公开(公告)号：WO2017131829A1

公开(公告)日：2017-08-03

申请号：PCT/US2016/060265

申请日：2016-11-03

Applicant: MCAFEE, INC.

Inventor： REVASHETTI, Siddaraya ,  RAJAN, Priyadarshini, R. ,  ZAMBRE, Sulakshana ,  SUNIL, Saira ,  SUSMITA, Nayak

IPC: H04L29/06

CPC classification number: H04L63/04 ,  H04L63/1408 ,  H04W4/02 ,  H04W4/80 ,  H04W12/12 ,  H04W48/10 ,  H04W48/12

Abstract: A technique for determining the safety of the content of beacon transmissions. A user device extracts beacon identification information from a beacon transmission. The user device queries the beacon registry to obtain the targeted content. The user device provides the targeted content and beacon identification information to a validation service. The validation service evaluates the targeted content and the beacon identification information for safety. The validation service determines a score based on that evaluation and sends the score to the user device. The user device alerts the user or performs background actions such as suppression of transmission of beacon contextual data to other apps on user device based on the score.

Abstract translation: 用于确定信标传输内容的安全性的技术。 用户设备从信标传输中提取信标标识信息。 用户设备查询信标注册表以获得目标内容。 用户设备将有针对性的内容和信标标识信息提供给验证服务。 验证服务为了安全评估目标内容和信标标识信息。 验证服务根据该评估确定分数并将分数发送给用户设备。 用户设备警告用户或执行后台动作，例如基于得分抑制向用户设备上的其他应用发送信标上下文数据。

公开(公告)号：WO2017112105A1

公开(公告)日：2017-06-29

申请号：PCT/US2016/060303

申请日：2016-11-03

Applicant: MCAFEE, INC.

Inventor： DURAND, Ryan, M. ,  WOODWARD, Carl, D. ,  MEHTA, Kunal ,  GRINDSTAFF, Lynda, M.

IPC: H04L29/06 ,  H04L9/32 ,  H04L12/24

CPC classification number: H04L63/1475 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/10 ,  H04L63/126

Abstract: Protecting personally identifiable information data collected and/or stored in physical objects with embedded electronic devices by performing at least the following: obtaining a plurality of personally identifiable information algorithms for a plurality of electronic user devices, determining a relevant personally identifiable information algorithm from the plurality of personally identifiable information algorithms, executing the relevant personally identifiable information algorithm over the relevant personally identifiable information from one of the electronic user devices to construct a personally identifiable information data result, and transmitting the personally identifiable information data result without transmitting the relevant personally identifiable information to a remote computing system.

Abstract translation: 通过执行至少以下步骤来保护收集和/或存储在具有嵌入式电子设备的物理对象中的个人可识别信息数据：获得用于多个电子用户设备的多个个人可识别信息算法， 从所述多个个人可识别信息算法中选择相关个人可识别信息算法，对来自所述电子用户设备之一的相关个人可识别信息执行相关个人可识别信息算法，以构建个人可识别信息数据结果，以及将个人可识别信息数据 结果没有将相关个人身份信息传输到远程计算系统。

公开(公告)号：WO2017053002A1

公开(公告)日：2017-03-30

申请号：PCT/US2016/048955

申请日：2016-08-26

Applicant: INTEL CORPORATION

Inventor： KHOSRAVI, Hormuzd, M ,  BRONLEEWE, David, A. ,  ALMAHALLAWY, Khaled, I. ,  SMITH, Ned, M.

IPC: G06F21/31 ,  G06F21/33 ,  G06F21/34 ,  G06F21/35 ,  G06F21/42 ,  G06F21/46 ,  G06F21/32 ,  H04L9/32

CPC classification number: H04W12/06 ,  G06F21/32 ,  G06F21/72 ,  G06F21/78 ,  H04L63/04 ,  H04L63/0861 ,  H04L2463/082

Abstract: Technologies for authenticating a user and a mobile computing device of the user at an authentication computing device include generating, at the authentication computing device, a multi-factor authentication credential that includes a text-based credential and a plurality of biometric authentication factors corresponding to the user. The mobile computing device is configured to detect whether the authentication computing device is within proximity of the mobile computing device and establish a secure communication channel therebetween. The mobile computing device is further configured to securely store the multi-factor authentication credential received from the authentication computing device. The authentication computing device is configured to receive the multi-factor authentication credential from the mobile computing device and analyze the received multi-factor authentication credential to determine whether the user is an authorized user of the authentication computing device and take an action based on a result of the analysis. Other embodiments are described and claimed.

Abstract translation: 用于在认证计算设备处认证用户和移动计算设备的技术包括在认证计算设备处生成多因素认证凭证，其包括基于文本的凭证和对应于该文档的凭证 用户。 移动计算设备被配置为检测认证计算设备是否在移动计算设备的附近，并且在其间建立安全的通信信道。 移动计算设备还被配置为安全地存储从认证计算设备接收的多因素认证凭证。 认证计算设备被配置为从移动计算设备接收多因素认证证书，并分析接收到的多因素认证证书，以确定用户是否是认证计算设备的授权用户，并基于结果采取行动 的分析。 描述和要求保护其他实施例。

公开(公告)号：WO2016209355A1

公开(公告)日：2016-12-29

申请号：PCT/US2016/029170

申请日：2016-04-25

Applicant: QUALCOMM INCORPORATED

Inventor： JAKOBSSON, Bjorn Markus

IPC: G06F21/55 ,  G06F17/30 ,  G06F21/62

CPC classification number: G06F21/6263 ,  G06F17/30861 ,  G06F17/30876 ,  G06F21/552 ,  G06F21/554 ,  G06F2221/2143 ,  H04L43/06 ,  H04L63/04 ,  H04L67/02 ,  H04L67/143 ,  H04L67/146 ,  H04L67/22

Abstract: Methods, devices, systems, and non-transitory process-readable storage media manage unwanted tracking by evaluating conditions encountered by a browser application during sessions with websites. Embodiment methods performed by a processor of a computing device may include operations for identifying predefined browsing execution conditions encountered by the computing device during a session with a website, determining whether unwanted tracking of the computing device likely exists based on the identified predefined browsing execution conditions, and performing a corrective action in response to determining that the unwanted tracking of the computing device likely exists based on the identified predefined browsing execution conditions. Embodiment methods may also include operations for identifying a type of condition for each of the predefined browsing execution conditions and determining whether a number of each type of condition exceeds a predefined threshold for each type of condition for the session.

Abstract translation: 方法，设备，系统和非暂时过程可读存储介质通过评估浏览器应用程序在与网站会话期间遇到的条件来管理不必要的跟踪。 由计算设备的处理器执行的实施方式可以包括用于在与网站的会话期间识别计算设备遇到的预定浏览执行条件的操作，基于所识别的预定浏览执行条件来确定计算设备的不期望的跟踪是否可能存在， 以及响应于基于所识别的预定浏览执行条件确定可能存在所述计算设备的不期望的跟踪而执行校正动作。 实施方式还可以包括用于识别每个预定浏览执行条件的条件类型的操作，并且确定每种类型的条件的数量是否超过用于会话的每种类型的条件的预定阈值。

公开(公告)号：WO2016144217A1

公开(公告)日：2016-09-15

申请号：PCT/SE2015/050260

申请日：2015-03-09

Applicant: SAAB AB

Inventor： JONSSON, Mats

IPC: H04L29/06

CPC classification number: H04L9/3226 ,  H04L9/14 ,  H04L61/2007 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/061 ,  H04L69/162

Abstract: The disclosure relates to a system, devices and methods for distributing and using a communication scheme for way to enable secure communication between communication nodes in a network. A method comprises determining (S1), in the network node, a set of available IP addresses and a set of ports, dividing (S2), in the network node, a time frame in time slots, associating (S3), in the network node, each time slot with an IP address, with a port associated with the IP address and with a unique cryptographic key, distributing (S4), from the network node, the communication scheme to the communication node, receiving (S100), in the communication node, the communication scheme and communicating (S300), in the communication node, with another communication node in possession of a corresponding communication scheme by hopping between the IP addresses and ports according to the communication scheme and encrypting the communication using the unique cryptographic key.

Abstract translation: 本公开涉及用于分发和使用通信方案以用于实现网络中的通信节点之间的安全通信的方式的系统，设备和方法。 一种方法，包括：在网络节点中确定（S1）一组可用的IP地址和一组端口，在网络节点中划分（S2）时隙中的时间帧，在网络中关联（S3） 节点，具有IP地址的每个时隙，具有与所述IP地址相关联的端口和独特的加密密钥，从所述网络节点将所述通信方案分发（S4）到所述通信节点，在所述通信节点中接收（S100） 通信节点，通信方案和通信（S300）中，通过根据通信方案在IP地址和端口之间跳过而拥有相应通信方案的另一通信节点，并使用唯一密码密钥加密通信 。

公开(公告)号：WO2016048535A1

公开(公告)日：2016-03-31

申请号：PCT/US2015/046815

申请日：2015-08-25

Applicant: MCAFEE, INC.

Inventor： NAYSHTUT, Alex ,  SMITH, Ned ,  SHARAGA, Avishay ,  POGORELIK, Oleg ,  BHARGAV-SPANTZEL, Abhilasha ,  RAZIEL, Michael ,  PRIEV, Avi ,  SHALIV, Adi ,  MUTTIK, Igor

IPC: G06F21/57

CPC classification number: G06F21/6254 ,  G06Q30/0261 ,  H04L63/04 ,  H04L63/0414 ,  H04W4/021 ,  H04W4/21 ,  H04W8/06 ,  H04W12/00 ,  H04W12/02

Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.

Abstract translation: 在一个示例中，公开了客户机 - 服务器平台身份架构。 平台身份架构可用于使场地运营商能够提供在线服务并收集遥测数据和指标，同时为终端用户提供更多的隐私控制。 当进入兼容的场所时，用户的设备在安全硬件或软件中生成签名的临时假名身份（TPI）。 上传到场地服务器的任何遥测包括签名，使得服务器可以验证数据是否有效。 TPI可能有内置的到期。 因此，场地服务器可以在TPI期间接收有用的跟踪数据，同时确保用户永久地保持数据或与个人识别信息相关联。

公开(公告)号：WO2016039737A2

公开(公告)日：2016-03-17

申请号：PCT/US2014/054933

申请日：2014-09-10

Applicant: GE INTELLIGENT PLATFORMS, INC.

Inventor： GLOSSER, Richard, Joseph ,  BOETTNER, Fred, Henry ,  GRUBBS, Robert, Earl

IPC: H04L29/06

CPC classification number: H04L63/04 ,  H04L63/12 ,  H04L63/123 ,  H04L69/22

公开(公告)号：WO2016005821A3

公开(公告)日：2016-03-17

申请号：PCT/IB2015001765

申请日：2015-07-09

Applicant: REAL INNOVATIONS INTERNAT LLC

Inventor： THOMAS ANDREW S

IPC: H04L9/12 ,  H04L12/12

CPC classification number: H04L67/141 ,  H04L63/029 ,  H04L63/04 ,  H04L67/02 ,  H04L67/1002 ,  H04L67/146 ,  H04L67/42

Abstract: A system and method for providing secure, end-to-end data service enabling real-time data over the Internet is disclosed. The system and method provides a communication framework between sensors, devices, and machinery and the users of that data from any remote location that is connected to the Internet without requiring open inbound firewall ports, while at the same time enabling high data rates, low latency and full bi-directionality. The graphical and networking features of RIA frameworks in combination with the disclosed system and method provide low-latency, real-time data applications in a web browser securely over the Internet.

Abstract translation: 公开了一种用于提供安全的端到端数据服务的系统和方法，使得能够通过互联网实现实时数据。 该系统和方法提供传感器，设备和机器之间的通信框架以及来自连接到互联网的任何远程位置的数据的用户，而不需要打开的入站防火墙端口，同时实现高数据速率，低延迟 和全双向性。 RIA框架的图形和网络功能结合所公开的系统和方法，通过互联网安全地在Web浏览器中提供低延迟的实时数据应用。

公开(公告)号：WO2016019342A1

公开(公告)日：2016-02-04

申请号：PCT/US2015/043301

申请日：2015-07-31

Applicant: PROTEGRITY CORPORATION

Inventor： LEVY, Vichai ,  ROZENBERG, Yigal ,  JAIN, Rajnish ,  MATTSSON, Ulf

IPC: H04L9/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L67/42 ,  H04L63/04 ,  H04L67/02 ,  H04L67/10 ,  H04L67/2823

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.

Abstract translation: 本文描述了用于实现数据安全性的网关设备。 网关设备耦合在客户端设备和服务器设备之间，并且生成从客户端设备接收的数据的部分和客户端设备的接口字段或数据元素之间的映射。 在从客户端设备接收到后续数据时，网关设备可以访问生成的映射，以使用映射来识别对应于客户端设备的特定接口字段或数据元素的后续数据的部分，并且可以对后续数据的标识部分进行编码 ，例如基于由安全策略定义的数据保护技术。 然后，编码数据可以由网关设备输出到服务器设备。

公开(公告)号：WO2015142836A1

公开(公告)日：2015-09-24

申请号：PCT/US2015/020948

申请日：2015-03-17

Applicant: SAUDI ARABIAN OIL COMPANY ,  ARAMCO SERVICES COMPANY

Inventor： MEVEC, Paul, Francis ,  MARHOON, Ibrahim, A.

IPC: H04L29/06

CPC classification number: G06F21/6218 ,  G06F11/1448 ,  G06F17/30879 ,  G06F21/60 ,  G06F21/604 ,  G06F21/606 ,  G06F2201/84 ,  H04L63/0227 ,  H04L63/04 ,  H04L63/105 ,  H04L63/123 ,  H04L63/126 ,  H04L63/18 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1097

Abstract: Embodiments of computer-implemented methods, systems, and non-transitory computer-readable medium having one or more computer programs stored therein are provided to transfer contents of transactional database records associated with a data historian between two or more networks configured to have different levels of network protection. Generated data barcodes can be decoded to produce contents of transactional database records to be transmitted between two or more networks having different levels of network security protection. Decoded contents of the transactional database records can then be securely communicated back to the sender for comparison by generating validation barcodes to be decoded by the sender. Generated verification barcodes can then be decoded to produce verification data. Verification data can confirm success of the transmission of contents of transactional database records encoded in the data barcodes. Decoded contents of transactional database records can then be stored responsive to an indication of successful transmission.

Abstract translation: 提供了具有存储在其中的一个或多个计算机程序的计算机实现的方法，系统和非暂时性计算机可读介质的实施例，以将两个或更多个网络之间的与数据历史记录相关联的事务数据库记录的内容传送到配置为具有不同级别 网络保护。 生成的数据条形码可以被解码以产生要在具有不同级别的网络安全保护的两个或多个网络之间传送的事务数据库记录的内容。 然后可以将事务数据库记录的解码内容安全地传送回发送方进行比较，生成由发送方解码的验证条形码。 然后生成的验证条形码可以被解码以产生验证数据。 验证数据可以确认在数据条形码中编码的事务数据库记录的内容的传输成功。 然后可以响应于成功传输的指示来存储事务数据库记录的解码内容。