Privileged Access (707/9) Patents (Class 707/999.009)
  • Patent number: 10248796
    Abstract: Methods, systems, and computer-readable storage media for enforcing dynamic access control constraints of a plurality of access control policies, and actions include receiving a set of ordered policies, determining a set of active policies including one or more policies in the set of ordered policies, determining an access control decision based on at least a first policy in the set of active policies, the access control decision being based on determining whether one of a permit decision and a deny decision is inherited from a second policy in the set of ordered policies, and transmitting the access control decision for enforcement of the access control policy.
    Type: Grant
    Filed: July 8, 2014
    Date of Patent: April 2, 2019
    Assignee: SAP SE
    Inventors: Achim D. Brucker, Helmut Petritsch
  • Patent number: 10235406
    Abstract: Systems, methods, and software for management of partitioned data storage spaces is provided herein. An exemplary method includes storing sets of structured data records among partitioned data storage spaces, with data fields of the structured data records correlated among the sets by relational associations. The method includes receiving a change action related to a selected structured data record, and responsive to the change action, scheduling execution of the change action in a reminder index. The method includes executing the change action according to at least scheduling indicated by the reminder index.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: March 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tittu Jose, Arshish Kapadia, Tarkan Sevilmis, Peter Adam Outcalt, Michael T. McLean
  • Patent number: 10235252
    Abstract: A history of requests issued to an application executing in a production environment is stored. The application includes an event logging option set to record a first level of detail in a first log file. While the application is executing in the production environment, a determination is made that the application may have a bug. A backup of the application is restored to a test environment. The event logging option in the restored application is changed to record a second level of detail, greater than the first level of detail, in a second log file. The history of requests is replayed against the restored application having the changed event logging option to generate the second log file.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: March 19, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Amit Lieberman, Leehod Baruch, Assaf Natanzon, Jehuda Shemer, Ron Bigman
  • Patent number: 10209976
    Abstract: An example computer implemented method to automatically download and install a second application can include a first application detecting that a condition has occurred. This first application can be preinstalled by the original equipment manufacturer. The first application can then present an interface for signing in to or signing up for a service. The first application can then download and install the second application. This downloading and installation can occur in the background without requiring user interaction. The second application can be a client application for the service and the first application can pass a token with login credentials to the second application. This can allow the second application to be authenticated with the service without requiring a user to reenter the user's credentials.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: February 19, 2019
    Assignee: Dropbox, Inc.
    Inventors: Stefano Cayre, Jacob Hurwitz, Darius Contractor, Yuran Lu, James Harvey, Aadil Sarfani, Huy Nguyen, Alexander Embiricos, Genevieve Sheehan
  • Patent number: 10192400
    Abstract: A gaming system compatible with patron-controlled portable electronic devices, such as smart phones or tablet computers, is described. The gaming system is configured to establish a secure communication session between an electronic gaming machine and a portable electronic device. The system can confirm that a communication session is secure by displaying pre-selected content unique to the portable electronic device. The content can be continuously displayed on the EGM during the active communication session to indicate that the session is secure.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: January 29, 2019
    Assignee: IGT
    Inventors: Derrick Price, Dwayne R. Nelson, Dennis Thomas Kleppen
  • Patent number: 10193674
    Abstract: Disclosed are methods, systems and devices for addressing a jammer signal transmitted by a device that effects a signal received at a receiver. In a particular embodiment, an application content signal is encoded for transmission in a wireless transmission medium to provide symbol content where the symbol content comprises at least some symbols representing the application content signal. A receiver may be selectively blanked synchronized with at least a portion of the symbol content.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: January 29, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Jie Wu, Duong Hoang, Mariam Motamed
  • Patent number: 10187390
    Abstract: Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user device can be authenticated using challenge workflows selected based on a device identifier of the user device. The selected challenge workflows can be executed to determine whether or not to grant access to the access rights stored in the resource data store.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: January 22, 2019
    Assignee: Live Nation Entertainment, Inc.
    Inventors: Dan Cernoch, Ajay Pondicherry, David Refsland, Kenneth Ives-Halperin
  • Patent number: 10187514
    Abstract: A mobile terminal including a wireless communication unit configured to provide wireless communication; a touchscreen; and a controller configured to display a home screen on the touchscreen including a plurality of application icons corresponding to applications executable on the mobile terminal, receive a first touch input on the home screen, display a first screen on the touchscreen including a rearrangement of the application icons in which the application icons having a first frequency of use are displayed in a first area of the first screen and the application icon having a second frequency of use are displayed in a second area of the first screen, in response to the first touch input, receive a second touch input on the first screen, and display a second screen on the touchscreen including a rearrangement of the application icons in which the application icons having a third frequency of use are displayed in a first area of the second screen and the application icon having a fourth frequency of use are
    Type: Grant
    Filed: October 28, 2015
    Date of Patent: January 22, 2019
    Assignee: LG ELECTRONICS INC.
    Inventors: Jipyo Hong, Sooyon Chung
  • Patent number: 10182052
    Abstract: A method includes receiving, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device. The set of data is managed by a second computing device. The method further includes sending, by the operating system and to the second computing device, a second request for accessing the set of data. The method still further includes receiving, by the operating system and from the second computing device, a response to the second request. The method additionally includes, if the response to the second request grants the client application access to the set of data, then forwarding, by the operating system and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device.
    Type: Grant
    Filed: April 18, 2017
    Date of Patent: January 15, 2019
    Assignee: Facebook, Inc.
    Inventors: Luke Jonathan Shepard, Julie Christina Tung, Yariv Sadan, Brent Justin Goldman, Arun Vijayvergiya, Naitik Hemant Shah
  • Patent number: 10178187
    Abstract: One or more IoT devices are coupled to a gateway server. The gateway server preferably includes enhanced administrative features for restricting access to IoT devices, and for monitoring IoT device communications. In embodiments of the invention, communications between the gateway server and IoT devices are secured, in part, via IP address restriction, the use of transitory identifiers, and/or encryption.
    Type: Grant
    Filed: April 2, 2018
    Date of Patent: January 8, 2019
    Inventor: Paul Stuart Swengler
  • Patent number: 10163101
    Abstract: The present invention is directed to a transaction network that facilitates and simplifies purchase transactions between any number of customers and any number of merchants. The transaction network is primarily utilized in the sale and purchase of digital content via a network such as the Internet. The transaction network registers and authenticates customer purchase activities and maintains customer account data including payment information. Once registered, a customer will generally not register again for further purchase activities at participating merchant sites. Additionally, the transaction network provides a single, central authentication mechanism for all participating merchant sites using a single customer identifier and password. Further, the transaction network accumulates purchase information across all of the merchant sites and the ultimate payment processing of those purchase transactions.
    Type: Grant
    Filed: December 3, 2014
    Date of Patent: December 25, 2018
    Assignee: AMDOCS DEVELOPMENT LIMITED
    Inventors: Michael P. Cockrill, William K. Bryant, D. Chase Franklin, Mark H. McNeely, Timothy J. Ryan, Andrew P. Sweet, Steven J. Siadek, Ronald R. Faith, J. Mark Goris, Thor A. Malek
  • Patent number: 10157368
    Abstract: One or more RFID tags may be read. An electronic document associated with the RFID tag may be identified. One or more attributes associated with the electronic document can be identified. One or more workflows can be determined according to the attribute(s).
    Type: Grant
    Filed: September 25, 2006
    Date of Patent: December 18, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Brian C. Schimpf, Edith H. Stern, Robert C. Weir, Barry E. Willner
  • Patent number: 10158650
    Abstract: A method of verifying an unverified token received may include accessing an external data store to receive data vectors that may be associated with a user of the client device; filtering data vectors that are not input data vectors; grouping data vectors into first groups based on a text field in each of the data vectors; selecting second groups from the first groups where each of the second groups include data vectors with a similar value field; selecting third groups from the second groups where each of the third groups includes data vectors with a similar input interval; for each of the third groups, determining a group value based on the value fields and input intervals; calculating an estimated token based on the group values for each of the third groups; and determining whether the unverified token can be verified by the estimated token.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: December 18, 2018
    Inventors: Regis Hadiaris, Michael Finkenbine, Jay Farner, Jonathan Osment, Ryan Jackson, Kristin Broadley, Ruth Lincoln, Jacob Engel, Manoj Nagarajupalle
  • Patent number: 10129173
    Abstract: In an account association table the account IDs and account names of accounts created at nodes are associated and recorded. In response to an access control list change request including the account name of an account the access control entry of which is to be changed and the contents of the change, an access control list change unit retrieves an account ID recorded while being associated with the account name from the account association table and changes, in accordance with the contents of the change, an access control entry in which the retrieved account ID is recorded among account control entries in an access control list to be changed.
    Type: Grant
    Filed: January 15, 2014
    Date of Patent: November 13, 2018
    Assignee: NEC CORPORATION
    Inventor: Seijiro Kayaba
  • Patent number: 10108890
    Abstract: A method is provided for providing a product by changing the length of a product code base without changing the number of indexes provided by the base.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: October 23, 2018
    Inventor: Harold T. Fogg
  • Patent number: 10108353
    Abstract: A system for storing files comprises a processor and a memory. The processor is configured to break a file into one or more segments; store the one or more segments in a first storage unit; and add metadata to the first storage unit so that the file can be accessed independent of a second storage unit, wherein a single namespace enables access for files stored in the first storage unit and the second storage unit. The memory is coupled to the processor and configured to provide the processor with instructions.
    Type: Grant
    Filed: May 5, 2015
    Date of Patent: October 23, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Windsor W. Hsu, R. Hugo Patterson
  • Patent number: 10104186
    Abstract: A device-centric discovery mechanism requiring very low power consumption to find out information about each other directly in a self-managed mobile environment is proposed. A mobile communications device joins a self-managed communications network, which does not have a centralized management entity. The mobile device receives a request from a peer communications device about publishing a service or subscribing to a service in accordance with a first schedule. The mobile device announce the request on behalf of the peer communications device in accordance with a second schedule. The service is then provided by a service advertiser to a service seeker in accordance with a third schedule.
    Type: Grant
    Filed: August 13, 2015
    Date of Patent: October 16, 2018
    Assignee: MediaTek Inc.
    Inventors: Yu-Che Tsai, Chao-Chun Wang, Yung-En Hsieh, I-Cheng Tsai
  • Patent number: 10104042
    Abstract: A method performed by a computing system includes, with a computing system, receiving an application and a security policy corresponding to the application, the security policy for use with a security enforcement mechanism, with the computing system, receiving a data structure associated with the application and the security policy, wherein the data structure associates a logged denial by the security enforcement mechanism with a rule of the security policy, wherein the data structure further associates the logged denial with a test for the rule, the test to determine if the rule prevents the denial, with the computing system, applying the test using a temporary security policy, the temporary security policy having the rule removed, and with the computing system, in response to determining that the applying does not result in a denial corresponding to the logged denial, flagging the data structure.
    Type: Grant
    Filed: January 27, 2015
    Date of Patent: October 16, 2018
    Assignee: RED HAT, INC.
    Inventor: Jan Pazdziora
  • Patent number: 10095985
    Abstract: A system and method is presented for knowledge discovery that incorporate both human and computers to index, process, and communicate and share the knowledge and electronic contents. It also provides a platform for launching unlimited number of qualified and content reviewed publishing/broadcasting ventures or artificial beings. The system assists individuals for faster and more efficient discovery/creation of new and useful knowledge, and valuable artistic content. It also provides incentives to the owners of the ventures and a method for rewarding or compensating all contributors.
    Type: Grant
    Filed: April 12, 2015
    Date of Patent: October 9, 2018
    Inventor: Hamid Hatami-Hanza
  • Patent number: 10089343
    Abstract: A computer-implemented method for building a hierarchy of elements depending on data disclosed in reports includes identifying one or more areas containing one or more elements in each of multiple reports which contain data, where the elements comprise parent elements and child elements. The method includes parsing the data of each of the elements to simulate relationship operations between the parent elements and the child elements until consistent aggregations are found, identifying data with a same unit and adjusting the data to have a same scale or a same precision, recursively searching the aggregated data by applying the found relationship operations to build a tree structure having at least a portion of the elements of each report built in the tree structure arranged in a hierarchy of elements and storing the tree structure, including a level of each of the elements and the relationship operation.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: October 2, 2018
    Assignee: SAP SE
    Inventor: Patrick Azoulay
  • Patent number: 10084793
    Abstract: A method for controlling a first electronic device communicating with a second electronic device is provided. The method includes connecting to the second electronic device, receiving a request to use data stored in the second electronic device from a first application, determining whether to permit to use the data, and, if permitted to use the data, controlling the first application to use the data.
    Type: Grant
    Filed: November 3, 2015
    Date of Patent: September 25, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Choong-Hoon Lee, Woo-Chul Shim
  • Patent number: 10083494
    Abstract: There is disclosed a system for transmitting data to users. The system includes nodes interconnected by at least one data network. The nodes are organized hierarchically to comprise a root node and at least two child nodes. The data transmission characteristics of communication with each of the child nodes are different. The root node is configured to: receive data transmission preferences of a particular user; receive data to be transmitted to the particular user; and transmit a selected subset of the data to at least one of the child nodes. The subset selected based on at least the received data transmission preferences and the data transmission characteristics, to permit the particular user to obtain data from the child nodes according to the data transmission preferences. The at least one of the child nodes being configured to: receive data from the root node; and transmit at least part of the received data to the user.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: September 25, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Nimal Gamini Senarath, Alex Stephenne, Philippe Leroux, Mehdi Arashmid Akhavain Mohammadi, Aaron Callard
  • Patent number: 10073648
    Abstract: Methods, systems, and apparatus for allocating, by a source of one or more sources, a segment of a data file of a transient memory for exclusive access by the source, the transient memory being a distributed in-memory file system that supports remote direct memory access; writing, by the source, data from an initial partition to one or more blocks within the allocated segment of the data file, wherein a portion of the initial partition is written to a first block of the one or more blocks; publishing, by the source, the segment of the data file of the transient memory to be accessible for reading by one or more sinks; and reading by a particular sink of the one or more sinks, a particular block of the published segment of the data file of the transient memory, wherein the particular block is associated with the particular sink.
    Type: Grant
    Filed: March 7, 2018
    Date of Patent: September 11, 2018
    Assignee: Google LLC
    Inventors: Hossein Ahmadi, Matthew B. Tolton, Michael Entin
  • Patent number: 10057190
    Abstract: A method and associated system. An expiration time instant of a token for accessing a service is determined. Accessibility of the service based on the expiration time instant of the token is determined. In response to determining that the service is inaccessible, a deferred expiration time instant of the token is determined based on access information about the service.
    Type: Grant
    Filed: October 16, 2015
    Date of Patent: August 21, 2018
    Assignee: International Business Machines Corporation
    Inventor: Qin Zhao
  • Patent number: 10050986
    Abstract: Systems and methods of classifying network traffic may monitor network traffic. Monitored traffic may be compared with a control protocol template (CPT). When a similarity between the monitored traffic and the CPT exceeds a match threshold, the monitored traffic may be associated with the CPT.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: August 14, 2018
    Assignee: Damballa, Inc.
    Inventors: Terry Lee Nelms, Andrew Hobson, Joseph Ward
  • Patent number: 10025903
    Abstract: A method performed by a processing system includes reconstructing a metadata tree of a patient from a metadata tree journal, the metadata tree including a plurality of references to a corresponding plurality of encrypted electronic health records of the patient in an encrypted data store, and validating the metadata tree by comparing first integrity information of the metadata tree to second integrity information corresponding to the metadata tree journal provided by a metadata integrity validator.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: July 17, 2018
    Assignee: ENTIT SOFTWARE, LLC
    Inventors: Jun Li, Ram Swaminathan, Sharad Singhal
  • Patent number: 9996510
    Abstract: An automatic speech recognizer is used to produce a structured document representing the contents of human speech. A best practice is applied to the structured document to produce a conclusion, such as a conclusion that required information is missing from the structured document. Content is inserted into the structured document based on the conclusion, thereby producing a modified document. The inserted content may be obtained by prompting a human user for the content and receiving input representing the content from the human user.
    Type: Grant
    Filed: February 26, 2016
    Date of Patent: June 12, 2018
    Assignee: MModal IP LLC
    Inventors: Detlef Koll, Juergen Fritsch, Michael Finke
  • Patent number: 9990474
    Abstract: In a digital rights management system, layers are defined for each document and user permissions are specified for each layer, to control user access at the layer-level. The layers are ordered by depth, where a layer completely contained inside another layer is deemed deeper than the other layer. The layers are encrypted in a deep-to-shallow order, each by its own encryption key. The entire document is then encrypted. When a user requests access to a document, the system generates an ordered sequence of encryption keys based on the user's access rights for each layer. The document open program on the user's client computer attempts to decrypt the various layers using the ordered sequence of keys. The client program and the system's key sequence generating algorithm are designed to give the result that only layers that the user has access to are successfully decrypted and displayed at document open time.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: June 5, 2018
    Assignee: KONICA MINOLTA LABORATORY U.S.A., INC.
    Inventors: Kyohei Shiraishi, Rabindra Pathak
  • Patent number: 9984215
    Abstract: A method of obtaining password data for entry to an application running on a device. The method may include running a password manager application on a device. The password manager application may identify one or more applications installed on the device. The password manager application may display the identified applications on a display of the device. The password manager application may receive a user selection of a displayed application. The password manager application may determine whether an entry exists for the selected application in a memory associated with the password manager application. If no entry exists, the password manager application may generate an entry comprising password data for the selected application. If an entry exists, the password manager application may retrieve password data relating to the selected application.
    Type: Grant
    Filed: November 4, 2013
    Date of Patent: May 29, 2018
    Assignee: F-Secure Corporation
    Inventor: Jarno Niemela
  • Patent number: 9983948
    Abstract: Contents of a plurality of backups that share a common characteristic are profiled. A portion of the plurality of backups is selected as a base backup reference data to be distributed. A first copy of the base backup reference data is stored at a storage of a backup server. A second copy of the base backup reference data is provided for storage at a storage of a client that shares the common characteristic. The client is located remotely from the backup server.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: May 29, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Balaji Panchanathan, Arun Sambamoorthy, Satchidananda Patra, Pravin Kumar Ashok Kumar
  • Patent number: 9973522
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying network security risks. One of the methods includes receiving organizational hierarchy data and receiving access privilege data for a network, generating an adjacency matrix that represents connections between individuals within the organizational hierarchy and various groups, and that represents connections between the individuals and various access privileges, selecting an analytic technique for analyzing the adjacency matrix, determining, for each individual, an individual score that represents a security risk associated with the individual's network account, and in response to determining that the individual score meets a threshold, applying security controls.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: May 15, 2018
    Assignee: Accenture Global Solutions Limited
    Inventors: Louis William DiValentin, Matthew Carver
  • Patent number: 9967355
    Abstract: Methods and apparatus for aggregating and distributing contact information for a user with multiple user identifiers in a plurality of domains. In one embodiment a set of user identifiers corresponding to a first user includes a first user identifier corresponding to a first domain and a second user identifier corresponding to a second domain. A request is made using the first user identifier for contacts associated in the first domain with the first user identifier and a request is made using the second user identifier, for contacts associated in the second domain with the second user identifier. An aggregated contact list corresponding to the first user is generated from a first contact list received from the first domain and from a second contact list received from the second domain. In some embodiments the aggregated contact list and associated user presence information is distributed to the first and second domains.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: May 8, 2018
    Assignee: Sonus Networks, Inc.
    Inventors: Shambhu Dayal Rai, Timothy R. Thornton
  • Patent number: 9961070
    Abstract: Method, system, and programs for performing two-factor authentication for a controlled access application via one or more third-party host verification servers. An example method includes receiving a request to a controlled access application after a user has successfully logged into an enterprise system with a first Identifier (ID) factor, the controlled access application requiring additional authentication with a second ID factor, obtaining first information to complete the second ID factor, at least some of the first information being obtained from the user, and generating a first web form using the first information. The method also includes submitting the first web form to a host verification server, receiving an indication of successful verification from the host verification server; and initiating, in response to receiving the indication of successful verification, access to the controlled access application.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: May 1, 2018
    Assignee: DrFirst.com, Inc.
    Inventor: Zilong Tang
  • Patent number: 9959062
    Abstract: A data migration system supports a low-latency and reduced overhead data storage protocol for data storage sharing in a non-collision fashion which does not require inter-communication and permanent arbitration between data storage controllers to decide on the data placement/routing. The multiple data fragments of data sets are prevented from routing to the same storage devices by a multi-step selection protocol which selects (in a first phase of the selection routine) a healthy highest ranked drive enclosure, and further selects (in a second phase of the selection routine) a healthy highest-ranked data storage controller residing in the selected drive enclosure, for routing data fragments to different storage pools assigned to the selected data storage devices for exclusive “writing” and data modification. The selection protocol also contemplates various failure scenarios in a data placement collision free manner.
    Type: Grant
    Filed: February 5, 2016
    Date of Patent: May 1, 2018
    Assignee: DataDirect Networks, Inc.
    Inventors: Michael J. Piszczek, Jason M. Cope
  • Patent number: 9952798
    Abstract: Methods, systems, and apparatus for allocating, by a source of one or more sources, a segment of a data file of a transient memory for exclusive access by the source, the transient memory being a distributed in-memory file system that supports remote direct memory access; writing, by the source, data from an initial partition to one or more blocks within the allocated segment of the data file, wherein a portion of the initial partition is written to a first block of the one or more blocks; publishing, by the source, the segment of the data file of the transient memory to be accessible for reading by one or more sinks; and reading by a particular sink of the one or more sinks, a particular block of the published segment of the data file of the transient memory, wherein the particular block is associated with the particular sink.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: April 24, 2018
    Assignee: Google Inc.
    Inventors: Hossein Ahmadi, Matthew B. Tolton, Michael Entin
  • Patent number: 9955481
    Abstract: Systems and methods for providing opportunistic carrier aggregation to short range or low power extension carriers are generally disclosed herein. One embodiment includes data traffic offload techniques to offload data communicated in a Wireless Wide Area Network (WWAN) from a primary cell to a secondary cell. For example, the primary cell may be provided by a LTE/LTE-A base station operating in licensed spectrum, and the secondary cell may be provided by a low-power extension carrier operating in unlicensed spectrum using a LTE/LTE-A standard. The low-power extension carrier may be activated as needed to offload data transfers from the primary cell, in download-only, upload-only, and time-division LTE (TD-LTE) modes. Configurations involving multimode base stations, multi mode user equipment (UE), relay extension carriers, and remote radio equipment are also described herein, in conjunction with deployment of opportunistic carrier aggregation using extension carriers.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: April 24, 2018
    Assignee: Intel Corporation
    Inventors: Kamran Etemad, Christian Mucke
  • Patent number: 9946766
    Abstract: Techniques include receiving a search query from a user device, determining native application states that are accessible by a user of the user device, and identifying application state records based on the search query and the application states. Each application state record includes an application access mechanism (AAM) and application state information (ASI). The AAM references a native application and indicates operations for the application to perform. The ASI describes a state of the native application after the application has performed the operations. Identifying the application state records based on the application states includes determining that the ASI included in each record describes one of the application states. The techniques also include selecting AAMs from the identified application state records and transmitting the AAMs to the user device.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: April 17, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Matthew Raymond Silva Wise
  • Patent number: 9942246
    Abstract: A computerized method of preemptive event handling, The method comprises monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device, detecting, in run time, a first event of the plurality of events, the first event being performed by a first process of the plurality of processes on the computing device, classifying, in run time, the first process as a malware in response to the detection of the first event, and preventing, in run time, the first process from running on the computing device before the first event is processed by the OS.
    Type: Grant
    Filed: August 31, 2014
    Date of Patent: April 10, 2018
    Assignee: Shine Security Ltd.
    Inventors: Itay Katz, Ianir Ideses, Ron Porat, Alon Blayer-Gat, Oren Farage
  • Patent number: 9935940
    Abstract: Techniques are disclosed for increasing the security of a database. A database is coupled with an access manager to limit certain applications that use the database to store user password information to queries that return at most one row. Additionally, returning a record may be limited to a case where the query includes the hash of the user name and password that is stored in the database. Other techniques may be implemented for other user account operations, such as password resets.
    Type: Grant
    Filed: September 9, 2014
    Date of Patent: April 3, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew Daniel DeMoss, Gregory Branchek Roth, Andrew Paul Mikulski
  • Patent number: 9935974
    Abstract: Methods and systems for an integrated solution to flow collection for determination of rate-based DoS attacks targeting ISP infrastructure are provided. According to one embodiment, a method of mitigating DDoS attacks is provided. Information regarding at least one destination within a network for which a distributed denial of service (DDoS) attack status is to be monitored is received by a DDoS attack detection module coupled with a flow controller via a bus. The DDoS attack status is determined for the at least one destination based on the information regarding the at least one destination. When a DDoS attack is detected the flow controller is notified of the DDoS attack status for the at least one destination by the DDoS attack detection module. Responsive thereto, the flow controller directs a route reflector to divert traffic destined for the at least one destination to a DDoS attack mitigation appliance within the network.
    Type: Grant
    Filed: February 28, 2016
    Date of Patent: April 3, 2018
    Assignee: Fortinet, Inc.
    Inventor: Hemant Kumar Jain
  • Patent number: 9930135
    Abstract: There are disclosed systems, devices, and methods for distributing pre-fetch data. A parent node obtains pre-fetch data comprising at least one of: i) data expected to be of interest to a particular user, pre-fetched by the parent node from at least one data source; and (ii) at least one identifier identifying data expected to be of interest to the particular user, for pre-fetching the identified data at a child node. The parent node selects first and second subsets of the pre-fetch data for transmission, respectively, to first and second child nodes, the selecting based on at least a predicted future location of the particular user and a respective geographic location of the first and second child nodes; and transmits the first and second subsets of the pre-fetch data, respectively, to the first and second child nodes.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: March 27, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Nimal Gamini Senarath, Philippe Leroux, Alex Stephenne, Mehdi Arashmid Akhavain Mohammadi, Aaron Callard
  • Patent number: 9916465
    Abstract: A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of a data item. The dynamic data minimization server may determine and apply transformation functions, such as encryption, to items of protected information, transforming those items of protected information into items of minimized information. If a requesting entity has appropriate rights, the dynamic data minimization server may selectively apply a reverse transformation function, such as decryption, to recover the original information.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: March 13, 2018
    Assignee: PALANTIR TECHNOLOGIES INC.
    Inventors: Kyle Erickson, Nicholas Miyake, Dominique Alessi
  • Patent number: 9916324
    Abstract: A method, article of manufacture, and apparatus for protecting data. A file modification is identified. A previous file entry is modified where the previous file entry is stored in a key value database. A new file entry is created in the key value database. The previous file entry modification includes modifying the end version of the entry.
    Type: Grant
    Filed: October 12, 2015
    Date of Patent: March 13, 2018
    Assignee: EMC IP Holding Company LLC
    Inventor: Jian Xing
  • Patent number: 9912679
    Abstract: A system, method, and computer program product are provided for providing security in a Network Function Virtualization based (NFV-based) communication network. In operation, a security attack is identified. Additionally, a first hardware unit attacked by the security attack is identified. Further, a hardware unit in which to initiate a security defense software program is identified. Moreover, the security defense software program is initiated in the identified hardware unit.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: March 6, 2018
    Assignee: Amdocs Development Limited
    Inventors: Eyal Felstaine, Ofer Hermoni, Nimrod Sandlerman
  • Patent number: 9910975
    Abstract: A password input device comprises a storage unit for storing character strings according to each icon; an input window generation unit for generating and displaying an input window on which a plurality of icons are arranged; a secret icon recognition unit which confirms a shift coordinate value and recognizes icons, which are arranged on coordinates inversely moved up to the shift coordinate value from a coordinate value at which a selected icon is arranged, as secret icons selected by the user if the user selects the icon; and an authentication processing unit which confirms a character string corresponding to each secret icon recognized in the secret icon recognition unit, generates a combined character string in which the one or more confirmed character strings are arranged, and authenticates the user by confirming whether the generated combined character string is consistent with the user's password stored in the storage unit.
    Type: Grant
    Filed: April 18, 2013
    Date of Patent: March 6, 2018
    Assignee: Rowem Inc.
    Inventors: Giho Yang, Jaeyeob Hwang
  • Patent number: 9900314
    Abstract: The present invention provides a system, method and apparatus for increasing relevance of a content provided to a visitor by a content provider by providing one or more server computers and at least one data storage communicably coupled to the one or more server computers, receiving at least a portion of a visitor token and at least a portion of a content provider token at the one or more server computers from a content provider device, determining whether a release of an anonymous unfilled demand for the visitor is authorized based on the visitor token, the content provider token and one or more preferences stored in the at least one data storage, and sending at least a portion of the anonymous unfilled demand for the visitor to the content provider device when the release is authorized.
    Type: Grant
    Filed: March 17, 2014
    Date of Patent: February 20, 2018
    Inventor: Douglas Peckover
  • Patent number: 9894050
    Abstract: In one general aspect, a method can include receiving, by an application running on a computing device, an indication that a user of the computing device has been authenticated, and receiving a selection of a settings page, the settings page associated with the application and the user. The method can further include requesting the settings page for display on a display device included in the computing device, and receiving the settings page including a value for a preference for a setting included on the settings page, the value for the preference being signed by a private key associated with the user. The method can further include validating, by the application, the value for the preference using a public key associated with the application, and based on the validation, displaying, by the display device, the settings page including an indication of the value of the preference for the setting.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: February 13, 2018
    Assignee: GOOGLE LLC
    Inventors: Erik Lewis Wright, Erik Kay, Robert Shield
  • Patent number: 9893953
    Abstract: A method is used in using application aware templates for configuring data storage systems. An application aware template is received for configuring a data storage system. The application aware template includes a set of configuration preferences based on best practices for an application. The data storage system is configured based on the set of configuration preferences of the application aware template.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: February 13, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Brian A. Castelli, Kevin W. Phillips, John M. Moran
  • Patent number: 9888000
    Abstract: Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: February 6, 2018
    Assignee: Twitter, Inc.
    Inventors: Jeffrey Seibert, Jr., Michael Ducker
  • Patent number: 9886569
    Abstract: In one implementation, a credential associated with a user identifier and a location is stored at a client device. A request to output a representation of the credential in a manner that enables a credential authority to validate the representation is received. Responsive to receiving the request to render the representation of the credential, a location of the client device is obtained and a determination that the location of the client device is within a predefined distance of the location associated with the credential is made. Responsive to determining that the location of the client device is within the predefined distance of the location associated with the credential, data indicating that the user has entered the location associated with the credential is stored in a memory of the client device.
    Type: Grant
    Filed: November 23, 2015
    Date of Patent: February 6, 2018
    Assignee: MicroStrategy Incorporated
    Inventors: Hector Vazquez, Gang Chen