Including Authentication Patents (Class 380/229)
  • Patent number: 10777030
    Abstract: The present invention provides a system and method for conditionally selecting biometric modalities for biometric authentication at authentication run time. The system and method employ programmatic logic to identify which biometric modalities to use for authenticating a user. The software module for selecting biometric modalities includes, a plurality of rules or conditional logic for selecting one or more biometric modalities required to authenticate a user requesting a secure action.
    Type: Grant
    Filed: January 14, 2020
    Date of Patent: September 15, 2020
    Assignee: ImageWare Systems, Inc.
    Inventor: David Harding
  • Patent number: 10742764
    Abstract: A method, apparatus and computer program product for displaying a web page. Metadata describing a web page is received by a client data processing system. The metadata defines what the web page looks like without content for the web page. The content needed for the web page based on the metadata is identified by the client data processing system. The content for the web page is obtained by the client data processing system. The web page using the metadata and the content is created by the client data processing system without using a markup language. The web page on a graphical user interface on the client data processing system is displayed by the client data processing system.
    Type: Grant
    Filed: July 27, 2015
    Date of Patent: August 11, 2020
    Assignee: ADP, LLC
    Inventors: Clint Myers, Amit Kumar Sharma, Vinay Shankri, Siju Varghese
  • Patent number: 10742612
    Abstract: In a network that includes a client, a server and one or more proxy entities that intercept network traffic between the client and the server, a computer-implemented method is provided including: establishing trust with a permissioned distributed database; computing hashes from packet payloads of network traffic originated, intercepted or received; storing the hashes to the permissioned distributed database so that the permissioned distributed database maintains hashes computed from packets of the network traffic originated, intercepted or received by the client, server and the one or more proxy entities; and validating the hashes by comparing, with each other, the hashes stored to the permissioned distributed database by the client, server and the one or more proxy entities to determine whether any packet payload of the network traffic was modified in transit.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: August 11, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Prashanth Patil, K. Tirumaleswar Reddy, Justin James Muller, Judith Ying Priest, Puneeth Rao Lokapalli
  • Patent number: 10733298
    Abstract: A controller of an information handling system (IHS) performs a method to detect tampering with functional components of IHS. Following a last authorized configuration change of locally-available information handling resources, a unique code is generated and stored with a time-stamped system log entry in a system memory. Prior to transit, a system management audit (SMA) log snapshot is generated and provided to an audit device for separately conveying to a recipient of the IHS. In response to powering up at least the controller of the IHS after transit, a current SMA log snapshot is obtained that includes a current SMA log entry and a current unique code. Access by an audit device is provided to the current SMA log snapshot to enable comparison to the SMA log snapshot created prior to transit for identifying whether there has been tampering with the IHS.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: August 4, 2020
    Assignee: Dell Products, L.P.
    Inventors: Mukund P. Khatri, Alaric J. N. Silveira
  • Patent number: 10719405
    Abstract: Methods and systems for efficiently capturing snapshots of a computing application or environment over time and transferring the snapshots to an integrated data management and storage system are described. A snapshot agent may detect that one or more electronic files associated with the computing application or environment are greater than a threshold file size and in response perform an incremental backup optimization in which the snapshot agent may identify files that have been touched since a previous snapshot by accessing file system metadata (e.g., last modified timestamps) or utilizing a tracking agent to detect potential file changes that have occurred since the previous snapshot was captured. The snapshot agent may then generate fingerprints for data blocks of the touched files, which may reduce the total number of fingerprints needing to be generated to identify the changed data blocks corresponding with a current snapshot to be transferred.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: July 21, 2020
    Assignee: RUBRIK, INC.
    Inventors: Jiangbin Luo, Biswaroop Palit, Guilherme Vale Ferreira Menezes
  • Patent number: 10672007
    Abstract: A settlement system includes a mobile terminal including a plurality of payment means for performing the payment process, and a reader/writer including an acquisition unit that sequentially inquires to the mobile terminal about each of a plurality of acceptable payment means and accepting a payment with one payment means specified among payment means confirmed to be present by the settlement acquisition unit by using a settlement unit corresponding to the one payment means, the mobile terminal further including a storage means that stores limitation information, and the reader/writer further includes a limitation information acquisition means that acquires the limitation information stored in the storage means, and an electronic money type narrowing down unit that stops inquiries by the acquisition unit when presence of payment means limited by the limitation information acquired by the limitation information acquisition means is confirmed by the acquisition unit.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: June 2, 2020
    Assignee: Rakuten, Inc.
    Inventor: Hideki Akashika
  • Patent number: 10652022
    Abstract: An authentication and encryption computer system is disclosed including processing devices, a network interface, and a data store. The authentication and encryption system is configured to maintain in the data store content common to a plurality of entities and content independently specified by each of the plurality of entities. The system is configured to receive a content request from an application executing on a mobile device, the content request comprising a secure access code corresponding to an entity, and the content request encrypted by the mobile device. An interface, comprising the content common to the plurality of entities, is customized to include content independently specified by the entity, wherein the content independently specified by the entity comprises a token value. A user request for an item presented via the interface is received and the token value is transferred to the entity.
    Type: Grant
    Filed: October 10, 2019
    Date of Patent: May 12, 2020
    Assignee: Oasis Medical, Inc.
    Inventor: Norman Craig Delgado
  • Patent number: 10630661
    Abstract: Techniques are described for wireless communication. A method of wireless communication at a transmitting wireless device includes generating a first Message Authentication Code (MAC) for a data packet based at least in part on a first security key used to communicate with a receiving wireless device; generating a second MAC for the data packet based at least in part on a second security key used to communicate with a relay user equipment (UE), in which the relay UE is included in a data routing path between the transmitting wireless device and the receiving wireless device; and transmitting the data packet to the relay UE with at least the first MAC and the second MAC.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: April 21, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Gavin Bernard Horn, Anand Palanigounder
  • Patent number: 10491592
    Abstract: Data from browser requests is added to a vector. If explicit identification information (username, cookie data, etc.) is present, the vector is associated with a pre-existing user record, which is then updated. If not, candidate user records may be identified according to correspondence with values in the vector. This may include comparing hashes of one or more values to identify similarities. Candidate vectors may be eliminated by identifying inconsistency in OS, device, and browser information. Probability assigned to each candidate vector may be adjusted, e.g., reduced, in response to inconsistency in other data relating to a browser, device, or of a more global nature, e.g. time zone, user attributes, etc. Records associated with different devices may be associated with one another by evaluating hashes of data values submitted by a user on the different devices. Where the hash values of two records intersect, they may be merged with one another.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: November 26, 2019
    Assignee: REFLEKTION, INC.
    Inventors: Ali Mazouchi, Amar Chokhawala
  • Patent number: 10484352
    Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.
    Type: Grant
    Filed: June 7, 2017
    Date of Patent: November 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mitica Manu, Baskar Sridharan, Raghunath Ramakrishnan, Sriram K. Rajamani, Victor V. Boyko, Pushkar Vijay Chitnis, Shastry M. C. Shankara, Ramarathnam Venkatesan
  • Patent number: 10475032
    Abstract: A computer-implemented method for tokenless authentication of a paying consumer during a payment transaction uses a computing device having a processor and a memory. The method includes receiving a plurality of biometric data sets for a plurality of consumers. Each biometric data set includes at least a biometric image of a consumer and an associated payment account identifier. The method also includes receiving, from a first biometric input device communicatively coupled to the processor, a first biometric image of the paying consumer including an iris image. The method further includes determining a payment account associated with the paying consumer based on at least the first biometric image and the plurality of biometric data sets. The method also includes authenticating use of the payment account by the paying consumer for a payment transaction at the retail location by comparing the first biometric image to the plurality of biometric data sets.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: November 12, 2019
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Debashis Ghosh, Randy Shuken, Mary Elizabeth Lesbirel
  • Patent number: 10425814
    Abstract: An iris biometric recognition module includes technology for capturing images of an iris of an eye of a person, whether the person is moving or stationary. The iris biometric recognition technology can perform an iris matching procedure for, e.g., authentication or identity purposes, by comparing a digital iris image to a reference iris image and, if the digital and reference iris images match, authenticating a person as authorized to access a first device and transmitting a wireless communication from the first device to a second device.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: September 24, 2019
    Assignee: Princeton Identity, Inc.
    Inventors: Steven N. Perna, Mark A. Clifton, Jongjin Kim, Bobby S. Varma, Stephen J. Piro, Barry E. Mapen, Kevin P. Richards, David Alan Ackerman, Ann-Marie Lanzillotto, David J. Wade, Timothy J. Davis, Michael P. Fleisch, Jitendra J. Bhangley, Glen J. Van Sant
  • Patent number: 10417191
    Abstract: Transmitting filesystem changes over a network is disclosed. A hash of data comprising a chunk of directory elements comprising one or more consecutive directory elements in a set of elements sorted in a canonical order is computed at a client system. One or more directory elements comprising the chunk are sent to a remote server in the event it is determined based at least in part on the computed hash that corresponding directory elements as stored on the remote server are not identical to the directory elements comprising the chunk as stored on the client system.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: September 17, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Mark Huang, Curtis Anderson, R. Hugo Patterson
  • Patent number: 10277577
    Abstract: A processor-implemented method for authenticating a login without a password. The method includes: receiving a request to authenticate a login, the request including a user identifier and excluding a password; based on the user identifier, identifying a device to be used to authenticate the login; and in response to determining that a login confirmation message has been received from the identified device, authenticating the login.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: April 30, 2019
    Assignee: nadaPASS, Inc.
    Inventor: Jay Lawrence Cox
  • Patent number: 10177918
    Abstract: A user permission check system with less CPU throughput while ensuring non-repudiation is provided. In order to solve the above-described problem, in the present invention firstly, a MAC function that does not require a CPU to have high processing power is utilized. Additionally, a message is encrypted with a plurality of secret keys and the plurality of keys are distributed to a plurality of servers to make them have the keys in order to ensure validity of the message as a proof of non-repudiation. Subsequently, each server proves the validity of the message within its own range and the validity of the message is ensured by aggregating these individual results, thereby implementing the non-repudiation.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: January 8, 2019
    Assignee: HITACHI, LTD.
    Inventors: Kota Ideguchi, Eriko Ando
  • Patent number: 10097345
    Abstract: Technology, implemented in digital hardware, software, or combination thereof, for completing Secure Hash Algorithm (SHA-2) computation with generating one new hash value at each clock cycle is described. The technology includes: using synchronous logic to store the computed values every alternate clock and combinational logic to process multiple rounds of SHA in each clock; completing hash calculation in unrolled modes; using efficient adders for most 32-bit adders to improve performance.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: October 9, 2018
    Assignee: PEERNOVA, INC.
    Inventors: Arvind Agrawal, Gangesh Kumar Ganesan
  • Patent number: 10092697
    Abstract: A container designed to contain a fluid medicament and adapted to cooperate with a delivery device for delivering the fluid medicament comprises an electrically operable sensor system for measuring at least one physical or chemical parameter value related to the container and/or fluid medicament therein, wherein the sensor system comprises an optical receiver designed to receive optical radiation energy and to transform said optical radiation energy into electrical energy for operating the sensor system.
    Type: Grant
    Filed: October 25, 2013
    Date of Patent: October 9, 2018
    Assignee: Sanofi-Aventis Deutschland GmbH
    Inventors: Christian Nessel, Daniel Auernhammer
  • Patent number: 10032008
    Abstract: A mobile device may perform authentication with an authenticating entity. The mobile device may comprise a plurality of sensors and a processor. The processor may be configured to: receive an authentication request from the authenticating entity requesting authentication information; and determine if the authentication request satisfies predefined user privacy preferences. If so, the processor may be configured to: retrieve the authentication information from at least one sensor to form a trust vector in response to the authentication request and to command transmission of the trust vector to the authenticating entity for authentication.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: July 24, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Jonathan Charles Griffiths, Eliza Yingzi Du, David William Burns, Muhammed Ibrahim Sezan
  • Patent number: 9979721
    Abstract: Disclosed are a method, server, client and system for verifying a verification code. The method includes: sending a verification picture to a client according to a verification request from the client; acquiring from the client voice information that is input by a user according to the verification picture; and processing the voice information and performing verification according to acquired voiceprint information and/or text information. The server includes a sending module, an acquiring module and a verifying module. The client includes a receiving module, an acquiring module and a sending module. The system includes a server and a client. It may be effectively distinguished as whether the verification code is submitted by the user or by others, such that the problem of manual coding is effectively solved, and the operating cost of the server side is reduced and the overhead is saved.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: May 22, 2018
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Jinxing Liu, Jie Tu, Guoping Yan, Jie Zhang, Xiaoqiang Fu, Yuanhui Xie
  • Patent number: 9971879
    Abstract: An authorized user obtains a packaging license that grants permission to use a particular recording device to generate multimedia content in accordance with specified license terms. The packaging license includes a content key that is used to encrypt the multimedia content at the point of capture on the recording device. The encrypted multimedia content can be transmitted via unsecure channels (for example, via electronic mail) to a networked content repository or an intended recipient. For playback, an authorized user obtains a playback license that grants permission to decrypt and playback the multimedia content using a particular playback device. An authorization server and a key management server are used to manage which users are entitled to receive a license, and to define the terms of the granted licenses. A record of the granted authorizations and licenses is maintained, thereby allowing access to a given content item to be audited.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: May 15, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: Joseph Steele, John Landwehr
  • Patent number: 9935934
    Abstract: A method and system for management access tokens is described. Access tokens for accessing third-party resources are stored and managed in a token repository. An access token may be obtained from a third-party resource. Once a user has authorized the system to access a third-party resource and unless that authorization is revoked, the user is not required to reauthorize the system in a pending or any subsequent interactive session, regardless of which shard of the system and third-party resource the user is connected to. The system can also use the authorization to execute scheduled requests for accessing or obtaining data from the third-party resource.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: April 3, 2018
    Assignee: MicroStrategy Incorporated
    Inventors: Luis Orozco, Gie Kian Siauw
  • Patent number: 9900308
    Abstract: A user mode control method and system based on iris recognition for mobile terminal are provided. When the mobile terminal receives an operation instruction of a user to start a display screen, iris feature data of the current user are scanned. The iris feature data of the current user are matched with iris feature data of users collected in advance, and the corresponding user mode is started when the match succeeds. The user mode control method and system prevents a stranger from accessing private data, and greatly improves security of the user data.
    Type: Grant
    Filed: September 2, 2014
    Date of Patent: February 20, 2018
    Assignee: HuiZhou TCL Mobile Communication Co., Ltd.
    Inventor: Yan Yang
  • Patent number: 9894055
    Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: February 13, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, David McGrew, Andrzej Kielbasinski
  • Patent number: 9843440
    Abstract: An encryptor/decryptor, an electronic device including the encryptor/decryptor, and a method of operating the encryptor/decryptor are provided. The method of operating the encryptor/decryptor includes distributing an input plaintext stream to a plurality of encryption/decryption cores by pieces of plaintext data; performing a first operation by a first encryption/decryption core from among the plurality of encryption/decryption cores; and encrypting the plaintext data to ciphertext data or decrypting the ciphertext data to the plaintext data by each of the plurality of encryption/decryption cores by using a result of performing the first operation in the first encryption/decryption core.
    Type: Grant
    Filed: July 2, 2015
    Date of Patent: December 12, 2017
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Hong-Mook Choi, Heon-Soo Lee, Sang-hyun Park
  • Patent number: 9814084
    Abstract: Exemplary embodiments of the present invention include a computer-implemented method, comprising: establishing, at a computing device on a network, a communication connection with a setup access point; generating a token identifier, wherein the token identifier includes identification data corresponding to the computing device; transmitting the token identifier; transmitting a query, wherein the query includes a request to establish a new communication connection with the setup access point when the communication connection is terminated; and receiving a communication including a response to the query, wherein the response indicates that a new communication connection has been established with the setup access point, and wherein the new communication connection is established using the token identifier.
    Type: Grant
    Filed: August 7, 2014
    Date of Patent: November 7, 2017
    Assignee: BELKIN INTERNATIONAL INC.
    Inventors: Gursharan Sidhu, Ryan Yong Kim, Venkata Subba Rao Pathuri, Naga Yerramsetti
  • Patent number: 9760708
    Abstract: [Object] To reduce the trouble of the authentication process necessary for cooperation between a plurality of devices or network services. [Solving Means] An information processing apparatus includes a communication unit, a storage unit, and a controller. The communication unit communicates with a first device, a second device, and a service on a network, the service having a resource on a user of the first device. The controller controls the communication unit so that the communication unit transmits, based on a request for obtaining an access right to the resource from the first device and permission information representing permission by the user with respect to the obtaining of the access right, a request for issuing an access token to the service, the access token representing the access right, and receives, from the service, the access token issued by the service.
    Type: Grant
    Filed: January 26, 2013
    Date of Patent: September 12, 2017
    Assignee: SONY CORPORATION
    Inventor: Masato Shimakawa
  • Patent number: 9729529
    Abstract: The present invention provides a device and a method in a device for authenticating the device for use in a network. The method includes requesting a first security context for use in securing a first type of communication, where as part of requesting the first security context, a second security context is jointly requested for use in securing a second type of communication. The first security context is then received and used to provide secure access and communication via the first type of communication. The second security context is then received and used to provide secure access and communication via the second type of communication.
    Type: Grant
    Filed: February 5, 2009
    Date of Patent: August 8, 2017
    Assignee: Google Technology Holdings LLC
    Inventors: Apostolis K Salkintzis, Michael F Coulas
  • Patent number: 9710808
    Abstract: Methods and systems are provided for the exchange of digital cash employing protocols for various entities to separately certify the validity of the parties, values and transactions while maintaining the anonymity of the buyer or user of the digital cash. Encrypted connections are established allowing various parties to enter into transactions to buy, sell, exchange and recover digital cash using a secure method that protects the personal information and identity of the user. The parties exchange tokens for other value in a transaction of financial settlement between themselves and wherein they are the only parties with knowledge of the amount and description of the transaction and in this way mimics a traditional cash transaction.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: July 18, 2017
    Inventor: Igor V. Slepinin
  • Patent number: 9692591
    Abstract: A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used.
    Type: Grant
    Filed: May 18, 2015
    Date of Patent: June 27, 2017
    Assignee: Certicom Corp.
    Inventor: Marinus Struik
  • Patent number: 9686257
    Abstract: In response to reception of a request, an authorization server system identifies authorization based on first authorization information received by a reception unit along with the request. The authorization server system gives at least some of the identified authorization to an application, and issues second authorization information for identifying the given authorization.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: June 20, 2017
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Yu Tamura
  • Patent number: 9680821
    Abstract: To provide enhanced operation of virtualized computing systems, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system to control access to data resources by virtual machines is provided. The method includes receiving an access token and an instantiation command from an end user system. Responsive to the instantiation command, the method includes instantiating a virtual machine identified by the instantiation command using the access token as user data for the virtual machine during instantiation. The method also includes, in the virtual machine, executing a security module responsive to instantiation that transfers the access token for delivery to an authorization system, receiving credentials responsive to the access token, and accessing a data resource using the credentials.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: June 13, 2017
    Assignee: Conjur, Inc.
    Inventors: Kevin Gilpin, Elizabeth Lawler
  • Patent number: 9648015
    Abstract: Secure authentication may be facilitated using a biometric-enabled transitory password authentication device. Exemplary implementations may facilitate secure payments and/or authentication via an application running on a user computing platform (e.g., a mobile device) simultaneously coordinating with both a server and the authentication device, which may act in some respects as an external hardware token. Exemplary implementations may rely on combining three parameters to establish a three-factor based approach to authentication in a fraud-free manner for digital wallets, third-party software, and/or other purposes. The three-factor based approach to authentication may require something the user possesses (e.g., the authentication device), something the user is (e.g., a biometric identifier such as a fingerprint), and something the user knows (e.g., an image or numeric based pin used to unlock the authentication device).
    Type: Grant
    Filed: November 11, 2014
    Date of Patent: May 9, 2017
    Assignee: HYPR CORP.
    Inventors: George Avetisov, Roman Kadinsky, Bojan Simic
  • Patent number: 9608977
    Abstract: A tool for credential validation using multiple computing devices. The tool select at least one challenge question. The tool selects two or more user owned devices, wherein selecting the two or more user owned devices includes querying a database for each user owned device associated with a user account. The tool presents the at least one challenge question to the two or more user owned devices. The tool determines whether the at least one response received from the two or more user owned devices is a correct response relative to the at least one challenge question.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: March 28, 2017
    Assignee: International Business Machines Corporation
    Inventors: Gregory J. Boss, Andrew R. Jones, Charles S. Lingafelt, Kevin C. McConnell, John E. Moore, Jr.
  • Patent number: 9600508
    Abstract: Disclosed are various embodiments for a token management application. A data block tokenization call to a data layer service fails when a data store is unavailable. The token management application issues a temporary data token to the service calling the data layer service. The token management application completes the data block tokenization call on behalf of the service to obtain a valid data token. The valid data token is then communicated to services having the temporary data token.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: March 21, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Yongjuan Zou, Srikanth Murali, Zhengqiang Xu
  • Patent number: 9600691
    Abstract: An apparatus and a method for displaying information required to be secured in a wireless communication terminal are provided. The method includes recognizing generation of notification information of one or more processes activated in a first operation mode among a plurality of operation modes including the first operation mode and a second operation mode; and notifying a user of a part of the notification information when a current operation mode is the second operation mode.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: March 21, 2017
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Younkyu Heo, Youngkyoo Kim, Mooyoung Kim, Minjung Kim, Dongho Jang, Jaebong Chun
  • Patent number: 9529512
    Abstract: A wireless server access control system comprising a wireless server generating a local wireless communications network, the wireless server having a processor and a plurality of redundant data memory devices. A first wireless device coupled to the wireless server through the local wireless communications network. An access control system operating on the wireless server, the access control system configured to generate a user control on a user interface of the first wireless device to allow a user to permit or deny access to the processor and the data memory devices of the wireless server by a second wireless device through the local wireless communications network.
    Type: Grant
    Filed: January 27, 2015
    Date of Patent: December 27, 2016
    Assignee: MYTH INNOVATIONS, INC.
    Inventors: James Albert Luckett, Jr., Chad Michael Rowlee, Shengli Fu
  • Patent number: 9501664
    Abstract: Techniques and mechanisms to detect and compensate for drift by a physically uncloneable function (PUF) circuit. In an embodiment, first state information is registered as reference information to be made available for subsequent evaluation of whether drift by PUF circuitry has occurred. The first state information is associated with a first error correction strength. The first state information is generated based on a first PUF value output by the PUF circuitry. In another embodiment, second state information is determined based on a second PUF value that is output by the PUF circuitry. An evaluation of whether drift has occurred is performed based on the first state information and the second state information, the evaluation including determining whether a threshold error correction strength is exceeded concurrent with a magnitude of error being less than the first error correction strength.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: November 22, 2016
    Assignee: Sandia Corporation
    Inventor: Jason Hamlet
  • Patent number: 9485094
    Abstract: Various embodiments of the invention allow to take advantage of the natural statistical variation of physical properties in a semiconductor device in order to create truly random, repeatable, and hard to detect cryptographic bits. In certain embodiments, this is accomplished by pairing mismatch values of PUF elements so as to ensure that PUF key bits generated thereform remain insensitive to environmental errors, without affecting the utilization rate of available PUF elements.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: November 1, 2016
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Pirooz Parvarandeh, Sung Ung Kwak
  • Patent number: 9436773
    Abstract: A method for internet communication is presented. An identifier is embedded in an internet-accessible computer readable medium, and an internet address is embedded in the internet-accessible computer readable medium in a relation to the identifier. The identifier is located to provide an identifier location, and the internet address is located based on the identifier location.
    Type: Grant
    Filed: April 20, 2012
    Date of Patent: September 6, 2016
    Assignee: The Boeing Company
    Inventor: James Michael Milstead
  • Patent number: 9392319
    Abstract: Systems and method are disclosed for performing profiling on a secure device. In embodiments, a plurality of counters are established. Each counter may be related to a different type of message. When the secure device receives and/or processes a message, it determines the type of message and adjusts a counter related to the determined message type. A ratio may be computed between the different counters. When the ratio deviates from a threshold, the secure device may be performing illegitimate operations, and one or more countermeasures are deployed against the illegitimate secure device.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: July 12, 2016
    Assignee: NAGRASTAR LLC
    Inventor: Gregory Duval
  • Patent number: 9350739
    Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: May 24, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
  • Patent number: 9350726
    Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.
    Type: Grant
    Filed: September 11, 2014
    Date of Patent: May 24, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
  • Patent number: 9323857
    Abstract: In a method for providing content-related information based on a digital watermark and fingerprint, the method includes: receiving a request for content-related information from a client terminal; using a watermark and a fingerprint of content to retrieve the requested content-related information from a database; and transmitting the retrieved content-related information to the client terminal.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: April 26, 2016
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Dong-Hyuck Im, Won Ryu, Il-Gu Jung, Seng-Kyoun Jo
  • Patent number: 9298901
    Abstract: A tool for credential validation using multiple computing devices. The tool selects at least one challenge question. The tool selects one or more user owned devices, wherein selecting the one or more user owned devices includes querying a database for each user owned device associated with a user account. The tool selects at least one device order, based, at least in part, on a level of security desired in credential validation. The tool presents the at least one challenge question to the one or more user owned devices, wherein the at least one challenge question includes the at least one device order for returning at least one response. The tools determines whether the at least one response received from the one or more user owned devices is a correct response relative to the at least one challenge question and the at least one device order.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: March 29, 2016
    Assignee: International Business Machines Corporation
    Inventors: Gregory J. Boss, Andrew R. Jones, Charles S. Lingafelt, Kevin C. McConnell, John E. Moore, Jr.
  • Patent number: 9135424
    Abstract: A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.
    Type: Grant
    Filed: March 5, 2010
    Date of Patent: September 15, 2015
    Assignee: PAYPAL, INC.
    Inventors: Sebastien Taveau, Hadi Nahari
  • Patent number: 9032538
    Abstract: A relay apparatus of a video and audio transmitting/receiving system delays a time before transmitting an authentication start instruction after an authentication start video signal being transmitted to a receiving apparatus. Accordingly, a problem that the receiving apparatus receives the authentication start instruction from the relay apparatus before locking the authentication start video signal and cannot perform authentication processing normally, leading to a failure in authentication. A correction time is decided based on a resolution of the authentication start video signal transmitted from the receiving apparatus and a combination of receiving apparatuses and transmitting apparatuses connected to the relay apparatus.
    Type: Grant
    Filed: May 17, 2012
    Date of Patent: May 12, 2015
    Assignee: Onkyo Corporation
    Inventor: Hiroki Okada
  • Patent number: 9027136
    Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.
    Type: Grant
    Filed: July 22, 2013
    Date of Patent: May 5, 2015
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
  • Patent number: 9015817
    Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.
    Type: Grant
    Filed: April 3, 2013
    Date of Patent: April 21, 2015
    Assignee: Symantec Corporation
    Inventors: Mingliang Pei, Liyu Yi, Ajay Ramamurthy, Mark Chan, Salil Sane
  • Patent number: 9015820
    Abstract: Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: April 21, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Amit Bhosle, Scott G. Carmack, Dhanvi Harsha Kapila, Shilpi Gupta, Mehul Jain, Sachin Purushottam Joglekar, Ashish Agrawal
  • Patent number: 9009832
    Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (ADs), which are coupled between HTTP clients and web application servers. The computing device automatically learns a new condition shared by a plurality of alert packages reported by the set of ADs due to a triggering of one or more rules that is indicative of a web application layer attack. The computing device automatically generates a new set of attribute values by analyzing the plurality of alert packages to identify the condition shared by the plurality of alert packages, and transmits the new set of attribute values for delivery to the set of ADs for a different rule to be used to protect against the web application layer attack from the HTTP clients or any other HTTP client.
    Type: Grant
    Filed: July 22, 2013
    Date of Patent: April 14, 2015
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman