129 results about "Trusted client" patented technology

A secure searchable and shareable remote storage system and method which utilizes client side processing to enable search capability of the stored data, allow the synchronizing of stored data between multiple discrete devices, and allow sharing of stored data between multiple discrete users. Such a remote storage system and method includes a networked remote computer server which receives and stores encrypted data and manages access thereto and a client device configured to index data to be stored, upload secured data and related information, perform searches on the stored data and related information locally, and implement cryptographic protocols which allow the stored data and related information to be synchronized with other desired client devices. Advantageously, since trusted client-side search code may directly access mostly plaintext data, it may operate orders of magnitude faster than the equivalent server code which may access encrypted data only.

Bootstrapping a trusted cryptographic certificate or other credentials into a client web browser application can be used to provide protection against “phishing” and “man-in-the-middle” attacks made over a computer network. Verification credentials are provided to users who connect directly to an authentication server and provide sufficient authentication information. The authentication server can rely upon the use of private URLs associated with each user as part of the verification process and can reject users who connect by clicking on a hyperlink directed to the authentication server.

In a system providing for user access of secure resources upon user authentication by a remote authentication server, a successful user authentication is saved locally for use when the authentication server is not available. The successful user authentication returns an authenticated credential which is stored on the local client utilizing a security method such as Public Key Infrastructure which prevents tampering with the credential. If a gateway machine provides connectivity between the client and the authentication server, the credential is also stored on the gateway.

The instant invention is a program applet that can be loaded onto mobile devices and directly interfaces with the operating system and automated test scripts. The program applet is capable of initiating the required transfer and will provide information regarding the progress of the transfer such that a test client can properly calculate the data throughput rates. The result is a minimization of time-to-market for test and measurement tools using software architecture that simplify and speed-up development and maintenance of test and measurement tools by removing awareness of complexity of external hardware dependencies from the actual test and measurement software code, and placing dependencies management to carefully defined components that could be reused and shared between multiple test and measurement software tools and systems at once.

An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.

A method, system and computer-usable medium are disclosed for validating user credentials submitted to a data source by an untrusted intermediary. An untrusted intermediary attempts to access a data source on behalf of a user. The untrusted intermediary challenges the user to provide credentials of the type and format required to access the data provided by the data source. The user's trust client connects to an authentication service and identification credentials of the required type and format are generated. The identification credentials are conveyed to the user's trust client, which then provides them to the user's client, which in turn conveys them to the untrusted intermediary. The untrusted intermediary then presents the identification credentials to an authentication plug-in of the data source. The authentication plug-in validates the authenticity of the provided credentials with their associated authentication service. Once the credentials are successfully validated, the requested data is provided to the user's client by the untrusted intermediary.

In accordance with an embodiment of the present invention, a trusted client includes a non-volatile memory programmed with an encrypted disk key. The encrypted disk key in the non-volatile memory is encrypted with a master key of a security processor. Accordingly, encrypted data received by the central processor from a disk's security logic is forwarded to a security processor along with the encrypted disk key. The security processor decrypts the encrypted disk key and then decrypts the encrypted data, utilizing the disk key. The disk key is never available to the central processing unit in the clear.

The application provides a data processing method and system and relates to the technical field of networks. The method includes: receiving a bill downloading request of a user client, based on a bill page; parsing query information in the bill downloading request, wherein the information includes a user identification and bill query condition information; acquiring the total quantity of data to be downloaded in a database according to the bill query information and judging whether the total quantity of the data satisfies a threshold condition; if yes, stopping a synchronization response to the bill downloading request and entering an asynchronous bill file generation process based on the user identification and the bill query condition and prompting the user client to enter a downloaded-file storage area in a delayed manner to download bill files; and with respect to the asynchronously generated bill files, transferring the asynchronously generated bill files to a downloaded-file storage area corresponding to the user identification according to a client identification. The data processing method and system reduce the pressure of the system through an asynchronous method so that stability of the system can be protected.

A computer system and method for securing files in a file system equipped with storage resources that are accessible to an authenticable user operating with an untrusted client device under the semi-trusted client threat model. The file to be secured is stored in one or more blocks belonging to the storage resources along with symmetric per-block key(s) KB_i assigned to each of the blocks in the file. The blocks are encrypted with the symmetric per-block keys to obtain encrypted blocks. The user is assigned user key(s) and each per-block key that was used for encryption is in turn encrypted with one of the user's keys to derive wrapped key(s) for each encrypted block. Wrapped key(s) are placed in encrypted block headers and introduce a level of indirection to encrypted file(s) that is appropriate for the semi-trusted client threat model.

A message processing apparatus (200) is provided in an electronic messaging system. The message processing apparatus (200) holds an ordered queue (232) of the electronic messages (101) and adds a new incoming message (101) to the queue (232) according to a reputation score (201) allocated to each incoming message. Messages having a highest reputation score (201) are extracted from a top of the queue (232) for detailed analysis according to one or more filtering mechanisms. A message forwarding unit (250) forwards wanted messages to a server unit (300) for onward transmission to a recipient terminal (20). Messages from a trusted client identity (105) who is most likely to send wanted messages are allocated a high reputation score (201) and take priority through the queue (232). Messages from a non-trusted client identity (105) are allocated a lower reputation score (201) and remain in the queue (232) until all messages with a higher reputation score (201) have been extracted.

The invention provides an integration development system for application programs. The integration development system comprises a developer client, a cloud server and a user client. The developer client is used for sending a developer document to the user client and the cloud server; the cloud server is used for recognizing a service logic code according to an execution environment to obtain a cloud logic code, processing a digital code and synchronizing the same with the user client; the user client is used for recognizing the service logic code according to the execution environment to obtain a user logic code and receiving the synchronized digital code sent by the cloud server. The invention further provides an integration development method for the application programs, the cloud server and the user client. The codes can be automatically determined to be executed in the cloud client or the user client according to running logic of the codes, so that the cloud server code or the user client code needs not to be distinguished during development by developers, and developer groups with random backgrounds are allowed to independently develop the complete Web application programs.

Context information associated with a selected portion of a media item is presented to a user via a user client. The user client receives a selection of a portion of the media item being presented to the user by the user client. The user client determines context information based on the selected portion of the media item, and generates a context presentation card using the determined context information. The user client presents a partial portion of the context presentation card containing a subset of the context information to the user.

The invention discloses a long-distance design system and method which are used to rapidly design section products aiming at different demands of different clients. The system comprises a server, a design client and a user client, wherein the user client is connected with the server through an internet, and is capable of selecting an original module and inputting size data required practically from the server, and automatically generating a three-dimensional assembly module, a two-dimensional engineering drawing, a bill of material (BOM) table, a project quotation and the like of products for the user to check; after the user orders, the design client analyzes a configuration table in the order to regenerate a three-dimensional model with an actual size and a two-dimensional engineering drawing, so as to realize rapid design and production. The invention is suitable for the rapid and large-scale design, production and manufacturing of the section products.

The invention discloses a privacy character information encryption inquiry method and system. The privacy character information encryption inquiry method comprises the following steps: (1) data encryption: converting the plaintext tuples submitted by a trusted client to ciphertext tuples; wherein the plaintext tuple comprises privacy fields; and the ciphertext tuple comprises the ciphertext data and the index data; (2) query conversion: converting the raw query condition to an index query condition, and taking the tuple set composed of the ciphertext tuples whose index data satisfies the index query condition as the relevant ciphertext tuple set; (3) data decryption: decrypting the relevant ciphertext tuple set to obtain temporary results in plaintext form; (4) data screening: executing the raw query condition to obtain the target plaintext tuple set. The privacy character information encryption inquiry system comprises a data encryption component, a query conversion component, a data decryption component and a data screening component. Compared with the prior method, the privacy character information encryption inquiry method disclosed by the invention is more flexible and safer.

The invention discloses a home and school interconnection method and system and a user client. The home and school interconnection system comprises a teacher user client, a student user client, a parent user client and a network server. The teacher user client sends information messages to the student user client and the parent user client and uploads the information messages to the network server. The information messages comprise one or more of notices, activities, homework, homework grades, scores, courses and evaluation. The parent user client receives the information messages sent by theteacher user client and checks the information messages of a corresponding student through the network server. The communication can be carried out among the teacher user client, the student user client and the parent user client and the parent user client can check the information messages of the corresponding student, so the method, the system and the user client are very convenient.

A method, apparatus, system, and signal-bearing medium that, in an embodiment, receive cues, one-time passwords, and a presentation order. The cues and one-time passwords are associated with a user name. In response to a cue request, the cues are presented in the presentation order and input data is received. If the input data matches the associated one-time password, then access to secure information is granted and the one-time password is invalidated. If the input data does not match the associated one-time password, then access to secure information is denied. In various embodiments, the cues may be text, images, audio, or video. In this way, in an embodiment, one-time passwords may be used in response to cues, which may increase security when accessing information from a non-trusted client because if the one-time password is misappropriated via the non-trusted client, the one-time password is no longer valid for future use.

Provided in an embodiment of the present invention are a software key updating method and device. A trusted client device receives key information and verification information corresponding to the software and transmitted by a server, the key information containing a to-be-updated first software public key signature and a new second software public key signature, and the verification information containing software verification information; if a valid first software public key signature corresponding to the software and stored in the trusted client device is consistent with the received first software public key signature, then checking whether the software verification information is valid; and if the software verification information is valid, then updating the valid first software public key signature corresponding to the software and stored in the trusted client device as a second software public key signature. With the above solution, the present invention can remotely update a software key signature on a trusted client device, thus preventing the problem of being unable to update an invalid key.