System Access Control Based On User Identification By Cryptography Patents (Class 713/182)
  • Patent number: 9942261
    Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.
    Type: Grant
    Filed: March 21, 2017
    Date of Patent: April 10, 2018
    Assignee: International Business Machines Corporation
    Inventors: John Leslie Harter, David Walsh Palmieri, Jeffrey Tobias Robke
  • Patent number: 9942041
    Abstract: Techniques for securely instantiating applications associated with computing resource service provider services on hardware that is controlled by third parties and/or customers of the computing resource service provider are described herein. A request to instantiate an application is received and fulfilled by selecting a computer system from computer systems that are controlled by a third party and/or a customer of the computing resource service provider. The computer system is selected based at least in part on the hardware capabilities of the computer system associated with instantiating a secure execution environment. The application is then instantiated within a secure execution environment operating on the computer system.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: April 10, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Aaron Douglas Dokey, Eric Jason Brandwine, Nathan Bartholomew Thomas
  • Patent number: 9940482
    Abstract: A method may include receiving content included in a social media post of a user; analyzing the content included in the social media post to determine a likelihood that the social media post contains security information associated with the user; transmitting an alert to a computing device of the user, based on the analyzing, that the content includes the security information associated with the user; and presenting an option to change the security information.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: April 10, 2018
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Tambra Nichols, Matthew P. Schlachtman, Michael A. Tilaro, Tleytmas N. Stephenson, Roohi Moolla
  • Patent number: 9942043
    Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: April 10, 2018
    Assignee: Visa International Service Association
    Inventor: Karthikeyan Palanisamy
  • Patent number: 9942224
    Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: April 10, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gaurang Pankaj Mehta, Neelam Satish Agrawal, Lawrence Hun-Gi Aung, Guruprakash Bangalore Rao, Shuo Wang, Sameer Palande, Krithi Rai, Chirag Pravin Pandya
  • Patent number: 9928101
    Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: March 27, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Eron D. Wright, Muhammad Umer Azad, Sushant P. Rewaskar, Corey M. Sanders, Saad Syed
  • Patent number: 9930043
    Abstract: Systems and methods of virtual world interaction, operation, implementation, instantiation, creation, and other functions related to virtual worlds (note that where the term “virtual world” is used herein, it is to be understood as referring to virtual world systems, virtual environments reflecting real, simulated, fantasy, or other structures, and includes information systems that utilize interaction within a 3D environment). Various embodiments facilitate interoperation between and within virtual worlds, and may provide consistent structures for operating virtual worlds. The disclosed embodiments may further enable individuals to build new virtual worlds within a framework, and allow third party users to better interact with those worlds.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: March 27, 2018
    Assignee: Utherverse Digital, Inc.
    Inventors: Brian Mark Shuster, Aaron Burch, Frisco Kristiansen, Ian Neufeld, Dirk Herling, Patrick Tyroler, Gary Shuster
  • Patent number: 9923906
    Abstract: A method and technique for access authentication includes: responsive to receiving an access request from a user for a secure resource, transmitting a uniform resource locator (URL) to the user; responsive to transmitting the URL to the user, logging a timestamp for the URL transmission; responsive to receiving a request for the URL, logging a timestamp for the URL request; and responsive to verifying that a difference between the timestamp for the URL transmission and the timestamp for the URL request is within a predetermined time period, providing access to the secure resource.
    Type: Grant
    Filed: January 8, 2017
    Date of Patent: March 20, 2018
    Assignee: Webcetera, L.P.
    Inventors: Brian E. Shepler, Charles J. Holloway, Nagaraj V. Rao
  • Patent number: 9924087
    Abstract: An information terminal apparatus includes: a first image pickup section that obtains a first picked-up image; a first communication section that receives a second picked-up image obtained by a second image pickup section according to a first communication standard; a second communication section that performs communication according to a second communication standard different from the first communication standard; and a display control section that displays the first picked-up image during the communication of the second communication section when communication of the first communication section is not established. Cooperative display control with respect to a plurality of picked-up images from a plurality of image pickup sections reduces a waiting time period before the picked-up images are displayed.
    Type: Grant
    Filed: February 15, 2016
    Date of Patent: March 20, 2018
    Assignee: Olympus Corporation
    Inventors: Yoshiyuki Fukuya, Kazuhiko Shimura, Kazuo Kanda, Takeshi Kindaichi, Osamu Nonaka
  • Patent number: 9916608
    Abstract: Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.
    Type: Grant
    Filed: December 21, 2012
    Date of Patent: March 13, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Harsha Ramalingam, Michael Carr, Paul J. Walsh
  • Patent number: 9916436
    Abstract: An accessory for a host medical device that is capable of authenticating itself to the host medical device. The accessory includes an onboard facility for authenticating the accessory to the host medical device. Various embodiments of the accessory enable it to validate itself to the host medical device without the host medical device reading any stored information from the accessory.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: March 13, 2018
    Assignee: Physio-Control, Inc.
    Inventor: Matthew L. Bielstein
  • Patent number: 9904632
    Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 27, 2018
    Assignee: Intel Corporation
    Inventors: Simon P. Johnson, Uday R. Savagaonkar, Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas
  • Patent number: 9894118
    Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.
    Type: Grant
    Filed: January 17, 2014
    Date of Patent: February 13, 2018
    Assignee: International Business Machines Corporation
    Inventors: Lisa Seacat DeLuca, Lydia M. Do, Geetika T. Lakshmanan
  • Patent number: 9892269
    Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.
    Type: Grant
    Filed: June 11, 2015
    Date of Patent: February 13, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Michael J. T. Chan, Lu Xiao, Rosario Cammarota, Olivier Jean Benoit, Saurabh Sabnis, Yin Ling Liong, Manish Mohan
  • Patent number: 9886721
    Abstract: Embodiments are directed towards employing a non-repudiation process for consumer credit requests based on an affirmative authentication of a one-time-pin (“OTP”) generated from a consumer biometric smartcard. The biometric smartcard may authenticate biometric information (e.g. fingerprint, facial image, iris image, or the like) of the consumer based on biometric templates stored on the biometric smartcard. In at least some of the various embodiments, the OTP may be authenticated by an identity authority, such that an associated credit request to a provider may be authenticated. In some embodiments, the provider may request and utilize a credit report for an authentic credit request to determine whether or not the consumer has an acceptable credit rating. If the consumer has an acceptable credit rating, then the provider may provide credit to the consumer.
    Type: Grant
    Filed: February 17, 2012
    Date of Patent: February 6, 2018
    Assignee: CreditRegistry Corporation
    Inventors: Taiwo Ayedun, Jameelah Ayedun
  • Patent number: 9881128
    Abstract: This invention relates to a method of healthcare data handling by a trusted agent possessing or having an access to decryption keys for accessing healthcare data. A request is received from a requestor requesting accessing healthcare data. A log is generated containing data relating to the request or the requestor or both. Finally, the requestor is provided with an access to the healthcare data.
    Type: Grant
    Filed: May 29, 2009
    Date of Patent: January 30, 2018
    Assignee: Koninklijke Philips N.V.
    Inventors: Robert Paul Koster, Milan Petkovic, Julien Kunzi
  • Patent number: 9881181
    Abstract: A device-installation-information distribution apparatus for distributing device installation information including a function of installing program on an information processing apparatus to enable the information processing apparatus to use a device over a network and a function of configuring operation settings of the program includes a distribution request obtaining unit configured to obtain a distribution request, which is transmitted from the information processing apparatus, requesting to distribute the device installation information, a device-installation-information update unit configured to obtain login information for use in logging into the information processing apparatus at a privilege authorized to install software based on the obtained distribution request and device installation information for the target device and update the device installation information by adding the login information to the device installation information, and a device-installation-information distribution unit configur
    Type: Grant
    Filed: June 16, 2015
    Date of Patent: January 30, 2018
    Assignee: RICOH COMPANY, LTD.
    Inventor: Toshio Akiyama
  • Patent number: 9876783
    Abstract: Distribution of verification of passwords for electronic account. Password verification is distributed (divided) across multiple entities to reduce potential exposure in the event of a server exposure.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: January 23, 2018
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Koved, Gelareh Taban
  • Patent number: 9875350
    Abstract: A multi-vocal password verifying method includes the steps of: (1) displaying at least one set of candidate information units, the information units of the password being included in at least one set of candidate information units for being chosen; (2) accepting setting of relative location between a target selection region and the candidate information units such that the number of the candidate information units covered by the target selection region is two or more, the candidate information units covered by said target selection region being defined as a selection information unit set; and (3) comparing the information units of the password with the selection information unit set, and it being determined that the user has chosen correct information units from the predefined password when the selection information unit set contains the information units of the password.
    Type: Grant
    Filed: July 4, 2014
    Date of Patent: January 23, 2018
    Assignees: Smart Electronic Industrial (Dong Guan) Co., Ltd.
    Inventor: Lee Zheng
  • Patent number: 9870464
    Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: January 16, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: David James Kane-Parry, Darren Ernest Canavor, Jesper Mikael Johansson
  • Patent number: 9866545
    Abstract: Provided is a process including: receiving, with an intermediary server, a request to access web content at a web server; submitting, from the intermediary server a value by which possession of an access credential is demonstrated, wherein the value is withheld from the client web browser; receiving, by the intermediary web browser, instructions to store in web browser memory an access token; and sending, from the intermediary server, to the client web browser executing on the client computing device, instructions to store the access token in browser memory of the client web browser, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: January 9, 2018
    Assignee: ALTR Solutions, Inc.
    Inventor: James Douglas Beecham
  • Patent number: 9858631
    Abstract: A subscription-based personal medical information storage device comprises a data storage unit comprising a computer readable storage medium configured to store medical and non-medical information of a user, and facilitate the retrieval of medical and non-medical information of the user from a remote medical information storage device. The data storage unit is configured to automatically run an authentication routine upon connection with the general purpose computing device to confirm that the personal medical information storage device is neither lost nor stolen before granting access thereto. A communication module is configured to facilitate a communication connection with the remote medical information storage device, and wherein the remote medical information storage device comprises an advertisement module.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: January 2, 2018
    Assignee: Intelligent ID Solutions, LLC
    Inventors: Jason E. Farr, John G Coram, Greg T Meyers
  • Patent number: 9860059
    Abstract: A method and system for use in distributing token records is disclosed. At least one token record comprises a unique seed associated with a one-time password (OTP) token. An encryption key and a corresponding decryption key are generated for assisting selective encryption and decryption of a token record associated with a OTP token. The encryption key and the decryption key being unique to an end user of the token record. The token record is encrypted with the assistance of the encryption key. One of the decryption key and the encrypted token record is provided to the end user of the token record. The other of the decryption key and the encrypted token record is provided to the end user in response to secure receipt of the one of the decryption key and the encrypted token record by the end user. The encrypted token record can be decrypted with the assistance of the decryption key.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: January 2, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Christopher Duane, Robert S. Philpott, William Duane, Gareth Richards
  • Patent number: 9854529
    Abstract: In one example, a wearable device includes one or more processors, a plurality of communication components, one or more motion sensors configured to detect motion of the wearable device and generate, based on the detected motion, motion data, and a storage device configured to store at least one module. The at least one module may be operable by the one or more processors to: responsive to determining that the wearable device is not connected to the computing device using the first communication technology, determine, based on the motion data, whether the wearable device is currently being worn, and responsive to determining that the wearable device is currently being worn, establish the wireless connection to the computing device using the second communication component.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: December 26, 2017
    Assignee: Google LLC
    Inventors: Peter Wilhelm Ludwig, Jiahu Deng
  • Patent number: 9853815
    Abstract: A password verifying method includes the following steps: providing a plurality of interactive regions in which several known password characters are arranged and shown randomly, at least one interactive region containing at least two characters; accepting selection of one of said plurality of interactive regions by a user, and after selection of one of the interactive regions by the user, randomly re-distributing said several known password characters into said interactive regions for subsequent selection by the user; and comparing characters contained in a predefined password sequence with characters contained in the interactive regions selected by the user, and outputting a signal representing a successful password verification when each character contained in the password sequence is identical to corresponding ones of the characters shown in respective ones of the interactive regions selected by the user.
    Type: Grant
    Filed: April 21, 2015
    Date of Patent: December 26, 2017
    Assignees: Smart Electronic Industrial (Dong Guan) Co., Ltd.
    Inventor: Lee Zheng
  • Patent number: 9853979
    Abstract: Policy changes are propagated to access control devices of a distributed system. The policy changes are given immediate effect without having to wait for the changes to propagate through the system. A token encodes the policy change and can be provided in connection with access requests. Before an access control device has received a propagated policy change, the access control device can evaluate a token provided in connection with a request to determine, consistent with the policy change, whether to fulfill the request.
    Type: Grant
    Filed: March 11, 2013
    Date of Patent: December 26, 2017
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Gregory Branchek Roth, Matthew James Wren
  • Patent number: 9853947
    Abstract: Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: December 26, 2017
    Assignee: CRYPTZONE NORTH AMERICA, INC.
    Inventors: Kurt Glazemakers, Malcolm Hamilton, Gokhan Berberoglu
  • Patent number: 9847881
    Abstract: An audio/video content management apparatus, for use with an external hard drive, includes a control circuit that performs a trust token generation operation. The trust token generation operation includes obtaining first identification information and hard drive identification information, encrypting and combining the first identification information and the hard drive identification information as a trust token, and sending the trust token to the external hard drive. The control circuit also performs a trust token validation operation including obtaining the first identification information, the hard drive identification information, and the trust token from the external hard drive.
    Type: Grant
    Filed: September 16, 2015
    Date of Patent: December 19, 2017
    Assignee: ARRIS Enterprises LLC
    Inventors: Mahadevan Venkatesh Prabu, Belmannu Harekrishna Acharya
  • Patent number: 9846786
    Abstract: Methods, systems, and products create anonymous loan documents. Electronic loan documents are prepared for a borrower of a loan. An anonymous shadow copy of the electronic loan documents is generated that removes personally identifying information, such as names, addresses, and social security numbers. The anonymous shadow copy of the electronic loan documents may then be electronically published.
    Type: Grant
    Filed: July 5, 2015
    Date of Patent: December 19, 2017
    Assignee: ReverseVision, Inc.
    Inventor: Thomas M. Martignoni
  • Patent number: 9848331
    Abstract: An approach for improving mobile device security is provided. The approach configures a passcode for accessing a mobile device, wherein configuring the passcode includes incorporating one or more hardware buttons into the passcode, such that the one or more hardware buttons are relevant when entering the passcode to gain entry to the mobile device. The approach receives a passcode attempt on the mobile device, wherein the passcode attempt includes a combination of one or more touch screen buttons and at least one of the one or more hardware buttons. The approach determines whether the passcode attempt matches the passcode. Responsive to a determination that the passcode attempt does not match the passcode, the approach denies access to the mobile device.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: December 19, 2017
    Assignee: International Business Machines Corporation
    Inventors: Darryl M. Adderly, Prasad Kashyap, Brian J. Murray, Wenjian Qiao
  • Patent number: 9843588
    Abstract: The present disclosure includes a system, method, and article of manufacture for lossless compression of data and high speed manipulation of the data. The method may comprise associating a customer with a plurality of levels, and counting, in near real time, a number of transactions at each level in the plurality of levels based on a transaction history of the customer at each of a plurality of merchants. The method may further comprise counting the number of transactions during a time period. Similarly, the method may comprise determining an opportunity comprising an offer based upon the counting, determining an opportunity based upon a count indicating a transaction by the customer with a merchant, and/or determining an opportunity with a first merchant based upon a count indicating a transaction by the customer with a second merchant.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: December 12, 2017
    Assignee: III Holdings 1, LLC
    Inventors: Richard A. Evans, Glen E. Graf, Joseph Lesko, John G. McDonald, Christina L. Richards
  • Patent number: 9838205
    Abstract: In a network authentication method, a client device stores a reference first private key portion obtained by encrypting a first private key portion of a private key. The private key and a public key cooperatively constitute an a symmetric key pair. After receipt of a second private key portion of the private key, the client device generates a digital signature for transaction data using a current key which combines the second private key portion and a current key portion obtained by decrypting the reference first private key portion. A verification server verifies, based on the public key, whether a received digital signature is signed with the private key, and obtains the transaction data when verification result is affirmative.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: December 5, 2017
    Assignee: KEYPASCO AB
    Inventor: Magnus Lundström
  • Patent number: 9836739
    Abstract: Apparatuses and methods for changing a financial account after initiating a payment using a proxy object, such as a proxy card, are disclosed. The proxy card is associated with multiple financial accounts, such as accounts associated with credit cards, debit cards, and pre-paid gift cards. A consumer presents the proxy card to a merchant to make a payment, and the merchant swipes the proxy card and processes the payment by sending transaction information to a financial system. A computer system associated with the financial system selects a payment account associated with the proxy card to use for the payment, and an authorization for the transaction is obtained. Later, the consumer is given a limited time within which he may change the financial account used for the payment, such as by using his mobile device to select a different account associated with the proxy card to use to obtain funds for the payment.
    Type: Grant
    Filed: February 19, 2014
    Date of Patent: December 5, 2017
    Assignee: SQUARE, INC.
    Inventors: Andrew Borovsky, Paul Aaron
  • Patent number: 9819491
    Abstract: Embodiments of the present disclosure include systems and methods for secure release of secret information over a network. The server can be configured to receive a request from a client to access the deposit of secret information, send an authorization request to at least one designated trustee in the set of designated trustees for the deposit of secret information, receive responses over the network from one or more of the designated trustees in the set of designated trustees and apply a trustee policy to the responses from the one or more designated trustees in the set of trustees to determine if the request is authorized. If the request is authorized, the server can send the secret information to the client. If the request is not authorized, the server denies access by the client to the secret information.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: November 14, 2017
    Assignee: Cloudera, Inc.
    Inventors: Dustin C. Kirkland, Eduardo Garcia
  • Patent number: 9817641
    Abstract: A method, system, and medium are provided for facilitating development of an application by a user for a mobile communications device. A portion of programmatic code provided by the user is retrieved and a classification corresponding to the code is determined. A set of rules comprising a use restriction associated with a protected application component is referenced to determine whether the code classification corresponds to a use restriction. Incident to identifying an associated use restriction, feedback is presented to the user that indicates that the portion of code corresponds to a use restriction.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: November 14, 2017
    Assignee: Sprint Communications Company L.P.
    Inventors: Ryan Alan Wick, Raymond Emilio Reeves, John Marvin Jones, III
  • Patent number: 9813441
    Abstract: A security device may receive a request from a client device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate a challenge-response test based on identifying the request as being associated with the malicious activity. The challenge-response test may be generated using one or more construction techniques. The security device may provide the challenge-response test to the client device. The security device may receive, from the client device, a proposed solution to the challenge-response test. The security device may identify the proposed solution as being generated using an optical character recognition (OCR) program. The security device may protect the server device from the client device based on identifying the solution as being generated using an OCR program.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: November 7, 2017
    Assignee: Juniper Networks, Inc.
    Inventor: Kyle Adams
  • Patent number: 9811381
    Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.
    Type: Grant
    Filed: July 25, 2016
    Date of Patent: November 7, 2017
    Assignee: APPLE INC.
    Inventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
  • Patent number: 9807611
    Abstract: An electronic device uses a voiceprint for user authentication, and includes a storage unit, a voice input unit, and at least one processor. The storage unit registers a first voiceprint based on first voice corresponding to a first character string and a second voiceprint based on second voice corresponding to a second character string longer than the first character string. The at least one processor generates a third voiceprint from third voice input to the voice input unit after registration of the voiceprint in the storage unit, and makes a first comparison between the first voiceprint and the third voiceprint as first user authentication. The at least one processor generates a fourth voiceprint from fourth voice input to the voice input unit after the third voice, and makes a second comparison between the second voiceprint and the fourth voiceprint, when the first user authentication has failed.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: October 31, 2017
    Assignee: KYOCERA CORPORATION
    Inventor: Hayato Takenouchi
  • Patent number: 9798876
    Abstract: A computer-implemented method for creating security profiles may include (1) identifying, within a computing environment, a new actor as a target for creating a new security behavior profile that defines expected behavior for the new actor, (2) identifying a weighted graph that connects the new actor as a node to other actors, (3) creating, by analyzing the weighted graph, the new security behavior profile based on the new actor's specific position within the weighted graph, (4) detecting a security anomaly by comparing actual behavior of the new actor within the computing environment with the new security behavior profile that defines expected behavior for the new actor, and (5) performing, by a computer security system, a remedial action in response to detecting the security anomaly. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 19, 2015
    Date of Patent: October 24, 2017
    Assignee: Symantec Corporation
    Inventors: Aleatha Parker-Wood, Anand Kashyap, Christopher Gates, Kevin Roundy, Leylya Yumer, Sandeep Bhatkar, Yin Liu
  • Patent number: 9800660
    Abstract: A communication device according to the present invention aims to restart data transmission/reception between communication devices in a short amount of time, without performing key sharing again, even when a communication device of a transmitting side is rebooted. The communication device includes a volatile memory storing a count value, a generator generating data including a count value, a communicator transmitting data to another communication device, a storage instructor, each time the communicator transmits data, updating the volatile memory with a count value, and a nonvolatile memory. A count value is incremented each time the communicator transmits data, the storage instructor causes the nonvolatile memory to store a count value at certain intervals, and the generator, when the communication device is rebooted, includes in data a sum of a certain value and a count value stored in the nonvolatile memory.
    Type: Grant
    Filed: January 29, 2014
    Date of Patent: October 24, 2017
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Yoichi Masuda, Masaki Ikeda, Tomoya Watanabe, Keiji Sakaguchi, Hirotatsu Shinomiya, Seiji Nimura
  • Patent number: 9800681
    Abstract: A network traffic monitoring system for redirecting network traffic between a client device and a cloud service includes a monitor proxy server configured as a network intermediary between the client device and the cloud service; and a published identity provider. The published identity provider is configured to receive a login request from a client device and to authenticate the client device at a federated identity provider. The published identity provider is configured to receive from the federated identity provider a redirect response including an identity assertion and a redirect web address to the cloud service. The published identity provider is configured to rewrite the redirect web address to the web address of the monitor proxy server. As a result, network traffic between the cloud service and the client device is routed through the monitor proxy server after user authentication using the published identity provider.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: October 24, 2017
    Assignee: Skyhigh Networks, Inc.
    Inventors: Sekhar Sarukkai, Kaushik Narayan, Rajiv Gupta
  • Patent number: 9792606
    Abstract: A method for performing a secure transaction between a secure device (2) and a terminal (4), the method being carried out by the secure device (2) and comprising the steps of: receiving transaction data from the terminal (4), characterized in that it comprises, before the step of receiving transaction data from the terminal (4), the steps of obtaining transaction data entered by a user of the secure device (2), and transmitting the transaction data to the terminal (4).
    Type: Grant
    Filed: August 10, 2012
    Date of Patent: October 17, 2017
    Assignee: Oberthur Technologies
    Inventors: Yann-loic Aubin, Vincent Guerin, Matthieu Boisde
  • Patent number: 9794542
    Abstract: A wearable computer interface comprising a three dimensional (3D) range camera and a picture camera that image the user and a controller that process the images to identify the user and determine if the user is authorized to use the interface to access functionalities provided by a computer interfaced by the interface.
    Type: Grant
    Filed: July 3, 2014
    Date of Patent: October 17, 2017
    Assignee: Microsoft Technology Licensing, LLC.
    Inventors: Amir Nevet, Giora Yahav
  • Patent number: 9785623
    Abstract: Some described embodiments relate to techniques for editing markup elements of a markup language document to emphasize a portion of the visible content elements of the markup language document. The techniques may be implemented in any suitable manner, including via scripting language code (e.g., JavaScript) that is incorporated into the markup language document but is not preconfigured with information regarding the markup language document or any other markup language document. The scripting language code may perform the editing automatically, and based on an automatic analysis of markup elements of the markup language document. Some embodiments may include determining the portion of the markup language document to be emphasized by identifying content of interest to a user, including by determining a set of related content through analyzing a structure of markup elements of the markup language document and/or layout of visible content elements of the markup language document.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: October 10, 2017
    Assignee: Freedom Scientific, Inc.
    Inventor: Aaron M. Leventhal
  • Patent number: 9785708
    Abstract: An architecture for a multimedia search system is described. To perform similarity matching of multimedia query frames against reference content, reference database comprising of a cluster index using cluster keys to perform similarity matching and a multimedia index to perform sequence matching is built. Methods to update and maintain the reference database that enables addition and removal of the multimedia contents, including portions of multimedia content, from the reference database in a running system are described. Hierarchical multi-level partitioning methods to organize the reference database are presented. Smart partitioning of the reference multimedia content according to the nature of the multimedia content, and according to the popularity among the social media, that supports scalable fast multimedia identification is also presented.
    Type: Grant
    Filed: May 21, 2015
    Date of Patent: October 10, 2017
    Assignee: GRACENOTE, INC.
    Inventors: Sunil Suresh Kulkarni, Jose Pio Pereira, Pradipkumar Dineshbhai Gajjar, Shashank Merchant, Prashant Ramanathan, Mihailo M. Stojancic
  • Patent number: 9785790
    Abstract: Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the second namespace.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: October 10, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Shmuel Regev, Shahar Kohanim, Shai Barlev
  • Patent number: 9781127
    Abstract: A method and system to regulate a digital security system that controls access to a resource is disclosed. The system controls access to the resource according to a multi-level security protocol including a high-security-level access protocol and a low-security-level access protocol. The regulation method and system are configured to collect data from a set of user-data sources with which the user interacts during his daily life and, based on the collected data, to compute security parameters characterizing user activity. The computed security parameters are compared to a digital profile that models the characteristic behavior of this user. When the comparison indicates that the observed user activity is inconsistent with the digital behavior profile, the digital security system is regulated to set (or maintain) it in an operating state such that, when the user requests access to the resource in the future, the system will automatically implement the high-security-level access protocol.
    Type: Grant
    Filed: June 11, 2015
    Date of Patent: October 3, 2017
    Assignee: ORANGE
    Inventors: Maria Prokopi, Mobeen Qureshi, Zaheer Ahmad
  • Patent number: 9774608
    Abstract: A device control method used in a device control system in which an operation terminal is used to remotely operate a device with a server device mediating between the operation terminal and the device, the device control method including: acquiring, upon reception of an operation instruction for operation of the device from the operation terminal, environment information pertaining to at least one of the device and the operation terminal; performing a determination of whether or not to cause execution of processing corresponding to the operation instruction based on whether or not the environment information satisfies a predetermined condition; and causing the device to execute an execution command for execution of the processing when a result of the determination is affirmative, and not causing the device to execute the execution command when the result of the determination is negative.
    Type: Grant
    Filed: August 1, 2013
    Date of Patent: September 26, 2017
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Toshihisa Nakano, Masayuki Kozuka, Masataka Minami, Motoji Ohmori, Takeshi Matsuo, Tsuyoshi Sakata, Fumiaki Suzuki
  • Patent number: 9772623
    Abstract: Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initialization, the device determines, based on the key, whether or not the necessary conditions are met, and the device isolates itself or accesses the process control network accordingly. Keys and the necessary conditions/attributes indicated therein may be based on, for example, location, time, context, customer, supplier, particular plant, manufacturer, user, data type, device type, and/or other criteria. Additionally, sub-keys associated with a key may be generated from another set of necessary conditions/attributes. Sub-keys may be provided by a different entity than the key provider entity.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: September 26, 2017
    Assignee: FISHER-ROSEMOUNT SYSTEMS, INC.
    Inventors: Mark J. Nixon, Ken J. Beoughter, Daniel D. Christensen, Deji Chen, James H. Moore, Jr.
  • Patent number: 9772605
    Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.
    Type: Grant
    Filed: July 12, 2016
    Date of Patent: September 26, 2017
    Assignee: LG ELECTRONICS INC.
    Inventors: Hongjo Shim, Gukchan Lim, Youngho Sohn, Seonghyok Kim, Chohee Kwon, Hyunwoo Kim