Abstract: A messaging system enables client applications to send and receive messages. The messaging system includes independent component programs performing different functions of the messaging system, such as connection managers that maintain network connections with the client applications, a message router that sends received messages to recipient applications through network connections, and a dispatcher that authenticates other component programs. A messaging server may authenticate client applications using certificate-based authentication (e.g., private and public keys), authentication transfer from another trusted messaging server, or other methods (e.g., user name and password). To authenticate a component program, the dispatcher compares instantiation information (e.g., user identity, process identifier, creation time) of the component program provided by the operating system with instantiation information saved in a shared memory at the time of the component program's instantiation.
Type:
Grant
Filed:
May 24, 2017
Date of Patent:
April 16, 2019
Assignee:
BlackRock Financial Management, Inc.
Inventors:
Elliot Hamburger, Jonathan S. Harris, Jeffrey A. Litvin, Sauhard Sahi, John D. Valois, Ara Basil, Randall B. Fradin
Abstract: An electronic device can include a processing device operatively connected to a biometric sensing device. The biometric sensing device may capture a biometric image each time a user interacts with the electronic device. When the user enters user identification data (UID) and a biometric image was recently captured, the biometric image is tagged with the UID. The user can access the electronic device and/or an application being accessed on the electronic device when a subsequently captured biometric image matches a tagged biometric image or an untagged biometric image that is assigned to a cluster that includes a tagged biometric image.
Abstract: The present invention discloses methods and systems for managing a node through a management server. The management server verifies whether a management confirmation has been received and allows a second user group to manage the node if the management confirmation is received. If the management confirmation is not received by the management server, the second user group is not allowed to manage the node through the management server.
Type:
Grant
Filed:
July 10, 2017
Date of Patent:
April 2, 2019
Assignee:
PISMO LABS TECHNOLOGY LIMITED
Inventors:
Ho Ming Chan, Kit Wai Chau, Kenneth Kai Kut Yip
Abstract: Techniques for intercept-based multifactor authentication client enrollment as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for intercept-based multifactor authentication client enrollment as a network service includes monitoring a session at a firewall, intercepting a request for access to a resource while monitoring the session at the firewall, determining that a user associated with the session is not enrolled for multifactor authentication, and initiating enrollment of the user for the multifactor authentication.
Abstract: In one example, a device directory server may maintain a digital rights management list for a user device belonging to a device group associated with a user. The device directory server may maintain a primary digital rights management list associating a user device with a primary online account for a user having a content license for a digital content item. The device director server may receive a status update indicating the user device is still in use by the user if sent by the user device. The device directory server may determine whether a status update has been received from the user device. The device directory server may deactivate the user device on the primary digital rights management list when no status update has been received within a pruning period for the user device to be associated with the primary online account.
Type:
Grant
Filed:
April 26, 2016
Date of Patent:
February 26, 2019
Assignee:
MICROSOFT TECHNOLOGY LICENSING, LLC
Inventors:
Chris Kimmell, Tianyu Fang, Nisarg Patel, Derrick Wampler, Kenneth F. Lavering, James McColl, Devin Jenson
Abstract: Examples are generally directed towards providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.
Abstract: An access determination management system obtains information regarding various different entities in a system (e.g., a networked environment) and what rights or privileges those entities have. An entity, also referred to herein as a principal, can be a user, a computing device, a group of users, a group of computing devices, or a service. The rights or privileges that an entity has includes, for example, whether administrative privileges are available to the entity, whether a particular program can be executed, whether an entity is a member of another entity, and so forth. The access determination management system uses the obtained information to generate and display a graph of the environment. The graph of the environment includes the different objects as well as links between the objects that indicate rights or privileges one object has with respect to another.
Type:
Grant
Filed:
June 2, 2016
Date of Patent:
February 5, 2019
Assignee:
Microsoft Technology Licensing, LLC
Inventors:
Blake R. Hutchinson, Jesse Shi-Yuan Ou, Ambrose Y. W. Leung, Brandon A. Chalk, Robert J. Mooney, III
Abstract: A method is to detect a message compatible with the OTA (Over The Air) standard and affected by a wrong ciphering. The method may include receiving the ciphered OTA message; deciphering the OTA message; and reading a counter field of padding bytes in the deciphered OTA message and reading corresponding padding bytes in the OTA message deciphered. The method may also include detecting at least one bit in at least one of the padding bytes of the OTA message deciphered, with the at least one bit being indicative of the wrong ciphering.
Abstract: A web service platform to improve end-user engagement in a captive audience environment. Mobile and web-based clients allow application users to authorize and approve usage of entitlements of other users, including their children, based upon preconfigured rules and the proximity between the user requesting and the user approving authorization to use the entitlement.
Type:
Grant
Filed:
August 22, 2017
Date of Patent:
February 5, 2019
Assignee:
BLAZER AND FLIP FLOPS, INC.
Inventors:
Benjamin Harry Ziskind, Joshua David Bass, Scott Sebastian Sahadi
Abstract: The APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM (“SRAP PLATFORM”) provides a secure supporting infrastructure within a corporate network framework and applications based thereon for use and placement of corporate resources. A non-trusted device may be authorized to access and use corporate resources, and the corporate network server may manage the placement of resources via the SRAP PLATFORM.
Type:
Grant
Filed:
June 9, 2016
Date of Patent:
January 29, 2019
Assignee:
Goldman Sachs & Co. LLC
Inventors:
Harpreet Singh Labana, Yair Israel Kronenberg, Brian J. Saluzzo
Abstract: In certain embodiments, a method includes mapping, by a first application, personally identifiable information to an anonymous identification, generating, by the first application, a key, and sending, by a first appliance, the anonymous identification and the key to a second appliance, wherein the first appliance comprises the first application. The method also includes receiving, by the first appliance and from a browser, a token generated by a second application of the second appliance, wherein the token is associated with the key. The method further includes sending, by the first appliance, the personally identifiable information to the browser after receiving the token from the browser.
Type:
Grant
Filed:
September 2, 2016
Date of Patent:
January 29, 2019
Assignee:
SYMANTEC CORPORATION
Inventors:
Noor Zubair, Muhammad Asif, Tanveer Zamir
Abstract: A verification method includes displaying a selected pattern set on a display device electrically connected with a user apparatus. One of a first selected pattern and a second selected pattern as an as-selected pattern is selected. The as-selected pattern is used as a first target pattern, and the other is used as a second target pattern. A match object area and a target object area on the display device are displayed. The selected pattern is displayed in the match object area, and the first and second object patterns are displayed in the target object area. A user operates the user apparatus or a connected wearable device to control and select the as-selected pattern in the match object area on the display device or on another display device. When the as-selected pattern conforms to the first object pattern, the verification is finished.
Abstract: A software application is automatically launched on a first computing device. The launch of the application is a first execution of the application by the first computing device. In response to this launching, the application executes to automatically obtain data from the first computing device. The data is sent to a second computing device that is configured to provide a service to the first computing device (e.g., based on the data).
Type:
Grant
Filed:
February 22, 2016
Date of Patent:
December 25, 2018
Assignee:
LOOKOUT, INC.
Inventors:
David Richardson, Kevin Mahaffey, Jonathan Grubb
Abstract: An information processing apparatus individually sets a login distance as a condition to be satisfied when a login request is transmitted for a plurality of devices. Further, the information processing apparatus determines whether a login distance condition, having been set, is satisfied based on receipt of a packet. The information processing apparatus transmits the login request to the transmission source device if it is determined that the login distance condition is satisfied.
Abstract: A random number generating device includes an uncertain circuit which outputs uncertain data, and a cipher processing device. The cipher processing device encrypts input data using a cipher function of the cipher processing device, and generates a random number including higher uniformity than data outputted from said uncertain circuit using the cipher function of the cipher processing device and the data outputted from the uncertain circuit.
Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.
Type:
Grant
Filed:
November 21, 2017
Date of Patent:
November 20, 2018
Assignee:
Hewlett Packard Enterprise Development LP
Abstract: In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.
Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). A method for downloading profiles in a terminal in a wireless communication system include generating and storing an encryption key at a time point, loading the stored encryption key, when receiving profile download start information from a profile providing server, and downloading an encrypted profile for the electronic device from the profile providing server, via the loaded encryption key, and installing the encrypted profile in the electronic device.
Type:
Grant
Filed:
April 8, 2016
Date of Patent:
October 23, 2018
Assignee:
Samsung Electronics Co., Ltd.
Inventors:
Jonghan Park, Duckey Lee, Taesun Yeom, Sangsoo Lee
Abstract: A method for concealing sensitive information on a portable device via a steganographic image is disclosed. The portable device can be in the form of a card such as a driver's license or credit card and the hidden information may include a person's name or account number.