Including Authentication Patents (Class 380/229)
  • Patent number: 10277577
    Abstract: A processor-implemented method for authenticating a login without a password. The method includes: receiving a request to authenticate a login, the request including a user identifier and excluding a password; based on the user identifier, identifying a device to be used to authenticate the login; and in response to determining that a login confirmation message has been received from the identified device, authenticating the login.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: April 30, 2019
    Assignee: nadaPASS, Inc.
    Inventor: Jay Lawrence Cox
  • Patent number: 10177918
    Abstract: A user permission check system with less CPU throughput while ensuring non-repudiation is provided. In order to solve the above-described problem, in the present invention firstly, a MAC function that does not require a CPU to have high processing power is utilized. Additionally, a message is encrypted with a plurality of secret keys and the plurality of keys are distributed to a plurality of servers to make them have the keys in order to ensure validity of the message as a proof of non-repudiation. Subsequently, each server proves the validity of the message within its own range and the validity of the message is ensured by aggregating these individual results, thereby implementing the non-repudiation.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: January 8, 2019
    Assignee: HITACHI, LTD.
    Inventors: Kota Ideguchi, Eriko Ando
  • Patent number: 10097345
    Abstract: Technology, implemented in digital hardware, software, or combination thereof, for completing Secure Hash Algorithm (SHA-2) computation with generating one new hash value at each clock cycle is described. The technology includes: using synchronous logic to store the computed values every alternate clock and combinational logic to process multiple rounds of SHA in each clock; completing hash calculation in unrolled modes; using efficient adders for most 32-bit adders to improve performance.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: October 9, 2018
    Assignee: PEERNOVA, INC.
    Inventors: Arvind Agrawal, Gangesh Kumar Ganesan
  • Patent number: 10092697
    Abstract: A container designed to contain a fluid medicament and adapted to cooperate with a delivery device for delivering the fluid medicament comprises an electrically operable sensor system for measuring at least one physical or chemical parameter value related to the container and/or fluid medicament therein, wherein the sensor system comprises an optical receiver designed to receive optical radiation energy and to transform said optical radiation energy into electrical energy for operating the sensor system.
    Type: Grant
    Filed: October 25, 2013
    Date of Patent: October 9, 2018
    Assignee: Sanofi-Aventis Deutschland GmbH
    Inventors: Christian Nessel, Daniel Auernhammer
  • Patent number: 10032008
    Abstract: A mobile device may perform authentication with an authenticating entity. The mobile device may comprise a plurality of sensors and a processor. The processor may be configured to: receive an authentication request from the authenticating entity requesting authentication information; and determine if the authentication request satisfies predefined user privacy preferences. If so, the processor may be configured to: retrieve the authentication information from at least one sensor to form a trust vector in response to the authentication request and to command transmission of the trust vector to the authenticating entity for authentication.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: July 24, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Jonathan Charles Griffiths, Eliza Yingzi Du, David William Burns, Muhammed Ibrahim Sezan
  • Patent number: 9979721
    Abstract: Disclosed are a method, server, client and system for verifying a verification code. The method includes: sending a verification picture to a client according to a verification request from the client; acquiring from the client voice information that is input by a user according to the verification picture; and processing the voice information and performing verification according to acquired voiceprint information and/or text information. The server includes a sending module, an acquiring module and a verifying module. The client includes a receiving module, an acquiring module and a sending module. The system includes a server and a client. It may be effectively distinguished as whether the verification code is submitted by the user or by others, such that the problem of manual coding is effectively solved, and the operating cost of the server side is reduced and the overhead is saved.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: May 22, 2018
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Jinxing Liu, Jie Tu, Guoping Yan, Jie Zhang, Xiaoqiang Fu, Yuanhui Xie
  • Patent number: 9971879
    Abstract: An authorized user obtains a packaging license that grants permission to use a particular recording device to generate multimedia content in accordance with specified license terms. The packaging license includes a content key that is used to encrypt the multimedia content at the point of capture on the recording device. The encrypted multimedia content can be transmitted via unsecure channels (for example, via electronic mail) to a networked content repository or an intended recipient. For playback, an authorized user obtains a playback license that grants permission to decrypt and playback the multimedia content using a particular playback device. An authorization server and a key management server are used to manage which users are entitled to receive a license, and to define the terms of the granted licenses. A record of the granted authorizations and licenses is maintained, thereby allowing access to a given content item to be audited.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: May 15, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: Joseph Steele, John Landwehr
  • Patent number: 9935934
    Abstract: A method and system for management access tokens is described. Access tokens for accessing third-party resources are stored and managed in a token repository. An access token may be obtained from a third-party resource. Once a user has authorized the system to access a third-party resource and unless that authorization is revoked, the user is not required to reauthorize the system in a pending or any subsequent interactive session, regardless of which shard of the system and third-party resource the user is connected to. The system can also use the authorization to execute scheduled requests for accessing or obtaining data from the third-party resource.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: April 3, 2018
    Assignee: MicroStrategy Incorporated
    Inventors: Luis Orozco, Gie Kian Siauw
  • Patent number: 9900308
    Abstract: A user mode control method and system based on iris recognition for mobile terminal are provided. When the mobile terminal receives an operation instruction of a user to start a display screen, iris feature data of the current user are scanned. The iris feature data of the current user are matched with iris feature data of users collected in advance, and the corresponding user mode is started when the match succeeds. The user mode control method and system prevents a stranger from accessing private data, and greatly improves security of the user data.
    Type: Grant
    Filed: September 2, 2014
    Date of Patent: February 20, 2018
    Assignee: HuiZhou TCL Mobile Communication Co., Ltd.
    Inventor: Yan Yang
  • Patent number: 9894055
    Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: February 13, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, David McGrew, Andrzej Kielbasinski
  • Patent number: 9843440
    Abstract: An encryptor/decryptor, an electronic device including the encryptor/decryptor, and a method of operating the encryptor/decryptor are provided. The method of operating the encryptor/decryptor includes distributing an input plaintext stream to a plurality of encryption/decryption cores by pieces of plaintext data; performing a first operation by a first encryption/decryption core from among the plurality of encryption/decryption cores; and encrypting the plaintext data to ciphertext data or decrypting the ciphertext data to the plaintext data by each of the plurality of encryption/decryption cores by using a result of performing the first operation in the first encryption/decryption core.
    Type: Grant
    Filed: July 2, 2015
    Date of Patent: December 12, 2017
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Hong-Mook Choi, Heon-Soo Lee, Sang-hyun Park
  • Patent number: 9814084
    Abstract: Exemplary embodiments of the present invention include a computer-implemented method, comprising: establishing, at a computing device on a network, a communication connection with a setup access point; generating a token identifier, wherein the token identifier includes identification data corresponding to the computing device; transmitting the token identifier; transmitting a query, wherein the query includes a request to establish a new communication connection with the setup access point when the communication connection is terminated; and receiving a communication including a response to the query, wherein the response indicates that a new communication connection has been established with the setup access point, and wherein the new communication connection is established using the token identifier.
    Type: Grant
    Filed: August 7, 2014
    Date of Patent: November 7, 2017
    Assignee: BELKIN INTERNATIONAL INC.
    Inventors: Gursharan Sidhu, Ryan Yong Kim, Venkata Subba Rao Pathuri, Naga Yerramsetti
  • Patent number: 9760708
    Abstract: [Object] To reduce the trouble of the authentication process necessary for cooperation between a plurality of devices or network services. [Solving Means] An information processing apparatus includes a communication unit, a storage unit, and a controller. The communication unit communicates with a first device, a second device, and a service on a network, the service having a resource on a user of the first device. The controller controls the communication unit so that the communication unit transmits, based on a request for obtaining an access right to the resource from the first device and permission information representing permission by the user with respect to the obtaining of the access right, a request for issuing an access token to the service, the access token representing the access right, and receives, from the service, the access token issued by the service.
    Type: Grant
    Filed: January 26, 2013
    Date of Patent: September 12, 2017
    Assignee: SONY CORPORATION
    Inventor: Masato Shimakawa
  • Patent number: 9729529
    Abstract: The present invention provides a device and a method in a device for authenticating the device for use in a network. The method includes requesting a first security context for use in securing a first type of communication, where as part of requesting the first security context, a second security context is jointly requested for use in securing a second type of communication. The first security context is then received and used to provide secure access and communication via the first type of communication. The second security context is then received and used to provide secure access and communication via the second type of communication.
    Type: Grant
    Filed: February 5, 2009
    Date of Patent: August 8, 2017
    Assignee: Google Technology Holdings LLC
    Inventors: Apostolis K Salkintzis, Michael F Coulas
  • Patent number: 9710808
    Abstract: Methods and systems are provided for the exchange of digital cash employing protocols for various entities to separately certify the validity of the parties, values and transactions while maintaining the anonymity of the buyer or user of the digital cash. Encrypted connections are established allowing various parties to enter into transactions to buy, sell, exchange and recover digital cash using a secure method that protects the personal information and identity of the user. The parties exchange tokens for other value in a transaction of financial settlement between themselves and wherein they are the only parties with knowledge of the amount and description of the transaction and in this way mimics a traditional cash transaction.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: July 18, 2017
    Inventor: Igor V. Slepinin
  • Patent number: 9692591
    Abstract: A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used.
    Type: Grant
    Filed: May 18, 2015
    Date of Patent: June 27, 2017
    Assignee: Certicom Corp.
    Inventor: Marinus Struik
  • Patent number: 9686257
    Abstract: In response to reception of a request, an authorization server system identifies authorization based on first authorization information received by a reception unit along with the request. The authorization server system gives at least some of the identified authorization to an application, and issues second authorization information for identifying the given authorization.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: June 20, 2017
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Yu Tamura
  • Patent number: 9680821
    Abstract: To provide enhanced operation of virtualized computing systems, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system to control access to data resources by virtual machines is provided. The method includes receiving an access token and an instantiation command from an end user system. Responsive to the instantiation command, the method includes instantiating a virtual machine identified by the instantiation command using the access token as user data for the virtual machine during instantiation. The method also includes, in the virtual machine, executing a security module responsive to instantiation that transfers the access token for delivery to an authorization system, receiving credentials responsive to the access token, and accessing a data resource using the credentials.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: June 13, 2017
    Assignee: Conjur, Inc.
    Inventors: Kevin Gilpin, Elizabeth Lawler
  • Patent number: 9648015
    Abstract: Secure authentication may be facilitated using a biometric-enabled transitory password authentication device. Exemplary implementations may facilitate secure payments and/or authentication via an application running on a user computing platform (e.g., a mobile device) simultaneously coordinating with both a server and the authentication device, which may act in some respects as an external hardware token. Exemplary implementations may rely on combining three parameters to establish a three-factor based approach to authentication in a fraud-free manner for digital wallets, third-party software, and/or other purposes. The three-factor based approach to authentication may require something the user possesses (e.g., the authentication device), something the user is (e.g., a biometric identifier such as a fingerprint), and something the user knows (e.g., an image or numeric based pin used to unlock the authentication device).
    Type: Grant
    Filed: November 11, 2014
    Date of Patent: May 9, 2017
    Assignee: HYPR CORP.
    Inventors: George Avetisov, Roman Kadinsky, Bojan Simic
  • Patent number: 9608977
    Abstract: A tool for credential validation using multiple computing devices. The tool select at least one challenge question. The tool selects two or more user owned devices, wherein selecting the two or more user owned devices includes querying a database for each user owned device associated with a user account. The tool presents the at least one challenge question to the two or more user owned devices. The tool determines whether the at least one response received from the two or more user owned devices is a correct response relative to the at least one challenge question.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: March 28, 2017
    Assignee: International Business Machines Corporation
    Inventors: Gregory J. Boss, Andrew R. Jones, Charles S. Lingafelt, Kevin C. McConnell, John E. Moore, Jr.
  • Patent number: 9600508
    Abstract: Disclosed are various embodiments for a token management application. A data block tokenization call to a data layer service fails when a data store is unavailable. The token management application issues a temporary data token to the service calling the data layer service. The token management application completes the data block tokenization call on behalf of the service to obtain a valid data token. The valid data token is then communicated to services having the temporary data token.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: March 21, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Yongjuan Zou, Srikanth Murali, Zhengqiang Xu
  • Patent number: 9600691
    Abstract: An apparatus and a method for displaying information required to be secured in a wireless communication terminal are provided. The method includes recognizing generation of notification information of one or more processes activated in a first operation mode among a plurality of operation modes including the first operation mode and a second operation mode; and notifying a user of a part of the notification information when a current operation mode is the second operation mode.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: March 21, 2017
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Younkyu Heo, Youngkyoo Kim, Mooyoung Kim, Minjung Kim, Dongho Jang, Jaebong Chun
  • Patent number: 9529512
    Abstract: A wireless server access control system comprising a wireless server generating a local wireless communications network, the wireless server having a processor and a plurality of redundant data memory devices. A first wireless device coupled to the wireless server through the local wireless communications network. An access control system operating on the wireless server, the access control system configured to generate a user control on a user interface of the first wireless device to allow a user to permit or deny access to the processor and the data memory devices of the wireless server by a second wireless device through the local wireless communications network.
    Type: Grant
    Filed: January 27, 2015
    Date of Patent: December 27, 2016
    Assignee: MYTH INNOVATIONS, INC.
    Inventors: James Albert Luckett, Jr., Chad Michael Rowlee, Shengli Fu
  • Patent number: 9501664
    Abstract: Techniques and mechanisms to detect and compensate for drift by a physically uncloneable function (PUF) circuit. In an embodiment, first state information is registered as reference information to be made available for subsequent evaluation of whether drift by PUF circuitry has occurred. The first state information is associated with a first error correction strength. The first state information is generated based on a first PUF value output by the PUF circuitry. In another embodiment, second state information is determined based on a second PUF value that is output by the PUF circuitry. An evaluation of whether drift has occurred is performed based on the first state information and the second state information, the evaluation including determining whether a threshold error correction strength is exceeded concurrent with a magnitude of error being less than the first error correction strength.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: November 22, 2016
    Assignee: Sandia Corporation
    Inventor: Jason Hamlet
  • Patent number: 9485094
    Abstract: Various embodiments of the invention allow to take advantage of the natural statistical variation of physical properties in a semiconductor device in order to create truly random, repeatable, and hard to detect cryptographic bits. In certain embodiments, this is accomplished by pairing mismatch values of PUF elements so as to ensure that PUF key bits generated thereform remain insensitive to environmental errors, without affecting the utilization rate of available PUF elements.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: November 1, 2016
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Pirooz Parvarandeh, Sung Ung Kwak
  • Patent number: 9436773
    Abstract: A method for internet communication is presented. An identifier is embedded in an internet-accessible computer readable medium, and an internet address is embedded in the internet-accessible computer readable medium in a relation to the identifier. The identifier is located to provide an identifier location, and the internet address is located based on the identifier location.
    Type: Grant
    Filed: April 20, 2012
    Date of Patent: September 6, 2016
    Assignee: The Boeing Company
    Inventor: James Michael Milstead
  • Patent number: 9392319
    Abstract: Systems and method are disclosed for performing profiling on a secure device. In embodiments, a plurality of counters are established. Each counter may be related to a different type of message. When the secure device receives and/or processes a message, it determines the type of message and adjusts a counter related to the determined message type. A ratio may be computed between the different counters. When the ratio deviates from a threshold, the secure device may be performing illegitimate operations, and one or more countermeasures are deployed against the illegitimate secure device.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: July 12, 2016
    Assignee: NAGRASTAR LLC
    Inventor: Gregory Duval
  • Patent number: 9350739
    Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: May 24, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
  • Patent number: 9350726
    Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.
    Type: Grant
    Filed: September 11, 2014
    Date of Patent: May 24, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
  • Patent number: 9323857
    Abstract: In a method for providing content-related information based on a digital watermark and fingerprint, the method includes: receiving a request for content-related information from a client terminal; using a watermark and a fingerprint of content to retrieve the requested content-related information from a database; and transmitting the retrieved content-related information to the client terminal.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: April 26, 2016
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Dong-Hyuck Im, Won Ryu, Il-Gu Jung, Seng-Kyoun Jo
  • Patent number: 9298901
    Abstract: A tool for credential validation using multiple computing devices. The tool selects at least one challenge question. The tool selects one or more user owned devices, wherein selecting the one or more user owned devices includes querying a database for each user owned device associated with a user account. The tool selects at least one device order, based, at least in part, on a level of security desired in credential validation. The tool presents the at least one challenge question to the one or more user owned devices, wherein the at least one challenge question includes the at least one device order for returning at least one response. The tools determines whether the at least one response received from the one or more user owned devices is a correct response relative to the at least one challenge question and the at least one device order.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: March 29, 2016
    Assignee: International Business Machines Corporation
    Inventors: Gregory J. Boss, Andrew R. Jones, Charles S. Lingafelt, Kevin C. McConnell, John E. Moore, Jr.
  • Patent number: 9135424
    Abstract: A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.
    Type: Grant
    Filed: March 5, 2010
    Date of Patent: September 15, 2015
    Assignee: PAYPAL, INC.
    Inventors: Sebastien Taveau, Hadi Nahari
  • Patent number: 9032538
    Abstract: A relay apparatus of a video and audio transmitting/receiving system delays a time before transmitting an authentication start instruction after an authentication start video signal being transmitted to a receiving apparatus. Accordingly, a problem that the receiving apparatus receives the authentication start instruction from the relay apparatus before locking the authentication start video signal and cannot perform authentication processing normally, leading to a failure in authentication. A correction time is decided based on a resolution of the authentication start video signal transmitted from the receiving apparatus and a combination of receiving apparatuses and transmitting apparatuses connected to the relay apparatus.
    Type: Grant
    Filed: May 17, 2012
    Date of Patent: May 12, 2015
    Assignee: Onkyo Corporation
    Inventor: Hiroki Okada
  • Patent number: 9027136
    Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.
    Type: Grant
    Filed: July 22, 2013
    Date of Patent: May 5, 2015
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
  • Patent number: 9015817
    Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.
    Type: Grant
    Filed: April 3, 2013
    Date of Patent: April 21, 2015
    Assignee: Symantec Corporation
    Inventors: Mingliang Pei, Liyu Yi, Ajay Ramamurthy, Mark Chan, Salil Sane
  • Patent number: 9015820
    Abstract: Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: April 21, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Amit Bhosle, Scott G. Carmack, Dhanvi Harsha Kapila, Shilpi Gupta, Mehul Jain, Sachin Purushottam Joglekar, Ashish Agrawal
  • Patent number: 9009832
    Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (ADs), which are coupled between HTTP clients and web application servers. The computing device automatically learns a new condition shared by a plurality of alert packages reported by the set of ADs due to a triggering of one or more rules that is indicative of a web application layer attack. The computing device automatically generates a new set of attribute values by analyzing the plurality of alert packages to identify the condition shared by the plurality of alert packages, and transmits the new set of attribute values for delivery to the set of ADs for a different rule to be used to protect against the web application layer attack from the HTTP clients or any other HTTP client.
    Type: Grant
    Filed: July 22, 2013
    Date of Patent: April 14, 2015
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
  • Patent number: 9009077
    Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.
    Type: Grant
    Filed: March 22, 2011
    Date of Patent: April 14, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kevin Lau, Scott Plette, Clifford P. Strom, Alex McKelvey, Jonathan Billings
  • Patent number: 9003488
    Abstract: Described are various embodiments of a system and method in which device-identifying data can be used to uniquely recognize and optionally track and report on device activity at one or more hotspot locations by way of the creation and management of a device profile uniquely associated with such devices and stored in a network accessible knowledge base.
    Type: Grant
    Filed: November 1, 2012
    Date of Patent: April 7, 2015
    Assignee: Datavalet Technologies
    Inventors: Ron Spencer, Tom Camps, Chris Burchett, Brad Gagne, Rob Madge, Ray Scobie
  • Patent number: 9003491
    Abstract: Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway.
    Type: Grant
    Filed: December 13, 2011
    Date of Patent: April 7, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Shai Herzog, Johannes Klein, Alexandru Gavrilescu
  • Patent number: 8997232
    Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (AD), which are coupled between HTTP clients and web application servers. The computing device learns a new set of attribute values for a set of attribute identifiers for each of a sequence of rules through an iterative process having a plurality of iterations. The iterative process begins with an attack specific rule, and the sequence of rules includes an attacker specific rule and another attack specific rule. Each iteration includes receiving a current alert package from one of the ADs sent responsive to a set of packets carrying a web application layer request meeting a condition of a current rule used by the AD, automatically generating a new set of attribute values based upon the current alert package, and transmitting the new set of attribute values to the set of ADs.
    Type: Grant
    Filed: July 22, 2013
    Date of Patent: March 31, 2015
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
  • Patent number: 8990899
    Abstract: Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system. A memory stores information on a first validity range comprising position coordinates for a module seeking to access the computing system and a second validity range comprising position coordinates for a location authorization extension for a computing system. A determination is made of a first position signal from a first receiver of the module and of a second position signal from a second receiver of the location authorization module. Determinations are made as to whether the first position signal is within the first validity range and whether the second position signal is within the second validity range. The module is granted access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range.
    Type: Grant
    Filed: November 27, 2012
    Date of Patent: March 24, 2015
    Assignee: International Business Machines Corporation
    Inventors: Jens-Peter Akelbein, Wolfgang Mueller-Friedt
  • Patent number: 8978124
    Abstract: A system receives a request to store a document in a database, receives a user security token, analyzes the document to determine an adjudicated security level for the document, compares the user security token to the adjudicated security level, stores the document when the user security token is equal to the adjudicated security level, when the user security token is not equal to the adjudicated security level, queries the user as to whether the document should be stored with the adjudicated security level, receives a response to the query from the user, stores the document when the user agrees to store the document with the adjudicated security level, and when the user does not agree to store the document with the adjudicated security level, transmits a message to a security officer and quarantine the document.
    Type: Grant
    Filed: October 16, 2012
    Date of Patent: March 10, 2015
    Assignee: Raytheon Company
    Inventors: Charles B. Bradley, II, Thomas D. Farley, Jason S. Nadeau
  • Patent number: 8949930
    Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.
    Type: Grant
    Filed: March 19, 2012
    Date of Patent: February 3, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Avinash Jaisinghani, Reto Kramer, Christopher Whitaker, Venkates P. Balakrishnan, Prashant Jayaraman, Richard C. Edwards, Jr.
  • Patent number: 8931098
    Abstract: A method includes: generating object information that indicates an object designated from among a header item, text, and attached information of a received email, or feature amount information based on the object information and a predetermined function, when a source is an address in an internal network, decrypting verification information added to the received email using secret key information shared in the internal network, when the source is an address over an external network, decrypting the verification information using public key information shared with the source, and verifying whether or not the received email is a spoofed mail based on the object information or the feature amount information, and the decrypted verification information.
    Type: Grant
    Filed: March 11, 2013
    Date of Patent: January 6, 2015
    Assignee: Fujitsu Limited
    Inventors: Takashi Yoshioka, Hiroshi Tsuda
  • Patent number: 8914841
    Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.
    Type: Grant
    Filed: November 23, 2011
    Date of Patent: December 16, 2014
    Assignee: Tufin Software Technologies Ltd.
    Inventor: Reuven Harrison
  • Patent number: 8904498
    Abstract: Methods for automating the entry of password information and other user credentials into native and web-based computing applications are described. In some embodiments, an end user identity and a corresponding authentication level may be determined during an unlock event or during operation of a computing device. The end user identity may be determined by capturing biometric characteristics of an end user of the computing device (e.g., by performing facial recognition and/or voice recognition). Upon the detection of an authentication request from an application running on the computing device, the end user identity and the corresponding authentication level may be used to acquire and provide user credentials for authenticating the end user to the application.
    Type: Grant
    Filed: October 17, 2012
    Date of Patent: December 2, 2014
    Assignee: CA, Inc.
    Inventors: David Tootill, Marcel den Hartog
  • Patent number: 8898766
    Abstract: A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application.
    Type: Grant
    Filed: April 10, 2012
    Date of Patent: November 25, 2014
    Assignee: Spotify AB
    Inventors: Sten Garmark, Nicklas Söderlind, Samuel Cyprian, Aron Levin, Hannes Graah, Erik Hartwig, Gunnar Kreitz
  • Patent number: 8898451
    Abstract: A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection.
    Type: Grant
    Filed: August 21, 2013
    Date of Patent: November 25, 2014
    Assignee: Trend Micro Incorporated
    Inventors: Dale Sabo, Gerrard Eric Rosenquist
  • Patent number: 8880882
    Abstract: A request from a client system to perform computations on encrypted data is received at a server system. A request for a data key configured to decrypt the encrypted data is sent from the server system to the client system. The data key from the client system is received at the server system. The encrypted data is accessed at the server system. The encrypted data is decrypted using the data key to generate unencrypted data at the server system. The computations are performed on the unencrypted data to generate result data at the server system. The result data is provided to the client system.
    Type: Grant
    Filed: April 4, 2012
    Date of Patent: November 4, 2014
    Assignee: Google Inc.
    Inventors: Rahul S. Kulkarni, Satyan Coorg, Pankaj Risbood