Patents Issued in January 12, 2016
  • Patent number: 9237111
    Abstract: In one embodiment, a system includes a hardware processor and logic integrated with and/or executable by the processor or media access control (MAC) functionality of a network port, the logic being adapted to initialize a link between a receiving endpoint and a sending endpoint, the receiving and sending endpoints being connected in a network fabric, wherein at least one virtual link is created within the link, receive an amount of available flow credits from the receiving endpoint, wherein the amount of available flow credits are used to determine a capacity to process packets at the receiving endpoint, and transmit one or more packets to the receiving endpoint until all packets are sent or the amount of available flow credits is insufficient to process additional packets, wherein exchange of flow credits is performed on a per virtual link basis.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: January 12, 2016
    Assignee: International Business Machines Corporation
    Inventors: Bhalachandra G. Banavalikar, Casimer M. DeCusatis, Mircea Gusat, Keshav G. Kamble, Renato J. Recio
  • Patent number: 9237112
    Abstract: Systems and methods provide a parameterized scheduling system that incorporates end-user application awareness and can be used with scheduling groups that contain data streams from heterogeneous applications. Individual data queues within a scheduling group can be created based on application class, specific application, individual data streams or some combination thereof. Application information and Application Factors (AF) are used to modify scheduler parameters such as weights and credits to differentiate between data streams assigned to a scheduling group. Dynamic AF settings may adjust relative importance of user applications to maximize user Quality of Experience (QoE) in response to recurring network patterns, one-time events, application characteristics, protocol characteristics, device characteristics, service level agreements, or combinations thereof.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: January 12, 2016
    Assignee: WI-LAN LABS, INC.
    Inventors: Kenneth L. Stanwood, David Gell, Yiliang Bao
  • Patent number: 9237113
    Abstract: A server for a mobile web service and a method for providing a web service are provided. The wired server stores an IP address of at least one mobile web server. When a request for access to a mobile web server is received, the wired server delivers the access request to the mobile web server or provides a service in place of the mobile web server, using a URL included in the access request.
    Type: Grant
    Filed: January 7, 2013
    Date of Patent: January 12, 2016
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jae-won Lee, Joon-sung Hong
  • Patent number: 9237114
    Abstract: A system, method, and computer readable medium for managing resources maintained in resource cache components are provided. A network storage provider storing one or more resources on behalf of a content provider obtains client computing device requests for content. The network storage provider provides resources that are received and maintained on resource cache components. The network storage provider either processes requests or provides notifications to the resource cache components to facilitate the management of resources that need to be updated or are otherwise treated as invalid.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: January 12, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: David R. Richardson, Bradley E. Marshall, Swaminathan Sivasubramanian
  • Patent number: 9237115
    Abstract: Technologies are generally described for a load balancing scheme for a cloud-based game system. In some examples, a load balancing system may include a resource usage measurement unit configured to measure resource usage of a game server, a determination unit configured to determine one or more client devices to stream non-interactive media files among a plurality of client devices connected to the game server based at least in part on the resource usage measured by the resource usage measurement unit, and a transmission unit to stream the non-interactive media files to one or more of the client devices upon occurrence of a predetermined game event.
    Type: Grant
    Filed: June 16, 2014
    Date of Patent: January 12, 2016
    Assignee: Empire Technology Development LLC
    Inventor: Seungil Kim
  • Patent number: 9237116
    Abstract: One embodiment of the invention includes a coax media converter (CMC) system communicatively coupled to at least one modem in a network system. The system includes a frequency reference configured to generate a clock signal in a local time domain. The system also includes a scheduling processor configured to extract a bandwidth allocation message from a data stream and to re-stamp each of at least one timestamp in the bandwidth allocation message in the local time domain based on the clock signal to generate a corresponding updated bandwidth allocation message comprising a respective at least one re-stamped timestamp. The system further includes a downstream physical interface configured to transmit the updated bandwidth allocation message to the at least one modem to schedule upstream burst transmissions from the respective at least modem based on the at least one re-stamped timestamp.
    Type: Grant
    Filed: September 12, 2013
    Date of Patent: January 12, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Xuan Wang, Jingfeng Zhang, Jie Meng, Wenwen Dong, De Fu Li, Yong Lu
  • Patent number: 9237117
    Abstract: A network of switches includes N input accesses and M output accesses, with each of the switches including four ports and with the network input and output accesses being connection switch ports. The network includes at least one stage of switches, with each stage including: a pair of switch lines whose ports are not used as network input or output accesses, referred to as “interconnection switches”, a line being a set of interconnection switches connected to one another; and at least two transverse arms linking interconnection switches of different lines, a transverse arm consisting of elements that are separate from those of the other transverse arms, a transverse arm including at least two links and a switch, referred to as “transverse switch” with the connection switches being transverse switches. At least two transverse switches from different transverse arms of each stage are connection switches of the network.
    Type: Grant
    Filed: December 1, 2011
    Date of Patent: January 12, 2016
    Assignee: AIRBUS DEFENCE AND SPACE SAS
    Inventor: Olivier Nakad
  • Patent number: 9237118
    Abstract: A method of transmitting an upstream communication packet from a distributed trunk (DT) switch is described. The method comprises receiving a packet from a device connected to a DT port of the DT switch; and transmitting the received packet via a non-DT port of the DT switch if the DT switch is the owner of the device and transmitting the received packet via a DT interconnect (DTI) port of the DT switch if the DT switch is not the owner of the device.
    Type: Grant
    Filed: January 13, 2015
    Date of Patent: January 12, 2016
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Shaun Wakumoto, Bruce E LaVigne, Robert L Faulk, Jr., Mark A Tassinari, Mark Gooch
  • Patent number: 9237119
    Abstract: In response to detecting data file creation/revision in a first computing device, one or more other computing devices in which the data file creation/revision is to be synchronized are identified and a user of the first computing device is prompted to specify a message to be communicated to the one or more other computing devices in association with the data file creation/revision. The message specified by the user of the first computing device is received and communicated to the one or more other computing devices together with information that enables the data file creation/revision to be synchronized within the one or more other computing devices.
    Type: Grant
    Filed: July 17, 2013
    Date of Patent: January 12, 2016
    Assignee: Green Room Networks, Inc.
    Inventor: Christopher Dyball
  • Patent number: 9237120
    Abstract: A message broker system can include a message broker. The message broker can be configured to receive the message instances output as input message instances, store the input message instances in a message store, alter the structure or content of the input message instances according to a message brokering model to generate output message instances and provide output message instances to one or more downstream processors. According to one embodiment, input message stream processing can be decoupled from output message stream processing by the message broker.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: January 12, 2016
    Assignee: Open Text S.A.
    Inventor: Stefan Daniel Sandberg Cohen
  • Patent number: 9237121
    Abstract: An appliance and a method for permission-based email filtering capable of scanning outgoing emails to ensure the emails comply with Canadian Anti-Spam Legislation or similar rules. In one embodiment of the invention, the system intercepts outgoing emails and redirects the email to a remote server. The server compares the recipient's email address to a consent database and distributes the email to the appropriate recipient depending on whether consent from the recipient is known or unknown. If the recipient has previously denied their consent, the recipient is removed from the list of recipients for the email message and the message is not sent to that recipient. In another embodiment of the invention, the system adds a unsubscribe mechanism to the email message.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: January 12, 2016
    Assignee: OTC Systems, Ltd.
    Inventors: Timothy Scott Graham, Alan James Gilson
  • Patent number: 9237122
    Abstract: A method and an apparatus for adding recipient information are disclosed in the present invention, which relate to the field of communication technologies and are proposed in order to solve the problem in the prior art that the recipient information cannot be added according to the message content edited by the user. The technical solutions provided by the embodiments of the present invention comprise: matching message content edited by a user with contact information in an address book to obtain matched characters in the message content; acquiring corresponding contact information of the matched characters from the address book; and adding corresponding contact information of the matched characters into an recipient list corresponding to the message content. The embodiments of the present invention can be applied into mobile terminals such as the cell phone.
    Type: Grant
    Filed: January 25, 2011
    Date of Patent: January 12, 2016
    Assignee: YULONG COMPUTER TELECOMMUNICATION TECHNOLOGIES (SHENZHEN) CO., LTD.
    Inventor: Yuhui Feng
  • Patent number: 9237123
    Abstract: A question is received on a first social network site from a first user. The question is sent to a second user of a second social network site who receives the question from the second social network site. The first social network site receives an answer to the question from the second user via the second social network site and provides the answer to the first user.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: January 12, 2016
    Assignee: YP LLC
    Inventors: Justin Marcucci, Coby P. Randquist
  • Patent number: 9237124
    Abstract: A device in a server having a processor and a storage. The device has a protocol blind network path indication unit configured to obtain an indicator corresponding to a predetermined path to a data communication unit in the network using a destination address of a received data packet, an upstream communication unit configured to transmit a network protocol blind packet including the data packet and the indicator corresponding to the predetermined data path to the data communication unit in the network, a combiner configured to bind the indicator to the data packet received by the downstream communication unit, and a protocol blind correlation storage unit configured to provide information related to target addresses and indicators corresponding to a plurality of predetermined data paths in the network. The protocol blind network path indication unit obtains the indicator corresponding to a predetermined path by accessing the protocol blind correlation structure.
    Type: Grant
    Filed: July 13, 2012
    Date of Patent: January 12, 2016
    Assignee: Marvell Israel (M.I.S.L) Ltd.
    Inventors: Carmi Arad, Tal Mizrahi
  • Patent number: 9237125
    Abstract: A network security device and associated methods which protects a user's computer from the direct effects of software sent from a server by converting the data to a non-volatile information stream using two or more firewall isolation stages. The multistage functionality completely decouples the information communicated from the bulk of data sent from the server by converting the data into non-volatile information and eliminates risk from the even most aggressive adaptive malware by using an intermediate protocol translation between two of the stages contained in the decoupling firewall.
    Type: Grant
    Filed: May 5, 2014
    Date of Patent: January 12, 2016
    Inventor: Jim Bardgett
  • Patent number: 9237126
    Abstract: A one-way bus bridge pair that transfers secure data in one direction, the bus bridge pair including a transmitting bus bridge, a receiving bus bridge, and a link. The link can connect the transmitting bus bridge and receiving bus bridge. The transmitting bus bridge may be arranged not to receive any data from the receiving bus bridge, and the receiving bus bridge may be arranged not to send any data to the transmitting bus bridge.
    Type: Grant
    Filed: September 9, 2011
    Date of Patent: January 12, 2016
    Inventor: Gerald R. McEvoy
  • Patent number: 9237127
    Abstract: A method and apparatus for dynamic host operating system firewall configuration provides plural monitoring processes to monitor the firewall configuration of a host operating system and guest operating systems. When any firewall configuration change is detected by a monitor in a monitored guest operating system, an appropriate corresponding firewall change is made by the monitor to the host operating system.
    Type: Grant
    Filed: May 12, 2011
    Date of Patent: January 12, 2016
    Assignee: AirMagnet, Inc.
    Inventors: John Monk, Dan Prescott, Robert Vogt
  • Patent number: 9237128
    Abstract: Mechanisms are provided for performing an operation on a received data packet. A data packet is received and a hash operation on a header field value of a header of the data packet is performed to generate a hash value. A lookup operation is performed in a hash table associated with a type of the header field value to identify a hash table entry. A bit string associated with the hash table entry is retrieved, where each bit in the bit string corresponds to a class of rules of a rule set of a firewall. A matching operation of the header field value to rules in classes of rules corresponding to bits set in the bit string is performed to select one or more search trees. Operations are performed based on rules in the classes of rules being matched by header field value of the data packet.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: January 12, 2016
    Assignee: International Business Machines Corporation
    Inventors: Donald T. Davis, Jr., Michael T. Evans
  • Patent number: 9237129
    Abstract: The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.
    Type: Grant
    Filed: May 13, 2014
    Date of Patent: January 12, 2016
    Assignee: Dell Software Inc.
    Inventors: Hui Ling, Zhong Chen
  • Patent number: 9237130
    Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.
    Type: Grant
    Filed: January 6, 2014
    Date of Patent: January 12, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Peng Ji, Lin Luo, Vugranam C. Sreedhar, Shun Xiang Yang, Yu Zhang
  • Patent number: 9237131
    Abstract: A method for providing virtual private storage array (VPSA) service for cloud users over a computer network includes receiving parameters for the VPSA over the network and creating the VPSA from resources of server computers. Creating the VPSA includes allocating and exposing drives that meets or exceeds specified drive characteristics, drive quantity, and array redundancy criteria to virtual controllers (VCs) in the VPSA, and dedicating parts of processor/memory complexes that each meets or exceeds a specified virtual controller hardware model to the VCs. The VCs run on virtual machines on the dedicated parts of processor/memory complexes on independent server computers. The VCs discover the exposed drives, create a virtual pool from the exposed virtual drives, implement data protection on the virtual pool, create volumes from the virtual pool, expose the volumes over the network to a customer computer, and handle access requests to the volumes from the customer computer.
    Type: Grant
    Filed: July 22, 2014
    Date of Patent: January 12, 2016
    Assignee: Zadara Storage, Ltd.
    Inventors: Nelson Nahum, Yair Hershko, Yoav Ossia, Shyam Kaushik V., Lev Vainblat, Alex Lyakas, Moshe Melnikov, Vladimir Popovski
  • Patent number: 9237132
    Abstract: Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, a switch maintains session data the session entries of which represent established traffic sessions between a source and a destination and form an association between the traffic session and a particular FSD. A data packet of a traffic session from a client device directed to a target device is received at the switch. When none of the session entries are determined to correspond to the data packet, an FSD is selected to associate with the first traffic session by performing a load balancing function on at least a portion of the data packet. When a matching session entry exists, an FSD identified by the matching session entry is selected to process the data packet. The data packet is then caused to be processed by the selected firewall security device.
    Type: Grant
    Filed: July 8, 2014
    Date of Patent: January 12, 2016
    Assignee: Fortinet, Inc.
    Inventors: Joe Mihelich, Son Pham, Jun Li
  • Patent number: 9237133
    Abstract: Technology is described for two parties, by leveraging previously established secure connections with third parties, to obtain a shared secret for generating a secure connection with each other in a way that reduces vulnerability to man-in-the-middle attacks.
    Type: Grant
    Filed: December 12, 2012
    Date of Patent: January 12, 2016
    Assignee: Empire Technology Development LLC.
    Inventor: Ezekiel Kruglick
  • Patent number: 9237134
    Abstract: Communicating in a peer-to-peer computer environment. A request is received from a user device at a peer provider node computer system, wherein the request is signed by a private key. Provided a public key verifies the private key, providing potential peers to the user device from the peer provider node computer system such that the user device is enabled to utilize the peer-to-peer computer environment for a communication according to user requirements.
    Type: Grant
    Filed: August 13, 2013
    Date of Patent: January 12, 2016
    Assignee: TangoMe, Inc.
    Inventors: Eric Setton, Gregory Dorso, Barry Andrews
  • Patent number: 9237135
    Abstract: Techniques are provided to allow remote initialization of a Trusted Platform Module. The results may be trusted and confidential even if the target device has malicious operating system or other software running.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: January 12, 2016
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Stefan Thom, Kevin M. Litwack, Shon Eizenhoefer, Erik L. Holt, Yash Gandhi
  • Patent number: 9237136
    Abstract: In a font applying device on a client side in a computer system composed of the client and a server, an obfuscated font storing section stores an obfuscated font in which a character different from a character identified by the server based on a character code and having the same width of the character identified by the server is mapped to the character code. An obfuscated document receiving section receives an obfuscated document obtained by obfuscating document data as a result of converting the character code to a character code to which a character identified by the server based on the character code in the document data is mapped in the obfuscated font. A deobfuscation processing section identifies the character mapped in the obfuscated font to a character code included in the obfuscated document, and a display control section controls the display of the character.
    Type: Grant
    Filed: February 10, 2014
    Date of Patent: January 12, 2016
    Assignee: International Business Machines Corporation
    Inventors: Ryoji Kurosawa, Yoshinori Tahara, Asuka Unno, Natsuki Zettsu
  • Patent number: 9237137
    Abstract: A public parameter PK is key information used in a secret search system having: a transmission device generating and sending an encryption tag which is an encrypted keyword; a server receiving and storing the encryption tag and conducting a secret search in response to a request for the secret search; and a reception device generating a trapdoor which corresponds to a digital signature of the keyword and as well data requesting the secret search, sending the trapdoor to the server, and receiving a search result. The public parameter PK includes a true public parameter PP and a protection key PK?. The transmission device and the reception device require both the true public parameter PP and the protection key PK?; however, the server does not require the protection key PK?. The key generation device generates separately the true public parameter PP and the protection key PK? included in the public parameter PK.
    Type: Grant
    Filed: January 12, 2013
    Date of Patent: January 12, 2016
    Assignee: Mitsubishi Electric Corporation
    Inventors: Mitsuhiro Hattori, Takato Hirano, Takashi Ito, Nori Matsuda
  • Patent number: 9237138
    Abstract: An example method includes receiving a media identifier and an impression identifier from a device, the media identifier being indicative of media presented at the device; receiving the impression identifier in association with first user information from a first database proprietor as a result of the first database proprietor obtaining a first identifier sent from the device, the first identifier identifying at least one of the device or a user; receiving the impression identifier in association with second user information from a second database proprietor as a result of the second database proprietor obtaining a second identifier sent from the device, the second identifier identifying at least one of the device or the user; identifying the first and second user information as associated with a same user based on the impression identifier; and associating the first and second user information with the media identifier.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: January 12, 2016
    Assignee: The Nielsen Company (US), LLC
    Inventors: Alan N. Bosworth, Madhusudhan Reddy Alla, Steven J. Splaine, Brahmanand Reddy Shivampet, Kevin K. Gaynor
  • Patent number: 9237139
    Abstract: A system and method for controlling access to a protected network resource is provided. Access is controlled as follows. User credentials received with a request from a user for access to the protected network resource are checked against predetermined user information so as to authenticate the user; The request is made via a network access point located within a restricted area. The recorded location of the user is checked to determine whether the user is recorded as being within the restricted area. Access to the protected network resource is allowed if the user credentials are authenticated and the user is recorded as being within the restricted area. The user's network connection is monitored and, on detection that the user is disconnected from the network, the user is recorded as not located within the restricted area. Additional credentials are required from the user to support the user's request when the user is not recorded as being within the restricted area.
    Type: Grant
    Filed: November 2, 2007
    Date of Patent: January 12, 2016
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventor: Imran Shaikh
  • Patent number: 9237140
    Abstract: A user associated with a first organization is authenticated, via a meeting server, for participation in an online session hosted by a second organization. It is determined, via the meeting server, that the first organization requires the user to accept a first policy. It is also determined, via the meeting server, that the second organization requires the user to accept a second policy. The first policy and the second policy are presented to the user for acceptance.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: January 12, 2016
    Assignee: Cisco Technologies, Inc.
    Inventors: Eric Lerner, Isaac Eleftheriadis, Ruixiang Ray Liu, Ming He
  • Patent number: 9237141
    Abstract: Apparatus, systems, methods, and related computer program products for synchronizing distributed states amongst a plurality of entities and authenticating devices to access information and/or services provided by a remote server. Synchronization techniques include client devices and remote servers storing buckets of information. The client device sends a subscription request to the remote serve identifying a bucket of information and, when that bucket changes, the remote server sends the change to the client device. Authentication techniques include client devices including unique default credentials that, when presented to a remote server, provide limited access to the server. The client device may obtain assigned credentials that, when presented to the remote server, provide less limited access to the server.
    Type: Grant
    Filed: August 16, 2013
    Date of Patent: January 12, 2016
    Assignee: Google Inc.
    Inventors: Jay D. Logue, Senthilvasan Supramaniam, Osborne B. Hardison, Jared A. Luxenberg
  • Patent number: 9237142
    Abstract: A user of a mobile communications device may access services in a target domain using a source domain identity that is used to access services in a source domain. To enable such a use of the source domain identity in the target domain, the source domain identity may first be enrolled in the target domain. The enrollment may be facilitated by an enrollment entity at the target domain, such as a gateway or an OpenID server for example. The enrollment entity may establish a secure channel with the user's device for enabling enrollment of the source domain identity. Once enrolled, the source domain identity may be used for authentication of the user in the target domain. Enrollment of the source domain identity and/or authentication of the user based on the enrolled source domain identity may be implemented using a local OpenID provider (OP) residing on the user's device.
    Type: Grant
    Filed: January 6, 2012
    Date of Patent: January 12, 2016
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Inhyok Cha, Andreas Schmidt, Andreas Leicher
  • Patent number: 9237143
    Abstract: Authentication employs a classification that monitors content of authentication requests and results and assigns and records risk values identifying low-risk sources making normal authentication requests and high-risk sources making abnormal authentication requests indicative of fraud activity. Then for low-risk sources, a normal authentication process is employed having differential success/fail behavior exposing information about an enumerable system resource, such as a user account. Example differential behavior includes (a) granting access when a request identifies a valid user account, and (b) otherwise denying access, enabling an attacker to learn whether a guessed value identifies an existing account.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: January 12, 2016
    Assignee: EMC Corporation
    Inventors: Yedidya Dotan, Lakshmi Suresh, John Watts, Paul Dennis
  • Patent number: 9237144
    Abstract: The invention discloses a method, a device and a system for verifying based on a verification diagram, and a storage medium, and the method includes: generating an input interface diagram according to a verification diagram including a basic information element and verification information, where the input interface diagram includes the basic information element of the verification diagram except for the verification information; transmitting the verification diagram and the input interface diagram to a terminal; receiving sliding path information inputted on the input interface diagram presented on the terminal; and determining whether the sliding path information matches the verification information, and if so, the verification is successful.
    Type: Grant
    Filed: April 4, 2014
    Date of Patent: January 12, 2016
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Ningguo Chen, Jianwei Deng, Songjian Wang, Ruizhou Wu, Yun Zhang, Lijuan Zhao, Cong Fu, Ruting Chen
  • Patent number: 9237145
    Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
    Type: Grant
    Filed: April 30, 2014
    Date of Patent: January 12, 2016
    Assignee: Oracle International Corporation
    Inventors: Ajay Sondhi, Ravi Hingarajiya, Shivaram Bhat, Wai Leung William Wong
  • Patent number: 9237146
    Abstract: Methods and systems for verifying a user's identity on a computing device using two-factor authentication are described. More particularly, the system utilizes a personal identification number input by a user, together with one or more of a secure browsing feature, a device fingerprint, and a token generator to authenticate the user on the computer.
    Type: Grant
    Filed: June 11, 2014
    Date of Patent: January 12, 2016
    Assignee: United Services Automobile Association
    Inventors: Debra Casillas, Richard Andrew Davey, Michael Frank Morris, Maland Keith Mortensen, John David Row, Thomas Buckingham
  • Patent number: 9237147
    Abstract: A remote access manager in a virtual computing services environment negotiates a time limited NAT routing rule to establish a connection between a remote device and virtual desktop resource providing user computing services. A series of NAT connection rules are revised in a dynamic manner such that a pool of ports is available to connect a plurality of remote users to local virtual compute resources over one or more public IP addresses. Once a connection is established, an entry is made in a firewall state table such that the firewall state table allows uninterrupted use of the established connection. After an entry has been made in the state table, or the routing rule has timed out, the port associated with the original NAT routing rule is removed and the same port can be re-used to establish another connection without disrupting active connections.
    Type: Grant
    Filed: February 16, 2015
    Date of Patent: January 12, 2016
    Assignee: VMware, Inc.
    Inventors: James Snow, Andrew W. Hobgood, Clinton B. Battersby
  • Patent number: 9237148
    Abstract: An apparatus and method of displaying a message on a display of a computing device. The message comprises at least a first attachment. At least a portion of the message is displayed to a user. The displayed portion comprises an identifier for the first attachment. In one embodiment, a security encoding indicator is associated with the identifier for the first attachment and displayed to the user. If a security encoding has been applied to the first attachment, the security encoding indicator indicates the security encoding applied to the first attachment.
    Type: Grant
    Filed: August 20, 2007
    Date of Patent: January 12, 2016
    Assignee: BlackBerry Limited
    Inventors: Michael K. Brown, Michael G. Kirkup, Michael S. Brown
  • Patent number: 9237149
    Abstract: An apparatus and a method for a certificate-based distributed policy system is described. A policy server receives over a communication channel a data structure associated with an object to be managed across a communication boundary between a client and the policy server. The policy server generates an object certificate upon validation of the object and validation of an initiator of the object. The data structure includes a serialized representation of public properties of the object, a hash of the object in a canonical serialized form, and a signature of the public properties and hash using the initiator's private key.
    Type: Grant
    Filed: February 27, 2009
    Date of Patent: January 12, 2016
    Assignee: Red Hat, Inc.
    Inventor: James Paul Schneider
  • Patent number: 9237150
    Abstract: A system for providing security for a personal password during an authentication process. The system combines the use of representative characters to disguise the characters of the password and the use of a separate verification code sent to the user for use in the authentication process. A server generates and sends both a set of representative characters and a verification code to a client device. The user then inputs a mixed string having the password and verification code interspersed in order using the representative characters in place of the characters of the password and verification code. The server then receives the input and determines whether the string of representative characters includes the password and verification code characters in the proper order.
    Type: Grant
    Filed: May 3, 2013
    Date of Patent: January 12, 2016
    Assignee: C3S PTE. LTD.
    Inventors: Ta Chun Yun, Viet Thang Nguyen
  • Patent number: 9237151
    Abstract: A method of operating a secure access module (SAM) includes receiving an operation parameter via a terminal from a management server, the operation parameter including a registered value indicating a permissible range for operation of the SAM, receiving an authentication request for providing a card-related service from the terminal when a corresponding card is coupled to the terminal, determining whether the SAM is within the permissible range for operation in response to the authentication request, and transmitting information on a determination result to the terminal.
    Type: Grant
    Filed: June 3, 2014
    Date of Patent: January 12, 2016
    Assignee: LG CNS CO., LTD.
    Inventor: Jo Geon You
  • Patent number: 9237152
    Abstract: A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository.
    Type: Grant
    Filed: June 14, 2014
    Date of Patent: January 12, 2016
    Assignee: CSIDENTITY CORPORATION
    Inventor: Harold E. Gottschalk Jr.
  • Patent number: 9237153
    Abstract: A method for automatically configuring at least one mobile device associated with a user, via a client software application stored on said mobile device using a token generated by a provisioning server and a hashed username with a publicly available redirect server.
    Type: Grant
    Filed: December 30, 2013
    Date of Patent: January 12, 2016
    Assignee: MITEL NETWORKS CORP.
    Inventors: Paulo Francisco, Martin Bitzinger
  • Patent number: 9237154
    Abstract: Described herein are systems, methods, and apparatus for automatically establishing secure connections to wireless networks using a wireless local area network access point which calls for acceptance of terms and conditions of use. During an initial connection, the user is prompted to review and accept terms and conditions associated with use of that wireless network. Once accepted, future connections at that or other access points, which use those same terms and conditions, occur free from user intervention.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: January 12, 2016
    Assignee: Intel Corporation
    Inventors: Necati Canpolat, Vivek Gupta
  • Patent number: 9237155
    Abstract: User-specified policies may be efficiently implemented and enforced with a distributed set of policy enforcement components. User-specified policies may be transformed into a normal form. Sets of normal form policies may be optimized. The optimized policies may be indexed and/or divided and provided to the distributed set of policy enforcement components. The distributed policy enforcement may have a sandbox mode and/or verification mode enabling policy configuration verification. With appropriate authorization, substitute data may be used in verification mode to evaluate requests with respect to policies. Evaluation results, relevant policies, and decision data utilized during request evaluation may be collected, filtered and reported at a variety of levels of detail. Originating user-specified policies may be tracked during the policy normalization process to enable reference to user-specified policies in verification mode reports.
    Type: Grant
    Filed: December 6, 2010
    Date of Patent: January 12, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Mark Cavage, Yunong Xiao, Bradley Jeffery Behm
  • Patent number: 9237156
    Abstract: A system is provided for managing protected data resources. The system includes a resource server configured to store the protected data resources and an authorization module coupled to the resource server and configured to store access protocols. The authorization module further is configured to receive a service request from a user via a client module, evaluate the service request based on the access protocols, and send an access token to the client module if the user satisfies the access protocols.
    Type: Grant
    Filed: May 7, 2013
    Date of Patent: January 12, 2016
    Assignee: salesforce.com, inc.
    Inventor: Chuck Mortimore
  • Patent number: 9237157
    Abstract: A device for processing and storing data is disclosed, which comprises a primary controller, a primary memory, a security element (SE), and at least one universal port, wherein the device for processing and storing data further includes a first additional port, via which the security element (SE) can directly interacts with a second external device to complete the processing and access of the data. The security element (SE) in the device for processing and storing data disclosed herein can work independently without being effected by the condition whether the primary memory is performing the data read/write process, and supports the single wire protocol (SWP).
    Type: Grant
    Filed: July 11, 2012
    Date of Patent: January 12, 2016
    Assignee: CHINA UNIONPAY CO., LTD.
    Inventors: Zhibo Zhang, Yanjun Xu, Changsheng Shan, Xiaobin Yu, Wenwen Yu, Yu Cao
  • Patent number: 9237158
    Abstract: A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.
    Type: Grant
    Filed: February 24, 2014
    Date of Patent: January 12, 2016
    Assignee: Cisco Technology, Inc.
    Inventor: Michael R. Smith
  • Patent number: 9237159
    Abstract: The disclosure comprises methods, devices and computer programs to provide interoperability between incompatible security architectures, protocols, or domains. Policy rules of an authorization protocol are applied to an access request made in an enforcement protocol, and a result of the application are produced. A decision may be made as to whether to issue/reissue an authorization of the access request based on the result of applying the policy rules to the access request. Other embodiments are also provided.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: January 12, 2016
    Assignee: EDMOND SCIENTIFIC COMPANY
    Inventor: Anthony J. Mallia
  • Patent number: 9237160
    Abstract: A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data representing a probability of accuracy of a characterization of network traffic content, and associating each of the plurality of data with a technique for characterizing network traffic content. A method for categorizing network traffic content includes determining a characterization of the network traffic content, determining a weight value associated with the characterization, and categorizing network traffic content based at least in part on the characterization of the network traffic content and the weight value.
    Type: Grant
    Filed: May 22, 2014
    Date of Patent: January 12, 2016
    Assignee: Fortinet, Inc.
    Inventor: Michael Xie