Patents Examined by Jason Lee
-
Patent number: 9686267Abstract: A client system associated with a user includes at least one hardware processor configured to initiate the following operations. A modified login page is received from a proxy hardware system. An asynchronous engine is loaded by a browser system executing on the client system and caused by a routine from the modified login page. A login process with an authentication profiling service is executed, using the asynchronous engine, to retrieve login information for a back-end server. The authentication process with the back-end server is completed using the asynchronous engine. The modified logic page is generated by the proxy hardware system by adding the routine to a login page being sent from the back-end server to the browser.Type: GrantFiled: July 25, 2016Date of Patent: June 20, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Gianluca Gargaro, Gaetano Ruggiero, Patrizio Trinchini
-
Patent number: 9679289Abstract: A hybrid device includes a personal digital key (PDK) and a receiver-decoder circuit (RDC). The PDK and RDC of the hybrid device are coupled for communication with each other. In one embodiment, the hybrid device also provides a physical interconnect for connecting to other devices to send and receive control signals and data, and receive power. The hybrid device operates in one of several modes including, PDK only, RDC only, or PDK and RDC. This allows a variety of system configurations for mixed operation including: PDK/RDC, RDC/RDC or PDK/PDK. The present invention also includes a number of system configurations for use of the hybrid device including: use of the hybrid device in a cell phone; simultaneous use of the PDK and the RDC functionality of hybrid device; use of multiple links of hybrid device to generate an authorization signal, use of multiple PDK links to the hybrid device to generate an authorization signal; and use of the hybrid device for authorization inheritance.Type: GrantFiled: December 7, 2015Date of Patent: June 13, 2017Inventor: David L. Brown
-
Patent number: 9680699Abstract: A device, method, computer program product, and network subsystem are described for associating a first mobile agent with a first security policy and a second mobile agent with a second security policy or for providing a first agent with code for responding to situational information about the first agent and about a second agent and for evaluating a received message at least in response to an indication of the first security policy and to an indication of the second security policy or for deploying the first agent.Type: GrantFiled: November 3, 2015Date of Patent: June 13, 2017Assignee: Invention Science Fund I, LLCInventors: Alexander J. Cohen, Edward K. Y. Jung, Royce A. Levien, Robert W. Lord, Mark A. Malamud, William Henry Mangione-Smith
-
Patent number: 9667423Abstract: Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.Type: GrantFiled: September 27, 2010Date of Patent: May 30, 2017Assignee: Nokia Technologies OyInventors: Yan Fu, Nadarajah Asokan, Ville Aarni
-
Patent number: 9661025Abstract: Methods and apparatuses for identifying and detecting threats to an enterprise or e-commerce system are disclosed, including grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; labeling the statistical outliers to create one or more labeled features tables; using the one or more labeled features tables to create one or more rules for identifying threats to the enterprise or e-commerce system; and using the one or more rules on incoming enterprise or e-commerce system data traffic to detect threats to the enterprise or e-commerce system. Other embodiments are described and claimed.Type: GrantFiled: September 7, 2016Date of Patent: May 23, 2017Assignee: PATTERNEX, INC.Inventors: Constantinos Bassias, Vamsi Korrapati, Uday Veeramachaneni
-
Patent number: 9659184Abstract: In the approaches described herein, a data file storage service may control access to file system objects using corresponding “personal” or organization-related “work” identity information which may include encryption keys or passwords. To assist the user with identifying respective file system objects, the user is presented with a corresponding graphical user interface (GUI) which displays a corresponding personal or work identity icon next to a visual rendering of the file system objects. Keys that control access to work identity files and folders are purged from a local key store as soon as user authorization changes are detected. In this way, even a user who originated a data file will not be able to decrypt files stored in a folder shared using a work identity once that identity is canceled by the organization, while at the same time, the user's access to their personal files may continue.Type: GrantFiled: April 17, 2015Date of Patent: May 23, 2017Assignee: nCrypted Cloud LLCInventors: Igor Odnovorov, Nicholas Stamos
-
Patent number: 9661008Abstract: A network monitoring apparatus includes a log collecting unit and a log analyzing unit. The log collecting unit collects log information related to passing packets from at least one of a FW and a proxy server, which are included in a network, for packets transferred in the network. The log analyzing unit extracts log information satisfying a predetermined condition in a predetermined time period by analyzing, over time, the log information collected by the log collecting unit.Type: GrantFiled: February 21, 2014Date of Patent: May 23, 2017Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventor: Kensuke Nakata
-
Patent number: 9652465Abstract: One embodiment provides a method, comprising: receiving, from a client device, a request by a user to access an aggregate service device; authenticating, at an aggregate service device, the user to provide access to a plurality of cloud storage accounts of the user hosted by a single cloud storage service; providing, by the aggregate service device, data analogous to data of the plurality of cloud storage accounts; receiving, by the aggregate service device, a selection of data accessible by the user from the plurality of cloud storage accounts of the user; and facilitating data transfer associated with the selection.Type: GrantFiled: October 30, 2014Date of Patent: May 16, 2017Assignee: Lenovo (Singapore) Pte. Ltd.Inventors: Philip L. Childs, Eric Todd Marshall, Jose Roberto Rodriguez, Matthew Jacyno, Greyson Craig Davis, Tony Eugene Thompson, Carmelo Antonio Gazzia, Timothy Mark Robbins, Mei-Wen Sun
-
Patent number: 9654488Abstract: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.Type: GrantFiled: June 8, 2016Date of Patent: May 16, 2017Assignee: Sophos LimitedInventors: Fraser Howard, Paul Baccas, Vanja Svajcer, Benjamin John Godwood, William James McCourt
-
Patent number: 9645762Abstract: An exemplary system preserves the autonomy of two or more distinct storage management systems all the while enabling backed up data to be restored from a first storage management system (the “local system”) to a specially-configured client in a second storage management system (the “remote system”). For example, backed up data in the local system (e.g., a secondary copy of production data) may be transferred, in a restore operation, from secondary storage in the local storage management system, which originated the data, to a client of the remote storage management system (the “remote client”). As a specially-configured “restore-only client,” the remote client is limited to receiving backed up data from the local storage management system, via restore operation(s) managed by the local storage manager. The remote client remains a full-fledged client in its home system, the remote storage management system.Type: GrantFiled: August 9, 2016Date of Patent: May 9, 2017Assignee: Commvault Systems, Inc.Inventors: Prasad Nara, Michael F. Klose
-
Patent number: 9646169Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing cross organizational data sharing including, for example, means for storing customer organization data in a database of the host organization; allocating at least a sub-set of the customer organization data to be shared as shared data; configuring a hub to expose the shared data to a proxy user and configuring the proxy user at the hub with access rights to the shared data; configuring one or more spokes with access rights to the shared data of the hub via the proxy user; receiving a request from one of the hubs for access to the shared data of the customer organization via the proxy user at the hub; and returning a response to the hub having made the request. Other related embodiments are disclosed.Type: GrantFiled: November 10, 2015Date of Patent: May 9, 2017Assignee: salesforce.com, inc.Inventors: Simon Y. Wong, Igor Tsyganskiy, Patrick John Calahan, Alexandre Hersans
-
Patent number: 9648003Abstract: Delegating authorizations sufficient to access services is contemplate. The authorization may be delegated in the form of a token or other transmissible construct relied upon to authenticate access to services, such as but not necessarily limited to conferring a user identity established via authenticated device for the purposes of enabling an unauthenticated or unsecured device to access a service associated with the user identity.Type: GrantFiled: January 23, 2015Date of Patent: May 9, 2017Assignee: Cable Television Laboratories, Inc.Inventors: Robert M. Lund, Steven E. Johnson
-
Patent number: 9641327Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.Type: GrantFiled: January 29, 2016Date of Patent: May 2, 2017Assignee: M2M and IoT Technologies, LLCInventor: John A. Nix
-
Patent number: 9641531Abstract: The embodiments herein relate to a method in an AAA server (103) for enabling authorization of a wireless device (101) to access a first network (100a) while simultaneously accessing a second network (100b). The AAA server (103) retrieves information identifying a current SGSN (108) currently serving the wireless device (101) in the second network (100b). When the AAA server (103) retrieves authorization information for the wireless device's (101) access to the first network (100a) from a HLR (105), the AAA server (103) indicates the current SGSN (108) as a new SGSN to the HLR (105). The indication is to be interpreted by the HLR (105) as an update of location information or a refresh procedure from the current SGSN (108).Type: GrantFiled: February 17, 2015Date of Patent: May 2, 2017Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Christofer Lindheimer, Jari Vikberg, Ruben Cantano Requena, Ping Chen
-
Patent number: 9634991Abstract: A method, an apparatus, a host, and a network system for processing a packet. The method includes receiving, by a physical host through a virtual bridge in the physical host, a network packet sent by a source virtual machine in the physical host, where the network packet carries a source media access control (MAC) address and a target MAC address; obtaining, by the physical host according to the source MAC address and the target MAC address by querying correspondence between each virtual machine MAC address and a security domain, a security domain to which the source virtual machine corresponds and a security domain to which a target virtual machine corresponds; and controlling, by the physical host, the virtual bridge to discard the network packet, when the security domain to which the source virtual machine corresponds is different from a security domain corresponding to the virtual bridge.Type: GrantFiled: December 18, 2014Date of Patent: April 25, 2017Assignee: Huawei Technologies Co., Ltd.Inventors: Yuchen Wang, Xueping Wu
-
Patent number: 9633655Abstract: Methods for voice sensing and keyword analysis are provided. An example method allows for causing a mobile device to transition to a second power mode, from a first power mode, in response to a first acoustic signal. The method includes authenticating a user based at least in part on a second acoustic signal. While authenticating the user, the second acoustic signal is compared to a spoken keyword. The spoken keyword is analyzed for authentication strength based on the length of the spoken keyword, quality of a series of phonemes used to represent the spoken keyword, and likelihood of the series of phonemes to be detected by a voice sensing. While receiving the first and second acoustic signals, a signal to noise ratio (SNR) is determined. The SNR is used to adjust sensitivity of a detection threshold of a voice sensing.Type: GrantFiled: May 22, 2014Date of Patent: April 25, 2017Assignee: Knowles Electronics, LLCInventors: Peter Santos, David Klein, Hong You, Jean Laroche, Michael M. Goodwin, Sridhar Krishna Nemala, Umit Yapanel, Ye Jiang
-
Patent number: 9619615Abstract: A system for confidentially retrieving data from a person, such as by authorized personnel. One embodiment provides a data carrier item such as jewelry, having encrypted data imparted upon the item in manner that is only intelligible after being unencrypted. Such data can be encrypted and/or invisibly disposed such that the data is not identifiable by the public, but can be quickly and accurately retrieved by authorized personnel.Type: GrantFiled: December 23, 2015Date of Patent: April 11, 2017Assignee: LifeQode, LLCInventor: Michael P. Lacey
-
Patent number: 9608825Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.Type: GrantFiled: November 14, 2014Date of Patent: March 28, 2017Assignee: Intel CorporationInventors: Nitin V. Sarangdhar, Daniel Nemiroff, Ned M. Smith, Ernie Brickell, Jiangtao Li
-
Patent number: 9609008Abstract: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.Type: GrantFiled: June 8, 2016Date of Patent: March 28, 2017Assignee: Sophos LimitedInventors: Fraser Howard, Paul Baccas, Vanja Svajcer, Benjamin John Godwood, William James McCourt
-
Patent number: 9607154Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.Type: GrantFiled: September 22, 2013Date of Patent: March 28, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paolina Centonze, Yinnon Avraham Haviv, Roee Hay, Marco Pistoia, Adi Sharabani, Omer Tripp