquely assigned private IP address and network credentials issued as part of a VPN certificate exchange. A first layer of authentication establishes a secure tunnel between user and VPN server, and a second layer of authentication connects that secure tunnel to the web site or resource, without passing the VPN certificate. Once authenticated, interaction between website or resource and user are automatically monitored for abnormal or malicious behavior and, if required, automatic verification and authentication response is generated.

The computer safety control module includes CPU, memory connected to the CPU, connector, safety coprocessor, IDE controller, SCSI controller and identity authority identifier. The computer safety protecting control method includes: starting self-test with the safety module in the computer, alarming and waiting for the user to process in case of abnormality found in the self-test, and initiating BIOS program with the computer system unit to initialize the computer; calling computer safety control module PCI to expand ROM and to turn off the unsafe peripheral; performing user authority identification with the user's authority identifier; starting the hardware units based on the authority; entering the computer operation system, monitoring the system unit state and reporting regularly to the safety control module with the background monitoring program, and performing safety processing with the safety control module in case of illegal operation, etc.

A computer security lock having separate key pairs includes an encryption board inserted between a main board and a hard disk, and an encryption board being inserted into the encryption board to perform a real-time authentication process. The electronic key and the encryption board performs the real-time authentication process and hardware anti-copy self-testing process, and encrypt the data communicated between the encryption board and the electronic key. After passing the authentication process and the hardware anti-copy self-testing process, the electronic key combines an internally stored key list with the key list on the encryption board, and selects a user key to encrypt / decrypt the data on the disk according to the partition of the hard disk where the encrypted data is written to. The computer security lock can assure the safety of the data, and the hardware is prevented from being copied.

A security device to secure a computer may include a substantially vertical pedestal, a fixed platform mounted on the pedestal, a clamping table to cooperate with the fixed platform to secure the computer and a locking assembly to allow the clamping table to be moved to allow the computer to be attached and released from the fixed platform in an unlocked state and to prevent the clamping table from being moved to hold the computer in a locked state, The locking assembly may include a locking knob to operate the locking assembly between the locked state and the unlocked state, and the locking knob may rotate freely in the locked state and rotates to allow the clamping table to be moved in the unlocked state.

The invention discloses a computer security starting method based on a heterogeneous multi-core chip. The method includes: using at least one trusted core on the basis of a heterogeneous multi-core platform to ensure security of an untrusted core. The trusted core is used as a monitoring core, and the untrusted core is used as a computing core; the trusted core and the untrusted core are heterogeneous, and a CPU core with independent intellectual property is a first choice of the trusted core. The trusted core and the untrusted core are isolated by hardware, and sensitive hardware resources are collected to the trusted core. The trusted core is communicated with the untrusted core through cooperation of shared memory and inter-core interruption. The trusted core is guided by adopting a self-developed system, and provides security services outwards, and the untrusted core is guided by adopting a UEFI (Unified Extensible Firmware Interface) system. A core of the method is to ensure the security of the untrusted core on the basis of the heterogeneous multi-core platform through the trusted core. Realization of the method is not limited by specific platforms and starting manners, and the method can be applied simply with the need for satisfying basic requirements.

The invention provides a computer security system and a method thereof. The system comprises a host device of a computer interface signal transmission and management system, a client device of the computer interface signal transmission and management system, a computer data isolation transmission and management system device, a computer security monitoring server, a computer environment monitoring device, an outer network computer and an inner network computer. The method comprises the following steps: the computer interface signal transmission and management system isolates the host computer from a display device, a mouse keyboard inputting device, a computer interface signal, a reset interface signal and an on / off interface signal. The user surfs the internet to communicate with the outside world by the outer network computer and performs secure and confidential work by the inner network computer; the computer data isolation transmission and management system is connected with the outer network computer and the inner network computer, so that the data which needs to be transmitted is transmitted under the monitoring condition of computer security monitor and management software.

A computing apparatus having a hard drive storage unit which includes a global positioning system, a non-volatile memory and a compare module. The non-volatile memory stores a permitted zone of operation of the hard drive storage unit while the compare module monitors the current location. If the compare module detects a current location of the hard drive storage unit as tracked by the global positioning system which is outside of the permitted zone of operation as stored in the non-volatile memory, the non-volatile memory contains at least one command implemented by a computer processor that may cause the hard drive storage unit to become disabled.

A system and method is described for protecting applications against malicious URL links by identifying a final destination. The system and method also includes enabling a user process to directly connect to the final destination, bypassing the original URL altogether; thereby bypassing the hacker's ability to use that URL to programmatically send the application to a malicious site.

A client computer may be configured to perform computer security operations in conjunction with a remotely located security server. Upon detection of a computer security event, such as reception of a file, the client computer may generate a query input and determine if the query input has corresponding security information in the security server. When the query input has corresponding security information, the client computer may forward the query input to the security server. In response, the security server may retrieve the security information using the query input and provide the security information to the client computer. As a particular example, the security event may be reception of a file in the client computer and the security information may indicate whether or not the file is infected with a computer virus.

The invention provides a computer security login guarantee system. The computer security login guarantee system adopts a central processing device, a password input unit, a password checker, an imagecollection module, an image processing module, an operating system, an alarm device, a wireless transmission device, a user mobile phone, a computer display and a computer memory, a computer owner canauthorize a computer user to use a computer through the mobile phone and can also obtain face image information of the personnel logging in the computer so as to know who is using the computer, and can also know who logs in / attempts to log in the computer at what time through the computer memory, so that the information security of the computer is greatly improved, wherein the image processing module performs image denoising, image enhancement, image sharpening and image smoothing on collected images in turn to collect the image information of the image collection module efficiently and quickly, and the recognition accuracy of the face of the personnel logging in the computer can be improved to effectively reduce the occurrence of misjudgments.

A method of controlling a process on a computer system for backing-up files stored in a primary storage medium, to a secondary storage medium. The method comprises monitoring a file system implemented on the computer system in order to detect write operations made by the file system to said primary storage medium. Upon detection of a write operation, the integrity of a file being written is verified and / or changes in the file identified with respect to a version of the file currently stored in the primary storage medium and which is being replaced. In the event that the integrity of a file being written by the file system is compromised, and / or any identified changes in the file are suspicious, then the file is identified to the back-up process such that automatic back-up of the file is inhibited.

The invention provides a computer security protecting method, a computer security protecting device and a computer. The computer security protecting method comprises the following steps: verifying an agent program of a mobile terminal application program and judging whether the agent program is legal, wherein the mobile terminal application program is connected with the mobile terminal through the agent program, and the mobile terminal application program and the agent program are both arranged in the computer; and when the agent program is judged to be illegal, rejecting the data interaction between the mobile terminal and the mobile terminal application program. With the adoption of the method, the problems in the prior art that a computer security protection method cannot provide security protection to the computer when the agent program of a mobile terminal driving program is illegally replaced or modified are solved, so that better security protection is provided for the computer.

The invention discloses a computer security device and a fingerprint unlocking method and a password unlocking method thereof. The device includes a first gear and a battery. The first gear is fixed with a rotor of the anti-theft lock motor through a bolt. The anti-theft lock motor is fixed in the shell through a motor base. A rack is mounted below the first gear; the rack and the first tooth groove are integrally formed. Meanwhile, the rack and the second tooth groove are integrally formed. A first sliding block is welded to the lower side of the rack and matched with the first sliding groovein size, meanwhile, the first sliding groove is welded into the shell, the second gear is installed on a shaft rod through a bolt, the lower side of the shaft rod is installed on an installation basein the shell through a bearing, and meanwhile a third gear is fixedly installed on the upper side of the shaft rod through a bolt. According to the computer security decryption device, two modes of fingerprint unlocking and password unlocking are used for unlocking operation, so that the security of the server is protected, and meanwhile, the anti-theft effect of the server is improved.

The invention discloses a computer security login system based on Internet of Things, belongs to the technical field of computers, and solves the problem that normal login verification work cannot berealized when a computer is in emergency power failure in an existing system. The system comprises a computer terminal module used for verifying user login, a front control module, used for controlling the computer terminal module to operate; a data platform module used for processing login data; a standby power supply module used for storing energy and supplying power. The data platform module isconnected with the pre-control module through a local area network. The system has the advantages of being stable in operation and convenient and fast to operate, meanwhile, due to the arrangement ofthe standby power supply module, power can be supplied to a computer when the computer is powered off, the computer security login system further has the advantage of being safe in login, and the safety of user data and the privacy of a user are guaranteed.

The invention belongs to the technical field of electronic information, and particularly discloses a computer security system and method. The system comprises a microprocessor; an input port of the microprocessor is connected with output ports of a state information collection end and a power module through data lines; the state information collection end comprises an electric quantity detection apparatus, a temperature sensor, a smoke sensor and a circuit detection apparatus; output ports of the electric quantity detection apparatus, the temperature sensor, the smoke sensor and the circuit detection apparatus are connected with the input port of the microprocessor through data lines; and a transmission port of the microprocessor is connected with a transmission port of an access end management system through a data line. According to the scheme, a network environment and a hardware state of a computer can be monitored in real time; problems can be timely discovered and reminded; and the security of network use is improved.

The invention discloses a computer security system, comprising an AT89S52 single-chip microcomputer, a temperature sensor DS18B20, a key, indicator lights and a buzzer. When in use, the computer security system disclosed by the invention is installed in a mainframe box of a computer, wherein the key and the indicator light are arranged on a shell of a computer mainframe; temperature information in the mainframe is collected by the temperature sensor DS18B20; a temperature signal monitored by the temperature sensor DS18B20 is read by a P2.4 port of the AT89S52 single-chip microcomputer in real time, and the temperature signal is compared with set limit alarm temperature; when the temperature signal exceeds the alarm temperature, a signal is sent to the buzzer by a P2.3 port of the AT89S52 single-chip microcomputer to control the buzzer to perform alarm output, and meanwhile, a red indicator light is controlled to be turned on through a P2.1 port.