Access Control Lists Patents (Class 707/785)
  • Patent number: 10803201
    Abstract: System and method to produce an anonymized electronic data product having an individually-determined threshold of re-identification risk, and adjusting re-identification risk measurement parameters based on individual characteristics such as geographic location, in order to provide an anonymized electronic data product having a sensitivity-based reduced risk of re-identification.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: October 13, 2020
    Assignee: PRIVACY ANALYTICS INC.
    Inventors: Hazel Joyce Nicholls, Andrew Richard Baker, Yasser Jafer, Martin Scaiano
  • Patent number: 10778804
    Abstract: A method, computer readable medium and apparatus for providing control of social networking sites are disclosed. For example, the method establishes an owner profile, receives a request from a third party user to post information on a social networking site associated with an owner, determines if the request should be granted in accordance with the owner profile and posts the information on the social networking site associated with the owner if the request is granted.
    Type: Grant
    Filed: October 22, 2018
    Date of Patent: September 15, 2020
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Joseph Anderson Alfred, Joseph M. Sommer
  • Patent number: 10764253
    Abstract: A system may use metadata to identify and extract specific upstream data, provision data batches, and provide dynamic downstream data access. Workflow data is received by the system from a business process management application and modeled for downstream use. Use of a data staging engine includes utilization of a metadata repository that assists with the extraction, organization, transformation and loading of workflow data from a proprietary format to a modeled relational format. A self-service batch provisioning tool enables users and applications to request and receive batch payloads in an automated fashion. Users are presented with a graphical interface for submitting authorization credentials and justifications for workflow data request. Scope of accessible workflow data based on user-provided credentials and justifications are presented via the graphical interface and allow the user to select specific data subcategories for batch provisioning.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: September 1, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Soorej Lancelot David
  • Patent number: 10764299
    Abstract: An access configuration for an access control manager is generated. Access data including users, resources, and actions the users performed on the resources is received into a matrix. Clusters of the matrix are formed to produce ranges of the users and ranges of the resources having selected permission levels based on the actions. Administrator-modifiable security groups are created based on the ranges of users and administrator-modifiable resources groups based on the ranges of resources.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: September 1, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ben Kliger, Efim Hudis, Moshe Israel, Steven J. Lieberman, Mark Wahl
  • Patent number: 10635410
    Abstract: A source code repository data store may contain source code module components, and a communication interface may support user displays at remote developer devices. A module coordination system computer server may access an electronic work request record, associated with a work request identifier, a release date, and at least a first source code module component in the source code repository data store. A first remote developer device may establish a first user display including individual lines of code (where each line that has been changed since a previous release of the first source code module component is tagged with an associated work request identifier and is shown in association with a developer identifier). According to some embodiments, a first user display reflects all changes dynamically that have been made since the previous release of the first source code module component, including those with other developer identifiers and multiple release dates.
    Type: Grant
    Filed: October 12, 2018
    Date of Patent: April 28, 2020
    Assignee: Hartford Fire Insurance Company
    Inventors: Dennis P. Polisky, Robert A. Griffith
  • Patent number: 10594684
    Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.
    Type: Grant
    Filed: September 7, 2017
    Date of Patent: March 17, 2020
    Assignee: Oracle International Corporation
    Inventors: Ajeet Bansal, Vadim Lander, Gregg Wilson
  • Patent number: 10581918
    Abstract: A device secures open authorization (OAuth) resources according to systems described herein. In some instances, a resource server is configured for receiving a request for authorization from a client device. The request, for authorization to use a requested resource, may include a token having at least one claim. The resource server may interpret data of the token according to a domain specific language. The interpreting may obtain at least one rule associated with the at least one claim from among a range of resource access control rules. The rule may be compared against a resource request and operation. Based on the comparison, the request may be allowed or rejected. In one example, interpretation of the token may decode resources including quantities and combinations of uniform resource identifiers (URIs) claimed by the token using a domain specific language defined by a context-free grammar.
    Type: Grant
    Filed: July 21, 2017
    Date of Patent: March 3, 2020
    Assignee: Itron, Inc.
    Inventors: Jeffrey Scott Bailey, Elliott Edwards, John Andrew Laughlin, Rylan Herdt
  • Patent number: 10581807
    Abstract: A dispersed storage network (DSN) includes a DSN memory, which in turn employs multiple distributed storage (DS) units to store encrypted secret material that can be decrypted using an unlock key. The unlock key is stored external to the DS unit, in some cases using multiple data slices dispersed throughout the DSN. To obtain the unlock key, the DS unit transmits authentication credentials to another device included in the DSN, but external to the DS unit. The other device authenticates the DS unit using the authentication credentials, and sends the unlock key to the DS unit. The DS unit uses the unlock key in normal decryption operations. In response to a security event, the DS unit transitions to a secure mode by erasing any material decrypted using the unlock key, the unlock key, and the DS unit's authentication credentials.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: March 3, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jason K. Resch, Mark D. Seaborn
  • Patent number: 10547573
    Abstract: A method for associating messages with media, including multiple media elements, during playing thereof, the method including sensing at least one media element currently being played by a user during playing of the media and based on the sensing of the at least one media element currently being played by a user, playing at least one message in time synchronization with playing of the at least one media element.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: January 28, 2020
    Assignee: SECOND SCREEN VENTURES LTD.
    Inventors: Ofer Vaknin, Yoav Mor
  • Patent number: 10514854
    Abstract: Examples of the present disclosure describe systems and methods of conditionally authorization access to isolated collections of data. In aspects, a request to access an isolated collection of resource identifiers and relationships may be received by an application. A set of conditions may control access to the isolated collection. Upon receiving the request, the application may attempt to determine whether the set of conditions has been satisfied. If the set of conditions is determined to be satisfied, the application may provide the requestor with access to the isolated collection. If the set of conditions is determined to be unsatisfied, the application may prohibit the requestor from accessing the isolated collection.
    Type: Grant
    Filed: November 4, 2016
    Date of Patent: December 24, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Robert Standefer, III, Christopher L. Mullins, Henrik Frystyk Nielsen
  • Patent number: 10505946
    Abstract: Embodiments perform token cache management by renewing tokens heuristically. A token renewal request interval is defined based on a configurable lifetime of a token and an acquisition duration. Upon expiration of the token renewal request interval, and in the event that the token is requested by at least one client application, the authentication module renews the token with a secure token service. Renewal may also occur in the absence of a request for the token by any client application if the cached token has been kept valid for less than a threshold time. In some examples, the tokens are associated with credentials for single sign-on during site recovery management.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: December 10, 2019
    Assignee: VMware, Inc.
    Inventors: Lyubomir Pishinov, Dian Nikolov, Viktor Kaltchev
  • Patent number: 10482094
    Abstract: Embodiments regard conditional selection of compound fields of structured objects. An embodiment of a method for conditionally selecting compound fields from structured objects includes: receiving a query at a database system to select a compound field from any structured object that satisfies a condition; determining by the database system whether a structured object stored in a database satisfies the condition; generating automatically by the database system a plurality of accessors that correspond to a plurality of columns in the compound field associated with the structured object in response to a determination that the structured object satisfies the condition; and providing a result of the query, the result including the plurality of accessors.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: November 19, 2019
    Assignee: salesforce.com, inc.
    Inventors: Avrom Roy-Faderman, Carolyn Leigh Grabill
  • Patent number: 10482693
    Abstract: Aspects of the present disclosure relate to a device is configured to store a list of user identifiers and user attribute data, receive a set of access criteria specifying one or more attributes, receive and identify a user identifier via a data input component, determine an access status of the user identifier based on the access criteria, and present the access status in such a way as is perceivable by a user of the access control device.
    Type: Grant
    Filed: August 22, 2018
    Date of Patent: November 19, 2019
    Assignee: Palantir Technologies Inc.
    Inventors: Jeffrey Worrall, Joel Hosino
  • Patent number: 10382440
    Abstract: Embodiments are directed to a question and answer (QA) pipeline system that adjusts answers to input questions based on a user criteria, thus implementing a content-based determination of access permissions. The QA system allows for information to be retrieved based on permission granted to a user. Documents are ingested and assigned an access level based on a defined information access policy. The QA system is implemented with the defined information access policy, the ingested documents, and the inferred access levels. For the QA system implementation, a user enters a question; primary search and answer extraction stages are performed; candidate answer extraction is performed using only content the user is allowed to access; the candidate answers are scored, ranked, and merged; ranked answers based on user permissions are filtered; and answers are provided to the user.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: August 13, 2019
    Assignee: International Business Machines Corporation
    Inventors: Donna K. Byron, Elie Feirouz, Daniel M. Jamrog, Kristin A. Witherspoon
  • Patent number: 10380381
    Abstract: System and method to predict risk of re-identification of a cohort if the cohort is anonymized using a de-identification strategy. An input anonymity histogram and de-identification strategy is used to predict the anonymity histogram that would result from applying the de-identification strategy to the dataset. System embodiments compute a risk of re-identification from the predicted anonymity histogram.
    Type: Grant
    Filed: January 9, 2017
    Date of Patent: August 13, 2019
    Assignee: PRIVACY ANALYTICS INC.
    Inventors: Martin Scaiano, Andrew Baker, Stephen Korte
  • Patent number: 10263957
    Abstract: A method and apparatus of a device that installs a new access control list for a port of a network element is described. In an exemplary embodiment, a network element receives an indication that the first access control list for the port is to be updated with a second access control list and the port processes data communicated with port with the first access control list. In addition, the network element configures the port to use a fallback access control list, where the fallback access control list includes a plurality of rules and the port uses the fallback access control list to process data communicated with the port. Furthermore, the network element loads the second access control list for the port. The network element additionally configures the port to use the second access control list, wherein the port uses the second access control list to process data communicated with the port.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: April 16, 2019
    Assignee: Arista Networks, Inc.
    Inventor: Kenneth James Duda
  • Patent number: 10216944
    Abstract: A method for executing access control over an electronic device includes: detecting a position information of the electronic device with a positioning module; determining whether the electronic device has moved outside an authorized region according to the position information; and disabling a plurality of accessible functions of the electronic device according to a user information when the electronic device has moved outside the authorized region.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: February 26, 2019
    Assignee: GETAC TECHNOLOGY CORPORATION
    Inventor: Chih-Yu Yang
  • Patent number: 10210274
    Abstract: A computer implemented method for filtering audience viewing of uniform resource locator (URL) data utilizing hashtags including: identifying a hashtag input by a first user; identifying at least one user preference of the first user, the at least one user preference related to data sharing preferences of the first user on an electronic platform; generating a uniform resource locator (URL) based on the identified hashtag and the identified at least one user preference of the first user; and using the URL, filtering data communication on the electronic platform, thereby displaying a privatized stream of data when the first user accesses the identified hashtag, the privatized stream of data accessible by a second user, the second user being authorized to view the privatized stream of data based on the data sharing preferences of the first user.
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: February 19, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Shadi E. Albouyeh, James E. Fox, Trudy L. Hewitt, Prasad L. Imandi
  • Patent number: 10182032
    Abstract: A system, method, and computer-readable medium enable a domain name or host name registry to effectively manage status codes associated with the domain or host. Status codes are organized into status sets that can be added, removed, activated, or deactivated in accordance with a suitable change request. The status codes corresponding to a removed status set that are also enabled according to other active status sets are not removed when the removal of the status set is processed.
    Type: Grant
    Filed: December 30, 2010
    Date of Patent: January 15, 2019
    Assignee: VERISIGN, INC.
    Inventors: James Gould, Srikanth Veeramachaneni, Suzanna Strier, William Shorter
  • Patent number: 10168883
    Abstract: A method for configuring user profiles associated with multiple hierarchical levels, including identifying multiple hierarchical levels in an organization to be configured, concurrently displaying multiple interface components corresponding respectively to the hierarchical levels, each interface component configured to receive user input for the respective hierarchical level, configuring data of a first user profile associated with a first hierarchical level based on a first value specified by user input, and configuring data of a second user profile associated with a second hierarchical level based on a second value specified by user input.
    Type: Grant
    Filed: July 16, 2015
    Date of Patent: January 1, 2019
    Assignee: Oracle International Corporation
    Inventor: Anadi Upadhyaya
  • Patent number: 10152384
    Abstract: A method, a computer program product, and a system for replicating different projections of data, comprising: examining metadata associated with data on a storage system to determine whether to replicate the data to at least one other storage system; and based on a positive determination, replicating the data to the at least one other storage system.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: December 11, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Amir Amit, Assaf Natanzon, Amy Fredj
  • Patent number: 10140792
    Abstract: An access control device configured to store a list of user identifiers and user attribute data, receive a set of access criteria specifying one or more attributes, receive and identify a user identifier via a data input component, determine an access status of the user identifier based on the access criteria, and present the access status in such a way as is perceivable by a user of the access control device.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: November 27, 2018
    Assignee: Palantir Technologies Inc.
    Inventors: Jeffrey Worrall, Joel Hosino
  • Patent number: 10122722
    Abstract: In one implementation, a resource classification system identifies a plurality of resource requests and generates a plurality of resource access measures based on the plurality of resource requests. Each resource request from the plurality of resource requests is associated with a resource from a plurality of resources by a resource identifier of that resource. Each resource access measure from the plurality of resource access measures is associated with a resource from the plurality of resources. The resource classification system applies a classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure, and assign a security classification to each resource from the plurality of resources based on the classification result for that resource.
    Type: Grant
    Filed: June 20, 2013
    Date of Patent: November 6, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Pratyusa Kumar Manadhata, Prasad V Rao, William G Home
  • Patent number: 10110698
    Abstract: A method, computer readable medium and apparatus for providing control of social networking sites are disclosed. For example, the method establishes an owner profile, receives a request from a third party user to post information on a social networking site associated with an owner, determines if the request should be granted in accordance with the owner profile and posts the information on the social networking site associated with the owner if the request is granted.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: October 23, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Joseph Anderson Alfred, Joseph M. Sommer
  • Patent number: 10097666
    Abstract: An information processing method includes receiving a request for user data that is related to an external service, and retrieving the user data segments based on the request. The user data segments are then combined to generate the user data, which is then provided to the client device that requested the user data. After receiving the user data, the client device uses the user data to access the external service to which the data relates.
    Type: Grant
    Filed: April 11, 2013
    Date of Patent: October 9, 2018
    Assignee: SONY CORPORATION
    Inventors: Takeru Kaneko, Hiroshi Nakayama, Toshiaki Enami, Kohei Umemoto
  • Patent number: 10079858
    Abstract: Embodiments pertaining to managing access in one or more computing systems can include an operations controller in communication with the one or more computing systems for managing commercial transactions of the one or more computing systems and an access management controller in communication with the operations controller. The access management controller can receive an input that identifies relationships between user roles and actions associated with the one or more computing systems. The access management controller can provide the input to the operations controller for implementation of access rules in accordance with the relationships. The access management controller can attempt to access in the one or more computing systems at least a portion of the user roles and the actions after the operations controller has implemented the access rules. The access management controller can compare the attempted access with the relationships to determine access discrepancies.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: September 18, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Chenfei Song, Kyle Robeson, Yuan Wang, Alex Luc
  • Patent number: 10019479
    Abstract: Techniques for providing polymorphic query requests. A request is received that has at least a database query. The database query comprises at least an expression using a polymorphic relationship. The request is processed utilizing the polymorphic relationship. A user-readable result is provided for the query where the result is defined by at least the polymorphic relationship.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: July 10, 2018
    Assignee: salesforce.com, inc.
    Inventor: Seth John White
  • Patent number: 9990515
    Abstract: In longitudinal datasets, it is usually unrealistic that an adversary would know the value of every quasi-identifier. De-identifying a dataset under this assumption results in high levels of generalization and suppression as every patient is unique. Adversary power gives an upper bound on the number of values an adversary knows about a patient. Considering all subsets of quasi-identifiers with the size of the adversary power is computationally infeasible. A method is provided to assess re-identification risk by determining a representative risk which can be used as a proxy for the overall risk measurement and enable suppression of identifiable quasi-identifiers.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: June 5, 2018
    Assignee: PRIVACY ANALYTICS INC.
    Inventors: Andrew Baker, Luk Arbuckle, Khaled El Emam, Ben Eze, Stephen Korte, Sean Rose, Cristina Ilie
  • Patent number: 9985962
    Abstract: An authorization token verification request including a second authorization token is received from an application server having received a processing request along with the second authorization token from a client device, and, in a case where the authorization token is verified successfully on basis of the received second authorization token and the authorization token information, the local user information included in the authorization token information is responded to the application server.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: May 29, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Takahiko Nishida
  • Patent number: 9940394
    Abstract: The Messaging Search and Management Apparatuses, Methods and Systems (“MSM”) transforms message, ranking request inputs via MSM components into work graphs, ML structure input data, ML structure, ranking response outputs. A work graph generation request that includes group level access control data may be obtained. A set of metadata access control carrying messages, a set of users, a set of channels, and a set of topics with access control data corresponding to the group level access control data may be determined. A user priority score for each of the other users, a channel priority score for each of the channels, and a topic priority score for each of the topics, from the perspective of each user, may be calculated. A work graph data structure may be generated that includes, for each user, data regarding the calculated user priority scores, channel priority scores, and topic priority scores.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: April 10, 2018
    Assignee: Slack Technologies, Inc.
    Inventors: Myles Grant, Serguei Mourachov, Renaud Bourassa-Denis, Jason Liszka, John Gallagher, Isabella Tromba, Noah Weiss, Daniel Stewart Butterfield, Callum Henderson-Begg
  • Patent number: 9864752
    Abstract: A policy language for an information management system has a three-layer structure that allows specifying one or more policies using policy abstractions. The policies and policy abstractions are in two different layers and decoupled from one another, so policies and policy abstractions may be specified and altered separately from each other. A third layer includes entity objects. A policy may refer to any number of policy abstractions. Multiple policies may reference a single policy abstraction, and a change to that policy abstraction will result in multiple policies being changed. Further, policy abstractions may be nested, so one policy abstraction may reference another policy abstraction, and so forth.
    Type: Grant
    Filed: December 22, 2006
    Date of Patent: January 9, 2018
    Assignee: NextLabs, Inc.
    Inventor: Keng Lim
  • Patent number: 9799153
    Abstract: Aspects of the present disclosure relate to a portable access control device. In some embodiments, the portable access control device is configured to store a list of user identifiers and user attribute data, receive a set of access criteria specifying one or more attributes, receive and identify a user identifier via a data input component, determine an access status of the user identifier based on the access criteria, and present the access status in such a way as is perceivable by a user of the access control device.
    Type: Grant
    Filed: February 22, 2016
    Date of Patent: October 24, 2017
    Assignee: Palantir Technologies Inc.
    Inventors: Jeffrey Worrall, Joel Hosino
  • Patent number: 9800644
    Abstract: A method, system and/or non-transitory computer readable medium is used with a service repository that stores service definitions for services. A query facility inspects service definitions in the service repository. The query facility determines, from the inspection, first attributes associated with a first service and different second attributes associated with a second service, the first and second attributes being related to syntactic and semantic aspects of the first and second services. Responsive to a service oriented request which indicates the first service, the query facility determines a composability of the first and second services in accordance with a service oriented query (SOQ) framework, based on the first and second attributes and rules regarding composability of attributes, the rules being in accordance with the SOQ framework, the composability of the first and second services being determined with respect to both the syntactic and semantic aspects of the first and second services.
    Type: Grant
    Filed: August 8, 2014
    Date of Patent: October 24, 2017
    Assignee: Software AG
    Inventor: Jameleddine Ben Jemâa
  • Patent number: 9785782
    Abstract: In accordance with embodiments, there are provided mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users. These mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users can enable improved data collection and analysis, enhanced client knowledge of system access, etc.
    Type: Grant
    Filed: December 29, 2014
    Date of Patent: October 10, 2017
    Assignee: salesforce.com, inc.
    Inventors: Irandi Bulumulla, Bulent Cinarkaya, Yurika Sebata-Dempster, Tripti Sheth, Alex Warshavsky, Brian Zotter
  • Patent number: 9754121
    Abstract: Implementations described and claimed herein provide systems and methods for dynamically masking an access control list corresponding to a file system object in response to a change mode command. In one implementation, a change mode command for a file system object to change a first mode to a second mode is received. The first mode defines a first set of access rights and the second mode defines a second set of access rights. In response to the change mode command, a mask is dynamically applied to an access control list corresponding to the file system object. The access control list has zero or more access control entries defining access permissions for the file system object. The mask modifies any of the zero or more access control entries that have access permissions that exceed the second set of access rights defined by the second mode. The access control list is preserved.
    Type: Grant
    Filed: October 18, 2012
    Date of Patent: September 5, 2017
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Lisa Week, Mark Shellenbaum
  • Patent number: 9607088
    Abstract: A method and apparatus for detecting a multimedia content change, and a resource propagation system. The method comprises: when importing a resource address of multimedia content, acquiring original feature information of the multimedia content; receiving first feature information of the multimedia content from a client; determining, according to the first feature information and corresponding original feature information of the multimedia content, whether the resource address of the multimedia content is abnormal; and detecting whether multimedia content at an abnormal resource address is changed. It is firstly determined whether a resource address corresponding to multimedia content is abnormal, and if the resource address is abnormal, then it is determined whether the multimedia content corresponding to the resource address is changed, thereby preventing repeated checking of a large number of normal resource addresses, improving the detection efficiency, and reducing the detection cost.
    Type: Grant
    Filed: August 5, 2014
    Date of Patent: March 28, 2017
    Assignee: SHENZHEN DEVELOPMENT PROMOTION CENTRE FOR ENTERPRISES
    Inventor: Jimmy Chun
  • Patent number: 9588909
    Abstract: An information processing apparatus includes a storage managing unit configured to manage a storage device by dividing the storage device into a plurality of physical storage regions corresponding to respective modes used by the information processing apparatus, and a storage processing unit configured to cause data generated by the information processing apparatus during operation in a mode to be stored in a physical storage region corresponding to the mode. For example, the storage managing unit stores a policy in the storage device. The policy defines whether to permit the use of data between a plurality of security attributes corresponding to the respective physical storage regions.
    Type: Grant
    Filed: November 11, 2014
    Date of Patent: March 7, 2017
    Assignee: International Business Machines Corporation
    Inventors: Yasutaka Nishimura, Masami Tada, Takahito Tashiro
  • Patent number: 9578258
    Abstract: The system provides a method and apparatus for constructing, and for dynamically rearranging the order of content in a composite video. The re-ordering of clips in the composite video can be based on one or more weighting factors associated with each clip. These factors can include freshness or newness of the clip, popularity based on the number of “likes” of a clip by others, the content of the clip (e.g. celebrity creator or presence), paid boosting (e.g. for commercial concerns); and other factors. Each clip has associated metadata that can be used to assign a weight value to the clip for purposes of reordering the composite video.
    Type: Grant
    Filed: June 5, 2014
    Date of Patent: February 21, 2017
    Assignee: V-POLL, INC.
    Inventors: Stephen John Emery, Andrew Jay Sachs, Joseph Sumner, David King Lassman
  • Patent number: 9558369
    Abstract: The present invention provides an information processing device that enables a reduction in the processing cost of verifying anonymity during anonymization when multi-dimensional data is the subject of anonymization. The information processing device is provided with: a unit which generates information indicating the correspondence between a record contained in a data set and a class specifying a unique combination of quasi-identifier attribute values; a unit which verifies the anonymity of each record on the basis of the class thereof indicated in the information; and a unit which, on the basis of the results of verifying the anonymity, updates the information in a manner such that whether or not the record satisfies the anonymity can be identified and outputs the record-class correspondence information.
    Type: Grant
    Filed: May 8, 2014
    Date of Patent: January 31, 2017
    Assignee: NEC CORPORATION
    Inventor: Tsubasa Takahashi
  • Patent number: 9536072
    Abstract: The disclosure relates to machine-learning behavioral analysis to detect device theft and unauthorized device usage. In particular, during a training phase, an electronic device may generate a local user profile that represents observed user-specific behaviors according to a centroid sequence, wherein the local user profile may be classified into a baseline profile model that represents aggregate behaviors associated with various users over time. Accordingly, during an authentication phase, the electronic device may generate a current user profile model comprising a centroid sequence re-expressing user-specific behaviors observed over an authentication interval, wherein the current user profile model may be compared to plural baseline profile models to identify the baseline profile model closest to the current user profile model.
    Type: Grant
    Filed: April 9, 2015
    Date of Patent: January 3, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Isaac David Guedalia, Adam Schwartz
  • Patent number: 9450963
    Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
    Type: Grant
    Filed: October 8, 2015
    Date of Patent: September 20, 2016
    Assignee: Oraclle International Corporation
    Inventors: Uppili Srinivasan, Ajay Sondhi, Ching-Wen Chu, Venkata S. Evani, Beomsuk Kim
  • Patent number: 9430660
    Abstract: Embodiments pertaining to managing access in one or more computing systems can include an operations controller in communication with the one or more computing systems for managing commercial transactions of the one or more computing systems and an access management controller in communication with the operations controller. The access management controller can receive an input including user roles and actions associated with the one or more computing systems. The access management controller can provide the input to the operations controller for implementation of access rules in accordance with relationships between the user roles and the actions. The access management controller can attempt to access in the one or more computing systems at least a portion of the user roles and the actions after the operations controller has implemented the access rules. The access management controller can compare the attempted access with the relationships to determine access discrepancies.
    Type: Grant
    Filed: January 31, 2008
    Date of Patent: August 30, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Chenfei Song, Kyle Robeson, Yuan Wang, Alex Luc
  • Patent number: 9418236
    Abstract: Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party.
    Type: Grant
    Filed: November 13, 2013
    Date of Patent: August 16, 2016
    Assignee: Intuit Inc.
    Inventors: Luis Felipe Cabrera, M. Shannon Lietz, Brad A. Rambur, Christian Price, William Q. Bonney
  • Patent number: 9407628
    Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: August 2, 2016
    Assignee: Oracle International Corporation
    Inventors: Ajay Sondhi, Ravi Hingarajiya, Shivaram Bhat, Wai Leung William Wong
  • Patent number: 9390285
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying inconsistent security policies. One of the methods includes identifying running software components on a cluster of computers, a first subset of the components managing datasets, a second subset of the components managing other components; identifying entity pairs, each being either: (1) (i) a component paired with (ii) a dataset, or (2) two components paired with each other; determining, for each entity pair, a directed relationship from a first to a second entity, where the first entity is a component, and where the directed relationship represents the first entity executing a type of interaction with the second entity; identifying security policies affecting each entity that each limit user access to a type of interaction; and analyzing, for each entity, entity pairs including the entity and one or more security policies affecting the entity to identify inconsistent security policies.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: July 12, 2016
    Assignee: Hortonworks, Inc.
    Inventors: Sheetal Dinkar Dolas, Paul Daniel Codding
  • Patent number: 9280566
    Abstract: The system and method of visual role engineering uses a visual assessment tool to identify clusters of users and to define roles. A “cluster image” is generated that visually depicts the cluster tendencies of users and permissions. An operator of the visual assessment tool can visually identify clusters of users with the same permissions. The operator may select a cluster representing a subset of users, define a role for the subset of users, and assign permissions to the role. The process may be repeated in an iterative fashion until it is determined that no more roles are needed.
    Type: Grant
    Filed: November 2, 2012
    Date of Patent: March 8, 2016
    Assignee: CA, Inc.
    Inventors: Steven C. Versteeg, Avraham Rosenzweig, Ron Marom
  • Patent number: 9268833
    Abstract: A synchronization window for synchronizing data for a calendar in a client calendar data store on a calendar data client computer system with data for the calendar in a server calendar data store on a calendar data server computer system can be calculated using a current time. A request for synchronization data for calendar items for the calendar with calendar times that are within the synchronization window can be sent to the calendar data server. One or more responses to the request can be received from the calendar data server. The response(s) can include received records for calendar items that are at least partially within the synchronization window. The received records can include a master record of a recurring calendar item and an instance record of an occurrence of the recurring calendar item. The received records for the calendar items can be incorporated in the client calendar data store.
    Type: Grant
    Filed: December 5, 2012
    Date of Patent: February 23, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Sina Hakami, Juan V. Esteve Balducci, Patrick Tousignant
  • Patent number: 9229627
    Abstract: Systems and methods are provided for a non-transitory computer readable medium storing instructions configured to retrieve a first list of operations for a device including a sensor, an actuator, or a combination thereof, included in an industrial control system. The instructions are also configured to display a first color for each operation in the first list of operations indicative of a modification privilege related to the respective operation.
    Type: Grant
    Filed: June 5, 2013
    Date of Patent: January 5, 2016
    Inventor: Mikhail Brusilovsky
  • Patent number: 9160757
    Abstract: A computer-implemented method for detecting suspicious attempts to access data based on organizational relationships may include (1) detecting an attempt by a computing device within an organization to access an additional computing device within the organization, (2) identifying, based on a directory service associated with the organization that classifies the computing device and the additional computing device, an organizational relationship between the computing device and the additional computing device, (3) determining, based on the organizational relationship between the computing device and the additional computing device, that the attempt by the computing device to access the additional computing device is suspicious, and (4) performing a security action in response to determining that the attempt by the computing device to access the additional computing device is suspicious. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Fanglu Guo, Tao Cheng
  • Patent number: 9129088
    Abstract: An “audience” object describes a collection of users who are known to or expected to view a display. Access control and processing of access dependent contents for an audience are implemented so that information before being displayed is limited to what is authorized for every member in the audience to access. An operator can preview what an expected audience would see. The operator is aided in determining what the effects would be of a newcomer joining an audience. The operator is aided in determining who in an audience causes a difference in authorization. Hardware can be tied in with the access control software.
    Type: Grant
    Filed: June 4, 2006
    Date of Patent: September 8, 2015
    Inventor: Leo Martin Baschy