Patents Issued in October 20, 2016
  • Publication number: 20160306949
    Abstract: A device may receive and store first device information (first information), associated with a media client device (media client), and a first security key (a first key) from a content provider network (CPN); and may receive a provisioning request from the media client, including second device information (second information), based on the media client detecting an absence of a physical network connection to receive media content. The device may compare the first information and the second information and may request a second security key (a second key) based on the first information matching the second information. The device may receive the second key from the media client and may compare the first key and the second key. The device may enable the media client to establish a secure connection to the CPN, via a network associated with the device, based on the first key matching the second key.
    Type: Application
    Filed: April 17, 2015
    Publication date: October 20, 2016
    Inventor: Kishore TALLAPANENI
  • Publication number: 20160306950
    Abstract: A media server is disclosed, and comprises one or more non-transitory computer-readable memory devices upon which at least one set of instructions are stored, one or more processors, a request module, an authentication module, a filtering module, a publishing module, and a commercialization module. The request module is electronically coupled with the one or more non-transitory computer-readable memory devices for requesting data associated with media content from one or more remote electronic devices electronically coupled with the media server.
    Type: Application
    Filed: November 18, 2014
    Publication date: October 20, 2016
    Inventor: Joseph Schuman
  • Publication number: 20160306951
    Abstract: An information processing device includes an acquisition unit configured to acquire developer identification information associated with an application program possessed by a user terminal, from the user terminal. A determination unit determines whether a developer of the application program indicated by the developer identification information is a developer who has made an advance request for authorization for use. A control unit controls execution of a function possessed by the information processing device, according to an instruction from the user terminal, when the developer of the application program indicated by the developer identification information is a developer who has made an advance request for authorization for use, and a content processing unit acquires a content based on the execution of the function, and associates the acquired content with information of the developer on which the determination has been performed.
    Type: Application
    Filed: November 25, 2014
    Publication date: October 20, 2016
    Inventors: Yosuke Hiratsuka, Kazuya Yokoyama
  • Publication number: 20160306952
    Abstract: Systems and methods are disclosed herein for an Automatic Content Recognition (ACR) system that determines whether affiliates are adhering to criteria set by content providers. The ACR system, using control circuitry, receives a portion of a media asset, determines a content signature for the portion of the media asset based on audio or visual information presented in the media asset, cross-references the content signature with a database listing a plurality of reference signatures that adhere to a criterion set by a content provider, determines whether the portion adheres to the criterion, and automatically notifies the content provider in response to determining that the portion does not adhere to the criterion. The ACR system includes storage circuitry to store the database.
    Type: Application
    Filed: May 4, 2016
    Publication date: October 20, 2016
    Inventors: Benjamin H. Maughan, Jason Manasse
  • Publication number: 20160306953
    Abstract: A method and system for multi-factor authentication. The method involves combining a plurality of authentication patterns into a combined secure pattern by inserting one or more spacing states into the one authentication pattern at locations based on the values of the another authentication pattern.
    Type: Application
    Filed: July 16, 2015
    Publication date: October 20, 2016
    Inventor: Bertrand F. Cambou
  • Publication number: 20160306954
    Abstract: A technology is disclosed that addresses the problem of identity verification while respecting the need to minimize intrusion upon the privacy and civil rights of users. The technology allows for quick deployment while minimizing the amount of information, capital, and time required for deployment by creating an unique identity code by combining biometric analytical data, without the need to save, transmit, or compare biometric images, with basic personal information such as name and account number to create readily to transmission and verification by issuing agencies or business.
    Type: Application
    Filed: December 2, 2014
    Publication date: October 20, 2016
    Inventor: Charles Curtis Hawkins
  • Publication number: 20160306955
    Abstract: In one embodiment, a first device includes: a first logic to generate a first token when a user adapts the first device in approximate contact to the user, the first token including a first timestamp; a storage to store the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and a communication module to communicate the first and second tokens to the second device to cause the second device to authenticate the user based at least in part on the first and second tokens. Other embodiments are described and claimed.
    Type: Application
    Filed: September 21, 2015
    Publication date: October 20, 2016
    Inventors: Jason Martin, Rahuldeva Ghosh, Cory Cornelius, Ian R. Oliver, Ramune Nagisetty, Steven B. McGowan
  • Publication number: 20160306956
    Abstract: The disclosure includes a system and method in which one or more virtual resources are presented to a secure element; and the one or more virtual resources are mapped to available resources based on a model architecture for the secure element in order to provide hardware abstraction, the available physical resources varying based on the model architecture and an associated host device, the virtual resources allowing consistent interaction with the virtual resources regardless of variation in the physical resources available and their location. The hardware abstraction increases the versatility of the secure element and may contribute to the secure element's functionality. The secure element providing functionality to replace most items carried in an individual's pockets, e.g., logical and physical keys, a thumb drive, identification, credit and debit cards, etc.
    Type: Application
    Filed: June 28, 2016
    Publication date: October 20, 2016
    Inventor: John Joseph Giobbi
  • Publication number: 20160306957
    Abstract: This application discloses an unlocking control method and apparatus for an intelligent terminal, including: detecting, when an intelligent terminal enters an unlocking interface, a touch gesture on a touch display of an intelligent terminal; and determining whether a trajectory node of the detected touch gesture and a stay time on the trajectory node are the same as a predetermined trajectory node and a predetermined stay time on the trajectory node, and if same, unlocking an intelligent terminal. By using the present disclosure, lock screen cracking difficulty may be increased, and security of a lock screen state may be improved.
    Type: Application
    Filed: June 30, 2016
    Publication date: October 20, 2016
    Inventor: Jia Qu
  • Publication number: 20160306958
    Abstract: Embodiments of the present invention provide methods and systems for numeric keypad encryption using an augmented reality device. The method may include establishing a secure connection to an augmented reality device. A random keypad layout is generated and sent to the augmented reality device. The random keypad layout is displayed in the augmented reality view over a real-world numeric keypad.
    Type: Application
    Filed: August 26, 2015
    Publication date: October 20, 2016
    Inventors: Eli M. Dow, Thomas D. Fitzsimmons, Joseph D. Harvey, Douglas E. Rohde
  • Publication number: 20160306959
    Abstract: A method of image-based authentication comprising the steps of: receiving a user input representing a first combination of a plurality of images; and performing user authentication according to a comparison of the received user input with a predetermined second combination of the images. By way of example, where a result of comparison indicates that the first combination is identical to the second combination, a user who provided the user input is successfully authenticated. Depending on the context in which the system is employed, an authenticated user may be allowed access to, for example, various services or items. Alternatively, an authenticated user may also be granted certain privileges. The method may be implemented in various security contexts requiring user authentication.
    Type: Application
    Filed: April 18, 2016
    Publication date: October 20, 2016
    Inventor: Stewart MCDIARMID
  • Publication number: 20160306960
    Abstract: An automatic train operation system includes a first control system configured to run a first software for controlling a first vehicle subsystem and a second control system configured to run a second software for controlling a second vehicle subsystem. The automatic train operation system also includes a software verification controller. The software verification controller is configured to identify a first identifier of the first software and a second identifier of the second software as a software configuration and determine whether the software configuration is preapproved. The software verification controller is also configured to, if the software configuration is preapproved, authorize the first control system and the second control system to run the first and second software.
    Type: Application
    Filed: April 17, 2015
    Publication date: October 20, 2016
    Applicant: Electro-Motive Diesel, Inc.
    Inventors: Venkata Swamy Reddy Gajulapalli, Russell Kubycheck, James Seaton, Alexander Shubs, JR., Ola Tannous
  • Publication number: 20160306961
    Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, a storage resource communicatively coupled to the processor, and a basic input/output system (BIOS) comprising a program of instructions executable by the processor and configured to cause the processor to initialize one or more information handling resources of the information handling system. The BIOS may be further configured to, during runtime of an operating system, receive an input/output request from the operating system to access a system partition instantiated on the storage resource, authenticate the input/output request, and responsive to authenticating the input/output request, provide a runtime service of the BIOS to complete the input/output request to the system partition.
    Type: Application
    Filed: April 17, 2015
    Publication date: October 20, 2016
    Inventors: Shekar Babu Suryanarayana, Sumanth Vidyadhara, Ankit Singh
  • Publication number: 20160306962
    Abstract: A first device requesting a second device to execute a task is provided. The first device includes a communication unit configured to communicate with the second device and a processor configured to transmit content for executing the task to the second device through the communication unit as an event for requesting execution of the task is generated, and receive result data obtained as the second device executes the task through the communication unit.
    Type: Application
    Filed: February 11, 2016
    Publication date: October 20, 2016
    Inventors: Jong-hyuk LEE, Hyok-Sung CHOI, Myung-jin EOM, In-dong LEE, Jung-kyuen LEE
  • Publication number: 20160306963
    Abstract: A computer device includes hardware with a connected peripheral device such as a camera or a microphone. An operating system is configured to operate the peripheral device using a device driver and a representative device object. An agent is configured to apply security attributes to the device object which permit access from a primary user account while preventing direct access to the device object by a secondary user account in a sandbox. The agent may intercept requests made toward the device object, examine each request, and then satisfy the request, when the request is allowed, by selectively arranging access to the device object from the sandboxed secondary user account.
    Type: Application
    Filed: April 13, 2016
    Publication date: October 20, 2016
    Inventors: Mark James AUSTIN, John GOODRIDGE
  • Publication number: 20160306964
    Abstract: A computer device and respective method provides a primary clipboard accessible from a primary user account, while a sandbox is used to isolate and contain a secondary user account. A secondary clipboard is provisioned and associated with the secondary user account. The computer device, via an agent, intercepts requests from the secondary user account such as for cut, copy or paste type clipboard operations which are ordinarily directed toward the primary clipboard, and satisfies those clipboard operation requests instead by using the secondary clipboard.
    Type: Application
    Filed: April 13, 2016
    Publication date: October 20, 2016
    Inventors: Mark James AUSTIN, Belaid BEZZAA
  • Publication number: 20160306965
    Abstract: Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).
    Type: Application
    Filed: April 20, 2015
    Publication date: October 20, 2016
    Inventors: Ravi Iyer, Devendra Badhani, Vijay Chauhan
  • Publication number: 20160306966
    Abstract: A computer-implemented method and computer program product for protecting a computer-driven system from a security threat. The computer-driven system includes a processor host running an operating system in a virtualized environment in communication over a network with a plurality of electronic devices. A set of protocols governs communications over the network between the processor and the devices. The method includes receiving a driver call made to a specific driver, the driver call being generated by the operating system in response to a system call made by an application as well as interrupting transmission of the driver call to the specific driver; and performing a series of paravirtualization processes.
    Type: Application
    Filed: April 14, 2016
    Publication date: October 20, 2016
    Inventors: Gita Srivastava, Piyush B. Srivastava
  • Publication number: 20160306967
    Abstract: A method, performed by a processor to detect malicious or risky data accesses is provided. The method includes modeling user accesses to a content repository as to probability of a user accessing data in the content repository, based on a history of user accesses to the content repository. The method includes scoring a singular user access to the content repository, based on probability of access according to the modeling and alerting in accordance with the scoring.
    Type: Application
    Filed: April 17, 2015
    Publication date: October 20, 2016
    Inventors: Michael Hart, Chetan Verma, Sandeep Bhatkar, Aleatha Parker-Wood
  • Publication number: 20160306968
    Abstract: Technologies for managing security threats on a computing system include detecting a security threat to the computing system, determining a plurality of mitigation scenarios to employ on the computing system to mitigate the security threat, and implementing the plurality of mitigation scenarios. Each mitigation scenario includes one or more threat mitigation actions to be taken by the computing system, one or more response systems of the computing system to perform the threat mitigation actions, and a temporal sequence in which the threat mitigation actions are to be taken. The results of each mitigation scenario is evaluated and a validated mitigation scenario is determined based on the results. A user of the computing device may be subsequently trained or habituated to mitigate the security threat by requesting interaction from the user during the implementation of the validated mitigation scenario in response to a threat scenario designed to replicate the security threat.
    Type: Application
    Filed: June 22, 2016
    Publication date: October 20, 2016
    Inventors: John C. Weast, Brian D. Johnson, Tobias M. Kohlenberg
  • Publication number: 20160306969
    Abstract: A method and system to verify active content at a server system include receiving, at the server system a communication (e.g., an e-mail message or e-commerce listing) that includes active content that is to be made accessible via the server system. At the server system, the active content is rendered to generate rendered active content. The rendered active content presents a representation of information and processes to which an end user will be subject. At the server system, the rendered active content is verified as not being malicious.
    Type: Application
    Filed: June 23, 2016
    Publication date: October 20, 2016
    Inventors: Chris Lalonde, Andrew Millard Brown, Mathew Gene Henley, Quang D. Pham, Kevin Black
  • Publication number: 20160306970
    Abstract: The method includes identifying an instance of software installed. The method further includes determining a fingerprint corresponding to the instance of software installed. The method further includes determining a security risk associated with the instance of software installed. The method further includes identifying a software management policy for the instance of software based upon the fingerprint, security risk, and designated purpose of the computing device. In one embodiment, the method further includes in response to identifying the software management policy, enforcing, by one or more computer processors, the software management policy on the instance of software installed on the computing device.
    Type: Application
    Filed: June 29, 2016
    Publication date: October 20, 2016
    Inventors: Jerome R. Bell, JR., Mari F. Heiser, Heather M. Hinton, Neil I. Readshaw, Karthik Sivakumar
  • Publication number: 20160306971
    Abstract: An automated malware identification and reverse engineering tool is provided. Subroutine categories may be learned by machine learning. A program may then be reverse-engineered and classified, and subroutines that are potentially indicative of malware may be identified. These subroutines may be reviewed by a reverse engineer to determine whether the program is malware in a more directed and efficient manner.
    Type: Application
    Filed: April 14, 2016
    Publication date: October 20, 2016
    Applicant: Los Alamos National Security, LLC
    Inventors: Blake Anderson, Curtis Storlie, Joseph Sexton
  • Publication number: 20160306972
    Abstract: The present disclosure provides a virus signature matching method, including: obtaining an inputted target file; loading a virus signature database, and successively extracting signature function identifiers from the virus signature database, the virus signature database comprising the signature function identifiers and virus signature type identifiers corresponding to the signature function identifiers; obtaining signature functions corresponding to the signature function identifiers, and checking the target file by invoking the signature functions, to obtain corresponding check results; and obtaining a virus signature type identifier corresponding to the target file according to the check results. In addition, a virus signature matching apparatus is further provided. The foregoing virus signature matching method and apparatus can improve virus scanning and removing efficiency.
    Type: Application
    Filed: February 13, 2015
    Publication date: October 20, 2016
    Applicant: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: JINGBING CUI, TAO YU, ZIPAN BAI
  • Publication number: 20160306973
    Abstract: A computing device (500) comprising an electronic storage (510) and an electronic processor (550) coupled to the storage, the storage storing a series of table networks (110, T1, T2), the processor being configured to compute an iterated function on a global data-input (121, w0) and a global state-input (121, s0) by applying table networks of the series of table networks, —a table network (112, 114, Ti) of the series being configured for a corresponding data-function (ƒi) and state-function (gi) and is configured to map a data-input (121, 122, si) to a data-output (122, 123, wi) according to the corresponding data-function (ƒi), and to simultaneously map a state-input (121, 122, si-1) to a state-output (122, 123, si) according to a state-function (gi), —the electronic processor being configured to iterate applying the series of table networks (T1, T2, T1, T2), a table network (T1) of the iteratively applied table networks to the global data-input (w0) and global state-input (s0), and a successive table networ
    Type: Application
    Filed: November 19, 2014
    Publication date: October 20, 2016
    Inventors: Alphons Antonius Maria Lambertus BRUEKERS, Paulus Mathias Hubertus Mechtildis Antonius GORISSEN, Ludovicus Marinus Gerardus Maria TOLHUIZEN, Hendrik Jan Jozef Hubertus SCHEPERS, Alan PESTRIN, Mina DENG
  • Publication number: 20160306974
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnormal discrepancy between: the input-unit gestures that were actually registered by the input unit, and the content that the electronic device reports as allegedly entered via such input units. A discrepancy or abnormality indicates that more-possibly a malware or automated script is controlling the electronic device, rather than a legitimate human user. Optionally, an input-output aberration or interference is injected, in order to check for manual corrective actions that only a human user, and not an automated script, is able to perform.
    Type: Application
    Filed: June 30, 2016
    Publication date: October 20, 2016
    Inventors: Avi Turgeman, Itai Novick
  • Publication number: 20160306975
    Abstract: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.
    Type: Application
    Filed: June 27, 2016
    Publication date: October 20, 2016
    Inventors: Andreas Schmidt, Andreas Leicher, Inhyok Cha, Sudhir B. Pattar, Yogendra C. Shah
  • Publication number: 20160306976
    Abstract: A first time software is loaded for execution by a device, the software stored in non-secure storage is authenticated. Authenticating the software may involve a cryptographic operation over the software and a digital signature of the software. A verification tag may be generated for the software if authentication of the software is successful, the verification tag based on the software and at least a device-specific secret data. The verification tag may be stored within the device. Each subsequent time the software is loaded for execution it may be verified (not authenticated) by using the verification tag to confirm that the software being loaded is the same as the one used to generate the verification tag while avoiding authentication of the software.
    Type: Application
    Filed: April 15, 2015
    Publication date: October 20, 2016
    Inventors: Alexander Gantman, David Merrill Jacobson
  • Publication number: 20160306977
    Abstract: An electronic device, such as a dynamic transaction card having an EMV chip, that acts as a TPM having a memory, an applet, and a cryptographic coprocessor performs secure firmware and/or software updates, and performs firmware and/or software validation for firmware and/or software that is stored on the electronic device. Validation may compare a calculated checksum with a checksum stored in EMV chip memory. If a checksum calculated for firmware and/or a software application matches a checksum stored in EMV chip memory of the transaction card, the transaction card may operate normally. If a checksum calculated for firmware and/or a software application does not match a checksum stored in EMV chip memory of the transaction card, the transaction card may freeze all capabilities, erase the memory of the transaction card, display data indicative of a fraudulent or inactive transaction card, and/or the like.
    Type: Application
    Filed: April 14, 2016
    Publication date: October 20, 2016
    Inventors: James ZARAKAS, David WURMFELD, Brennon YORK, Tyler LOCKE
  • Publication number: 20160306978
    Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.
    Type: Application
    Filed: June 20, 2016
    Publication date: October 20, 2016
    Inventors: Paul J. THADIKARAN, Nicholas D. TRIANTAFILLOU, Thomas R. BOWEN, Paritosh SAXENA
  • Publication number: 20160306979
    Abstract: A system comprising a memory device having executable instructions stored in the memory device, and a processing device, in response to the executable instructions, configured to prepare breach simulation tasks by reading configurations for types of breach scenarios and preparing a list of tasks to be simulated, send breach simulation tasks to simulator nodes, the simulator nodes simulating parties involved in the types of breach scenarios, execute the breach simulation tasks on the simulator nodes, receive results from the simulator nodes, determine that the parties report on a same result, determine that the parties report on successful results, and identify a successful breach based on the parties report on the same result and the parties report on the successful results.
    Type: Application
    Filed: April 20, 2015
    Publication date: October 20, 2016
    Inventors: Itzhak Kotler, Idan Livni, Dan Bar-Shalom, Guy Bejerano
  • Publication number: 20160306980
    Abstract: A system for analyzing a computing system for potential breach points, the system comprising a memory device having executable instructions stored therein, and a processing device, in response to the executable instructions, configured to parse a breach scenario file, the breach scenario file comprising a graph including action component nodes connected by edges, determine a root node from the action component nodes, execute the root node with breach point data, generate a root node return value based on the execution of the root node, the root node return value including a modified copy of the breach point data, determine children nodes from the action component nodes connected to the root node, execute the children nodes wherein each execution of the children nodes produces children node return values for a subsequent one of the children nodes, and return a final return value from the execution of the children nodes.
    Type: Application
    Filed: April 20, 2015
    Publication date: October 20, 2016
    Inventors: Itzhak Kotler, Idan Livni, Dan Bar-Shalom, Guy Bejerano
  • Publication number: 20160306981
    Abstract: Embodiments are disclosed for performing static and/or non-emulated dynamic analysis of mobile computing device software to improve app security testing. In the context of a method, an example embodiment includes processing, by a security analysis system, an app for analysis. This example embodiment of the method further includes analyzing the app by diagnostic circuitry of the security analysis system. In this regard, analyzing the app includes at least one of performing static analysis on the app or causing performance, by a lab rig, of non-emulated dynamic analysis on the app. In turn, this example embodiment further includes generating, by the security analysis system and based on analyzing the app, a set of risk issues presented by the app, and outputting, by the security analysis system, the set of risk issues. Corresponding apparatuses and computer program products are also provided.
    Type: Application
    Filed: April 18, 2016
    Publication date: October 20, 2016
    Inventors: Andrew Hoog, David Weinstein
  • Publication number: 20160306982
    Abstract: A system and method configured for providing a cryptographic platform for exchanging information. One or more information transactions including encrypted information may be generated and/or provided to a distributed ledger. The one or more information transactions may include information intended for one or more parties. Information transactions intended for one or more parties may be identified. An information transaction may include one or more of a transaction identifier associated with one or more parties, an information payload, and/or other information. The information payload may include encrypted information. The encrypted information may be encrypted with one or more public keys associated with one or more parties. One or more information transactions may be retrieved from the distributed ledger. The encrypted information may be decrypted with one or more private keys that correspond to the public keys. Presentation of the encrypted information to one or more parties may be facilitated.
    Type: Application
    Filed: June 15, 2016
    Publication date: October 20, 2016
    Inventors: Robert A. Seger, II, Christopher T. Finan
  • Publication number: 20160306983
    Abstract: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.
    Type: Application
    Filed: June 27, 2016
    Publication date: October 20, 2016
    Inventors: Kristin M. Hazlewood, John T. Peck, Krishna K. Yellepeddy
  • Publication number: 20160306984
    Abstract: Data storage systems are disclosed for automatically generating encryption rules based on a set of training files that are known to include sensitive information. The system may use a number of heuristic algorithms to generate one or more encryption rules for determining whether a file includes sensitive information. Further, the system may apply the heuristic algorithms to the content of the files, as determined by using natural language processing algorithms, to generate the encryption rules. Moreover, systems are disclosed that are capable of automatically determining whether to encrypt a file based on the generated encryption rules. The content of the file may be determined using natural language processing algorithms and then the encryption rules may be applied to the content of the file to determine whether to encrypt the file.
    Type: Application
    Filed: June 28, 2016
    Publication date: October 20, 2016
    Inventors: Arun Prasad AMARENDRAN, Tirthankar CHATTERJEE, Yun YUAN, Yongtao LIU
  • Publication number: 20160306985
    Abstract: An approach is provided in which a knowledge manager generates a knowledge structure that includes security annotation tokens and term tokens. Each of the security annotation tokens are stored in a parallel field and align to at least one of the term tokens. The knowledge manager matches security policies corresponding to a search request to one or more of the security annotation tokens and, in turn, generates search results based upon obfuscation of one or more of the term tokens aligned to the matched security annotation tokens.
    Type: Application
    Filed: April 16, 2015
    Publication date: October 20, 2016
    Inventors: Bridget B. Beamon, Bradley M. Debroni, Octavian F. Filoti, Bryan J. Kyle, Christopher M. Nolan
  • Publication number: 20160306986
    Abstract: A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder. Facial recognition is applied to the submitted files. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.
    Type: Application
    Filed: December 7, 2015
    Publication date: October 20, 2016
    Inventors: Mindy Zhang, Pranav Piyush, Jan Senderek
  • Publication number: 20160306987
    Abstract: A method for differentiated access control on a computing device having a connection with a second device, the method checking whether a timer has expired on the second device or if a connection is lost to the second device; and preventing at least one of the plurality of application subsets from being launched or enabled if the timer has expired on the second device or the connection is lost to the second device.
    Type: Application
    Filed: June 27, 2016
    Publication date: October 20, 2016
    Inventors: Michael Kenneth BROWN, Christopher Lyle BENDER, Herbert Anthony LITTLE, Michael Stephen BROWN
  • Publication number: 20160306988
    Abstract: Embodiments of the present disclosure provide a method, system and computer program product for providing a secure access to data in mobile devices by acquiring the data from one of a plurality of remote storage devices in response to receiving an access request for the data from one or more applications; storing the data in a secure memory space in the mobile device; providing the one or more applications with an access to the data in the secure memory space when a predetermined condition is satisfied, wherein the predetermined condition at least comprises the one or more applications having an access permission to the secure memory space.
    Type: Application
    Filed: April 11, 2016
    Publication date: October 20, 2016
    Inventors: Patrick Minggang Lu, Charlie Chao Chen, Grissom Tianqing Wang, Yong Que, Lu Lei
  • Publication number: 20160306989
    Abstract: There is disclosed a modular data storage and access platform with jurisdictional control. The platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services. In an embodiment, the platform enables approved third party value added SaaS applications to manipulate data stored on the modular data storage without removing the data from the platform.
    Type: Application
    Filed: April 18, 2016
    Publication date: October 20, 2016
    Applicant: Cicer One Technologies Inc.
    Inventor: Robert A. EMBLETON
  • Publication number: 20160306990
    Abstract: In one embodiment, a method includes receiving, from a third-party system, a data query requesting data items to be retrieved from hierarchical graphs associated with a social-networking system, each of the hierarchical graphs comprising one or more nodes, the one or more nodes representing one or more data items, respectively, and each of the data items having a particular one of a plurality of data types, wherein the data query corresponds to a data structure of the specific data type of the requested data items, determining, for each of the requested data items, whether the third-party system is authorized to access the data item based on a privacy setting associated with the requested data item, retrieving, based on the determining, each of the data items the third-party system is authorized to access, and sending, to a third-party system in response to the data query, each of the authorized data items.
    Type: Application
    Filed: June 28, 2016
    Publication date: October 20, 2016
    Inventors: Nicholas Hage Schrock, Lee Williams Byron, Daniel L. Schafer
  • Publication number: 20160306991
    Abstract: A graphical user interface for uploading an application data file may be generated by a computing platform and communicated to a computing device. The computing platform may receive the application data file from the computing device. A graphical user interface comprising a link configured to provide the computing device with access to a modified version of the application data file that comprises an element for tracking dissemination of the application data file may be generated by the computing platform and communicated to the computing device.
    Type: Application
    Filed: June 28, 2016
    Publication date: October 20, 2016
    Inventors: Andrea M. Weisberger, Dale Binder
  • Publication number: 20160306992
    Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.
    Type: Application
    Filed: June 28, 2016
    Publication date: October 20, 2016
    Inventors: David Callaghan, Ravisankar Pudipeddi, Geir Olsen, Sachin Patel, JianMing Zhou, Dylan D'Silva
  • Publication number: 20160306993
    Abstract: Methods, apparatuses, systems, and devices are described for providing data security. In one method, data security is provided for a computing device having a data storage drive. A predetermined geographical area within which access to the data storage drive of the computing device is permitted may be identified. A geographical location of the computing device also may be identified. When the identified geographical location of the computing device is outside of the identified geographical area, access to at least a portion of the data storage drive may be denied. When the identified geographical location of the computing device is within the identified geographical area, access to the portion (or all) of the data storage drive may be allowed.
    Type: Application
    Filed: June 28, 2016
    Publication date: October 20, 2016
    Applicant: SEAGATE TECHNOLOGY LLC
    Inventor: CATHERINE ELLEN SAND-SOLL
  • Publication number: 20160306994
    Abstract: In computer-based user authentication, a user performs an image-based log-in comprising a set of actions on at least one verification image on a display screen. Users are authenticated by a computer comparing the set of actions against a key definition for the verification image. The set of actions may include selecting a target location on the image, selecting target locations in a selected order and/or with a selected pattern, superimposing a target location with a selected overlay, covering target locations with overlays in a selected superimposing order and/or pattern. The user may define the set of actions and verification image to establish the log-in. The user may also establish or enhance security for a component of a multi-component password, which may be an image-based password; one method is to encrypt the position of at least one target location and to modify the encryption as frequently as desired.
    Type: Application
    Filed: June 30, 2016
    Publication date: October 20, 2016
    Inventor: Susan Olsen-Kreusch
  • Publication number: 20160306995
    Abstract: The techniques discussed herein facilitate the transmission, storage, and manipulation of data in an encrypted database management system (EDBMS). An untrusted machine is connected to a data store having encrypted records, a client machine that sends encrypted queries, and a trusted machine that receives and decrypts the encrypted records and encrypted queries. The trusted machine processes the query using semantically secure query operators to produce a query result. The trusted machine ensures the size of the query result conforms to an upper bound on the number or records in the query result and returns the query result.
    Type: Application
    Filed: April 17, 2015
    Publication date: October 20, 2016
    Inventors: Arvind Arasu, Kenneth Hiroshi Eguro, Ravishankar Ramamurthy, Kaushik Shriraghav
  • Publication number: 20160306996
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request to share data, determine metadata for the data to be shared, communicate the metadata to a social drive, where the social drive is separate from the electronic device and the data is not located on the social drive, and communicate the shared data to a member of the social drive when the member requests the data.
    Type: Application
    Filed: December 26, 2014
    Publication date: October 20, 2016
    Applicant: McAfee, Inc.
    Inventors: Dattatraya Kulkarni, Srikanth Nalluri, Venkatasubrahmanyam Krishnapur, Kaushal Dhruw, Kamlesh Halder, KranthiKumar Gadde, Susmita Nayak, Mitesh Kumar, Raj Vardhan, Alan Illia Lefort
  • Publication number: 20160306997
    Abstract: Universal cards are used in place of all the other traditional cards which a person may want to carry. The universal card can include a short range communications transceiver to communicate with a mobile device. The mobile device can include a user interface and an e-wallet application so that the user can interface with the e-wallet application for programming the universal card via the short range communication link. Once programmed, the universal card emulates a function of a traditional card.
    Type: Application
    Filed: April 18, 2016
    Publication date: October 20, 2016
    Inventors: Douglas A. Spodak, Ron Fridman
  • Publication number: 20160306998
    Abstract: A stack fusion architecture enables a cloud provider to provide Software-as-a-Service (SaaS) offerings to multiple organizations. Each organization operates a Infrastructure-as-a-Service (IaaS) platform and is associated with an organization domain. A cluster of software/communication services is deployed to each platform. Each IaaS platform is deployed to a data center and includes compute, storage, and network resources and an IaaS operating system. Users registered to an organization domain have access limited to the cluster uniquely associated with that domain. The architecture includes a globally accessible domain-to-cluster map used to map each cluster to the associated domain. A locally accessible user-to-cluster map is stored in each cluster to map that cluster to each user registered to the domain uniquely associated with that cluster.
    Type: Application
    Filed: June 30, 2016
    Publication date: October 20, 2016
    Inventors: Jonathan Rosenberg, Patrick Linskey, Reinhardt Quelle