Including Intelligent Token Patents (Class 713/159)
  • Patent number: 10693632
    Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. An autonomous device can be configured to generate a first hash value of a chain of hash values by applying a hash algorithm to first data including first new data and a first previous hash value of the chain of hash values, the first previous hash value computed by applying the hash algorithm to first previous data. The device can transmit to a transaction computer system the first hash value and the first new data. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.
    Type: Grant
    Filed: November 2, 2018
    Date of Patent: June 23, 2020
    Assignee: WINKLEVOSS IP, LLC
    Inventors: Cameron Howard Winklevoss, Tyler Howard Winklevoss
  • Patent number: 10686797
    Abstract: This invention provides method and system for user posting (sharing) or un-posting (stop sharing) files, folders, and messages. The stop sharing file or folder will not delete actual file or folder that enhanced then-existing technology for file and folder sharing. The un-post message operation facilitates a user to un-post (delete or withdraw or stop sharing) his/her previously posted message from view of a recipient such that the user can avoid embarrassing if the message is not proper. Thus, the un-post posted message has also enhanced the then-existing technology for message sharing.
    Type: Grant
    Filed: April 28, 2019
    Date of Patent: June 16, 2020
    Assignee: STT WebOS, Inc.
    Inventor: Sheng Tai (Ted) Tsao
  • Patent number: 10659457
    Abstract: A non-transitory, computer-readable recording medium having stored therein a program for causing a computer execute a process of transmitting a first random value by proximity radio communication to a device coupled via a server and a network, receiving data in which the first random value is encoded, from the device by the proximity radio communication, determining whether the first random value matches a value obtained by decoding the data with a server key obtained in advance from the server, when the value obtained by decoding the data matches the first random value, authenticating a user, and causing the information processing device to execute processing for transmitting a result of the authenticating the user to the server via the device.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: May 19, 2020
    Assignee: FUJITSU LIMITED
    Inventors: Hidenobu Ito, Koichi Yasaki, Takuya Sakamoto, Kazuaki Nimura, Yosuke Nakamura
  • Patent number: 10623467
    Abstract: The present disclosure relates to methods, devices, systems and computer program products for transferring data between a first electronic device (110) and a second electronic device (115). A session token is formed, the session token identifying a data transfer session between the first electronic device (110) and the second electronic device (115). First, a local data transfer connection is established in the data transfer session between the first electronic device (110) and the second electronic device (115). A first set of data is transferred from the second electronic device (115) to the first electronic device (110) over the local communication connection, and the connection is ended. Then, in the data transfer session a second set of data is transferred from the second electronic device (115) to a network server system (120).
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: April 14, 2020
    Assignee: Piceasoft Oy
    Inventor: Jani Väänänen
  • Patent number: 10587609
    Abstract: Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: March 10, 2020
    Assignee: ShoCard, Inc.
    Inventors: Armin Ebrahimi, Gaurav Khot, Vladimir Reshetnikov, Robert Gadbois
  • Patent number: 10572684
    Abstract: Systems, computer-readable media, and methods for improving both data privacy/anonymity and data value, wherein data related to a data subject can be used and stored, e.g., in a distributed ledger data structure, such as a blockchain, while minimizing re-identification risk by unauthorized parties and enabling data, including quasi-identifiers, related to the data subject to be disclosed to any authorized party by granting access only to the data relevant to that authorized party's purpose, time period, place and/or other criterion via the obfuscation of specific data values, e.g., pursuant to the European Union's General Data Protection Regulation (GDPR) or other similar regulatory schemes. The techniques described herein maintain this level of privacy/anonymity while still satisfying the immutability, auditability, and verification mandated by blockchain and other distributed ledger technologies (DLTs) for the decentralized storage of transactional data.
    Type: Grant
    Filed: April 26, 2018
    Date of Patent: February 25, 2020
    Assignee: Anonos Inc.
    Inventors: Malcolm Gary LaFever, Ted N. Myerson, Steven Mason
  • Patent number: 10567408
    Abstract: Systems, methods, and computer-readable media for managing credentials of multiple users on an electronic device are provided.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: February 18, 2020
    Assignee: APPLE INC.
    Inventors: Karthik Narayanan, Navin Bindiganavile Suparna, Scott Lopatin
  • Patent number: 10552809
    Abstract: Embodiments of the invention are directed to programming a payment device that can be in the same form factor as a typical credit or debit card and which can be programmed and reprogrammed with various payment profiles. The payment device is interfaced with a mobile device, such as through insertion into a module capable of holding the payment device within proximity to a main housing of the mobile device. The payment device can include both a magnetic stripe and an IC chip which is capable of near field communication. In embodiments of the invention, the mobile device, such as a cellular phone, includes a memory element. The memory element securely stores payment profiles of financial accounts which are commonly found on credit, debit, gift, transit and loyalty cards. When a payment profile stored in the memory element of the mobile phone is selected, the mobile phone writes the profile onto the payment device.
    Type: Grant
    Filed: July 18, 2011
    Date of Patent: February 4, 2020
    Assignee: Visa International Service Association
    Inventor: Graham Evans
  • Patent number: 10523688
    Abstract: A system for confirming a computing environment includes a remote computing device connected by a communication network to a computing device. The remote computing device generates a nonce, or number used once, and executes an attestation function to determine an attestation measurement value based on the contents of the memory of the remote computing device. The nonce is transmitted by the network to the computing device, which uses the nonce to execute the attestation function based on the contents of the memory of the computing device and determine an attestation measurement value. This attestation measurement value is transmitted to the remote computing device. If the attestation measurement values match, the computing device is designated as trusted. If the attestation measurement values mismatch, the computing device is designated as untrusted.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: December 31, 2019
    Assignee: Rockwell Collins, Inc.
    Inventors: Luke E. Ryon, Gregory W. Rice, James N. Potts, Mark A. Bortz
  • Patent number: 10524100
    Abstract: Provided are an electronic apparatus and a method of outputting content. The method includes establishing a wireless communication connection with a second electronic apparatus, receiving apparatus information of the external apparatus from the second electronic apparatus, requesting the second electronic apparatus to establish a wireless communication connection between the first electronic apparatus and the external apparatus, receiving a response to the requesting from the second electronic apparatus, establishing a wireless communication connection between the first electronic apparatus and the external apparatus based on the response; and outputting content by using an executed second application of the first electronic apparatus via the wireless communication connection between the first electronic apparatus and the external apparatus.
    Type: Grant
    Filed: June 18, 2015
    Date of Patent: December 31, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Jae-woo Ko, Hang-sik Shin, Se-jun Park, Do-young Kim
  • Patent number: 10516538
    Abstract: A system and method executed in one or more servers that interface with a Database Management System (DBMS) for signing and exchanging documents electronically with or without a PIV. If a PIV card is used, a card reader reads embedded private biometric key stored on the card and sends the private key to a node that has the corresponding public key on the X.509 certificate. The public key is derived from the private biometric key embedded in the PIV card as described above. Information contained in X.509 certificate is used to authenticate a user for example using the SSH protocol. If a PIV card is not used, the biometric data represents captured biometric data blocks, which are used to generate a biometric hash at a subscriber node. The subscriber node sends the biometric hash to a plurality of observer nodes that validate the hash by sending validation responses based on hash ledgers states at each observer node.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: December 24, 2019
    Assignee: NETCOMM INC.
    Inventors: Laurel Fielding, Tewodros Mulatu
  • Patent number: 10498742
    Abstract: A method and system for security authorization on an electronic device are disclosed. The method includes detecting whether a trusted device is present in proximity to the electronic device. The trusted device is associated with a user profile of the electronic device, and the user profile includes access to private information. The method further includes allowing access to the user profile in response to detecting that the trusted device is present in proximity to the electronic device, and defaulting access to a public user profile of the electronic device in response to detecting a lack of presence of the trusted device in proximity to the electronic device.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: December 3, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Mahesh Kulkarni, Laszlo Gombos
  • Patent number: 10404692
    Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: September 3, 2019
    Assignee: McAfee, LLC
    Inventors: Avishay Sharaga, Alex Nayshtut, Oleg Pogorelik, Igor Muttik, Ned M. Smith
  • Patent number: 10389529
    Abstract: A method for leveraging a secure communication channel between a first agent and a second agent to authenticate an activity outside of the secure communication channel. The method includes receiving with the first agent a communication request through an insecure channel from the second agent. The method further includes receiving with the first agent an indicator of a relative identity relationship from the second agent. The method further includes sending with the first agent a request to authenticate the activity outside of the secure communication channel to the second agent. The method further includes authenticating the activity outside of the secure communication channel using the secure communication channel.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: August 20, 2019
    Assignee: Uniken, Inc.
    Inventors: Bimal I. Gandhi, Nishant Kaushik, Robert Alan Levine, James Anthony Villarrubia, Tejas Digambar Limaye
  • Patent number: 10362039
    Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: July 23, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Wesley Marlin Sutton, Apolak Borthakur, Derek Avery Lyon, Raviprasad Venkatesha Murthy Mummidi, Karthikeyan Natarajan
  • Patent number: 10341304
    Abstract: Systems, devices, media, and methods are presented for retrieving authentication credentials and decryption keys to access remotely stored user-generated content. The systems and methods receive a first authentication credential and access a second authentication credential based on receiving the first authentication credential. The system and methods generate an authentication token and an encryption token. Based on the authentication token, the system and methods access a set of encrypted content and an encrypted content key. The systems and methods decrypt the encrypted content key using the encryption token and decrypt the set of encrypted content using the decrypted content key. At least a portion of the content is presented at the user device.
    Type: Grant
    Filed: January 4, 2017
    Date of Patent: July 2, 2019
    Assignee: Snap Inc.
    Inventors: Jad S. Boutros, Jiayuan Ma, Filipe Jorge Marques de Almeida, Marcel M. Yung
  • Patent number: 10313384
    Abstract: Approaches for enforcing security constraints against a network without impacting business workflows. A network is programmatically divided into a set of restrictive subnetworks without human intervention. One or more agents, executing on a plurality of nodes of the network, enforce security constraints by requiring a process, which requests access to an asset stored on a node of the network, to possess a security credential associated with a particular restrictive subnetwork to which the node belongs for access to the asset to be granted. The set of restrictive subnetworks may be determined based upon an enterprise risk model that models both the present and the future risk to the enterprise.
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: June 4, 2019
    Assignee: Balbix, Inc.
    Inventors: Gaurav Banga, Rajarshi Gupta, Vinay Sridhara, Vineet Kumar
  • Patent number: 10299132
    Abstract: A computer implemented technique includes receiving, at a server, a request to utilize an intermediary device to establish a wireless hotspot for a mobile computing device to access a private computing network via a network device. The technique includes receiving, at the server, access information from a first user having control of the private computing network and the network device, the access information specifying users and their corresponding levels of access to the private computing network via the wireless hotspot. The technique includes receiving, at the server, identification information for a second user associated with the mobile computing device. The technique also includes transmitting, from the server and to the intermediary device, a level of access to the private computing network via the wireless hotspot causing the intermediary device to grant the mobile computing device the level of access to the private computing network via the network device.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: May 21, 2019
    Assignee: GOOGLE LLC
    Inventor: Nazif Cihan Tas
  • Patent number: 10282537
    Abstract: A request for authentication from a user of a computer system is received. An authentication prompt is transmitted to the user, wherein the authentication prompt corresponds to a plurality of stored authentication responses, and wherein each of the plurality of stored authentication responses is used to authenticate the user. A first user authentication response is received. Whether to accept the first user authentication response based on a degree of similarity between the first user authentication response is determined and a stored authentication response from the plurality of stored authentication responses. Responsive to accepting the first user authentication response, a security score is calculated representing a level of confidence with respect to verifying the user for authentication, based on a type of authentication response for the first user authentication response. Responsive to determining that the security score is greater than an authentication score the user is authenticated.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: May 7, 2019
    Assignee: International Business Machines Corporation
    Inventors: Calvin B. Swart, Sharon M. Trewin
  • Patent number: 10277587
    Abstract: Methods are provided for instantiating multiple electronic subscriber identity modules (eSIMs) to an electronic universal integrated circuit card (eUICC) using a manufacturer-installed data binary large object (data blob). An eSIM package including the data blob in encrypted form is securely installed in the eUICC in a manufacturing environment. A key encryption key (KEK) associated with the eSIM package is separately provided to an original equipment manufacturer (OEM) wireless device factory. The OEM wireless device factory provides the KEK to the eUICC within a given wireless device. The eUICC uses the KEK to decrypt the eSIM package and provide the data blob. The eUICC can receive a request to instantiate a first eSIM. The eUICC can instantiate the first eSIM using data from the data blob. A user can then access network services using the wireless device. Subsequently, a second eSIM can be instantiated by the eUICC using the data blob.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: April 30, 2019
    Assignee: Apple Inc.
    Inventors: Li Li, Arun G. Mathias
  • Patent number: 10228926
    Abstract: A remote support installation mechanism provides for the installation of a remote support client application onto a user device. A server may receive a request for a remote support eligibility status from a device agent application on a user device that is loaded with an installer package for a remote support client application. The remote support client application may be used to initiate a remote support session with a remote support application on a remote support server to provide a computing terminal with remote support access to the user device. The server may determine based on at least one of a device management database or a user account database that the user device qualifies for remote support. Accordingly, the server may send an install command to trigger an installation of the remote support client application on the user device from the installer package.
    Type: Grant
    Filed: January 28, 2016
    Date of Patent: March 12, 2019
    Assignee: T-Mobile USA, Inc.
    Inventors: Jonathan Michael Soini, Timothy Adam Shelton
  • Patent number: 10171457
    Abstract: An indication is received that a user has initiated an access to a website hosted by a service provider. Access to the website requires an authorization of a user identification associated with the user and a password associated with the user. A token is requested. The token provides access to an application programming interface. The token is received. The token is stored by the service provider.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: David P. Moore, Trevor S. Norvill, Philip A. J. Nye, Robert T. Trotter
  • Patent number: 10158480
    Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. An autonomous device can be configured to generate a first hash value of a chain of hash values by applying a hash algorithm to first data including first new data and a first previous hash value of the chain of hash values, the first previous hash value computed by applying the hash algorithm to first previous data. The device can transmit to a transaction computer system the first hash value and the first new data. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: December 18, 2018
    Assignee: Winklevoss IP, LLC
    Inventors: Cameron Howard Winklevoss, Tyler Howard Winklevoss, Michael Robert Breu, Benjamin A. Small
  • Patent number: 10133858
    Abstract: Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: November 20, 2018
    Assignee: PAYPAL, INC.
    Inventors: Sebastien Ludovic Jean Taveau, Upendra S. Mardikar
  • Patent number: 10104084
    Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.
    Type: Grant
    Filed: November 16, 2015
    Date of Patent: October 16, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Andrew Biggs, Shaun Cooley, Matt Miller, Hua Cui, Ian Remmel
  • Patent number: 10061912
    Abstract: A system and method of multi-factor authentication are described. In some embodiments, a first device provides an initial authentication data to a second device. The second device is different from the first device. The first device obtains a first response data from the second device. The first device generates a first subsequent authentication data using the first response data. The first subsequent authentication data is different from the initial authentication data. The first device provides the first subsequent authentication data to the second device. In some embodiments, obtaining the first response data comprises capturing the first response data from the second device using a camera on the mobile device, where the first response data is displayed on the second device.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: August 28, 2018
    Assignee: eBay Inc.
    Inventor: Oliver Nicholas Cockcroft
  • Patent number: 10050723
    Abstract: In particular embodiments, a method for transmitting authentication data using acoustical means, comprising: encoding, by a first device, information into an acoustic signal; emitting, by an audio output component of the first device, the acoustic signal; detecting, by an audio input component of a second device, the acoustic signal; and decoding, by the second device, the acoustic signal into one or more pieces of information.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: August 14, 2018
    Assignee: Digital Kerosene Inc.
    Inventors: Carey D'Souza, John Neil Carter, Jason Mullings
  • Patent number: 10049168
    Abstract: Methods, systems, devices and computer program products for modifying and processing host webpage data are described. The host webpage data intended for receipt by a browser which will interpret the host webpage data and generate a host webpage document therefrom. The host webpage data is modified using second and third webpage data before being sent to the browser. The second webpage data is arranged to cause a frame to be generated within the host webpage document, the generated frame comprising a second webpage document which is associated with a different domain to the host webpage document. Furthermore, the third webpage data is arranged to cause the browser to allow access to functionality of the host webpage document by the second webpage document which would otherwise be blocked.
    Type: Grant
    Filed: January 31, 2012
    Date of Patent: August 14, 2018
    Assignee: OPENWAVE MOBILITY, INC.
    Inventors: Richard Mischook, Colin Woods
  • Patent number: 9996686
    Abstract: A method for managing a master password on a network device, the method stored as a set of instructions executable by a computer processor to: store the master password in a first file in a memory of the network device; store the master password in a second file in the memory of the network device; encrypt access to the first file using a first password; encrypt access to the second file using a second password; send the second password and an identifier associated with the network device over a communications network to a registration server, the registration server configured for storing the second password for subsequent retrieval by the network device; when the first password is unavailable, send a password retrieval request including the identifier; receive the second password configured as a one-time use password; decrypt access to the second file to retrieve the master password; and, initiate a reset process for subsequent storage of the master password in the memory of the network device.
    Type: Grant
    Filed: April 28, 2014
    Date of Patent: June 12, 2018
    Assignee: BlackBerry Limited
    Inventors: Alex Lau, Mihir Kapadia, Yunan Zhao
  • Patent number: 9998440
    Abstract: A system for an electronic authentication client and a processing method thereof, and a system for electronic authentication and a method thereof are disclosed.
    Type: Grant
    Filed: September 12, 2014
    Date of Patent: June 12, 2018
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Yu Yan, Dazhi Yang, Wen Zhang, Bin Ma
  • Patent number: 9971800
    Abstract: In one embodiment a system, apparatus, and method for optimizing index value lengths when indexing data items in an array of data items is described, the method including producing, at a first processor, an ordered series of index values, sending the ordered series of index values to an indexing processor, receiving, at the indexing processor, a data object including the array of data items, associating, at the indexing processor, a first part of one of the index values with a first one data item of the array of data items, associating, at the indexing processor, a second part of the one of the index values with a next one data item of the array of data items, repeating the steps of associating a first part of one of the index values and associating a second part of the one of the index values until all of the data items in the array of data items are indexed.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: May 15, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Yaron Sella, Michal Devir, Harel Cain
  • Patent number: 9965651
    Abstract: A computer-implemented method includes producing medical information that characterizes a group of individuals from a set of private data representing pre or post-encounter characteristics of the individuals, wherein the individuals have had encounters with a healthcare facility. The identity of the individuals is unattainable from the produced medical information. The method also includes providing the produced medical information to report the pre or post-encounter characteristics of the group.
    Type: Grant
    Filed: May 26, 2017
    Date of Patent: May 8, 2018
    Assignee: Vigilytics LLC
    Inventor: Andrew L. Paris, III
  • Patent number: 9949127
    Abstract: A computer implemented technique includes receiving, at a server, a request to utilize an intermediary device to establish a wireless hotspot for a mobile computing device to access a private computing network via a network device. The technique includes receiving, at the server, access information from a first user having control of the private computing network and the network device, the access information specifying users and their corresponding levels of access to the private computing network via the wireless hotspot. The technique includes receiving, at the server, identification information for a second user associated with the mobile computing device. The technique also includes transmitting, from the server and to the intermediary device, a level of access to the private computing network via the wireless hotspot causing the intermediary device to grant the mobile computing device the level of access to the private computing network via the network device.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: April 17, 2018
    Assignee: GOOGLE LLC
    Inventor: Nazif Cihan Tas
  • Patent number: 9871786
    Abstract: The method of authenticating the source of a communication is disclosed. The method includes executing a clock for an operation period. The method also includes receiving a communication from a remote device at a communication time corresponding to a time interval of a plurality of time intervals sequentially covering the operation period. Each time interval has an associated authentication value. The communication includes a commitment value. The method also includes determining whether the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The method also includes processing the communication when the commitment value matches the authentication value associated with the time interval corresponding to the communication time.
    Type: Grant
    Filed: July 23, 2015
    Date of Patent: January 16, 2018
    Assignee: Google LLC
    Inventor: Curtis Gerald Condra
  • Patent number: 9792425
    Abstract: The system and method for controlling state tokens described herein may secure sensitive application state tokens, link one application state token to other state tokens that represent certain identities or communication sessions, and maintain application state tokens to integrate various different systems or applications. In particular, the system and method described herein may provide a mechanism to override scheme that applications use to manage state information and thereby enforce policies that provide fine-grained control over any semantics the applications otherwise use to manage state information.
    Type: Grant
    Filed: November 2, 2010
    Date of Patent: October 17, 2017
    Assignee: CA, Inc.
    Inventor: Justin T. Stone
  • Patent number: 9699659
    Abstract: In an embodiment, a control device that is configured to onboard a target device to a secure local network by discovering a set of devices over a bootstrapping interface, establishing a bootstrap connection to at least one device from the set of devices in response to the discovery without authorizing the at least one device to access the secure local network, instructing the at least one device via the bootstrap connection to activate an observable function that is configured to be observable to one or more observation entities that are separate from the control device and are in proximity to the at least one device, determining whether an operator of the control device verifies that the observable function has been successfully detected as performed by the target device and selectively authorizing the at least one device to access the secure local network based on the determination.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: July 4, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Doron Zehavi, Lior Amarilio, Zeev Shusterman
  • Patent number: 9667602
    Abstract: An off-host authentication system includes an authentication information handling system (IHS) that is coupled to a network. The off-host authentication system also includes a host processing system. An off-host processing system in the off-host authentication system is coupled to the host processing system and is coupled to the authentication IHS through the network. The off-host processing system provides an encrypted primary authentication item to the authentication IHS through the network. The off-host processing system then receives an encrypted secondary authentication token from the authentication IHS through the network. The off-host processing system then decrypts the encrypted secondary authentication token to produce a decrypted secondary authentication token and uses the decrypted secondary authentication token to retrieve a tertiary authentication token.
    Type: Grant
    Filed: January 12, 2016
    Date of Patent: May 30, 2017
    Assignee: Dell Products L.P.
    Inventors: Daniel Hamlin, Charles Robison
  • Patent number: 9648069
    Abstract: A system and method for sharing electronic content. A sending user can specify one or more criteria that a recipient memory device must have to store the content. The sending user can also specify a digital rights management control that can be associated with the content. The content can be transferred to the recipient if the recipient memory device has the specified properties. Software at the recipient can ensure that the content is handled in accordance with the digital rights management controls specified by the sender.
    Type: Grant
    Filed: March 3, 2015
    Date of Patent: May 9, 2017
    Assignee: GULA CONSULTING LIMITED LIABILITY COMPANY
    Inventors: Damian Franken Manning, Jon Walter Lowy
  • Patent number: 9642010
    Abstract: There is provided a management server including a communication unit configured to communicate with a communication terminal that utilizes a service, and a data processing unit. The data processing unit is configured to receive, from the communication terminal, system configuration information including a memory system configuration of the communication terminal, determine, in accordance with the system configuration information, a memory area in the communication terminal where service data for the communication terminal to utilize the service is recorded or a memory area in the communication terminal from which the service data is read, generate a command to execute a process to access the memory area or service data to be recorded in the memory area, and transmit the command or the service data to the communication terminal via the communication unit.
    Type: Grant
    Filed: March 3, 2015
    Date of Patent: May 2, 2017
    Assignee: FeliCa Networks, Inc.
    Inventors: Kenichi Motodate, Keitarou Watanabe, Junichi Oki
  • Patent number: 9628464
    Abstract: In one embodiment, receiving a notice from a first user associated with a first mobile device indicating that the first user wishes to share information of the first user with one or more second users respectively associated with one or more second mobile devices; accessing information known about one or more users and one or more mobile devices respectively associated with the one or more users; identifying at least one candidate for the first user based on the information known about the one or more users and the one or more mobile devices; and confirming one or more of the at least one candidate as the one or more second users.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: April 18, 2017
    Assignee: FACEBOOK, INC.
    Inventor: Jonathan Arie Matus
  • Patent number: 9614855
    Abstract: System and method for implementing a secure web application entitlement service are described.
    Type: Grant
    Filed: November 5, 2009
    Date of Patent: April 4, 2017
    Assignee: Micro Focus Software Inc.
    Inventors: Carolyn Bennion McClain, Stephen R. Carter
  • Patent number: 9576150
    Abstract: In one example, a method for validating a user includes transmitting, to a management server, a request for a shared secret, and receiving, from the management server, the shared secret. Next, the shared secret received from the management server is compared to a secret identified in a user request for access to a backup of data associated with a computing device. The user is granted access to the backup when the shared secret identified by the user matches the shared secret obtained from the management server, and the user is denied access to the backup when the shared secret identified by the user does not match the shared secret obtained from the management server.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: February 21, 2017
    Assignee: EMC CORPORATION
    Inventors: David vonThenen, Darren M. Yee, Steven Kwong
  • Patent number: 9577994
    Abstract: An off-host authentication system includes a network. An off-host processing system is coupled to the network and sends an encrypted authentication item through the network in response to validating a user. An authentication information handling system (IHS) is coupled to the network and receives the encrypted authentication item from the off-host processing system through the network, decrypts the encrypted authentication item to produce a decrypted authentication item, validates the decrypted authentication item, and sends an approval message through the network. A directory system is coupled to the network and receives the approval message through the network and, in response, sends a user approval through the network. A host processing system, which is located in a user IHS that includes the off-host processing system and which is coupled to the network, logs a user into the user IHS in response to receiving the user approval through the network.
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: February 21, 2017
    Assignee: Dell Products L.P.
    Inventors: Charles Robison, Daniel Hamlin
  • Patent number: 9569610
    Abstract: A computer implemented method for managing a password is disclosed. The method can include generating a first hash value corresponding to a first password. The method can also include determining whether the first hash value corresponds with a second hash value included in the set of hash values. Further, the method can include suppressing storage of the first password in the set of passwords in response to determining that the first hash value corresponds with a second hash value included in the set of hash values.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: February 14, 2017
    Assignee: International Business Machines Corporation
    Inventors: Andreas Arning, Jens Engelke
  • Patent number: 9537663
    Abstract: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.
    Type: Grant
    Filed: June 20, 2012
    Date of Patent: January 3, 2017
    Assignee: Alcatel Lucent
    Inventors: Semyon Mizikovsky, Ioannis Broustis, Violeta Cakulev
  • Patent number: 9514457
    Abstract: Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.
    Type: Grant
    Filed: October 16, 2014
    Date of Patent: December 6, 2016
    Assignee: Protegrity Corporation
    Inventors: Ulf Mattsson, Yigal Rozenberg
  • Patent number: 9461985
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Grant
    Filed: March 25, 2013
    Date of Patent: October 4, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Patent number: 9444807
    Abstract: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.
    Type: Grant
    Filed: August 25, 2015
    Date of Patent: September 13, 2016
    Assignee: SAIFE, INC.
    Inventors: Ty Lindteigen, James Chester Jones, Dipen Patel, Anthony Payne
  • Patent number: 9426149
    Abstract: A mobile secure login method comprises steps of 1) displaying a machine readable graphic form encoded with a sign in URL and a unique token on a browser, wherein the said machine readable graphic form comprises at least one of a 1D barcode, a 2D barcode, a PDF417, an QR code, a Data Matrix code, an Aztec code, and OCR symbol; 2) scanning the said machine readable graphic form using a mobile device; 3) transmitting the sign in credential with the said unique token to a server at the said sign in URL from the said mobile device, wherein the said sign in credential comprises at least one of a username, a password, and a PKI signed challenge; 4) authenticating the said sign in credential at the said server to enable the said browser login to a secure website automatically.
    Type: Grant
    Filed: December 30, 2014
    Date of Patent: August 23, 2016
    Inventor: Ynjiun Paul Wang
  • Patent number: 9419798
    Abstract: A public encryption method based on user ID includes: setting, by a key generation server, at least one public parameter and master key used for generating a private key; receiving, by the key generation server, an inherent ID of a user from a receiving terminal, generating a private key based on the public parameter, the master key and the ID, and transmitting the generated private key to the receiving terminal; receiving, by a transmitting terminal, the public parameter and the ID from the key generation server, encrypting a message to generate a ciphertext, and transmitting the generated ciphertext to the receiving terminal; and receiving, by the receiving terminal, the ciphertext and the private key, and decrypting the ciphertext based on the received private key to obtain a message.
    Type: Grant
    Filed: January 17, 2014
    Date of Patent: August 16, 2016
    Assignee: KOREA UNIVERSITY RESEARCH AND BUSINESS FOUNDATION
    Inventors: Dong Hoon Lee, Jong-Hwan Park, Woo-Kwon Koo