Controlled communication system
FIELD: information technology.
SUBSTANCE: first user can support one or more content "portals", which can be accessed by at least a subset of members of an online community. Access to content of any portal can be based on the level of confidentiality of the portal and the level of confidentiality, for example, access parametres provided to a person. The level of confidentiality and linking the content can be hierarchical and/or non-overlapping. That way, a user can transparently exchange data with several uses simultaneously independent of their context or level of confidentiality while preserving the confidentiality boundaries of each portal.
EFFECT: enabling a user to assign or set varying levels of confidentiality for their information or content in order to control access to such information by other users.
18 cl, 13 dwg
The technical field to which the invention relates.
The present invention, in General, refers to information networks, and in particular to systems and methods that provide users with controlled communication environment that includes various levels of privacy and/or protection that allow the user to communicate with other users at different levels of privacy or security at any time.
One of the most effective distribution channels and information is of direct personal relationships, referred to as social networking. A social network consists of people and their personal relationships with other people, through which information is shared and opportunities. Direct personal relationships mean that two people "know" each other and typically have a certain degree of trust to each other. One person may have more than one or a few different social networks, like humans, have different groups of friends (for example, family friends, friends at work, friends at school, friends at parties and so on).
The value of social networks can be demonstrated through, for example, the phenomenon of "six degrees of separation", which means that the interval IU is do any two people in terms of direct personal relationships is relatively small (for example, 6 degrees or less). Social networks are often used by people, often without conscious intent. For example, people can find work and to connect with their friends to determine if they know of any possible positions. These friends can provide reliable information on the positions on which they directly know. These friends can also recommend your looking for work other available positions. Moreover, these close personal relationships can be used to obtain social information and/or features, such as, for example, information about potential romantic partners, good movies, restaurants and/or buy, sell or trade products and services.
Direct personal relationships, in particular, is useful for obtaining information and opportunities due to associative associated reliability information and the people involved. For example, people are typically more often ready to change the rest house (exchange houses) with a friend of a friend, even though people may not know personally of each other, than to swap houses with a stranger. The basis of this trust is that people can trust, that his interim friend would not be associative is associated with a person offering to swap houses (for example, a friend of a friend), if each other was the s unreliable or he could not be trusted. Summarizing, each intermediate can be trusted to offer a fair assessment of attorney to a third party. Social networks are often the base for based on feedback information, such as, for example, movies, restaurants, travel, etc. On this information to be shared by a large number of usual residents typically rely more than on reviews from professional critics.
In the context of online social networking continues to be a problem of maintenance, control and regulation of users associated with limited system resources, and actions of users.
Below is a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This entity is not a comprehensive overview of the invention. It is not intended to identify key/critical elements of the invention or to delineate the scope of the invention. Its sole purpose is to present some concepts of the invention in a simplified form as a prelude to the more detailed description set forth herein.
The present invention relates to a system and/or methodology that facilitates controlled communication environment, which allows the user to interact with others is the other users of the online community at various levels of confidentiality at the same time. The system and method allow the user to assign or set different levels of confidentiality for the information or content, to control the visibility and access to such information by others. In particular, the first user may support one or more portals or content repositories that can be accessed or viewed, at least for a subset of community members. Access to the contents of any portal can be based on the privacy level of the portal and the level of privacy (for example, parameters of access), given to another, who can be registered in the community. Privacy levels can vary from the public (for example, not private) to a fully private (for example, access by other users are not allowed) with degrees of privacy, distributed in the interval. In fact, the user can transparently communicate with multiple users at the same time regardless of their context or level of privacy, while still maintaining control over the borders privacy of each portal.
Traditional communication systems that provide a particular type of information exchange between users, typically require the user (for example, the content owner) moved me who do public and private context (for example, similar to switching modes) based on the context of another user (for example, the person requesting access to the content). This can often lead to confusion for the user, as well as many other problems of communication and security. Other traditional communication systems offer the only fully public or fully protected environment, where in any case, users are given access to all information in the system without restrictions or protected method, respectively. In contrast to these conventional systems, the present invention facilitates simultaneous communication in public and private context, which is virtually transparent to the communicating parties.
For example, the first user may post a group of photos, denoting some public and some private. The second user only with the rights of public access can view public pictures and communicate with the first users about public photos, but doesn't see or doesn't know about private photos. At the same time, the third user with the rights of private access can view private pictures and communicate with the first user about these private photos.
Different approaches to the implementation of this may apply. One is the approach this can be achieved partly through the initial definition of access rights, if there are, second, and third person. When access rights are confirmed, second and third user may be presented with relevant content available to them. When access is not detected, only public access or public domain content can be made available to the person. Alternatively, access may not be provided when access is not detected. In another approach, the system can automatically place the second and third user to the appropriate portals through the identification of their access rights according to the registration information. In this approach, access to the community is able to automatically provide the second and third user to access at least to publicly available content, therefore, to place the appropriate user in the portal after registration.
Access to any particular portal or repository may provide the user with the ability to leave a blog post or publish mail messages, images and/or other content in this portal. In addition, the user can view other users ' content published in this site, and/or add comments and annotations to content published or sent by other users this is the Ortal.
According to one aspect of the invention, portals or store can be accessed from a public network, such as the world wide web, or from a private network over a discrete set of users. Therefore, the user community may be a wide audience or a more specific group of users, such as social group of people, employees or students of the University.
According to another aspect of the invention, portals or content repositories can be organized in a hierarchical way, as well as non-overlapping way. Accordingly, the access rights may overlap or be mutually exclude access to other portals with lower levels of privacy. In addition, users can "be" in several different portals and communicate one at a time. Thus, the representation of the content of each portal, the user may depend on which portal is considered at the moment. I.e. the content presented to the user may depend on several different portals.
To implement the above and related objectives, certain illustrative side of the inventions described herein in connection with the following description and the accompanying drawings. These aspects, however, indicate only some of m is Oresta ways which can be used the principles of the invention. The invention is intended to include all such aspects and their equivalents. Other advantages and new features of the invention may become apparent from the following detailed description of the invention, when considered together with the drawings.
Brief description of drawings
Figure 1 is a block diagram of a high level of controlled communication system which facilitates simultaneous communication in both the private and public context in accordance with an aspect of the present invention.
Figure 2 is a block diagram of the controlled system of communication, which facilitates simultaneous communication between a user and other people in the private and public context in accordance with an aspect of the present invention.
Figure 3 is a block diagram of an automatic controlled communication system which automatically provides or designates a new level of privacy of the person, communicate with the user based on the communication and/or user actions, in accordance with an aspect of the present invention.
Figure 4 is a block diagram showing the simultaneous interaction in public and private contexts, in accordance with an aspect of the present invention.
Figure 5 is a schematic representation of an exemplary linking groups/levels of confidence the major in accordance with an aspect of the present invention.
6 is a schematic representation of an exemplary linking groups/levels of confidentiality in accordance with an aspect of the present invention.
7 is a block diagram of a subsystem, which operates in conjunction with the systems of figure 1 or figure 2, which simplifies the resolution of the display content to a person with access to more than one group privacy.
Fig is a block diagram of the operational sequence of the method illustrating an exemplary methodology that facilitates simultaneous communication in multiple contexts confidentiality in accordance with an aspect of the present invention.
Fig.9 is a block diagram of the operational sequence of the method illustrating an exemplary methodology that facilitates simultaneous communication in both the private and public (non-private) context in accordance with an aspect of the present invention.
Figure 10 is a block diagram of the operational sequence of the method illustrating an exemplary methodology that automatically prompts or assigns a new level of confidentiality to a person that communicates with the user based on the communication and/or user actions, in accordance with an aspect of the present invention.
11 is a block diagram of the operational sequence of the method illustrating an exemplary methodology that uprose the interaction between man and the portal user in accordance with an aspect of the present invention.
Fig is a block diagram of the operational sequence of the method illustrating an exemplary methodology that facilitates human interaction with the portal user in accordance with an aspect of the present invention.
Fig illustrates a typical environment for implementing various aspects of the invention.
Detailed description of the invention
The present invention is described below with reference to the drawings, in which similar numerals of reference are used to refer to the same elements. In the following description, for purposes of explanation, many specific details are set forth to provide a full understanding of the present invention. Nevertheless, it is obvious that the present invention may be practiced without these specific details. In other cases, on the model of the block diagram shows common patterns and devices to facilitate description of the invention.
When used in this application, the terms "component" and "system" are intended to refer to related to an automatic data processing machine (computer) object entity, either hardware, a combination of hardware and software, software, or software in the course of execution. For example, a component may be, but not limited to, a process running on a processor, the processor is bhakta, executable, a thread of execution, a program and a computing machine. As an illustration, an application that is running on the server, and the server can be a component. One or more components can reside within a process and/or thread of execution and a component may be localized on one computer or distributed between two or more computing machines.
The present invention may contain various schemes and/or techniques of inference in communication with the automatic granting or providing additional access rights to protected content user, which may be based, at least in part, on the actions or user interaction with the other person (which access rights should be granted). In addition, these patterns of inference partially can be used to determine what content to display to the person that communicates with the content owner (user), especially in cases when a person has a right of access to multiple content groups but not all groups of people can access at the same time. Other scenarios, although not described herein, may use one or more schemas logical conclusion, to carry out the present invention, and is, and is treated as falling within the scope of the invention.
When used in this document, the term "logical conclusion" usually refers to the process of reasoning or inference of States of the system, environment, and/or user from a set of observation data obtained through events and/or data. Logical inference can be used to identify a specific context or action, or can generate a probability distribution, for example, by States. The logical conclusion may be probabilistic, i.e. the calculation of the probability distribution of interest to the States based on the analysis of data and events. The logical conclusion may also indicate the methods used to link events to a higher level from a set of events and/or data. This logical conclusion leads to the drafting of new events or actions from a set of observed events and/or stored event data, regardless of whether events are correlated in close temporal proximity and do events and data from one or more event sources and data.
Under the description of the present invention, the terms "user" and "man" are used to distinguish between the parties involved. In particular, the term "user"refers to the owner or co-owner of the content or groups of content that is potentially available other is through online communities (for example, the world wide web, corporate network, school network, and so on). Each group of content may also be referred to as "portal" ("garden").
The term "people"in General refers to any other user who has access to online community and that can potentially interact with any owner or part owner of the portal and the portal, depending on the access rights or the privacy level provided. Each portal or cluster portals can also be assigned privacy level. When the level of privacy of the portal "satisfied" or corresponds to the level of privacy of the person, then that person may be granted access to a specific portal. In General, access may be minimal, such as passive viewing the contents of the portal, or at least part of it. Access or the ability to view any particular site or piece of content may be subject to one or more presentation rules defined by the user for a particular site or piece of content.
Referring now to figure 1, is a General block diagram of the controlled system 100 connection that provides a communication environment in which the information included in it, may be public and private, depending on the settings the users mode. The system 100 includes a component 110 data analysis, which receives and evaluates the input data access, such as registration information of the person (for example, user name, password etc), and any information derived from them. Component 110 data analysis can determine the identity of the person, and to recognize the possibility of access granted to the person, when registered in the communication environment.
Information defined by the component 110 analysis of the data, may be transferred to the component 120 management context. Component 120 management context may regulate the interaction between the owners/co-owners portal (user) and at least one person currently registered in the communication environment. For example, suppose the user has a public (for example, non-private) and private content, which is stored at least in the two respective groups: public group and private group. The man provided A minimum access rights, and he thus can only access public group, whereas person B provided a higher degree of access rights, and he thus can access the private group. To maintain these boundaries between groups content similar to gra the Itza can be used when communicating about this content with the content owner. Thus, communication can be carried out in a public context when interacting with the public group and anyone associated associated. Similarly, the content owner and any person, associative private group can interact in a private context.
Component 120 context management can manage and control the interaction between the user (or user content) and the relevant people, so the context of privacy (for example, a public context private context, very private context and so on) is stored for each person, regardless of simultaneous interactions in public and private context. In addition, the operation of the component 120 context management transparent to the user, as well as for people interacting with the user. Accordingly, this person may not be aware of any other group content, to which he has no access, and the user does not need to worry about how not to get confused in terms of what people can see what content.
Moreover, the component 130 mnogokontaktnogo communication facilitates interaction and/or communication users in a variety of contexts at the same time without the need of the user (content owner) to switch modes to which a confidential manner for each of the many different levels of privacy, which can be assigned to each person. In addition, the user can freely interact with many people at various levels of confidentiality, which correspond to different content, not worrying about how secure the environment is or should be, before the communication can begin with a specific person.
Referring now to figure 2, illustrates the block diagram of the controlled system 200 connection that facilitates the establishment of portals or content groups and control access to that content, in accordance with an aspect of the present invention. To set different levels of protection to the user content, the system 200 includes a component 210 organization of content that allows you to organize your content in one or more databases (CONTENT STORE1220 and/or to the CONTENT STOREM230, where M is an integer that is greater than or equal to one). Each database may be referred to as a portal, through which each portal can be assigned a level of privacy by the component 240 purpose of confidentiality. Custom content can be sorted according to the level of confidentiality required by the user for each piece or type of content. However, you should take into consideration that the user content does not necessarily have to be arranged in a physically separate store of content since the separation of content groups can be on a logical level. In addition, the content may be assigned to overlapping content repositories, for example, when group privacy overlap.
Using a similar distinction between levels of privacy, the component 240 purpose of confidentiality may also assign privacy levels to the user's contacts or any person in the social network of the user. Because the user may not know or be able to identify each person by name in the online community, to any person without the assigned privacy level may be provided a minimum level of privacy (for example, only the right of public access) by default.
Once the portals are installed, at least part of the content may be accessed by other people, registered in the online community. However, before any content can be displayed component 250 identification of policy can identify a person requiring this access, in order to determine its level of confidentiality. Once this is determined, the component 260 display contents displays the corresponding content or provides human access to it from the keep. I.e. at least one portal is made visible to a person on the basis of the level of confidentiality assigned to the portal and man. If level of privacy is not assigned to a person, the portal, which is considered appropriate for public viewing, can be displayed. Then component 270 exchange user data with the person can be used to facilitate communication between the user and the person who associative associated with a particular portal on the display. As a result, the user does not need to assume, on what content refers to people in their relationship, and can easily communicate with multiple people simultaneously involved regardless of level of privacy. Examples of communication include, but not limited to, blogging, chat, instant messaging, e-mail communication and/or discussion.
Referring now to figure 3, shows a block diagram of the automatic system 300 is controlled in accordance with an aspect of the present invention. In particular, the system 300 can be used to automatically determine or adjust the privacy level of the portal or any content, in whole, at least partially based on user actions. Similarly, the system 300 can automatically deliver the best people the opportunity to access a specific portal the owner or part owner of which the user is at least partially based on the involved user actions or data that is exchanged with these people.
In order to achieve the above, the automatic system 300 includes a component 310 monitor, which can monitor and collect transmission 320 of user data, such as comments or messages sent between the user and the person (or people). For example, imagine that the user informs George, a friend of a friend and art collector, he is also a collector of works of art and has recently acquired several paintings at the local sale of the property. The user can continue to inform the artists ' names or names of the pictures in subsequent message exchanges with George. Component 310 monitoring may also transfer this information to the component 330 analysis. Component 330 analysis may accept and process this information and to know that the user has previously installed the portal (for example, portal paintings), which includes images of paintings (based organization 340 portal), and that George does not currently have access to it (according to the module 350 purposes of confidentiality). Component 360 artificial intelligence (AI) can be trained so that the auto is to offer, or assign such people, as George, the appropriate permissions to access that particular site. Alternative or in addition, the AI component 360 may propose or appoint George the appropriate level of confidentiality that can grant him access to the appropriate portal and other portals that have a similar level of confidentiality.
Similarly, the user steps 370 can also be monitored. These actions may include the purpose of confidentiality, previously made for other content (for example, related content), or for other people who may belong to the same social network, distribution list or contact list as the relevant people. For example, George can be included or added to the same distribution list, and Gender. The user may already have provided the Floor level of confidentiality, which allows the Floor to access the selected group of portals. Thus, the AI component 360 can learn to appoint George or another person added to the distribution list, similar to (or identical to) the level of confidentiality. Because some users may be included in multiple distribution lists, or they can be assigned different access rights and levels and privacy distribution list or any other list can be assigned a specific level of confidentiality. Thus, when a new person is added to the list, that person can be assigned privacy level of the list, not the level(no) privacy of other people in the list. This is important because at least one person in any list may be assigned to additional levels of privacy.
The user can teach the AI component 360 according to your preferences. Other examples of custom actions 370 include, but not limited to, changes in the social network of the user, which associatively linked portals, and changes in restrictions on the level of confidentiality at least one subset of portals.
Turning to figure 4, there is illustrated a schematic view that illustrates a controlled environment 400 in accordance with an aspect of the present invention. The environment 400 includes user content or stored items 410, which can be further grouped according to content type, content, etc. as required by the user. Each group then the user can be assigned a level of privacy. For example, one group may be considered public elements 420, which can b shall be available to all others in the community. Alternatively, the user can mark the message, conversation, or any other object level of privacy as each element occurs (for example, "on the fly"). For example, the user can talk in chat" with someone and at that moment to decide what the conversation is or was confidential, and mark it with the appropriate level of confidentiality. Therefore, content can be assigned privacy level based on the element or as a group.
Besides these shared elements 420 can be viewed (for example, passive viewing) other community, as defined by the user. For example, if a community is defined as the school network only from students and school staff, public items 420 or part of them can be available for passive viewing outside the school community.
Other groups of user content may be characterized by varying degrees of privacy, for example, PRIVATE ITEMS1430 to which the selected subscribers can access, and PRIVATE ITEMS2440, which may access a subset of the selected subscribers or other selected subscribers. As shown in the drawing, Bob granted access to the public members 420 of the user, while Mary granted access to obsada the available elements 420 user, as well as PRIVATE ITEMS1430. When access to any group content is available, this access may include allowing a person (for example, Bob and Mary) to publish content 450 in this group or in a specific item in the group, view other published content 460 in the group or leave comments on previously published content 470. As a minimum, the access may include passive viewing of content. In some cases, Bob and Mary can be allowed to export at least part of the content to which they have access from the specified group based on the user settings.
In addition, the user can communicate with Bob and Mary at the same time, and thus, in different contexts, privacy, without having actively or consciously switch between contexts to do it. Instead, such changes in the context can be implemented transparently to the user, and to Bob and Mary.
In General, user content may be organized in a hierarchical overlapping manner, as shown by the exemplary circuit 500 figure 5, or non-overlapping manner, as illustrated by diagram 600 figure 6. For example, in figure 5, the contents are grouped, and each group is assigned a level of privacy. Here PRIVACY LEVEL0510 represents the content with minimal privacy, or in other words, content that is publicly available. PRIVACY LEVEL(1-M)(520, 530 and 540, respectively, where M is an integer that is greater than or equal to one) represents the contents with increasing levels of privacy. People with access to content PRIVACY LEVEL1520 also have access to the content 510 PRIVACY LEVEL0. If different people with access to content PRIVACY LEVELM540 also have access to content with lower levels of privacy.
Alternatively, group content may be non-overlapping and, therefore, mutually exclusive, as shown in figure 6. Except public content 610, people with access to content with a certain specified level of privacy (for example, increasing levels of privacy from 1 (620), 2 (630), 3 (640) and/or to K (650), where K is an integer that is greater than or equal to one) do not have explicit access to another private content regardless of their level of privacy. Therefore, if a person is granted access to content PRIVACY LEVEL3640, the user is also required to explicitly assign any lower level of confidentiality (for example, LEVEL1620 and/or LEVEL2630) so that people had access to that content. It should be understood that the content can be organized in other ways, such as, for example, a combination of hierarchical and non-overlapping groups.
Due to the nature of the present invention, the user can be active or to interact with several people in different contexts confidentiality, some of which are public, some to a certain extent, private, and some are very private. During these iterations, the user may be presented with content that is meaningful to interact carried out at the moment. View important content may remind the user about the privacy level assigned to the content, or simply to give the user the criterion for this iteration. Interaction with multiple people in multiple contexts privacy at the same time can be relatively messy for the user. In order to maintain a sense of order for the user component 710 coordination, shown in Fig.7, it can be used and included in the controlled system 100, 200 communication figure 1 and 2, respectively, above.
Component 710 negotiation can determine the representation of the content and/or portals to the user based at least partially on what portals are active in the data the moment. For example, some portals can be set by the user using view rules that determine how content is displayed to the user, as well as the person that communicate with the user about this content. In General, component 710 negotiation can resolve the issues regarding the display of content, because it affects the user, but also on the people that interact with the user.
Various methodologies in accordance with the present invention is further described through a sequence of actions, it is necessary to understand and take into account that the present invention is not limited to procedures, as some steps may, in accordance with the present invention, be performed in a different order and/or concurrently with other actions, in contrast to that shown and described in this document. For example, specialists in the art should understand and take into account that the methodology can be alternative are presented as a series of interrelated States or events, for example, on the state diagram. Moreover, not all illustrated steps may be required to implement a methodology in accordance with the present invention.
Referring to Fig, shows the block with the EMA sequence of operations of an exemplary method 800, which facilitates simultaneous communication in multiple contexts confidentiality in accordance with an aspect of the present invention. The method 800 includes receiving input data for the input man, for example, the registration information to access online community to step 810. Online community can be extensive, for example the world wide web, or more limited, such as company, school, or community members only.
At step 820, the input access data can be analyzed to identify and authenticate the identity of the person and rights of access in the community in General and/or specific custom content community. At step 830 the context of user privacy can be defined in relation to content belonging to others in the community, and interact with that content can begin properly. You should take into account that some people may be registered in the community in the same way.
At step 840 the simultaneous exchange of data in different contexts privacy can be carried out at least between one user and one or more people interacting with the contents of this user. I.e. the user can provide the effortless to interact, at least with two different people who have different context privacy associative them, at the same time without having to consciously switch between contexts or modes of confidentiality. The same applies when only one person interacts with the user. This is because it is possible to assign one person several levels of confidentiality. Therefore, the user can interact with this person at both levels of confidentiality, not worrying about anything. Method 800 allows the user to ignore the current context (context person) through automatic adjustment of the user context as necessary.
Referring to figure 9, presents the block diagram of the sequence of operations of an exemplary method 900 that facilitates simultaneous communication in private and public context (for example, infrequent or with minimal particular) in accordance with an aspect of the present invention. The method 900 includes the establishment of the portal(s) of the user at step 910. This can be done partly by uploading user content to make it available online to the community in accordance with various limitations. For example, one or more levels to the of nfidentiality can be assigned to content. Privacy levels may include private or public and/or degree of confidentiality. The user can assign the appropriate level of confidentiality of the content, or an alternative system or method can recognize the context, content and automatically assign the appropriate level of confidentiality. In the second case, certain types of content can "fit" in the portals only with an appropriate level of confidentiality. For example, the system or method may be trained to recognize medical or related medical information and automatically assign the highest level of confidentiality. As a result, this information may be placed in the appropriate portal.
At step 920, the user can assign privacy levels or grant access rights to these people in a social network or online community user. For example, everyone in the online community user may be granted access to the "public" user content. This public access may be provided by default or explicitly by the user. Other people in the community who are known to the user may be assigned one or more privacy levels, which correspond to the levels of confidentiality, the designated content to the user.
At step 930, the registration information of the person can be taken, and the level(s) the individual's privacy may be identified at step 940. At step 950 access to the contents of the user can be obtained on the basis of the level of privacy of the person. Authentication credentials and level of privacy of the person (for example, 930-950) can be repeated for each person registered in the community, at step 960. At step 970, any user can communicate or otherwise interact with one or more people at different levels of confidentiality at the same time.
Referring now to figure 10, presents a flowchart of the sequence of operations of an exemplary method 1000 that automatically offers or assigns a level of privacy to the person that communicates with the user based on the communication and/or user actions, in accordance with an aspect of the present invention. The method 1000 includes monitoring user activity and/or communicate with the user regarding significant person on stage 1010. Examples of custom actions include assigning privacy levels previously done for other people in the same distribution list that matter, the destination level confidential the activity, previously made for a significant person for the same content, the reorganization of the social network or portals, user and other User communication may involve interaction between a user and a significant person, for example, specific discussions, communications, conversations, etc.
Information gathered during the monitoring stage 1010, may be analyzed at step 1020 to determine should there be any changes in the assigned confidence levels, and if Yes, what types of changes should be made or offered to the user. At step 1030, the method can be trained to automatically suggest or assign the most suitable level of privacy for the individual at least partially based on the action and/or communicate with the user, which had a user with this person. As a result, the user can be more confident that the privacy levels assigned to other assigned in a consistent way.
Turning to 11, presents a flowchart of the sequence of operations of an exemplary method 1100 that facilitates interaction between humans and the portal user in accordance with an aspect of the present invention. The method 1100 includes providing to the fact that less than the least two people have registered community-based portals, step 1110. In particular, at least the first person assigned to the first level of confidentiality, and at least the second person appointed to a second level of privacy, which is different from the first level of confidentiality. For example, under the condition of privacy levels 0-2, where 0 is the least private (for example, public), and 2 - the most private to that particular user, the first privacy level may be 0, and the second privacy level may be 2. At step 1120 the contents of the portal for the first and second levels of privacy can be displayed to the first and second person, respectively.
Next, the user (owner or co-owner of portal content) can interact with or otherwise communicate with the first and second person at the same time on two different levels of privacy (step 1130). You should take into account that the relationship between the user and any person can begin at any time, for example, through IM (instant messaging), e-mail, programs, chat conversations and/or blogging; however, access to the portals of the user can be provided once installed, the appropriate level of confidentiality for the each person. In practice, imagine, for example, that John and Jane are friends Tim and I want to access the portals Tim. Tim gave John access to their public portal, and Jane access to the portal with the level of confidentiality 1. All three can "talk" to each other in the online mode, however, the level of confidentiality of John and Jane must be identified before allowing them access to relevant portals to view or post messages, comments, etc. in the respective portals.
Referring to Fig, presents a flowchart of the sequence of operations of an exemplary method 1200 that facilitates human interaction with the portal user in accordance with an aspect of the present invention. The method 1200 begins by giving a person access to the portal user at step 1210. At step 1220, the person can perform at least one of the following with respect to this portal to post or publish text, images or other content in the portal user to view the content published by other people; to view the contents published by the user; and/or leave comments to content published by other people or this person. In addition, the user can do some the e content available for passive viewing outside of the context of a portal in a controlled manner for example, via syndicated feeds material (for example, RSS). Portals can belong to multiple users; therefore, they can be managed by multiple users.
To provide additional context for various aspects of the present invention, Fig and further discussion are intended to provide a brief General description of a suitable operating environment 1310, which can be implemented in various aspects of the present invention. Although the invention is described in the General context mashinostryenia commands, such as software modules that are executable by one or more computers or other devices, specialists in the art should recognize that the invention may also be implemented in combination with other program modules and/or as a combination of hardware and software.
However, software modules, in General, include procedures, programs, objects, components, data structures, etc. that perform particular task or implement a separate abstract data types. Operating environment 1310 is only one example of a suitable operating environment and is not intended to suggest any limitations on the use or function is ity of the invention. Other common computing systems, environments, and/or configurations that may be suitable for use with the invention include (but not limited to, personal computers, pocket computers or portable computers, multiprocessor systems, microprocessor-based, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include the above systems or devices, and so on
With reference to Fig, a typical environment 1310 for the implementation of the various parties of the invention includes a computing machine (computer) 1312. Computing machine 1312 includes a processor 1314, the system storage device 1316 and the system bus 1318. The system bus 1318 connects the system components, including (but not only) the system storage device 1316 processor 1314. The processor 1314 may be any of various available processors. Architecture dual microprocessors and other multi-processor architectures may also be used as a processor 1314.
The system bus 1318 may be any of several types of structures(s) of the tire, including the memory bus or memory controller, a peripheral bus or external bus, and/or a local bus using the UYa any of a variety of bus architectures, including (but not limited to, 11-bit bus, the bus industry standard architecture (Industrial Standard Architecture (ISA)), a microchannel architecture (Micro-Channel Architecture (MCA)), extended ISA (Extended ISA (EISA)), intelligent electronic driving circuits (Intelligent Drive Electronics (IDE)), local bus Association of manufacturers of video electronics (VESA Local Bus (VLB), peripheral connection components (Peripheral Component Interconnect (PCI), universal serial bus (Universal Serial Bus (USB)), improved graphics port (Advanced Graphics Port (AGP)bus, an international Association of manufacturers of memory cards for personal computers (Personal Computer Memory Card International Association (PCMCIA), and small computer system interface (Small Computer Systems Interface (SCSI)).
System memory 1316 includes a volatile storage device 1320 and the non-volatile storage device 1322. The system basic input / output system (BIOS), containing basic routines to transfer information between elements within computing machine 1312, for example, at startup, is stored in non-volatile memory device 1322. As an illustration, but not limitation, nonvolatile memory device 1322 may include a permanent storage device (ROM), programmable ROM (EPROM), electrically programmable ROM (EPROM), electrically erasable ROM (ASPSU) or flash the memory. A volatile storage device 1320 includes a random access memory (RAM), which acts as an external cache. As an illustration, but not limitation, RAM is available in many forms such as static RAM (POPS), dynamic RAM (DOSE), the static DOSE (SDRAM)SDRAM double data rate (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and direct Rambus RAM (DRDRAM).
Computer (PC) 1312 also includes removable/fixed, volatile/nonvolatile computer storage media storing data. Fig illustrates, for example, disk storage 1324. Disk storage 1324 includes (but not limited to, such devices as storage on magnetic disks, floppy drive, tape drive, Jaz drive, Zip drive, tape drive, LS-100, a flash memory card or Memory Stick. In addition, the drive 1324 disks may include media data storage independently or in combination with other media storage, including (but not only) optical drive, such as CD-ROM (CD-ROM), drive to a recordable compact discs (CD-R Drive), the drive to rewritable CDs (CD-RW Drive) or a memory stick reader, digital versatile disks (DVD-ROM). To simplify connectivity 1324 estimates the indices on the disks to the system bus 1318, typically use a removable or stationary interface, for example interface 1326.
You should take into account that Fig describes software that acts as an intermediary between users and the basic computer resources described in the appropriate operational environment 1310. Such software includes the operating system 1328. Operating system 1328, which can be stored on a disk drive 1324, is used to control and allocate resources of the computing system 1312. System application 1330 advantage of resource management by the operating system 1328 by software modules 1332 and software data 1334 stored either in system memory 1316, or on a disk drive 1324. You should take into account that the present invention can be implemented with various operating systems or combinations of operating systems.
The user enters commands or information into the computer 1312 through device(s) 1336 input. Device 1336 entry include (but not only) pointing device such as a mouse, trackball, pen, touch pad, keyboard, microphone, joystick, game pad, satellite dish, scanner, card, TV tuner, digital is the Amer, digital video camera, web camera, etc. These and other input devices are connected to the processor 1314 via the system bus 1318 through the interface port(s) 1338. Interface port(s) 1338 includes, for example, a serial port, a parallel port, game port and universal serial bus (USB). Device(s) 1340 output uses the same types of ports that the device(as) 1336 input. Thus, for example, the USB port can be used to provide input into the computing machine 1312 and to output information from computer 1312 on the device 1340 output. Adapter 1342 output is provided to illustrate that there are some devices 1340 output, such as monitors, speakers, and printers, among other devices 1340 output that require special adapters. Adapters 1342 output include, as an illustration, but not limitation, video and sound cards, which provide a means of connection between the device 1340 output and the system bus 1318. It should be noted that other devices and/or systems are devices provide opportunities for both input and output, such as remote computer(s) 1344.
Computing machine 1312 may operate in a networked environment using logical connections to one or more remote computers, n is an example of a remote computing machines 1344. The remote computing machine(s) 1344 may be a personal computer, a server, a router, a network PC, a workstation, a device based on a microprocessor, a peer device or other standard network node and the like, and typically includes many or all of the elements described relative to computer 1312. For brevity, only the memory device 1346 storage is illustrated with the remote computing machine(s) 1344. Remote computing machine 1344 logically connected to an automatic data processing machine 1312 via the network interface 1348 and then physically connected through the connection 1350 communication. Network interface 1348 comprises a data network such as a local area network (LAN) and wide area network (WAN). LAN technology include distributed data interface fiber optic (FDDI), distributed wired data interface (CDDI), Ethernet/IEEE 1102.3, Token Ring/IEEE 1102.5, etc. Technology DHW include, but not limited to, point-to-point links, circuit switched network channels, such as digital network integrated services (ISDN) and their variants, network with packet switching and digital subscriber line (DSL).
Connection(I) 1350 communication means hardware/software, the use of which has been created for to connect the network interface 1348 bus 1318. Although the connection 1350 connection is shown for purposes of illustrative clarity inside the computer 1312, it can also be external to the computing machine 1312. Hardware/software necessary for connection to the network interface 1348, includes (only for typical purposes of internal and external technologies such as modems, including modems on ordinary telephone lines, cable modems and DSL modems, ISDN adapters, and Ethernet cards.
What has been described above includes examples of the present invention. Of course, it is impossible to describe every possible combination of components or methodologies for purposes of describing the present invention, but an ordinary specialist in the art may recognize that many further combinations and permutations of the present invention valid. Therefore, the present invention is intended to cover all such transformations, modifications and variations that fall within the spirit and scope of the attached claims. Moreover, to the extent that the term "includes" is used in either the detailed description or in the claims, this term should be includes, similarly, the term "contains", "contains" is interpreted when the COI the box is used as an intermediate words in the claims.
1. Controlled communication system containing one or more computercity media for storage:
component organization of the content to download the content to make it available to the first person through the online community;
destination component privacy to assign one or more content levels of confidentiality for user uploaded content;
component data analysis for the evaluation of the input data access of a person to determine the level of confidentiality in relation to the loaded content;
management component context for the regulation of transmission without changing the communication relating to the loaded content and user data exchange govern on the basis of an independent comparison of the level of confidentiality assigned to the user's content with the level of privacy of the person;
component analysis for detection of communication relevant to the downloaded content for the user based on the comparison between one or more names of the communication and one or more passwords associated with the designated content and user
component of artificial intelligence to change the privacy level of a person based on the recognition and data exchange relevant to the downloaded content to the user.
2. The system according to claim 1, in which the artificial intelligence automatically adjusts the level of privacy of the person to allow the person access the loaded content user, the person is restricted from access downloaded content user as long as the component of the artificial intelligence does not change the level of privacy of the person.
3. The system according to claim 1, in which the input data for access contain the registration information of the person.
4. The system according to claim 1, in which the uploaded user content is organized into one or more groups containing a single group or overlapping groups.
5. The system according to claim 4, in which each of the one or more groups of the loaded content a user is assigned the contents of the privacy level of the group.
6. The system according to claim 1, in which the purpose of confidentiality shall appoint one or more content levels of privacy for the downloaded content to the user in response to the designation by the user of one or more content levels of confidentiality to the destination component privacy.
7. The system according to claim 1, additionally containing component mnogokontaktnogo to facilitate entries batch is I user with other people, registered in the online community, in many levels of the individual's privacy at the same time, and which eliminates the explicit switch the user between different contexts privacy.
8. The system according to claim 1, in which the level of privacy of the person determines whether the first access at least part of the loaded content to the user.
9. The system according to claim 1, in which the artificial intelligence offers recommendations to change the privacy level of the person.
10. The system according to claim 1, in which the uploaded user content is organized, at least one of the following methods: hierarchical, non-overlapping, non-hierarchical, partially overlapped or completely overlapped.
11. Computercompany way controlled communication containing phases in which:
determined by management component context of one or more recipients of the communication, on the basis of comparing the content of the privacy level of the data flow path with respect to privacy of the person for each of the one or more recipient about the content of a data flow path, with the first part of the communication is assigned to the first level of privacy of communication, and W heaven part of the flow of communication is assigned to a second level of confidentiality;
recognize by component analysis of the exchange of data relevant to the downloaded content for the user based on the comparison between one or more names of communication
and one or more passwords associated with the assigned user content, and
change by component artificial intelligence level of privacy of the person based on the recognition of the exchange of data relevant to the downloaded content to the user.
12. Computercompany the method according to claim 11, in which component management context changes the access recipient stream-to-stream data exchange purpose of the second part of the data stream to the second level of confidentiality communicate with the sending of the data flow path.
13. Computercompany the method according to claim 11, in which the context of the privacy of a person is determined from the registration data.
14. Computercompany the method according to claim 11, further containing a phase in which to organize the flow of data into one or more groups.
15. Computercompany the method according to 14, further containing a stage at which assign each group a group context privacy.
16. Computercompany the method according to claim 11, further containing phase, which automatically assigns the context of the conference is dentiality person on the basis of, at least one of the user actions and communications of the user.
17. Computercompany the method according to claim 11, further comprising stages, which are:
display at least part of the data flow path to one or more secondary flow when the level of confidentiality of the content of the communication corresponds to the context of the individual's privacy for each of the one or more recipients of the stream.
18. Controlled communication system, comprising: a processor and
a memory in which is loaded a lot computercompany instructions that perform the method, comprising:
the evaluation of the input data, at least one person for input access data and information obtained from them, to determine at least one context of the individual's privacy in relation to content belonging to at least one user; and modifying at least one access during the transmission of data exchange,
monitoring at least one of the user actions and communications of the user, at least one person; and
automatically assigning at least one context of privacy rights in relation to content belonging to at least one user based on at least one of the acts Paul is the user and communicate the user, at least one person.
FIELD: information technologies.
SUBSTANCE: method includes the following stages: receipt of the first control message (ECM1), containing at least one control word (CW) and time score (TS); receipt of the second control message (ECM2), following the first control message (ECM1), besides, the second control message contains at least one control word (CW) and time score (TS); detection of duration of time period, corresponding to difference between time scores (TS) of two serial messages ECM1, ECM2; increasing counter of errors (CE) in case specified duration of time period is less than previously set duration (CP); reducing counter of errors (CE) in case specified duration of time period equals or exceeds specified previously set duration; return of control word (CW) into module of processing (STB) as waiting time expires, which depends on value of counter of errors (CE).
EFFECT: prevention of access to coded content in case of fraudulent use of decoders.
16 cl, 6 dwg
FIELD: information technologies.
SUBSTANCE: invention relates to method of control of access to data (CT) coded by means of control words (CW) received by protection module in control messages (ECM) and returned to module of coded data processing. Control messages (ECM) contain at least the first control word (CW1) and the second control word (CW2), at the same time each of specified control words provides access to coded data (CT) during the specified period of time called cryptoperiod (CP). Method includes the following actions: transfer of coded data into at least one module of processing; and transfer of control messages (ECM) into specified processing module, besides, control messages (ECM) contain at least two specified control words (CW1, CW2) and are sent to processing module after transfer of data coded by means of the first control word (CW1) and prior to transfer of data coded by means of the second control word (CW2), time shift between transfer into module of processing of data coded by means of the first control word (CW1) and transfer of control message (ECM), containing the first control word (CW1) and the second control word (CW2), makes more than 75% of cryptoperiod.
EFFECT: prevents access to coded content with fraudulent use of two decoders with only one module of protection.
4 cl, 4 dwg
FIELD: information technologies.
SUBSTANCE: device (3400) for processing of coded data flow (3401), comprising a decoding module (3402) to generate decoded data flow (3403) from coded data flow (3401), detection module (3404) for detection of information on position of at least one intra-coded frame in coded data flow (3403) and substitution module (3405) for substitution on the basis of detected information on position of coded data flow (3401) parts with according parts of decoded data flow (3403).
EFFECT: increased efficiency, speed of data flow processing by means of selective substitution of only that data in data flow, which is required for further use of data flow.
28 cl, 37 dwg
FIELD: information technology.
SUBSTANCE: metadata which classify new bulletins as a whole and their separate subject matter are formed; said metadata are sent to a user terminal. Received metadata are recorded into memory which may or may not be integrated into the user terminal. Recorded metadata are compared with previously recorded news bulletins and their subject matter; based on said comparison, recorded news bulletins are divided into video files of news items; obtained video files are recorded into memory. A database of news items is created with possibility of further browsing in an audio-visual information display device. In order to provide the proper accuracy of dividing recorded news bulletins into video files of news items, the timing device of the user terminal is periodically corrected using standard time signals.
EFFECT: possibility of selection of separate news items of interest by a user, acquaintance with history of the news item previously browsed by the user, as well as with the entire spectrum of views on the browsed news item.
6 cl, 5 dwg
FIELD: physics; computer engineering.
SUBSTANCE: invention relates to an information processing device, an information recording medium and a method of processing information. Several content administration modules, which correspond to a name, index and some other information, are installed by dividing into parts content stored on an information recording medium. Different module keys, which are encryption keys, are allocated for different content administration modules. At least content data arriving in real time, included in each content administration module, are encrypted using the module key, and the encrypted data are stored. When playing back content, modules are identified, and decryption for playing back is carried out using the module key which corresponds to each module.
EFFECT: copyright administration for each part of data, obtained through segmentation of content recorded on a recording medium.
41 cl, 37 dwg
FIELD: physics, communications.
SUBSTANCE: invention concerns security modules actuated at device receiving encoded digital data; claimed method is particularly intended for transfer of data on date and current time to security module, and for decoding authorisation management based on validity period for data received or stored by indicated device. Method of authorisation duration control in security module installed in device with internal clock, where the device received digital data flow encoded with reference words included in authorisation reference messages, involves the following stages: data from internal device clock, including information on current time, are receiver over security module; information on current time is stored in security module; authorisation reference message requiring decoding of at least on reference word is received over security module; information on previous time when previous authorisation reference message was processed is read; authorisation reference message is processed if time indicated in current time information is ahead of time indicated in previous time information.
EFFECT: enhanced safety of data transfer.
10 cl, 1 dwg
FIELD: physics; computer engineering.
SUBSTANCE: present invention pertains to digital television (DTV), especially to the method of verifying identity of a subscriber terminal in a DTV network. The method of carrying out authentication procedure of at least one subscriber terminal comprises the following stages: reading out, using a set-top box (STB) at the subscriber terminal, the period of validity of the key and key information, stored in the subscriber identification module at the subscriber terminal when the set-top box is launched; initiation, using the STB, of sending a request for authentication to a central station, if the period of validity of the key has expired, and authentication by the central station, in accordance with the authentication request; determination by the central station of whether authentication has been successful, and if successful, sending a corresponding reply message, containing new key information, and a reply message on failure of authentication if otherwise; updating, through the STB, key information when a reply message on successful authentication has been received.
EFFECT: reduced congestion of a network or authentication server.
18 cl, 8 dwg
FIELD: information technologies.
SUBSTANCE: invention can be used in system of the forced performance of requirements which provides access possibility to the enciphered digital content on a computing mechanism only according to parametres the certain rights of the license got by the user of digital contents. The first confidential builder on the first computing mechanism carries out cryptographic, an estimate and the forced performance of requirements and forcedly contacts it, the first certificate of the user device corresponding to the first computing mechanism, forcedly contacts the user. Accordingly, the second confidential builder on the second computing mechanism carries out cryptographic processing, an estimate and the forced performance of requirements and forcedly contacts it, the second certificate of the user device corresponding to the second computing mechanism, also forcefully contacts the user. The first competent builder gains contents for reproduction on the first computing mechanism by means of the first certificate of the user device and the license, and the second confidential builder gains contents for reproduction on the second computing mechanism by means of the second certificate of the user device and the same license.
EFFECT: prevention of non-authorised duplication of digital content by the user related to the digital license and having of some computing mechanisms.
16 cl, 6 dwg
FIELD: information technologies.
SUBSTANCE: invention refers to method of control of decoding of program traffic set received by receiving system. Method of control of decoding of program traffic set received by receiving system implying that sequence of messages is received in conventional access subsystem (9, 10) comprising the specified receiving system, and each message is associated with one of coded program traffic set and represents information return enabling decoding of associated coded traffic by at least one decoding module (12) within receiving system. It is detected whether messages received within certain interval are associated with various coded program traffic set, and at least one of requests presented by messages received within certain interval is rejected, if number of various coded program traffics with which these messages are associated, exceeds preset value.
EFFECT: creation of receiving system, portable protector which enables program traffic provider to control program traffic set to which user of receiving system simultaneously addresses.
16 cl, 2 dwg
FIELD: information technology.
SUBSTANCE: decoder and subscription television data control system proposed contain at least two decoders, each of those is connected to at least one removable protective module. The protection is realised using identification data, contained in the decoder and protective module indicated. Besides, each of the decoders contains a descrambler and subscription television data processing deactivation units. Each decoder also contains a counter, which influences the deactivation units mentioned. Besides, at least one of the removable protective modules is assigned as primary and therefore contains decoder counter reinitialisation units.
EFFECT: provision of capability to regulate decoder operation time and to adjust operation parameters at any time using protective module.
19 cl, 13 dwg
FIELD: information technology.
SUBSTANCE: first and second data are pre-entered into first and second data processing units, respectively, and a feature of the object is additionally entered into the second data processing unit. A first bit sequence is then generated in the first data processing unit and then transmitted to the second data processing unit, in which there is generation of a second bit sequence from the first bit sequence, as well as second data and the feature of the object through a first conversion algorithm and then transmitted to the first data processing unit in which there is generation of an authentication result for the second data processing unit from the first and second bit sequences and first data through a second conversion algorithm. Further, a third bit sequence is generated in the first data processing unit through a third conversion algorithm and a fourth bit sequence is generated and the bit sequences are transmitted to the second data processing unit.
EFFECT: higher cryptographic security and broader functional capabilities.
FIELD: information technology.
SUBSTANCE: system receives multiple sets of authenticating data for a set of authentications from a set of authentication sources and presents the said set of authentications in a graphic user interface, where the graphic user interface includes a corresponding part for each of the said set of authentications, which is set up based on its set of authenticating data. The system can flexibly set up the graphic user interface.
EFFECT: flexible and broader setup of a user interface.
19 cl, 6 dwg
FIELD: information technology.
SUBSTANCE: method involves reception of a payload data element using a processing device; performing cryptographic authentication of the payload data element; storing the authenticated received payload data element in a data processing device, and protecting integrity of the stored payload data element. The cryptographic authentication process involves calculation of a control hash function value of at least the received data element. Protection of integrity also involves calculation the standard value of a message authentication code at least for the control hash function value using a secret key stored in the data processing device as input data.
EFFECT: more computationally efficient mechanism for providing security, which protects software and when loading software into a device.
34 cl, 11 dwg
FIELD: information technology.
SUBSTANCE: transmission method involves reception of a primary integrity key encrypted with a content key and at least one encrypted content stream from a content owner by a stream server; reception of a request from an electronic device for information on said content stream; formation of at least one initial value by the stream server; transmission of information in response to the said request on one content stream by the stream server to the said electronic device, where the said information contains at least one initial value and the primary integrity key encrypted with a content key; formation of at least one session integrity key in the said stream server using the said at least one initial value and the said primary integrity key; protection of integrity of at least one content stream in the said stream server using the said at least one session integrity key; and transmission to the said electronic device at least one content stream with integrity protection formed using at least one session integrity key.
EFFECT: higher protection of stream content.
38 cl, 4 dwg
FIELD: information technologies.
SUBSTANCE: system comprises a processing server and database server, besides processing server is designed to obtain extended associative information, at least of one account from at least one client's terminal, to transfer extended associative information to database server; and is also designed, whenever request arrives for service from one client's terminal, to obtain from database server extended associative information of account, corresponding to client's terminal, to generate verification information according to level of protection of request for service and to transfer this verification information to client's terminal, in order to verify authenticity of user, using client's terminal; and database server is arranged with the possibility to preserve extended associative information of at least one account. The present invention also describes method of accounts control in Instant Messaging Service (IM).
EFFECT: increased protection of user account from thieves.
12 cl, 2 dwg
FIELD: information technologies.
SUBSTANCE: invention relates to method and device for control of data streams in protected distributed information systems built using networks of coded communication, in order to prevent unauthorised access of users to network information resources and services by means of distributed control of established network communications. Substance of invention consists in the fact that invention is based on task to develop method and device for control of data streams in protected distributed information systems built using networks of coded communication, in order to prevent unauthorised access of users to network information resources and services by means of distributed control of established network communications.
EFFECT: increased level of protection for target distributed information system by introduction of distributed access control functions in the system using mechanisms of data streams control based on analysis of applied protocols of distributed information system interaction.
4 cl, 2 dwg
FIELD: information technology.
SUBSTANCE: method involves configuration of a first version of an application for execution on a first mobile terminal, connection of the first mobile terminal to a second mobile terminal, transmission of a second version of the application to the second mobile terminal using the established connection and restricting execution of the second version of the application. In another version the method involves initiation of execution of an application on a first mobile terminal, connection of the first mobile terminal to a second mobile terminal, sending the image of the executed application from the first mobile terminal to the second mobile terminal and reception of image of the executed application from the first mobile terminal at the second mobile terminal.
EFFECT: improved method.
30 cl, 11 dwg
FIELD: information technologies.
SUBSTANCE: method for generating and verification electronic digital signature (EDS) includes following sequence of operations: secret key is generated as at least one string of bits (BS) - k; on the basis of the secret key, open key Y is generated as BS vector of m length, where 2<m<64; electronic document (ED) supplied by H "МДЧ" is received; depending on received electronic document and secret key value Q EDS is generated as at least two BSs depending on EDS, ED and open key the first A and the second B check BSs are generated; A and B BSs are compared. When their parametres match it is concluded that electronic digital signature is authentic.
EFFECT: increase in EDS procedures efficiency without decrease in its stability.
8 cl, 9 tbl
FIELD: information technology.
SUBSTANCE: system for adaptive parametric control of safety of information systems comprises a safety configuration setting module, a safety conditions description module, a module for assessing fulfillment of safety conditions, a module for detecting actions which keeps track of access of a subject to an object, a safety control module designed for adaptation of the information system through generation of a control action on its safety configuration. The method describes operation of the said system.
EFFECT: automation of the process of adaptation of information systems to security breaches.
3 cl, 5 dwg
FIELD: information technologies.
SUBSTANCE: end user of device (10) of user station in system of authentication requests access to protected information, besides system comprises facility (20) of access server and facility (30) of authentication, and device (10) of user station maintains communication with facility (30) of authentication along the first channel of communication in radio communication network (40). Additionally, it maintains communication with facility (30) for authentication along the second communication channel. Specified facility (30) of authentication is arranged with the possibility to maintain the first mode of authentication and the second mode of authentication along specified second communication channel, and additionally it comprises solving facility to select whether the first or second mode of authentication shall be used and/or when the first or second mode of authentication shall be used for user station device (10), which requests access to protected information.
EFFECT: reduced interaction with end user.
27 cl, 8 dwg
FIELD: information technology.
SUBSTANCE: in a target computer in a network computing environment, the method of minimising exploitation of software vulnerability by an intruder, where the software is installed on the target computer, by studying network traffic and identifying malicious code before it can be executed and/or installed. On the transport layer (for example, transmission control protocol (TCP) socket layer) network traffic can be viewed using a security component installed on the target computer. Upon reception of a message meant for the computer system, data included in the message are compared with exploit features used to identify the malicious code. Exploit features are provided for the security component by a security service which gathers information on the malicious code. Based on comparison of data in the message and exploit features, rules are identified, which instruct the security component to perform corresponding actions on the received message.
EFFECT: narrowing the risk window for computers which are potential targets of intruders.
19 cl, 2 dwg