Including Intelligent Token Patents (Class 713/159)
  • Patent number: 10313384
    Abstract: Approaches for enforcing security constraints against a network without impacting business workflows. A network is programmatically divided into a set of restrictive subnetworks without human intervention. One or more agents, executing on a plurality of nodes of the network, enforce security constraints by requiring a process, which requests access to an asset stored on a node of the network, to possess a security credential associated with a particular restrictive subnetwork to which the node belongs for access to the asset to be granted. The set of restrictive subnetworks may be determined based upon an enterprise risk model that models both the present and the future risk to the enterprise.
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: June 4, 2019
    Assignee: Balbix, Inc.
    Inventors: Gaurav Banga, Rajarshi Gupta, Vinay Sridhara, Vineet Kumar
  • Patent number: 10299132
    Abstract: A computer implemented technique includes receiving, at a server, a request to utilize an intermediary device to establish a wireless hotspot for a mobile computing device to access a private computing network via a network device. The technique includes receiving, at the server, access information from a first user having control of the private computing network and the network device, the access information specifying users and their corresponding levels of access to the private computing network via the wireless hotspot. The technique includes receiving, at the server, identification information for a second user associated with the mobile computing device. The technique also includes transmitting, from the server and to the intermediary device, a level of access to the private computing network via the wireless hotspot causing the intermediary device to grant the mobile computing device the level of access to the private computing network via the network device.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: May 21, 2019
    Assignee: GOOGLE LLC
    Inventor: Nazif Cihan Tas
  • Patent number: 10282537
    Abstract: A request for authentication from a user of a computer system is received. An authentication prompt is transmitted to the user, wherein the authentication prompt corresponds to a plurality of stored authentication responses, and wherein each of the plurality of stored authentication responses is used to authenticate the user. A first user authentication response is received. Whether to accept the first user authentication response based on a degree of similarity between the first user authentication response is determined and a stored authentication response from the plurality of stored authentication responses. Responsive to accepting the first user authentication response, a security score is calculated representing a level of confidence with respect to verifying the user for authentication, based on a type of authentication response for the first user authentication response. Responsive to determining that the security score is greater than an authentication score the user is authenticated.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: May 7, 2019
    Assignee: International Business Machines Corporation
    Inventors: Calvin B. Swart, Sharon M. Trewin
  • Patent number: 10277587
    Abstract: Methods are provided for instantiating multiple electronic subscriber identity modules (eSIMs) to an electronic universal integrated circuit card (eUICC) using a manufacturer-installed data binary large object (data blob). An eSIM package including the data blob in encrypted form is securely installed in the eUICC in a manufacturing environment. A key encryption key (KEK) associated with the eSIM package is separately provided to an original equipment manufacturer (OEM) wireless device factory. The OEM wireless device factory provides the KEK to the eUICC within a given wireless device. The eUICC uses the KEK to decrypt the eSIM package and provide the data blob. The eUICC can receive a request to instantiate a first eSIM. The eUICC can instantiate the first eSIM using data from the data blob. A user can then access network services using the wireless device. Subsequently, a second eSIM can be instantiated by the eUICC using the data blob.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: April 30, 2019
    Assignee: Apple Inc.
    Inventors: Li Li, Arun G. Mathias
  • Patent number: 10228926
    Abstract: A remote support installation mechanism provides for the installation of a remote support client application onto a user device. A server may receive a request for a remote support eligibility status from a device agent application on a user device that is loaded with an installer package for a remote support client application. The remote support client application may be used to initiate a remote support session with a remote support application on a remote support server to provide a computing terminal with remote support access to the user device. The server may determine based on at least one of a device management database or a user account database that the user device qualifies for remote support. Accordingly, the server may send an install command to trigger an installation of the remote support client application on the user device from the installer package.
    Type: Grant
    Filed: January 28, 2016
    Date of Patent: March 12, 2019
    Assignee: T-Mobile USA, Inc.
    Inventors: Jonathan Michael Soini, Timothy Adam Shelton
  • Patent number: 10171457
    Abstract: An indication is received that a user has initiated an access to a website hosted by a service provider. Access to the website requires an authorization of a user identification associated with the user and a password associated with the user. A token is requested. The token provides access to an application programming interface. The token is received. The token is stored by the service provider.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: David P. Moore, Trevor S. Norvill, Philip A. J. Nye, Robert T. Trotter
  • Patent number: 10158480
    Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. An autonomous device can be configured to generate a first hash value of a chain of hash values by applying a hash algorithm to first data including first new data and a first previous hash value of the chain of hash values, the first previous hash value computed by applying the hash algorithm to first previous data. The device can transmit to a transaction computer system the first hash value and the first new data. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: December 18, 2018
    Assignee: Winklevoss IP, LLC
    Inventors: Cameron Howard Winklevoss, Tyler Howard Winklevoss, Michael Robert Breu, Benjamin A. Small
  • Patent number: 10133858
    Abstract: Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: November 20, 2018
    Assignee: PAYPAL, INC.
    Inventors: Sebastien Ludovic Jean Taveau, Upendra S. Mardikar
  • Patent number: 10104084
    Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.
    Type: Grant
    Filed: November 16, 2015
    Date of Patent: October 16, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Andrew Biggs, Shaun Cooley, Matt Miller, Hua Cui, Ian Remmel
  • Patent number: 10061912
    Abstract: A system and method of multi-factor authentication are described. In some embodiments, a first device provides an initial authentication data to a second device. The second device is different from the first device. The first device obtains a first response data from the second device. The first device generates a first subsequent authentication data using the first response data. The first subsequent authentication data is different from the initial authentication data. The first device provides the first subsequent authentication data to the second device. In some embodiments, obtaining the first response data comprises capturing the first response data from the second device using a camera on the mobile device, where the first response data is displayed on the second device.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: August 28, 2018
    Assignee: eBay Inc.
    Inventor: Oliver Nicholas Cockcroft
  • Patent number: 10050723
    Abstract: In particular embodiments, a method for transmitting authentication data using acoustical means, comprising: encoding, by a first device, information into an acoustic signal; emitting, by an audio output component of the first device, the acoustic signal; detecting, by an audio input component of a second device, the acoustic signal; and decoding, by the second device, the acoustic signal into one or more pieces of information.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: August 14, 2018
    Assignee: Digital Kerosene Inc.
    Inventors: Carey D'Souza, John Neil Carter, Jason Mullings
  • Patent number: 10049168
    Abstract: Methods, systems, devices and computer program products for modifying and processing host webpage data are described. The host webpage data intended for receipt by a browser which will interpret the host webpage data and generate a host webpage document therefrom. The host webpage data is modified using second and third webpage data before being sent to the browser. The second webpage data is arranged to cause a frame to be generated within the host webpage document, the generated frame comprising a second webpage document which is associated with a different domain to the host webpage document. Furthermore, the third webpage data is arranged to cause the browser to allow access to functionality of the host webpage document by the second webpage document which would otherwise be blocked.
    Type: Grant
    Filed: January 31, 2012
    Date of Patent: August 14, 2018
    Assignee: OPENWAVE MOBILITY, INC.
    Inventors: Richard Mischook, Colin Woods
  • Patent number: 9996686
    Abstract: A method for managing a master password on a network device, the method stored as a set of instructions executable by a computer processor to: store the master password in a first file in a memory of the network device; store the master password in a second file in the memory of the network device; encrypt access to the first file using a first password; encrypt access to the second file using a second password; send the second password and an identifier associated with the network device over a communications network to a registration server, the registration server configured for storing the second password for subsequent retrieval by the network device; when the first password is unavailable, send a password retrieval request including the identifier; receive the second password configured as a one-time use password; decrypt access to the second file to retrieve the master password; and, initiate a reset process for subsequent storage of the master password in the memory of the network device.
    Type: Grant
    Filed: April 28, 2014
    Date of Patent: June 12, 2018
    Assignee: BlackBerry Limited
    Inventors: Alex Lau, Mihir Kapadia, Yunan Zhao
  • Patent number: 9998440
    Abstract: A system for an electronic authentication client and a processing method thereof, and a system for electronic authentication and a method thereof are disclosed.
    Type: Grant
    Filed: September 12, 2014
    Date of Patent: June 12, 2018
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Yu Yan, Dazhi Yang, Wen Zhang, Bin Ma
  • Patent number: 9971800
    Abstract: In one embodiment a system, apparatus, and method for optimizing index value lengths when indexing data items in an array of data items is described, the method including producing, at a first processor, an ordered series of index values, sending the ordered series of index values to an indexing processor, receiving, at the indexing processor, a data object including the array of data items, associating, at the indexing processor, a first part of one of the index values with a first one data item of the array of data items, associating, at the indexing processor, a second part of the one of the index values with a next one data item of the array of data items, repeating the steps of associating a first part of one of the index values and associating a second part of the one of the index values until all of the data items in the array of data items are indexed.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: May 15, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Yaron Sella, Michal Devir, Harel Cain
  • Patent number: 9965651
    Abstract: A computer-implemented method includes producing medical information that characterizes a group of individuals from a set of private data representing pre or post-encounter characteristics of the individuals, wherein the individuals have had encounters with a healthcare facility. The identity of the individuals is unattainable from the produced medical information. The method also includes providing the produced medical information to report the pre or post-encounter characteristics of the group.
    Type: Grant
    Filed: May 26, 2017
    Date of Patent: May 8, 2018
    Assignee: Vigilytics LLC
    Inventor: Andrew L. Paris, III
  • Patent number: 9949127
    Abstract: A computer implemented technique includes receiving, at a server, a request to utilize an intermediary device to establish a wireless hotspot for a mobile computing device to access a private computing network via a network device. The technique includes receiving, at the server, access information from a first user having control of the private computing network and the network device, the access information specifying users and their corresponding levels of access to the private computing network via the wireless hotspot. The technique includes receiving, at the server, identification information for a second user associated with the mobile computing device. The technique also includes transmitting, from the server and to the intermediary device, a level of access to the private computing network via the wireless hotspot causing the intermediary device to grant the mobile computing device the level of access to the private computing network via the network device.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: April 17, 2018
    Assignee: GOOGLE LLC
    Inventor: Nazif Cihan Tas
  • Patent number: 9871786
    Abstract: The method of authenticating the source of a communication is disclosed. The method includes executing a clock for an operation period. The method also includes receiving a communication from a remote device at a communication time corresponding to a time interval of a plurality of time intervals sequentially covering the operation period. Each time interval has an associated authentication value. The communication includes a commitment value. The method also includes determining whether the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The method also includes processing the communication when the commitment value matches the authentication value associated with the time interval corresponding to the communication time.
    Type: Grant
    Filed: July 23, 2015
    Date of Patent: January 16, 2018
    Assignee: Google LLC
    Inventor: Curtis Gerald Condra
  • Patent number: 9792425
    Abstract: The system and method for controlling state tokens described herein may secure sensitive application state tokens, link one application state token to other state tokens that represent certain identities or communication sessions, and maintain application state tokens to integrate various different systems or applications. In particular, the system and method described herein may provide a mechanism to override scheme that applications use to manage state information and thereby enforce policies that provide fine-grained control over any semantics the applications otherwise use to manage state information.
    Type: Grant
    Filed: November 2, 2010
    Date of Patent: October 17, 2017
    Assignee: CA, Inc.
    Inventor: Justin T. Stone
  • Patent number: 9699659
    Abstract: In an embodiment, a control device that is configured to onboard a target device to a secure local network by discovering a set of devices over a bootstrapping interface, establishing a bootstrap connection to at least one device from the set of devices in response to the discovery without authorizing the at least one device to access the secure local network, instructing the at least one device via the bootstrap connection to activate an observable function that is configured to be observable to one or more observation entities that are separate from the control device and are in proximity to the at least one device, determining whether an operator of the control device verifies that the observable function has been successfully detected as performed by the target device and selectively authorizing the at least one device to access the secure local network based on the determination.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: July 4, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Doron Zehavi, Lior Amarilio, Zeev Shusterman
  • Patent number: 9667602
    Abstract: An off-host authentication system includes an authentication information handling system (IHS) that is coupled to a network. The off-host authentication system also includes a host processing system. An off-host processing system in the off-host authentication system is coupled to the host processing system and is coupled to the authentication IHS through the network. The off-host processing system provides an encrypted primary authentication item to the authentication IHS through the network. The off-host processing system then receives an encrypted secondary authentication token from the authentication IHS through the network. The off-host processing system then decrypts the encrypted secondary authentication token to produce a decrypted secondary authentication token and uses the decrypted secondary authentication token to retrieve a tertiary authentication token.
    Type: Grant
    Filed: January 12, 2016
    Date of Patent: May 30, 2017
    Assignee: Dell Products L.P.
    Inventors: Daniel Hamlin, Charles Robison
  • Patent number: 9648069
    Abstract: A system and method for sharing electronic content. A sending user can specify one or more criteria that a recipient memory device must have to store the content. The sending user can also specify a digital rights management control that can be associated with the content. The content can be transferred to the recipient if the recipient memory device has the specified properties. Software at the recipient can ensure that the content is handled in accordance with the digital rights management controls specified by the sender.
    Type: Grant
    Filed: March 3, 2015
    Date of Patent: May 9, 2017
    Assignee: GULA CONSULTING LIMITED LIABILITY COMPANY
    Inventors: Damian Franken Manning, Jon Walter Lowy
  • Patent number: 9642010
    Abstract: There is provided a management server including a communication unit configured to communicate with a communication terminal that utilizes a service, and a data processing unit. The data processing unit is configured to receive, from the communication terminal, system configuration information including a memory system configuration of the communication terminal, determine, in accordance with the system configuration information, a memory area in the communication terminal where service data for the communication terminal to utilize the service is recorded or a memory area in the communication terminal from which the service data is read, generate a command to execute a process to access the memory area or service data to be recorded in the memory area, and transmit the command or the service data to the communication terminal via the communication unit.
    Type: Grant
    Filed: March 3, 2015
    Date of Patent: May 2, 2017
    Assignee: FeliCa Networks, Inc.
    Inventors: Kenichi Motodate, Keitarou Watanabe, Junichi Oki
  • Patent number: 9628464
    Abstract: In one embodiment, receiving a notice from a first user associated with a first mobile device indicating that the first user wishes to share information of the first user with one or more second users respectively associated with one or more second mobile devices; accessing information known about one or more users and one or more mobile devices respectively associated with the one or more users; identifying at least one candidate for the first user based on the information known about the one or more users and the one or more mobile devices; and confirming one or more of the at least one candidate as the one or more second users.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: April 18, 2017
    Assignee: FACEBOOK, INC.
    Inventor: Jonathan Arie Matus
  • Patent number: 9614855
    Abstract: System and method for implementing a secure web application entitlement service are described.
    Type: Grant
    Filed: November 5, 2009
    Date of Patent: April 4, 2017
    Assignee: Micro Focus Software Inc.
    Inventors: Carolyn Bennion McClain, Stephen R. Carter
  • Patent number: 9576150
    Abstract: In one example, a method for validating a user includes transmitting, to a management server, a request for a shared secret, and receiving, from the management server, the shared secret. Next, the shared secret received from the management server is compared to a secret identified in a user request for access to a backup of data associated with a computing device. The user is granted access to the backup when the shared secret identified by the user matches the shared secret obtained from the management server, and the user is denied access to the backup when the shared secret identified by the user does not match the shared secret obtained from the management server.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: February 21, 2017
    Assignee: EMC CORPORATION
    Inventors: David vonThenen, Darren M. Yee, Steven Kwong
  • Patent number: 9577994
    Abstract: An off-host authentication system includes a network. An off-host processing system is coupled to the network and sends an encrypted authentication item through the network in response to validating a user. An authentication information handling system (IHS) is coupled to the network and receives the encrypted authentication item from the off-host processing system through the network, decrypts the encrypted authentication item to produce a decrypted authentication item, validates the decrypted authentication item, and sends an approval message through the network. A directory system is coupled to the network and receives the approval message through the network and, in response, sends a user approval through the network. A host processing system, which is located in a user IHS that includes the off-host processing system and which is coupled to the network, logs a user into the user IHS in response to receiving the user approval through the network.
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: February 21, 2017
    Assignee: Dell Products L.P.
    Inventors: Charles Robison, Daniel Hamlin
  • Patent number: 9569610
    Abstract: A computer implemented method for managing a password is disclosed. The method can include generating a first hash value corresponding to a first password. The method can also include determining whether the first hash value corresponds with a second hash value included in the set of hash values. Further, the method can include suppressing storage of the first password in the set of passwords in response to determining that the first hash value corresponds with a second hash value included in the set of hash values.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: February 14, 2017
    Assignee: International Business Machines Corporation
    Inventors: Andreas Arning, Jens Engelke
  • Patent number: 9537663
    Abstract: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.
    Type: Grant
    Filed: June 20, 2012
    Date of Patent: January 3, 2017
    Assignee: Alcatel Lucent
    Inventors: Semyon Mizikovsky, Ioannis Broustis, Violeta Cakulev
  • Patent number: 9514457
    Abstract: Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.
    Type: Grant
    Filed: October 16, 2014
    Date of Patent: December 6, 2016
    Assignee: Protegrity Corporation
    Inventors: Ulf Mattsson, Yigal Rozenberg
  • Patent number: 9461985
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Grant
    Filed: March 25, 2013
    Date of Patent: October 4, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Patent number: 9444807
    Abstract: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.
    Type: Grant
    Filed: August 25, 2015
    Date of Patent: September 13, 2016
    Assignee: SAIFE, INC.
    Inventors: Ty Lindteigen, James Chester Jones, Dipen Patel, Anthony Payne
  • Patent number: 9426149
    Abstract: A mobile secure login method comprises steps of 1) displaying a machine readable graphic form encoded with a sign in URL and a unique token on a browser, wherein the said machine readable graphic form comprises at least one of a 1D barcode, a 2D barcode, a PDF417, an QR code, a Data Matrix code, an Aztec code, and OCR symbol; 2) scanning the said machine readable graphic form using a mobile device; 3) transmitting the sign in credential with the said unique token to a server at the said sign in URL from the said mobile device, wherein the said sign in credential comprises at least one of a username, a password, and a PKI signed challenge; 4) authenticating the said sign in credential at the said server to enable the said browser login to a secure website automatically.
    Type: Grant
    Filed: December 30, 2014
    Date of Patent: August 23, 2016
    Inventor: Ynjiun Paul Wang
  • Patent number: 9419798
    Abstract: A public encryption method based on user ID includes: setting, by a key generation server, at least one public parameter and master key used for generating a private key; receiving, by the key generation server, an inherent ID of a user from a receiving terminal, generating a private key based on the public parameter, the master key and the ID, and transmitting the generated private key to the receiving terminal; receiving, by a transmitting terminal, the public parameter and the ID from the key generation server, encrypting a message to generate a ciphertext, and transmitting the generated ciphertext to the receiving terminal; and receiving, by the receiving terminal, the ciphertext and the private key, and decrypting the ciphertext based on the received private key to obtain a message.
    Type: Grant
    Filed: January 17, 2014
    Date of Patent: August 16, 2016
    Assignee: KOREA UNIVERSITY RESEARCH AND BUSINESS FOUNDATION
    Inventors: Dong Hoon Lee, Jong-Hwan Park, Woo-Kwon Koo
  • Patent number: 9400979
    Abstract: A system and method facilitating purchase transactions over a computer network, including the purchase of electronically storable items. The embodiments herein encrypt “customer identifier string” in an encryption stream and cause the encryption stream to be transferred from the customer to a merchant in the purchase transaction. A verification entity receives the encryption stream which is sent by the merchant for identity verification and payment authorization. Then, the verification entity verifies the identifiers contained in the encryption stream and transfers an identity verification and payment authorization from the verification entity to the merchant.
    Type: Grant
    Filed: May 10, 2013
    Date of Patent: July 26, 2016
    Assignee: BenedorTSE LLC
    Inventor: Richard F. Carrott
  • Patent number: 9396343
    Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include defining, for an entity, a policy access control list including one or more access rules, each of the access rules including one or more user conditions and one or more entity conditions. Upon receiving a request from a user to access a given entity, one or more user attributes associated with the user and one or more entity attributes associated with the given entity are identified. For each of the access rules, the one or more user conditions are applied to the one or more user attributes, the one or more entity conditions are applied to the one or more entity attributes. Access to the given content entity is granted to the user upon determining that a minimum threshold of the one or more user conditions and the one or more entity conditions are met.
    Type: Grant
    Filed: October 20, 2014
    Date of Patent: July 19, 2016
    Assignee: International Business Machines Corporation
    Inventors: Michael Factor, Elliot K Kolodner, Alexandra Shulman-Peleg
  • Patent number: 9390288
    Abstract: Virtual asset creation data used to create a virtual asset is generated through a virtual asset creation system that includes primary virtual asset data. Secondary authentication data is also generated. When the virtual asset is launched, the secondary authentication data is passed to the virtual asset from the virtual asset creation system. The primary virtual asset data and secondary authentication data from the virtual asset creation system and the virtual asset, and/or one or more other sources associated with the virtual asset, are then sent to a virtual asset validation system through different communication channels. If the primary virtual asset data and secondary authentication data from the two sources match, or have a defined threshold level of similarity, the status of the virtual asset is transformed to the status of validated virtual asset eligible to receive sensitive data.
    Type: Grant
    Filed: November 1, 2013
    Date of Patent: July 12, 2016
    Assignee: Intuit Inc.
    Inventors: Oleg Gryb, Jinglei Whitehouse, Elangovan Shanmugam, Ankur Jain, III, Mark Basler, M. Shannon Lietz, Sabu Kuruvila Philip, Luis Felipe Cabrera, Thomas Bishop
  • Patent number: 9386009
    Abstract: Providing secure access to a mobile or other device using a network-assisted PIN or other short password is disclosed. In various embodiments, upon entry by a user of a personal identification number (PIN) or other short password, the password and a unique identifier, such as a user and/or device identifier, and/or other data, are sent to a remote server. The remote server returns to the mobile or other device a cryptographic key and/or other data, such as a more secure (e.g., more characters and/or including characters drawn from a larger set of characters) password usable at the mobile device to access encrypted data.
    Type: Grant
    Filed: November 5, 2012
    Date of Patent: July 5, 2016
    Assignee: MOBILE IRON, INC.
    Inventors: Eric M. Marion, Nitin Sonawane
  • Patent number: 9367532
    Abstract: Techniques for allowing cross-document communication are provided. In one approach, a child document of a parent document communicates with another child document of the parent document. A child document may correspond to a frame element within the parent document. The communication may occur directly or indirectly through the parent document. In another approach, an ancestor document communicates with a descendant document that is two or more degrees of separation away from the ancestor document. The communication may occur directly or indirectly through one or more intermediate documents. In both approaches, one document may send out one or more discovery messages that request identities of sibling documents, descendant documents, or ancestor documents.
    Type: Grant
    Filed: March 25, 2014
    Date of Patent: June 14, 2016
    Assignee: LinkedIn Corporation
    Inventor: Kevin Mikles
  • Patent number: 9325684
    Abstract: A method herein is for authenticating a device connection for website access without using a website password. In the method, a web server receives an access request over the device connection from a device requesting access to a website based on a pre-established identity. The web server, in response to the access request, forwards an access cookie to the device over the device connection and forwards an activation URL to an address associated with the pre-established identity. The web server receives a request for the forwarded activation URL and, using the access cookie, grants access to the device over the device connection.
    Type: Grant
    Filed: August 2, 2013
    Date of Patent: April 26, 2016
    Assignee: QUALCOMM Incorporated
    Inventor: Alexander Gantman
  • Patent number: 9300664
    Abstract: An off-host authentication system includes a network. An off-host processing system is coupled to the network and sends an encrypted authentication item through the network in response to validating a user. An authentication information handling system (IHS) is coupled to the network and receives the encrypted authentication item from the off-host processing system through the network, decrypts the encrypted authentication item to produce a decrypted authentication item, validates the decrypted authentication item, and sends an approval message through the network. A directory system is coupled to the network and receives the approval message through the network and, in response, sends a user approval through the network. A host processing system, which is located in a user IHS that includes the off-host processing system and which is coupled to the network, logs a user into the user IHS in response to receiving the user approval through the network.
    Type: Grant
    Filed: May 2, 2014
    Date of Patent: March 29, 2016
    Assignee: Dell Products L.P.
    Inventors: Charles Robison, Daniel Hamlin
  • Patent number: 9290136
    Abstract: An apparatus and method for preventing the leakage of vehicle information in a normal communication environment by inserting fake communication data into vehicle communication traffic on a vehicle network. In the method for preventing leakage of vehicle information, a vehicle information leakage prevention apparatus connected to an in-vehicle module analyzes a vehicle communication protocol between the module and another module. It is determined whether encryption has been applied to the vehicle communication protocol, based on results of analysis of the vehicle communication protocol. A method of generating fake communication data is selected depending on whether encryption has been applied to the vehicle communication protocol. A fake communication data is generated depending on the selected method, and the generated fake communication data is transferred to a vehicle information leakage prevention apparatus connected to the other module.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: March 22, 2016
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Sungho Jeon, Jeong-Han Yun, Woonyon Kim, Jungtaek Seo, Eung Ki Park
  • Patent number: 9258296
    Abstract: The present invention relates to a method of generating a multi-factor encryption key using a simple password in order to access control over information stored at a second entity from a first entity via at least one communication network. In one embodiment this is accomplished by, requesting to receive an application at the first entity from the second entity via the communication network, activating the first entity to generate a shared secret key, wherein the shared secret key is computed from a first entity specific ID and a random number generated at the first and second entity and allowing the user to register with the application of the second entity by the first entity, wherein the registration include entry of a personal PIN (personal identification number), a personal message etc.
    Type: Grant
    Filed: July 28, 2011
    Date of Patent: February 9, 2016
    Inventor: Nirmal Juthani
  • Patent number: 9240887
    Abstract: An off-host authentication system includes an authentication information handling system (IHS) that is coupled to a network. The off-host authentication system also includes a host processing system. An off-host processing system in the off-host authentication system is coupled to the host processing system and is coupled to the authentication IHS through the network. The off-host processing system provides an encrypted primary authentication item to the authentication IHS through the network. The off-host processing system then receives an encrypted secondary authentication token from the authentication IHS through the network. The off-host processing system then decrypts the encrypted secondary authentication token to produce a decrypted secondary authentication token and uses the decrypted secondary authentication token to retrieve a tertiary authentication token.
    Type: Grant
    Filed: May 2, 2014
    Date of Patent: January 19, 2016
    Assignee: Dell Products L.P.
    Inventors: Daniel Hamlin, Charles Robison
  • Patent number: 9235832
    Abstract: A system, method, and computer-usable medium are disclosed for authenticating a financial transaction terminal, such as an automated teller machine. A user provides financial account data, such as an account number, which is then combined with a unique identifier of the financial transaction terminal to generate terminal authentication data. The terminal authentication data is provided to a terminal authentication system, which extracts the financial account data and the unique identifier of the financial transaction terminal. The unique identifier of the financial transaction terminal is compared to a list of authentic financial transaction terminal identifiers. If its authenticity is confirmed, then a shared secret corresponding to the user's financial account data is provided to the authenticated financial transaction terminal. The user is queried as to the authenticity of the shared secret.
    Type: Grant
    Filed: March 19, 2009
    Date of Patent: January 12, 2016
    Assignee: United Services Automobile Association (USAA)
    Inventor: Bradly J. Billman
  • Patent number: 9237017
    Abstract: Lightweight authentication for on-premise rich clients is described. The lightweight authentication mitigates the amount of software that is installed on a client machine for authentication purposes. A portion of an external website is hosted on an application executing on the rich client. The user can interact with the portion of the external website in order to enter credentials or other identification information. The entry of the credentials or other identification information is relayed to the external website for verification. If the verification is successful, the user can interact with various external websites utilizing the single verification.
    Type: Grant
    Filed: March 21, 2011
    Date of Patent: January 12, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Chun Pong Yip, Wing Wai Wong, Chun Yam Kwok, Houman Pournasseh, Dean L. Fulcer, III, Rerkboon Suwanasuk, Chor Ki Ng, Bjorn Christian Rettig, Chung Yiu Chow
  • Patent number: 9185107
    Abstract: A password security system, hosted by a server, whose method of operation may include receiving a client hash value from a client where the client hash value is computed by hashing a password to generate a first hash value, and hashing the first hash value combined with a user input of an answer to a challenge to generate the client hash value. A server hash value is computed using password data for the user that is stored in a data store coupled to the server and a server-side answer that is stored in the data store. A determination is made whether the server hash value matches the client hash value and data access is granted to the user in view of a determination that the server hash value matches the client hash value, and data access is denied to the user in view of a determination that the server hash value does not match the client hash value.
    Type: Grant
    Filed: January 22, 2014
    Date of Patent: November 10, 2015
    Assignee: Red Hat, Inc.
    Inventor: Alexander Todorov
  • Patent number: 9154570
    Abstract: The disclosure provides a device for preventing CSRF attacks, in which the device provides functions comprising: intercepting request sent from a client browser to a server; generating a token; generating a response to the request; inserting the token into the response to the request; and sending the response to the request to the client browser with the token inserted into the response. With the device of the disclosure, it is assured that a token is inserted into all the requests made by a user through a client browser for accessing a resource. And it can be assured that the request is issued by the user himself by verifying whether the token in the request is valid, thereby preventing a CSRF attack.
    Type: Grant
    Filed: November 29, 2011
    Date of Patent: October 6, 2015
    Assignee: International Business Machines Corporation
    Inventors: Dikran S. Meliksetian, Gang Niu, Qiang G. Tong
  • Patent number: 9148335
    Abstract: A device can connect to a network over a first interface to configure and obtain an IP address. To communicate with nodes in a second network, over a second interface, the IP address can be validated by a trusted third party. The validation can include conducting a return routability test to validate a Prefix of the IP address. Cryptographically Generated Address verification can be utilized to verify the validity of an Interface Identifier included in the IP address. If the IP address is validated, the trusted third party can include the address in a verification ticket, which can also include a signature of the trusted third party. The device can provide the verification ticket to nodes in the second network as authentication of the device.
    Type: Grant
    Filed: September 30, 2008
    Date of Patent: September 29, 2015
    Assignee: QUALCOMM Incorporated
    Inventor: George Tsirtsis
  • Patent number: 9143487
    Abstract: System for remote firmware updates of mail processing device from a remote data server including: file download servers connected to the remote data server for receiving encrypted files encrypted from a list of binary files corresponding to firmware of a mail processing device to update; web servers providing a web service application for downloading files and connected to the remote data server and the files download servers for retrieving the encrypted files associated with a personalized files catalog retrieved from the remote data server; and a user computer system connected to the web servers for receiving the encrypted files for download onto a storage device to plug into the mail processing device. The mail processing device decrypts the encrypted files with file decryption keys previously provided with the personalized files catalog and installs the files before connecting to the remote data server for report the outcome of the installation.
    Type: Grant
    Filed: January 16, 2014
    Date of Patent: September 22, 2015
    Assignee: NEOPOST TECHNOLOGIES
    Inventors: Silviu Sopco, Seton Hodonou, Herve Bienaime, Nathalie Tortellier