Central Trusted Authority Provides Computer Authentication Patents (Class 713/155)
  • Patent number: 10284586
    Abstract: Techniques presented herein describe data loss prevention (DLP) methods for saving a file to a destination over a network via an application, such as a productivity application having such features. A DLP agent injects components to the productivity application intercept save operations initiated by a user. When the user initiates a save operation for a file, the components suspend the operation and store a current version of the file (including unsaved file data) in a temporary location accessible to the DLP agent on disk. The DLP agent evaluates the current version of the file and file destination based on network and security policies to determine whether to allow or block the save operation.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: May 7, 2019
    Assignee: Symantec Corporation
    Inventors: Ameet Shinde, Varsha Arun Raykar, Sarin Sumit Manmohan
  • Patent number: 10284687
    Abstract: A method of processing, at a web server, a long-polling between a client and a service server configured to provision a service to the client over a network includes: receiving, at the web server, a poll request from the client; transmitting, via the web server, the poll request to the service server; receiving, at the web server, a poll reply to the poll request from the service server; generating, at the web server, webpage data based on the data in the poll reply; and transmitting, via the web server, the webpage data to the client as the poll reply. The poll reply received at the web server includes data to be applied in association with the client.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: May 7, 2019
    Assignees: NHN Entertainment Corporation, NHN Studio629 Corporation
    Inventor: Chuljae Lim
  • Patent number: 10275590
    Abstract: A computer system supports secondary authentication mechanism for authentication of a user, where the computer system may provide a variety of services including financial, scientific, academic, or governmental services. The computer system utilizes a multiphase distributed trust model in which the user is authenticated based on distributed trust of a set of randomly selected trusted contacts from a large set of trusted contacts initially chosen during an enrollment phase. During the authentication phase, a subset of contacts (affirmers) is selected from the contact list. The computer system then provides additional authentication information to each of the affirmers who subsequently share the information with the user. The user then provides this information from the computer system in order to complete the secondary authentication.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: April 30, 2019
    Assignee: Bank of America Corporation
    Inventors: Pinak Chakraborty, Nagasubramanya Lakshminarayana, Harigopal K. B. Ponnapalli
  • Patent number: 10277780
    Abstract: There provided is a client device including a first change unit for changing authentication information from individual authentication information to common authentication information, which is authentication information commonly used by each client device, in a case where a transmission of first operation information is failed due to an authentication error, and a second transmission unit for transmitting second operation information to the server device by using the common authentication information changed by the first change unit.
    Type: Grant
    Filed: January 3, 2018
    Date of Patent: April 30, 2019
    Assignee: Canon Kabushiki Kaisha
    Inventor: Yuichi Kurahashi
  • Patent number: 10270603
    Abstract: Systems, methods, and software can be used to process certificate validation warnings. In some aspect, a connection to a Virtual Private Network (VPN) server is initiated at an electronic device. The VPN server is associated with a VPN profile. In response to initiating the connection, a certificate associated with the VPN server is received at the electronic device. A validation warning associated with the certificate is received. A fingerprint of the certificate is generated. A validation action is selected based on the validation warning, the fingerprint, and the VPN profile. The selected validation action is executed.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: April 23, 2019
    Assignee: BlackBerry Limited
    Inventors: Chang Fung Yang, Robert Marcel Dugal, Jason Songbo Xu
  • Patent number: 10271206
    Abstract: A system may include a device having a program that includes a workflow system public key associated with a workflow system and programming instructions that allow the device to communicate with the workflow system over a communication network. The system may initialize a device by sending communications to the workflow system, receiving a response that includes information encrypted with a workflow system private key, and verifying the authenticity of the response by using the workflow system public key to decrypt the information in the response. The system may register the device for privacy treatment by the workflow system by generating a key pair that includes a client private key and a client public key, generating an encrypted client key by encrypting the client public key with the workflow system public key, including the encrypted client key in a privacy request, and sending the privacy request to the workflow system.
    Type: Grant
    Filed: September 15, 2016
    Date of Patent: April 23, 2019
    Assignee: Xerox Corporation
    Inventor: Peter J. Zehler
  • Patent number: 10262146
    Abstract: Disclosed are various approaches for a secure communication session between applications installed on a client device. The secure communication session can be provided over an insecure operating system application programming interface (API). By exchanging session information and encryption data, communications over the insecure API can be secured.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: April 16, 2019
    Assignee: VMware, INC.
    Inventors: Yogesh Govind Hande, Shravan Shantharam, Kalyan Regula, Varun Murthy, Bhuvanesh Shanmuga Sundaram, Jonathon Deriso, Raymond Welch
  • Patent number: 10257209
    Abstract: A method, system and device for allowing the secure collection of sensitive information is provided. The device includes a display, and a user interface capable of receiving at least one user-generated interrupt in response to a stimulus generated in response to content received by the device, wherein the action taken upon receiving the user-generated interrupt depends on a classification of the content, the classification identifying the content as trusted or not trusted. The method includes detecting a request for sensitive information in content, determining if an interrupt is generated, determining if the content is trusted, allowing the collection of the sensitive information if the interrupt is generated and the content is trusted, and performing an alternative action if the interrupt is generated and the content is not trusted. The method may include instructions stored on a computer readable medium.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: April 9, 2019
    Assignee: PAYPAL, INC.
    Inventors: Bjorn Markus Jakobsson, William Leddy
  • Patent number: 10257169
    Abstract: Mechanisms and methods are provided for managing OAuth access in a database network system, and extending the OAuth flow of authentication to securely store the OAuth encrypted refresh token in the storage available with current browsers or any other non-secure storage on user system.
    Type: Grant
    Filed: January 30, 2018
    Date of Patent: April 9, 2019
    Assignee: salesforce.com, inc.
    Inventor: Akhilesh Gupta
  • Patent number: 10235109
    Abstract: A printing system includes at least one processor that acts as a storing unit and a determination unit. The storing unit causes history data about a print job to be stored into storage. The determination unit determines whether to cause a user to perform confirmation processing at a time of printing based on the history data about the print job that is stored in the storage.
    Type: Grant
    Filed: April 20, 2017
    Date of Patent: March 19, 2019
    Assignee: Canon Kabushiki Kaisha
    Inventor: Masahito Yamazaki
  • Patent number: 10237070
    Abstract: A system, apparatus, method, and machine readable medium are described for sharing authentication data.
    Type: Grant
    Filed: December 31, 2016
    Date of Patent: March 19, 2019
    Assignee: Nok Nok Labs, Inc.
    Inventor: Rolf Lindemann
  • Patent number: 10230715
    Abstract: Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.
    Type: Grant
    Filed: March 11, 2015
    Date of Patent: March 12, 2019
    Assignee: GLOBOFORCE LIMITED
    Inventors: Jonathan Hyland, Eddie Fitzpatrick
  • Patent number: 10230869
    Abstract: An information processing apparatus includes: a first wireless, communication unit; a first acquisition unit that acquires first identification information which identifies a second wireless communication unit that is included in an external wireless terminal device, through the first wireless communication unit; and a use authorization unit that gives use authorization associated with the first identification information which is acquired by the first acquisition unit to a user of the wireless terminal device based on a table for managing the use authorization of a function of a host information processing apparatus in association with the first identification information.
    Type: Grant
    Filed: August 25, 2016
    Date of Patent: March 12, 2019
    Assignee: Fuji Xerox Co., Ltd.
    Inventor: Takanari Ishimura
  • Patent number: 10225245
    Abstract: A method and system of an identity service to provide a single point of access for a plurality of applications for an authentication of a user identity. An authentication request is received from an application via an application program interface (API), wherein the authentication request includes logon information. The authentication request is translated to one or more identity providers. Upon authentication, serially executing one or more programmatic extension scripts associated with the user. Privileges are granted to the user based on at least one of the programmatic extension scripts associated with the user.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: March 5, 2019
    Assignee: AUTH0, INC.
    Inventors: Carlos Eugenio Pace, Matías Woloski, José Fernando Romaniello
  • Patent number: 10225391
    Abstract: This disclosure relates to a method and system for exchanging data between users of a vehicle, including a main user equipped with a first personal electronic device and a secondary user equipped with a second personal electronic device. The method includes a preparatory phase and a transmission phase, which comprise the following steps: the application installed on the first personal electronic device sends data to a remote server including the second email address of the secondary user and instructions for the transfer of information regarding the vehicle; the remote server sends data to an information cloud including the mobile identifier assigned to the application installed on the second device and information regarding the vehicle, and the cloud sends information regarding the vehicle to the application installed on the second personal electronic device.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: March 5, 2019
    Assignee: Dura Operating, LLC
    Inventors: Arnaud Georges Thooris, Mickaël Roches
  • Patent number: 10219151
    Abstract: A unique pre-shared key plug-in is installed on a Chromebook device. Identification data associated with the Chromebook device is received, from the unique pre-shared key plug-in through a Chromebook client management system API. A unique pre-shared key is assigned to the Chromebook device using the identification data. The unique pre-shared key is sent to the Chromebook device. The Chromebook device is configured to seamlessly authenticate for a wireless network using the unique pre-shared key.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: February 26, 2019
    Assignee: Aerohive Networks, Inc.
    Inventors: John William Hanay, Daniel Estevan O'Rorke, Ravi Mishra, Young Yoon
  • Patent number: 10218685
    Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: February 26, 2019
    Assignee: APPLE INC.
    Inventors: Michael Brouwer, Dallas B. De Atley, Mitchell D. Adler
  • Patent number: 10216951
    Abstract: A graphical user interface for uploading an application data file may be generated by a computing platform and communicated to a computing device. The computing platform may receive the application data file from the computing device. A graphical user interface comprising a link configured to provide the computing device with access to a modified version of the application data file that comprises an element for tracking dissemination of the application data file may be generated by the computing platform and communicated to the computing device.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: February 26, 2019
    Assignee: Bank of America Corporation
    Inventors: Andrea M. Weisberger, Dale Binder
  • Patent number: 10205713
    Abstract: A method of private mutually authenticated key exchange is provided. The method may include receiving, at the first device, a message transmitted from a second device and including a hierarchical inner-product encryption (HIPE) ciphertext. Further, the method may include decrypting, at the first device, the HIPE ciphertext to generate a first authenticated encryption (AE) ciphertext. The method may further include decrypting, at the first device, the first AE ciphertext. Further, the method may include encrypting, at the first device, a second AE ciphertext including a signature and one or more attributes of the first device. Moreover, the method may include transmitting, to the second device, another message including the second AE ciphertext.
    Type: Grant
    Filed: April 5, 2017
    Date of Patent: February 12, 2019
    Assignee: FUJITSU LIMITED
    Inventors: Michel Ferreira Abdalla, Wei-Peng Chen
  • Patent number: 10205848
    Abstract: A printing apparatus of the present invention makes wireless LAN connection in at least either one of a first connection mode for making wireless LAN connection to an image processing apparatus in which inherent authentication information is stored and a second connection mode for making wireless LAN connection to the image processing apparatus via a second access point provided by an apparatus other than the printing device and the image processing apparatus. The printing apparatus controls, in a case of connection in the first connection mode, a first function provided by the printing apparatus to be enabled and a second function which is enabled in the second connection mode to be disabled.
    Type: Grant
    Filed: April 6, 2017
    Date of Patent: February 12, 2019
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Arata Miyagi
  • Patent number: 10205718
    Abstract: The disclosed embodiments provide a system that authenticates a user. During operation, the system obtains a request to transfer an authentication of the user on a first electronic device to a second electronic device. Next, the system enables, in response to the request, an authentication mechanism for transferring the authentication of the user from the first electronic device to the second electronic device. Upon detecting use of the authentication mechanism on the first electronic device or the second electronic device, the system authenticates the user on the second electronic device without requiring authentication credentials for the user from the second electronic device.
    Type: Grant
    Filed: September 16, 2014
    Date of Patent: February 12, 2019
    Assignee: Intuit Inc.
    Inventors: Tony Chang, Nathan R. Kane, Morgan DeBaun, Brendan D. McDonald
  • Patent number: 10200361
    Abstract: In accordance with an embodiment, described is a system and method for integrating a transactional middleware platform with a centralized access manager to provide single sign-on authentication in an enterprise-level computing environment. The enterprise-level computing environment can include the transactional middleware platform and one or more SOA middleware platforms. Each middleware platform can include one or more access agents to access the centralized access manager configured to store user identity and security policy information for the enterprise-level computing environment. A request from a client for an application service in the transactional middleware platform can be intercepted by an access agent therein, which can communicate with a centralized access server of the centralized access manager to obtain a session token.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: February 5, 2019
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jimin (Jimmy) Cai, Lin Yang, Wei Li
  • Patent number: 10200265
    Abstract: Systems and methods are described herein for managing peering relationships and applying peering policy between service providers and content distribution networks. Aspects discussed herein relate to establishing secure peering connections between service providers to exchange application and/or network information. In some embodiments, an application peering manager may apply peering policy based on token information or other suitable information configured to uniquely identify an application and/or subscriber. In other embodiments, policy enforcement points or other elements residing within a network may be configured to accept and/or apply peering policy to application sessions.
    Type: Grant
    Filed: June 8, 2016
    Date of Patent: February 5, 2019
    Assignee: Comcast Cable Communications, LLC
    Inventors: Yiu Leung Lee, Franklyn Athias
  • Patent number: 10200359
    Abstract: The disclosed method for creating credential vaults that use multi-factor authentication to automatically authenticate users to online services may include (1) detecting a user account for an online service that uses multi-factor authentication comprising a token that generates a cryptographic authentication code, (2) creating a virtual representation of the token that is capable of generating the cryptographic authentication code, (3) storing the virtual representation of the token and a set of credentials for the user account in a credential vault for a user, (4) sending a message to the online service that associates the virtual representation of the token with the user account, (5) authenticating the user to the credential vault, and (6) automating the multi-factor authentication process for the online service by providing the cryptographic authentication code and the set of credentials to the online service. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: February 5, 2019
    Assignee: Symantec Corporation
    Inventors: Ilya Sokolov, Kevin Jiang
  • Patent number: 10192215
    Abstract: The disclosure relates to initiating and completing peer to peer payments or peer to merchant payments initiated by financial cards and cameras of mobile devices. In some embodiments, the disclosed systems and methods may provide an accurate determination of parties involved in a peer to peer transaction, be useable with hardware and software that users are already in possession of, and securely initiate a peer to peer transaction. The disclosed systems may include a server communicatively coupled to a mobile device by a network. The server may receive an image of one or more financial cards, retrieve account information for each financial card in the received image, generate a proposed transaction based on the retrieved account information, transmit the proposed transaction to the mobile device, receive approval for the proposed transaction and initiate a payment or a transfer to an account based on the retrieved account information.
    Type: Grant
    Filed: March 2, 2018
    Date of Patent: January 29, 2019
    Assignee: Capital One Services, LLC
    Inventors: Michael Mossoba, Joshua Edwards, Abdelkader M'Hamed Benkreira
  • Patent number: 10187214
    Abstract: Systems, methods, and apparatuses are described wherein a block chain or block chain network can be created and the mining of new blocks can be limited to certain actors holding a specific set of private keys and verified by the corresponding public keys accessible to consumers interested in validating the block chain. These keys are stored in software or on specific hardware devices designed to not reveal the private key. Only blocks mined using those keys are acceptable on the block chain. The signing of the blocks in the particular block chain is integrated in such a fashion as to be integral to the proof of work for the block chain.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: January 22, 2019
    Inventor: Daniel Robert Ferrin
  • Patent number: 10181143
    Abstract: A system and method for a service level application are described. The service level application receives authentication data from a client seeking access to establish an account in an online marketplace. The service level application identifies a source of truth corresponding to the authentication data and verifies the authentication data with the corresponding source of truth. The service level application determines an access level tier to the online marketplace for the client based on the source of truth.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: January 15, 2019
    Assignee: eBay Inc.
    Inventors: Venkatesh Thanuvan, Badrinath Vengalathur Srinath
  • Patent number: 10178090
    Abstract: The subject matter discloses a computerized system, comprising a computerized device communicating with a third party server, that comprises a memory unit that stores a representation of a Boolean circuit and a processing unit for calculating a result of the Boolean circuit according to a string used as input for the Boolean circuit and calculating a first predefined function on the result of the Boolean circuit. The system also comprises a first auxiliary server communicating with the computerized device, the first auxiliary server comprises a processing unit for calculating a second predefined function on the result of the Boolean circuit received from the computerized device and a second auxiliary server communicating with the computerized device comprises a processing unit for comparing the result of the first predefined function and the result of the second predefined function.
    Type: Grant
    Filed: February 28, 2016
    Date of Patent: January 8, 2019
    Assignees: Bar-Ilan University, Unbound Tech, Ltd.
    Inventors: Guy Pe'er, Yehuda Lindell
  • Patent number: 10171250
    Abstract: A client device may provide, to a host device, a request to access a website associated with a host domain. The client device may receive, based on the request, verification code that identifies a verification domain and a resource, associated with the verification domain, to be requested to verify a public key certificate. The verification domain may be different from the host domain. The client device may execute the verification code, and may request the resource from the verification domain based on executing the verification code. The client device may determine whether the requested resource was received, and may selectively perform a first action or a second action based on determining whether the requested resource was received. The first action may indicate that the public key certificate is not valid, and the second action may indicate that the public key certificate is valid.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: January 1, 2019
    Assignee: Juniper Networks, Inc.
    Inventor: Kyle Adams
  • Patent number: 10164775
    Abstract: An electronic device is provided. The electronic device includes a first short-range communication module configured to execute short-range communication with a second electronic device, a security module configured to store security information, and a processor configured to receive, from the second electronic device, a pairing key that registers the electronic device as being linked to the second electronic device, transmit session key generation information to the second electronic device when authentication with the second electronic device is completed based on the pairing key, generate a session key based on the session key generation information, encrypt the security information based on the session key, and transmit the encrypted information to the second electronic device.
    Type: Grant
    Filed: October 20, 2015
    Date of Patent: December 25, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Chol-Seo Park, Eun-Jik Kim
  • Patent number: 10158647
    Abstract: Access to a module element within a first module by a second module is prohibited if the module element within the first module has not been exposed to the second module. If a particular module element within a first module has been exposed to a second module, then access to the particular module element by the second module may or may not be allowed depending on: (a) whether the particular module element has been declared with a public or non-public access modifier, (b) whether a second exposed module element, which includes the particular module element, has been declared with a public or non-public access modifier, (c) a level of access associated with the operation that attempts to access the particular module element of the first module, and/or (d) whether an accessibility override configuration is set for accessing the particular module element.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: December 18, 2018
    Assignee: Oracle International Corporation
    Inventors: Alexander R. Buckley, Mark B. Reinhold, Alan Bateman, Paul Sandoz, Chris Hegarty
  • Patent number: 10158706
    Abstract: A communication method for a data sharing system which is constituted by a plurality of communication nodes, and through which data transmitted from a transmission source node are propagated by having the respective communication nodes repeatedly transmit the data, includes: a transmission step in which a first communication node transmits a transmission stop message including a hash value of data in relation to which repeated transmission is to be stopped; a reception step in which a second communication node receives the transmission stop message; and a stopping step in which the second communication node stops transmission of data having an identical hash value to the hash value included in the transmission stop message. The hash value is preferably encrypted using a public key cryptosystem. A transmission source node of the transmission stop message may be a transmission source node or a destination node of the data to be stopped, or another node.
    Type: Grant
    Filed: October 27, 2014
    Date of Patent: December 18, 2018
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventors: Ryokichi Onishi, Toshihiko Watanabe
  • Patent number: 10154035
    Abstract: Systems and methods for controlling access to multiple applications on a computing device are provided. One embodiment of a system includes an access device configured to: receive a request to access a first application and a device identifier; authenticate the user using a user credential associated with the user and store the device identifier in association with a login identifier in response to authentication of the user. The access device can be further configured to receive a request to access a second application and the device identifier. The access device can allow access to the second application based on the previous authentication of the user.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: December 11, 2018
    Assignee: Open Text SA ULC
    Inventor: Simon Dominic Copsey
  • Patent number: 10154025
    Abstract: One embodiment of seamless device configuration between a network device and an access point sends a device credential associated with the network device to the access point before the network device communicates with the access point. The device credential can be used to verify the identity of the network device and can authenticate the network device with the access point without requiring user interaction. Another embodiment can incorporate a central authority maintaining a database of network devices, access points and associated users. The central authority can determine when one or more network devices can seamlessly be configured for use with a particular access point. The central authority can send the device credential associated with the one or more network devices to the access point before the network device communicates with the access point.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: December 11, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Peerapol Tinnakornsrisuphap, Olivier Jean Benoit, Rajesh Kumar
  • Patent number: 10148438
    Abstract: In some embodiments, a method includes receiving encrypted information associated with a user, and calculating a first portion of a shared secret based on the encrypted information associated with the user. The method also includes defining a completed portion of the shared secret based on the first portion of the shared secret and a second portion of the shared secret and storing the completed portion of the shared secret in a memory for a pre-defined period of time. The method includes defining a ticket based on the completed portion of the shared secret, and sending the ticket to a device associated with the user such that data associated with the ticket is accessible based on the ticket within the pre-defined period of time, and not accessible without the ticket or after the pre-defined period of time.
    Type: Grant
    Filed: April 3, 2012
    Date of Patent: December 4, 2018
    Assignee: Rally Health, Inc.
    Inventors: Nicholas H. Evancich, Alexander E. Schoof
  • Patent number: 10140452
    Abstract: Methods and systems for performing an authenticated boot; performing a continuous data protection; performing automatic protection and optionally a consolidation; and performing other defenses and protection of a protected computing device (such as a computer system) are provided. The aspects include integrating security mechanisms (which may include a “call home” function, role and rule-based policies, validating technologies, encryption and decryption technologies, data compression technologies, protected and segmented boot technologies, and virtualization technologies. Booting and operating (either fully or in a restricted manner) are permitted only under a control of a specified role-set, rule-set, and/or a controlling supervisory process or server system(s). The methods and systems make advantageous use of hypervisors and other virtual machine monitors or managers.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: November 27, 2018
    Assignee: COMPUTER PROTECTION IP, LLC
    Inventor: Ariel Silverstone
  • Patent number: 10142308
    Abstract: There is disclosed a technique for use in authentication. In one embodiment, the technique comprises receiving behavioral information associated with a user. The technique also comprises performing an analysis based on the behavioral information. The technique further comprises determining whether to authenticate the user based on the analysis.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: November 27, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Zohar Duchin, Alex Zaslavsky, Ika Bar-Menachem, Shachar Israeli
  • Patent number: 10142311
    Abstract: Devices between which packets are transmitted and received include mutually corresponding packet counters. The same random number value is given to the packet counters as their initial values and the packet counters are updated with packet transmission/reception. The transmission-side device generates a MAC value, draws out part thereof on the basis of a counted value of its own packet counter, sets it as a divided MAC value, generates a packet by adding the value to a message and transmits the packet onto a network. The reception-side device generates a MAC value on the basis of the message in the received packet, draws out part thereof on the basis of a counted value of its own packet counter, compares the part with the divided MAC value in the received packet and thereby performs message authentication.
    Type: Grant
    Filed: December 10, 2015
    Date of Patent: November 27, 2018
    Assignee: RENESAS ELECTRONICS CORPORATION
    Inventor: Daisuke Oshida
  • Patent number: 10142303
    Abstract: In an aspect, a method for protecting software includes obtaining a payload including at least one of instructions or data, establishing a realm in a memory device, encrypting the payload based on an ephemeral encryption key (EEK) associated with the realm, and storing the encrypted payload in the realm of the memory device. In another aspect, a method for protecting software includes receiving a memory transaction associated with the memory device, the memory transaction including at least a realm identifier (RID) and a realm indicator bit, obtaining the EEK associated with the RID when the RID indicates the realm and when the realm indicator bit is enabled, decrypting an instruction and/or data retrieved from the realm based on the EEK when the memory transaction is a read transaction, and encrypting second data for storage in the realm based on the EEK when the memory transaction is a write transaction.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: November 27, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Roberto Avanzi, David Hartley, Rosario Cammarota
  • Patent number: 10140472
    Abstract: An multi-level privacy evaluation technology is described for increasing the performance of applications or services that experience high volumes of queries for data with privacy attributes. The multi-level privacy evaluation technology evaluates data using a subset of privacy policy rules and privacy information determined for the data at a backend server and thereby reduces the volume of data that need to be filtered at a frontend server. The multi-level privacy evaluation technology first applies an initial privacy check on a large data set at the backend to authoritatively filter out any data that a viewing user is not permitted to view or access and return as results a smaller data set that the viewing user may be permitted to view or access. A full privacy check is then performed at the frontend on the smaller data set, resulting in reduction in the overall cost of performing privacy checks and reducing latency in displaying data to the viewing user.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: November 27, 2018
    Assignee: Facebook, Inc.
    Inventors: Bhupinder Singh Sethi, Shiyu Zhao, Yang Xia
  • Patent number: 10140077
    Abstract: An image processing apparatus performs: in a case where an operating mode is a second mode when identification information receiving process is executed, determining whether a first memory stores first identification information corresponding to second identification information; in response to determining that the first memory stores the first identification information, determining whether a second memory stores third identification information corresponding to the second identification information; in response to determining that the second memory stores the third identification information, determining whether a first screen is displayed; in response to determining that the first screen is displayed, executing a first logout process of switching the operating mode from the second mode to the first mode and deleting the third identification information stored in the second memory; in response to determining that the first screen is not displayed, maintaining the operating mode in the second mode without ex
    Type: Grant
    Filed: September 21, 2017
    Date of Patent: November 27, 2018
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Masahide Takeuchi
  • Patent number: 10135809
    Abstract: The present invention relates to a method, system and apparatus for authentication using an application. Particularly, this invention can use an integrated ID by acquiring a reliable relationship between applications installed in a single terminal, or can perform the authentication of other applications by sharing authentication information through a representative application among applications. According to this invention, the account registration is performed by referring to the representative application, and thus the SSO authentication scheme may be implemented even in a mobile environment.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: November 20, 2018
    Assignee: SK PLANET CO., LTD.
    Inventors: Kyungwan Ko, Jaeyoung Ju, Bongsu Um
  • Patent number: 10132295
    Abstract: The present disclosure is directed to a digital system for managing a wind farm having a plurality of wind turbines electrically coupled to a power grid. The system includes a farm-based first communication network having one or more individual wind turbine control systems communicatively coupled to the one or more wind turbines and an overall wind farm control system. The system also includes a cloud-based second communication network communicatively coupled to the first communication network via an industrial gateway. The second communication network includes a digital infrastructure having a plurality of digital models of the one or more wind turbines, wherein the plurality of digital models of the one or more wind turbines are continuously updated during operation of the wind farm via data supplied by the farm-based first communication network.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: November 20, 2018
    Assignee: GENERAL ELECTRIC COMPANY
    Inventors: Arnold M. Lund, Karl Mochel, Jeng-Weei Lin, Raimundo Onetto, Jayanthi Srinivasan, Peter Gregg, Jeffrey Eric Bergman, Kenneth D. Hartling, Anwar Ahmed, Sham Chotai
  • Patent number: 10135623
    Abstract: The present invention discloses a method and a system for checking revocation status of digital certificates in a virtualization environment.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: November 20, 2018
    Assignee: Institute of Information Engineering, Data Assurance & Communication Security Center, Chinese Academy of Sciences
    Inventors: Jingqiang Lin, Bingyu Li, Zhan Wang, Jiwu Jing, Congwu Li, Luning Xia, Qiongqiao Wang
  • Patent number: 10129276
    Abstract: Methods and apparatus are provided for identifying suspicious domains using common user clustering. An exemplary method comprises obtaining network event data comprising a plurality of network connections; identifying users and domains associated with the network connections in the network event data; creating a connection between each user/domain pair that communicate with one another in the identified users and the identified domains to generate a graph; connecting domains in the graph using inter-domain edges that share common users to obtain a graph of interconnected domains; identifying bi-connected components in the graph of interconnected domains, wherein the bi-connected components comprise node pairs having at least two paths in the graph of interconnected domains between them; and processing the bi-connected components to identify a plurality of suspicious domains that are likely to participate in a computer security attack.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: November 13, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Kineret Raviv, Carmit Sahar, Eyal Kolman, Shay Amram, Alon Kaufman
  • Patent number: 10127399
    Abstract: Systems and methods for securing objects in a computing environment. Objects are encrypted using keys that are also encrypted after encrypting the objects. In order to access the objects, a master key that is unknown to the service storing the objects and/or managing the keys is used to decrypt the keys so that the objects can be decrypted with the decrypted key. Thus, a key is needed to access the key needed to access the object. The master key is typically maintained separately from all of the encrypted objects and corresponding encrypted keys.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: November 13, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Ray David Whitmer
  • Patent number: 10129239
    Abstract: The present disclosure is directed towards systems and methods for scanning of a target range of IP addresses to verify security certificates associated with the target range of IP addresses. Network traffic may be monitored between a plurality of clients and a plurality of servers over an IP address space. Traffic monitors positioned intermediary to the plurality of client and the plurality of servers can identify a target range of IP addresses in the address space for targeted scanning. The target range of IP address may be grouped into a priority queue and a scan can be performed of the target range of IP addresses to verify a security certificate associated with each IP address in the target range of IP addresses. In some embodiments, a rogue security certificate is detected that is associated with at least one IP address in the target range of IP addresses.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: November 13, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: Kenneth Bell, Anoop Reddy
  • Patent number: 10129217
    Abstract: A first information handling system receives a security challenge and forwards it to a second information handling system. The second information handling system retrieves a private key from a public/private encryption key pair and satisfies the challenge with the private key. The second information handling system forwards the satisfied challenge without divulging the private key. The second information handling system is in a more secure environment than the first information handling system. The challenge may be satisfied by signing the challenge with the private key. Satisfying the challenge may be a step in creating a secure shell connection between the first information handling system and an organization maintaining the first information handling system and the second information handling system.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: November 13, 2018
    Assignee: DELL SOFTWARE, INC.
    Inventors: Carolyn Duby, Mark B. King, Aric LeDell, Elchanan Oren, Michael Vincent
  • Patent number: 10127562
    Abstract: Any of various comparisons of computer folders from different points in time is performed. Such comparisons provide the ability to discover missing documents or documents with modification dates that have changed when there would otherwise have been no need to change them and thus allows discovery of missing documents to discover fraud or to search for evidence after a fraud is suspected. In another embodiment, deltas in accounting system vendor invoice accounts are compared at different points in time, potentially exposing the practice of moving fraudulent vendor transactions into a large group of legitimate transactions for a legitimate vendor. Per period transaction totals for specific periods for legitimate vendors are compared over historical time for suspicious activity. A comparison of reports from the two different periods, using exact data and software from those separate periods (instead of reporting from “current” data), may raise a red flag otherwise missed.
    Type: Grant
    Filed: July 29, 2014
    Date of Patent: November 13, 2018
    Assignee: NBRELLA, INC.
    Inventors: Michael Price, Scott DeGraffenreid, Joseph Dito, Taylor Price
  • Patent number: 10122701
    Abstract: Cross-domain single login is disclosed. In an example system, a first application server hosts a first application that has a first user-visible page. The first application server is configured to serve, the first user-visible page on a user device. The first application server is also configured to request a first hidden page. An authentication server is configured to receive a first hidden authentication request from the user device, to obtain a first authentication result, and send a first message to the user device. The first message may include the first authentication result obtained by the authentication server based on the first hidden authentication request. The user device is configured to send, a second message to the first user-visible page based on the first message.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: November 6, 2018
    Assignee: Red Hat, Inc.
    Inventor: Patrick Uiterwijk