119 results about "Security framework" patented technology

Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) LAN, and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implement a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE.

A computer system, a method of a computer system and a computer-readable medium securely transmit and verify a multiparty agreement. The method, the computer system, and the computer readable medium include developing and transmitting views of the multi-party agreement by each party to a separate verification party. The verification party authenticates the participants and determines whether the views of the agreement are mutually consistent, and notifies the parties of the results of the comparison.

An automated method and system is provided for facilitating interaction between a consumer and a merchant using a strong security framework. An offer describing a product and a predetermined means for acceptance is presented via a display. Once the offer has been presented, if the consumer accepts, the system performs various authentications, then facilitates receipt of the acceptance. The system then combines the acceptance data with identification and payment information, and transmits the relevant information to the merchant. Optionally, the system may customize the content or the presentation of the offer based on information about the targeted consumer.

A system and method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network is provided. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise. Primary authentication information stored herein includes general user information, security, and contact information.

A system and method for protecting cross-domain interaction of a web application on an unmodified browser. The system includes: a security framework, which is created by a browser. The security framework further includes: a component creator for creating components from a plurality of sources; and supervision module for supervising and controlling scripts/codes executed during the creation of components and invocation and interaction operations performed by various components after the creation of components.

A method by which access to services of a network are controlled, including a step in which a client device presents proof of identity to a service security module attached to the network and providing security against unauthorized access to the service.

Techniques for securely invoking a server-side API from client-side Web application code using AJAX. In one set of embodiments, a request to invoke a server-side API is received from a client-side component of a Web application, where the request is sent asynchronously using AJAX. One or more security handlers are then invoked to process the request in a manner that mitigates various security attacks. In one embodiment, a security handler is invoked to defend against a plurality of different types of Web application/AJAX security attacks. In another embodiment, authentication and authorization security handlers are invoked to authenticate a user of the Web application that originated the request and determine whether the user is authorized to call the server-side API. In yet another embodiment, configuration is implemented at the data storage tier to enforce user-access and data security on data that is retrieved/stored as a result of invoking the server-side API.

According to the invention, a safety problem based on splitting and under large-scale shared virtual calculating environment is discussed. And the invention provides a safety framework based on a virtual machine and facing the virtual calculating environment and a large-scale distributed extensible intrusion detection system. The system provides resource access monitoring identity authentication inside and outside an ability service domain and an encrypted data transmission channel for a user, provides isolation and protection of a user space and a system space and finally guarantees application safety based on an ability server. By using the system of the invention, many safety problems under the ability server, such as, a large-scale dynamic user quantity, large-scale dynamic virtual resource objects, a calculating load of dynamic increase and reduction, user space isolation, user system isolation and protection, internal and external network attack prevention, equipment safety reuse and sharing, communication safety, uniform authentication, access control and the like, are solved.

The invention discloses a method, a device and a system for the authentication and key distribution of a wireless mesh network. The authentication method mainly comprises the following steps that: MPP (Mesh portal point) equipment receives an authentication request sent by an MP (Mesh point) initially accessing the network; the MPP equipment forwards the authentication request to AC equipment and the AC equipment sends the MP authentication information in the authentication request to an authentication server; and the AC equipment receives MP authentication result fed back by the authentication server and forwards the authentication result to the MPP equipment, and the MPP equipment transmits the authentication result to the MP. The invention provides a manageable and operable safe framework of the Mesh network, and provides an effective authentication and key distribution method to effectively establish associated links between MPs to ensure the safe transmission of link layer data.

The present disclosure is a method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise. Primary authentication information stored herein includes general user information, security information, and contact information.

A conditional access system comprising a plurality of devices interconnected in a network, the devices being grouped in a first group and a second group, the devices of the first group operating in accordance with a first security framework and the devices of the second group operating in accordance with a second security framework, each device operating using a particular middleware layer, said middleware layer being arranged to authenticate another middleware layer of another device, said middleware layer being authenticated by the security framework in accordance with which the device operates.

Local storage on player instruments provides the ability for adding further amendments and most recent supplements to the optical disc content. A problem arising with this technically applicable possibility is the protection of copyrights bound to disc and supplement data. The present invention describes a technique to ensure a security framework that is able to handle this, by creating a virtual file system by merging optical disc data and local storage data based upon a common identifier.

The invention discloses a threat detection method. The method comprises the steps of collecting weblog monitored in real time; performing threat detection on the weblog by utilizing a threat detectionmodel to obtain a detection result; if the detection result represents that the behavior of the weblog is abnormal, determining a target attack link to which the weblog with the abnormal behavior belongs based on an attack chain of a network space security framework; and taking the target attack link in the attack chain and all preorder attack links of the target attack link as attacked links tocomplete threat detection of the weblog. The invention further discloses a threat detection device and equipment and a storage medium. Threat capture is carried out from the global perspective of theattack chain, and the security defense capability is improved.

An information security model provides a set of schemas that ensure coverage of all securing components. All points are addressed and evaluated in a net of three-dimensional coorindate knots The model defines the relation between components in the information risk and security space, and provides an information risk and security framework that ensures that all information security components are addressed; enables standardized information security audit; provides information risk compliance numbers; and defines strategic business direction to address information security implementation. The information security model of the present invention standardizes the approach and creates a matrix through which risk compliance factors can be calculated.

The invention provides a security framework and relates to the technical field of computer information security, in particular to a dynamic migration security framework of a virtual machine. The dynamic migration security framework is composed of a centralized control engine and a local migration engine; the centralized control engine provides functions of two-way authentication, access control and security audit under the control of a security policy, monitors resource utilization of a physical server and the virtual machine in real time, and provides resource basis for dynamic migration of the virtual machine. The local migration engine completes the dynamic migration of the virtual machine in stages according to the established migration strategy and under the control of the security policy. The security framework is supportive of a plurality of security mechanisms and the dynamic migration strategies of the virtual machine, security of sensitive information of the virtual machine can be effectively protected, security attacks upon the dynamic migration of the virtual machine are resisted, and compatibility is high.

A method for protecting software is provided, where source code for the software has a first directive marking an encryption beginning point and a second directive marking an encryption end point. The method contains the steps of: processing the source code to identify a block of code between the first and second directives; compiling the source code to produce a binary file; generating a valid key and a random string; encrypting the random string with the key to obtain a first encrypted value; encrypting a portion of the binary file corresponding to the block of code with the valid key to obtain a second encrypted value; and replacing the portion of the binary file corresponding to the block of code with the second encrypted value and code that can decrypt the second encrypted value during execution of the software.

The management network security architecture comprises: management station and managed device. The method thereof comprises: establishing a security transmission channel between the management station and managed device; making authentication for the management station; using said security transmission channel to make information interaction between said management station and managed device.

The invention discloses a software defined network security situation assessment method. The advantages of SDN (software defined network) control and direct and quick information collection are combined, an open SDN security situation assessment framework is provided on account of three kinds of attacks of an SDN forwarding surface, the security framework closely fits a framework of an SDN controller, an anomaly detection module extracts characteristic indexes according to the SDN and various attack characteristics, an SVM (support vector machine) classification algorithm is selected for identification, and attack pre-judgment is given. A security situation assessment module performs quantitative assessment on network security situations according to information collected by the anomaly detection module, and attack sensitivity and noise resistance of an assessment system are regulated through setting of a threshold value. Different weights are allocated to different attacks based on an AHP (analytic hierarchy process) so as to fit out a comprehensive security situation of the network. The method is flexible and simple, attach behaviors can be detected accurately, the quantitative assessment of the security situations of the network is given, and monitoring and assessment of the security status of the SDN forwarding surface are realized with lower cost.